SANS Network Security offers 40+ cyber security courses in Las Vegas or Live Online. Save $300 thru tomorrow.

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

SANS @MIC Talk - SEC510: Multicloud Security Assessment and Defense

  • Wednesday, June 24, 2020 at 8:30 PM EDT (2020-06-25 00:30:00 UTC)
  • Eric Johnson, Brandon Evans

You can now attend the webcast using your mobile device!

  

Overview

SEC510 provides cloud security practitioners, analysts, and researchers an in-depth understanding of the inner workings of cloud Platform-as-a-Service (PaaS) offerings from Amazon Web Services, Microsoft Azure, and the Google Cloud Platform. Through this, students will understand the philosophies that undergird each provider and how these have influenced their services. By contrasting these offerings, we can, for example, avoid applying AWS concepts to Azure and GCP where they are not appropriate.

Students will leave the course confident that they know everything they need to consider when adopting PaaS offerings in each cloud. Instead of merely citing best practices from each providers documentation, we will validate that these recommendations work first-hand in the lab activities. Using the infrastructure-as-code templates included with the courseware, students will launch unhardened services, analyze the security configuration, validate that they are insufficiently secure, deploy security patches, and confirm the service is secure. The hands-on exercises will reveal undocumented or incorrectly documented details about the service internals that researchers around the world have uncovered in their research.

The Big 3 providers alone provide more services than any one company can consume. As security professionals, it can be tempting to limit what the developers use to the tried and true solutions of yesteryear. For better or worse, this approach will inevitably fail as the product development organization sidelines a security organization that is unwilling to change. Functionality drives adoption, not security, and if a team discovers a service offering that can help them get their product to market quicker than the competition, they can and should use it. SEC510 gives you the ability to give relevant and modern guidance to these teams and enable them to move quickly and safely by providing guardrails.

Speaker Bios

Eric Johnson

Eric is a Co-founder and Principal Security Engineer at Puma Security and a Senior Instructor with the SANS Institute. His experience includes cloud security assessments, cloud infrastructure automation, static source code analysis, web and mobile application penetration testing, secure development lifecycle consulting, and secure code review assessments. Eric is the lead author and an instructor for SEC540: Cloud Security and DevOps Automation, a co-author and instructor for both the brand new SEC510: Multicloud Security Assessment and Defense, and the upcoming SEC584: Defending Cloud Native Infrastructure. Additionally, Eric is a SANS Security Awareness Developer Training Advisory Board Member and SANS Analyst for Application Security and DevSecOps Surveys.

To learn more about Eric, read his full bio here: https://www.sans.org/profiles/eric-johnson/


Brandon Evans

Brandon is a Senior Application Security Engineer at Asurion, where he provides security services for thousands of his coworkers in product development across several global sites responsible for hundreds of web applications. As an application developer for most of his professional career, he moved into security full-time largely because of his many formal trainings through SANS. Brandon is lead author for the new SEC510: Multicloud Security Assessment and Defense and a contributor and instructor for SEC540: Cloud Security and DevOps Automation.  Throughout his security journey, Brandon has earned five GIAC certifications - GSEC, GSSP-JAVA, GWAPT, GPEN, and most recently, the GCSA. He holds a Bachelor's Degree in Computer Science from Binghamton University, where in his senior year, Brandon won the “Best Use of the SendGrid API” at the HackBU Hackathon. Additionally, he has won four Security Innovation Capture the Flag events, also placing second at their CTF at DEF CON 27, and in 2017 Brandon won the Asurion Hackathon for making an Alexa skill for cellphone support. Brandon taught the first ever cohort at the Vanderbilt University Web Development Coding Bootcamp in 2019, and he’s a contributor to the OWASP Serverless Top 10 Project.

To learn more about Brandon, read his full bio here: https://www.sans.org/profiles/brandon-evans/

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.