Fwd:cloudsec
fwd:cloudsec
fwd:cloudsec is a non-profit conference on cloud security. At this conference you can expect discussions about all the major cloud platforms, both attack and defense research, limitations of security features, the pros and cons of different security strategies, and generally the types of things cloud practitioners want to know, but that don't fit neatly into a vendor conference schedule.
Wo hören?
Podcasts in der App Replaio Radio Bald verfügbarPodcasts kommen bald in die App. Installiere sie jetzt und erlebe als Erster einen ganz neuen Blick auf Podcasts
Folgen
No Way Out? C2 Through AWS Data Perimeter via Bedrock-AgentCore - Dan Gansel 09.06.2026 17:47
Speaker: Dan Gansel Dan Gansel is a cloud security specialist with deep expertise in cloud API research, secure cloud solutions and architecture design. Dan has led cloud security research teams and has a track record of uncovering novel attack techniques in cloud environments. As a Security Researcher at Upwind Security, Dan continues to push the boundaries of cloud security, focusing on uncoveri...
Velocity of a Whisper: When One Vulnerability Cascades Across Cloud Infrastructure - Albin Vattakattu & Ryan Nolette 03.06.2026 26:47
Speakers: Albin Vattakattu & Ryan Nolette Albin leads the global Vulnerability Disclosure Program (VDP) for Amazon Web Services (AWS). He co-authored the inaugural AI security whitepaper, jointly published by AWS and SANS institute. Prior to AWS, Albin led incident response teams across North and South America, defending foreign governments and fortune 100 companies against DDoS campaigns orch...
Barbarians at the Gate: Visualizing and Blocking SDLC Infrastructure Threats with SITF - Shay Berkovich 03.06.2026 25:23
Speaker: Shay Berkovich Shay is part of the Threat Research team in Wiz (now acquired by Google) working on various aspects of container and SDLC infrastructure security with the emphasis on (on one hand) Kubernetes emerging threats and (on another hand) CI/CD and VCS security posture. He worked previously at BlackBerry, Symantec and BlueCoat on a range of security products (CWPP, WAF, SWG) doing...
Transforming Security Incident Metadata to Security Outcomes: the Threat Technique Catalog for AWS Journey - Cydney Stude & Steve de Vera 03.06.2026 24:45
Speakers: Cydney Stude & Steve de Vera Cydney is a security researcher and incident responder on the AWS Customer Incident Response Team (CIRT). Cydney studies emerging attack patterns and focuses on translating real-world incident response metadata into actionable detection and prevention strategies for cloud defenders. Cydney leads the quarterly Threat Technique Catalog for AWS releases. Ste...
Slaying the Sprawl: A Hero’s Guide to Building (or Re-Forging) a Cloud Security Program Without a 20-Person Guild - Steve Turner 03.06.2026 17:20
Speaker: Steve Turner Steve leads cloud security at Zelis Healthcare. He started his career through the trial by fire that is MSP life. He pivoted to securing everything from waste facilities and transportation infrastructure to huge financial services organizations, and even mixed in some industry analysis in for good measure. He’s passionate about coming up with security solutions that make coll...
Schrödinger’s Detection: Finding the "Zombie" Rules in Your SIEM - Gowthamaraj 03.06.2026 19:17
Speaker: Gowthamaraj Gowthamaraj Rajendran is a Threat Detection Engineer on Meta’s Infrastructure Security Monitoring team, where he focuses on building and operationalizing detections for large-scale surfaces. His work centers on translating real-world adversary behaviors into measurable detection coverage, improving telemetry quality, and reducing time-to-detect for high-impact incidents. He is...
Beyond the Checkbox: What Breaks When You Actually Stress-Test Cloud Incident Response - Matthew Harvey 03.06.2026 26:15
Speaker: Matthew Harvey Matthew Harvey is a cloud security professional with 8+ years in cloud incident response and 15+ years in it Security. With a focus on incident response and system resilience, he leads technical "game days" to help organizations identify and bridge gaps in their security operations. Matthew combines deep tactical expertise with a hands-on approach to building and...
Do Apps Have Imposter Syndrome? Unmasking Token Theft Campaigns - Shahar Dorfman & Sapir Federovsky 03.06.2026 26:50
Speakers: Shahar Dorfman & Sapir Federovsky Shahar is a threat intelligence researcher at Wiz, where she focuses on identifying and analyzing emerging cyber threats to enhance security defenses. Sapir is a security researcher specializing in identity security. Passionate about understanding how identity works, she spends her time exploring the depths of Active Directory and Entra, uncovering s...
