Spring Cyber Solutions Fest 2024: Cloud Security Track

Today, most security professionals are actively architecting and implementing cloud security controls across SaaS, PaaS, and IaaS environments. We’ve learned that what once worked on-premises may not work quite the same in the cloud, and a wide range of new and innovative security platforms and services have emerged and evolved in recent years to address critical cloud security use cases and categories, including:

  • Cloud security monitoring and incident management
  • Cloud workload and data protection
  • Cloud security posture management (CSPM) and SaaS security posture management (SSPM)
  • Cloud identity and access management
  • Machine learning and AI in cloud environments
  • Cloud Native Application Protection Platforms (CNAPP)
  • Zero trust network access (ZTNA) and SASE/SSE
  • Cloud security automation

On the Cloud Security Track, leading solution providers and practitioners will highlight the newest techniques and technologies that organizations of all types and sizes are leveraging to better secure and manage their cloud services and environments. Talks and panels will cover all the topics mentioned, and more!

Forum Highlights: 

  • Discover how industry leading technologies and techniques can enhance your ability to better secure you cloud environments 
  • Learn from industry leaders as they dive into cutting-edge use case studies and specific examples
  • Interact with SANS chair Dave Shackleford, speakers and peers in the interactive Slack workspace by posting questions and discussing the forum topic 

STOP, there's more!

  • Check out our other featured tracks to gain more valuable content + earn additional CPE credits --> LEARN MORE
  • Get connected with our event chairs, guest speakers, and fellow attendees for our 2024 events --> GET CONNECTED


Thank You to Our Sponsors

algosec.pngCado-Logo-Color.pngCardinalOps-logo_(1).pngCyborg Security LogoHorizontal_Logo_-_Dark_-_Blue_Swoosh.pngGoogle_Cloud.pnghpe_aruba_orange_pos_rgb.svgMicrosoft_-_Transparent.pngPrisma_Cloud_logos_RGB_Horizontal_(4).pngSonrai_logo_stacked_purple-black.pngsysdig_logo-black_with_tagline.png

Agenda | April 18, 2024 | 8:30AM-5:15 PM EDT


Session Description

8:30 AM

Kickoff & Welcome

Dave Shackleford, Event Chair, SANS Instructor

8:45 AM

Session One | Planning and Operationalizing Microsoft CNAPP

The first step to a successful CNAPP adoption is to ensure that all design considerations applicable to your environment are included in the planning phase. In this presentation, you will learn the design principles of Microsoft CNAPP and how to plan this solution's adoption. You will also learn about the main use case CNAPP scenarios and how to operationalize those scenarios using Microsoft Defender for Cloud.

Yuri Diogenes, Principal PM Manager, Microsoft

9:25 AM

Session Two | Active Cloud Risk. How to Combat the Most Critical Threats

Cloud has changed the way we develop, deploy, and scale apps. Traditional perimeter and end-point security does not address the distributed and ephemeral nature of cloud and has huge blind spots for adversaries to go undetected. Active cloud risk is the most imminent threat security teams need to address. Even purpose-built Cloud Security Posture Management (CSPM) tools, relying on point-in-time assessments, fall short in detecting and mitigating these active risks.
This session will address the distinction between static and active cloud risks, common tactics used in cloud attacks, and the new 5/5/5 framework that sets a new standard in detecting, prioritizing, and responding to active cloud risks and threats. Join us for live discussion and real-life examples from our experts from Sysdig and Amazon.

Alex Lawrence, Field CISO, Sysdig

Puneet Kulshrestha, Security Engineering Lead, Amazon

10:05 AM


10:20 AM

Session Three: SSE: Secure Access Everywhere. Even the Cloud

In today's digital landscape, the cloud is no longer a new frontier, but a new normal. As businesses navigate this shift, the challenge of securing access to resources and applications becomes increasingly complex. This session will not only introduce you to the innovations of a Security Service Edge (SSE) platform, but also to a new perspective on cloud security. SSE is more than just a tool; it directly responsds to the paradigm shift in how we approach security in the cloud and datacenter. By enhancing user experience and simplifying security measures, SSE helps break down barriers and redeifines what's possible in the realm of cloud security, and secure aceess as a whole. Join us as we explore these complexities, challenge the status quo, and envision a future where secure access is a given, not a challenge. This is more than just an opportunity to stay ahead in the cloud security landscape - it's a chance to lead the way.

