Lightning Talks

Our webinar series bringing cyber security and cloud experts to share their knowledge and experiences.

Come and speak on Lightning Talks

The "Identity in the Cloud" Series

Tuesdays in September & October @12.30pm

A series of six “lightning talks” (30 minute lunchtime sessions) on Identity and what it means for Cloud and Zero Trust

Vulnerability Identifiers

31 May 2022 18:00 UK time

Abstract: Learn about the primitive technologies still in use to create and distribute vulnerability identifiers. We’ll explore what the Global Security Database (GSD) is doing to improve and modernize things in the vulnerability identification ecosystem using Open Source tools and principles. We’ll also look at the efforts being made by the GSD to provide an on-ramp for people to join the InfoSec community at different levels of knowledge and engagement.

About speaker: Kurt Seifried, https://ca.linkedin.com/in/kurtseifried

Top Threats to Cloud Computing

12 May 2022 18:00 UK time

This webinar provides case study analyses for The Egregious 11: Top Threats to Cloud Computing white paper and a relative security industry breach analysis. Using nine actual attacks and breaches, including a major financial services company, a leading enterprise video communications firm, and a multinational grocery chain for its foundation, this webinar connects the dots between the CSA Top Threats in terms of security analysis.

About speaker: Sean Heide, Cloud Security Research Analyst, Cloud Security Alliance https://www.linkedin.com/in/seanheide/

Cloud Security Alliance Research in 2022

31 March 2022 18:00 UK time

Abstract: Watch and engage in a discussion with Frank Guanco giving an overview of how to be involved with CSA Research and working groups, the state of CSA Research, upcoming publications, recent releases, and next steps for CSA Research.

About speaker: Frank Guanco, Research Program Manager, Cloud Security Alliance

https://www.linkedin.com/in/frankguanco/

Offensive Insight for Cloud Security - Part 2 – Technical Deep Dive

The webinar was sponsored by XM Cyber

9 September 2021 at 13:00 UK time

Abstract: In this webinar, Tobias will pick up on the first session delivered by Menachem Shafran, who provided insights into the challenges within the cloud.

In the session we will:

share customer case studies, tales from the trenches and showcase both cloud-only and hybrid attack scenarios typically discovered with an overall assessment of the cloud.
focus on the offensive insights that come into play when using and working with different cloud environments and an ever-changing threat landscape.
cover the conceptual integration into existing security tools of the major cloud providers.

Securing ssh connections with certificates

Also watch on LinkedIn

17 June 2021 at 16:00 UK time

Abstract: Based on a popular blog post, this talk challenges the listener to reconsider using keys for SSH access and instead use SSH Certificates. We will discuss the pros and cons of SSH certificates. We will also guide you on setting up your own open-source SSH certificate authority that you can link to your existing identity provider to deliver single sign-on SSH access to all your servers.

About speaker: Michael Maxey, VP of Product, Smallstep

Offensive Insight for Cloud Security

Speaker: Menachem Shafran, VP Products XM Cyber

Presentation

XM Cyber CSA - May 2021.pdf

20 May 2021 at 13:00 UK time

Abstract: Exploration of the recent vulnerabilities, threats and possible exploits in cloud environment and the modern hacker’s perspective. Review the gaps in the traditional security approach and how XM Cyber revolutionises security posture

About speaker: Menachem Shafran is a product leader with more than 15 years of experience in product management and cybersecurity. Mr. Shafran has managed complex product ranging from cybersecurity, homeland security, DevOps automation to mobile applications. His strength in creating a product vision, aligning R&D efforts with sales and marketing has been demonstrated over the years during his tenure at Quali, NowForce, now part of Verint (VRNT), and Radware (RDWR). Prior to his roles in product management, Mr. Shafran served for 5 years in the IDF’s Elite Intelligence Unit 8200, where he served both as a researcher and as a team leader.

Poll results

Quantum in the Cloud: The impact of Quantum Technologies on Cloud Security

2021 02 25 Quantum in the Cloud.pdf

Presenter: Bruno Huttner

https://www.linkedin.com/in/bruno-huttner/

25 February 2021 at 13:00 UK time

It is now well established that the quantum computer threatens to destroy our cybersecurity infrastructure. The exact timing is still under debate, but a range of ten to fifteen years is generally accepted by the community. In order to protect communications and the safety of all our remote transactions and especially for all cloud applications, we need to start acting now. Fortunately, solutions do exist.

The simplest solutions are classical. They consist of replacing the current algorithms under attack with new ones, which are thought to be resistant to the quantum computer. In addition, in order to further improve security, quantum solutions should be added. In particular Quantum Random Number Generators (QRNG’s) will improve the quality of cryptographic keys, which are broadly used for cybersecurity. They are already available for many applications. Quantum Key Distribution (QKD) can also be used today to protect the confidentiality of communications. QKD backbones are currently under development in several countries. Looking a bit further down the road, quantum networks and the Quantum Internet offer the promise of a different communication infrastructure. The next ten years, dubbed the Quantum Decade , will undoubtedly change the landscape of Cloud security.

Empowering Security Driven Business - Empowering Security Driven Business

12 November 2020 at 13:00 UK time

A hyper focus on security driven automation and vision of delivering value beyond tech commodity service. Objective not driven by compliance and technology gap assessment but look at delivering compliance as a by product of your Information security strategy, tactics and modus operandi. With the shift in consumerisation and advancement in adversarial focus and their TTP Information Security must act as catalyst to drive business transformation, deliver trusted product and/or service and enable speed to the market all while fuelling resiliency and ability to weather brand damage and criticism.

Presenter: Ashish Shrestha

https://www.linkedin.com/in/ashish-shrestha-59830464/

Improving your organisation’s security posture with AWS

10 December 2020 at 13:00 UK time

The presentation is focused on organisation's security posture on AWS, which is also valid for organisations considering using AWS. It starts by introducing a top 10 list of "10 places your security team should spend time". It then explains the background to this list, where it came from! Followed by a walk-through of each item on the list, elaborating on the item and providing AWS best practice guidance. It ends with a recap of the list sums up with where to go to find more detail on the best practice.

Presenter: Mark Evans

https://www.linkedin.com/in/mark-evans-b1b69b143/

The top 10 reasons why identity ecosystems fail

5 November 2020 at 13:00 UK time

An online presentation and discussion covering “The top 10 reasons why identity ecosystems fail”

Presenter: Paul Simmonds

https://www.linkedin.com/in/psimmonds

ex-CISO’s take on Cloud Computing

15 October 2020 at 13:00 UK time

An online interview and discussion covering “Mistakes to avoid and other interesting stories”

About Bob Mann

My experience and understanding of the issues has allowed me to develop a sound, pragmatic, but flexible approach to winning across business units.. My experience ranges from protection of Government and MOD clients, through to the securing the financial sector, commercial institutions and the retail environment.