Non-Human Identity Security and Attack Demonstration
Hear from CSA UK chapter sponsors Astrix, who will introduce concepts around non-human identity management, and demonstrate an attack.
View it here: https://www.youtube.com/watch?v=ZXuli3oIDzE
Download the CSA Report here: cloudsecurityalliance.org/artifacts/state-of-non-human-identity-security-survey-report
Originally recorded 9th April 2025
Abstract: Learn about the primitive technologies still in use to create and distribute vulnerability identifiers. We’ll explore what the Global Security Database (GSD) is doing to improve and modernize things in the vulnerability identification ecosystem using Open Source tools and principles. We’ll also look at the efforts being made by the GSD to provide an on-ramp for people to join the InfoSec community at different levels of knowledge and engagement.
About speaker: Kurt Seifried, https://ca.linkedin.com/in/kurtseifried
This webinar provides case study analyses for The Egregious 11: Top Threats to Cloud Computing white paper and a relative security industry breach analysis. Using nine actual attacks and breaches, including a major financial services company, a leading enterprise video communications firm, and a multinational grocery chain for its foundation, this webinar connects the dots between the CSA Top Threats in terms of security analysis.
About speaker: Sean Heide, Cloud Security Research Analyst, Cloud Security Alliance https://www.linkedin.com/in/seanheide/
Abstract: Watch and engage in a discussion with Frank Guanco giving an overview of how to be involved with CSA Research and working groups, the state of CSA Research, upcoming publications, recent releases, and next steps for CSA Research.
About speaker: Frank Guanco, Research Program Manager, Cloud Security Alliance
The webinar was sponsored by XM Cyber
Abstract: In this webinar, Tobias will pick up on the first session delivered by Menachem Shafran, who provided insights into the challenges within the cloud.
In the session we will:
share customer case studies, tales from the trenches and showcase both cloud-only and hybrid attack scenarios typically discovered with an overall assessment of the cloud.
focus on the offensive insights that come into play when using and working with different cloud environments and an ever-changing threat landscape.
cover the conceptual integration into existing security tools of the major cloud providers.
Abstract: Based on a popular blog post, this talk challenges the listener to reconsider using keys for SSH access and instead use SSH Certificates. We will discuss the pros and cons of SSH certificates. We will also guide you on setting up your own open-source SSH certificate authority that you can link to your existing identity provider to deliver single sign-on SSH access to all your servers.
About speaker: Michael Maxey, VP of Product, Smallstep
Abstract: Exploration of the recent vulnerabilities, threats and possible exploits in cloud environment and the modern hacker’s perspective. Review the gaps in the traditional security approach and how XM Cyber revolutionises security posture
About speaker: Menachem Shafran is a product leader with more than 15 years of experience in product management and cybersecurity. Mr. Shafran has managed complex product ranging from cybersecurity, homeland security, DevOps automation to mobile applications. His strength in creating a product vision, aligning R&D efforts with sales and marketing has been demonstrated over the years during his tenure at Quali, NowForce, now part of Verint (VRNT), and Radware (RDWR). Prior to his roles in product management, Mr. Shafran served for 5 years in the IDF’s Elite Intelligence Unit 8200, where he served both as a researcher and as a team leader.
It is now well established that the quantum computer threatens to destroy our cybersecurity infrastructure. The exact timing is still under debate, but a range of ten to fifteen years is generally accepted by the community. In order to protect communications and the safety of all our remote transactions and especially for all cloud applications, we need to start acting now. Fortunately, solutions do exist.
The simplest solutions are classical. They consist of replacing the current algorithms under attack with new ones, which are thought to be resistant to the quantum computer. In addition, in order to further improve security, quantum solutions should be added. In particular Quantum Random Number Generators (QRNG’s) will improve the quality of cryptographic keys, which are broadly used for cybersecurity. They are already available for many applications. Quantum Key Distribution (QKD) can also be used today to protect the confidentiality of communications. QKD backbones are currently under development in several countries. Looking a bit further down the road, quantum networks and the Quantum Internet offer the promise of a different communication infrastructure. The next ten years, dubbed the Quantum Decade , will undoubtedly change the landscape of Cloud security.
A hyper focus on security driven automation and vision of delivering value beyond tech commodity service. Objective not driven by compliance and technology gap assessment but look at delivering compliance as a by product of your Information security strategy, tactics and modus operandi. With the shift in consumerisation and advancement in adversarial focus and their TTP Information Security must act as catalyst to drive business transformation, deliver trusted product and/or service and enable speed to the market all while fuelling resiliency and ability to weather brand damage and criticism.
The presentation is focused on organisation's security posture on AWS, which is also valid for organisations considering using AWS. It starts by introducing a top 10 list of "10 places your security team should spend time". It then explains the background to this list, where it came from! Followed by a walk-through of each item on the list, elaborating on the item and providing AWS best practice guidance. It ends with a recap of the list sums up with where to go to find more detail on the best practice.
An online presentation and discussion covering “The top 10 reasons why identity ecosystems fail”
An online interview and discussion covering “Mistakes to avoid and other interesting stories”
My experience and understanding of the issues has allowed me to develop a sound, pragmatic, but flexible approach to winning across business units.. My experience ranges from protection of Government and MOD clients, through to the securing the financial sector, commercial institutions and the retail environment.