https://speakerdeck.com/ramimac 2019-10-19 12:04:54 -0400 Sharing 10 AI experiments and the lessions Builders & Breakers - Stockholm, 03/26/2026 Sharing 10 AI experiments and the lessions Builders & Breakers - Stockholm, 03/26/2026 Thu, 26 Mar 2026 00:00:00 -0400 https://speakerdeck.com/ramimac/move-fast-and-break-things-10-in-20 https://speakerdeck.com/ramimac/move-fast-and-break-things-10-in-20 2025 was the year of Shai-Hulud: a series of attacks leaking massive amounts of victim data onto GitHub, ungraciously scheduled for whenever I was traveling. As a responder, these internet-scale incidents were a real-world lab for evolving AI capabilities. This talk is a raw post-mortem of moving from simple “vibe-coded” scrapers to multi-agent triage engines that parallelize victimology and automate secret-impact analysis. Demos will drive a conversation on what actually worked, where the ground has shifted, and how “lazy” AI will let you down. Walk away with prompts, scripts, skills, and lessons from my scars. 2025 was the year of Shai-Hulud: a series of attacks leaking massive amounts of victim data onto GitHub, ungraciously scheduled for whenever I was traveling. As a responder, these internet-scale incidents were a real-world lab for evolving AI capabilities. This talk is a raw post-mortem of moving from simple “vibe-coded” scrapers to multi-agent triage engines that parallelize victimology and automate secret-impact analysis. Demos will drive a conversation on what actually worked, where the ground has shifted, and how “lazy” AI will let you down. Walk away with prompts, scripts, skills, and lessons from my scars. Wed, 11 Mar 2026 00:00:00 -0400 https://speakerdeck.com/ramimac/zeal-of-the-convert-taming-shai-hulud-with-ai https://speakerdeck.com/ramimac/zeal-of-the-convert-taming-shai-hulud-with-ai Ultralytics. tj-actions. Grafana. GitHub Actions are increasingly targeted by attackers and implicated in industry-impacting incidents. Thankfully, GitHub's public surface offers numerous threat intelligence sources for the discerning defender. This talk covers a comprehensive methodology for investigating and tracking real-world supply chain attacks exploiting GitHub Actions, inspired by our work responding to the aforementioned incidents. It adds a new dimension and set of tools to threat intelligence research. We'll expose the wealth of intelligence available directly from both GitHub and the underlying Git plane. Through concrete demos, we'll show how to effectively pivot on user metadata and behavioral heuristics, uncover attacker forks, and recover deleted gists and commits. We'll also demonstrate how to trace attacker aliases, identify targets of reconnaissance, and unmask attackers and researchers in real-time. Attackers are hiding in the complexity of this ecosystem, but with automation we can peel back the noise, empowering detection and investigation. This approach is practical, repeatable, and relies exclusively on publicly available data, ensuring accessibility for all defenders without the need for private threat intelligence feeds. Ultralytics. tj-actions. Grafana. GitHub Actions are increasingly targeted by attackers and implicated in industry-impacting incidents. Thankfully, GitHub's public surface offers numerous threat intelligence sources for the discerning defender. This talk covers a comprehensive methodology for investigating and tracking real-world supply chain attacks exploiting GitHub Actions, inspired by our work responding to the aforementioned incidents. It adds a new dimension and set of tools to threat intelligence research. We'll expose the wealth of intelligence available directly from both GitHub and the underlying Git plane. Through concrete demos, we'll show how to effectively pivot on user metadata and behavioral heuristics, uncover attacker forks, and recover deleted gists and commits. We'll also demonstrate how to trace attacker aliases, identify targets of reconnaissance, and unmask attackers and researchers in real-time. Attackers are hiding in the complexity of this ecosystem, but with automation we can peel back the noise, empowering detection and investigation. This approach is practical, repeatable, and relies exclusively on publicly available data, ensuring accessibility for all defenders without the need for private threat intelligence feeds. Mon, 19 Jan 2026 00:00:00 -0500 https://speakerdeck.com/ramimac/the-forensic-trail-on-github-hunting-for-supply-chain-activity https://speakerdeck.com/ramimac/the-forensic-trail-on-github-hunting-for-supply-chain-activity Some research is a slow burn; but mine is often a frantic scramble to keep up with threat actors or CloudSec Twitter. This talk uses the tj-actions/changed-files incident to expose the raw reality of rapid response research in cloud security. Using the incident as our backdrop, I'll walk you through the nitty-gritty of how a leading cloud security research team investigates urgent supply chain attacks. You'll get actionable takeaways on leveraging external data (okay … Twitter and Hacker News), the critical role of community, and the behind the scenes collaboration involved in publishing authoritative analysis. Expect a few frantic Slack screenshots and a stark look at how the research sausage