Lightning Talks
Our webinar series bringing cyber security and cloud experts to share their knowledge and experiences.
Securing SaaS in the Era of Zero Trust (on-line)
Part 1: The proliferation of SaaS has led to an increase in both sophisticated and opportunistic attacks targeting SaaS vendors and end-customers alike.
Furthermore, ZTNA, SASE and Identity-based security strategies can be effective at establishing secure access channels to applications, but organizations cannot rely on these alone to establish their Zero Trust architecture.
This webinar covered:
The complexities of hardening large-scale SaaS deployments
How the traditional kill chain applies to SaaS
How SaaS Security Posture Management (SSPM) can be incorporated into Zero Trust and CTEM
View it here: https://www.youtube.com/watch?v=oIcAAkc0o5c
The "Identity in the Cloud" Series
Vulnerability Identifiers
31 May 2022 18:00 UK time
Abstract: Learn about the primitive technologies still in use to create and distribute vulnerability identifiers. We’ll explore what the Global Security Database (GSD) is doing to improve and modernize things in the vulnerability identification ecosystem using Open Source tools and principles. We’ll also look at the efforts being made by the GSD to provide an on-ramp for people to join the InfoSec community at different levels of knowledge and engagement.
About speaker: Kurt Seifried, https://ca.linkedin.com/in/kurtseifried
Top Threats to Cloud Computing
12 May 2022 18:00 UK time
This webinar provides case study analyses for The Egregious 11: Top Threats to Cloud Computing white paper and a relative security industry breach analysis. Using nine actual attacks and breaches, including a major financial services company, a leading enterprise video communications firm, and a multinational grocery chain for its foundation, this webinar connects the dots between the CSA Top Threats in terms of security analysis.
About speaker: Sean Heide, Cloud Security Research Analyst, Cloud Security Alliance https://www.linkedin.com/in/seanheide/
Cloud Security Alliance Research in 2022
31 March 2022 18:00 UK time
Abstract: Watch and engage in a discussion with Frank Guanco giving an overview of how to be involved with CSA Research and working groups, the state of CSA Research, upcoming publications, recent releases, and next steps for CSA Research.
About speaker: Frank Guanco, Research Program Manager, Cloud Security Alliance
Offensive Insight for Cloud Security - Part 2 – Technical Deep Dive
The webinar was sponsored by XM Cyber
9 September 2021 at 13:00 UK time
Abstract: In this webinar, Tobias will pick up on the first session delivered by Menachem Shafran, who provided insights into the challenges within the cloud.
In the session we will:
share customer case studies, tales from the trenches and showcase both cloud-only and hybrid attack scenarios typically discovered with an overall assessment of the cloud.
focus on the offensive insights that come into play when using and working with different cloud environments and an ever-changing threat landscape.
cover the conceptual integration into existing security tools of the major cloud providers.
Securing ssh connections with certificates
17 June 2021 at 16:00 UK time
Abstract: Based on a popular blog post, this talk challenges the listener to reconsider using keys for SSH access and instead use SSH Certificates. We will discuss the pros and cons of SSH certificates. We will also guide you on setting up your own open-source SSH certificate authority that you can link to your existing identity provider to deliver single sign-on SSH access to all your servers.
About speaker: Michael Maxey, VP of Product, Smallstep
Offensive Insight for Cloud Security
20 May 2021 at 13:00 UK time
Abstract: Exploration of the recent vulnerabilities, threats and possible exploits in cloud environment and the modern hacker’s perspective. Review the gaps in the traditional security approach and how XM Cyber revolutionises security posture
About speaker: Menachem Shafran is a product leader with more than 15 years of experience in product management and cybersecurity. Mr. Shafran has managed complex product ranging from cybersecurity, homeland security, DevOps automation to mobile applications. His strength in creating a product vision, aligning R&D efforts with sales and marketing has been demonstrated over the years during his tenure at Quali, NowForce, now part of Verint (VRNT), and Radware (RDWR). Prior to his roles in product management, Mr. Shafran served for 5 years in the IDF’s Elite Intelligence Unit 8200, where he served both as a researcher and as a team leader.
Poll results
Quantum in the Cloud: The impact of Quantum Technologies on Cloud Security
2021 02 25 Quantum in the Cloud.pdfPresenter: Bruno Huttner
25 February 2021 at 13:00 UK time
It is now well established that the quantum computer threatens to destroy our cybersecurity infrastructure. The exact timing is still under debate, but a range of ten to fifteen years is generally accepted by the community. In order to protect communications and the safety of all our remote transactions and especially for all cloud applications, we need to start acting now. Fortunately, solutions do exist.
The simplest solutions are classical. They consist of replacing the current algorithms under attack with new ones, which are thought to be resistant to the quantum computer. In addition, in order to further improve security, quantum solutions should be added. In particular Quantum Random Number Generators (QRNG’s) will improve the quality of cryptographic keys, which are broadly used for cybersecurity. They are already available for many applications. Quantum Key Distribution (QKD) can also be used today to protect the confidentiality of communications. QKD backbones are currently under development in several countries. Looking a bit further down the road, quantum networks and the Quantum Internet offer the promise of a different communication infrastructure. The next ten years, dubbed the Quantum Decade , will undoubtedly change the landscape of Cloud security.
Empowering Security Driven Business - Empowering Security Driven Business
12 November 2020 at 13:00 UK time
A hyper focus on security driven automation and vision of delivering value beyond tech commodity service. Objective not driven by compliance and technology gap assessment but look at delivering compliance as a by product of your Information security strategy, tactics and modus operandi. With the shift in consumerisation and advancement in adversarial focus and their TTP Information Security must act as catalyst to drive business transformation, deliver trusted product and/or service and enable speed to the market all while fuelling resiliency and ability to weather brand damage and criticism.
Presenter: Ashish Shrestha
Improving your organisation’s security posture with AWS
10 December 2020 at 13:00 UK time
The presentation is focused on organisation's security posture on AWS, which is also valid for organisations considering using AWS. It starts by introducing a top 10 list of "10 places your security team should spend time". It then explains the background to this list, where it came from! Followed by a walk-through of each item on the list, elaborating on the item and providing AWS best practice guidance. It ends with a recap of the list sums up with where to go to find more detail on the best practice.
Presenter: Mark Evans
The top 10 reasons why identity ecosystems fail
5 November 2020 at 13:00 UK time
An online presentation and discussion covering “The top 10 reasons why identity ecosystems fail”
Presenter: Paul Simmonds
ex-CISO’s take on Cloud Computing
15 October 2020 at 13:00 UK time
An online interview and discussion covering “Mistakes to avoid and other interesting stories”
About Bob Mann
My experience and understanding of the issues has allowed me to develop a sound, pragmatic, but flexible approach to winning across business units.. My experience ranges from protection of Government and MOD clients, through to the securing the financial sector, commercial institutions and the retail environment.