Ashish has over 13+yrs experience in the CyberSecurity industry with the last 7 focussing primarily helping Enterprise with managing security risk at scale in Cloud first world and was the CISO of a global Cloud First Tech company in his last role. Ashish is also a Keynote speaker and host of the wildly popular Cloud Security Podcast, a SANS Trainer for Cloud Security and an outspoken opinion leader on all things Cloud Security & DevSecOps. He is a frequent contributor on topics related to public cloud transformation, Cloud Security, DevSecOps, Security Leadership, Future Tech and the associated security challenges for practitioners and CISOs.
It would be a surprise if most people in 2023 are either already working or about to work on securing applications hosted on Public/Private cloud providers. However, a lot are primarily working on putting CIS Benchmark, NIST mapping, NCSC Cyber Essentials mapping,etc to their Cloud to secure them. This leaves a gap for how a malicious actor is working their way through a cloud account once compromised and how can a blue team detect them in their environment. The best way to do this is to learn from what's already happened aka cloud breaches.
This talk will start with a walkthrough of how malicious actors approach a cloud environment that has gaps which can lead to. Followed by what are the low hanging fruits that malicious attackers check for in your cloud environments for and how a lot of organisations are managing security risk in a multi-cloud world along with where the security gaps that is the responsibility of the cloud customer to manage.