2025-11-17 –, Westin - Munich
Cloud breaches are fast, noisy, and complex. This talk delivers a practitioner-focused cheatsheet for incident response and forensics in AWS, Azure, and GCP—highlighting where to look, what to collect, and how to act quickly. Whether you're chasing logs in CloudTrail, unpacking GCP service accounts, or containing incidents in Azure, this session gives responders the critical triage knowledge needed to stay ahead of adversaries.
The talk is structured around common response scenarios (e.g., compromised credentials, privilege escalation, lateral movement) and includes:
- The must-have log sources for each cloud (e.g., AWS CloudTrail, Azure Activity Logs, GCP Audit Logs)
- Fast ways to triage access abuse, enumerate affected services, and preserve evidence
- Tips to contain the blast radius, including IAM detonation playbooks and automated snapshots
- Practical scripts, open-source tools, and queries responders can take home and use
- A downloadable one-pager cheatsheet that summarizes key IR/forensics actions per provider
This talk is designed for IR teams, SOC analysts, and cloud security engineers who need fast access to actionable steps when cloud environments come under attack. Additionally, I’ll highlight how IBM X-Force assist during critical cloud incidents, and share cloud-specific best practices recommend for both proactive readiness and real-time response.
X-Force Principal Incident Response Consultant with 7 years of experience in Security Operations, specialising in Incident Response and Threat Intelligence. Extensive experience in the banking sector, having served as an Incident Responder, Detection Engineer, and Manager within a Global SOC. Successfully led and supported initiatives focused on building incident response capabilities, developing threat intelligence platforms, delivering technical training, and strengthening proactive security services. Holds industry-recognised certifications including GCTI, GCFA, and GCFR. Holds a Bachelor’s degree in Security Studies, is currently pursuing a Master’s in Cybersecurity, and is a Chevening Fellow (UK Defence Academy).