October 30–31, 2016: Training
October 31–November 2, 2016: Tutorials & Conference
New York, NY

Automating security in the cloud: Modernizing technology governance

Timothy Sandage (Amazon Web Services)
2:10pm–2:50pm Wednesday, 11/02/2016
Bridging business and security
Location: Mercury Ballroom Level: Intermediate
Average rating: ***..
(3.75, 4 ratings)

What you'll learn

  • Gain insight into automated security implementation capabilities that can be deployed in a cloud environment with reliable, trusted, and verifiable technical implementation of traditional administrative controls normally seen within traditional data center deployments


Cloud computing is becoming the new normal. The question is no longer, if? It’s, how fast can we move and what are we going to move first? Timothy Sandage explains how up-front design of your cloud environment can be done in a way that creates a reliably secure and controlled environment, no matter how the cloud resources are used. 

Timothy offers an overview of “secure by design” principles and shows how an AWS environment can be configured to provide a reliable operational security control capability across multiple industry verticals (e.g., HIPAA, FISMA, and PCI) to include operational reporting trough the use of cloud security services (e.g., Config/Config Rules, CloudTrail, and Inspector) and partner integration capabilities with solutions such as Splunk, Trend Micro, Evident.io, and Allgress for real-time governance, risk, and compliance reporting.

Topics include:

  • Organizational governance
  • Asset inventory and control
  • Logical access controls
  • Operating system configuration
  • Database security
  • Application security configurations
Photo of Timothy Sandage

Timothy Sandage

Amazon Web Services

Tim Sandage is a senior security partner strategist for Amazon Web Services (AWS), where he is responsible for global strategic alignment of AWS cloud computing services with current and future compliance capabilities as well as external consulting with AWS customers, public policy organizations, and standard bodies across the globe. Tim is an active public speaker on secure cloud adoption at both internal and external workshops, conferences, and hands-on labs (boot camps) and a community advocate for organization using and promoting cloud technologies. Previously, Tim worked as a consultant supporting secure adoption of cloud services across multiple cloud services providers, such as Microsoft, Google, Salesforce, and HP. Tim’s work included the development of secure cloud computing practices, risk assessments, and secure/complaint cloud computing adoption. Tim has an extensive US federal government security background with over 25 years of service in the US Air Force running regional classified and unclassified military networks. Tim is the past president of the ISACA, Puget Sound Chapter in Seattle, WA, and holds multiple certifications, including Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), and Certificate of Cloud Security Knowledge (CCSK). Tim holds a bachelor’s degree in information technology from the University of Phoenix.