fwd:cloudsec 2023

Aaron Zollman

Aaron is one of the organizers of fwd:cloudsec and currently serves as Board President. In his day job, he is CISO & VP of Platform Engineering for Cedar, a health-tech financial platform based in New York City. He's been building on top of AWS since 2010, but dates his time in security to his first vuln - in Novell - in 1995.

  • Welcome
Alon Girmonsky

A repeat entrepreneur and an open-source enthusiast with a relentless passion for building dev-tools. Ex Founder and CEO of BlazeMeter, the performance and load testing company that was acquired by CA technologies in 2017, and now the co-creator of Kubeshark, the API traffic Analyzer for Kubernetes.

  • Swimming with the Sharks. IR Kubed.
Amitai Cohen

Amitai is a Threat Researcher at Wiz (a cloud security company), where he investigates cloud threats and works to advance research and detection methodology. His background is in cyber threat intelligence analysis and writing, and he enjoys learning new things about science and technology, making diagrams to help him better understand these things, contemplating the philosophy of science (and cyber), reading science fiction and fantasy (or diving into wiki rabbit holes), and marveling at gadgets.

  • The Good, the Bad, and the Vulnerable: A comprehensive overview of vulnerabilities in cloud environments
Andre Rall

Andre Rall: A Dedicated Cloud Security Professional

Rapid7: Beginning the Journey as a Security Sales Engineer

Andre's career started at Rapid7, a leading provider of security solutions. In his role as a Security Sales Engineer, he facilitated technical conversations with customers and prospects for the company's flagship products. This experience helped him develop a strong foundation in security concepts and customer relations, preparing him for the challenges ahead.

Rackspace: Building Expertise in Security and Operations

After Rapid7, Andre joined Rackspace, a managed cloud computing company, where he spent seven years overseeing various security and operations teams. During this time, he cultivated a deep understanding of network security and the importance of robust, proactive measures to safeguard sensitive data, working with products from Cisco, Duo Security (now part of Cisco), RSA, Alert Logic, and Imperva.

Amazon Web Services: Addressing Account Takeover Challenges

After Rackspace, Andre joined Amazon Web Services (AWS) and dedicated the majority of his time there to the Fraud Prevention organization. He was responsible for overseeing the account takeover division, focusing on detecting and mitigating threat actors aiming to compromise legitimate AWS accounts. His steadfast commitment to protecting AWS customers' data and resources contributed to the company's success in this area.

Uptycs: Advancing Cloud Security Solutions

After five plus years at AWS, Andre joined Uptycs, a leading cloud-native security analytics platform. He now serves as the Director of Cloud Security. In this role, his team identifies cloud security TTPs and researches new cloud security threats, helping customers with their cloud security posture.

Certifications and Commitment to Growth

Holding the AWS Specialty - Security certification, combined with hands-on experience, Andre demonstrates his expertise in the field. He continually strives to learn and adapt, experimenting with different environments to uncover vulnerabilities and strengthen security measures. This dedication to growth helps him stay ahead in the ever-evolving landscape of cloud security.

  • The Unholy Marriage of AWS IAM Roles and Instance Profiles
Andy Nguyen

I am a Senior Information Security Engineer at Google and I work on Cloud Vulnerability Research with a focus on low-level security. I am also a PlayStation hobbyist hacker and have found and exploited dozens of bugs on the PS Vita, PS4 and PS5.

  • gVisor: The Future of Container Security
Asaf Aprozper

Asaf’s work in information security spans well over a decade, primarily focusing on security research, cloud security and external attack surface, malware analysis, threat hunting, and incident response. Today working as the Head of SecOps at Moon Active.

His career in cybersecurity began at the Israeli intelligence agency, and continued in the private sector as a Cyber Analyst in the largest bank in Israel, even before joining AVG as a mobile security researcher. Asaf also gained a wealth of practical experience in the industry as a Security Researcher at Minerva Labs where he perfomed malware analysis and worked as the Head of Research at Reposify for scanning the global internet for publicly exposed assets for companies.

