06-12, 09:20–09:40 (US/Pacific), Salon B
Scott (Piper)’s AWS Security Maturity Roadmap is the definitive resource for cloud-native companies to build a security program and posture in AWS. It does an amazing job at providing broadly applicable guidance along the maturity curve. However, for many fwd:cloudsec attendees, the roadmap ends too soon.
In my experience there is a set of technical capabilities and controls that companies should consider once they’ve “shipped the roadmap." In this talk, I’ll take you on a rapid fire tour beyond Scott's paved road, focusing on the problems you’ll encounter scaling a cloud security program. A key framework will be “build versus buy,” and the talk will be opinionated about where cloud security teams can fall into the trap of undifferentiated work.
The goal is to walk away with a clear view of the possibilities at the leading edge of cloud security, risk-informed guidance on priorities, and a crucial new reference for writing cloud security roadmaps.
Rami works on Infrastructure and Cloud Security at Figma. He previously worked as a security consultant and helped scale security for a health-tech unicorn, and infrequently writes about security on tldrsec.com.