Holistic AWS Cloud Security Design for Organizations

Presented at Blue Team Con 2022, Aug. 28, 2022, 1 p.m. (50 minutes)

Ditch the kale smoothie, it's time to go big picture. Your organization is moving to AWS, and you're in a panic. Which of the 42 billion AWS service offerings do you really need? How do you manage user and service accounts? What about those 7 different rogue AWS accounts you just found out about? We'll talk about securing, organizing and standardizing your AWS environment(s), managing authentication, protecting your applications, and we'll walk through a few key guardrails you can plan today. Throughout the presentation, we'll talk about balancing security with usability, how your existing architecture can work for you and against you, and how to identify and protect your attack surface in (and even out of) the cloud.

Presenters:

• Cassandra Young / muteki - Senior Scientist / Cloud Security Engineer, Security Risk Advisors   as Cassandra Young
  Cassandra (aka muteki) works full time in information security consulting, specializing in Cloud Security Architecture and Engineering. She holds a master’s degree in Computer Science, focusing on cloud-based app development and academic research on serverless security and privacy/anonymity technology. As one of the directors of Blue Team Village, she also works to bring free Blue Team talks, workshops and more to the broader security community.

Similar Presentations:

• Diana Initiative 2022 / Essential Guardrails for AWS Organizations
• CackalackyCon 2 (2023) / AWS Security Reference Architecture: A Well-Structured Foundation
• THOTCON 0x8 (2017) / Transitioning to AWS in a Hurry Without Getting Owned