BIPOC in Cybersecurity Forum: Cloud Security

  • Webcast Aired Thursday, February 18, 2021 at 11:00 am EST (2021-02-18 16:00:00 UTC)
  • Speakers: Frank Kim, Christina Morillo, Jerich Beason, Shinesa Cambric, AJ Yawn, Carlos O'Neil, William Tate, Vidya Gopalakrishnan, Dominique West, MK Palmore, Zeanique L. Barber

Skilled cloud security professionals are in demand as organizations of all types become increasingly cloud-based. Emerging opportunities offer great possibilities for cybersecurity practitioners from underrepresented minority groups.

This free, virtual event, hosted by the SANS Diversity, Equity, and Inclusion Task Force, is open to the whole community.

Talks and panels will explore topics related to:

  • Public Cloud Security: AWS, Azure and GCP
  • Cloud Native Security - Containers and Kubernetes Security
  • Containerization and Orchestration exploits
  • Securing modern Cloud and DevOps environments
  • Cloud Security Monitoring and Threat Hunting
  • Cloud Security Architecture and Operations
  • Cloud Penetration Testing & Incident Response

All SANS events strive to provide content based on real-world experience with actionable lessons you can use as soon as you get back to work.

Click Here to Download the Forum Agenda

Agenda

8:00-8:15am PST - Welcome & Opening Remarks

Frank Kim @frankkim, Forum Chair, SANS Institute

Dennis Scandrett, Forum Chair, SANS Institute - Diversity, Equity, and Inclusion Task Force, SANS Institute

8:15-8:50am PST - Keynote

MK Palmore @mk_palmore, VP, Field Chief Security Officer (Americas), Palo Alto Networks

8:50-9:30am PST - Panel: Cloud Security: Now and Next

Moderator: Emmett Childress Jr., Managing Partner, Solutions Architect, Approximare

Panelists:

Cierra Jernigan @CierraJernigan, Information Technology Recruiter, Eliassen Group

Christina Morillo @divinetechygirl, Sr. Security Product Manager, Security Engineering, Marqeta Inc.

Tameika Reed, Senior Infrastructure Engineer, Expansia

Dominique West, Technical Account Manager, Data Dog; Atlanta Chapter Lead, Women's Society of Cyberjutsu (WSC)

This panel of cloud security practitioners will discuss the challenges of securing modern cloud and dev ops environments. They'll also cover security monitoring and threat hunting in the cloud.

9:30-9:40am PST - Break

9:40-10:15am PST - Simplifying and Demystifying Security in the Cloud

Jerich Beason, Chief Information Security Officer, Epiq

Cloud security is foreign to some and it can be scary when your employer assigns you the task of securing a new or existing cloud environment. This talk will tackle basic cloud security principles that will mitigate the majority of threats in the cloud. We will cover the benefits and drawbacks of security in an on premise or data center environment vs security in a public cloud. At the end of the session, whether you are a novice or experienced in the cloud, you will have some practical takeaways that will assist in you and your organization's cloud security journey.

10:15-10:50am PST - Automating Security on AWS

AJ Yawn @AJYawn, Co-Founder and CEO at ByteChek, Founding Board Member of the National Association of Black Compliance and Risk Management Professional (NABCRMP)

Cloud security is tough to get right, the threats are endless and it's easy for users to make mistakes that can cause significant breaches. This is why it's important for cloud security professionals to understand how they can implement automated, event-driven security controls in the cloud to reduce these risks. In this talk, we will discuss some of the options available to cloud security professionals to automate security on AWS and we will spend time in the AWS console and AWS CLI walking through how to automate three common risks in the cloud - S3 public buckets, S3 bucket encryption, and enforcing multi-factor authentication for each user.

10:50-11:00am PST - Break

11:00-11:35am PST - Identity-In-Depth: Leveraging Native Tools and a Multi-Layered Approach to Secure Cloud Identity

Shinesa Cambric @gleauxbalsecur1, Identity Governance and Compliance Architect

As companies expand their cloud footprint and leverage more cloud services out of necessity, digital identity becomes the true perimeter and key to protecting an organization's assets. Cloud environments offer multiple layers for identity management and controls and understanding privileges can be a challenge for many - possibly leaving an open door for attackers. Join the discussion to learn more about some of the native tools and processes available in cloud systems to manage and enable a defense-in-depth strategy with identity.

11:35am-12:10pm PST - Shifting Left: How to Prepare your Security Team for the Cloud

Carlos O'Neil @ether_geek, Technical Information Security Officer - Cloud, Invesco

Rapid cloud adoption requires security teams to extend their controls to the cloud and many teams are discovering that the classic model of Information Security doesn't apply completely to the cloud. We'll discuss the challenges that come with cloud adoption and discuss suggestions on how to enable teams to be more agile in the cloud and leverage native and non-native tools to enhance security.

12:10-12:20pm PST - Break

12:20-12:55pm PST - Emerging Cybersecurity Concerns Amidst a Pandemic - Data Architecture Solutions that Keep Business Applications and Business Systems Safe

Zeanique L. Barber @ZLBusinessTech, VP of Health & Public Sector, Gerent LLC.

Now more than ever, organizations must architect end to end data security systems, while meeting data consumers' need to have data available dynamically and quickly. Big data sets flowing in and out of systems, in an organization's environment, can increase the likelihood of cyber attacks. A mindful, and comprehensive security approach to data is a strong defense against emerging cybersecurity concerns. In this session, we will explore emerging cybersecurity trends and how data security architecture best practices can be leverages as a defense against cyber attacks.

12:55-1:30pm PST - "Mindmap" your way into the Cloud: A framework for hunting in AWS and GCP

Vidya Gopalakrishnan @vidya_gkrishnan, Security Engineer, Palo Alto Networks

Threat hunting is a deliberate effort to proactively search through data in order to detect threats that have evaded otherwise predictable security alerts or detections. The subset of logs that we don't generally care about could serve as major treasure troves to perform rewarding hunts. 'When it comes to the cloud, the AWS and GCP MITRE ATT&CK Matrix give us a good starting point on how to approach each of the cloud-specific attacker Techniques, Tactics and Procedures (TTPs). However, which of these listed tactics should we care about for hunting ? How do these TTPs translate in terms of actual logsets like AWS Cloudtrail or GCP Stackdriver?'this presentation will present to the audience a mind-map for threat hunting in AWS and GCP environments. More specifically, this mind-map would translate Cloud ATT&CK TTPs to specific patterns to look for in these 2 logsets: 1. AWS Cloudtrail and 2. GCP Stackdriver.'the presentation will also take the audience through how the mind-map is applied to hunt for 2 specific example use-cases focused on GCP and AWS.

1:30-2:05pm PST - Threat Modeling to Mitigate Evolving Threats in a Hybrid Cloud Environment

William Tate, US AWS Technology Leader, PwC

Organizations have started to understand the benefits of cloud especially in recent times due to the pandemic and started to migrate some of their critical workloads to cloud. Business agility, speed to market of new products and new business mdoels are some of the reasons organizations are adopting cloud at faster pace. The speed of adoption conflicts with security of workloads and associated data and hence organizations need a focused approach to understand threats and develop mitigations. Mr. Tate recommends an approach that focuses on outside-in-perspective using customer journeys to identify crown jewels, their associated threats and needed controls. This presentation provides an overview of an approach to defining threat models in organizations adopting cloud to run their critical workloads.

2:05-2:15pm PST - Closing Remarks