The Double Trouble: One Architectural Sin, Two Clouds, and a Universal Attack Technique for Data Hijacking - Yahav Festinger 03.06.2026 23:09
Speaker: Yahav Festinger Yahav Festinger is a Cloud Security Researcher at Palo Alto Networks. As a key member of the Cloud Detection and Response (CDR) team, their work focuses on identifying novel attack vectors and tracking adversaries in real-time. Their career in security began at the national center for encryption and information security in the IDF, where they focused on web and cloud resea...
Artificial Intelligence 🤝 Natural Stupidity - Brandon Sherman 03.06.2026 22:39
Speaker: Brandon Sherman Brandon Sherman is a walking, talking, and occasionally thinking bag of meat and water. This is more than what can be said of any LLM at present. When his boss is looking, he does Cloud Security at Temporal Technologies, Inc. where the goal is to build software as reliable as gravity. He has previously presented on topics such as Cloud Forensics, The Cloud Changes Undernea...
Beyond the Perimeter: Retrofitting VPC-SC at Enterprise Scale - Priya Puranik & Akshay Mahajan 03.06.2026 25:27
Speakers: Priya Puranik & Akshay Mahajan Priya Puranik is a Senior Security Engineer at Wayfair specializing in cloud infrastructure and governance. Her focus is on operationalizing cloud security and streamlining security processes for infrastructure deployment. Akshay is a seasoned technologist leading Production Security at Wayfair. He specializes in steering complex security initiatives ac...
Data Perimeters: Beyond the Marketing - Matt Luttrell 03.06.2026 23:08
Service-specific Guidance: https://github.com/aws-samples/data-perimeter-policy-examples/tree/main/service_specific_guidance Speaker: Matt Luttrell Matt is a Principal Security Engineer at AWS and spends most of his day working on IAM. Matt focuses on the customer experience of security - helping make complex systems simpler to secure. Talk: Data perimeters are the way to build your own identity-i...
Paying More for Worse Security: An AWS Marketplace Horror Story - Corey Quinn 03.06.2026 26:27
Speaker: Corey Quinn Corey is the Chief Cloud Economist at Duckbill, where he specializes in helping companies improve their AWS bills by making them smaller and less horrifying. He also hosts the "Screaming in the Cloud" and "AWS Morning Brief" podcasts; and curates "Last Week in AWS," a weekly newsletter summarizing the latest in AWS news, blogs, and tools, sprinkle...
I made AI agents apply for my Security Team. Then I gave the agents access to AWS. - Cole Horsman 02.06.2026 17:41
Speaker: Cole HorsmanI've built and operated cloud security systems at Global Atlantic Financial and KKR before joining Sonrai Security as Field CTO. I've spoken at AWS re:Invent and re:Inforce on cloud identity, serves as CISO for ISSA Des Moines, and founded VibeDSM, an AI Builder Community. He believes production scars teach more than conference slides. Talk:Most security teams I talk t...
Are We There Yet? Lessons from the 10 Year Cloud Security Ride - James Berthoty 02.06.2026 25:25
Slides: https://docs.google.com/presentation/d/1uIO9UufUdU83CBaAwJb9aENqa2SBr-yIlntp5mk9vWw/Speaker: James BerthotyJames Berthoty is the Founder and Analyst at Latio, the only analyst firm that independently tests every product it reviews. With over a decade of engineering and security experience across companies like VGS, ReliaQuest, and PagerDuty, James has hands-on experience deploying and eval...
Observing Escalation Paths in Kubernetes - William Taylor 02.06.2026 26:32
Blog: https://labs.reversec.com/posts/2026/06/observing-privilege-escalation-in-kubernetes Speaker: William Taylor Security consultant with a background in embedded engineering and DevOps, which has lead to an interest in mobile, Cloud, and Kubernetes security. I used to make things work; now I break things, professionally and ethically. Talk: Kubernetes famously has a lot of moving parts; cluster...
Lessons From Building a Cloud Attack Simulation Program - Pavel Lineitsev 02.06.2026 22:53
Speaker: Pavel LineitsevPavel is a Senior Security Engineer on the Detection and Response team at Confluent, where he builds detection rules, designs logging pipelines, and investigates security incidents across multiple cloud providers. With nearly a decade of experience in cybersecurity, he has developed a deep focus on cloud security, detection engineering, and incident response. Talk:Cloud det...
