fwd:cloudsec key themes and OWASP Top 10 for LLM
The top 5 key themes from fwd:cloudsec and learn more about OWASP Top 10 for LLMs
Thank You - This Newsletter is for You
We hope you are enjoying this new (and what we hope is improved) version of our newsletter. Looks like many of you have been sharing it as our numbers have been steadily growing. So a big massive thank you.
This month on Cloud Security Podcast we are running the AWS Security Month. We have some great conversations dropping this week so definitely keep an eye out for those.
From all those AWS Conversations, in the month of July we will be focusing on Google Cloud Security - so if there is a Google Cloud Security Topic you want to hear about in July or have a guest recommendation, do send them to us.
Cloud Security This Week:
Key Cloud Security Themes from fwd:cloudsec
As we mentioned last week, we had the opportunity to attend fwd:cloudsec, which is a non-profit cloud security conference run by practitioners and for current and upcoming practitioners. They do have a great panel for their CFP that goes through a rigorous process to select talks. From what we know they had over 300 submissions and being on the CFP panel for a few. conferences myself, its tough picking talks as often there are so many that are excellent. So, congrats to everyone who has ever submitted a talk, whether it was picked or not, simply putting yourself out there is the biggest step forward.
So what were some of the themes we saw
Cloud Logging and Threat Detection: A key theme highlighted was the importance of logging and monitoring in the cloud, particularly within AWS and Google Cloud environments. Speakers discussed various techniques for evading and disrupting logging, with a focus on how to respond to such instances. There was also exploration into the usage of real-world threat data to improve threat detection mechanisms and responses in cloud platforms.
Cloud Permissions and Boundaries: There was a strong emphasis on establishing and enforcing permissions boundaries in the cloud. The focus was on strategies for defining cloud data boundaries, auditing access through them, and the challenges that arise during these processes. And the use of permission boundaries to enable secure and efficient cloud adoption.
Cloud Security Risks and Mitigation: Another theme was the identification of potential security risks in cloud environments and how to mitigate them. There are specific risks associated with presigned URLs and misconfigured IP ranges respectively and one must implement specific methods to detect and prevent such risks
Automation and Scalability in Incident Response: The significance of automation in enhancing the speed and reliability of incident response in cloud environments was underscored. Automation can reduce response times to security incidents and eliminate human errors, thus improving the overall efficiency of the incident response process
Cloud Infrastructure Security and Hardening: The conference also addressed the need to harden cloud infrastructure to minimize security risks. Users & Permission sets risks can be scored to focus on minimizing the attack surface of cloud deployment roles and scoring the risks associated with users and permission sets in AWS Identity Center
Did we miss any key themes that were discussed? Did you have a favourite talk from the conference? Let us know.
Learn Cloud Security with Us!
Want to learn more about Cloud Security or know someone who wants to, we got you !
If you have been following our journey for a while, you would know that one of the big reasons we started Cloud Security Podcast was to make cloud security knowledge accessible for anyone wanting to learn it.
So in 2023 we kicked off Cloud Security Bootcamp
But in the spirit to continuing the learning together, we have kicked off another Free Cloud Security Bootcamp, running once every month LIVE. If you want to join in or know someone who will benefit from it - you/they can subscribe to it here.
The 1st of these kicked off today and gratefully 44 of you joined from across. the globe, we had Charlotte, Estonia, Bangalore, Dublin , Atlanta, Kenya, Poland, Bhopal, London, Lagos, Indianopolis, Pakistan, Wilmington, Greater Manchester, North Carolina to name a few and went through AWS networking, VPC, NACL, NAT gateway and much more.
Cloud Security Podcast in June
This month on Cloud Security Podcast, we have AWS Month and have some in incredible guests and topics lined up.
Al Security has also been on our mind and if you missed it we launched Part 1 of our series on AI Security a couple of weeks ago which has been added as a resource for OWASP Top 10 for LLM (which is currently in draft)
You will also find Ashish Rajan, our very amazing host speaking about keynoting DevSecon24 with OWASP Top 10 LLMs or Large Language Models (Version 1). Watch it LIVE here if this peaks your interest!
In next week’s edition, we will be breaking down many things AWS Security from our incredible guests and share some exciting updates in the world of cloud security, so stay tuned!
Our newsletter is on a path of self improvement and reinvention, Ashish and I have challenged ourselves to bring you even more value as we continue to evolve this each week & we would love to hear from you 📢 as to how can we make this newsletter even more awesome for you (On that note! Thank you for subscribing💙)
Hope you are enjoying this new look Cloud Security Newsletter, theres plenty more to come.
Was this forwarded to you? Sign up here
Want to partner with Cloud Security Podcast ! Lets make it happen
Have a topic or idea to share? Submit it here
Need Cloud Security or AI Security advice? Ask Ashish and Shilpi here