Cloud Security Exchange 2024

Cloud Security Exchange 2024

Discover the best in cloud security alongside the biggest leaders on August 27th for our annual live-online SANS Cloud Security Exchange 2024! Where else can you access top-tier expertise from industry giants like Amazon Web Services (AWS), Google Cloud, Microsoft Azure, and the SANS Institute, sharing their insights all on one virtual stage?

This event, completely free of charge, offers a rare chance to learn rom the best in the business and enhance your cloud security knowledge. Secure your spot now and join us for a day of invaluable insights and networking. Don’t miss out!

What’s in Store for You:

Exclusive Insights: Learn what’s working (and what’s not) in cloud security architecture and cloud threat detection from the industry’s foremost experts.
Implementation Best Practices: Gain actionable advice and best practices to build robust cloud security capabilities at your organization.
Global Networking: Connect with thousands of attendees from around the world who are equally passionate about advancing cloud security.

Why Should You Attend?

Expert Panels: Hear directly from cloud security leaders at AWS, Google Cloud, Microsoft Azure, and the SANS Institute.
Interactive Sessions: Engage in live discussions, ask questions, and get answers from the experts in real-time.
Valuable Resources: Access a wealth of knowledge and resources that you can apply immediately to your cloud security strategies.

Proud Partners

Spend all day soaking up expert knowledge from leading authorities from the big three cloud platform providers.

Who's Speaking During This Event?

This virtual event features the world’s top cloud security experts joining together to offer advice and guidance on how to best protect our cloud environments.

Frank Kim

EVENT CHAIRPERSON | Frank Kim is a SANS Fellow and leads the Cloud Security and Cybersecurity Leadership curricula.

Learn More

Dr. Anton Chuvakin

Dr. Anton Chuvakin is a Security Advisor at Office of the CISO at Google Cloud.

Brandon Evans

Brandon Evans is a SANS Certified Instructor and author.

Ryan Nicholson

Ryan Nicholson is a SANS Certified Instructor and author.

Ashish Rajan

Ashish Rajan is a SANS Associate Instructor and the Head of Security & Compliance at PageUp People.

Megan Roddie

Megan Roddie is currently working as a Senior Security Engineer at IBM.

Dave Shackleford

Dave Shackleford is a SANS Senior Instructor and the owner and principal consultant of Voodoo Security and faculty at IANS Research.

Simon Vernon

Simon Vernon is a SANS Certified Instructor and Head of Research and Development for SANS Institute.

Event Agenda

Join us Live Online on Tuesday, August 27 for unparalleled access to in-depth presentations and expert panel discussions.

