Hi [[ session.user.profile.firstName ]]

Blowing up Serverless Security and How to Avoid it (Part 2)

In the cloud, “serverless” architectures can shift a lot more security responsibility to the cloud service provider. But the responsibilities that remain yours look radically different than what many are used to.

In our first Cloud Security Masterclass session on serverless security, we surveyed what cloud security looks like for serverless environments. In this session, we’re going deep on the biggest and most important attack surface when it comes to serverless: Identity and Access Management (IAM).

Josh Stella (co-founder and CEO) is joined again by Curtis Myzie (VP of Engineering) and Wayne Crissman (Director of Security) to dig into the role IAM plays with serverless security, how IAM misconfigurations put data at risk, and why these mistakes are so easy to make and common in enterprise cloud environments.

This session covers:

The IAM attack surface with serverless cloud environments
The strategies hackers use to exploit IAM misconfigurations
How to spot these mistakes and eliminate them
Recorded Jul 20 2021 47 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Josh Stella, Fugue Co-Founder and CEO; Curtis Myzie, Fugue VP Engineering and Wayne Crissman, Fugue Director of Security
Presentation preview: Blowing up Serverless Security and How to Avoid it (Part 2)

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Fusing IaC and Cloud Runtime Security: An Intro to Fugue Infrastructure as Code Dec 15 2021 5:00 pm UTC 59 mins
    Ricardo Green, Principal Solutions Engineer, Fugue
    Cloud engineering and security teams have traditionally used one policy framework to check infrastructure as code, and another for their cloud environment. Using two sets of policies for different stages of the development lifecycle leads to security gaps and a ton of wasted time reconciling and remediating.

    In this session, Ricardo Green (Principal Solutions Engineer) will walk through how Fugue streamlines cloud security across the development lifecycle. You’ll learn how you can:

    -Leverage hundreds of pre-built policies mapped to compliance families such as SOC 2, NIST 800-53, and CIS Foundations Benchmarks.
    -Develop custom policies using Open Policy Agent (OPA) — from simple rules to sophisticated multi-resource policies
    -Apply your policies to infrastructure as code in development and CI/CD —and your cloud runtime environment — from one place
    This session will use examples for Terraform and AWS, but it will be relevant if you’re using AWS CloudFormation for infrastructure as code, and Microsoft Azure and Google Cloud environments.
  • Locking Down the Security Of IAM Dec 7 2021 5:00 pm UTC 41 mins
    Josh Stella, CEO,CTO and Co-Founder, Fugue
    Cloud identity and access management resources such as AWS IAM are powerful infrastructure tools that are more akin to cloud-based networks. But the complex layers of cloud IAM configurations creates security challenges, and IAM misconfigurations are common in enterprise cloud environments. These vulnerabilities are now a primary attack vector for hackers and are often missed by compliance checks.

    In this session, Fugue co-founder Josh Stella will simplify how to think critically about IAM security in your cloud infrastructure environment. You’ll understand how to identify dangerous and overly-permissive IAM misconfigurations—and how hackers leverage these vulnerabilities to access your environment, discover resources, move laterally, and extract data without detection.

    Attendees will walk away with a clear understanding of:

    How cloud IAM resources work and how to simplify your approach to IAM security
    How to spot dangerous IAM misconfiguration vulnerabilities in your cloud environment
    Where compliance often misses with IAM security and how hackers exploit it
  • A Cloud Security Masterclass: Advanced AWS Misconfiguration Attacks in Action Nov 30 2021 5:00 pm UTC 40 mins
    Josh Stella, Co-Founder and CEO of Fugue
    When it comes to securing your cloud infrastructure, we've moved beyond avoiding simple S3 misconfigurations and into preventing more advanced attacks.

    In this Cloud Security Masterclass that’s ripped from the headlines, Fugue co-founder and CEO explores a common set of cloud misconfiguration vulnerabilities involving AWS VPCs, IAM, and other services. These misconfigurations typically fly under the radar of many security teams and compliance frameworks.

