Introduction
Move to the cloud is on the rise, but the observed cloud adoption patterns indicate that in this transformation, security has been trailing behind more often than not. While starting the security of a new cloud environment, it is essential to be able to quickly grasp the current state, identify risks, and chart out an action plan to address security.
This video has been presented by Rami McCarthy. Rami is a security professional and has conducted a number of security assessments in his career. He holds certifications like CCSK and AWS Certified Security - Speciality. He has been a core contributor to ScoutSuite and sadcloud.
This video is part of the tech talks presented at Cloud Village. Cloud Village is an open space dedicated for people interested in cloud security and conducts various activities like talks, workshops, CTFs, and discussions around cloud.
What to expect from this video
Following topics have been covered in this video:
- Cloud Adoption Patterns
- Cloud Architecture
- Principles of Orienteering
- Corporate Archeology
- Hierarchy of discovery
- Discovering your environments, workloads, and resources
- Prioritizing what’s important in the cloud
- Prioritization of misconfigurations
- Blanket AWS hardening recommendations
- What does fixing things look like
Link of the Video
https://www.youtube.com/watch?v=l9R-T6PpIX8
Key Takeaways
Cloud adoption has been on the rise, but since cloud is still fairly new, one may often find themselves in environments that may not be very well architected and security may be trailing far behind. In such a situation it is essential to be able to find your way around the cloud environment quickly and figure out the next steps towards identifying and addressing the security gaps.
This video introduces you to cloud security orienteering and presents a methodology that can help one rapidly orient to the new cloud environment when tasked with its security. Cloud adoption patterns clearly indicate that in this race to move to cloud, security trails behind. In this video, the presenter explains the principles that can be followed to get a cloud environment from its current state to a target secure state using examples from AWS, though the principles are applicable to almost any cloud environment.
Riyaz Walikar
Founder & Chief of R&D
Riyaz is the founder and Chief of R&D at Kloudle, where he hunts for cloud misconfigurations so developers don’t have to. With over 15 years of experience breaking into systems, he’s led offensive security at PwC and product security across APAC for Citrix. Riyaz created the Kubernetes security testing methodology at Appsecco, blending frameworks like MITRE ATT&CK, OWASP, and PTES. He’s passionate about teaching people how to hack—and how to stay secure.
Riyaz Walikar
Founder & Chief of R&D
Riyaz is the founder and Chief of R&D at Kloudle, where he hunts for cloud misconfigurations so developers don’t have to. With over 15 years of experience breaking into systems, he’s led offensive security at PwC and product security across APAC for Citrix. Riyaz created the Kubernetes security testing methodology at Appsecco, blending frameworks like MITRE ATT&CK, OWASP, and PTES. He’s passionate about teaching people how to hack—and how to stay secure.