Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Compliance
Cloud Security
2023 Cyber Risk Submit 2023 Cyber Risk Submit

Attack Surface Management Edition

Technology never stops evolving. That’s why, now more than ever, ensuring your organization stays compliant with constantly changing regulatory policies and standards is critical to safeguarding your organization against emerging threats.

From on-premises infrastructure to cloud environments, security and IT teams are hungry for real-world insights and expert perspectives on continuous compliance to reduce risks and minimize costs.

Monday, December 11, 2023

Virtual

Featured Speakers

Troy Leach
Chief Strategy Officer (CSO), Cloud Security Alliance

Gene Yoshida
Risk Management and Compliance Professional, Compliance.ai

Avani Desai
CEO, Schellman

Isaias Mercado
Senior Systems Security Manager, Cardnet

Matt Crane
Senior Manager, Schellman

Terry Barber
Manager, Security Operations, American Express Global Business Travel

Jonathan Trull
CISO & SVP Security Solution Architecture, Qualys

Shailesh Athalye
Sr. Vice President, Product Management, Qualys

Bio

Corey Smith
Vice President, Solution Architects, Qualys

Lavish Jhamb
Sr. Product Manager, Compliance Solutions, Qualys

Bill Reed
Marketing Expert, Qualys

Discover fresh perspectives on continuous compliance for your organization

PCI DSS 4.0 implementation is required by March 31, 2024. As such, organizations must prioritize a continuous approach to compliance to avoid hefty fines, increased transaction fees, termination of merchant agreements, costs for potential lawsuits, and brand damage.

Join us for a comprehensive exploration of the ever-evolving compliance landscape and gain invaluable insights to help you minimize security breaches, avoid audit failures, and protect your organization’s reputation.

Topics

Continuous Compliance and Cloud

As technology continues to advance, so do the challenges of securing sensitive payment card data. PCI DSS 4.0 not only addresses these evolving threats but also emphasizes a holistic approach, ensuring that compliance measures are integrated seamlessly across on-premises systems and cloud environments alike.

Four Common Trends in PCI DSS 4.0 Compliance

By examining real-world case studies and expert perspectives, this discussion will equip you with the knowledge and strategies you need to navigate the complexities of modern payment card security and every facet relating to the PCI DSS 4.0 mandate.

Continuous Compliance: Four Key Changes for Organizations

Don’t miss a deep-dive series of dynamic discussions around the key trends that are shaping the way organizations are successfully securing their payment card data today. Learn about four specific actions you can take now to ensure that your organization can meet the mandate with confidence.

Qualys’ Vision for PCI DSS 4.0

How can compliance, IT, and security teams collaborate to comply with PCI DSS 4.0? This is your chance to learn about Qualys’ vision and innovation when it comes to continuous compliance. Also, to learn why credit card tokenization alone is not sufficient to ensure full PCI DSS 4.0 compliance.

9:00 AM PT

Keynote

Keynote

Jonathan Trull
CISO, Qualys

Embark on a transformative exploration of PCI DSS 4.0 at our upcoming thought leadership event, where we unravel the multidimensional facets of PCI compliance—from the industry’s perspective to the vantage points of customers, auditors, and the tools at our disposal. No single solution can provide complete coverage for PCI DSS 4.0 requirements. This session will review how to use multiple solutions with a single agent and dashboard to ensure 97 percent coverage for the twelve PCI DSS 4.0 requirements.

9:15 AM PT

Keynote

Compliance and the Cloud

Troy Leach
Chief Strategy Officer (CSO), Cloud Security Alliance

As technology continues to advance, so do the challenges of securing sensitive payment card data. PCI DSS 4.0 not only addresses these evolving threats but also emphasizes a holistic approach, ensuring that compliance measures are integrated seamlessly across on-premises systems and cloud environments alike.