Timeline (EDT)	Session Description
11:00 AM	SANS Welcome & Opening Comments Frank Kim, Event Chair, SANS Institute
11:15 AM	Evolving Cloud Security with a Modern Approach Modernizing cloud security practices is a necessity and many organizations still struggle to implement effective cloud security measures, despite the availability of tried-and-true best practices. Discover ten key areas where organizations can focus their efforts to improve their cloud security posture (with an overview of the "new ways" in which cloud security best practices are evolving). It’s critical to adapt security strategies to the ever-changing landscape of cloud computing, and we fortunately have a good understanding of what this shift looks like today. Dr. Anton Chuvakin, Security Advisor at Office of the CISO, Google Cloud Dave Shackleford, Senior Instructor, SANS Institute
12:00PM	Identity Modernization The imperative for Identity Modernization has never been more critical. As organizations navigate the evolving landscape of digital identity, the urgency to adapt has been significantly amplified by the recent advent of Generative AI technologies. This transformation journey is especially pivotal for enterprises looking to migrate applications from traditional Active Directory frameworks to more agile and secure platforms like Entra ID. These solutions not only modernize private app access through granular application segmentation but also enhance security postures by ensuring only the right individuals have access to the right resources under the right conditions. A clear path for organizations to achieve Identity Modernization emphasizes the integration of modernizing private app access with ZTNA, a pivotal step that redefines how access controls are managed and enforced, shifting away from the perimeter-based models to one that is dynamic and identity-aware. We will also discuss the benefits of expanding Conditional Access controls across a broader array of applications. This expansion is not just about enforcing policies; it's about creating a security model that adapts in real-time to changes in user roles, security incidents, location shifts, and device compliance status. Angelica Faber, Microsoft Simon Vernon, Certified Instructor, SANS Institute
12:45 PM	Break
1:00 PM	Secure by Design: Guiding principles for proactive security Discover the power of embracing security as a core business requirement with Secure by Design principles. Secure by Design means more than integrating security into your design and development processes from the start. It's a comprehensive approach that can help you balance agility and cost optimization with your security goals, and make it easier to maintain the security of your products and services over time. We'll guide you through key Secure by Design principles, and best practices for proactively incorporating security into your development lifecycle and workloads. You'll gain actionable insights into the mechanisms that can help you significantly reduce the impact of vulnerabilities with your target architecture, and how you can use cloud technology to achieve your objectives. Paul Vixie, Ph.D, Deputy CISO, Vice President, and Distinguished Engineer, AWS Eric Johnson, Senior Instructor, SANS Institute
1:45 PM	The Cloud Security Journey: Day One It’s day one in a professional security practitioner’s position responsible for protecting their enterprise’s cloud infrastructure, and as always, figuring out where to start can be challenging. The cloud security journey begins with outlining the best practices and skill sets needed to build a well-architected cloud environment that enables effective identity and access management (IAM), data security and asset management, and ensures overall security compliance. The next step is establishing the detection and mitigation practices needed to ensure compliance, taking into account critical issues like the pros and cons of cloud detection services and the varying approaches to securing heterogeneous cloud services and applications. And this critical first day ends with an in-depth look at tools and methods for investigation and pursuit following a security event. Shaun McCullough, SANS Certified Instructor Ashish Rajan, Associate Instructor, SANS Institute, Megan Roddie, Author, SANS Institute
2:20 PM	AI Security Challenges, Hype, and Opportunities Nearly two decades ago, the public cloud introduced a powerful tool with countless opportunities and underestimated risks. Today, that tool is Generative AI. While AI enables organizations to solve new problems and reduce the resources necessary to do so, it also enables attackers to leverage new attack vectors. This is often because organizations do not understand the intricate details of how Generative AI works. At the same time, the security industry sees promise in AI improving their operations and tooling. However, while it is highly promising in many cases, it is useless or counterproductive in some others. Ahmed Abugharbia and Brandon Evans will discuss how customers have been using AI in insecure ways, both as regular users and application developers, how those issues are complicated when using the AI offerings from the Big 3 Cloud providers (AWS, Azure, GCP), and how AI can be used practically to improve security operations. Brandon Evans, Certified Instructor, SANS Institute Ahmed Abugharbia, Certified Instructor, SANS Institute
2:45 PM	Break
2:55 PM	Panel Discussion Moderator: Frank Kim, Event Chairperson, SANS Institute Panelists: Dr. Anton Chuvakin, Security Advisor at Office of the CISO, Google Cloud Angelica Faber, Sr. Security Architect, Microsoft Azure Security Paul Vixie, Ph.D, Deputy CISO, Vice President, and Distinguished Engineer, AWS Shaun McCullough, Certified Instructor, SANS Institute
3:55 PM	Closing Remarks Frank Kim, Event Chair, SANS Institute

Attendee Quotes from Last Year's Event

This was a great event, hoping to send more of our team through some of the cloud courses this coming fiscal year!

I must depart for my next engagement. This was an amazing learning event for me and greatly appreciate the opportunity. Best wishes to all and take care!

You guys are all amazing and I am so thankful to have such a pleasant host! They were all so amazing and I want to listen to them talk again honestly. Thank you so much for the great activity!

Thanks to all the experts and moderators, this was a really informative event! Have a good one, and see you all soon!

Good information! Looking forward to reviewing the slides and archived video.

Free Course Demos

SANS CISO Primer: 4 Cyber Trends

2023 Security Awareness Report

Security Policy Templates

Join the Community

Our Mission