SEC510: Multicloud Security Assessment and Defense | SANS@MIC Talk
SEC510 provides cloud security practitioners, analysts, and researchers an in-depth understanding of the inner workings of cloud Platform-as-a-Service (PaaS) offerings from Amazon Web Services, Microsoft Azure, and the Google Cloud Platform. Through this, students will understand the philosophies that undergird each provider and how these have influenced their services. By contrasting these offerings, we can, for example, avoid applying AWS concepts to Azure and GCP where they are not appropriate.
Students will leave the course confident that they know everything they need to consider when adopting PaaS offerings in each cloud. Instead of merely citing best practices from each providers documentation, we will validate that these recommendations work first-hand in the lab activities. Using the infrastructure-as-code templates included with the courseware, students will launch unhardened services, analyze the security configuration, validate that they are insufficiently secure, deploy security patches, and confirm the service is secure. The hands-on exercises will reveal undocumented or incorrectly documented details about the service internals that researchers around the world have uncovered in their research.
The Big 3 providers alone provide more services than any one company can consume. As security professionals, it can be tempting to limit what the developers use to the tried and true solutions of yesteryear. For better or worse, this approach will inevitably fail as the product development organization sidelines a security organization that is unwilling to change. Functionality drives adoption, not security, and if a team discovers a service offering that can help them get their product to market quicker than the competition, they can and should use it. SEC510 gives you the ability to give relevant and modern guidance to these teams and enable them to move quickly and safely by providing guardrails.
Speaker Bios:
Eric Johnson is a Co-founder and Principal Security Engineer at Puma Security and a Senior Instructor with the SANS Institute. His experience includes cloud security assessments, cloud infrastructure automation, static source code analysis, web and mobile application penetration testing, secure development lifecycle consulting, and secure code review assessments. Eric is the lead author and an instructor for SEC540: Cloud Security and DevOps Automation, a co-author and instructor for both the brand new SEC510: Multicloud Security Assessment and Defense, and the upcoming SEC584: Defending Cloud Native Infrastructure. Additionally, Eric is a SANS Security Awareness Developer Training Advisory Board Member and SANS Analyst for Application Security and DevSecOps Surveys.
To learn more about Eric, read his full bio here: https://www.sans.org/profiles/eric-johnson/
Brandon Evans is a Senior Application Security Engineer at Asurion, where he provides security services for thousands of his coworkers in product development across several global sites responsible for hundreds of web applications. As an application developer for most of his professional career, he moved into security full-time largely because of his many formal trainings through SANS. Brandon is lead author for the new SEC510: Multicloud Security Assessment and Defense and a contributor and instructor for SEC540: Cloud Security and DevOps Automation. Throughout his security journey, Brandon has earned five GIAC certifications - GSEC, GSSP-JAVA, GWAPT, GPEN, and most recently, the GCSA. He holds a Bachelor's Degree in Computer Science from Binghamton University, where in his senior year, Brandon won the “Best Use of the SendGrid API” at the HackBU Hackathon. Additionally, he has won four Security Innovation Capture the Flag events, also placing second at their CTF at DEF CON 27, and in 2017 Brandon won the Asurion Hackathon for making an Alexa skill for cellphone support. Brandon taught the first ever cohort at the Vanderbilt University Web Development Coding Bootcamp in 2019, and he’s a contributor to the OWASP Serverless Top 10 Project.
To learn more about Brandon, read his full bio here: https://www.sans.org/profiles/brandon-evans/
About SANS:
SANS is the most trusted and by far the largest source for information security training and security certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - the Internet Storm Center.
Видео SEC510: Multicloud Security Assessment and Defense | SANS@MIC Talk канала SANS Institute
Students will leave the course confident that they know everything they need to consider when adopting PaaS offerings in each cloud. Instead of merely citing best practices from each providers documentation, we will validate that these recommendations work first-hand in the lab activities. Using the infrastructure-as-code templates included with the courseware, students will launch unhardened services, analyze the security configuration, validate that they are insufficiently secure, deploy security patches, and confirm the service is secure. The hands-on exercises will reveal undocumented or incorrectly documented details about the service internals that researchers around the world have uncovered in their research.