10:00 AM PT

Keynote

PCI DSS 4.0 Myths and Facts from the Assessor's Perspective

Avani Desai
CEO, Schellman
Matt Crane
Senior Manager, Schellman

Delve into the profound shifts introduced by PCI DSS 4.0 from the perspective of Assessors. As the cornerstone of payment security standards, PCI DSS 4.0 is currently undergoing its most significant evolution. Leveraging the extensive expertise of our PCI Qualified Security Assessors, who have successfully conducted over 150 PCI DSS assessments in the past year, we will analyze the implications of these changes. Drawing from our experiences with various clients, we aim to provide insightful guidance to navigate you through this substantial transition in the PCI landscape.

10:30 AM PT

Keynote

Four Common Trends in PCI DSS 4.0 Compliance

Gene Yoshida
Consultant - Chief Risk/Compliance
Bill Reed
Marketing Expert

By examining real-world case studies and expert perspectives, this discussion will equip you with the knowledge and strategies you need to navigate the complexities of modern payment card security and every facet relating to the PCI DSS 4.0 mandate. This session will also cover why the transaction tokenization provided by credit card companies is beneficial, but it’s not sufficient enough to absolve an organization from ensuring PCI DSS 4.0 cybersecurity compliance.

11:00 AM PT

Innovation Pavilion

Explore the Dynamic Landscape of PCI DSS 4.0

Terry Barber
Manager, Security Operations, American Express Global Business Travel

Explore the dynamic landscape of PCI DSS 4.0 with American Express Global Business Travel. Drawing insights from industry shifts, the session delves into strategic preparations for the impending standard with insights into their roadmap for compliance. Gain practical perspectives and actionable steps from a leading authority navigating the evolving PCI DSS landscape.

11:30 AM PT

Innovation Pavilion

The Platform Approach to PCI

Shailesh Athalye
Sr. Vice President, Product Management, Qualys
Lavish Jhamb
Sr. Product Manager, Compliance Solutions, Qualys

Discover the intricacies of PCI DSS 4.0’s technical controls spanning diverse cybersecurity functions. Join Qualys’ Senior Vice President of Product Management as he guides you through a platform-centric perspective on PCI. The session will emphasize the mapping of various security functions and that includes a live product demonstration. Gain valuable insights into leveraging Qualys’ platform to facilitate PCI DSS 4.0 compliance effectively.

12:15 PM PT

Customer Session

PCI DSS 4.0 Challenges and Cardnet's Experience

Isaias Mercado
Senior Systems Security Manager, Cardnet

As a dedicated proponent of maintaining robust compliance and security standards, Cardnet has consistently embraced cutting-edge technology to safeguard our digital assets. With a partnership spanning over eight years, Qualys has been a steadfast ally in our compliance journey. Cardnet has leveraged Qualys’ VMDR for scanning, as well as the PCI and Web Application Scanning modules since 2014 and found them to be crucial in supporting their certification processes. They have meticulously reviewed the new PCI DSS 4.0 requirements since its introduction in March 2022. This session will cover how the Qualys suite of offerings can provide complete coverage for 97 percent of the PCI DSS 4.0 requirements, including vulnerability classification and software, as well as component patching under 6.3.1, 6.3.2, and 6.3.3.

12:45 PM PT

Wrapup

Corey Smith
Vice President, Solution Architects, Qualys

As we conclude this enlightening thought leadership series on PCI DSS 4.0, we invite you to receive a complimentary Compliance eBook. Additionally, seize the opportunity to schedule a one-on-one session with a Qualys Solution Architect for a complimentary consultation to expedite your PCI DSS 4.0 readiness assessment. Embrace the insights gained from this series as you navigate the evolving landscape of PCI compliance.

Tap into expert cyber risk insights every quarter!

Missed past Cyber Risk Series events?

Watch full recordings of every session.

