Hi [[ session.user.profile.firstName ]]

Cloud Security Masterclass: Thinking Like a Cloud Hacker Part 1

To keep your cloud infrastructure secure from hackers, you have to start thinking like one. Today’s attackers have a vast toolbox for stealing your cloud-based data. Automation can find gaps in your security posture that provide access to your environment. And cloud misconfigurations can enable them to find and extract data—often without detection.

And don’t expect compliance rules to flag these for you, because they often don’t.

It’s time you started looking at your cloud environment from a fresh perspective — that of a hacker who’s out to exploit vulnerabilities you aren’t aware of.

In this Cloud Security Masterclass, Fugue CTO Josh Stella helps you get into the mindset of an attacker probing your cloud environment. You’ll learn how to spot previously-missed vulnerabilities and determine the blast radius of your cloud security gaps.
Recorded May 25 2021 50 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Josh Stella, Co-Founder and CTO of Fugue
Presentation preview: Cloud Security Masterclass: Thinking Like a Cloud Hacker Part 1

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Blowing up Serverless Security and How to Avoid it (Part 2) Jul 20 2021 4:00 pm UTC 47 mins
    Josh Stella, Fugue Co-Founder and CEO; Curtis Myzie, Fugue VP Engineering and Wayne Crissman, Fugue Director of Security
    In the cloud, “serverless” architectures can shift a lot more security responsibility to the cloud service provider. But the responsibilities that remain yours look radically different than what many are used to.

    In our first Cloud Security Masterclass session on serverless security, we surveyed what cloud security looks like for serverless environments. In this session, we’re going deep on the biggest and most important attack surface when it comes to serverless: Identity and Access Management (IAM).

    Josh Stella (co-founder and CEO) is joined again by Curtis Myzie (VP of Engineering) and Wayne Crissman (Director of Security) to dig into the role IAM plays with serverless security, how IAM misconfigurations put data at risk, and why these mistakes are so easy to make and common in enterprise cloud environments.

    This session covers:

    The IAM attack surface with serverless cloud environments
    The strategies hackers use to exploit IAM misconfigurations
    How to spot these mistakes and eliminate them
  • Cloud Security Masterclass: Bringing your Cloud into Compliance and Proving it Jul 6 2021 4:00 pm UTC 48 mins
    Josh Stella, Fugue Co-Founder and CEO and Dave Williams, Cloud Architect at New Light Technologies
    Bringing an existing cloud environment into compliance and proving it to management and auditors is one of the most complex and daunting tasks for any engineering team.

    But with the right approach, you can bring your cloud into compliance faster, with less disruption, and fewer headaches.

    In this session, Fugue co-founder and CEO Josh Stella and Dave Williams, Cloud Architect at New Light Technologies, walk through a tried-and-true process for achieving cloud compliance that works for any cloud team, any cloud environment, and any compliance regime.

    You’ll walk away from this session with a clear understanding of how to:
    Break down the complexities of cloud compliance and build a plan for ease and speed
    Apply controls to your use case and remediate issues without disrupting the business
    Avoid common pitfalls, headaches, and tensions associated with cloud compliance

    This approach is applicable for teams that need to bring their existing AWS, Microsoft Azure, or Google Cloud environment into compliance with standards such as SOC-2, HIPAA, PCI, NIST 800-53, ISO 27001, GDPR, CIS Benchmark Standards, and custom internal policies.
  • A Cloud Security Masterclass: Advanced AWS Misconfiguration Attacks in Action Jun 29 2021 4:00 pm UTC 40 mins
    Josh Stella, Co-Founder and CEO of Fugue
    When it comes to securing your cloud infrastructure, we've moved beyond avoiding simple S3 misconfigurations and into preventing more advanced attacks.

    In this Cloud Security Masterclass that’s ripped from the headlines, Fugue co-founder and CEO explores a common set of cloud misconfiguration vulnerabilities involving AWS VPCs, IAM, and other services. These misconfigurations typically fly under the radar of many security teams and compliance frameworks.

    You’ll see how the hacker took advantage of these common cloud misconfigurations to gain access to environments, moving laterally, and extracting sensitive data without detection.
  • Blowing up Serverless Security and (How to Avoid it) Part 1 Jun 22 2021 4:00 pm UTC 51 mins
    Josh Stella, Fugue co-Founder and CTO, Wayne Crissman, Fugue Director of Security, Curtis Myzie, Fugue VP of Engineering
    “Serverless” cloud architectures that leverage services such as AWS Lambda and Azure Functions are transforming how we build and deploy applications. Serverless applications also require us to transform how we think about keeping our data secure.

    In this Cloud Security Masterclass session, we dig into how security is different for serverless cloud infrastructure environments —and what hasn’t changed. Josh Stella (co-founder and CEO of Fugue) is joined by Curtis Myzie (VP of Engineering) and Wayne Crissman (Director of Security) to walk through what it takes to keep data and applications secure in a serverless environment.

    This session covers:

    How going serverless “shifts” the Shared Responsibility Model
    The serverless attack surface — what’s changed and what stays the same
    Modern serverless attack vectors, including IAM misconfiguration attacks
    The impact of serverless on compliance audits
    Dos and don’ts to keep your serverless environment and data secure
  • Thinking Like a Cloud Hacker Part 2 Recorded: Jun 10 2021 47 mins
    Josh Stella, Co-Founder and CEO of Fugue
    Josh Stella continues his Cloud Security Masterclass series on how to think like a hacker to uncover previously unknown vulnerabilities in your cloud environment.

    These misconfiguration vulnerabilities are often missed in compliance audits and overlooked by security teams. But they’re also playing an increasingly important role in today’s modern cloud attacks.