The Big 3 providers alone provide more services than any one company can consume. As security professionals, it can be tempting to limit what the developers use to the tried and true solutions of yesteryear. For better or worse, this approach will inevitably fail as the product development organization sidelines a security organization that is unwilling to change. Functionality drives adoption, not security, and if a team discovers a service offering that can help them get their product to market quicker than the competition, they can and should use it. SEC510 gives you the ability to give relevant and modern guidance to these teams and enable them to move quickly and safely by providing guardrails.
Speaker Bios:
Eric Johnson is a Co-founder and Principal Security Engineer at Puma Security and a Senior Instructor with the SANS Institute. His experience includes cloud security assessments, cloud infrastructure automation, static source code analysis, web and mobile application penetration testing, secure development lifecycle consulting, and secure code review assessments. Eric is the lead author and an instructor for SEC540: Cloud Security and DevOps Automation, a co-author and instructor for both the brand new SEC510: Multicloud Security Assessment and Defense, and the upcoming SEC584: Defending Cloud Native Infrastructure. Additionally, Eric is a SANS Security Awareness Developer Training Advisory Board Member and SANS Analyst for Application Security and DevSecOps Surveys.
To learn more about Eric, read his full bio here: https://www.sans.org/profiles/eric-johnson/
Brandon Evans is a Senior Application Security Engineer at Asurion, where he provides security services for thousands of his coworkers in product development across several global sites responsible for hundreds of web applications. As an application developer for most of his professional career, he moved into security full-time largely because of his many formal trainings through SANS. Brandon is lead author for the new SEC510: Multicloud Security Assessment and Defense and a contributor and instructor for SEC540: Cloud Security and DevOps Automation. Throughout his security journey, Brandon has earned five GIAC certifications - GSEC, GSSP-JAVA, GWAPT, GPEN, and most recently, the GCSA. He holds a Bachelor's Degree in Computer Science from Binghamton University, where in his senior year, Brandon won the “Best Use of the SendGrid API” at the HackBU Hackathon. Additionally, he has won four Security Innovation Capture the Flag events, also placing second at their CTF at DEF CON 27, and in 2017 Brandon won the Asurion Hackathon for making an Alexa skill for cellphone support. Brandon taught the first ever cohort at the Vanderbilt University Web Development Coding Bootcamp in 2019, and he’s a contributor to the OWASP Serverless Top 10 Project.
To learn more about Brandon, read his full bio here: https://www.sans.org/profiles/brandon-evans/
About SANS:
SANS is the most trusted and by far the largest source for information security training and security certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - the Internet Storm Center.
Видео SEC510: Multicloud Security Assessment and Defense | SANS@MIC Talk канала SANS Institute
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
SANS Webcast - Zero Trust Architecture
A Cloud Security Architecture Workshop
Moving Past Just Googling It: Harvesting and Using OSINT | SANS@MIC Talk
Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework
Ransomware Management and Recovery Tactics
SANS DFIR Webcast - Memory Forensics for Incident Response
Kaseya Ransomware Reaction - Lessons Learned
Application Security - Understanding, Exploiting and Defending against Top Web Vulnerabilities
Taking a GIAC exam - SANS Foundations in Cybersecurity
Enterprise Journey to Multicloud Security
Applied Data Science and Machine Learning for Cybersecurity - SANS Tactical Detection Summit 2018
SANS Training So, So, So Expensive
End-to-end OpenSCAP for automated compliance
Application Security 101: Full Workshop
Threat Hunting via DNS | SANS@MIC Talk
9. Securing Web Applications
Ship of Fools: Shoring Up Kubernetes Security - SANS Secure DevOps Summit 2018
Threat Hunting via Sysmon - SANS Blue Team Summit
SANS Webcast - Consuming OSINT: Watching You Eat, Drink, and Sleep