SlideShare a Scribd company logo

AWS Meet Up COPENHAGEN.pptx

Download as PPTX, PDF
Stu Hirst
Stu Hirst

This document provides an overview of security best practices for AWS environments. It discusses common threats like cryptojacking, data breaches, and denial of service attacks. It emphasizes the importance of multi-factor authentication, securing IAM roles and passwords, encrypting data, and logging activities. Specific areas like S3 buckets, security groups, and incident response playbooks are addressed. The presentation encourages automating security measures and leveraging available tooling and frameworks. Recruiting security expertise is strongly recommended.

1 of 86
ADD YOUR BRAND HERE Thinking Out cLOUD 2022 AWS COPENHAGEN @stuhirstinfosec /stuhirst
ADD YOUR BRAND HERE
ADD YOUR BRAND HERE
ADD YOUR BRAND HERE Disclaimers; BRACE FOR MEMES. I’m not an ‘expert’ or a ‘thought leader’, but I’ve learned some stuff along the way. @stuhirstinfosec
ADD YOUR BRAND HERE Who Am I? @stuhirstinfosec
ADD YOUR BRAND HERE
ADD YOUR BRAND HERE
ADD YOUR BRAND HERE
ADD YOUR BRAND HERE So, where to even begin with this Security nonsense?!
ADD YOUR BRAND HERE
ADD YOUR BRAND HERE What do you care about?!
ADD YOUR BRAND HERE Risks Threats Vulnerabilities Business Context
ADD YOUR BRAND HERE There are existing frameworks that can help; • CIS Benchmarking • NIST • ISACA • Cloud Security Alliance
ADD YOUR BRAND HERE
ADD YOUR BRAND HERE
ADD YOUR BRAND HERE
ADD YOUR BRAND HERE Threats
ADD YOUR BRAND HERE Cryptojacking / Bitcoin Mining Accessing resources you own to leverage computing power to mine for cryptocurrency
ADD YOUR BRAND HERE Data Breaches (hackers/bots) Open buckets Open databases General misconfiguration Privilege escalation Leaked keys
ADD YOUR BRAND HERE Denial Of Service Though if major Cloud providers are down - everyone has a problem!
ADD YOUR BRAND HERE Insider Threats Malicious or mistake
ADD YOUR BRAND HERE Hijacking of Accounts/Domains To log on and access resources and data
ADD YOUR BRAND HERE Lack of awareness & training Cloud is still new and complex!
ADD YOUR BRAND HERE Business Context
ADD YOUR BRAND HERE
ADD YOUR BRAND HERE Practical Steps To Protect Your AWS Environments
ADD YOUR BRAND HERE Look out for…
ADD YOUR BRAND HERE ROOT ACCOUNT
ADD YOUR BRAND HERE @stuhirstinfosec Give your Root Account physical MFA token to someone non-technical They’re less likely to kill your business
ADD YOUR BRAND HERE
ADD YOUR BRAND HERE BANANA SKIN ALERT!
ADD YOUR BRAND HERE @stuhirstinfosec Advice: Delete your Root Account Access Key and Secret Key ID - you don’t need them!
ADD YOUR BRAND HERE MFA
ADD YOUR BRAND HERE Ensure EVERY user has MFA - no excuses! Or SAML/SSO…
ADD YOUR BRAND HERE @stuhirstinfosec Advice: You can stipulate in IAM policies that an action CANNOT take place without MFA!
ADD YOUR BRAND HERE @stuhirstinfosec So perhaps you can perform: DescribeInstances and RunInstances with no checks But TerminateInstance can only be where aws:MultiFactorAuthAge is < X minutes
ADD YOUR BRAND HERE IAM
ADD YOUR BRAND HERE Check your IAM password policy Automate checks for unused passwords or access keys ALERT FOR ROOT USAGE!!!
ADD YOUR BRAND HERE BANANA SKIN ALERT!