Asaf has previously presented talks at multiple world’s leading information security conferences, including CodeBlue Japan, BSidesCyprus, and arsenal talk at Black Hat USA. As well as published various security research articles, and developed open-source security tools that were published to the community.

  • Unmasking the Subnet: Lookalike IP Ranges in Cloud Environments
Ben Bridts

Ben has been using AWS professionally since 2015 and, as an AWS Technologist at Cloudar, works with businesses ranging from start-ups to enterprises. Being part of a Premier AWS Consulting Partner, he provides architectural and operational support and shares his experiences along the way. He is also an AWS Authorized Instructor and gives AWS Classroom Training at The Campus.

He has a broad interest in serverless, automation and enabling builders. Currently, he counts CloudFormation, Lambda, and KMS among his favorite services. Still, he has a soft spot for everything related to operational tasks, like Systems Manager.

Sometimes Ben likes to use AWS APIs in non-standard ways. Previously he did that to turn public S3 Buckets in AWS Account IDs.

  • From ‘huh?’ to privilege escalation: finding vulnerabilities from a bug in the AWS console
Brandon Sherman 👾

Brandon has been working in cloud security for long enough, he remembers when it was possible to know all the services AWS had (it did require counting on his fingers and toes). Currently, he is on the Security team at Temporal Technologies, Inc. where he is securing a system which strives to be as reliable as running water. Previously, Brandon did cloud mischief at Twilio and Intuit.

Brandon has a habit of jamming emojis into any text field he can find because it passes for an admittedly strange form of "fun". When not laying hands to keyboards, you can probably find him geeking out about — and working on — cars. After an altercation with himself, he is part mechazombie. While waiting for the future, you can find him teaching anyone who will listen they can be a "security person" too.

  • The Ground Shifts Underneath Us
Casey Knerr

Casey Knerr is a cybersecurity engineer at MITRE and a member of the MITRE ATT&CK for Enterprise team, where she provides cloud expertise updating the ATT&CK knowledge base with novel defensive ideas and adversary techniques. Prior to joining MITRE, she worked as a penetration tester and completed a BSFS in Science, Technology, and International Affairs at Georgetown University and an MSc in Computer Science at the University of Oxford. Her specialties and interests include web development, web and cloud security, and international cyber policy. In her spare time, she can often be found flying stunt kites or playing Dungeons & Dragons.

  • MITRE ATT&CK® for Cloud: Challenges and Opportunities
Christopher Webber

Christopher Webber is an experienced Director of Engineering with a strong background in cloud computing, particularly with AWS. As the Director of Engineering for Product and IT Operations at Open Raven, he oversees the company's cloud infrastructure including its numerous Kubernetes clusters. Previously, Christopher managed SRE teams at Tenable and has worked with cloud platforms at Chef, Demand Media, and UC Riverside. He was also an early participant in the DevOps movement and has a deep understanding of management practices in technology organizations. In addition to his professional work, Christopher is a devoted family man and an active member of Rotary, participating in various community events, including providing music as DJ Dad at his children's events.

  • Tales From the Sewer: A plumber’s view of building a data security platform
Damien Burks

Damien Burks (he/him) is an accomplished cybersecurity expert and software developer based in the Dallas-Fort Worth (DFW) Metroplex. With an analytical mind and a talent for problem-solving, he is an established leader in Cloud Security and DevOps. He has held various roles in his career, with the most recent being Cloud Security Engineer - VP at Citi. At Citi, he designed and built CLI tools to enhance custom security frameworks within AWS. In addition, he has designed and built a CLI tool using boto3 libraries to improve the user experience of the custom security framework, formally known as the Cloud Containment Automation Framework.

Damien maintains DataCop and AWSome-Honey-Pot as an open-source developer while contributing to Open Policy Agent (OPA) and Python Fire. As an AWS Community Builder, he also creates and publishes cloud security content such as articles, YouTube videos, and blog posts. In addition to community contributions, he has spoken at several conferences throughout his career, which include DevOpsDays Dallas, BSides DFW, and FS-ISAC FinCyber Today.

