BSides Boston - AWS Security: Easy Wins and Enterprise Scale
Event date 26 September 2020
Cloud computing continues its rampant growth, and AWS maintains its lead as the predominant platform. Since the last BSidesBoston in 2017, AWS adoption has gone from 57% to 76% of enterprises (Per RigthScale/Flexera State of the Cloud 2017/2020). Whether your organization has two feet firmly in the cloud, is dipping a toe in the water, or you personally are wondering "where do I even start," it's important to learn to adjust security to cloud environments.
This talk will look at two ends of the spectrum. First, we'll go through the easy wins that almost any one or any organization can identify and apply. Then, we'll pivot to look as the the big picture security problems to consider as either your security maturity or AWS usage grows. We won't be able to go deep into all the weeds of the topic, but instead we'll provide the essential information, and pointers for next steps. No matter the size, complexity, or sophistication of your AWS environment, you should walk away with an idea of where to look for your next actionable improvements.
Rami McCarthy is a Senior Security Consultant with NCC Group, joining with the acquisition of VSR in 2016. He's spent the past three years performing security assessments of all kinds. In addition to client work, Rami created `sadcloud` - a tool for terraform-ing purposefully insecure AWS infrastructure, is a contributor to ScoutSuite, and has authored a variety of research. Rami has a BS in CS from Northeastern University, with a concentration in cyber operations and is currently pursuing an MS from Brandeis University.