Cyber Solutions Fest 2021: Level Cloud Security

  • Friday, 22 Oct 2021 8:30AM EDT (22 Oct 2021 12:30 UTC)
  • Speakers: Shaun McCullough, Brad Garnett, Henk van Achterberg, Ell Marquez, John Jeremiah, Andrew Nelsen, Joakim Lialias, John Steven, Patrick Pushor, JT Clay, Mark Murtagh, Manoj Sharma, Matt Garr, Nicola Whiting, Diana Kelley, Alyssa Miller, Natasha Barnes, Seema Kathuria

You are entering Level Cloud Security at the SANS Cyber Solutions Fest 2021.

This full-day session, led by SANS cloud expert Shaun McCullough, will explore innovative cybersecurity solutions that can help security teams adapt to cloud deployments in areas such as network security, threat intelligence, container and serverless security, and many more. The focus we need to look at is what comes next in Cloud Security?

Download a copy of the presentations here!



Accurics_Logo_Transparent.pngAnomali-logo_lion-wordmark_RGB-color.pngAutomox LogoAxonius_Logo_-_Horizontal_Transparent.pngBlue_Hexagon_Logo_Color.pngCisco_Umbrella_Transparent.pngConcourse Labs logoNEW-duoLogo-web.pngIntezer.pngLookout-Logo-RGB_®_Primary-Horizontal-Logo.pngOpsCompass_logo.pngorca_logo.pnglogo.jpgSymantec by Broadcom logoTraceable logouptycs_logo_2C_on-light_rgb.png

Agenda | 8:30 AM - 5:30 PM EDT


Session Description

8:30 AM

Kickoff & Welcome

Shaun McCullough, SANS Instructor

8:45 AM

Resilient Incident Response: Effective Strategies for Blocking Ransomware Attacks

In this session, Brad Garnett (GM of Cisco Talos Incident Response) will discuss practical incident response strategies that every CISO and business leader faces with a hybrid workforce. Brad will share his insights from the front-lines in the fight against ransomware and why organizations need to re-evaluate existing incident response plans and share how Talos is fighting the good fight against evolving adversaries.

With Cisco Umbrella as the underlying framework, Garnett will touch on ways to block sophisticated ransomware attacks at the DNS level. Cisco Umbrella’s cloud-based firewall, interactive threat intel, secure web gateway and other tools protect networks from an onslaught of malware, ransomware, trojans and other attacks from unsanctioned and insecure cloud apps.

Brad Garnett, GM for Cisco Talos Incident Response, Cisco Umbrella

9:25 AM

Data-Centric SASE: Protecting Your Data Against Threats and Breaches in the Real World

If your SASE solution isn’t protecting data… What's the point? A lot of vendors will protect you against threats but are they protecting your data? The SASE solution you choose should protect you against threats AND protect your data, avoiding a data breach. 

In this session, we will discuss how an effective data-centric approach to SASE can help you continuously reduce risk and shrink the threat landscape. We’ll look at:

  • Key threat prevention capabilities of SASE that are often overlooked
  • Why SASE without data context is not worth your time
  • Tools that will expand your vision of what effective SASE can be
  • What a comprehensive solution looks like when you put it all together

Henk van Achterberg, Product Manager, Symantec a Division of Broadcom

10:05 AM


10:20 AM

Let's Face It. Shift Happens

The emergence of the cloud has resulted in significant changes in the development process. Traditional monolithic application architectures have given way to more agile cloud-native applications. With this transformation, security teams are left wondering how to protect their ever-changing environments. In this session, attendees will learn how security teams can continuously integrate into the development lifecycle while gaining visibility into vulnerabilities, misconfigurations, and malicious code in real-time. Shift happens, however with the right approach it is possible to find solid ground.

Ell Marquez, Linux and Security Advocate, Intezer

10:50 AM

Flying blind? - The Case for API Security and Observability

The business demanded rapid innovation. Software development and IT figured out how to provide it. But now we have a whole host of new problems. In the resulting world of cloud-native apps, microservices, and API-driven applications, what we came to rely on for keeping it all running and secure is no longer enough.

In this new fog, we are basically “flying blind”. Modern applications are complex, extremely hard to secure and protect, and on top of that they are continuously changing. Our visibility of what we have, how it is behaving, and how it is being used (and abused) has diminished tremendously. So how do we begin to see through the fog once again? 