is made. Some research is a slow burn; but mine is often a frantic scramble to keep up with threat actors or CloudSec Twitter. This talk uses the tj-actions/changed-files incident to expose the raw reality of rapid response research in cloud security. Using the incident as our backdrop, I'll walk you through the nitty-gritty of how a leading cloud security research team investigates urgent supply chain attacks. You'll get actionable takeaways on leveraging external data (okay … Twitter and Hacker News), the critical role of community, and the behind the scenes collaboration involved in publishing authoritative analysis. Expect a few frantic Slack screenshots and a stark look at how the research sausage is made. Tue, 16 Sep 2025 00:00:00 -0400 https://speakerdeck.com/ramimac/and-i-wouldve-gotten-away-with-it-too-if-it-wasnt-for-you-meddling-researchers https://speakerdeck.com/ramimac/and-i-wouldve-gotten-away-with-it-too-if-it-wasnt-for-you-meddling-researchers Conference talks and engineering blogs are often quilted from small omissions and half-truths. These include subtle white lies about collaboration, minimize of technical challenges, inflate outcomes, and omit critical details regarding risks, technical debt, and unresolved issues. This is part of the unspoken social contract in sharing sensitive internal information publicly. The key is to read between the lines, spot the implicit, and still extract meaningful insights. This talk will provide you with a framework to navigate these nuances effectively. We’ll explore what is often left unsaid, examine real-world examples, and equip you with the tools to make the most of fwd:cloudsec and similar events! Conference talks and engineering blogs are often quilted from small omissions and half-truths. These include subtle white lies about collaboration, minimize of technical challenges, inflate outcomes, and omit critical details regarding risks, technical debt, and unresolved issues. This is part of the unspoken social contract in sharing sensitive internal information publicly. The key is to read between the lines, spot the implicit, and still extract meaningful insights. This talk will provide you with a framework to navigate these nuances effectively. We’ll explore what is often left unsaid, examine real-world examples, and equip you with the tools to make the most of fwd:cloudsec and similar events! Tue, 01 Jul 2025 00:00:00 -0400 https://speakerdeck.com/ramimac/you-are-not-netflix-how-to-learn-from-conference-talks https://speakerdeck.com/ramimac/you-are-not-netflix-how-to-learn-from-conference-talks Security teams increasingly take a collaborative, partnership-based approach to securing their applications and organizations. Scaling these efforts requires thoughtfully distributing awareness and ownership of security risk. Scorecarding is used at leading companies to make security posture visible, actionable, and engaging across the entire organization. In this session, we dive into how companies like Netflix, Chime, GitHub, and DigitalOcean use scorecarding to distribute security ownership, drive continuous improvement, and align risk management with business goals. You’ll walk away with practical, tool-agnostic strategies for implementing your own scorecarding program that not only enhances security posture but fosters a culture of shared responsibility and proactive risk management. Security teams increasingly take a collaborative, partnership-based approach to securing their applications and organizations. Scaling these efforts requires thoughtfully distributing awareness and ownership of security risk. Scorecarding is used at leading companies to make security posture visible, actionable, and engaging across the entire organization. In this session, we dive into how companies like Netflix, Chime, GitHub, and DigitalOcean use scorecarding to distribute security ownership, drive continuous improvement, and align risk management with business goals. You’ll walk away with practical, tool-agnostic strategies for implementing your own scorecarding program that not only enhances security posture but fosters a culture of shared responsibility and proactive risk management. Fri, 30 May 2025 00:00:00 -0400 https://speakerdeck.com/ramimac/scale-security-programs-with-scorecarding https://speakerdeck.com/ramimac/scale-security-programs-with-scorecarding I’ll summarize and distill the actionable guidance for scaling Cloud Security programs from the vast array of talks and blog posts our there. We'll blaze through a dense view of what cloud security is, how you can do it more effectively, and what the near future looks like. After the talk, you'll have practical takeaways, and a lengthy, curated bibliography to lean on. I’ll summarize and distill the actionable guidance for scaling Cloud Security programs from the vast array of talks and blog posts our there. We'll blaze through a dense view of what cloud security is, how you can do it more effectively, and what the near future looks like. After the talk, you'll have practical takeaways, and a lengthy, curated bibliography to lean on. Wed, 11 Sep 2024 00:00:00 -0400 https://speakerdeck.com/ramimac/how-to-10x-your-cloud-security-without-the-series-d https://speakerdeck.com/ramimac/how-to-10x-your-cloud-security-without-the-series-d