    You’ll see how the hacker took advantage of these common cloud misconfigurations to gain access to environments, moving laterally, and extracting sensitive data without detection.
  • Transforming Enterprise Cloud Security to Supercharge Developer Velocity Nov 19 2021 5:00 pm UTC 60 mins
    Josh Stella, CEO and Co-Founder, Fugue, and Rajat Sharma, Co-Founder, CWS
    Security has become the rate-limiting factor for how fast software development teams can go in the cloud. Security reviews, remediations, and audits soak up valuable engineering resources and steal away the speed and agility that the cloud promises.

    That's because cloud security is still laden with inefficient and ineffective manual processes. But with automation using Policy as Code, enterprises can create a security-first culture that collapses the time and investment required to deliver secure infrastructure and applications much faster.

    In this session, Josh Stella (Founder, Fugue) and Rajat Sharma (Founder, CWS) will outline why cloud security isn't the same as datacenter security—it's about tuning your processes with policy-based automation rather than intrusion detection or network monitoring.

    Attendees will walk away with actionable insights and strategies on:

    * Assessing your current cloud security posture and developing a prioritized roadmap to bring your environment into compliance
    * Implementing automation using Policy as Code to build security into every aspect of cloud operations, from design to production
    * Empowering developers with tools that help them find and fix issues in infrastructure as code, when making changes is easier and faster
    * Putting guardrails in place that prevent dangerous misconfiguration vulnerabilities without slowing anyone down
    * Creating security awareness within your cloud engineering team to avoid costly technical debt and significant remediations

    If it takes your organization months to deploy new environments and weeks to update them because of security, this session is for you.
  • Securing Terraform with IaC with the Regula Policy Engine Nov 17 2021 5:00 pm UTC 53 mins
    Josh Stella, Fugue Co-Founder and CEO and Curtis Myzie, Fugue VP of Engineering
    Join us as Josh Stella and Curtis Myzie dig into using Regula, an open source policy engine for checking infrastructure as code. For this session they’ll focus on checking Terraform in development (HCL checks) and in CI/CD (Terraform plan checks).

    You’ll learn how to:

    Get started with Regula and pre-built policies (including CIS Foundations Benchmarks policies)
    Integrate Regula IaC checks into your git workflows and CI/CD pipelines
    Write custom policies using the open source Rego language
  • How Hackers Exploit Development and Test Environments Nov 11 2021 5:00 pm UTC 50 mins
    Josh Stella, Fugue co-Founder and CEO
    Join us as Josh Stella shows how hackers exploit common dev and test cloud environment vulnerabilities to steal production data.

    You’ll walk away from this session with a clear understanding of:
    -How sensitive data winds up in dev and test environments, including databases, database snapshots, and API credentials.
    -How easy it can be for hackers to access these environments, discover resources, and extract data without detection
    -Strategies for securing non-production environments without slowing down cloud engineers and application developers
  • Cloud Security Masterclass-Building a Highly Secure S3 Bucket Part 2 Nov 1 2021 4:00 pm UTC 57 mins
    Josh Stella, Co-Founder and CEO of Fugue
    Amazon S3 probably gets a lot of use at your company—it’s easy to use, reliable, and scalable.
    But S3 security isn’t so simple—it’s easy to get wrong and think you got it right. Recent high-profile cloud-based data breaches have involved advanced S3 misconfigurations that otherwise appeared to be secure.

    In this Cloud Security Masterclass, Fugue co-founder and CEO Josh Stella goes deeper into three critical components of S3 security to help you think critically about security for your unique AWS use cases.

