Cyber Solutions Fest 2023: Cloud Security

  • Friday, 27 Oct 2023 8:30AM EDT (27 Oct 2023 12:30 UTC)
  • Speaker: Dave Shackleford

Today, most security professionals are actively architecting and implementing cloud security controls across SaaS, PaaS, and IaaS environments. We’ve learned that what once worked on-premises may not work quite the same in the cloud, and a wide range of new and innovative security platforms and services have emerged and evolved in recent years to address critical cloud security use cases and categories, including:

  • Cloud security monitoring and incident management
  • Cloud workload protection
  • Cloud security posture management (CSPM) and SaaS security posture management (SSPM)
  • Cloud identity and access management
  • Cloud data protection
  • Cloud Native Application Protection Platforms (CNAPP)
  • Zero trust network access (ZTNA) and SASE/SSE
  • Cloud security automation

In the Cloud track at Cyber Solutions Fest 2023, leading solution providers and practitioners will highlight the newest techniques and technologies that organizations of all types and sizes are leveraging to better secure and manage their cloud services and environments. Talks and panels will cover all of the topics mentioned, and more!

Join in on the action! Connect with fellow attendees and our event chairs in the SANS Solutions Forum Interactive Slack Workspace. Sign in once and you'll be all set for the rest our of 2023 Solutions Forums. We'll see you there!

To view the full agenda for the Cloud Security Track, please scroll down! Take note of your most anticipated presentations and favorite speakers below. Pro tip: You can visit our landing page to register for more than one track to truly take your cybersecurity skills to the next level!


Platinum Sponsor


Gold Sponsors


Silver Sponsor


Event Platinum Sponsors

Anomali_Logos_Anomali Full Color Primary - NEW.pngCorelight_Transparent.pngEclypsium_Logo_Full_Color.pngendace_vert_logotagline-black-padding[34].pngPalo_Alto_Networks.pngsophos logosysdig_logo-black_with_tagline.png

Agenda | October 27, 2023 | 8:30AM - 3:45PM EDT


Session Description

8:30 AM

Kickoff & Welcome

Dave Shackleford, Event Chair, SANS Instructor

8:50 AM

Session One | Cloud Security Accelerated: Does Your Threat Detection Measure Up?

Cloud attacks are fast. After finding an exploitable asset, malicious actors need less than 10 minutes to execute an attack. While preventive controls are common in cloud environments, no organization can stay safe without a threat detection and response program for addressing zero-day exploits, insider threats, and other malicious behavior. 
Evolve your security mindset by subscribing to the “distributed, immutable, ephemeral” way of cloud-native thinking in the SOC to uplevel detection and accelerate incident response. Discover how to stay ahead of the evolving threat landscape by acknowledging the realities of modern attacks, identifying areas of improvement, and pushing your cloud security programs forward. 

Anna Belak, Director, Office of Cybersecurity Strategy, Sysdig
Désiré Banse, Manager, Security Operations, IdeaCrew & former NIST Researcher

9:30 AM

Session Two | How to Size Up Your Cloud Security Program

Whether you are ramping up at a new role or you need to to check the health of your existing cloud security program, this session will help you find and examine the cloud security risks unique to your organization. Andy Ellis, Advisory CISO, Orca Security will cover the critical questions you should ask in order to prioritize risks, put together a winning cloud security strategy, and get buy-in from key stakeholders. Andy’s talk will include real-life examples from his 20+ years of experience leading cybersecurity teams.

Andy Ellis, Advisory CISO, Orca Security

10:00 AM

Session Three | Building Cloud Security Programs That Can Shift Left

For organizations born in the cloud and seeking to adopt cloud technologies like Containers, Kubernetes, and Serverless and enhance their cloud security program, Shifting security left is foundational. It empowers engineering teams to lead security conversations, effectively managing risks associated with the cloud. But how can this be achieved when security and development often have transactional relationships? Join this discussion for real-world stories and practical guidance from the frontlines.

Swaroop Sham, Product Marketing Manager, Wiz

10:30 AM


10:45 AM

Session Four | Take a Proactive Risk-Based Approach to Securing Your Cloud-Native Applications

With the increased adoption of multi-cloud services, developers can provision their own cloud infrastructure and manage computing resources. But as cloud-native development accelerates, it is difficult to ensure secure development processes are in place, increasing the chance for misconfigurations and security risks.

In this session we’ll explore emerging cloud security risks and how continuous, in-depth visibility across your cloud environments can help reduce potential risks from becoming threats. Learn how Microsoft Defender for Cloud can enhance your ability to identify and remediate security gaps across your infrastructure, enabling you to stay ahead of evolving threats.

Giulio Astori, Cybersecurity Architect, Microsoft

11:15 AM

Session Five | Zero Trustonomics: Superior Security that Cuts Cost and Complexity

In times of economic uncertainty, security teams are tasked to do more, but with fewer resources. As cost pressures lead to smaller teams and shrinking budgets, stopping increasingly sophisticated cyberthreats is made more difficult than ever. Unfortunately, the standard tools and methods of cybersecurity only serve to complicate the situation further. The status quo is overly complex and inefficient when it comes to the use of both money and human capital.