Navigating Risk in an Era of Expanding Attack Surfaces

Jonathan Trull, CISO, Qualys

Attack Surface Management Matters

Jon Oltsik, Sr. Principal Analyst & Fellow, Enterprise Strategy Group

Defining the Attack Surface: A CISO's Perspective

Jonathan Trull, CISO, Qualys

Ryan Barrett, CISO, Intermedia

The CISO Maturity Model: Building a Cyber Strategy that Aligns with Corporate Risk Goals

Mike Orosz, Global VP & Information and Product Security, Vertiv

Attack Surface Management with an Attacke's and Defende's View

Kunal Modasiya, VP, Product Management, Attack Surface Management & AppSec, Qualys

Fireside Chat: ASM & the Zero-Trust Connection

Art Thompson, CIO, City of Detroit

Bill Reed, Marketing Expert, Qualys

Wrapup and Free EASM Report Offer

Corey Smith, Vice President, Solution Architects, Qualys

Building a cyber resilient enterprise by pivoting to risk management

Sumedh Thakar, President and CEO, Qualys

The convergence of data security and data management in a world of ransomware protection and recovery

Sanjay Poonen, CEO and President, Cohesity

Fireside Chat: How CISOs Can Navigate the Changing Landscape of Cybersecurity

Jonathan Trull, Chief Security Officer, Qualys

Rinki Sethi, VP & CISO, Bill

Unlocking Intelligence-Backed Remediation: Insights from the Qualys Threat Research Unit

Travis Smith, Vice President, Threat Research Unit, Qualys

Cyber Insurance – Are we there yet?

Rajeev Gupta, CPO and Co-founder, Cowbell

Sneak Peak of Qualys Latest Innovation

Shailesh Athalye, SVP, Product Management, Qualys
Avani Desai

Avani Desai

CEO, Schellman

Avani Desai is a Partner and Chief Executive Officer at Schellman, the largest niche CPA firm in the world that focuses on technology and security assessments.

She also sits on the board of Cogent Bank, a Florida based community bank, as a Director and the head of the Technology Committee.

Avani started her career working at a Big 4 accounting firm (KPMG) for over 10 years, where she led a team and oversaw IT Risk Management and Privacy across national service-lines. In addition, Avani managed the development of internal and external privacy programs and related practices, leveraging her deep knowledge with healthcare and emerging technologies, such as blockchain, cloud computing, artificial intelligence, internet of things, and virtualization. Now at Schellman, Avani has been focusing on growth strategies, strategic client and market development, industry analysis, and new services for the last seven years. She has been featured in Forbes, CIO.com, and the Wall Street Journal, and is a sought-after speaker as a voice on a variety of emerging topics, including security, privacy, information security, future technology trends, and the expansion of young women involved in technology. In 2017, Avani, a crypto enthusiast, launched MyCryptoAlert, an app that provides a mobile solution for the alert and portfolio problems crypto investors face and a tool to buy and sell coins on arbitrage. Also passionate about strategic philanthropy, Avani sits on the board of Arnold Palmer Medical Center, Philanos, Audit Committee chairwoman at the Central Florida Foundation, and is the co-chair of 100 Women Strong, a female-only venture capitalist based giving circle that focuses on solving community-based problems specific to women and children by using data analytics and big data. Avani is also an avid runner, always looking to sign up for the next Disney marathon. With all that being said, Avani still considers her greatest accomplishment to be personal rather than professional—she is the proud mother to her 10-year-old son, Sahil, 7 year old daughter, Sareena, and newborn son, Hastin.

Sumedh Thakar

Sumedh Thakar

President and CEO, Qualys

As President and CEO, Sumedh leads the company’s vision, strategic direction and implementation. He joined Qualys in 2003 in engineering and grew within the company, taking various leadership roles focused on helping Qualys deliver on its platform vision. From 2014 to 2021, he served as Qualys’ Chief Product Officer, where he oversaw all things product, including engineering, development, product management, cloud operations, DevOps, and customer support. A product fanatic and engineer at heart, he is a driving force behind expanding the platform from Vulnerability Management into broader areas of security and compliance, helping customers consolidate their security stack. This includes the rollout of the game-changing VMDR (Vulnerability Management, Detection and Response) that continually detects and prevents risk to their systems, Multi-Vector EDR, which focuses on protecting endpoints as well as Container Security, Compliance and Web Application Security solutions. Sumedh was also instrumental in the build-up of multiple Qualys sites resulting in a global 24x7 follow-the-sun product team.

