Cloud Security Exchange 2023

  • Friday, 18 Aug 2023 11:00AM EDT (18 Aug 2023 15:00 UTC)
  • Speaker: Frank Kim

The accompanying eBook is available here!

Where can you find leaders from Cloud Security Controls and Mitigations, and SANS Institute together on one virtual stage? 

Attend our second-annual, 100% free, online Cloud Security Exchange to learn what’s working and what’s  not  working in cloud security architecture and cloud threat detection. Build leading cloud security capabilities at your organization with implementation best practices from the world’s foremost cloud security experts.

Thousands from around the globe joined us for the inaugural Cloud Security Exchange in 2022 to hear from cloud security experts from SANS Institute and the world’s top cloud security providers. It worked so well that we’re doing it again!

We are SO excited to bring you the Cloud Security Exchange 2023 on Friday, August 18th! To view the full agenda, lineup of guest speakers, and details about this event, please visit our event landing page.

Hit the "Watch Now" button below to rewatch this monumental event.


Proudly Partnered With


Event Agenda

Join us Live Online on Friday, August 18 for unparalleled access to in-depth presentations and expert panel discussions.
Timeline (EDT)Session Details
11:00AMWelcome & Opening Remarks

Frank Kim, Event Chairperson, SANS Institute
11:15AMSession One | Cloud Security: Shared Fate, Identity, Secure Data and the Coming AI

Cloud security is a shared responsibility between the cloud provider and the customer. The cloud provider is responsible for the security of the underlying infrastructure, while the customer is responsible for the security of their data and applications - and there is a lot of nuance around that. A shared fate model builds on shared responsibility to improve customer cloud security.

Many traditional cloud security practices focus on the oversized role of identity management, secure configurations, and data security, which are evolving and still very much at the core of our attention. In addition to traditional security measures focused on securing the cloud infrastructure, organizations should also consider the use of cloud-enabled capabilities with artificial intelligence (AI) to improve their cloud security posture and detection/response models. AI can be used to detect and respond to threats more quickly and effectively than traditional security solutions.

Dr. Anton Chuvakin, Security Advisor at Office of the CISO, Google Cloud
Dave Shackleford, Senior Instructor, SANS Institute
12:00PMSession Two | Navigating Cloud Security Challenges: Principles and Strategies for Cyber Defense

As organizations embrace the cloud at an ever-increasing rate, they encounter not only operational hurdles but also pose significant challenges for their security teams. These teams are tasked with reshaping their strategies to effectively protect against emerging threats in this new landscape.

With over a billion endpoints, millions of customers, and its massive global cloud presence, this session will discuss Microsoft's principles of cyber defense in the cloud, how it organizes to defend itself, and the feedback loops between all phases of NIST frameworks through its governance. Along with these continuous processes that optimize continuous learning, we will cover how Microsoft utilizes its own products for defense scenarios that the reader can leverage and implement.

Dr. Andre Alfred, Vice President, Microsoft Azure Security
Ryan Nicholson, Certified Instructor, SANS Institute

Session Three | Zero Trust: Getting started, making progress, and iterating your way to improved security

As organizations continually assess fundamental questions such as: “What are the optimal patterns to ensure the right levels of security and availability for my systems and data?” they are increasingly using the term Zero Trust as their way to describe their desired state and set of capabilities. For some, the journey towards Zero Trust has been self-motivated - a natural evolution of cybersecurity in general and defense in depth. For others, the journey is being driven by public policy and regulation from many different corners of the world.

Regardless of the rationale, and despite some of the hype and buzz that surrounds the term, the technical and business outcomes produced by Zero Trust are meaningfully better than what was possible with the previous generation of perimeter-oriented security models. These outcomes are achieved by augmenting network controls with rich signals including identity, device, behaviors, and more to make ever more granular, continuous, adaptive, and sophisticated access control decisions. However, implementing Zero Trust still isn’t as straight forward as it might seem. Organizations still ask: How do I get started? How do I make continued progress? How do I demonstrate ROI?

Join Mark Ryland, the Director of the Office of the CISO for AWS, and Ashish Rajan, SANS instructor and host of wildly popular Cloud Security podcast, as they answer these types of tough questions and share their experience and guidance in ways that will get you beyond debating Zero Trust and into implementation.


Mark Ryland, Director, Office of the CISO, AWS

Ashish Rajan, Associate Instructor, SANS Institute


Session Four | Security Myths and Missteps in Cloud Migration

Despite the well-established benefits of cloud computing — especially in terms of cost, scalability, and efficiency — many enterprises are still reluctant to migrate to the cloud. A key factor in their reluctance is a set of widely held myths about the cloud, including the misconception that it’s less secure than on-premises implementation because security is supposedly the sole responsibility of the cloud services provider. In fact, the shared responsibility model — with the cloud provider and its enterprise customer working together to ensure the protection of sensitive data and business-critical applications — can actually result in significant improvements in security. Myths and misconceptions like this can lead to serious missteps by enterprises and their IT and security organizations, missteps that result in operational inefficiencies, unnecessary costs and wasted investments.

Few security experts are better-qualified to help enterprises make well-informed cloud migration security decisions than Simon Vernon. A SANS Certified Instructor and Principal Technical Architect, he also serves as the CSO of a data center. Join him, Brandon Evans, SANS Certified Instructor and lead author of SEC510: Cloud Security Controls and Mitigations, and Megan Roddie, author of FOR509: Enterprise Cloud Forensics and Incident Response, as they bust cloud security myths and show how to navigate around common missteps.

Simon Vernon, Certified Instructor, SANS Institute
Brandon Evans, Certified Instructor, SANS Institute
Megan Roddie, Author, SANS Institute

Panel Discussion | Straight Talk on Cloud Security

Have you ever wanted to get the straight story on cloud security right from the source? This panel will give you the chance to ask the tough questions about cloud security directly to leaders from AWS, Google Cloud, and Microsoft Azure who will be together for the first time on one virtual stage. Learn what has worked in cloud security, what doesn’t, and what the future holds for cloud workloads.

Frank Kim, Event Chairperson, SANS Institute

Dr. Anton Chuvakin, Security Advisor at Office of the CISO, Google Cloud
Dr. Andre Alfred, Vice President, Microsoft Azure Security
Mark Ryland, Director, Office of the CISO, AWS
Simon Vernon, Certified Instructor, SANS Institute

3:45PMClosing Remarks

Frank Kim, Event Chairperson, SANS Institute