Zero Touch Prod is a Google-ism, and also a good idea. It's common that engineers, even at companies with strong security programs and cloud-native architecture, organically evolve operational processes that require they touch production daily. As security practitioners, it's our job to keep our companies safe - both from bad actors, and also humans making mistakes. Allowing humans to work directly in production infrastructure introduces mitigable risks. This talk shares my universal theory of how to incrementally and collaboratively move a cloud-native organization to Zero Touch Prod. We'll talk about why people touch prod, how they touch prod, and what we can do about it. I'll include a summary of the various production access primitives available in AWS, when to use them, and how to do so safely. We'll dive deep on the implementation options for building blocks like JIT/Temporary Access and operational script running. Wherever you are in your Access Journey, you'll walk away with practical and pragmatic next steps! Zero Touch Prod is a Google-ism, and also a good idea. It's common that engineers, even at companies with strong security programs and cloud-native architecture, organically evolve operational processes that require they touch production daily. As security practitioners, it's our job to keep our companies safe - both from bad actors, and also humans making mistakes. Allowing humans to work directly in production infrastructure introduces mitigable risks. This talk shares my universal theory of how to incrementally and collaboratively move a cloud-native organization to Zero Touch Prod. We'll talk about why people touch prod, how they touch prod, and what we can do about it. I'll include a summary of the various production access primitives available in AWS, when to use them, and how to do so safely. We'll dive deep on the implementation options for building blocks like JIT/Temporary Access and operational script running. Wherever you are in your Access Journey, you'll walk away with practical and pragmatic next steps! Tue, 18 Jun 2024 00:00:00 -0400 https://speakerdeck.com/ramimac/the-path-to-zero-touch-production https://speakerdeck.com/ramimac/the-path-to-zero-touch-production There is a definitive resource for cloud-native companies to build a security program and posture in AWS: Scott Piper’s AWS Security Maturity Roadmap. However, mature programs quickly progress past the end of Scott’s roadmap. In this talk, I’ll take you on a rapid fire tour beyond the end of the roadmap, focusing on the problems you’ll encounter scaling a cloud security program. A key framework will be “build versus buy,” and the talk will be opinionated about where cloud security teams can fall into the trap of undifferentiated work. The goal is to leave you with a clear view of the possibilities at the leading edge of cloud security, risk-informed guidance on priorities, and a crucial new reference for writing cloud security roadmaps. There is a definitive resource for cloud-native companies to build a security program and posture in AWS: Scott Piper’s AWS Security Maturity Roadmap. However, mature programs quickly progress past the end of Scott’s roadmap. In this talk, I’ll take you on a rapid fire tour beyond the end of the roadmap, focusing on the problems you’ll encounter scaling a cloud security program. A key framework will be “build versus buy,” and the talk will be opinionated about where cloud security teams can fall into the trap of undifferentiated work. The goal is to leave you with a clear view of the possibilities at the leading edge of cloud security, risk-informed guidance on priorities, and a crucial new reference for writing cloud security roadmaps. Fri, 15 Sep 2023 00:00:00 -0400 https://speakerdeck.com/ramimac/beyond-the-baseline-horizons-for-cloud-security-programs https://speakerdeck.com/ramimac/beyond-the-baseline-horizons-for-cloud-security-programs Scott (Piper)’s AWS Security Maturity Roadmap is the definitive resource for cloud-native companies to build a security program and posture in AWS. It does an amazing job at providing broadly applicable guidance along the maturity curve. However, for many fwd:cloudsec attendees, the roadmap ends too soon. In my experience there is a set of technical capabilities and controls that companies should consider once they’ve “shipped the roadmap." In this talk, I’ll take you on a rapid fire tour beyond Scott's paved road, focusing on the problems you’ll encounter scaling a cloud security program. A key framework will be “build versus buy,” and the talk will be opinionated about where cloud security teams can fall into the trap of undifferentiated work. The goal is to walk away with a clear view of the possibilities at the leading edge of cloud security, risk-informed guidance on priorities, and a crucial new reference for writing cloud security roadmaps. Scott (Piper)’s AWS Security Maturity Roadmap is the definitive resource for cloud-native companies to build a security program and posture in AWS. It does an amazing job at providing broadly applicable guidance along the maturity curve. However, for many fwd:cloudsec attendees, the roadmap ends too soon. In my experience there is a set of technical