Sherman
Roei Sherman, Field CTO at Mitiga, is a seasoned expert in Cloud Incident Response and adversarial cybersecurity. His career, spanning over ten years in cybersecurity roles, showcases a specialization in Red Team operations. Roei's approach is marked by an adversarial mindset and guerrilla tactics, aiming for a proactive defense in a variety of security engagements that encompass training, lectures, and consulting. His expertise is rooted in a distinguished background, including roles in a Field Intelligence unit of the IDF, where he continues to serve in the Reserve. Roei has also played key roles at AB InBev as Global Director of Offensive Services and led significant projects as an information security consultant and Red Team leader for EY Israel. His technical breadth covers a wide range of areas including Red Team engagements, social engineering, physical security, and incident response across diverse platforms. Roei's academic foundation enhances his professional endeavors, holding a B.A. degree in Business Administration with a major in Cyber Security and an M.A. in Criminology. Beyond his primary role, he contributes as a co-organizer of BSidesTLV and serves on the CFP team for Diana's Initiative, demonstrating his commitment to advancing the cybersecurity community.
Session
In this talk, we delve into the evolving landscape of cybersecurity threats in cloud environments, showcasing how adversaries are shifting tactics from traditional breaches to sophisticated cloud-specific attacks. No longer merely "breaking in," attackers are now "logging in," leveraging the cloud's unique vulnerabilities and features to their advantage. We explore the sophisticated tools and strategies these adversaries employ, from exploiting misconfigurations and weak access management to manipulating cloud-native functionalities. This presentation highlights the critical shift in attacker techniques and the imperative for defenders to adopt cloud-native security strategies. Through real-world case studies and analysis of successful breaches, attendees will gain invaluable insights into the attackers' mindset and the evolving attack vectors effective in cloud scenarios. This talk aims to equip cybersecurity professionals with the knowledge to anticipate, identify, and defend against these advanced tactics, promoting a proactive and resilient defense posture against the ever-changing threat landscape in cloud environments.