Excelling in his studies and professional training, Damien holds a Master of Science in Cybersecurity Technology from the University of Maryland Global Campus (UMGC). In addition, he has several licenses and certifications across multiple cloud service providers such as AWS and GCP. When not working, or studying, Damien is a mentor to BIPOC LGBTQ+ tech professionals who wish to break into the tech industry. His hobbies include playing video games, attending local car meets within the DFW Metroplex, and spending time with his partner, and their two cats.

  • How Citi advanced their containment capabilities through automation
Daniel Heinsen

Daniel Heinsen is a red team operator, offensive tools developer, and security researcher at SpecterOps. Prior to working at SpecterOps, Daniel spent over 10 years within the U.S. Department of Defense as a software developer and capabilities specialist. Daniel has experience in offensive tool development, Windows internals, and web application exploitation. Since joining SpecterOps, Daniel has directed his research focus to novel initial access vectors and AWS. He maintains several projects at https://github.com/hotnops and posts to his blog at https://medium.com/@hotnops.

  • I Trusted You: A Demonstrated Abuse of Cloud Kerberos Trust
David White

David is a cloud security engineer who enjoys writing code, solving problems and leaving environments more secure than he found them.

When not working or tinkering, David can be found going on road-trips and visiting new places.

  • Success Criteria for your CSPM
Dawn Cooper

Dawn likes to tinker with cloud infrastructure and security, and regularly goes down rabbit holes in a futile search for ways to develop systems that are both reliable and impenetrable. As well as accidental accessibility advocacy, Dawn can regularly be found sharing knowledge within the Melbourne cloud infrastructure and DevOps communities.

Outside work, Dawn is an occasional author, kitchen alchemist, and raging sportsball fan.

  • Stop the Bulldozers: Hardening the AWS CDK deployment process
Day Johnson

Day is a Security Engineer at Datadog where he researches and develops various detections that protect Datadog’s Customers from Cloud Threats. In his free time Day creates Cybersecurity content on his youtube channel (Day Cyberwox) where he provides technical and career resources. His passion for the Cybersecurity industry makes him enjoy what he does to the fullest and drives him to continue to grow, become better at what he does, and help others break into the field.

  • Google Cloud Threat Detection: A Study in Google Cloud
Elad Shamir

Elad is a cybersecurity professional primarily focused on security research and delivering offensive security services. His global career has spanned from Israel to Australia, and now finds him in the United States, where he is a member of the renowned SpecterOps team.

Elad excels in identifying security flaws in complex systems and weaponizing intended functionality for offensive capabilities, with particular prowess in Windows and Active Directory environments. Throughout his journey, Elad has remained committed to learning, refining, and sharing his knowledge and expertise to better secure organizations in an ever-evolving cyber threat landscape.

  • I Trusted You: A Demonstrated Abuse of Cloud Kerberos Trust
Elvis Veliz

Elvis is a passionate and dedicated leader in the field of cyber security and Cloud. He has been working with Citibank for the past 10+ years and has held multiple roles in cybersecurity. Due to his extensive expertise and due diligence in the field, he currently leads a multi-disciplinary team of teams as the Global Head of Cloud Security Operations.

Elvis is adept at driving cybersecurity services and solutions that enable Citi to securely adopt private, hybrid, and public cloud platforms. His most notable achievements as the Global Head of Cloud Security Operations include establishing robust cross-functional partnerships with teams building NexGen Cloud applications. Elvis is a natural team player who has helped teams embed and operate security controls across the Identify, Protect, Detect, and Recover cybersecurity pillars.

Elvis' drive for being a skilled Cloud security professional has prompted him to acquire dozens of industry certifications across various cloud providers and technologies. Prior to his role as Global Head of Cloud Security Operations, Elvis worked at Citi for 7+ years in Cyber Security offensive capabilities. Starting off as a penetration tester, he helped build and eventually led the Citi Red Team, an advanced penetration testing team in charge of assessing the enterprise's security posture (people, processes, and technology) through adversary emulation.