Sumedh is a long-time proponent of SaaS and cloud computing. He previously worked at Intacct, a cloud-based financial and accounting software provider. He also worked at Northwest Airlines developing complex algorithms for its yield and revenue management reservation system. Sumedh has a bachelor’s degree in computer engineering with distinction from the University of Pune.

Shailesh Athalye

Shailesh Athalye

Senior Vice President, Product Management, Qualys Inc.

As Senior Vice President of Product Management, Shailesh leads the product management team and drives the Qualys product vision helping customers assess and improve their IT, security and compliance posture. Since joining Qualys in 2012, he has worked in various security and compliance roles driving innovative solutions, including remote endpoint protection, endpoint detection and response, and SaaS security. In addition, Shailesh headed engineering, research and product management for Qualys Policy Compliance and File Integrity Monitoring, where he helped customers go beyond compliance to drive their IT GRC objectives. Before Qualys, he focused on security research for Symantec ESM and Compliance solutions. Shailesh holds a master’s in computer applications (MCA) from the Vishwakarma Institute of Technology and has various security certifications including CISA, CRISC, CISM. He is also a regular speaker at industry conferences.

Art Thompson

Art Thompson

CIO, City of Detroit

Art Thompson is the Chief Information Officer (CIO) for the City of Detroit, Department of Innovation and Technology (DoIT).

Prior to this appointment, he served as the Director of Public Safety and Cyber Security for DoIT. Thompson is a graduate of Eastern Michigan University with a degree in Supply Chain Management.

He has more than 12 years of technical experience with the public safety environment and managing public safety personnel. His technical skills include radio and desktop installation, as well as software and hardware maintenance. His responsibilities included, but were not limited to, managing Desktop Support, Mobility Support, Network Administration and Cyber Security Teams all of which he confidently championed.

Thompson began his career with DoIT as the Manager for Mobility Support. His accomplishments as Manager further revealed his advanced technical skills and managerial abilities, which lead to his promotion to Director. After serving nearly three (3) years as Director, he further excelled in management and in handling budgetary issues. His vision, dedication, motivation and commitment to the City of Detroit ultimately lead to his appointed as CIO.

Mike Orosz

Mike Orosz

Global Chief Information and Product Security Officer, Vertiv

Mike Orosz is Global Chief Information and Product Security Officer at Vertiv accountable for all aspects of global information and product security. He was previously Sr. Director Global Cyber and Physical Security at Citrix and Global compliance Officer for Citi. Mike also served in the US Army focusing on Intelligence, Security and Analytics. He holds a master’s degree in information sciences, cybersecurity from PennState University.

Matt Crane

Matt Crane

Senior Manager, Schellman

Matt Crane is a Senior Manager at Schellman, where he excels in project management and client relations while overseeing assessments against various PCI Standards. With a primary focus on PCI DSS Compliance for organizations spanning diverse industries, Matt leverages a decade of expertise in information security services.

Prior to joining Schellman in July 2017, Matt held key positions in both the private and public sectors, specializing in PCI and NIST assessments, as well as intelligence analysis. His extensive background includes leading PCI engagements, performing risk assessments, and general consulting services for merchants and service providers across multiple industry verticals. With an exceptional track record and a profound understanding of the industry, Matt Crane is a valuable asset to Schellman, ensuring clients receive unparalleled guidance in achieving their compliance goals.

