Three More Days to Get an iPad Air w/ Smart Keyboard with any 5 or 6 Day SANS Training - Register Today!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Sorry, the slides for this webcast are not available for download.

Cloud Security Solutions Forum

  • Friday, December 11th | 10:30 AM - 3:30 PM ESTFriday, December 11, 2020 at 10:30 AM EST (2020-12-11 15:30:00 UTC)
  • Frank Kim, Ryan Nicholson, Brandon Evans, Shaun McCullough, Nam Le, Somasundaram Subbu, Ross Warren, Vinay Sukumar, Sounil Yu, Josh Thurston, Nathan Case


  • AWS Marketplace

You can now attend the webcast using your mobile device!



You will earn 4 CPE credits for attending this virtual event

Forum Format: Virtual

Event Overview

Looking for practical guidance on security in the AWS Cloud? Join SANS instructors and other cloud security leaders as they share tactics, techniques, and procedures for operating effectively and securely in the cloud.

This virtual event is based on the recently released book Practical Guide for Security in the AWS Cloud. This book features contributions from over one dozen leading security practitioners that provide you with the foundational knowledge to help develop your cloud security roadmap.

Topics covered in this event include:

  • Cloud security controls and services
  • DevSecOps and security automation
  • Security monitoring and threat detection
  • Cloud security architecture


10:30 - 10:50 AM EST - Welcome & Keynote

Frank Kim, @fykim, Chairperson, SANS Institute, @SANSInstitute

Three Keys for Cloud Security Success

WhiteCome learn about three key items that determine cloud security success: identity, monitoring, and automation. Walk away with tips and techniques for implementing these items including free and open source tools as well as cloud provider specific services you can use to build your security capabilities.


10:50 - 11:25 AM EST - AWS - Cloud Security Architecture

Accelerate Your Multi-account AWS Setup Securely with AWS Control Tower and Okta

Nam Le, Specialist Solutions Architect, AWS, @awscloud

When expanding your multi-account and multi-role AWS environment, cloud setup and IAM management quickly become cumbersome and complex. In the process of speeding up, organizations can unintentionally undermine security if they have inconsistent or incomplete identity policies. In this session, AWS Sr. Partner Solutions Architect, Nam Le, will walk you through how to quickly and securely scale your cloud infrastructure through Okta integrations with AWS Control Tower.

Join this webcast and learn how to:

  • Build and scale faster across a multi-account AWS Environment securely
  • Easily enforce security best practices for AWS Identity and Access Management (IAM) and AWS SSO


11:25 AM - 12:00 PM EST - SANS - Cloud Security Architecture

Moving Operations to the Cloud

Ryan Nicholson, @ryananicholson, Certified Instructor, SANS Institute, @SANSInstitute

When an organization moves an application or service from one environment to another without stopping to redesign the application, this is often referred to as lift and shift. Many organizations, as an initial effort to move applications and services into the cloud, choose this strategy to make the move less painful and more familiar to their existing operating environment. This results in a mainly Infrastructure as a Service (IaaS) hosting environment. Although this is not the most efficient use of cloud, it is still a very common occurrence.

This talk will guide you through some of the nuances that cloud brings to your organization when transitioning from on-premise to an IaaS cloud environment and to better prepare you to defend these, now cloud-hosted, applications and services. Several, of which, are discussed in much greater detail in SEC488: Cloud Security Essentials.

White12:00 - 12:10 PM EST - Break


12:10 PM - 12:45 PM EST - AWS - DevSecOps and Security Automation

Security Guardrail based Access Management Strategy for DevOps in AWS

Somasundaram Subbu, Sr. Category Lead, AWS, @awscloud

Technology transformation or enterprise modernization is often achieved by adopting a DevOps or DevSecOps operating model to support the business objectives. However, integrating security in a DevOps operating model comes with a number of challenges, which includes changing existing security processes, re-organizing governance structure, and upgrading security guardrails and observability capabilities. To enable fast application deployment and feature enhancements with appropriate security, one of the initial steps is to ensure the access management strategy is aligned to support DevOps. In this session, Somasundaram Subbu, Sr. Category Lead at AWS Marketplace, will describe a framework to increase your confidence in your AWS access management strategy among your application, infrastructure and security leaders. This session will provide a structured approach with common example controls to manage access guardrails and observability capabilities for access management.