At the same time, this scenario presents an opportunity to capture superior economic value by embracing a cloud-based zero trust architecture. With it, organizations can cut down on cost and complexity, and solve a number of key challenges that plague perimeter-based architectures and waste vital resources. In this webinar, you will learn:

· Why perimeter-based architectures increase cost and complexity

· The six key ways that organizations can save money on security and networking

· How cloud-based zero trust overcomes the challenges of yesterday’s architectures

· Why Zscaler is the ideal partner for unlocking superior economic value

Jacob Serpa, Senior Portfolio Marketing Manager, Zscaler

11:45 AM


12:00 PM

Keynote Session | Unraveling the Security Web: A Unified Approach to Threat Intelligence, Incident Response, Cloud Security and Security Architecture

In today's fast-paced and evolving threat landscape, a holistic and adaptive approach to cybersecurity has never been more crucial. Join us for an extraordinary keynote panel discussion featuring some of the most renowned experts in the industry: Ashish Rajan, Lesley Carhart, Chris Cochran, and Ron Eddings. These cybersecurity advocates will explore the interconnected nature of threat intelligence, threat hunting and incident response (IR), cloud security, and security architecture in building a robust and resilient security ecosystem.

Throughout this panel discussion, our experts will connect the dots between the four essential pillars of cybersecurity: threat intelligence, threat hunting/IR, offensive security, and security architecture/solutions. They will share their experiences, knowledge, and vision to empower you and your organization to navigate the complexities of the cybersecurity landscape and stay ahead of emerging threats.

Take advantage of this exceptional opportunity to learn from the best in the industry and unlock the potential of a unified approach to cybersecurity. Register now and join us in this engaging and enlightening conversation that will undoubtedly reshape your understanding of cybersecurity unity!

Ashish Rajan, Host, Cloud Security Podcast

Chris Cochran, Co-Founder, Hacker Valley Media and Advisory CISO, Huntress
Lesley Carhart, Director of ICS Cybersecurity North America, Dragos

Ron Eddings, Co-Founder and Host, Hacker Valley Media

1:00 PM

Afternoon Kickoff
Dave Shackleford, Event Chair, SANS Instructor

1:10 PM

Session Six | Unveiling AMBERSQUID: Uncommon Threats in the Cloud's Shadows

In the vast expanse of the cloud, threats can often go unnoticed, hidden in the shadows. One such elusive adversary, known as AMBERSQUID, has recently emerged as a cloud-native Cryptojacking threat, catching the attention of Sysdig's Threat Research Team (TRT). What sets AMBERSQUID apart is its cunning exploitation of AWS services that are rarely targeted by malicious actors, including AWS Amplify, AWS Fargate, and Amazon SageMaker. These unconventional tactics allow it to slip past conventional security measures, potentially costing victims over $10,000 per day.

This session delves deep into the intricacies of AMBERSQUID's evasion tactics, shedding light on its remarkable ability to bypass AWS resource limits and sharing essential strategies to not only detect and respond to AMBERSQUID but also to fortify their defenses against similar threats, both within the AWS ecosystem and beyond. Empower yourself with crucial cloud security insights to safeguard your environment from hidden dangers.

Nigel Douglas, Senior Technical Marketing Manager, Sysdig

1:30 PM

Session Seven | Securing Your Cloud Native Applications

Cloud native development has changed the way developers both build and secure applications. It’s more important than ever for apps to remain secure through their entire development lifecycle – but without impacting dev teams’ ability to innovate with efficiency. One way to balance these needs is to approach security from a dev point of view.

Snyk’s cloud native application security platform is designed to work like a developer tool, all while enabling one continuous feedback loop between dev and security personnel. This makes it easy to not only find security issues in your code, open-source dependencies, containers, and infrastructure as code, but fix them quickly. See why millions of developers choose to use Snyk to build securely.

In this session you’ll learn:

- How developers can secure proprietary code, open source libraries, container images, and IaC deployments

- How to utilize automatic pull requests in a matter of seconds

- How security teams can manage visibility throughout the SD/LC

Sarah Gold, Senior Solutions Engineer, Snyk

2:00 PM


2:15 PM

Session Eight | Manipulating Human Psychology: the Tactics of the Social Engineer

Social engineering has been a staple of both broad and directed cyberattack campaigns. While improvements in authentication technologies have made other attack types less successful, social engineering is proving to be the most consistent and reliable low-tech means of breaching an organization. In this talk, we'll discuss some examples of how social engineers leverage practical human psychology to maximize their chances of success, the tactics they do (and don't!) use, and the misinformation they benefit from in their campaigns.

Tim Chase, Global Field CISO, Lacework

2:45 PM

Cloud Security Panel


Dave Shackleford, Event Chair, SANS Instructor


Anna Belak, Director, Office of Cybersecurity Strategy, Sysdig

Chris Cochran, Co-Founder, Hacker Valley Media and Advisory CISO, Huntress

3:30 PM

Closing Remarks

Dave Shackleford, Event Chair, SANS Instructor