ADD YOUR BRAND HERE
ADD YOUR BRAND HERE Over time, you have probably created too many roles! IAM Access Advisor - service last accessed
ADD YOUR BRAND HERE LOGGING
ADD YOUR BRAND HERE LOG. ALL. THE. THINGS!
ADD YOUR BRAND HERE Cloudtrail S3 Access VPC Flow Cloudwatch API Gateway
ADD YOUR BRAND HERE At WORST - make sure you’re logging Cloudtrail events in every account. ALERT IF YOU’RE NOT!
ADD YOUR BRAND HERE S3 BUCKETS
ADD YOUR BRAND HERE Still arguably the easiest mistake to make and most impactful
ADD YOUR BRAND HERE
ADD YOUR BRAND HERE BANANA SKIN ALERT!
ADD YOUR BRAND HERE
ADD YOUR BRAND HERE
ADD YOUR BRAND HERE Be Careful: A bucket can be restricted, but an object within it can still be readable!
ADD YOUR BRAND HERE SECURITY GROUPS
ADD YOUR BRAND HERE SG’s act like a firewall for your instances…. But they’re easy to misconfigure
ADD YOUR BRAND HERE BANANA SKIN ALERT!
ADD YOUR BRAND HERE
ADD YOUR BRAND HERE • Restrict traffic to internal IPs for protocols such as SSH • Use NACL’s to block ports • Avoid the dreaded 0.0.0.0/0 • Use ELB's SGs wisely to restrict EC2’s access to the Internet • Trusted Advisor will help you!
@stuhirstinfosec
ADD YOUR BRAND HERE INCIDENT RESPONSE
ADD YOUR BRAND HERE Behaviour Alert Slack
ADD YOUR BRAND HERE Create playbooks for incident response Even if they just say who to contact!!!
ADD YOUR BRAND HERE ENCRYPTION
ADD YOUR BRAND HERE Are you encrypting by default? If not, why not?! S3, EBS, RDS etc
ADD YOUR BRAND HERE KEY ROTATION & CREDS
ADD YOUR BRAND HERE
ADD YOUR BRAND HERE North Carolina State University examined accidental leakage of authentication secrets to GitHub…..
ADD YOUR BRAND HERE 1. Secrets in over 100,000 repositories 2. Over 1000 committed daily
ADD YOUR BRAND HERE Other helpful tips!
ADD YOUR BRAND HERE Well Architected Reviews with AWS Use your Technical Account Managers!
ADD YOUR BRAND HERE Manually audit your accounts - looking for gaps, misconfigs, permissions
ADD YOUR BRAND HERE Or leverage…. Open Source Goodies!
ADD YOUR BRAND HERE
ADD YOUR BRAND HERE
ADD YOUR BRAND HERE
ADD YOUR BRAND HERE
ADD YOUR BRAND HERE The most important part of securing AWS…
ADD YOUR BRAND HERE RECRUIT! RECRUIT! RECRUIT!
ADD YOUR BRAND HERE TAKEAWAYS
ADD YOUR BRAND HERE • Start with basics - what do you care about • Establish a risk framework • Look out for the banana skins! • Automate as much as you can • Leverage the tooling • Have fun! • RECRUIT!
ADD YOUR BRAND HERE So what have I learnt these last 2-3 years? * Your journey has to start somewhere! * Changing businesses takes real time and graft. And it’s painful! * Try and get the major stakeholders around the table regularly to collaborate - this takes effort! * Cloud is HARD and often COMPLEX * Recruitment is absolutely KEY! * TEACHING EACH OTHER IS KEY ALSO!!!
ADD YOUR BRAND HERE Before I leave you…
ADD YOUR BRAND HERE
ADD YOUR BRAND HERE
ADD YOUR BRAND HERE
ADD YOUR BRAND HERE Want to know more? Cloud Security Forum on Slack - DM ME ON TWITTER! AWS Arsenal - open source tools https://github.com/stuhirst/awssecurity AWS Vulnerability & Risk list https://github.com/stuhirst/awssecurity/blob/master/risksan dvulns.md
ADD YOUR BRAND HERE Thanks! Questions?! @stuhirstinfosec

