Cloud Security Solutions Forum

  • Friday, 11 Dec 2020 10:30AM EST (11 Dec 2020 15:30 UTC)
  • Speakers: Frank Kim, Nam Le, Vinay Sukumar, Shaun McCullough, Brandon Evans, Ryan Nicholson, Ross Warren, Josh Thurston, Somasundaram Subbu, Sounil Yu, Nathan Case

You will earn 4 CPE credits for attending this virtual event

Forum Format: Virtual

Event Overview

Looking for practical guidance on security in the AWS Cloud? Join SANS instructors and other cloud security leaders as they share tactics, techniques, and procedures for operating effectively and securely in the cloud.

This virtual event is based on the recently released book Practical Guide for Security in the AWS Cloud. This book features contributions from over one dozen leading security practitioners that provide you with the foundational knowledge to help develop your cloud security roadmap.

Topics covered in this event include:

  • Cloud security controls and services
  • DevSecOps and security automation
  • Security monitoring and threat detection
  • Cloud security architecture


10:30 - 10:50 AM EST - Welcome & Keynote

Frank Kim, @fykim, Chairperson, SANS Institute, @SANSInstitute

Three Keys for Cloud Security Success

Come learn about three key items that determine cloud security success: identity, monitoring, and automation. Walk away with tips and techniques for implementing these items including free and open source tools as well as cloud provider specific services you can use to build your security capabilities.

10:50 - 11:25 AM EST - AWS - Cloud Security Architecture

Accelerate Your Multi-account AWS Setup Securely with AWS Control Tower and Okta

Nam Le, Specialist Solutions Architect, AWS, @awscloud

When expanding your multi-account and multi-role AWS environment, cloud setup and IAM management quickly become cumbersome and complex. In the process of speeding up, organizations can unintentionally undermine security if they have inconsistent or incomplete identity policies. In this session, AWS Sr. Partner Solutions Architect, Nam Le, will walk you through how to quickly and securely scale your cloud infrastructure through Okta integrations with AWS Control Tower.

Join this webcast and learn how to: '

  • Build and scale faster across a multi-account AWS Environment securely
  • Easily enforce security best practices for AWS Identity and Access Management (IAM) and AWS SSO

11:25 AM - 12:00 PM EST - SANS - Cloud Security Architecture

Moving Operations to the Cloud '

Ryan Nicholson, @ryananicholson, Certified Instructor, SANS Institute, @SANSInstitute

When an organization moves an application or service from one environment to another without stopping to redesign the application, this is often referred to as 'lift ' and 'shift '. Many organizations, as an initial effort to move applications and services into the cloud, choose this strategy to make the move less painful and more familiar to their existing operating environment. This results in a mainly Infrastructure as a Service (IaaS) hosting environment. Although this is not the most efficient use of cloud, it is still a very common occurrence.

This talk will guide you through some of the nuances that cloud brings to your organization when transitioning from on-premise to an IaaS cloud environment and to better prepare you to defend these, now cloud-hosted, applications and services. Several, of which, are discussed in much greater detail in SEC488: Cloud Security Essentials.

12:00 - 12:10 PM EST - Break

12:10 PM - 12:45 PM EST - AWS - DevSecOps and Security Automation

Security Guardrail based Access Management Strategy for DevOps in AWS

Somasundaram Subbu, Sr. Category Lead, AWS, @awscloud

Technology transformation or enterprise modernization is often achieved by adopting a DevOps or DevSecOps operating model to support the business objectives. However, integrating security in a DevOps operating model comes with a number of challenges, which includes changing existing security processes, re-organizing governance structure, and upgrading security guardrails and observability capabilities. To enable fast application deployment and feature enhancements with appropriate security, one of the initial steps is to ensure the access management strategy is aligned to support DevOps. In this session, Somasundaram Subbu, Sr. Category Lead at AWS Marketplace, will describe a framework to increase your confidence in your AWS access management strategy among your application, infrastructure and security leaders. This session will provide a structured approach with common example controls to manage access guardrails and observability capabilities for access management.

12:45 - 1:20 PM EST - SANS - DevSecOps and Security Automation

More Servers, More Problems: How Serverless Changes and Reduces Risk

Brandon Evans, @BrandonMaxEvans, Certified Instructor, SANS Institute, @SANSInstitute

Security professionals face the daunting challenge of keeping up with constantly changing technology trends. By the time security has a handle on a new programming paradigm, product development has been using it in production for months, if not years. Worse yet, new tech is normally designed with security as an afterthought, introducing risks that will need to be managed rapidly.

Despite all of this, in this presentation, SANS Instructor Brandon Evans will illustrate that Serverless is actually a breath of fresh air for security. Although it might initially seem complex and intimidating, it reduces risk when compared to traditional application architecture by shrinking the customer's portion of the Shared Responsibility Model. Additionally, it empowers security automation that would otherwise be impractical. Overall, as Serverless continues to mature, Brandon argues that it will become the recommended practice from security teams.

1:20 - 1:55 PM EST - AWS - Security Monitoring and Threat Detection

Maturing your Threat Detection and Incident Response in AWS Cloud

Ross Warren, Specialist Solutions Architect, AWS, @awscloud

Vinay Sukumar, Principal Category Leader (Security Intelligence), AWS, @awscloud

To continuously mature your Threat Detection and Incident Response in AWS you need a well thought out strategy that aligns with your business requirements and goals. While there are several tools available in this category, a mature practice requires an integrated framework that combines people, process and technology. In reality, CISOs and Security Operations Managers have to plan their strategy around budget and resource constraints without compromising on business outcomes. In this session we will begin with a high level overview of a mature Threat Detection and Incident Response model in the cloud, and discuss the stages in this maturity model one can target to meet their requirements. We will discuss native AWS security services and third party solutions as part of this model based on how some AWS customers, small to very large enterprises, have successfully implemented their Threat Detection and Incident Response programs.

1:55 - 2:05 PM EST - Break

2:05 - 2:40 PM EST - SANS - Security Monitoring and Threat Detection

Cloud Security Monitoring and Threat Hunting in AWS

Shaun McCullough, @TheCybergoof, Instructor, SANS Institute, @SANSInstitute

In this talk, Shaun McCullough SANS Certified Instructor and author of the brand new class SEC541: Cloud Monitoring and Threat Hunting, will talk about Threat Hunting in a cloud environment. 'We will work through what is Hunting, and how it should be approached for Cloud environments.'then, we will look at some specific threats, and investigate the AWS tools that generate the log data we can use to detect those threats.'services such as CloudTrail, VPC Flow Logs and CloudWatch can be used to collect and analyze the data, while GuardDuty, Config and Inspector have their own detections built in. '

2:40 - 3:25 PM EST - Cloud Security Controls and Services Panel Discussion

Frank Kim, @fykim, Chairperson, SANS Institute, @SANSInstitute

Sounil Yu, CISO-in-Residence at YL Ventures and Former Chief Security Scientist at Bank of America

Brandon Evans, @BrandonMaxEvans, Certified Instructor, SANS Institute, @SANSInstitute

Josh Thurston, @JoshT_Thurston, Security Technologist

Nathan Case, Senior Security Strategist, AWS, @awscloud

3:25 - 3:30 PM EST - Closing Remarks

Frank Kim, @fykim, Chairperson, SANS Institute, @SANSInstitute