capabilities and controls that companies should consider once they’ve “shipped the roadmap." In this talk, I’ll take you on a rapid fire tour beyond Scott's paved road, focusing on the problems you’ll encounter scaling a cloud security program. A key framework will be “build versus buy,” and the talk will be opinionated about where cloud security teams can fall into the trap of undifferentiated work. The goal is to walk away with a clear view of the possibilities at the leading edge of cloud security, risk-informed guidance on priorities, and a crucial new reference for writing cloud security roadmaps. Mon, 12 Jun 2023 00:00:00 -0400 https://speakerdeck.com/ramimac/beyond-the-aws-security-maturity-roadmap https://speakerdeck.com/ramimac/beyond-the-aws-security-maturity-roadmap You can’t buy security, but vendors play a key role in effective security programs. This talk will provide a comprehensive guide to buying and getting value, based on experiences on both sides of the marketplace, a comprehensive literature review, and a survey of clients and vendors of all stripes. You can’t buy security, but vendors play a key role in effective security programs. This talk will provide a comprehensive guide to buying and getting value, based on experiences on both sides of the marketplace, a comprehensive literature review, and a survey of clients and vendors of all stripes. Sat, 04 Jun 2022 00:00:00 -0400 https://speakerdeck.com/ramimac/buying-security https://speakerdeck.com/ramimac/buying-security This show will discuss the public catalog of AWS Customer Security Incidents (https://github.com/ramimac/aws-customer-security-incidents), covering over twenty different public breaches. We’ll walk through the technical details of these attacks, establish the common root causes, look at lessons learned, and establish how you can proactively secure your environment against these real world risks. This show will discuss the public catalog of AWS Customer Security Incidents (https://github.com/ramimac/aws-customer-security-incidents), covering over twenty different public breaches. We’ll walk through the technical details of these attacks, establish the common root causes, look at lessons learned, and establish how you can proactively secure your environment against these real world risks. Sun, 15 May 2022 00:00:00 -0400 https://speakerdeck.com/ramimac/learning-from-aws-customer-security-incidents-2022 https://speakerdeck.com/ramimac/learning-from-aws-customer-security-incidents-2022 Most of us are not lucky enough to have architected the perfect cloud environment, according to this month's best practices, and without any legacy elements or ""surprise"" assets. Over the course of a career in cloud security, you'll likely find yourself walking into a new environment and needing to rapidly orient yourself to both mitigate the biggest risks and also develop a roadmap towards a sustainable, secure future. As a security consultant, I had the challenge and opportunity to enter blind into a variety of cloud environments. They were across Azure, GCP, and AWS, some well-architected and others organically sprawling, containing a single account/project and hundreds. This gave me a rapid education in how to find the information necessary to familiarize myself with the environment, dig in to identify the risks that matter, and put together remediation plans that address short, medium, and long term goals. This talk will present a cloud and environment agnostic methodology for getting your bearings if tasked with securing a novel cloud environment. We'll learn by applying this to a sample AWS environment in order to cover: An archeological guide for where and how to find organizational context How to quickly find and kill the most common attack vectors at the perimeter (both network and identity) Common architectural and deployment patterns, how to spot them, and their security implications What you need to know, what you need to prioritize, and what ""best practices"" aren't worth the squeeze when you're in a crunch. Most of us are not lucky enough to have architected the perfect cloud environment, according to this month's best practices, and without any legacy elements or ""surprise"" assets. Over the course of a career in cloud security, you'll likely find yourself walking into a new environment and needing to rapidly orient yourself to both mitigate the biggest risks and also develop a roadmap towards a sustainable, secure future. As a security consultant, I had the challenge and opportunity to enter blind into a variety of cloud environments. They were across Azure, GCP, and AWS, some well-architected and others organically sprawling, containing a single account/project and hundreds. This gave me a rapid education in how to find the information necessary to familiarize myself with the environment, dig in to identify the risks that matter, and put together remediation plans that address short, medium, and long term goals. This talk will present a cloud and environment agnostic methodology for getting your bearings if tasked with securing a novel cloud environment. We'll learn by applying this to a sample AWS environment in order to cover: An archeological guide for where and how to find organizational context How to