Whether you are just getting started in cloud security, or overseeing a team of technical cloud practitioners, you likely have questions about the process, journey, technology, and career path of cloud security professionals. In this talk, we’ll discuss the myriad responsibilities of people working in cloud security from viewpoints such as: Privacy, compliance, data protection, engineering, offensive security, as well as leadership. We...

In the modern age of cloud migration and deployment, many security and operations teams are having to adapt their controls, processes, and overall strategies to better accommodate hybrid on-premises and cloud environments. While some architecture and control concepts stay relatively static, many don't. So what should organizations do? How can traditional firewalls and cloud-native controls co-exist? What network security controls are most read...

The NIST cybersecurity framework (CSF) is a well-known and respected framework for building cybersecurity programs. The NIST CSF organizes the framework beginning with functions that organize basic cybersecurity activities at their highest level. These functions are Identify, Protect, Detect, Respond and Recover. The NIST CSF functions can help cloud organizations express their management of cybersecurity risk by organizing information, enabli...

Cloud environments are attractive targets for hackers due to their complexity, which can make them difficult to defend. This presentation will cover three crucial strategy cloud security that can greatly impact your cloud's security posture. We'll kick off by exposing common vulnerabilities that hackers exploit to compromise cloud environments. Then, we'll dive into effective mitigation strategies in three areas and show you how to implement t...

Have you ever wondered about the security of your cloud environment and how to enhance the posture? In this session, we will guide you through the eight fundamental domains of cloud security in today's organizations. Our aim is to help you comprehend the key areas that need to be secured in the cloud. We'll cover topics such as Identity & Access Management and cloud security governance, and provide an overview of essential capabilities in...

Organizations are becoming multicloud by choice or by chance. Many of them integrate their multiple clouds with one another to improve Availability, support Disaster Recovery, and leverage the services from each provider that best fits their needs. These integrations are usually supported with long-lived credentials. These credentials are much more valuable to attackers than those that are short-lived. Even following best practices will leave...

The financial services industry continues to be a popular attack target, in large part due to the sensitive data and personal information financial institutions safeguard. These institutions are subjected to data scraping, credential stuffing, network intrusion attempts, and more — all while needing to provide fast, reliable service for their end-users and remain compliant with the strictest possible privacy and security regulations. Q2...

With the exponential growth and agility of development activities, it is imperative that development, security, and operations personnel work collectively to produce the highest quality of service with a strong focus on risk reduction. The 2023 DevSecOps Survey will examine several indicators of secure DevOps maturity retrospectively from the prior years' survey responses. As a part of the survey, we will analyze the accelerated nature of CI/C...

The cloud is considered the new frontier of technology, but it is no longer novel. The COVID-19 pandemic led companies to the cloud at a breakneck pace. Different organizations during this same period evolved from single-cloud organizations to multi-cloud organizations. The various cloud providers offer a wide variety of services that fit organizations' needs on a case-by-case basis. The multi-cloud environment introduces a new problem for Thr...

Where can you find leaders from Amazon Web Services (AWS), Google Cloud, Microsoft Azure, and SANS Institute, together on one virtual stage? It's happening for the first time ever at the SANS Cloud Security Exchange 2023. At the inaugural event in 2022, thousands of attendees from across the globe enjoyed learning from independent cloud security experts from SANS Institute who were paired with leaders from the cloud security providers. It work...