Paul Hamman

Senior Vice President, Head of Cloud Security
Suntrust

Paul Hamman is senior vice president and head of cloud security. In this role, he leads a team that ensures the security and compliance of SunTrust’s cloud footprint. He is responsible for Cloud Security Engineering, Architecture, and Advisory functions. Mr. Hamman joined SunTrust in 2018 after serving as senior manager of Enterprise Cloud Security Architecture at Capital One. There, he consulted with lines of business to ensure that enterprise applications being migrated to the cloud were secure and compliant with regulatory and organizational security standards. He also was the lead security architect for several key cyber initiatives for big data, data analytics, malware information sharing, secure data movement, log aggregation, and security information event management. Prior to entering the financial services industry Mr. Hamman worked in the e-commerce and federal government/civilian consulting industry performing a vast range of responsibilities leading teams from systems administration/engineering, operations, architecture, security operations, incident response, compliance, and auditing. His experience included supporting efforts in legacy traditional data centers as well as many cloud first initiatives for the Department of Defense (DoD), General Services Administration (GSA), Department of Homeland Security (DHS), Department of Interior (DOI), and the Transportation Security Administration (TSA) for the “Clear” program (Pre-cursor to TSA Pre-Check). During his work he built and led high performing teams implementing a multitude of compliance frameworks to include Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS), Federal Information Security Management Act (FISMA/FedRAMP), DoD Information Assurance Certification and Accreditation Process (DIACAP), National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF), and National Institute of Standards and Technology (NIST) 800-53 series.

Check out the incredible speaker line-up to see who will be joining Paul.

Download The Latest Agenda

Day One: Sunday, September 22, 2019

Sunday, September 22nd, 2019

12:30 PM Evolving Threats and Empowering Security through the Cloud

The cloud offers economic, competitive and collaborative benefits to financial services. But the sensitive and regulated data kept by financial services requires heightened security measure. In this session, discuss the challenges and benefits of moving to the cloud. Look at how the changing threat landscape creates risks to traditional security practices. Examine current security trends affecting financial services and approaches to protecting sensitive data:

• Prioritizing and overcoming challenges to the cloud

• Embracing the cloud with full visibility while managing shadow IT

• Identifying gaps and ensuring regulatory compliance through the cloud

5:40 PM Converging Risk Management Across Multiple Disciplines to Address Recovery from Attacks

The parade of discussions regarding the Business Impact Analysis and Business Impact Assessment (collectively, the BIA) continue to play out across Business Continuity, Risk and Security industry events, discussion boards, articles, blogs, etc. Discussion topics include streamlining, mechanizing and integrating the BIA with the Risk Assessment, and eliminating the BIA altogether as proposed by select new BCM and Security methodologies. This discussion will look at the necessary convergence and major expansion of the BIA across multiple risk disciplines supporting a fundamental business intelligence and requirements driven contribution to all of these risk domains, supporting Information Security, Data Privacy, Incident Management and Operational Risk (by example).

Importantly, the BIAs that are performed today by standalone BCM teams are increasingly becoming out of date and insufficient as business continuity, technology operations and the business are called upon to address recovery from cyber-attacks.