X

Author Profile

David B. Cross

SVP SaaS Security

  • David is the Senior Vice President for the Oracle SaaS Cloud Security engineering and operations organization.  Previously, David was the public Cloud Security Engineering Director in the Google Security and Privacy organization and his preceding 18 years were spent with Microsoft in numerous security cloud, product and engineering leadership roles.  David holds a B.S. in Computer Information Systems as well as an MBA with a Management Information Systems concentration and is a longtime advocate of security application and technology stemming back to his US military service.

    David is the Senior Vice President for the Oracle SaaS Cloud Security engineering and operations organization.  Previously, David was the public Cloud Security Engineering Director in the Google Security and Privacy organization and his preceding 18 years were spent with Microsoft in numerous security cloud, product and engineering leadership roles.  David holds a B.S. in Computer Information Systems as well as an MBA with a Management Information Systems concentration and is a longtime advocate of security application and technology stemming back to his US military service.

     view more view less

Recent Posts by David B. Cross

Comparing the Top 20 Security Controls from CIS to DevSecOps

Continuing this blog series on DevSecOps, I have a contributing guest author, Patrick McLaughlin. Patrick is a SaaS Security Architect in the Oracle SaaS Cloud Security engineering group and helps drive the transformation of DevSecOps in Oracle SaaS. What are the Top 20 Security Controls? The Center for Internet Security (CIS) is a non-profit organization best known for its top 20 controls. For IT security professionals, these controls represent best practices for implementing a...

How Threat Intelligence Complements Security Controls in Oracle SaaS Cloud

For this posting, I have a contributing guest author Alida Wilms, who is a Senior Principal Technical Writer in the Oracle SaaS Cloud Security (SCS) organization. In general, when leaders complete competitive analysis and business intelligence, their conclusions and actions depend on the comprehensiveness and quality of the data that they collect. Similarly, when security professionals look at how to protect their organization’s data, the security controls that they put in...

Remaining Vigilant: Security Scanning Throughout the Oracle SaaS Application Lifecycle

For this posting, I would like to introduce my guest author Phil Waters, who is a Principal Security Engineer in the SaaS Cloud Security (SCS) organization. When it comes to measuring the security of an information system, scanning is incredibly practical. A previous blog post discussed static code scanning capabilities of SAST tools. This post will provide additional context around the types of security scanning that we do in the Oracle SaaS Cloud Security (SCS) team. Product...

Leveraging the NIST Cybersecurity Framework for DevSecOps

Continuing with this blog-series on DevSecOps, I have a contributing guest author, Patrick McLaughlin. Patrick is a SaaS Security Architect in the Oracle SaaS Cloud Security engineering group and helps drive the transformation of DevSecOps in Oracle SaaS. In this post, he explains how Oracle uses the available criteria and standards in each phase of the development cycle to provide the best security for its customers. Framework Introduction The National Institute of Standards...

A SIEM does much more than detect security incidents

Many of us are familiar with Security, Incident, and Event Management (SIEM) systems, which detect and monitor security events and activities. In this blog post, we want to show you that SIEMs have evolved and can now do much more. Most companies and system providers deploy a SIEM to get alerts and report on security-specific incidents and events in their systems. They build and deploy specific security rules, signatures, and use cases based on their applications, platforms,...

DevSecOps Impact on Current Security Practices

This week, I have a contributing guest author, Patrick McLaughlin, who is a SaaS Security Architect as part of the Oracle SaaS Cloud Security engineering group, which is helping drive the transformation of DevSecOps. DevOps aims to bring software development and maintenance closer to IT operations. It is designed to deliver new software features, enhancements to existing features, and bug fixes faster than traditional methods and with the same quality. DevOps combines...

Monitoring the Security Detection Framework

For this posting, I would like to introduce my joint guest author Yibin Liao, who is a software developer in the SaaS Cloud Security (SCS) organization. Our first posting “Oracle SaaS Cloud Security Goes Way Way Beyond the Bare Minimum”, raised a question: how do you ensure that an attacker cannot disable or corrupt your security detection framework? Very simply, it is all about comprehensive monitoring and validation! In cybersecurity infrastructure, you must have a validation...

Using Graph Powered Security Analytics to Find Attackers Quickly

Based on reader interest on how the Oracle SaaS Cloud Security (SCS) organization uses Oracle Labs PGX  for our Automated SaaS Cloud Security Services (ASCSS) infrastructure, I wanted to follow up with an article on one of the advantages of using graph-powered security analytics.  This posting describes how graphs make it very easy for incident responders or security engineers to analyze, investigate, and quickly identify the root cause of potential security issues or...

Oracle SaaS Cloud Security Continuity

This week we wanted to share how Oracle’s SaaS Cloud Security (SCS) organization is always prepared to support our customers and provide reliable continuity of service. Service continuity is a key pillar of Oracle’s SaaS Cloud Security Services. Our SCS organization uses a formal Risk Management Resiliency Program to maintain a comprehensive business continuity management (BCM) framework to protect Oracle employees and business operations.  A few critical aspects of our BCM...