Recommended

RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
Acodez IT Solutions
 
WordCamp Philly WordPress End-User Security
WordCamp Philly WordPress End-User SecurityWordCamp Philly WordPress End-User Security
WordCamp Philly WordPress End-User SecurityDre Armeda
 
How to install wordpress
How to install wordpress How to install wordpress
How to install wordpress
Deepanshu Kapoor
 
From delivering plugins to delivering "as a Service" - Atlassian connect 2017
From delivering plugins to delivering "as a Service" - Atlassian connect 2017From delivering plugins to delivering "as a Service" - Atlassian connect 2017
From delivering plugins to delivering "as a Service" - Atlassian connect 2017
Quentin Adam
 
Quelles changements de vision dans la cyber sécurité en 2017 ? - ADN OUEST, s...
Quelles changements de vision dans la cyber sécurité en 2017 ? - ADN OUEST, s...Quelles changements de vision dans la cyber sécurité en 2017 ? - ADN OUEST, s...
Quelles changements de vision dans la cyber sécurité en 2017 ? - ADN OUEST, s...
Quentin Adam
 
Css basics
Css basicsCss basics
Css basics
Marcus Crutcher
 
WPParra AWS
WPParra AWSWPParra AWS
WPParra AWS
Kenneth Scott Huntley
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
Brad Williams
 

Recommended

RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITERUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
RUNNING A SECURITY CHECK FOR YOUR WORDPRESS SITE
Acodez IT Solutions
 
WordCamp Philly WordPress End-User Security
WordCamp Philly WordPress End-User SecurityWordCamp Philly WordPress End-User Security
WordCamp Philly WordPress End-User SecurityDre Armeda
 
How to install wordpress
How to install wordpress How to install wordpress
How to install wordpress
Deepanshu Kapoor
 
From delivering plugins to delivering "as a Service" - Atlassian connect 2017
From delivering plugins to delivering "as a Service" - Atlassian connect 2017From delivering plugins to delivering "as a Service" - Atlassian connect 2017
From delivering plugins to delivering "as a Service" - Atlassian connect 2017
Quentin Adam
 
Quelles changements de vision dans la cyber sécurité en 2017 ? - ADN OUEST, s...
Quelles changements de vision dans la cyber sécurité en 2017 ? - ADN OUEST, s...Quelles changements de vision dans la cyber sécurité en 2017 ? - ADN OUEST, s...
Quelles changements de vision dans la cyber sécurité en 2017 ? - ADN OUEST, s...
Quentin Adam
 
Css basics
Css basicsCss basics
Css basics
Marcus Crutcher
 
WPParra AWS
WPParra AWSWPParra AWS
WPParra AWS
Kenneth Scott Huntley
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
Brad Williams
 
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
Product School
 
Building Successful APIs Overnight - Orlando K - Codemotion Rome 2015
Building Successful APIs Overnight - Orlando K - Codemotion Rome 2015Building Successful APIs Overnight - Orlando K - Codemotion Rome 2015
Building Successful APIs Overnight - Orlando K - Codemotion Rome 2015
Codemotion
 
How to Install SSL on WordPress.pdf
How to Install SSL on WordPress.pdfHow to Install SSL on WordPress.pdf
How to Install SSL on WordPress.pdf
Host It Smart
 
AWS Cloud Experience CA: Receta del Éxito en la Nube: Cultura, Estrategia e I...
AWS Cloud Experience CA: Receta del Éxito en la Nube: Cultura, Estrategia e I...AWS Cloud Experience CA: Receta del Éxito en la Nube: Cultura, Estrategia e I...
AWS Cloud Experience CA: Receta del Éxito en la Nube: Cultura, Estrategia e I...
Amazon Web Services LATAM
 
Denver Atlassian Community Meeting - April 2019
Denver Atlassian Community Meeting - April 2019Denver Atlassian Community Meeting - April 2019
Denver Atlassian Community Meeting - April 2019
denveraug
 
How not to suck at Cyber Security
How not to suck at Cyber SecurityHow not to suck at Cyber Security
How not to suck at Cyber SecurityChris Watts
 
It's 10pm, Do You Know Where Your Access Keys Are?
It's 10pm, Do You Know Where Your Access Keys Are?It's 10pm, Do You Know Where Your Access Keys Are?
It's 10pm, Do You Know Where Your Access Keys Are?
Ken Johnson
 
You wouldn't build a toast, would you
You wouldn't build a toast, would youYou wouldn't build a toast, would you
You wouldn't build a toast, would you
Yan Cui
 
Level Up - A Career in Security
Level Up - A Career in SecurityLevel Up - A Career in Security
Level Up - A Career in Security
Gabriel Mathenge
 
Workshop SEO + ECOMMERCE #ECOMTEAM
Workshop SEO + ECOMMERCE #ECOMTEAMWorkshop SEO + ECOMMERCE #ECOMTEAM
Workshop SEO + ECOMMERCE #ECOMTEAM
Señor Muñoz
 