    You’ll understand how to think critically about the security of IAM Roles, Bucket Policies, and Block Public Access for your specific use cases.
  • Locking Down the Security Of IAM Recorded: Oct 5 2021 41 mins
    Josh Stella, CEO,CTO and Co-Founder, Fugue
    Cloud identity and access management resources such as AWS IAM are powerful infrastructure tools that are more akin to cloud-based networks. But the complex layers of cloud IAM configurations creates security challenges, and IAM misconfigurations are common in enterprise cloud environments. These vulnerabilities are now a primary attack vector for hackers and are often missed by compliance checks.

    In this session, Fugue co-founder Josh Stella will simplify how to think critically about IAM security in your cloud infrastructure environment. You’ll understand how to identify dangerous and overly-permissive IAM misconfigurations—and how hackers leverage these vulnerabilities to access your environment, discover resources, move laterally, and extract data without detection.

    Attendees will walk away with a clear understanding of:

    How cloud IAM resources work and how to simplify your approach to IAM security
    How to spot dangerous IAM misconfiguration vulnerabilities in your cloud environment
    Where compliance often misses with IAM security and how hackers exploit it
  • Avoiding a Cloud Security Collision with Policy-Based Automation Recorded: Sep 28 2021 59 mins
    Josh Stella, CEO, Co-Founder and CTO of Fugue; Matt Howard, Executive Vice President of Sonatype
    In this session, Charlene O'Hanlon (Security Boulevard and DevOps.com) brings together Josh Stella (CEO, Fugue) and Matt Howard (EVP, Sonatype) to explore the inevitable convergence of development, ops, and security, and why this represents the first-ever opportunity to align all cloud stakeholders with policy automation up and down the stack — and left and right across the SDLC.

    Attendees will learn:

    How to avoid a messy collision of cloud developers, operations, and security — and achieve alignment instead
    Where teams get cloud security wrong, and why this becomes the rate-limiting factor for speed and agility in the cloud
    Why IT security policy automation must happen vertically up and down the stack, and horizontally across the software development lifecycle

    This session will provide valuable insights to help you think more critically about the security of your unique cloud use case, empower your teams to move faster in the cloud than ever before, and reduce risk along the way.
  • Fugue: IaC Security with OPA and Regula: Custom Rules Recorded: Sep 14 2021 44 mins
    Curtis Myzie, VP of Engineering, Fugue
    In this session, Curtis Myzie, Fugue's VP of Engineering, will walk through how to develop custom policies using Rego, the language used by Regula and Open Policy Agent (OPA).

    You’ll walk away from this session with a clear picture of:

    -Using Rego to build custom policies for checking Terraform templates
    -Developing multi-resource policies for advanced, contextual cloud security
    -Using your custom Regula policies to check Terraform HCL and plan files

    You can also use your same Regula policies to check your running cloud environment using Fugue.
  • Infrastructure as Code Security with Regula Recorded: Jul 29 2021 39 mins
    Chris Suen, VP of Product at Fugue and Curtis Myzie, VP of Engineering at Fugue
    Fugue’s Curtis Myzie (VP Engineering) and Chris Suen (VP Product) will walk through how you can use Regula to identify policy violations in Terraform and AWS CloudFormation to save time and prevent cloud misconfiguration right from the start.
  • Blowing up Serverless Security and How to Avoid it (Part 2) Recorded: Jul 20 2021 47 mins
    Josh Stella, Fugue Co-Founder and CEO; Curtis Myzie, Fugue VP Engineering and Wayne Crissman, Fugue Director of Security
    In the cloud, “serverless” architectures can shift a lot more security responsibility to the cloud service provider. But the responsibilities that remain yours look radically different than what many are used to.

    In our first Cloud Security Masterclass session on serverless security, we surveyed what cloud security looks like for serverless environments. In this session, we’re going deep on the biggest and most important attack surface when it comes to serverless: Identity and Access Management (IAM).

    Josh Stella (co-founder and CEO) is joined again by Curtis Myzie (VP of Engineering) and Wayne Crissman (Director of Security) to dig into the role IAM plays with serverless security, how IAM misconfigurations put data at risk, and why these mistakes are so easy to make and common in enterprise cloud environments.

