fwd:cloudsec

https://youtu.be/oHlPGzpFT_c

Speaker: Dave SudiaDave Sudia went from Platform Engineering to Product Engineering; in both roles he has had to stand up infrastructure in repeatable but constantly evolving architectures, taking into account usability, security, and scalability. He is the world's biggest fan of Infrastructure-as-Code. By day you'll find him enabling developers to do their best work and by night you'll f...

https://youtu.be/nwYzVTL8Y4Y

Speaker: Matt GraeberMatt is a threat researcher focused on detecting Microsoft cloud and identity threats. Coining the term and establishing the strategy of "living off the land" in 2013 along with Chris Campbell, he has an extensive history of identifying ways to abuse native functionality in Microsoft products. Matt is dedicated to helping make defense accessible to all.Talk: You're ...

https://youtu.be/nEM7z266D6o

Speaker: AJ YawnAJ Yawn is an experienced cybersecurity leader specializing in cloud compliance, governance, risk, and compliance (GRC) engineering, with nearly 15 years of experience. AJ currently serves as Director of GRC Engineering at Aquia, leading innovative approaches to compliance automation and cloud security. He previously founded ByteChek, a compliance automation startup focused on SOC 2 and H...

https://youtu.be/l5lpIF_QZCE

Speaker: Christian PhilipovChris is a principal security consultant and leads the specialist services within Reversec. As part of his day to day he leads the global team that deals with various different types of engagements of both a transactional and more bespoke nature. Chris specialises in Microsoft Azure predominantly with GCP and AWS as an additional background.Talk:Microsoft are getting better...

https://youtu.be/k3DBur7iEHM

Speaker: Amiran AlavidzeAmiran is a passionate product security professional with over 20 years of experience spanning systems engineering, security operations, GRC, and product and application security. As a security engineering leader, he champions a pragmatic, scalable approach to security - where collaboration between security, developer, and platform teams turns security into a business enabler ...

Speaker: David KerberDave is an engineer and longtime AWS practitioner with a focus on IAM and AWS security tooling. He’s led product and engineering teams at startups and billion-dollar companies, raised millions from VCs, built two CSPMs, and now consults on AWS security for Fortune 500 companies. He maintains open-source projects in the AWS IAM space and is currently obsessed with perfecting his focaccia.Talk: As cloud security ...

https://youtu.be/ilnOvSV0QtY

Speaker: Meg AshbyMeg does cloud security for Alloy, a fintech in NYC. Previous to Alloy she worked at Marcus by Goldman Sachs, but that was way less fun. At Alloy, Meg does IAM, networking, data, and kubernetes security (and everything else related or tangentially-related to AWS & security). When detached from her computer, Meg dances and is part of a ballet performance group.Talk:Vendors are lo...

https://youtu.be/hHe9cKfSfqI

Speaker: Moshe BernsteinMoshe is a Senior Security Researcher specializing in cloud vulnerability research at Tenable Cloud Security. With nearly a decade of experience in cybersecurity, Moshe has developed a strong focus on network and operational security, web vulnerability research, and cloud infrastructure security.Talk:We scanned all of the Google-owned container images you might be using on the...

https://youtu.be/g-XCNobgvaM

Speaker: Ariel KalmanAriel Kalman is a cloud security researcher based in Israel, actively engaged in cloud-related security research at Mitiga. With a specialization in application security, Ariel excels in discovering new attack vectors associated to cloud environmentTalk:Google Cloud’s Identity-Aware Proxy (IAP) is often seen as the final gatekeeper for internal GCP services - but what happens whe...

https://youtu.be/dTUeAhzmIu8

Speaker: Thomas ByrneThomas is a security consultant at Reversec. He has experience in a range of areas including application, network and cloud security. He focuses his time mainly on Azure, DevOps and researching cloud specific vulnerabilities outside of work.Talk:In the ever-evolving landscape of cybersecurity, tools that help security professionals enumerate and understand their environments are ...

Speaker: Alessandro BrucatoAlessandro is a senior Threat Research Engineer at Sysdig, working on cloud security. His research mainly focuses on cloud threats and supply chain attacks. In addition to research, he’s keen on bug bounty programs and has received rewards from several large companies. Alessandro is also a contributor to Stratus Red Team, a tool to emulate offensive attack techniques in the cloud, and Falco, a graduated C...

Speaker: Greg FossGreg Foss is a seasoned cybersecurity leader with over 15 years of experience spanning threat research, security operations, and offensive security. As the Engineering Manager of Threat Detection Engineering at Datadog, he leads a team of elite threat hunters and detection engineers, developing cutting-edge defenses against sophisticated cloud-native intrusions by nation-state and criminally motivated adversaries....

https://youtu.be/WXdB-9pTqAU

Speaker: Naor HazizNaor Haziz is a security researcher and low-level developer at Sweet Security with over seven years of experience in vulnerability research, exploit development, and system internals. He holds a degree in Computer Science and previously served as an officer in the IDF Intelligence Corps, leading a team focused on Windows and Linux security. At Sweet Security, he develops the compan...

https://youtu.be/WUO_-Agpcxs

Speaker: Ofir BalassianoOfir Balassiano leads AI and Cloud security posture research at Palo Alto Networks, uncovering critical vulnerabilities in GCP and Azure. With over a decade of experience in security, he has a proven track record of impactful research and innovative solutions. Prior to Palo Alto Networks, Ofir served as head of security at Dig Security, driving key security initiatives, and as...

https://youtu.be/Pd6rbBjiXaA

Speaker: Agnel AmodiaI’m Agnel Amodia, a Senior Technical Lead at Vanguard Group, specializing in Identity and Access Management. With over 15 years of experience, including 7 years in cloud security, I design enterprise-grade security systems for AWS cloud databases. Previously, I worked as a system programmer and researcher in India, building Neural Network Machine Learning-based software for the N...

https://youtu.be/M1hXUcBMf1Q

Speaker: Dhruv AHUJADhruv is a former SRE and founded Chaser Systems in 2020. He's mostly Wiresharking, tinkering with PKI or tuning stacks as he once did in the low-latency world of financial data, only this time for network security. He is also a Rust programmer, cares deeply about developer experience, dabbles in cryptography and holds a master's degree in Advanced Software Engineering fro...

Speaker: Dani KaganovitchDani Kaganovitch is a Product Manager at RockSteady, a stealth cloud security startup. Before that, Dani worked at Google Cloud and Oracle Cloud, helping customers navigate various cloud use cases at scale in areas of core infrastructure workloads, FinOps, and observability. Through working with hundreds of organizations of different sizes, Dani organized and presented technical workshops at conferences, wh...

https://youtu.be/9-e4VVPlWB8

Speaker: Jake Berkowsky

Jake is a Principal Architect heading Snowflake's Cybersecurity Data Cloud. At Snowflake, Jake's mission is to evangelize and enable the implementation of modern security analytics and engineering. Prior to joining Snowflake, Jake has had a diverse background of technical and leadership roles having most recently served as Co-Founder and CTO of a Cloud Consulting and Da...

Speaker: Seth ArtSeth Art is currently a Security Researcher & Advocate at Datadog. Prior to joining Datadog, Seth created and led the Cloud Penetration Testing practice at Bishop Fox. He is the author of many open source tools including BadPods, IAMVulnerable, and CloudFoxable, and the co-creator of the popular cloud penetration testing tool, CloudFox.Talk:It’s not every day you stumble upon a technique that enables remote cod...