How We end the Walking Dead in the Enterprise - Session Sponsored by Versent
How We end the Walking Dead in the Enterprise - Session Sponsored by VersentHow We end the Walking Dead in the Enterprise - Session Sponsored by Versent
How We end the Walking Dead in the Enterprise - Session Sponsored by Versent
Amazon Web Services
 
Rapid Crush Inc. Software & Training Products Overview
Rapid Crush Inc. Software & Training Products OverviewRapid Crush Inc. Software & Training Products Overview
Rapid Crush Inc. Software & Training Products Overview
NickoloveLovemore
 
Threat Hunting, Detection, and Incident Response in the Cloud
Threat Hunting, Detection, and Incident Response in the CloudThreat Hunting, Detection, and Incident Response in the Cloud
Threat Hunting, Detection, and Incident Response in the Cloud
Ben Johnson
 
Fraud Engineering, from Merchant Risk Council Annual Meeting 2012
Fraud Engineering, from Merchant Risk Council Annual Meeting 2012Fraud Engineering, from Merchant Risk Council Annual Meeting 2012
Fraud Engineering, from Merchant Risk Council Annual Meeting 2012
Nick Galbreath
 
APIS for Startups - Running your Business Inside Out
APIS for Startups - Running your Business Inside OutAPIS for Startups - Running your Business Inside Out
APIS for Startups - Running your Business Inside Out
3scale
 
Infrastructure is development
Infrastructure is developmentInfrastructure is development
Infrastructure is development
stahnma
 
How serverless changes the cost paradigm
How serverless changes the cost paradigmHow serverless changes the cost paradigm
How serverless changes the cost paradigm
Yan Cui
 
ASAE Tech: Data Data Everywhere
ASAE Tech: Data Data EverywhereASAE Tech: Data Data Everywhere
ASAE Tech: Data Data Everywheremjgoldsmith
 
A software developer guide to working with aws
A software developer guide to working with awsA software developer guide to working with aws
A software developer guide to working with aws
Dror Helper
 
Moving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting OwnedMoving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting Owned
Deborah Schalm
 
Stu Hirst - Imposter Syndrome 2024 - Presented at Cloud Expo Europe (Cyber Ke...
Stu Hirst - Imposter Syndrome 2024 - Presented at Cloud Expo Europe (Cyber Ke...Stu Hirst - Imposter Syndrome 2024 - Presented at Cloud Expo Europe (Cyber Ke...
Stu Hirst - Imposter Syndrome 2024 - Presented at Cloud Expo Europe (Cyber Ke...
Stu Hirst
 
Stu Hirst - 10 Years To Ciso
Stu Hirst - 10 Years To CisoStu Hirst - 10 Years To Ciso
Stu Hirst - 10 Years To Ciso
Stu Hirst
 

More Related Content

Similar to AWS Meet Up COPENHAGEN.pptx

How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
Product School
 
Building Successful APIs Overnight - Orlando K - Codemotion Rome 2015
Building Successful APIs Overnight - Orlando K - Codemotion Rome 2015Building Successful APIs Overnight - Orlando K - Codemotion Rome 2015
Building Successful APIs Overnight - Orlando K - Codemotion Rome 2015
Codemotion
 
How to Install SSL on WordPress.pdf
How to Install SSL on WordPress.pdfHow to Install SSL on WordPress.pdf
How to Install SSL on WordPress.pdf
Host It Smart
 
AWS Cloud Experience CA: Receta del Éxito en la Nube: Cultura, Estrategia e I...
AWS Cloud Experience CA: Receta del Éxito en la Nube: Cultura, Estrategia e I...AWS Cloud Experience CA: Receta del Éxito en la Nube: Cultura, Estrategia e I...
AWS Cloud Experience CA: Receta del Éxito en la Nube: Cultura, Estrategia e I...
Amazon Web Services LATAM
 
Denver Atlassian Community Meeting - April 2019
Denver Atlassian Community Meeting - April 2019Denver Atlassian Community Meeting - April 2019
Denver Atlassian Community Meeting - April 2019
denveraug
 
How not to suck at Cyber Security
How not to suck at Cyber SecurityHow not to suck at Cyber Security
How not to suck at Cyber SecurityChris Watts
 