quickly find and kill the most common attack vectors at the perimeter (both network and identity) Common architectural and deployment patterns, how to spot them, and their security implications What you need to know, what you need to prioritize, and what ""best practices"" aren't worth the squeeze when you're in a crunch. Sun, 08 Aug 2021 00:00:00 -0400 https://speakerdeck.com/ramimac/cloud-security-orienteering https://speakerdeck.com/ramimac/cloud-security-orienteering Presented at BSidesCT 2020 In light of the increasing adoption of cloud computing, there have has been broad coverage of the compromise of customer environments in the cloud. In both popular and technical literature however, there has been a focus on the most egregious, simplest breaches (i.e open S3 buckets). However, deeper analysis shows a much broader variety of tactics currently exploited by attackers and researchers to compromise cloud environments. This talk will, with a focus on AWS, discuss over a dozen different public breaches. We'll walk through the technical details of these attacks, establish the common root causes, look at lessons learned, and establish how you can proactively secure your environment against these real world risks. Presented at BSidesCT 2020 In light of the increasing adoption of cloud computing, there have has been broad coverage of the compromise of customer environments in the cloud. In both popular and technical literature however, there has been a focus on the most egregious, simplest breaches (i.e open S3 buckets). However, deeper analysis shows a much broader variety of tactics currently exploited by attackers and researchers to compromise cloud environments. This talk will, with a focus on AWS, discuss over a dozen different public breaches. We'll walk through the technical details of these attacks, establish the common root causes, look at lessons learned, and establish how you can proactively secure your environment against these real world risks. Sat, 14 Nov 2020 00:00:00 -0500 https://speakerdeck.com/ramimac/learning-from-aws-customer-security-incidents https://speakerdeck.com/ramimac/learning-from-aws-customer-security-incidents Presented at BSides Boston 2020 Cloud computing continues its rampant growth, and AWS maintains its lead as the predominant platform. Since the last BSidesBoston in 2017, AWS adoption has gone from 57% to 76% of enterprises (Per RigthScale/Flexera State of the Cloud 2017/2020). Whether your organization has two feet firmly in the cloud, is dipping a toe in the water, or you personally are wondering "where do I even start," it's important to learn to adjust security to cloud environments. This talk will look at two ends of the spectrum. First, we'll go through the easy wins that almost any one or any organization can identify and apply. Then, we'll pivot to look as the the big picture security problems to consider as either your security maturity or AWS usage grows. We won't be able to go deep into all the weeds of the topic, but instead we'll provide the essential information, and pointers for next steps. No matter the size, complexity, or sophistication of your AWS environment, you should walk away with an idea of where to look for your next actionable improvements. Presented at BSides Boston 2020 Cloud computing continues its rampant growth, and AWS maintains its lead as the predominant platform. Since the last BSidesBoston in 2017, AWS adoption has gone from 57% to 76% of enterprises (Per RigthScale/Flexera State of the Cloud 2017/2020). Whether your organization has two feet firmly in the cloud, is dipping a toe in the water, or you personally are wondering "where do I even start," it's important to learn to adjust security to cloud environments. This talk will look at two ends of the spectrum. First, we'll go through the easy wins that almost any one or any organization can identify and apply. Then, we'll pivot to look as the the big picture security problems to consider as either your security maturity or AWS usage grows. We won't be able to go deep into all the weeds of the topic, but instead we'll provide the essential information, and pointers for next steps. No matter the size, complexity, or sophistication of your AWS environment, you should walk away with an idea of where to look for your next actionable improvements. Sat, 26 Sep 2020 00:00:00 -0400 https://speakerdeck.com/ramimac/aws-security-easy-wins-and-enterprise-scale https://speakerdeck.com/ramimac/aws-security-easy-wins-and-enterprise-scale As comfort and familiarity with cloud computing is now more mainstream, companies are leaning more and more on cloud resources to host and run even their most-sensitive technical assets. With these new technologies/innovations come new (and old!) security concerns. As a consultant, I’ve had experience breaking into a AWS environments with varying sophistication of security posture, and then helping those clients patch holes and harden their environments. This talk with lean on those experiences to provide you with a guide on securing your AWS environment, and then validating that security. We’ll start by walking through AWS’s Shared Responsibility Model. Then we’ll identify the features of AWS that are most important for security, and give tips on