    This session covers:

    The IAM attack surface with serverless cloud environments
    The strategies hackers use to exploit IAM misconfigurations
    How to spot these mistakes and eliminate them
  • Cloud Security Masterclass: Bringing your Cloud into Compliance and Proving it Recorded: Jul 6 2021 48 mins
    Josh Stella, Fugue Co-Founder and CEO and Dave Williams, Cloud Architect at New Light Technologies
    Bringing an existing cloud environment into compliance and proving it to management and auditors is one of the most complex and daunting tasks for any engineering team.

    But with the right approach, you can bring your cloud into compliance faster, with less disruption, and fewer headaches.

    In this session, Fugue co-founder and CEO Josh Stella and Dave Williams, Cloud Architect at New Light Technologies, walk through a tried-and-true process for achieving cloud compliance that works for any cloud team, any cloud environment, and any compliance regime.

    You’ll walk away from this session with a clear understanding of how to:
    Break down the complexities of cloud compliance and build a plan for ease and speed
    Apply controls to your use case and remediate issues without disrupting the business
    Avoid common pitfalls, headaches, and tensions associated with cloud compliance

    This approach is applicable for teams that need to bring their existing AWS, Microsoft Azure, or Google Cloud environment into compliance with standards such as SOC-2, HIPAA, PCI, NIST 800-53, ISO 27001, GDPR, CIS Benchmark Standards, and custom internal policies.
  • Infrastructure as Code Security with Regula Recorded: Jun 30 2021 39 mins
    Chris Suen, VP of Product at Fugue and Curtis Myzie, VP of Engineering at Fugue
    Fugue’s Curtis Myzie (VP Engineering) and Chris Suen (VP Product) will walk through how you can use Regula to identify policy violations in Terraform and AWS CloudFormation to save time and prevent cloud misconfiguration right from the start.
  • A Cloud Security Masterclass: Advanced AWS Misconfiguration Attacks in Action Recorded: Jun 29 2021 40 mins
    Josh Stella, Co-Founder and CEO of Fugue
    When it comes to securing your cloud infrastructure, we've moved beyond avoiding simple S3 misconfigurations and into preventing more advanced attacks.

    In this Cloud Security Masterclass that’s ripped from the headlines, Fugue co-founder and CEO explores a common set of cloud misconfiguration vulnerabilities involving AWS VPCs, IAM, and other services. These misconfigurations typically fly under the radar of many security teams and compliance frameworks.

    You’ll see how the hacker took advantage of these common cloud misconfigurations to gain access to environments, moving laterally, and extracting sensitive data without detection.
  • Blowing up Serverless Security and (How to Avoid it) Part 1 Recorded: Jun 22 2021 51 mins
    Josh Stella, Fugue co-Founder and CTO, Wayne Crissman, Fugue Director of Security, Curtis Myzie, Fugue VP of Engineering
    “Serverless” cloud architectures that leverage services such as AWS Lambda and Azure Functions are transforming how we build and deploy applications. Serverless applications also require us to transform how we think about keeping our data secure.

    In this Cloud Security Masterclass session, we dig into how security is different for serverless cloud infrastructure environments —and what hasn’t changed. Josh Stella (co-founder and CEO of Fugue) is joined by Curtis Myzie (VP of Engineering) and Wayne Crissman (Director of Security) to walk through what it takes to keep data and applications secure in a serverless environment.

    This session covers:

    How going serverless “shifts” the Shared Responsibility Model
    The serverless attack surface — what’s changed and what stays the same
    Modern serverless attack vectors, including IAM misconfiguration attacks
    The impact of serverless on compliance audits
    Dos and don’ts to keep your serverless environment and data secure
  • Thinking Like a Cloud Hacker Part 2 Recorded: Jun 10 2021 47 mins
    Josh Stella, Co-Founder and CEO of Fugue
    Josh Stella continues his Cloud Security Masterclass series on how to think like a hacker to uncover previously unknown vulnerabilities in your cloud environment.