It's 10pm, Do You Know Where Your Access Keys Are?
It's 10pm, Do You Know Where Your Access Keys Are?It's 10pm, Do You Know Where Your Access Keys Are?
It's 10pm, Do You Know Where Your Access Keys Are?
Ken Johnson
 
You wouldn't build a toast, would you
You wouldn't build a toast, would youYou wouldn't build a toast, would you
You wouldn't build a toast, would you
Yan Cui
 
Level Up - A Career in Security
Level Up - A Career in SecurityLevel Up - A Career in Security
Level Up - A Career in Security
Gabriel Mathenge
 
Workshop SEO + ECOMMERCE #ECOMTEAM
Workshop SEO + ECOMMERCE #ECOMTEAMWorkshop SEO + ECOMMERCE #ECOMTEAM
Workshop SEO + ECOMMERCE #ECOMTEAM
Señor Muñoz
 
How We end the Walking Dead in the Enterprise - Session Sponsored by Versent
How We end the Walking Dead in the Enterprise - Session Sponsored by VersentHow We end the Walking Dead in the Enterprise - Session Sponsored by Versent
How We end the Walking Dead in the Enterprise - Session Sponsored by Versent
Amazon Web Services
 
Rapid Crush Inc. Software & Training Products Overview
Rapid Crush Inc. Software & Training Products OverviewRapid Crush Inc. Software & Training Products Overview
Rapid Crush Inc. Software & Training Products Overview
NickoloveLovemore
 
Threat Hunting, Detection, and Incident Response in the Cloud
Threat Hunting, Detection, and Incident Response in the CloudThreat Hunting, Detection, and Incident Response in the Cloud
Threat Hunting, Detection, and Incident Response in the Cloud
Ben Johnson
 
Fraud Engineering, from Merchant Risk Council Annual Meeting 2012
Fraud Engineering, from Merchant Risk Council Annual Meeting 2012Fraud Engineering, from Merchant Risk Council Annual Meeting 2012
Fraud Engineering, from Merchant Risk Council Annual Meeting 2012
Nick Galbreath
 
APIS for Startups - Running your Business Inside Out
APIS for Startups - Running your Business Inside OutAPIS for Startups - Running your Business Inside Out
APIS for Startups - Running your Business Inside Out
3scale
 
Infrastructure is development
Infrastructure is developmentInfrastructure is development
Infrastructure is development
stahnma
 
How serverless changes the cost paradigm
How serverless changes the cost paradigmHow serverless changes the cost paradigm
How serverless changes the cost paradigm
Yan Cui
 
ASAE Tech: Data Data Everywhere
ASAE Tech: Data Data EverywhereASAE Tech: Data Data Everywhere
ASAE Tech: Data Data Everywheremjgoldsmith
 
A software developer guide to working with aws
A software developer guide to working with awsA software developer guide to working with aws
A software developer guide to working with aws
Dror Helper
 
Moving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting OwnedMoving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting Owned
Deborah Schalm
 

Similar to AWS Meet Up COPENHAGEN.pptx (20)

How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
 
Building Successful APIs Overnight - Orlando K - Codemotion Rome 2015
Building Successful APIs Overnight - Orlando K - Codemotion Rome 2015Building Successful APIs Overnight - Orlando K - Codemotion Rome 2015
Building Successful APIs Overnight - Orlando K - Codemotion Rome 2015
 
How to Install SSL on WordPress.pdf
How to Install SSL on WordPress.pdfHow to Install SSL on WordPress.pdf
How to Install SSL on WordPress.pdf
 
AWS Cloud Experience CA: Receta del Éxito en la Nube: Cultura, Estrategia e I...
AWS Cloud Experience CA: Receta del Éxito en la Nube: Cultura, Estrategia e I...AWS Cloud Experience CA: Receta del Éxito en la Nube: Cultura, Estrategia e I...
AWS Cloud Experience CA: Receta del Éxito en la Nube: Cultura, Estrategia e I...
 
Denver Atlassian Community Meeting - April 2019
Denver Atlassian Community Meeting - April 2019Denver Atlassian Community Meeting - April 2019
Denver Atlassian Community Meeting - April 2019
 
How not to suck at Cyber Security
How not to suck at Cyber SecurityHow not to suck at Cyber Security
How not to suck at Cyber Security
 
It's 10pm, Do You Know Where Your Access Keys Are?
It's 10pm, Do You Know Where Your Access Keys Are?It's 10pm, Do You Know Where Your Access Keys Are?
It's 10pm, Do You Know Where Your Access Keys Are?
 