best practices and easy wins. After establishing these security standards, we’ll take a quick look at a few (free) tools for auditing AWS configurations, including NCC Group’s own open-source ScoutSuite. You’ll leave this talk with concrete next steps for improving your own cloud security posture. As comfort and familiarity with cloud computing is now more mainstream, companies are leaning more and more on cloud resources to host and run even their most-sensitive technical assets. With these new technologies/innovations come new (and old!) security concerns. As a consultant, I’ve had experience breaking into a AWS environments with varying sophistication of security posture, and then helping those clients patch holes and harden their environments. This talk with lean on those experiences to provide you with a guide on securing your AWS environment, and then validating that security. We’ll start by walking through AWS’s Shared Responsibility Model. Then we’ll identify the features of AWS that are most important for security, and give tips on best practices and easy wins. After establishing these security standards, we’ll take a quick look at a few (free) tools for auditing AWS configurations, including NCC Group’s own open-source ScoutSuite. You’ll leave this talk with concrete next steps for improving your own cloud security posture. Sat, 09 Nov 2019 00:00:00 -0500 https://speakerdeck.com/ramimac/building-castles-in-the-cloud-aws-security-and-self-assessment https://speakerdeck.com/ramimac/building-castles-in-the-cloud-aws-security-and-self-assessment Workshop presented at OWASP BASC 2019 by Rami McCarthy and Joshua Dow Abstract: "As comfort and familiarity with cloud computing is now more mainstream, companies are leaning more and more on cloud resources to host and run even their most-sensitive technical assets. With these new technologies/innovations come new (and old!) security concerns. In this workshop, we will take participants through a baseline understanding of cloud security - with a focus on AWS security fundamentals. First, we will briefly outline the cloud security model, the similarities across platforms, and the shared responsibility model that Amazon employs. From there, we will introduce participants to open-source tooling for AWS account auditing and hardening, including NCC's own ScoutSuite. We will provide access to an intentionally vulnerable AWS environment, to allow workshop attendees to follow along and explore misconfigurations with their own eyes. We also will support attendees who want to immediately dive into auditing their own AWS accounts/environments. Next, we'll highlight easy wins for AWS security, that the audience will be able to immediately apply to their own environments. Following that, we'll speak to Amazon's built-in security tooling, including: Security Hub Trusted Advisor CloudTrail Inspector GuardDuty Macie (and why it's probably wrong for you!) We'll focus on actionable guidance to walk away and be able to use these tools to harden your own posture. Subsequently, we'll work with attendees through the misconfigurations that led to the Capital One breach, via the CloudGoat scenario. Wrapping up, we'll provide a easy to follow cheatsheet of best practices, easy wins, and open source tools that attendees can reference to improve their own environments. " Workshop presented at OWASP BASC 2019 by Rami McCarthy and Joshua Dow Abstract: "As comfort and familiarity with cloud computing is now more mainstream, companies are leaning more and more on cloud resources to host and run even their most-sensitive technical assets. With these new technologies/innovations come new (and old!) security concerns. In this workshop, we will take participants through a baseline understanding of cloud security - with a focus on AWS security fundamentals. First, we will briefly outline the cloud security model, the similarities across platforms, and the shared responsibility model that Amazon employs. From there, we will introduce participants to open-source tooling for AWS account auditing and hardening, including NCC's own ScoutSuite. We will provide access to an intentionally vulnerable AWS environment, to allow workshop attendees to follow along and explore misconfigurations with their own eyes. We also will support attendees who want to immediately dive into auditing their own AWS accounts/environments. Next, we'll highlight easy wins for AWS security, that the audience will be able to immediately apply to their own environments. Following that, we'll speak to Amazon's built-in security tooling, including: Security Hub Trusted Advisor CloudTrail Inspector GuardDuty Macie (and why it's probably wrong for you!) We'll focus on actionable guidance to walk away and be able to use these tools to harden your own posture. Subsequently, we'll work with attendees through the misconfigurations that led to the Capital One breach, via the CloudGoat scenario. Wrapping up, we'll provide a easy to follow cheatsheet of best practices, easy wins, and open source tools that attendees can reference to improve their own environments. " Sat, 19 Oct 2019 00:00:00 -0400 https://speakerdeck.com/ramimac/aws-cloud-security-fundamentals https://speakerdeck.com/ramimac/aws-cloud-security-fundamentals