Sonrai cloud security platform, products and services are covered by U.S. Patent Nos. 10,728,307 and 11,134,085, together with other domestic and international patents pending. All rights reserved.
Enhancing Cloud Security with Cloud Pros Talking Shop
Get the 411 on tactics and strategies from security leaders to meet your own cloud security goals.
AGENDA
|
Explore the challenges of least privilege and who should own this critical issue. Delve into the three phases of maturity for addressing the problem and master strategies to centralize permissions management to lighten the load on developers. Walk away with specific policies you can implement today to protect the most powerful permissions in your cloud.
Sandy Bird
Co-Founder and CTO Sonrai Security
Alex Shulman
Cloud Cybersecurity Leader EY
Permissions Boundaries and SCPs: The Cloud IAM Invariants
Rich Mogull | Securosis
Join us as we unravel the complexities of permissions boundaries and Service Control Policies and discover their power in preventing privilege escalation while supporting delegated administration. Through real-world examples and clear explanations, you'll gain practical knowledge to enhance your cloud security and streamline your IAM strategy.
Rich Mogull
Researcher and CEO Securosis
What Everyone Should Know About Cloud Permissions
Nigel Sood | Sonrai Security
MATT CARLE | Sonrai Security
Dive into the current state of cloud permissions and identities, focusing on strategies to identify and mitigate risks. Review the latest analysis on the scale of cloud permissions in typical environments, gain insights into newly introduced risky permissions by cloud providers and learn effective measures to address these risks.
Nigel Sood
Cloud Security Researcher Sonrai Security
MATT CARLE
Head of Product Sonrai Security
IAM in the Cloud: Successes, Pitfalls, and Lessons Learned
Chad Lorenc | Amazon Web Services
Learn how companies of all sizes and maturity levels have addressed the complexities of managing identities in the cloud to reduce risk. Through real-world examples and expert insights, this session reveals both successes and pitfalls in cloud IAM. Gain practical strategies today to elevate your organization's cloud identity security.
Chad Lorenc
Security Delivery Manager Amazon Web Services
What is a Cloud Permissions Firewall Anyway?
Jeff Moncrief | Sonrai Security
Discover the Cloud Permissions Firewall concept and its role in modern cloud identity security. This session explores achieving least privilege at scale with a default-deny model that works, delving into real-world applications and benefits. See it in action to gain an understanding of how implementing a permissions firewall will solve the overpermissioned and unused identity problem in your cloud.
Jeff Moncrief
Field CTO Sonrai Security
Privilege Escalation Deconstructed: Attacks and How to Stop Them
Christophe Limpalair | Cybr
Discover how IAM Privilege Escalation attacks work and how threat actors commonly exploit misconfigurations. This session will explain what privilege escalations are, go through a live environment escalating privilege, and discuss common techniques used in the wild. We'll then explain and demonstrate how to find potential PrivEsc paths in the cloud to prevent and detect ongoing attacks.
Christophe Limpalair
Founder & Trainer Cybr
JIT vs. Long-Lived Roles: Evaluating Cloud Security Strategies
James Berthoty | Latio Tech
JIT permissioning is often hailed as a silver bullet for cloud access, yet its security benefits beyond privilege escalation are hard to quantify. This session delves into the dynamics of JIT roles versus long-lived roles, evaluating their true value and exploring practical implementation strategies to maximize security and efficiency in cloud environments.
James Berthoty
Cloud Security
Architect & Founder
Latio Tech
From Manual to Automated: Implementing Least Privilege in AWS with SCPs
Cole Horsman | Global Atlantic Financial Group
Learn first hand about the journey of achieving least privilege in the cloud using Service Control Policies (SCPs) in AWS. This case study will start by showcasing the manual approach, detailing the design and implementation with cloud-native tools. Then, the discussion will focus on leveraging automation tools to streamline the process, significantly reducing time and effort. Take away practical advice to apply to your own least privilege journey in the cloud.
Cole Horsman
AVP, Security Operations Global Atlantic Financial Group
Register Today!
Register once for the summit and gain access to all of the sessions.
After submitting, you’ll receive an email to make your own agenda and add sessions to your calendar.
Chad Lorenc
Security Delivery ManagerAmazon Web ServicesChad Lorenc boasts a distinguished 25-year career dedicated to building and implementing security programs for a diverse range of global organizations. From Fortune 500 titans to billion-dollar financial institutions, Chad has left an indelible mark. He pioneered a startup venture before the 'cloud' era, constructing multiple data centers and a widespread ISP presence. Notably, his creation encompassed ISP-based security and storage ASP, setting precedents well ahead of his time. Chad's expertise spans the globe, overseeing deployments across three dozen countries. He orchestrated groundbreaking zero-trust security solutions across endpoints, networks, data centers, and the cloud, all while championing the SASE edge model for enhanced security. Today, Chad's passion centers on cloud security. He guides AWS customers in securing their cloud environments, leading a professional service security team covering the western United States. Chad generously shares field lessons on LinkedIn, offering invaluable insights to a global audience.
