Breaking the Cloud: A Tale of 3 Breaches!
12-09, 14:50–15:35 (Europe/London), Track 3

It would be a surprise if most people in 2023 are either already working or about to work on securing applications hosted on Public/Private cloud providers. However, a lot are primarily working on putting CIS Benchmark, NIST mapping, NCSC Cyber Essentials mapping,etc to their Cloud to secure them. This leaves a gap for how a malicious actor is working their way through a cloud account once compromised and how can a blue team detect them in their environment. The best way to do this is to learn from what's already happened aka cloud breaches.

This talk will start with a walkthrough of how malicious actors approach a cloud environment that has gaps which can lead to. Followed by what are the low hanging fruits that malicious attackers check for in your cloud environments for and how a lot of organisations are managing security risk in a multi-cloud world along with where the security gaps that is the responsibility of the cloud customer to manage.

This talk is for folks who want:
- to see how malicious actors behave in AWS cloud environment
- Understand the potential threat landscape of their cloud environment (Spoiler:It's not a Zero day)
- to learn about security gaps in AWS that need to be filled by cloud customers
- to ask their burning Cloud Security question to an experienced Cloud Security Practitioner and Trainer

Ashish has over 13+yrs experience in the CyberSecurity industry with the last 7 focussing primarily helping Enterprise with managing security risk at scale in Cloud first world and was the CISO of a global Cloud First Tech company in his last role. Ashish is also a Keynote speaker and host of the wildly popular Cloud Security Podcast, a SANS Trainer for Cloud Security and an outspoken opinion leader on all things Cloud Security & DevSecOps. He is a frequent contributor on topics related to public cloud transformation, Cloud Security, DevSecOps, Security Leadership, Future Tech and the associated security challenges for practitioners and CISOs.