President, IP Architects, LLC
John P. Pironti is the President of IP Architects, LLC. He has designed and implemented enterprise wide electronic business solutions, information security and risk management strategy and programs, enterprise resiliency capabilities, and threat and vulnerability management solutions for key customers in a range of industries, including financial services, insurance, energy, government, hospitality, aerospace, healthcare, pharmaceuticals, media and entertainment, and information technology on a global scale. John has a number of industry certifications including Certified in the Governance of Enterprise IT (CGEIT), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information System Control (CRISC), Information Systems Security Architecture Professional and (ISSAP) and Information Systems Security Management Professional (ISSMP). John frequently provides briefings and acts as a trusted advisor to senior leaders of numerous organizations on information security and risk management and compliance topics and is also a member of a number of technical advisory boards for technology and services firms. He is also a published author and writer, highly quoted and often interviewed by global media, and an award winning frequent speaker on electronic business and information security and risk management topics at domestic and international industry conferences.
Cloud adoption for business critical and sensitive processes, and activities, and solutions is often challenged due to governance, risk and security, and compliance concerns. Information risk management and security professionals often use fear uncertainty and doubt (FUD) to support their negative views. Often doing so without having considered what threats, vulnerabilities, and risks are likely to be realized and their associated material business impacts. Businesses leaders that are interested in moving their IT solutions and capabilities to the cloud should be provided credible information about threats and vulnerabilities associate with doing so to assist them in calculating the risks their willingness to accept them. This will allow them to collaborate with risk and security professionals in a positive and not adversarial fashion as well as make informed decisions. This workshop will introduce the concept of threat and vulnerability management and how it can be applied to cloud solutions. Topics will include a discussion of threat and vulnerability analysis, applying threat and vulnerability analysis to cloud environments and solutions, vulnerability management for the cloud, and approaches to working with cloud providers to ensure risk and security requirements and expectations are properly met.
Cloud computing has the opportunity to provide tremendous benefits to organizations, while at the same time can introduce significant risks and threats that must be appropriately considered and addressed prior to its usage. It is important that organizations consider these risks and threats themselves instead of relying on vendors, standards bodies and regulators, or third parties to address them for them. This session will discuss five of the key areas that an organization should consider from a risk management and security perspective prior to adopting cloud computing capabilities or while they are actively using them.