Like anything, cloud technology has its own pros and cons. While cloud technology allows for more efficiency and collaboration; it also has unique security challenges and there are constantly new and evolving threats. Education of the best practices and trends allow cybersecurity professionals to mitigate these additional risks.

Join your fellow ISC2 members, associates and candidates for an exclusive ISC2 Spotlight on Cloud Security where top industry experts will cover the latest cloud adoption strategies, tackle emerging threats and attack vectors, explore cutting-edge security practices and provide actionable insights to safeguard your cloud environments.

Attendees will hear from thought leaders, while connecting and learning strategies from fellow cybersecurity professionals, plus earning more than five CPE credits. Pre-registration is required to earn ISC2 CPE credits and access the on-demand recordings.

ISC2 members can earn up to 5.5 CPE credits for free at this two-day virtual event, ISC2 Spotlight on Cloud Security, on April 22-23 starting at 10:00 a.m. ET, register now.

The event’s agenda includes sessions discussing cloud adoption strategies, emerging threats and attack vectors, exploring cutting-edge security practices and actionable insights to safeguard your cloud environments.

Spotlight on Cloud Security Agenda

Tuesday, April 22

Escaping the Shadow of Cloud Creep Through Better Visibility and Controls

  • Geraldine Powderly, CISSP, VP & Head of Information Security, SkySpecs Inc. 
  • Joshua Pierce, CISSP, CCSP, Principal Analyst, FirstBank

In this opening panel discussion, our presenters will discuss key strategies on how to combat cloud creep through better inventory management of your cloud services, clear internal controls and policies for users and solutions such as cloud management programs.

As reliance on cloud-based services expands, so does the risk of cloud creep. IT and security leaders within an organization may lose visibility around unfettered cloud usage, resulting in shadow IT and a difficult-to-detect attack surface. Hear how this leaves organizations prone to potential vulnerability exploits, data leaks and regulatory non-compliance. Learn actionable strategies to better protect your organization.

Enhancing Cybersecurity with Data Security Posture Management - Sponsored by Netwrix

  • Adam Laub, General Manager, Netwrix
  • Farrah Gamboa, Sr. Director of Product Management, Netwrix

In today’s rapidly evolving digital landscape, protecting sensitive data is more challenging than ever. Data Security Posture Management (DSPM) offers organizations a proactive approach to safeguarding data by providing continuous visibility into security risks, vulnerabilities, and compliance gaps across diverse environments.

This session will dive deep into the core principles of DSPM, exploring how organizations can effectively implement a comprehensive strategy to mitigate risks, maintain compliance and secure their most valuable data assets. Attendees will learn best practices for identifying and classifying sensitive data, automating security measures using AI, and continuously monitoring access to critical information. Whether your organization operates on-premises, in the cloud, or in a hybrid setup, this session will offer actionable insights and real-world examples to help you build and maintain a robust data security posture.

Attendees will gain insights on:

  • The fundamental components of Data Security Posture Management (DSPM) and its importance in today’s cybersecurity landscape
  • How to identify, classify and secure sensitive data across on-premises, cloud, and hybrid environments
  • The role of automation, AI and real-time monitoring in improving data security and mitigating risks
  • Strategies for maintaining compliance with industry regulations and continuously improving your organization's security posture

Supercharging Secure Container Deployments with DevSecOps

  • Mohit Sharma, CC, Chief Architect, Atea AS

In this fast-paced world of cloud-native applications, speed and security must go hand in hand. This session will reveal how to accelerate containerized application deployment while embedding ironclad security at every step. Learn to automate security within your DevSecOps pipeline, secure container images, and implement real-time risk mitigation strategies. Get ready for hands-on tactics to deploy with confidence—without compromising on security—ensuring that your containers are secure from development to runtime in any environment.

Wednesday, April 23

Zero Trust as a Cloud Security Strategy

  • Jason Garbis, CISSP, Founder and CEO, Numberline Security; Co-Chair, Zero Trust Working Group, Cloud Security Alliance
Zero Trust has evolved from buzzword to baseline—but how far have organizations really come in implementing it, especially in the cloud? This session dives deep into Zero Trust as a modern cloud security strategy, exploring where companies stand on the maturity curve and how closely current implementations align with the Zero Trust Maturity Model.

Data Gets Territorial: Are Data Privacy and Sovereignty Concerns Shifting?

  • Akhilesh Srivastava, Chief, Leadership Team, Institute of Operational Privacy Design
  • Federica De Santis, Counsel, Data, Privacy & Cybersecurity at Goodwin
  • Dwayne Natwick, CISSP, CCSP, CGRC, CEO, Owner & Principal Trainer, Captain Hyperscaler, LLC

Organizations that store their data overseas can be subject to the data privacy laws of the country where the data is located. For instance, some U.S. based companies may be wary of using international cloud-based storage services out of concerns that they will struggle to abide by stringent international data privacy regulations. On the flip side, is it now possible some companies might avoid using cloud-based services in the U.S. out of concern that federal regulations are becoming too lax and consumer-unfriendly? This session will look at the shifting outlook around data privacy and sovereignty issues as U.S. federal and global policies continue to evolve.

Sealing the Security Gaps in User-Provider Shared Cloud Responsibility

  • Ed Moyle, CISSP, Founding Partner, SecurityCurve
  • Maurice Stebila, Founder & CEO, CxO InSyte
  • Amie Dsouza, CISSP, Cybersecurity IAM Portfolio Manager, Southwest Airlines

April 2025 marks the first anniversary of the Snowflake cyberattack, which affected more than 150 of cloud-based storage company’s clients, plus their respective customers. One year later, this session will look at what lessons we have derived from this incident, while examining the current strengths and weaknesses of the SaaS/cloud security shared responsibility model.

Who owns which aspects of cloud security? How do you hammer out these expectations in advance of a partnership? Who should be mandating use of MFA and other cyber hygiene best practices – the cloud services provider or the user? And who is responsible when the shared responsibility models fail? This session will address these very questions while offering recommendations for how cloud providers and users can become better dance partners.

Register now for the two-day virtual event.

Related Insights