Cloud Security Exchange 2023

FREE Virtual Event | Friday, August 18, 2023 Join AWS, Google Cloud, Microsoft Azure, and SANS Institute for this one-of-a- kind cloud security-focused event.

Where can you find leaders from Amazon Web Services (AWS), Google Cloud, Microsoft Azure, and SANS Institute together on one virtual stage? It's happening at the SANS Cloud Security Exchange 2023 on Friday, August 18!

Attend our second-annual, 100% free, online Cloud Security Exchange to learn what’s working and what’s not working in cloud security architecture and cloud threat detection. Build leading cloud security capabilities at your organization with implementation best practices from the world’s foremost cloud security experts.

Thousands from around the globe joined us for the inaugural Cloud Security Exchange in 2022 to hear from cloud security experts from SANS Institute and the world’s top cloud security providers. It worked so well that we’re doing it again!

We want to elevate your voice! Submit your question for our experts today for a chance to have it answered live during our panel as we close out the day with representatives from each of the world's largest CSP's.

Proud Partners

Spend all day soaking up expert knowledge from leading authorities from the big three cloud platform providers.

Register Now

This free virtual event on Friday, August 18 is not to be missed. It’s your only opportunity to engage with top cloud security experts from the largest cloud providers in the world – all in one place. Walk away with actionable advice and best practices you can apply to protect your cloud environments over the next 12 months.

Event Agenda

Join us Live Online on Friday, August 18 for unparalleled access to in-depth presentations and expert panel discussions.
Timeline (EDT)Session Details
11:00AMWelcome & Opening Remarks

Frank Kim, Event Chairperson, SANS Institute
11:15AMSession One | Cloud Security: Shared Fate, Identity, Secure Data and the Coming AI

Cloud security is a shared responsibility between the cloud provider and the customer. The cloud provider is responsible for the security of the underlying infrastructure, while the customer is responsible for the security of their data and applications - and there is a lot of nuance around that. A shared fate model builds on shared responsibility to improve customer cloud security.

Many traditional cloud security practices focus on the oversized role of identity management, secure configurations, and data security, which are evolving and still very much at the core of our attention. In addition to traditional security measures focused on securing the cloud infrastructure, organizations should also consider the use of cloud-enabled capabilities with artificial intelligence (AI) to improve their cloud security posture and detection/response models. AI can be used to detect and respond to threats more quickly and effectively than traditional security solutions.

Dr. Anton Chuvakin, Security Advisor at Office of the CISO, Google Cloud
Dave Shackleford, Senior Instructor, SANS Institute
12:00PMSession Two | Navigating Cloud Security Challenges: Principles and Strategies for Cyber Defense

As organizations embrace the cloud at an ever-increasing rate, they encounter not only operational hurdles but also pose significant challenges for their security teams. These teams are tasked with reshaping their strategies to effectively protect against emerging threats in this new landscape.

With over a billion endpoints, millions of customers, and its massive global cloud presence, this session will discuss Microsoft's principles of cyber defense in the cloud, how it organizes to defend itself, and the feedback loops between all phases of NIST frameworks through its governance. Along with these continuous processes that optimize continuous learning, we will cover how Microsoft utilizes its own products for defense scenarios that the reader can leverage and implement.

Dr. Andre Alfred, Vice President, Microsoft Azure Security
Ryan Nicholson, Certified Instructor, SANS Institute

Session Three | Zero Trust: Getting started, making progress, and iterating your way to improved security

As organizations continually assess fundamental questions such as: “What are the optimal patterns to ensure the right levels of security and availability for my systems and data?” they are increasingly using the term Zero Trust as their way to describe their desired state and set of capabilities. For some, the journey towards Zero Trust has been self-motivated - a natural evolution of cybersecurity in general and defense in depth. For others, the journey is being driven by public policy and regulation from many different corners of the world.

Regardless of the rationale, and despite some of the hype and buzz that surrounds the term, the technical and business outcomes produced by Zero Trust are meaningfully better than what was possible with the previous generation of perimeter-oriented security models. These outcomes are achieved by augmenting network controls with rich signals including identity, device, behaviors, and more to make ever more granular, continuous, adaptive, and sophisticated access control decisions. However, implementing Zero Trust still isn’t as straight forward as it might seem. Organizations still ask: How do I get started? How do I make continued progress? How do I demonstrate ROI?

Join Mark Ryland, the Director of the Office of the CISO for AWS, and Ashish Rajan, SANS instructor and host of wildly popular Cloud Security podcast, as they answer these types of tough questions and share their experience and guidance in ways that will get you beyond debating Zero Trust and into implementation.


Mark Ryland, Director, Office of the CISO, AWS

Ashish Rajan, Associate Instructor, SANS Institute


Session Four | Security Myths and Missteps in Cloud Migration

Despite the well-established benefits of cloud computing — especially in terms of cost, scalability, and efficiency — many enterprises are still reluctant to migrate to the cloud. A key factor in their reluctance is a set of widely held myths about the cloud, including the misconception that it’s less secure than on-premises implementation because security is supposedly the sole responsibility of the cloud services provider. In fact, the shared responsibility model — with the cloud provider and its enterprise customer working together to ensure the protection of sensitive data and business-critical applications — can actually result in significant improvements in security. Myths and misconceptions like this can lead to serious missteps by enterprises and their IT and security organizations, missteps that result in operational inefficiencies, unnecessary costs and wasted investments.

Few security experts are better-qualified to help enterprises make well-informed cloud migration security decisions than Simon Vernon. A SANS Certified Instructor and Principal Technical Architect, he also serves as the CSO of a data center. Join him, Brandon Evans, SANS Certified Instructor and lead author of SEC510: Cloud Security Controls and Mitigations, and Megan Roddie, author of FOR509: Enterprise Cloud Forensics and Incident Response, as they bust cloud security myths and show how to navigate around common missteps.

Simon Vernon, Certified Instructor, SANS Institute
Brandon Evans, Certified Instructor, SANS Institute
Megan Roddie, Author, SANS Institute

Panel Discussion | Straight Talk on Cloud Security

Have you ever wanted to get the straight story on cloud security right from the source? This panel will give you the chance to ask the tough questions about cloud security directly to leaders from AWS, Google Cloud, and Microsoft Azure who will be together for the first time on one virtual stage. Learn what has worked in cloud security, what doesn’t, and what the future holds for cloud workloads.

Frank Kim, Event Chairperson, SANS Institute

Dr. Anton Chuvakin, Security Advisor at Office of the CISO, Google Cloud
Dr. Andre Alfred, Vice President, Microsoft Azure Security
Mark Ryland, Director, Office of the CISO, AWS
Simon Vernon, Certified Instructor, SANS Institute

3:45PMClosing Remarks

Frank Kim, Event Chairperson, SANS Institute

Attendee Quotes from Last Year's Event

This was a great event, hoping to send more of our team through some of the cloud courses this coming fiscal year!
I must depart for my next engagement. This was an amazing learning event for me and greatly appreciate the opportunity. Best wishes to all and take care!
You guys are all amazing and I am so thankful to have such a pleasant host! They were all so amazing and I want to listen to them talk again honestly. Thank you so much for the great activity!
Thanks to all the experts and moderators, this was a really informative event! Have a good one, and see you all soon!
Good information! Looking forward to reviewing the slides and archived video.