Cloud & Dev Ops Summit @Night

  • Thursday, 22 Oct 2020 7:30PM EDT (22 Oct 2020 23:30 UTC)
  • Speakers: Shaun McCullough, Cesar Rodriguez, Toni de la Fuente

Learn to Safeguard Mission-Critical Assets in the Cloud

Protecting information systems, applications, and data in the cloud presents a new set of challenges for organizations to overcome. Our SANS instructors are among the best cybersecurity instructors in the world and will provide you with guidance and all the skills you need to defend your organization from ever-evolving threats. Students will also be able to enjoy live online bonus sessions!


5:30-5:50 pm MDT - Securing Serverless with Terrascan

Cesar Rodriguez, Head of Developer Advocacy, Accurics

As development teams move to serverless architectures, how does this change the way security is handled vs traditional infrastructure? In this talk we'll walk through how security controls can be embedded into serverless architectures and how Terrascan, an open source static code analyzer for infrastructure as Code, can help find security issues in your serverless infrastructure before it's deployed.

6:00-6:20 pm MDT - What I Have Learned Writing Prowler

Toni de la Fuente @toniblyx, Senior Security Consultant, AWS

Prowler is an AWS security assessment Open Source tool that helps cloud security auditors to know the security status of their resources in the AWS cloud. I want to share all what I have learned during the last 3 years, not only in terms of Open Source and such, but also around use cases, community, AWS security, AWS services APIs, AWS command line interface and security in general. What mistakes I've made and what would be different if I start it again. This talk will help attendees to make better decisions and fail earlier if they start the journey of building their own security tools.

6:30-6:50 pm MDT - Architecting for Threat Hunting

Shaun McCullough @thecybergoof, Director

Improve your Threat Hunting success through architecture and operations. This talk will highlight architecture design patterns, DevSecOps pipelines, and the Cloud's automatable infrastructure to mitigate the threat and make attacker behaviors stand out.