Elvis excelled in his studies at Florida International University (FIU) where he earned a Master of Science degree in Management Information Systems (MIS) and a Bachelor of Science in Computer Science from Florida International University.

  • How Citi advanced their containment capabilities through automation
George Tang


  • IYKYK: Negotiating the Scope of Security Audits (Even if You DREAD Compliance)
Hillai Ben-Sasson

Hillai Ben-Sasson is a security researcher based in Israel. As part of the Wiz Research Team, Hillai specializes in research and exploitation of web applications, application security, and finding vulnerabilities in complex high-level systems.

  • Scanning the internet for external cloud exposures
Igal Gofman

Igal Gofman is Director of Security Research at Ermetic. Igal has a proven track record in vulnerability research, cloud security, network security and threat intelligence. His research interests include operating systems, cloud security, and Active Directory. Prior to Ermetic, Igal held roles at Microsoft, XM-Cyber, and Check Point Software Technologies. Igal’s extensive experience in security has led him to speak at conferences like Black Hat and DEFCON.

  • Threat intelligence in the age of cloud
Jarom Brown

Jarom is a Sr Lead Security Engineer working on the Bug Bounty/Responsible Disclosure team at Capital One. His previous role was as a software engineer solving problems in the Threat Intel space. He got his start as a full-stack software engineer. While not working he enjoys doing CTFs, bug bounty, tinkering, working out, and relaxing with his family.

  • AWS Presigned URLs: The Good, The Bad, and The Ugly
Jasmine Henry

Jasmine is an inadvertent career specialist in security data, data security, and privacy for cloud-native startups. She is the current Senior Director of Data Security and Privacy at JupiterOne and a former Security Director at other high-tech startups. As a permanent student, Jasmine is finishing her PhD in Computer & Information Science with a focus on Information Quality at University of Arkansas, Little Rock. She loves Furiosa, WNBA, and her black rescue cat Nandor.

  • IYKYK: Negotiating the Scope of Security Audits (Even if You DREAD Compliance)
  • What Could Go Wrong? DEI-informed Perspectives on Threat Modeling in the Age of Terrifying Feature Requests
Jason Nelson

Jason Nelson is an executive leader in Financial Services industry.

He spent his 20+ year career practicing information security as a penetration tester, security architect, management, consulting advisor, and many other roles unnamed performed around the world. He has had a passion for information security in many forms which continues to evolve with each year. In the few hours away from information security Jason likes travel with his family to places warmer than Chicago.

  • Helping developers drink from a champagne flute and not a firehose when it comes to cloud security
Jeffrey Zhang


  • Operationalizing GCP’s Asset Inventory for Cloud Enlightenment
Jesse Griggs

Jesse Griggs is a Cyber Operations Lead at The MITRE Corporation and a member of the MITRE ATT&CK for Enterprise team focusing on improving the ATT&CK for Cloud knowledge base. He supports various projects providing threat hunting expertise on systems ranging from offline to cloud. Outside the lab, he likes to spend his time sailing or playing board games, though typically not at the same time.

  • MITRE ATT&CK® for Cloud: Challenges and Opportunities
John Burgess

John Burgess is a cloud security engineer at Stripe, where he builds centralized security controls to maintain strong security invariants in an environment with high developer velocity. Before joining Stripe in 2021, John worked on Alexa infrastructure at Amazon. In his free time, he makes complex origami and stares wistfully out to sea.

  • The Ins and Outs of Building an AWS Data Perimeter
Josh Liburdi

Josh Liburdi is a security engineer and tech lead at Brex who focuses on threat detection, incident response, and distributed systems. He has more than a decade of industry experience and has worked at several diverse organizations, including Splunk, Target, and CrowdStrike. He is also a published author (Bluenomicon from Splunk, Huntpedia from Sqrrl) and is active in the open source security community and has contributed to many projects, including Substation at Brex (creator / lead), Strelka at Target (creator), and the Zeek network analysis framework.