Matt holds a BBA in Information Security and Assurance as well as several industry certifications including CISSP, CISA, CRISC, QSA

Lavish Jhamb

Lavish Jhamb

Sr. Product Manager, Compliance Solutions, Qualys

Lavish Jhamb is Solution Architect for Compliance Solutions at Qualys, focused on building security solutions such as ‘Custom Assessment and Response’ and ‘File Integrity Monitoring’ and helping customers assess and improve their security and compliance posture. He has over 7 years of experience working on security solutions, regulatory standards, and cyber security frameworks, with thorough understanding of operating systems. Lavish holds a bachelor’s degree in computer engineering from the Kurukshetra University Institute of Engineering and Technology and a Post Graduate Diploma in IT Infrastructure, Systems and Security from CDAC Pune.

Kunal Modasiya

Kunal Modasiya

Vice President, Product Management, Attack Surface Management & AppSec, Qualys

Kunal is currently VP of Product Management for the CyberSecurity Asset Attack Surface Management (CAASM), Web App and API Security product line at Qualys HQ in Foster City, CA. He is Qualys boomerang. He worked at Qualys for 3 years and incubated the XDR product line from inception. Kunal has spent 15+ years working at startups, and big and mid-size companies in cybersecurity, networking, and application security in both product and engineering roles at Juniper Networks, Extreme Networks, Sun Microsystems and Infinera. Prior to re-joining Qualys, Kunal was heading products at Israeli startup in API security and bot management AppSec space.

Jonathan Trull

Jonathan Trull

CISO & SVP Security Solution Architecture, Qualys

Jonathan Trull is a longtime security practitioner and CISO & SVP Security Solution Architecture with over 18 years of experience in the cybersecurity industry and is currently the Senior Vice President of Customer Solutions Architecture and Engineering at Qualys. His career has spanned operational CISO and infosec roles with the State of Colorado, Qualys, Optiv, and Microsoft. While at Microsoft, Jonathan led the Microsoft Detection and Response Team (DART) whose mission was to respond to cyber security incidents around the globe ranging from cyber espionage initiated by nation-state actors to ransomware attacks and included the investigation of and response to the NOBELIUM threat actor campaign which leveraged the SolarWinds supply chain. Jonathan also serves as an advisor to several security startups and venture capital firms and supports the broader security community through his work with the Cloud Security Alliance, Center for Internet Security, and IANS. He is also an adjunct faculty member at Carnegie Mellon University where he mentors and coaches those attending the CISO Executive Education Program. Jonathan is a frequent speaker at industry conferences such as BlackHat, RSA, and SANS and holds several industry certifications including the CISSP, OSCP, CCSP, and GCFA. Jonathan is a veteran of the U.S. Navy finishing his career as a Lieutenant Commander supporting the Information Warfare Domain.

Jon Oltsik

Jon Oltsik

Distinguished Analyst and Fellow, Enterprise Strategy Group

Jon Oltsik is a distinguished analyst, fellow, and the founder of the firm’s cybersecurity service. With over 35 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO’s perspective and strategies. Jon focuses on areas such as cyber-risk management, security operations, and all things related to CISOs.

Terry Barber

Terry Barber

Information Security Manager - Security Analytics, American Express Global Business Travel

Terry hails from Santa Cruz California originally and began his career in Information Technology at Mighty Net, Inc. (founding company for Creditreport.com) as CTO – Director of Systems and Security while attending California State University Northridge. There he was responsible for all Infrastructure, networking, and security. In 2007, Terry took a Director of IT position at Protocol and left the company as Director of US IT Operations when they were acquired by Expert Global Solutions.

At EGS he ventured back into Information Security role full-time and worked alongside his CISO as the two man team responsible for achieving PCI compliance across the Enterprise. In 2015 he transitioned to American Express Global Business Travel as an Information Security Manager. Today his responsibilities include Cyber Security Metrics, Managing the Vulnerability management platforms including Qualys and several other Information Security platforms at GBT.