John Spiegel, Director, Network Transformation (Field CTO), HPE Aruba Networking

Darren Tidwell, Sr. System Engineer, HPE Aruba Networking

10:50 AM

Session Four | Rethinking Least Privilege: How to Slash Your Cloud Risk Overnight

In practice, achieving true least privilege at scale is not just daunting; it's practically impossible. There are over 40,000 possible permissions across the major clouds; trying to build policies around them all is not sustainable.

It’s time to redefine least privilege, by focusing on protecting only the most sensitive and impactful permissions. By concentrating on what truly matters—the permissions that, if misused, could cause the most significant damage— makes the principle of least privilege achievable for teams to implement.

This approach avoids overly restrictive least privilege policies that strip developers of low-impact access they need to keep your applications moving.

Join us as we dive into:

* Which permissions pose the greatest risk to your own cloud

* Practical strategies for focusing on the permissions that truly matter

* Easing friction between Development and Cloud Operations

Sandy Bird, CTO & Co-Founder, Sonrai Security

11:20 AM

Session Five | Say Goodbye to Silos: Unify Your Cloud Security and Enterprise SecOps

As more business-critical workloads are migrated to cloud environments, cloud security and security operations teams struggle to gain visibility and insight into the cloud risks that could jeopardize their business. Operational silos and disconnected tooling make it difficult to proactively identify high-risk issues and efficiently take the necessary steps to remediate them. But what if we could converge cloud security and SecOps into a single platform, with a single view of security events and data, to break down silos and manage the full lifecycle of cloud risks?

Join us to learn how proactive and reactive cloud security practices are coming together, enabled by converged platforms that unite security and SecOps teams so that more experts can act on cloud issues. See how Google Cloud’s Security Command Center can identify risks in multi-cloud environments, prioritize the most serious ones, and get them into the hands of the right teams for quick remediation. By bringing cloud security and SecOps together we can make the cloud safer.

Jason Sloderbeck, Group Product Manager, Google Cloud Security

11:50 AM


12:00 PM

Keynote Session | Navigating Your Cybersecurity Career Panel

As the digital landscape evolves at an unprecedented pace, challenges and opportunities lie ahead for cybersecurity professionals. How will emerging technologies and artificial intelligence shape our industry? Will Artificial Intelligence take over cybersecurity jobs in the future? Join us for an engaging keynote panel featuring distinguished guests Candace Williams and Marie Galloway, as we navigate through the dynamic landscape of cybersecurity careers in the age of innovation. Gain valuable insight and advice on navigating your cybersecurity career as we delve into these compelling questions and more, offering a roadmap for success in this ever-evolving field.


Naomi Buckwalter, Executive Director, Cybersecurity Gatebreakers Foundation

Candace Williams, Founder, Cyb(her) Ally

Mari Galloway, CEO, Cyberjutsu

1:00 PM

Session Six | Protecting your APIs from design to runtime with Defender for APIs

APIs are at the heart of modern application development and a prime target for cyber threats. During the session, we will explore the risks associated with APIs in today's cloud applications, identify best practices to protect APIs against vulnerabilities and data breaches, and early detection and remediation of vulnerabilities in pre-deployment and runtime. By the end of the session, you'll learn how to leverage Microsoft Defender for APIs for in-depth security posture assessment and real-time threat detection, ensuring a secure and resilient API ecosystem for your applications.

Preetham Anand Naik, Senior Product Manager, Microsoft

1:20 PM

Session Seven | Combat Active Cloud Risk in Your Environment

In the cloud, two types of risk emerge - static, encompassing misconfigurations and policy violations, and active, including user activity, dynamic config changes, and permissions.

This session will cover analyzing both static and active risk to prevent advanced cloud attacks, correlating events to prioritize imminent risks and mitigate real-time threats, and include a live demo showcasing strategies to combat active cloud risk.

Jake Walker, Enterprise Sales Engineer, Sysdig

1:40 PM

Session Eight | Cloud-Native with Confidence: Securing your Containers & Kubernetes

In the ever-evolving realm of cloud-native development, prioritizing strong security measures is essential. With a growing number of organizations embracing containers and Kubernetes to run their applications, comprehending the expanded attack surface and implementing effective security measures is critical. This session confronts this challenge directly, offering best practices for establishing secure container and Kubernetes deployments. Attendees will acquire valuable insights and actionable strategies to strengthen their cloud-native infrastructure, enabling their applications to flourish securely and confidently.