  • Billions Served: Processing Security Event Logs with the AWS Serverless Stack
Josh Snyder

Josh is a software engineer whose specializations include infrastructure automation, databases, and cryptography. His recent work has focused on software supply chain and infrastructure security.

  • Patterns in S3 Data Access: Protecting and enhancing access to data banks, lakes, and bases
Kushagra Sharma

Kushagra is a Senior Platform Security Engineer at Booking.com in the cloud security space. He previously worked with FinTech scale-ups and in the consulting industry architecting and building solutions in a hybrid cloud environment tackling regulated cloud environments with the goal to make security frictionless. A strong believer of a Cloud-First strategy with a Cloud-Native approach.

  • How do you set boundaries? i.e AWS Permissions boundaries in large cloud environments
Lior Zatlavi

Lior Zatlavi has over 15 years of experience in cyber security, having spent most of that time working as a security architect, product manager and developer for the Israeli government. Lior served in an elite cyber security unit of the IDF (retired Major) after which he worked in a cyber security division of Israel’s Prime Minister’s Office.
After leaving the public sector, Lior worked as an independent consultant specializing in Cloud security and identity management.
Lior holds a B.Sc in Applied Mathematics from Bar Ilan university (Cum Laude) and an M.Sc in Electrical Engineering from Tel Aviv university.

  • IMDS: The Gatekeeper to Your Cloud Castles (And How to Keep the Dragons Out)
Liv Matan

Liv Matan is a cloud security researcher at Ermetic, where he specializes in application and web security. He previously served in the 8200 Intelligence Corps unit as a software developer. As a bug bounty hunter, Liv has found several vulnerabilities in popular software platforms, such as Azure web services, Facebook and Gitlab.
In his free time, Liv boxes, lifts and plays Capture the Flag (CTF).
Liv studied computer science at the Weizmann Institute of Science, in Israel.

  • IMDS: The Gatekeeper to Your Cloud Castles (And How to Keep the Dragons Out)
Matthew Keogh

Matt is a Security Consultant at WithSecure with a keen focus on all things cloud. He has several years’ experience building and securing enterprise applications at scale. Prior to joining the security industry Matt worked in systems operation assisting organizations to move large applications from on premise into the cloud.

Outside of work Matt likes to travel and go on long walks with his dog Max.

  • Passing The Security Burden – How To See The Unforeseen
Merav Bar

Merav is a threat analyst in the Wiz Threat Research team. Merav specializes in vulnerability analysis, threat intelligence, researching emerging threats, and creating proactive detections to stop and prevent new security risks. She's also pursuing a degree in History.

  • The Good, the Bad, and the Vulnerable: A comprehensive overview of vulnerabilities in cloud environments
Mike Grima

My name is Mike Grima. I'm a Staff Cloud Security Engineer at Gemini. Prior to Gemini, I was a Senior Cloud Security Engineer at Netflix for several years. Cloud Security is a topic that I am very passionate about, and I love building open source tools to help solve very large scale security issues in the cloud.

  • Rolling out AWS Infrastructure Everywhere with Space Ships
Nathan Case

Nathan Case is a successful executive and builder, pushing for change in security and the culture surrounding it. Leading strategic initiatives and the creation of new technologies in the healthcare, information technology and cloud industries, focusing on security. A passion for Incident Response, and operational security in all forms. Pushing the bounds of threat detection and response.

  • Swimming with the Sharks. IR Kubed.
Nathan Eades

Experienced engineer in threat detection and threat research, I have an abundance of knowledge gained from years of actively uncovering, constructing, scrutinizing, and validating security measures across leading cloud service providers.

In addition, I have successfully designed and managed well known Security Information and Event Management (SIEM) platforms, effectively implemented data loss prevention initiatives, executed comprehensive risk assessments, and consistently engage in coding endeavors through various personal projects.

