Rabia Bajwa
Rabia Bajwa is a seasoned professional in cybersecurity, boasting over 12+ years of focused experience in Cyber Governance, Risk, and Compliance (GRC) and data protection. Widely recognized for her expertise in cybersecurity governance, risk oversight, compliance, data privacy, and AI security, she has worked closely with numerous federal and private organizations throughout Dubai and the Middle East region to enhance their cybersecurity infrastructures, ensure compliance with regulatory standards, and develop robust security strategies. Based in Canada, Rabia provides strategic consulting services to companies in the UAE, with a current emphasis on integrating AI-powered solutions to enhance risk management and streamline compliance processes for entities. With impressive academic achievements, Rabia holds a Master’s degree in Cybersecurity and Threat Intelligence (MCTI) from Canada, alongside a Master’s in Project Management (MPM) and a Bachelor’s degree in Telecommunication Engineering. Her credentials are further bolstered by a strong array of industry certifications, including CISSP, CISM, CEH, ISO 27001 Lead Implementer, and ITIL. In addition to her consulting work, Rabia actively engages with the cybersecurity and tech community. She serves as the Director of Event Management for the Threat Modeling Connect (TMC) Toronto Chapter, where she promotes cooperation and advances practices in threat modeling. Moreover, she is an active member of several prominent organizations, including the ISACA Toronto Chapter, the ISC2 Toronto Chapter, Women in CyberSecurity (WiCyS), and Women in AI Governance (WAI-G), and serves as a Global AI Delegate for the UAE region.
Session
This talk, "SSL Stack Sovereignty: Why Your Cloud Provider's TLS Is a Legal Liability," reveals how cloud providers' SSL/TLS implementations create hidden legal risks for your organization. Despite all major clouds advertising FIPS 140-2/3 compliance, a 6-month study found 100% have fallback mechanisms to vulnerable crypto, directly violating their own claims. This isn't merely a technical flaw; it's a legal time bomb, as recent FTC rulings make YOU directly liable for your provider's crypto misrepresentations.
We will expose the "Schrödinger's FIPS" paradox, where providers like AWS and Azure claim FIPS compliance while using non-compliant algorithms, such as AWS ELB falling back to AES-128 under stress or Azure’s TLS 1.3 using OpenSSL code banned in EU government systems. Case studies highlight severe penalties, including $8M FTC fines for blindly trusting cloud TLS and $2.3M fines for organizations using "compliant" services, compounded by 83% of cloud contracts shifting crypto liability to the user.
Attendees will learn to forensically audit their cloud crypto configurations to expose these deceptive practices. We will provide court-admissible validation methods using open-source tools and demonstrate how to generate legally defensible audit trails. This session offers actionable strategies to protect your organization from significant legal and financial exposure by empowering you to verify, enforce, and contractually secure your cloud crypto.