    These misconfiguration vulnerabilities are often missed in compliance audits and overlooked by security teams. But they’re also playing an increasingly important role in today’s modern cloud attacks.

    In this session, Josh explores some more advanced misconfiguration risks that are increasingly common in today’s enterprise cloud environments—and how you can spot them before the bad guys do.
  • Cloud Security Masterclass: Thinking Like a Cloud Hacker Part 1 Recorded: May 25 2021 50 mins
    Josh Stella, Co-Founder and CTO of Fugue
    To keep your cloud infrastructure secure from hackers, you have to start thinking like one. Today’s attackers have a vast toolbox for stealing your cloud-based data. Automation can find gaps in your security posture that provide access to your environment. And cloud misconfigurations can enable them to find and extract data—often without detection.

    And don’t expect compliance rules to flag these for you, because they often don’t.

    It’s time you started looking at your cloud environment from a fresh perspective — that of a hacker who’s out to exploit vulnerabilities you aren’t aware of.

    In this Cloud Security Masterclass, Fugue CTO Josh Stella helps you get into the mindset of an attacker probing your cloud environment. You’ll learn how to spot previously-missed vulnerabilities and determine the blast radius of your cloud security gaps.
  • Cloud Security Masterclass-Building a Highly Secure S3 Bucket Part 2 Recorded: May 4 2021 57 mins
    Josh Stella, Co-Founder and CEO of Fugue
    Amazon S3 probably gets a lot of use at your company—it’s easy to use, reliable, and scalable.
    But S3 security isn’t so simple—it’s easy to get wrong and think you got it right. Recent high-profile cloud-based data breaches have involved advanced S3 misconfigurations that otherwise appeared to be secure.

    In this Cloud Security Masterclass, Fugue co-founder and CEO Josh Stella goes deeper into three critical components of S3 security to help you think critically about security for your unique AWS use cases.

    You’ll understand how to think critically about the security of IAM Roles, Bucket Policies, and Block Public Access for your specific use cases.
  • Locking Down the Security of AWS IAM - Part 2 Recorded: Apr 27 2021 45 mins
    Josh Stella, Fugue Co-Founder and CEO
    Amazon Web Service’s Identity and Access Management (IAM) service is a powerful tool for managing access to your AWS resources that’s essentially a new kind of network in the cloud. But configuring AWS IAM securely can become complex pretty quickly—and dangerous AWS IAM misconfigurations are quite common.

    In Part 2 of this Cloud Security Masterclass, Fugue co-founder Josh Stella digs deeper into how AWS IAM works to help you think more critically about the security for your AWS use cases. He’ll show you how hackers can exploit IAM misconfigurations so you can spot these in your environment and eliminate them.
Mastering the security of your cloud infrastructure environment.
Cloud computing has turned security on its head. The cloud attack surface is the configuration of thousands of interrelated resources — and it’s all changing constantly. Ensuring continuous cloud security and compliance requires a deep understanding how cloud works and the nature of misconfiguration. Why it happens, how hackers exploit it, and how to prevent it.

At Fugue, we’re committed to helping cloud professionals master the concepts they need to ensure the security of their cloud infrastructure. Our Cloud Security Masterclass series is led by Fugue CTO and co-founder Josh Stella, who has extensive experience with cloud security and working with national security customers as a Principal Solutions Architect with AWS. He takes us on technical deep dives into critical cloud infrastructure security concepts.

Fugue helps cloud teams transform how they do cloud security at every stage of the software development lifecycle — so they can move faster in the cloud without breaking the rules that put data at risk.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Blowing up Serverless Security and How to Avoid it (Part 2)
  • Live at: Jul 20 2021 4:00 pm
  • Presented by: Josh Stella, Fugue Co-Founder and CEO; Curtis Myzie, Fugue VP Engineering and Wayne Crissman, Fugue Director of Security
  • From:
Your email has been sent.
or close