Shivam Dhar
Vice President - Lead Security Engineer @JPMorganChase
Plano, Texas, United States
Actions
With nearly a decade of experience across sectors such as e-commerce, healthcare, gaming, open-source, and cybersecurity, within both large enterprises and agile startups, Shivam brings a creative, solutions-driven approach to complex challenges. Committed to community engagement, he actively mentors early-career cybersecurity professionals, judges prestigious tech awards, peer-reviews academic research, and contributes to tech-for-good initiatives with nonprofit organizations. He currently leads cloud security efforts at JPMorganChase, driving robust solutions to support the firm’s ongoing growth.
Links
Badges
Area of Expertise
Topics
Serverless is not a silver bullet - You lose servers, not responsibility!
Behind the abstraction lies a misconception, that serverless means "less" responsibility. Spoiler alert - it doesn't! Fast and adaptable, serverless is also dangerously simple to configure incorrectly. In highly dynamic, event-driven Cloud environments, sporadic and fine-grained service integrations introduce unique attack surfaces that traditional security models fail to address.
This technical session dives deep into the tactics, techniques, and procedures (TTPs) adversaries use to exploit serverless applications via new attack vectors, including vulnerable libraries, leaky secrets, wildcard IAM roles, and insecure triggers. It also emphasizes actionable, tried-and-true methods over theory—equipping practitioners with the skills to defend modern serverless stacks while maintaining operational velocity.
The key takeaways from this session include a clear understanding of how serverless risks differ from traditional application threats, especially in areas like ephemeral execution, implicit trust boundaries, and event-driven attack vectors. Lastly, executives and architects will learn how these lines can be inadvertently crossed, exposing data or escalating privileges.
Guardians of the Cloud: From Stealth to Security at Scale
The rapid scaling of cloud environments by organizations creates increasingly complex and urgent security challenges. This session offers a tactical blueprint for security leaders to transition from reactive defense to proactive cloud security at scale. Attendees will gain actionable insights on implementing secure design patterns, avoiding costly pitfalls, and embedding security into the core of cloud architecture. Emphasizing the power of cross-functional alignment, the session explores how shared frameworks and clearly defined objectives can bridge gaps between the various teams. Given that misconfigurations are responsible for over 60% of cloud breaches, the discussion will underscore the importance of continuous monitoring and robust policy enforcement. Finally, the session will determine how well-defined roles and responsibilities, spanning internal teams and cloud providers, are required to fuel accountability, operational clarity, and long-term resiliency in cloud security efforts.
***********************************************
The session can be from 20 - 35 mins long, below is the outline as per 20 min plan:
1. Introduction & Objective Setting (2 minutes)
* Brief overview of public cloud adoption trends and security challenges
* Set session objectives: lifecycle view of secure cloud usage, key building blocks, and actionable best practices
2. Lifecycle of Cloud Service Integration (3 minutes)
* Steps to onboard a new cloud service into firm-wide inventory
* Importance of early threat modeling and risk assessment
* Visual: Lifecycle diagram showing service onboarding to deployment
3. Implementing Core Security Controls (4 minutes)
* Overview of preventative, detective, and remediative controls
* Touchpoints on CSPM (Cloud Security Posture Management), CDR (Cloud Detection & Response), etc.
* Controls required before a service can be used (e.g., IAM, encryption, network boundaries)
* Visual: Control matrix across phases
4. Building Continuous Risk Reporting Pipelines (3 minutes)
* Designing pipelines for automated checks and risk scoring
* Tools and integrations for ongoing monitoring
* Visual: Architecture of a risk reporting pipeline
5. Cloud Governance & Stakeholder Responsibilities (4 minutes)
* Key governance principles: ownership, oversight, accountability
* Roles of Security, DevOps, Compliance, Product Teams, and Cloud Providers
* Visual: RACI matrix or stakeholder map
* Common challenges: role confusion, communication gaps
6. Compliance & Regulatory Integration (2 minutes)
* Building in regulatory procedures (e.g., audit readiness, logs, data sovereignty)
* Ensuring controls meet internal and external compliance standards
* Brief mention of frameworks (e.g., NIST, ISO 27001)
7. Secure Distribution & Usage of Cloud Services (1 minute)
* Best practices for distributing firm-approved cloud services
* Importance of using sanctioned channels and standard images/templates
8. Final Takeaways & Best Practices (1 minute)
* Recap of key best practices and pitfalls to avoid
* Encourage the audience to assess their cloud governance maturity
Shivam Dhar
Vice President - Lead Security Engineer @JPMorganChase
Plano, Texas, United States
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top