SANS Cloud Security Exchange 2024

  • Tuesday, 27 Aug 2024 11:00AM EDT (27 Aug 2024 15:00 UTC)
  • Speaker: Frank Kim

Get ready to dive into the ultimate cloud security experience! Mark your calendars for SANS Cloud Security Exchange 2024 on Tuesday, August 27th, and don’t miss out. Where else can you find top-notch experts from the world’s leading cloud security providers and SANS cloud security specialists all on one vertical stage? Right here, of course!

 Join us for our highly anticipated Cloud Security Exchange, completely free and online. Discover what’s working and what’s not working in cloud security design, identity modernization, and Generative AI (GenAI) security. Hear where to start your cloud security journey, how to evolve your cloud security controls, and adopt modern best practices straight from the cloud providers and world’s foremost cloud security experts.

Last year, thousands from around the globe joined us, and this year promises to be even bigger and better. Hear from renowned experts representing SANS Institute, Amazon Web Services (AWS), Google Cloud, and Microsoft Azure. The success of our past events has paved the way for another remarkable exchange of knowledge.


In Partnership With:


Agenda | August 27, 2024 | 11:00 AM-4:00 PM EDT


Session Description

11:00 AM

SANS Welcome & Opening Comments

Frank Kim, Event Chair, SANS Institute

11:15 AM

The Cloud Security Journey: Day One
It’s day one in a professional security practitioner’s position responsible for protecting their enterprise’s cloud infrastructure, and as always, figuring out where to start can be challenging. The cloud security journey begins with outlining the best practices and skill sets needed to build a well-architected cloud environment that enables effective identity and access management (IAM), data security and asset management, and ensures overall security compliance. The next step is establishing the detection and mitigation practices needed to ensure compliance, taking into account critical issues like the pros and cons of cloud detection services and the varying approaches to securing heterogeneous cloud services and applications. And this critical first day ends with an in-depth look at tools and methods for investigation and pursuit following a security event.

Shaun McCullough, SANS Certified Instructor

Ashish Rajan, Associate Instructor, SANS Institute

Megan Roddie, Author, SANS Institute


Evolving Cloud Security with a Modern Approach

Modernizing cloud security practices is a necessity and many organizations still struggle to implement effective cloud security measures, despite the availability of tried-and-true best practices. Discover ten key areas where organizations can focus their efforts to improve their cloud security posture (with an overview of the "new ways" in which cloud security best practices are evolving). It’s critical to adapt security strategies to the ever-changing landscape of cloud computing, and we fortunately have a good understanding of what this shift looks like today.

Dr. Anton Chuvakin, Security Advisor at Office of the CISO, Google Cloud

Dave Shackleford, Senior Instructor, SANS Institute

12:45 PM


1:00 PM

Secure by Design: Guiding principles for proactive security
Discover the power of embracing security as a core business requirement with Secure by Design principles. Secure by Design means more than integrating security into your design and development processes from the start. It's a comprehensive approach that can help you balance agility and cost optimization with your security goals, and make it easier to maintain the security of your products and services over time. We'll guide you through key Secure by Design principles, and best practices for proactively incorporating security into your development lifecycle and workloads. You'll gain actionable insights into the mechanisms that can help you significantly reduce the impact of vulnerabilities with your target architecture, and how you can use cloud technology to achieve your objectives.

Paul Vixie, Ph.D, Deputy CISO, Vice President, and Distinguished Engineer, AWS

Eric Johnson, Senior Instructor, SANS Institute

1:45 PM

The Cloud Security Journey: Day One

Shaun McCullough, SANS Certified Instructor

Ashish Rajan, Associate Instructor, SANS Institute,

Megan Roddie, Author, SANS Institute

2:20 PM

AI Security Challenges, Hype, and Opportunities

Nearly two decades ago, the public cloud introduced a powerful tool with countless opportunities and underestimated risks. Today, that tool is Generative AI. While AI enables organizations to solve new problems and reduce the resources necessary to do so, it also enables attackers to leverage new attack vectors. This is often because organizations do not understand the intricate details of how Generative AI works. At the same time, the security industry sees promise in AI improving their operations and tooling. However, while it is highly promising in many cases, it is useless or counterproductive in some others. Ahmed Abugharbia and Brandon Evans will discuss how customers have been using AI in insecure ways, both as regular users and application developers, how those issues are complicated when using the AI offerings from the Big 3 Cloud providers (AWS, Azure, GCP), and how AI can be used practically to improve security operations.

Brandon Evans, Certified Instructor, SANS Institute

Ahmed Abugharbia, Certified Instructor, SANS Institute

2:45 PM


2:55 PM

Panel Discussion


Frank Kim, Event Chairperson, SANS Institute


Dr. Anton Chuvakin, Security Advisor at Office of the CISO, Google Cloud

Angelica Faber, , Microsoft Azure Security

Paul Vixie, Ph.D, Deputy CISO, Vice President, and Distinguished Engineer, AWS

Shaun McCullough, Certified Instructor, SANS Institute

3:55 PM

Closing Remarks

Frank Kim, Event Chair, SANS Institute