The big three cloud providers innovate at a pace that security teams have a hard time keeping up with. New architectural patterns for cloud security and governance call for each team or application to get its own account to limit blast-radius and provide for better financial accountability. The depth of services and the breadth of accounts across multiple different cloud providers prevent many security organizations from detecting issues before they become a data breach. Cloud providers innovate faster than the security vendor community, and the security team shouldnât have to slow the adoption of new services because our vendor community cannot keep up. In this talk, Chris will dive deep into how a set of policies were blended with a swarm of AWS Lambda to deliver customized security scorecards for business stakeholders. Attendees will come away with a strategy and actionable set of tasks to kick-start their cloud security program, along with guidance on how to find and select tools they can use to automate configuration checking at scale.