We're starting off the year with a few big events we're speaking and training at. Get ready for a deep dive into the latest in cloud computing and cybersecurity with our very own experts, Mike McCabe and John Poulin.
Mike McCabe at Cloud Connect - DeveloperWeek
First up, Mike McCabe is speaking at Cloud Connect, part of DeveloperWeek, in February. He's going to cover some critical aspects of cloud computing around Terraform and IAC security. He'll cover how you can use Terraform to gain access to environments and how to defend yourself against the techniques.
Check out the details on the DeveloperWeek's agenda overview. You'll find the full schedule and what Mike has in store for his session.
John Poulin at CactusCon
Also, in February, John Poulin will be at CactusCon, one of the best hacking conferences. John's session is all about hacking AWS in a short period of time. He'll be giving real-world tips on how to evade detection while getting access.
Here's a brief overview:
60 minutes: Hack this AWS account
The detections team is hot on your trail, and your access will be cut in 1-hour – what do you do?
This talk will lay out the foundations for red-teaming an AWS account in an extremely time-boxed manner. We will identify tools and techniques for exfiltrating data, maintaining persistence, and causing noise.
For more info on John's talk and the event itself, head over to the CactusCon website.
John Poulin at KernelCon
John Poulin isn't stopping there. He's also set to run a training at KernelCon in April. This time, he'll be focusing on defense in-depth engineering, offering insights from his extensive experience in the field. It's a great opportunity to learn about more than just the OWASP top ten.
Here's a brief overview:
The 2021 OWASP Top Ten introduced a category, 'Insecure Design' to focus on risks related to design flaws. In this training, we will focus on building defense-in-depth software. What can we do to proactively architect software to be more resilient to attacks? What type of findings may not be discovered via automated static analysis? How can we design our software to be more friendly during incident response scenarios?
This two-day training is perfect for engineers as well as security practitioners that have some familiarity with the OWASP top 10. During this training, we will focus on identifying often-overlooked architectural anti-patterns and vulnerabilities to be on the lookout for. We will utilize source code review to analyze patterns for improvement in both real-world applications as well as intentionally vulnerable applications. Every interactive exercise will involve discovering concerns and writing code to engineer solutions. The course will wrap up with real-world vulnerability analysis of open-source software with an effort to help provide more secure architectural recommendations for these projects.
Details about John's KernelCon session can be found on the KernelCon website. Take a look to see what else is happening at the conference.
These conferences are great opportunities to learn, network, and get insights straight from experts. Whether you're deep into cloud computing or focused on cybersecurity, these talks are going to be packed with useful and actionable information. We hope to see you there!
We'll be attending and speaking at more conferences later in the year as well!