12:45 - 1:20 PM EST - SANS - DevSecOps and Security Automation

More Servers, More Problems: How Serverless Changes and Reduces Risk

Brandon Evans, @BrandonMaxEvans, Certified Instructor, SANS Institute, @SANSInstitute

Security professionals face the daunting challenge of keeping up with constantly changing technology trends. By the time security has a handle on a new programming paradigm, product development has been using it in production for months, if not years. Worse yet, new tech is normally designed with security as an afterthought, introducing risks that will need to be managed rapidly.

Despite all of this, in this presentation, SANS Instructor Brandon Evans will illustrate that Serverless is actually a breath of fresh air for security. Although it might initially seem complex and intimidating, it reduces risk when compared to traditional application architecture by shrinking the customers portion of the Shared Responsibility Model. Additionally, it empowers security automation that would otherwise be impractical. Overall, as Serverless continues to mature, Brandon argues that it will become the recommended practice from security teams.


1:20 - 1:55 PM EST - AWS - Security Monitoring and Threat Detection

Maturing your Threat Detection and Incident Response in AWS Cloud

Ross Warren, Specialist Solutions Architect, AWS, @awscloud

Vinay Sukumar, Principal Category Leader (Security Intelligence), AWS, @awscloud

To continuously mature your Threat Detection and Incident Response in AWS you need a well thought out strategy that aligns with your business requirements and goals. While there are several tools available in this category, a mature practice requires an integrated framework that combines people, process and technology. In reality, CISOs and Security Operations Managers have to plan their strategy around budget and resource constraints without compromising on business outcomes. In this session we will begin with a high level overview of a mature Threat Detection and Incident Response model in the cloud, and discuss the stages in this maturity model one can target to meet their requirements. We will discuss native AWS security services and third party solutions as part of this model based on how some AWS customers, small to very large enterprises, have successfully implemented their Threat Detection and Incident Response programs.White

1:55 - 2:05 PM EST - Break


2:05 - 2:40 PM EST - SANS - Security Monitoring and Threat Detection

Cloud Security Monitoring and Threat Hunting in AWS

Shaun McCullough, @TheCybergoof, Instructor, SANS Institute, @SANSInstitute

In this talk, Shaun McCullough SANS Certified Instructor and author of the brand new class SEC541: Cloud Monitoring and Threat Hunting, will talk about Threat Hunting in a cloud environment.We will work through what is Hunting, and how it should be approached for Cloud environments.Then, we will look at some specific threats, and investigate the AWS tools that generate the log data we can use to detect those threats.Services such as CloudTrail, VPC Flow Logs and CloudWatch can be used to collect and analyze the data, while GuardDuty, Config and Inspector have their own detections built in.

White2:40 - 3:25 PM EST - Cloud Security Controls and Services Panel Discussion

Frank Kim, @fykim, Chairperson, SANS Institute, @SANSInstitute

Sounil Yu, CISO-in-Residence at YL Ventures and Former Chief Security Scientist at Bank of America

Brandon Evans, @BrandonMaxEvans, Certified Instructor, SANS Institute, @SANSInstitute

Josh Thurston, @JoshT_Thurston, Security Technologist

Nathan Case, Senior Security Strategist, AWS, @awscloud

3:25 - 3:30 PM EST - Closing Remarks

Frank Kim, @fykim, Chairperson, SANS Institute, @SANSInstitute

Speaker Bios

Frank Kim

Frank is the Founder of ThinkSec, a security consulting and CISO advisory firm, as well as a SANS Fellow and lead for both the SANS Management and SANS Cloud Security curricula, overseeing two dozen SANS courses in the two fastest growing curricula. Previously, as CISO at the SANS Institute, Frank led the information risk function for the most trusted source of computer security training and certification in the world. Frank is also the author and instructor of MGT512: Security Leadership Essentials for Managers, MGT514: Security Strategic Planning, Policy, and Leadership, and co-author of SEC540: Cloud Security and DevOps Automation. Learn more about Frankhere.