Martijn Baecke, Sr. Product Marketing Manager, Prisma Cloud

2:10 PM

Session Nine | Securing the Skies: Navigating Cloud Chaos with Protective DNS

Embark on a journey through the intricacies of cloud application risks as we unveil the often-overlooked dangers associated with unsanctioned usage in the workplace. This talk discusses the challenges unsanctioned cloud applications present and ways DNS can be used to enforce application-level policies and further be a solution to fortify your digital defenses. Key Points: -Security at Stake: Delve into the potential security vulnerabilities and data breaches stemming from unauthorized cloud app usage. -Operational Turbulence: Examine the operational challenges organizations face due to the lack of centralized control and lack of policy enforcement of unapproved cloud app usage. -Unmasking the Phishing Threat: Explore how deceptive phishing tactics open the door to digital mayhem and how DNS can be used to strengthen defenses against these and other threats. -Compliance and Security Frameworks: Recognize that Protective DNS isn’t just a nice-to-have; it’s increasingly essential for staying compliant with big cybersecurity standards like ISO 27001, CMMC and NIST.

Richie Wade, Sales Engineering Lead, DNSFilter

2:40 PM


2:55 PM

Session Ten | Cloud Data Breaches - Leading Cause in 2023 & Prevention

In today’s digital landscape, where cloud adaption is pervasive, ensuring robust security measures across the entire lifecycle is paramount. Join us in this insightful session as we delve into the crucial aspects of safeguarding cloud environments from the developmental phase to deployment and beyond. 

We will start by exploring the leading cause of cloud data security breaches in 2023, shedding light on the vulnerabilities that threaten modern cloud infrastructure. From there, we'll walk-through prevention mechanisms in-terms of early risk assessments and the implementation of cloud-native security layers. We will discuss the critical nature of protecting cloud environments at the network and application layers and dive into how cloud-native security should integrate seamlessly with DevOps repositories and help foster team alignment and empower your different teams to proactively address security concerns without sacrificing agility or speed. 

Ava Chawla, Director of Cloud Security, AlgoSec Inc.

3:25 PM

Session Eleven | Positioning Puzzles: The Detection & Response Edition

Over the years, you’ve collected a significant number of tools for detection and response (D&R) – and you are likely to add in more. Fitting them all together ends up looking like trying to solve a giant jigsaw puzzle… albeit one where the pieces aren’t quite perfectly cut for the perfect solution to fit them all together!

SIEM, EDR, UEBA… so many options. Some of the tools detect some of the threats some of the time. Sometimes there are gaps. Most of the time there is a great deal of overlap! Cloud complicates the problem by opening new territory for defense emplacement and more choice for detection approaches. Concepts related to “endpoint” and “edge” become less useful when considering this far larger, less well-defined surface area.

The consequence of the right detections in the wrong place (or the wrong detections in the right place!) is not just a messy, unsolved puzzle. Instead it means you are vulnerable to attacks that may have otherwise been prevented.

Join Dr. Anton Chuvakin, Security Advisor at Office of the CISO, Google Cloud, and Jay Lillie, VP of Customer Success at CardinalOps, as they look at a variety of threats and associated vectors in hybrid environments in order to help outline a set practices for getting the best fit out of the mixed pieces in your D&R inventory.

Dr. Anton Chuvakin, Security Advisor at Office of the CISO, Google Cloud

Jay Lillie, VP of Customer Success, CardinalOps

3:55 PM

Session Twelve | Bringing DFIR Into the Cloud Age

While IT has seen unprecendented increases in the need for speed and scale, DFIR has not kept pace. Today's DFIR teams are forced to shoe-horn their current incident response processes for use in today's investigations across endpoints, servers, and the cloud. However a better and faster way to investigate and respond to cloud threats exists. This webinar explores the role of automation in amplifying your incident response strategy to incorporate a strategy for repeatable, automated investigations across endpoints, servers and the cloud. We'll discuss best practices for automating triage collection and full disk acquisition to increase efficiency and drastically reduce time to cloud investigation and response.

Paul Stamp, VP of Products, Cado Security

4:25 PM

Cloud Security Panel


Dave Shackleford, Event Chair, SANS Instructor


Yuri Diogenes, Principal PM Manager, Microsoft

Preetham Anand Naik, Senior Product Manager, Microsoft

Anna Belak, Director, Office of Cybersecurity Strategy, Sysdig

Jamie Butler, Head of Runtime Protection & Response Strategy, Sysdig

5:10 PM

Closing Remarks

Dave Shackleford, Event Chair, SANS Instructor