Discover the (ISC)² Community 

Join the ISC2 Community and share your cybersecurity knowledge and experience with other pros – (ISC)² members and non-members alike!

 

A Purple-Team view of AWS

AWS is extensively used by organizations, large and small. The breadth of service offerings within AWS is staggering. From Serverless to IaaS Services, AWS has comprehensive solutions that can power any organization.

However, security on AWS is often treated similar to Enterprise security. Organizations look to adopt similar templates of Perimeter Protection, Cryptography and so on, on their AWS environments, as they would, for collocated or private cloud environments. This is not a scalable or effective strategy.

Securing resources and applications on AWS requires a different perspective and a different set of practices. This talk provides an attack and defence perspective of AWS security. We will look at how attackers view resources on AWS, leverage vulnerabilities and elevate privileges therefrom and look at some common practices for defence, in terms of identifying and mitigating vulnerabilities in our AWS deployment.

 

Rahul Raghavan (Co-Founder and Chief Evangelist, we45)

 Rahul Raghavan

The sheer pervasiveness of applications, their associated software engineering process and therefore the variance of application security quotient across software teams is what drives Rahul’s primary role as an AppSec Advocate at we45.

Having worked on both the building and breaking sides of product engineering, Rahul appreciates both the constraints and the opportunities of imbibing security within the software lifecycle. This understanding created a natural segue for we45’s custom security solution engineering and enhanced AppSec service delivery models for its global customers.

As an active DevSecOps Marketer, Rahul works closely with the offices of CTOs and CIOs in the setting up of cross functional skill building and collaboration models between engineering, QA and security teams to build and manage software security maturity frameworks.

Rahul is Certified Information Systems Auditor (CISA) and is a regular speaker at global conferences, seminars and meetup groups on the following topic areas:

1. Application Security Automation and DevSecOps
2. AppSec Tooling
3. Threat Modeling in Agile Engineering
4. QA: Security Mapping
5. Automation ROI Modelling
6. AWS Security
7. Secure Software Maturity Models