Corporate Security Blog

Security Sessions at Oracle OpenWorld

Eric Maurice
Director of Security Assurance

A number of OpenWorld sessions will be dedicated to security, around topics including: Database Security, Identity and Access Management, Oracle Cloud Infrastructure Security, and Application Security. 

The corporate security teams will also be featured in a number of these sessions, including:

  • Cooperation in a Cause (PAN4753)

There are no silos in security: no person or team can do it all. At Oracle, corporate security includes multiple teams, with different remits in security governance, and they all successfully cooperate across organizational boundaries to improve the security of Oracle’s corporate infrastructure. The benefits include cross-pollination, a wider perspective on security, broader access to skilled resources—and less compliance answer shopping. It also enables streamlined security to-dos, faster security compliance, and fewer crossed signals. During this session hear from corporate security oversight leaders about how to integrate compliance efforts for better results with less churn.

This session will be presented by Paul Andres, Corporate Security Architect, Steve Deitrick, VP Global Information Security, and Mary Ann Davidson, Chief Security Officer.

It will take place on Tuesday, September 17, 03:15 PM - 04:00 PM at the Moscone South, Room 203. 


  • Secure Development in a DevOps and Cloud World (TIP4791)

DevOps is an approach to software development and deployment that encourages rapid and flexible response to changes. Many cloud providers are proponents of DevOps. At the same time, development organizations often leverage cloud services to mirror the flexibility of DevOps software development and deployment within their IT infrastructure. Does the rapid and flexible nature of DevOps negatively impact the security of the deliverables? In this session see how secure development and deployment practices can be performed in a DevOps and cloud world.

This session will be presented by John Heimann, Vice President, Security Programs, and Uppili Srinivasan, Chief Security Architect, Oracle SaaS. 

It will take place on Tuesday, September 17, 01:45 PM - 02:30 PM at the Moscone South, Room 152 B. 


  • Key Steps to Securing Business-Critical Applications (CON5918)

Business applications are increasingly targeted by malicious attackers who seek to steal the “crown jewels” of an organization. In this joint session learn from security experts from Onapsis and Oracle how to secure your environment, as well as actionable hardening recommendations. These security experts share common security audit findings and provide tips and techniques to develop an effective security patching strategy.

This session will be presented by Bruce Lowenthal, Senior Director, Security Alerts Group, Oracle, and Juan Perez-Etchegoyen, CTO, Onapsis Inc. 

It will take place on Tuesday, September 17, 01:45 PM - 02:30 PM at the Moscone West, Room 3007 A.


  • Understanding Security Advisories and Identifying Mitigating Controls (TIP4701)

Oracle periodically receives reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released patches. In some instances, attackers have been successful because targeted customers had failed to apply the available updates. Oracle recommends that customers remain on actively supported versions and apply critical patch update fixes without delay. However, patching activities often conflict with production requirements. This session provides the knowledge necessary to analyze Oracle security advisories so you can accurately prioritize the application of security updates and determine the adequacy of mitigating controls in your environment.

This session will be presented by Reshma Banerjee, Director, Security Alerts, Oracle.

It will take place on Wednesday, September 18, 3:45 PM – 04:30 PM at the Moscone South, Room 159 A.