In this session you’ll learn:

  • Why are we flying blind
  • 4 key areas to focus on to stop flying blind
  • A way to get started quickly (for free!)

John Jeremiah, Director, Traceable AI

11:20 AM

Get in Shape to Fight Cloud Attacks - Posture Assessment and Beyond

The pandemic and digital transformation-driven accelerated cloud migration has created a new attack surface for cybercriminals. Fast-paced migration, lack of cloud skills, and the agility of DevOps have made it difficult for organizations to maintain visibility, compliance, and threat defense capabilities. Multi-cloud and multi-platform complexity has made this even harder, with each cloud having its own jargon, services, naming, and architectural differences.

Many on-premises security tools are anti-patterns in the cloud and cannot be easily shoehorned in. In response, organizations have been deploying a new suite of posture assessment tools that aim to minimize attack surface with periodic static checks on the cloud control plane and in some cases vulnerabilities. However, modern cloud threats with complex, multi-stage kill chains and supply chain code injection cannot be mitigated just by compliance and configuration checks. It is also common knowledge that vulnerabilities remain in production workload weeks and months after being known and even more so in instances that are not publicly reachable. To get in fighting-fit shape to tackle cloud attacks today’s cloud ninjas have to go beyond the basics of posture management.

In this talk, we discuss how security can be injected into the build-ship-run cloud-lifecycle with automated guardrails to maintain visibility, compliance and threat detection. How to do this despite multi-cloud complexity and without adding onerous requirements on developers and DevOps. We show how this approach that focuses not just on configuration but also runtime behavior empowers DevOps and SecOps to maximize coverage based on the MITRE ATT&CK framework for IaaS, Serverless, Containers and Linux/Windows cloud platforms.

Andrew Nelsen, Threat Researcher, Blue Hexagon

11:50 AM


12:00 PM

Diversify and Conquer: Building and Managing Successful CyberTeams

Successful organizations know it's important to build diverse teams, but how can you ensure you're hiring from the most diverse pool? And once you've developed a diverse team how can you support inclusion and respect to keep that team effective and engaged? In this panel we bring together a group of experts in the cybersecurity field who represent a wide variety of backgrounds and approaches. Together we'll talk through dimensions of diversity including educational, experiential, racial, and neuro. And we'll share examples of how you and your organization can thrive with a powerfully diverse workforce.

Diana Kelley
, CTO & Co-Founder, Security Curve

Nicola Whiting
, Chief Strategy Officer, Titania Ltd
Alyssa Miller
, Business Information Security Officer (BISO), S&P Global
Natasha Barnes
, Associate Director in IT Internal Audit and Advisory, Protiviti
Seema Kathuria
, Senior Product Marketing Manager, Duo Security

1:00 PM

Afternoon Kickoff
Shaun McCullough, SANS Instructor

1:10 PM

Continuous Risk-Reduction With Innovative Methods

Symantec continues to invest in cyber-security focused technologies to enhance the user experience while strengthening your security posture. In this short session you will learn about two novel ways to drastically reduce the attack surface in the network with Web Browser Isolation and on the endpoint with true adaptive protection.

Manoj Sharma, Global Head of Security Strategy, Symantec a Division of Broadcom

1:30 PM

Cloud Security Threat Defense

Built into the foundation of the internet, Cisco Umbrella is a cloud security service that provides a first line of defense against threats, wherever users access the internet — on or off the corporate network. Umbrella is deployed enterprise-wide in minutes and gives you the threat intelligence and context needed to block threats before they become attacks.

Join this live demo to learn how you can:

  • See and block threats other solutions miss
  • Reduce alerts and gain context into high-priority threats
  • Deploy in minutes to protect all devices and locations
  • Integrate seamlessly with your existing security stack

JT Clay, Engineer, Cisco Cloud Security

1:50 PM

Thinking Outside the X: How to Expand the Scope of Your XDR Approach to Act on Threats with Confidence

Learn how a platform approach to Extended Detection and Response (XDR) can provide you with the threat intelligence, automation and orchestration capabilities, and context-rich insight you need to help unburden your security team and enhance your ability to find, understand, and remediate threats faster and more efficiently.

Coty Sugg, Manager, Cisco SecureX

2:20 PM

What's Real and What's Possible with Self-Service and Developer Speed Governance

Security, Cloud, Operations, and Product/Development groups are all building out their versions of the next cloud platform and governance controls. As each considers overlapping approaches including automated enforcement, shift left, and other posture management approaches one question dominates: "How can security keep pace with delivery?"