Azure Networking Dark Arts: The Implicit Paths Your Diagrams Don't Show - Achia Rosenfeld & Kobi Rubin 02.06.2026 19:27
Speakers: Achia Rosenfeld & Kobi Rubin Achia Rosenfeld is a software engineer with 10 years of experience, currently at ACT Security. I specialize in the analysis of Azure cloud networks to design and develop innovative products. My work focuses on translating deep network research into functional, high-impact security solutions Kobi Rubin is Head of Research at Act Security, where he focuses...
Discovering New AWS Privilege Escalation Paths with an AI-Driven Workflow - Seth Art 02.06.2026 21:10
Speaker: Seth Art Seth Art is currently a Security Researcher & Advocate at Datadog. Prior to joining Datadog, Seth created and led the Cloud Penetration Testing practice at Bishop Fox. He is the author of pathfinding.cloud, an AWS IAM privilege escalation library, and has published many open source tools including BadPods, IAMVulnerable, and CloudFoxable, and is the co-creator of the popular...
Who Are the Robots? Uncovering AI Agents Identities - Ron Popov & Clément Notin 02.06.2026 26:19
Speakers: Ron Popov & Clément Notin Ron Popov is a Senior Security Researcher at Tenable, where he spends his days untangling the complexities of modern cloud environments. With over seven years of experience, Ron comes from a background of on-prem networks and network security. Today, he focuses on the intersection of identity, vulnerability management in cloud environments, and the increasin...
Context-Aware Authorization for Agentic Tool Calls (Agent Memory Informed Authorization) - Robert Chiniquy 02.06.2026 19:29
Speaker: Robert Chiniquy Robert Chiniquy is an engineer at ConductorOne, where he builds identity governance systems for human and non-human actors. He co-founded ScaleFT, a Zero Trust access platform acquired by Okta in 2018, where he served as Founder in Residence and led Okta's first incubation project. His work spans identity infrastructure, formal verification of distributed systems corre...
Agentic Paved Roads: Shifting Security Left to the Machine That Thinks - Prahathess Rengasamy 02.06.2026 25:05
Security MCP Server: https://github.com/rakshasa-1729/agentic-paved-roads/ Example security repo: https://github.com/rakshasa-1729/acme-security-repo Speaker: Prahathess Rengasamy Prahathess Rengasamy is a security engineer at xAI focused on security engineering and automation, striving to enhance efficiency and robustness across various security domains. Previously securing products and clouds at...
The Tireless Guardian: Agentic AI and the Art of WAF at Scale - Ammar Alim 02.06.2026 48:35
Speaker: Ammar Alim Ammar Alim is the Manager of DevSecOps at Adobe, where he leads a team building solutions that help engineering teams address security issues more efficiently, focusing on seamless integration between application security and DevOps processes. Previously, he was Cloud Security Engineer Manager at Frame.io and Lead Cloud Security Engineer at ActBlue Technical Services, where he...
Who Did This? Identity and Accountability When Your Cloud Actors Aren't Human - Jie Wu & Pulkit Garg 02.06.2026 22:57
Speakers: Jie Wu & Pulkit Garg Jie is a Senior Security Engineer on the Infrastructure Security team at Shopify, where she focuses on security automation, IAM, threat detection, and compliance. Prior to joining Shopify, Jie worked on cyber defense initiatives and vulnerability management at Bank of America. Outside of work, Jie enjoys running, hiking, and tackling CTF challenges for fun. Pulki...
Least Privilege is a Conversation: Building an Agentic Role Engineering Pipeline - Alex Smolen 02.06.2026 23:01
Slides: https://engseclabs.com/least-privilege-is-a-conversation/ Trailtool: https://github.com/engseclabs/trailtool Blog: https://engseclabs.com/blog/cloudtrail-for-ai-agents/ Speaker: Alex Smolen Security engineering leader with 15+ years experience building security programs from the ground up. Passionate about vulnerability management, detection engineering, and GRC automation. Currently runni...
Ähnliche Podcasts
Replaio ist kein Herausgeber von Podcasts; die Namen der Sendungen, Cover und Audioinhalte gehören ihren Autoren und werden über öffentliche RSS-Feeds verbreitet