The rapid adoption of cloud services with ever-growing numbers of AWS services has left the security team with the lion's share of work to identify, analyze and secure an organization's assets across multiple clouds. Multiple cloud accounts and the adoption of "hybrid" cloud environments have added more stress to the whole equation of securing cloud infrastructures. The security team has to cater to the growth and adoption of different services in the cloud and make sure that there is no hole left to get into the infrastructure and do a lateral movement.
Cloud Infrastructure security has multiple pieces including but not limited to, threat modeling the infrastructure, understanding holes in services as they get adopted, writing proactive hardened policies, and making sure that if someone misses a configuration then proactively monitor the configuration and network to enforce security back and do all of this while enabling the business.
While infrastructure configuration has to be monitored and secured on a regular basis, hardening OS, CI/CD, containers, and Kubernetes clusters also become an integral part of the security team's realm.
"As many services" is directly proportional to "As many avenues to abuse"!
This training approaches cloud security with a multilayer approach by understanding the perimeter of assets/services, securing cloud-native security services, and getting into the detailed security of every important asset/service/instance.
While cloud-native security solutions are relatively easier to implement and are optimized as per their respective environments, this training doesn't limit the security to native solutions. The training gives an equal amount of open source options to implement a similar or better security posture without depending on cloud-native security services and enables the organization to have more granular control over the security of their infrastructure.
Training level: Basic;Intermediate
Security Analysts, System Administrators, Pentesters, Cloud Engineers, DevOps Engineers, or anyone who is interested in securing AWS
Jayesh Singh Chauhan is a security professional with 11 years of experience in the security space and he is the founder of Cloud Village at DEF CON. In the past, he has been part of the security teams of PayPal, and PwC, and was the Director of Product Security at Sprinklr Inc in his last job. He currently runs his own Cloud Security Training and Consultancy firm - Cloudurance Security(cloudurancesecurity.com)
He has been a trainer at conferences like Blackhat USA, AppSec NZ, and Nullcon, and has trained defense forces. He has also authored Cloud Security Suite, OWASP Skanda, and RFID_Cloner, and has presented his work in BlackHat Arsenal(USA, EU Asia), DEF CON DemoLabs, HackMiami, c0c0n, OWASP Global, and OffZone Moscow.
Divyanshu Shukla is a Senior security engineer with more than 5 years of experience in Cloud Security, DevSecops, Web Application Pentesting, Mobile Pentesting, Automation, and Secure Code Review. He has reported multiple vulnerabilities to companies like Google, Microsoft, AWS, Apple, Amazon, Samsung, Zomato, Xiaomi, Alibaba, Opera, Protonmail, Mobikwik, etc, and received CVE-2019-8727 CVE-2019-16918, CVE-2019-12278, CVE-2019-14962 for reporting issues. He has also given training and seminars in events like Nullcon, Parsec IIT Dharwad, GirlScript Chandigarh University, and Null community.