Expect insight on how to:

  • Create security as code (SAC)
  • Integrate SAC into existing software delivery and governance lifecycles
  • Evolve from 'guardrails' to preventative controls
  • Navigate follow-on action from monitoring and drift detection activities.

Join to learn about our hands-on experience implementing security-as-code architectures and demonstrates best practices for developing security policy and controls, to automate DevSecOps and runtime cloud security.

John Steven, Chief Technology Officer, Concourse Labs

2:50 PM

6 Cloud Security Risks Hiding Inside Your Cloud Estate

Public cloud providers like AWS, Azure, and GCP enable you to deliver new products and capabilities at breakneck speeds, but how do you balance speed to market against compliance mandates and risk – do you have to choose? Join Patrick Pushor, Technical Evangelist at Orca Security, for a fast-paced session as he takes you through best practices, and pitfalls to avoid in securing public cloud infrastructure.

6 risks hiding inside every public cloud estate - How to get instant-on, workload-level visibility across 100% of your AWS, Azure, and GCP assets - The power of addressing both the control plane and data plane at once - Pros and cons of different cloud security tools: traditional agent-based tools and scanners, CWPP (cloud workload protection platforms), and CSPM (cloud security posture management).

Patrick Pushor, Principal Technical Evangelist, Orca Security

3:20 PM


3:35 PM

Snyk Code: Intro to Developer Friendly Static Application Security Testing

Modern software development practices as DevOps hands the responsibility for application security to the developers. One type of tool that could help developers to cope with this is static application security testing or SAST. Problem is that traditionally SAST tools have been slow, not accurate and simply not developer friendly. Snyk Code is here to change this.

In this session, we want to briefly introduce you to the magic behind Snyk Code - the human-guided ML process based on a fast logic analyzer - and then spend the majority of time in a demo where we follow the life of a pull request. We will edit code in the IDE, test locally, do a PR, work with legacy code and more. We want to keep it practical and pepper it with best practices along the way. We want to show you that Snyk Code is fast, accurate and developer-friendly, just as SAST should be.

Frank Fischer, Developer Advocate, Snyk
Mic McCully
, Field Strategist - Modern AppSec, Snyk

4:05 PM

Come be SASE With Us: Panel

The Secure Access Service Edge, or SASE, is a convergence of security, data protections and networking to help overcome the problem of building scalable, flexible, and securable infrastructure at scale. In this panel, technical leaders from Cisco and Symantec’s will discuss the cloud journey with SASE services, and how they integrate with current tools, technologies, and security practices. Panel members will also discuss the future of these services. Come and ask questions, hear from the experts, and bring home new ideas to your organization's cloud journey.

Shaun McCullough, SANS Instructor

Manoj Sharma, Global Head of Security Strategy, Symantec, a Division of Broadcom
Henk van Achterberg, Product Manager, Symantec, a Division of Broadcom
Matt Garr, Head of Product – SASE, Cisco Cloud & Network Security
Mark Murtagh, Director of Systems Engineering, Cisco Cloud Security

5:10 PM


Shaun McCullough, SANS Instructor

Keynote: Diversify and Conquer

Turn diversity into power.

Joined by Nicola Whiting, Alyssa Miller, Natasha Barnes, and Seema Kathuria, Diana Kelley will lead this enlightening panel discussion and share how organizations can thrive with a powerfully diverse workforce.

Attend this engaging and thought-leading keynote by registering for a level on day 2 of SANS Cyber Solutions Fest 2021.

Level Cloud Security with Shaun McCullough

Hear from Level Cloud Security's chairperson Shaun McCullough on what you can expect from his track in the upcoming SANS Cyber Solutions Fest! 

Cybersecurity Solutions for Today's Challenges

The 2nd annual SANS Cyber Solutions Fest aims to connect cybersecurity professionals of all levels with the latest solutions, tools, and techniques to combat today's cybersecurity threats.

  • Featuring 4 unique levels: Threat Hunting & Intel, SOC & SOAR, MITRE ATT&ACK®, and Cloud Security
  • Network in real-time with over 30 sponsors and learn from top industry experts
  • Join interactive panel discussions, discover job opportunities, compete in games for multiple prizes, and more