I'm dedicated to advancing cloud security and have a commitment to staying at the forefront of industry trends. I am thrilled to share my insights and experiences with my peers.

  • It's Just a Name, Right?
Nick Frichette

Nick Frichette is a Senior Security Researcher at Datadog, where he specializes in AWS offensive security. He is known for finding multiple zero-day vulnerabilities in AWS services and regularly publishing on new attack techniques. In addition to his research, Nick is the creator and primary contributor to Hacking the Cloud, an open source encyclopedia of offensive security capabilities for cloud environments. He is also a part of the AWS Community Builder Program, where he develops content on AWS security.

  • Evading Logging in the Cloud: Disrupting and Bypassing AWS CloudTrail
Nir Ohfeld

Nir Ohfeld is a 25-years-old senior security researcher at Wiz. Ohfeld focuses on cloud-related security research and specializes in research and exploitation of cloud service providers, web applications, application security, and in finding vulnerabilities in complex high-level systems. Ohfeld and his colleagues disclosed some of the most notable cloud vulnerabilities, including ChaosDB and OMIGOD.

  • Scanning the internet for external cloud exposures
Noam Dahan

Noam Dahan is a Senior Security Researcher at Ermetic with several years of experience in embedded security. He is a graduate of the Talpiot program at the Israel Defense Forces and spent several years in the 8200 Intelligence Corps. Noam was also a competitive debater and a World Debating Champion.

  • Threat intelligence in the age of cloud
  • A Year of NO: building organizational IAM guardrail policies that work
Rami McCarthy

Rami works on Infrastructure and Cloud Security at Figma. He previously worked as a security consultant and helped scale security for a health-tech unicorn, and infrequently writes about security on tldrsec.com.

  • Beyond the AWS Security Maturity Roadmap
Randy Heins

Randy Heins is a cyber security engineer at Nuro focused on detection and prevention of advanced threat activity. He enjoys making novel detection systems work at scale to answer difficult questions.

  • Operationalizing GCP’s Asset Inventory for Cloud Enlightenment
Renee Beckloff

Having been one of the first women to explore and make a career of the industry called "cybersecurity" , Renee has witnessed the evolution of diversity within the field. Renee has worked for such notable companies as VeriSign, Qualys, CrowdStrike, Cylance and now JupiterOne. During the Pandemic, Renee took a break to focus on academia and her work in how Gender and Religion impact Cyberwarfare and Threat Intel.

  • What Could Go Wrong? DEI-informed Perspectives on Threat Modeling in the Age of Terrifying Feature Requests
Rich Mogull

Cloud security miscreant for far too long. But officially...

Rich is the SVP of Cloud Security at FireMon where he focuses on leading-edge cloud security research and implementation. Rich joined FireMon through the acquisition of DisruptOps, a cloud security automation platform based on his research while as CEO of Securosis. He has over 25 years of security experience and currently specializes in cloud security and DevSecOps, having starting working hands-on in cloud over 10 years ago. He is also the principle course designer of the Cloud Security Alliance training class, primary author of the latest version of the CSA Security Guidance, and actively works on developing hands-on cloud security techniques. Prior to founding Securosis and DisruptOps, Rich was a Research Vice President at Gartner on the security team. Prior to his seven years at Gartner, Rich worked as an independent consultant, web application developer, software development manager at the University of Colorado, and systems and network administrator.

Rich is the Security Editor of TidBITS and a frequent contributor to industry publications. He is a frequent industry speaker at events including the RSA Security Conference, Black Hat, and DefCon, and has spoken on every continent except Antarctica (where he's happy to speak for free -- assuming travel is covered).Rich Mogull, Analyst & CEO