You wouldn't build a toast, would you
You wouldn't build a toast, would youYou wouldn't build a toast, would you
You wouldn't build a toast, would you
 
Level Up - A Career in Security
Level Up - A Career in SecurityLevel Up - A Career in Security
Level Up - A Career in Security
 
Workshop SEO + ECOMMERCE #ECOMTEAM
Workshop SEO + ECOMMERCE #ECOMTEAMWorkshop SEO + ECOMMERCE #ECOMTEAM
Workshop SEO + ECOMMERCE #ECOMTEAM
 
How We end the Walking Dead in the Enterprise - Session Sponsored by Versent
How We end the Walking Dead in the Enterprise - Session Sponsored by VersentHow We end the Walking Dead in the Enterprise - Session Sponsored by Versent
How We end the Walking Dead in the Enterprise - Session Sponsored by Versent
 
Rapid Crush Inc. Software & Training Products Overview
Rapid Crush Inc. Software & Training Products OverviewRapid Crush Inc. Software & Training Products Overview
Rapid Crush Inc. Software & Training Products Overview
 
Threat Hunting, Detection, and Incident Response in the Cloud
Threat Hunting, Detection, and Incident Response in the CloudThreat Hunting, Detection, and Incident Response in the Cloud
Threat Hunting, Detection, and Incident Response in the Cloud
 
Fraud Engineering, from Merchant Risk Council Annual Meeting 2012
Fraud Engineering, from Merchant Risk Council Annual Meeting 2012Fraud Engineering, from Merchant Risk Council Annual Meeting 2012
Fraud Engineering, from Merchant Risk Council Annual Meeting 2012
 
APIS for Startups - Running your Business Inside Out
APIS for Startups - Running your Business Inside OutAPIS for Startups - Running your Business Inside Out
APIS for Startups - Running your Business Inside Out
 
Infrastructure is development
Infrastructure is developmentInfrastructure is development
Infrastructure is development
 
How serverless changes the cost paradigm
How serverless changes the cost paradigmHow serverless changes the cost paradigm
How serverless changes the cost paradigm
 
ASAE Tech: Data Data Everywhere
ASAE Tech: Data Data EverywhereASAE Tech: Data Data Everywhere
ASAE Tech: Data Data Everywhere
 
A software developer guide to working with aws
A software developer guide to working with awsA software developer guide to working with aws
A software developer guide to working with aws
 
Moving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting OwnedMoving at the Speed-of-Cloud Without Getting Owned
Moving at the Speed-of-Cloud Without Getting Owned
 

More from Stu Hirst

Stu Hirst - Imposter Syndrome 2024 - Presented at Cloud Expo Europe (Cyber Ke...
Stu Hirst - Imposter Syndrome 2024 - Presented at Cloud Expo Europe (Cyber Ke...Stu Hirst - Imposter Syndrome 2024 - Presented at Cloud Expo Europe (Cyber Ke...
Stu Hirst - Imposter Syndrome 2024 - Presented at Cloud Expo Europe (Cyber Ke...
Stu Hirst
 
Stu Hirst - 10 Years To Ciso
Stu Hirst - 10 Years To CisoStu Hirst - 10 Years To Ciso
Stu Hirst - 10 Years To Ciso
Stu Hirst
 
Stu Hirst - Thinking Out cLoud 2020
Stu Hirst - Thinking Out cLoud 2020Stu Hirst - Thinking Out cLoud 2020
Stu Hirst - Thinking Out cLoud 2020
Stu Hirst
 
Hi DevOps, I'm Security, I Love You
Hi DevOps, I'm Security, I Love YouHi DevOps, I'm Security, I Love You
Hi DevOps, I'm Security, I Love You
Stu Hirst
 
Stu Hirst - Thinking Out cLoud July 2019
Stu Hirst - Thinking Out cLoud July 2019Stu Hirst - Thinking Out cLoud July 2019
Stu Hirst - Thinking Out cLoud July 2019
Stu Hirst
 
