2026-06-02 –, Room 2
A security researcher submits a report. It looks small -maybe even trivial. But in cloud environments, what starts as a whisper can become a roar that echoes across infrastructure you didn't know was connected.
This talk reveals what happens behind the scenes when vulnerability reports reach cloud providers at scale. What makes cloud vulnerabilities unique when distributed architectures are in play? How do you prioritize remediation when you're working backwards from customer impact across services you don't directly control?
Through a real-world case study told from both the researcher and practitioner perspective, you'll see the crucial trade-offs no one talks about publicly, and a series of challenges that textbook CVD was not designed to handle.
And the challenge is growing. AI is accelerating the velocity of vulnerability discovery, and the traditional vulnerability disclosure program (VDP) model was not built for it. This talk introduces three principles for modern VDP: a framework for building programs that don't just survive scale, but use it as a force multiplier.
Whether you're finding vulnerabilities or fixing them, you'll leave with practical strategies for navigating today's reality.
Albin leads the global Vulnerability Disclosure Program (VDP) for Amazon Web Services (AWS). He co-authored the inaugural AI security whitepaper, jointly published by AWS and SANS institute. Prior to AWS, Albin led incident response teams across North and South America, defending foreign governments and fortune 100 companies against DDoS campaigns orchestrated by APTs. He holds a Master’s degree in cybersecurity from New York University (NYU).
Ryan is AWS's Senior Security Engineer for the Outreach Team and CoAuthor of AWS Detective. He has previously held a variety of roles including threat research, incident response consulting, and every level of security operations. With almost 2 decades in the infosec field, Ryan has been on the development and operations side of companies such as Postman, Sqrrl, Carbon Black, Crossbeam Systems, SecureWorks and Fidelity Investments. Ryan has been an active speaker and writer on threat hunting and endpoint security.