  • Incident Response Game Day Challenge
Rodrigo Montoro

Rodrigo Montoro has more than 22 years of experience in Information Technology and Computer Security. Most of his career worked with open source security software (firewalls, IDS, IPS, HIDS, log management, endpoint monitoring), incident detection & response, and Cloud Security. Currently, he is Head of Threat & Detection Research at Clavis Security. Before that, he worked as Cloud Researcher at Tenchi Security, Head of Research and Development at Apura Cyber Intelligence, SOC/Researcher at Tempest Security, Senior Security Administrator at Sucuri, Researcher at Spiderlabs. Author of 2 patented technologies involving innovation in the detection field. One is related to discovering malicious digital documents. The second one is in how to analyze malicious HTTP traffic. Rodrigo has spoken at several opensource and security conferences (Defcon Cloud Village, OWASP AppSec, SANS (DFIR, SIEM Summit & CloudSecNext), Toorcon (USA), H2HC (São Paulo and Mexico), SecTor (Canada), CNASI, SOURCE, ZonCon (Amazon Internal Conference), Blackhat Brazil, BSides (Las Vegas e SP)).

  • AWS Identity Center - Extending Cloudsplaining to score Users & Permission sets risks
Rojan Rijal

Rojan Rijal is a security researcher at Tinder Security Labs. Rojan has seven years of experience identifying vulnerabilities in open source, SaaS products and cloud environments. Rojan has been recognized for finding impactful vulnerabilities in private organizations such as Netflix, Zoom, Google, and GitHub and public organizations like the United State Air Force and the United Kingdom’s Ministry of Defence. Rojan has presented his research at conferences like BSides San Francisco, Recon Village at Defcon 30 and more.

  • Vulnerabilities and Misconfigurations in GitHub Actions
Scott Piper

Scott has been one of the organizers for fwd:cloudsec since its founding and is an admin for the Cloud Security Forum Slack.

  • fwd:cloudsec State of the Union
Scott Weston

Scott Weston is a remote Senior Security Consultant at NetSPI based out of San Diego, CA. He has 2-3 years of experience in information security/pentesting with his involvement including general web applications, GraphQL, and cloud environments (specifically AWS). He has contributed to the open-source AWS pentesting tool, Pacu, by adding an enumeration module for AWS Organizations. He also created a large AWS deck designed for beginners to present to his local San Diego Defcon group located here. He has participated in some bug bounties/VDPs and is mentioned on the International Committee of the Red Cross (ICRC) hall of fame. In his spare time, he enjoys pursuing individual bug bounties and interesting avenues of pentesting.

  • Pivoting Clouds in AWS Organizations
Seth Art

Seth Art is a Principal Security Consultant and the Cloud Penetration Testing Lead at Bishop Fox. Before becoming captivated by Cloud Security and Kubernetes, Seth hacked on web applications, mobile applications, wireless networks, internal corporate networks, and even got paid to legally break into a few buildings.

Seth is the author of multiple open-source projects including CloudFox, IAM Vulnerable, Bad Pods, celeryStalk, Nodejs-SSRF-App, and PyCodeInjection. He has presented at security conferences including DerbyCon and BSidesDC, published multiple CVEs, and is the founder of IthacaSec, a security meetup in upstate NY.

  • CloudFox + CloudFoxable: A Powerful Duo for Mastering the Art of Identifying and Exploiting AWS Attack Paths
Tyson Garrett

For over 12 years Tyson has been securing cloud environments either his own at a Packetloop (the first big data security analytics company that was 100% cloud based), or for customers where whilst at AWS where he worked with multiple service teams on helping define the AWS Security Foundational Best Practices standard and the AWS config conformance packs in addition to other control guidance many AWS customers rely on. Now at TrustOnCloud, as well as being CTO, Tyson leads the Azure practice in researching threats and controls for Azure services.

  • Helping developers drink from a champagne flute and not a firehose when it comes to cloud security
Will Bengtson

Will Bengtson is the Head of Security Engineering at HashiCorp focused on security engineering, operations, and tooling. Prior to HashiCorp, Bengtson has a background in security and has worked at many large tech companies, such as Netflix, solving security problems at scale. In his spare time, Bengtson enjoys research, bourbon, and traveling.

  • Incident Response Game Day Challenge