    In this session, Josh explores some more advanced misconfiguration risks that are increasingly common in today’s enterprise cloud environments—and how you can spot them before the bad guys do.
  • Cloud Security Masterclass: Thinking Like a Cloud Hacker Part 1 Recorded: May 25 2021 50 mins
    Josh Stella, Co-Founder and CTO of Fugue
    To keep your cloud infrastructure secure from hackers, you have to start thinking like one. Today’s attackers have a vast toolbox for stealing your cloud-based data. Automation can find gaps in your security posture that provide access to your environment. And cloud misconfigurations can enable them to find and extract data—often without detection.

    And don’t expect compliance rules to flag these for you, because they often don’t.

    It’s time you started looking at your cloud environment from a fresh perspective — that of a hacker who’s out to exploit vulnerabilities you aren’t aware of.

    In this Cloud Security Masterclass, Fugue CTO Josh Stella helps you get into the mindset of an attacker probing your cloud environment. You’ll learn how to spot previously-missed vulnerabilities and determine the blast radius of your cloud security gaps.
  • Building a Highly Secure S3 Bucket Part 2 Followup Recorded: May 13 2021 14 mins
    Josh Stella, Co-Founder and CEO of Fugue
    In this video, Josh Stella provides additional insight into the five layers of Amazon S3 Security that he wasn’t able to cover in the first two Cloud Security Masterclass sessions focused on S3.

    Securing your Amazon S3 resources is critical to keeping your cloud-based data secure, but it’s easy to get a false sense of security here. You need to understand how IAM Roles, Bucket Policies, and Block Public Access work to ensure the security of your specific use cases.
  • Cloud Security Masterclass-Building a Highly Secure S3 Bucket Part 2 Recorded: May 4 2021 57 mins
    Josh Stella, Co-Founder and CEO of Fugue
    Amazon S3 probably gets a lot of use at your company—it’s easy to use, reliable, and scalable.
    But S3 security isn’t so simple—it’s easy to get wrong and think you got it right. Recent high-profile cloud-based data breaches have involved advanced S3 misconfigurations that otherwise appeared to be secure.

    In this Cloud Security Masterclass, Fugue co-founder and CEO Josh Stella goes deeper into three critical components of S3 security to help you think critically about security for your unique AWS use cases.

    You’ll understand how to think critically about the security of IAM Roles, Bucket Policies, and Block Public Access for your specific use cases.
  • Locking Down the Security of AWS IAM - Part 2 Recorded: Apr 27 2021 45 mins
    Josh Stella, Fugue Co-Founder and CEO
    Amazon Web Service’s Identity and Access Management (IAM) service is a powerful tool for managing access to your AWS resources that’s essentially a new kind of network in the cloud. But configuring AWS IAM securely can become complex pretty quickly—and dangerous AWS IAM misconfigurations are quite common.

    In Part 2 of this Cloud Security Masterclass, Fugue co-founder Josh Stella digs deeper into how AWS IAM works to help you think more critically about the security for your AWS use cases. He’ll show you how hackers can exploit IAM misconfigurations so you can spot these in your environment and eliminate them.
  • Cloud Security Masterclass: Building a Highly Secure Amazon S3 Bucket-Part 1 Recorded: Apr 20 2021 55 mins
    Josh Stella, Fugue Co-Founder and CEO
    Amazon S3 security is far more complex than making sure your access policy is set to private. In fact, that setting alone can result in a false sense of security.

    In this Cloud Security Masterclass, Josh Stella, co-founder and CEO of Fugue, dives into the layers of S3 on AWS and how malicious actors are circumventing common security steps to extract data without detection.

    You’ll walk away from this session with a deeper understanding of S3 and how to think critically about cloud security for your specific use cases.
  • Cloud Security Masterclass: Locking Down the Security of AWS IAM-Part 1 Recorded: Apr 6 2021 51 mins
    Josh Stella, Co-Founder and CEO of Fugue
    If you use Amazon Web Services (AWS), you’re probably making extensive use of the AWS Identity and Access Management (IAM) service. It’s a powerful tool for managing access to your AWS resources that’s essentially a new kind of network in the cloud.

    But AWS IAM security can become quite complex. Recent high-profile cloud-based data breaches have involved AWS IAM and aren’t the result of simple customer mistakes. Rather, advanced cloud misconfiguration attacks exploit IAM misconfigurations that compliance controls and security professionals often miss.

    In this Cloud Security Masterclass, Fugue co-founder Josh Stella digs into how AWS IAM works to help you think more critically about the security for your AWS use cases. You’ll understand how to identify AWS IAM misconfiguration vulnerabilities you may have missed before—and how malicious actors exploit them.
Mastering the security of your cloud infrastructure environment.
Cloud computing has turned security on its head. The cloud attack surface is the configuration of thousands of interrelated resources — and it’s all changing constantly. Ensuring continuous cloud security and compliance requires a deep understanding how cloud works and the nature of misconfiguration. Why it happens, how hackers exploit it, and how to prevent it.

At Fugue, we’re committed to helping cloud professionals master the concepts they need to ensure the security of their cloud infrastructure. Our Cloud Security Masterclass series is led by Fugue CTO and co-founder Josh Stella, who has extensive experience with cloud security and working with national security customers as a Principal Solutions Architect with AWS. He takes us on technical deep dives into critical cloud infrastructure security concepts.

Fugue helps cloud teams transform how they do cloud security at every stage of the software development lifecycle — so they can move faster in the cloud without breaking the rules that put data at risk.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Cloud Security Masterclass: Thinking Like a Cloud Hacker Part 1
  • Live at: May 25 2021 3:00 pm
  • Presented by: Josh Stella, Co-Founder and CTO of Fugue
  • From:
Your email has been sent.
or close