An Imposter's Journey Into InfoSec
An Imposter's Journey Into InfoSecAn Imposter's Journey Into InfoSec
An Imposter's Journey Into InfoSec
Stu Hirst
 
Stu Hirst "Thinking Out cLoud" 2019
Stu Hirst "Thinking Out cLoud" 2019Stu Hirst "Thinking Out cLoud" 2019
Stu Hirst "Thinking Out cLoud" 2019
Stu Hirst
 
War Stories - From The Front Lines Of InfoSec!
War Stories - From The Front Lines Of InfoSec!War Stories - From The Front Lines Of InfoSec!
War Stories - From The Front Lines Of InfoSec!
Stu Hirst
 
An Imposter's Journey Into InfoSec
An Imposter's Journey Into InfoSecAn Imposter's Journey Into InfoSec
An Imposter's Journey Into InfoSec
Stu Hirst
 
Turing's Testers - Security Scotland May 2018
Turing's Testers - Security Scotland May 2018Turing's Testers - Security Scotland May 2018
Turing's Testers - Security Scotland May 2018
Stu Hirst
 
DevSecOps - a 2 year journey of success & failure!
DevSecOps - a 2 year journey of success & failure!DevSecOps - a 2 year journey of success & failure!
DevSecOps - a 2 year journey of success & failure!
Stu Hirst
 
Building a Security culture at Skyscanner 2016
Building a Security culture at Skyscanner 2016Building a Security culture at Skyscanner 2016
Building a Security culture at Skyscanner 2016Stu Hirst
 

More from Stu Hirst (12)

Stu Hirst - Imposter Syndrome 2024 - Presented at Cloud Expo Europe (Cyber Ke...
Stu Hirst - Imposter Syndrome 2024 - Presented at Cloud Expo Europe (Cyber Ke...Stu Hirst - Imposter Syndrome 2024 - Presented at Cloud Expo Europe (Cyber Ke...
Stu Hirst - Imposter Syndrome 2024 - Presented at Cloud Expo Europe (Cyber Ke...
 
Stu Hirst - 10 Years To Ciso
Stu Hirst - 10 Years To CisoStu Hirst - 10 Years To Ciso
Stu Hirst - 10 Years To Ciso
 
Stu Hirst - Thinking Out cLoud 2020
Stu Hirst - Thinking Out cLoud 2020Stu Hirst - Thinking Out cLoud 2020
Stu Hirst - Thinking Out cLoud 2020
 
Hi DevOps, I'm Security, I Love You
Hi DevOps, I'm Security, I Love YouHi DevOps, I'm Security, I Love You
Hi DevOps, I'm Security, I Love You
 
Stu Hirst - Thinking Out cLoud July 2019
Stu Hirst - Thinking Out cLoud July 2019Stu Hirst - Thinking Out cLoud July 2019
Stu Hirst - Thinking Out cLoud July 2019
 
An Imposter's Journey Into InfoSec
An Imposter's Journey Into InfoSecAn Imposter's Journey Into InfoSec
An Imposter's Journey Into InfoSec
 
Stu Hirst "Thinking Out cLoud" 2019
Stu Hirst "Thinking Out cLoud" 2019Stu Hirst "Thinking Out cLoud" 2019
Stu Hirst "Thinking Out cLoud" 2019
 
War Stories - From The Front Lines Of InfoSec!
War Stories - From The Front Lines Of InfoSec!War Stories - From The Front Lines Of InfoSec!
War Stories - From The Front Lines Of InfoSec!
 
An Imposter's Journey Into InfoSec
An Imposter's Journey Into InfoSecAn Imposter's Journey Into InfoSec
An Imposter's Journey Into InfoSec
 
Turing's Testers - Security Scotland May 2018
Turing's Testers - Security Scotland May 2018Turing's Testers - Security Scotland May 2018
Turing's Testers - Security Scotland May 2018
 
DevSecOps - a 2 year journey of success & failure!
DevSecOps - a 2 year journey of success & failure!DevSecOps - a 2 year journey of success & failure!
DevSecOps - a 2 year journey of success & failure!
 
Building a Security culture at Skyscanner 2016
Building a Security culture at Skyscanner 2016Building a Security culture at Skyscanner 2016
Building a Security culture at Skyscanner 2016
 

Recently uploaded

State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 

Recently uploaded (20)

State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 

AWS Meet Up COPENHAGEN.pptx