How to Build a Successful Cloud Capability on a Heavy Regulated Organization

Abstract

On KPMG, working in a highly regulated industry ourselves, we know and feel the pain of enabling innovation and teams to do what they do best.

Over the past 7 years we have been on a journey to build the trust with our security, compliance and client risk teams to evidence how we can deliver at pace whilst improving the firms Security and Risk compliance.

In this talk I will go through our cloud capability journey, highlighting lessons learned and best practices on culture, processes and technology that will help your cloud team thrive and deliver value without compromising security.

Speaker

Ana Sirvent

Principal DevOps Engineer @KPMG UK

Ana is the AWS Practice Lead and a Principal DevOps engineer on KPMG UK.

She has more than 14 years of experience leading, developing and delivering full enterprise projects from discovery phases, design, and implementation to production, lately focusing on cloud native solutions using serverless and micro-services architectures.

Over the last 8 years she has focused primarily on delivering Cloud Transformation projects for major UK government and retail clients.

She is an advocate of DevOps culture and cloud and passionate about how to optimise workloads in the cloud.

Read more

Date

Monday Mar 27 / 11:50AM BST ( 50 minutes )

Location

Mountbatten (6th Fl.)

Topics

cloud case study best practices compliance culture processes

Share

Share Share

From the same track

Session security

Security Checks Simplified: How to Implement Best Practices with Ease

Monday Mar 27 / 10:35AM BST

Many organizations are confronted with multiple issues flagged by security tools; are you struggling with security remediation? If so, this talk is for you.   

Speaker image - Varun Sharma

Varun Sharma

CEO and Co-Founder @Step_Security

Session automation

Getting Developers into F1 Driver Seats with Security?

Monday Mar 27 / 05:25PM BST

At Virgin Media O2, we are in a race of digital transformation which requires many different types of skillsets and people. This resulted in waves of hiring new blood, contractors and skilling up existing engineers/developers.

Speaker image - Henry Tze

Henry Tze

Lead Cloud Security Engineer @Virgin Media O2

Session

Panel: Building Security in Earlier

Monday Mar 27 / 04:10PM BST

Software security is an essential aspect of any digital product, yet it is often neglected until the late stages of the development lifecycle. This approach leaves organizations vulnerable to cyberattacks, which can result in costly data breaches, reputational damage, and legal liabilities.

Speaker image - Ana Sirvent

Ana Sirvent

Principal DevOps Engineer @KPMG UK

Speaker image - Josh Grossman

Josh Grossman

Application Security Consultant & CTO @BounceSecurity

Speaker image - Varun Sharma

Varun Sharma

CEO and Co-Founder @Step_Security

Speaker image - Henry Tze

Henry Tze

Lead Cloud Security Engineer @Virgin Media O2

Session security

Sustainable Security Requirements with the ASVS

Monday Mar 27 / 01:40PM BST

Shift left? Spread left? Regardless of terminology, we want to be thinking about security earlier on in the development lifecycle. Ideally whilst we are still gathering the business requirements.

Speaker image - Josh Grossman

Josh Grossman

Application Security Consultant & CTO @BounceSecurity

Session

Unconference: Building Security in Earlier

Monday Mar 27 / 02:55PM BST

What is an unconference? An unconference is a participant-driven meeting. Attendees come together, bringing their challenges and relying on the experience and know-how of their peers for solutions.

Speaker image - Shane Hastie

Shane Hastie

Global Delivery Lead @SoftEd, Lead Editor for Culture & Methods @InfoQ