Ryan Nicholson

Ryan's passion for information technology started in 2001 when he found himself constantly trying to make his high school's computers and even calculators do things that they weren't exactly intended to do. They lacked games, so he learned how to create some. Yes, some may call this hacking. Ryan called it "fun", which led to attending college with intentions of becoming a software engineer. During school, Ryan obtained an internship with a very cybersecurity-minded organization -- the Defense Information Systems Agency (DISA). Ever since then, hes been hooked on cybersecurity. Ryan is an instructor for SANS SEC530: Defensible Security Architecture and Engineering and a co-author for the new SEC488: Cloud Security Essentials. Learn more about Ryan here:

Brandon Evans

Brandon works for Zoom Video Communications, in which he leads their internal Application Security training. As an application developer for most of his professional career, he moved into security full-time largely because of his many formal trainings through SANS. Hes a contributor to the OWASP Serverless Top 10 Project and a co-leader for the Nashville OWASP chapter. Brandon is lead author for the new SEC510: Public Cloud Security: AWS, Azure, and GCP and a contributor and instructor for SEC540: Cloud Security and DevOps Automation.Read more about Brandon here.

Shaun McCullough

As a hands-on practitioner with a gift for architecture design, Shaun explores the good and bad of how the Cloud is changing the way the industry secures and runs infrastructure. During his 25+ years of experience, Shaun has spent equal parts in security engineer and operations as well as software development. With extensive experience within the Department of Defense, Shaun was the Technical Director of the Red and Blue operations teams, a researcher of advanced host analytics, and ran a threat intelligence focused open source platform based on MITRE ATT&CK. Previously, he was a consultant with H&A Security Solutions, focusing on analytic development, DevOps support, and security automation tooling. Shaun has authored the brand new SEC541: Cloud Monitoring and Threat Hunting and can be found teaching SEC545: Cloud Security Architecture and Operations on a regular basis. Learn more about Shaun here.

Nam Le

Nam is a Specialist Solutions Architect at AWS covering AWS Marketplace, Service Catalog, Migration Services and Control Tower. He helps customers implement security and governance best practices using native AWS Services and Partner products. He is an AWS Certified Solutions Architect, and his skills include security, compliance, cloud computing, enterprise architecture and software development. Nam has also worked as a consulting services manager, cloud architect, and as a technical marketing manager.

Somasundaram Subbu

Somasundaram has over 18 years of Information Technology and Security experience which includes working for large financial services organization, technology providers, research institutes, and currently with AWS. During his employment at AWS as a Senior Architect, he has worked directly with large enterprises to help with their infrastructure and security modernization, technology and operating model transformation, and ops integration. Currently as a Sr. Category Lead, he is helping to drive the AWS Marketplace Category and technical strategy for Security and DevSecOps.

Ross Warren

Based in Northern Virginia, Ross is a specialist solution architect at AWS with a focus on security. Prior to his work at AWS, Ross's areas of expertise included cyber threat hunting and security operations. Ross has worked at a handful of startups and has enjoyed the transition to AWS because he can build solutions for customers with the breadth and depth of services offered by AWS.

Vinay Sukumar

Vinay Sukumar is a Principal Category Leader (Security Intelligence) at Amazon Web Services. He has over 10 years of experience in cybersecurity working with SIEM, vulnerability assessment, threat intelligence, and IAM solutions in various capacities including as a practitioner and product manager. As a category leader in AWS Marketplace, Vinay partners with leading security solution providers to enable end-to-end security practice on AWS platform. Vinay has presented at various conferences including BlackHat, RSA, and IBM Think on topics of threat detection and response.

Sounil Yu

Sounil is a security innovator with 30+ years of hands-on experience creating, breaking, and fixing computer and network systems. He is the CISO-in-Residence at YL Ventures, the creator the Cyber Defense Matrix and the DIE Resiliency Framework, a Board member for the FAIR Institute and SCVX Corp, and co-chair of Art into Science: A Conference on Defense. He previously served as the Chief Security Scientist at Bank of America, leading a cross-functional team focused on driving innovation and a thriving startup culture to meet emerging cybersecurity needs, to serve as a challenge function, and to be a change agent driving unconventional thinking and alternative approaches to hard problems in security.

Josh Thurston

Josh is a cyber security veteran and leader in driving company strategy and innovation. Over fifteen years, Thurston has helped organizations solve complex security challenges and mature their security programs. He has helped bring new innovative products to market, designed and managed Security Operations Centers, and advised organizations on architecture and strategy in the public and private sector.

Nathan Case

A successful leader, who has built strategic plans and implemented cloud services for healthcare, genomics, and the defense industries. Drives security culture by challenging conventional approaches to security. Unifies development, operations, and security to drive business goals while managing risk. A team builder who is comfortable diving deep into coding and architecture.

Security Architect and Strategist in AWS Security, working with a worldwide customer base to introduce leading cloud security practices.A public speaker, delivering talks on various security topics to executives and their technical staff, large venues and conferences.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.