Karen Levy
VP, Product MarketingSonrai SecurityKaren Levy is the Vice President of Product Marketing with responsibility for product positioning, messaging and go-to-market strategy. Karen has more than 15 years of cyber security product marketing experience in leadership roles at RSA, CyberArk and Recorded Future.
Jeff Moncrief
Field CTOSonrai SecurityA security veteran for over 20 years, Jeff Moncrief helps enterprises protect data on the Internet and in public cloud. His specializations include compliance, cloud identity risk, AWS/Azure/GCP security across IaaS/Paas, Kubernetes, network traffic analytics, incident response, and security architecture. Most recently, He’s been leading teams at cloud security companies (Tripwire) and Fortune 100 firms (Cisco). Today, Jeff leads Sonrai Security’s solutions team, as Field CTO, helping enterprises secure their cloud with identity & data governance.
Christophe Limpalair
Founder & TrainerCybrWith over 8 years of AWS experience in managing infrastructure, deploying applications, and securing cloud resources, Christophe now shares his expertise with the community by providing AWS security training through his company, Cybr. Cybr's mission is to help individuals and businesses build their cloud security skills through hands-on, practical, and real-world training.
James Berthoty
Cloud Security Architect & FounderLatio TechJames Berthoty has been in technology for over 10 years across engineering and security roles. An early advocate for DevSecOps, he has a passion for driving security teams as contributors to product and built Latio Tech to help connect people with the right products. He lives in Raleigh, NC with his wife and three children.
Cole Horsman
AVP, Security OperationsGlobal Atlantic Financial GroupCole is the AVP of Security Operations focused on the Cloud Security Program. His primary focus is designing and implementing solutions to ensure Global Atlantic cloud computing environments are implemented securely and effectively.
Sandy Bird
Co-Founder and CTOSonrai SecuritySandy Bird is the co-founder and CTO of Sonrai Security, helping enterprises secure their data in the cloud. Sandy was the co-founder and CTO of Q1 Labs, which was acquired by IBM in 2011. At IBM, Sandy became the CTO for the global security business and worked closely with research, development, marketing and sales to develop new and innovative solutions to help the IBM Security business grow.
Alex Shulman
Cloud Cybersecurity LeaderEYAlex Shulman-Peleg, PhD, is a Managing Director and cybersecurity consulting leader at Ernst & Young in the Americas. She is supporting hundreds of clients with modernization and cost reduction via secure enablement of Clouds and AI, addressing the involved risk, cybersecurity and regulatory requirements. In her previous role, she was the Director and Head of Cloud Security at Citibank, where she established and led a global CISO cloud security program, as well as cloud-native security engineering enabling massive modernization and faster application development. Being a pioneer in Cloud security, she led IBM’s early products and groundbreaking R&D initiatives including multi-national European consortiums consisting of industry and research leaders. She has 14 patents and more than 30 scientific publications having thousands of citations. She has decades of technological leadership and holds PhD, MSc and BSc degrees in computer science in the areas of ML, AI and computer vision.
Rich Mogull
Researcher and CEOSecurosisRich is a Researcher and CEO of Securosis, and the SVP of Cloud Security at FireMon where he focuses on leading-edge cloud security research and implementation. He has over 25 years of security experience and currently specializes in cloud security and DevSecOps, having starting working hands-on in cloud over 10 years ago. He is an AWS Community Builder and the principle course designer of the Cloud Security Alliance CCSK training class. He is the primary author of the latest version of the CSA Security Guidance, has taught cloud security and incident response at Black Hat for over 10 years, and actively works on developing hands-on cloud security techniques. Prior to founding Securosis and DisruptOps, Rich was a Research Vice President at Gartner on the security team. Prior to his seven years at Gartner, Rich worked as an independent consultant, web application developer, software development manager at the University of Colorado, and systems and network administrator. Rich is the Security Editor of TidBITS and a frequent contributor to industry publications. He is a frequent industry speaker at events including the RSA Security Conference, Black Hat, and DefCon, and has spoken on every continent except Antarctica.
Nigel Sood
Cloud Security ResearcherSonrai SecurityNigel Sood is a Cloud Security Researcher at Sonrai Security and has vast experience in software development, spending time at IBM on the content and software development teams.
MATT CARLE
Head of ProductSonrai SecurityMatthew Carle is the Head of Product at Sonrai Security, previously holding senior roles at Noetic Cyber and Patriot One Technologies, and was a World Wide Product Manager at IBM. He has a wealth of experience in building and managing products.
We won’t spam you or sell your data