HomeCISO Series Video ChatFive Best Moments from "Hacking Cloud Infrastructure" - CISO Series Video Chat

Five Best Moments from “Hacking Cloud Infrastructure” – CISO Series Video Chat

CISO Series Video ChatCommunityVideoVideo Chat Highlights
By Andrew Freels
0
0

Here’s five of our best moments from CISO Series Video Chat: “Hacking Cloud Infrastructure: An hour of critical thinking about how identity is your front line of defense for your infrastructure.”

Our guests for this discussion were:

Watch the full video

Got feedback? Join the conversation on LinkedIn.

HUGE thanks to our sponsor Ermetic

Best Bad Idea

Congrats to Drew Brown, IT security manager, Commonwealth of Pennsylvania for winning this week’s Best Bad Idea.

Congrats to Drew Brown, IT security manager, Commonwealth of Pennsylvania for winning this week’s Best Bad Idea.

Other honorable mentions go to:

“Turn off all permissions over the weekend and reactivate based on trouble tickets. Ticket-Based Access Control!” – Phil Wolff, co-founder, Wider Team

“Publish your root keys to a public github project, for collaboration and developer velocity.” – Chad Lorenc, senior cloud security consultant, AWS

Best Strategies

“Create custom roles for your organization which leverage the (multitude of) built-in roles appropriately and assign those. Bonus points for using the same role names as your on-premise roles.” – Brian Colt, information security engineer, DASH Financial Technologies

“Workload identity instead of service accounts; Using groups to manage identity vs individuals.” – Eric Sherman, site reliability engineer, Tausight

“Actually audit access periodically, instead of saying that you do.” – Ian Poynter, virtual CISO, Kalahari Security

Quotes from the chatroom

“For years 2+, reassess vendor’s cloud access. If it hasn’t changed (or decreased), perform the same risk assessment. If it has increased, perhaps a more stringent assessment is in order.” – Brian Colt, information security engineer, DASH Financial Technologies

“You have to go out of your way to override the secure cloud defaults but on prem you usually have to ENABLE the secure option.” – Larry Rosen, manager, security advisory, Avanade

“We were able to identify a number of compromised accounts for a vendor and used that to improve the relationship to ‘partner’ rather than vendor” – Drew Brown, IT security manager, Commonwealth of Pennsylvania

Previous articleCyber Security Headlines – August 18, 2021
Next articleCyber Security Headlines – August 19, 2021
Andrew Freels
RELATED ARTICLES

Most Popular

Load more

EDITOR PICKS

POPULAR POSTS

POPULAR CATEGORY

ABOUT US

Acting as a media network for cyber information and exchange, CISO Series is just a member of this fantastic community that unfortunately has some conflicts. We're just putting ourselves at the center of the conversation, acting as couples counseling for security vendors and practitioners.

CISO Series: Delivering the most fun you'll have in cybersecurity.

Contact us: info@cisoseries.com

FOLLOW US

© 2021 CISO Series