Cloud Ace SANS Institute

Brandon Evans and fellow cloud security podcaster Ashish Rajan, host of the Cloud Security Podcast and Principal Cloud Security Advocate for Snyk, chat about developer-first security, multicloud abstraction layers, cybersecurity conferences, and the 5 Cs of cloud security products (CASB, CIEM, CNAPP, CSPM, and CWPP).

Our Guest - Ashish Rajan
Ashish Rajan is the host of the wildly popular Cloud Security Podcast, a CISO, CyberSecurity Influencer, a SANS Trainer for Cloud Security and an outspoken opinion leader on all things Cloud Security & DevSecOps. 
He is a frequent contributor on topics related to public cloud transformation, DevSecOps, Future Tech and the associated security challenges for practitioners and CISOs.
Follow Ashish
Twitter
LinkedIn
Web

Sponsor's Note:


Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcast and would like to learn more about cloud security, SANS Cloud Security curriculum is here to support your journey into building, deploying, and managing secure cloud infrastructure, platforms, and applications. Whether you are on a technical flight plan, or a leadership one, SANS Cloud Security curriculum has resources, training, and certifications to fit your needs.


Focus on where the cloud is going, not where it is today. Your organization is going to need someone with hands-on technical experience and cloud security-specific knowledge. You will be prepared not only for your current role, but also for a cutting-edge future in cloud security.


Review and Download Cloud Security Resources: sans.org/cloud-security/


Join our growing and diverse community of cloud security professionals on your platform of choice:
Discord | Twitter | LinkedIn | YouTube
Don't miss the upcoming SANS Cloud Defender Dallas Conference! 
In-person attendees will enjoy Interface Dallas hosted by Simon Vernon, an in-person only reception, a Cloud Security Night Talk, Cloud Ace swag, Learning with Lattes, printed posters and much more.
Join our SANS Cloud security community in Dallas Texas, Feb. 20 - 25, 2023.
Learn more at https://www.sans.org/u/1oG7 

Brandon Evans reconnects with former co-worker Marqueze “Q” Sawyers, a Senior Manager of Software Engineering at Asurion, as they chat about moving fast while failing safely while developing cloud-based applications, using tools like GitHub actions to enable security pipelines in a DevSecOps environment, and making security look as cool as it is for Security Champions and engineers.

Our Guest - Marqueze Sawyers

Twitter: https://twitter.com/MarquezeSawyers
LinkedIn: https://www.linkedin.com/in/marqueze-sawyers-7a430467/
Resources mentioned in this episode:
Blacks in Technology
Asurion Marketing Site
Asurion BEST ERG

Don't miss the upcoming SANS Cloud Defender Dallas Conference! 
In-person attendees will enjoy Interface Dallas hosted by Simon Vernon, an in-person only reception, a Cloud Security Night Talk, Cloud Ace swag, Learning with Lattes, printed posters and much more.
Join our SANS Cloud security community in Dallas Texas, Feb. 20 - 25, 2023.
Learn more at https://www.sans.org/u/1oG7 

Brandon Evans meets with Ahmed AbuGharbia, a Security Manager and Consultant at Sirius Computer Solutions as well as a Certified Instructor Candidate for SANS SEC540: Cloud Security and DevSecOps Automation, to discuss reskilling traditional security professionals to work with Cloud and DevSecOps, getting executive buy-in for investing in their employees, and about an incident he responded to in which all of the infrastructure within his client’s AWS account was deleted.
Our Guest - Ahmed AbuGharbia

Ahmed Abugharbia is a consultant and a manger in the Managed Security Services department at Sirius Computer Solutions in Chicago, IL. Prior to moving to the United States in 2017, Ahmed was a co-founder of Cystack consulting, which has been serving clients in the Middle East for over 10 years, providing assistance to clients with upgrading their information security defenses through deploying security solutions, performing vulnerability and infrastructure assessments, as well as hosting information security training sessions to technical staff. In total, he has over 13 years of experience in the field of information security, with a recent focus on Cloud Security and DevSecOps. Other areas of expertise for Ahmed include Firewalls, IPS, WAF, PKI, Vulnerability Management and Information Security Consulting. Ahmed is an instructor for SEC540: Cloud Security and DevOps Automation

Sponsor's Note:


Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcast and would like to learn more about cloud security, SANS Cloud Security curriculum is here to support your journey into building, deploying, and managing secure cloud infrastructure, platforms, and applications. Whether you are on a technical flight plan, or a leadership one, SANS Cloud Security curriculum has resources, training, and certifications to fit your needs.


Focus on where the cloud is going, not where it is today. Your organization is going to need someone with hands-on technical experience and cloud security-specific knowledge. You will be prepared not only for your current role, but also for a cutting-edge future in cloud security.


Review and Download Cloud Security Resources: sans.org/cloud-security/


Join our growing and diverse community of cloud security professionals on your platform of choice:
Discord | Twitter | LinkedIn | YouTube


Don't miss the upcoming SANS Cloud Defender Dallas Conference! 
In-person attendees will enjoy Interface Dallas hosted by Simon Vernon, an in-person only reception, a Cloud Security Night Talk, Cloud Ace swag, Learning with Lattes, printed posters and much more.
Join our SANS Cloud security community in Dallas Texas, Feb. 20 - 25, 2023.
Learn more at https://www.sans.org/u/1oG7 

Jabez Abraham, Senior Cyber Security Cloud Architect at Paige, meets with his former co-worker Brandon Evans to discuss how cloud native security capabilities can eliminate complexity while applying consistent security controls for organizations spanning multiple geographies, cloud accounts, and regulatory regimes.


Our Guest - Jabez Abraham

As a Senior Cyber Security Cloud Architect at Paige.ai, Jabez is passionate about cloud computing. He thrives on solving problems by leveraging native cloud services to build secure and supportable solutions. At Paige.ai, he helps define the strategies, roadmaps, and solutions to embrace the value of the public cloud and ensure the protection of Paige.ai infrastructure, applications, and data for Cloud Native, Hybrid, and inter-cloud deployments. He has spent an extensive amount of time working through the various aspects of adoption while embracing a #Cloudbydefault approach. Jabez also leads organizational transformation in Cloud and Security Domains.

Sponsor's Note:


Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcast and would like to learn more about cloud security, SANS Cloud Security curriculum is here to support your journey into building, deploying, and managing secure cloud infrastructure, platforms, and applications. Whether you are on a technical flight plan, or a leadership one, SANS Cloud Security curriculum has resources, training, and certifications to fit your needs.


Focus on where the cloud is going, not where it is today. Your organization is going to need someone with hands-on technical experience and cloud security-specific knowledge. You will be prepared not only for your current role, but also for a cutting-edge future in cloud security.


Review and Download Cloud Security Resources: sans.org/cloud-security/


Join our growing and diverse community of cloud security professionals on your platform of choice:
Discord | Twitter | LinkedIn | YouTube


Don't miss the upcoming SANS Cloud Defender Dallas Conference! 
In-person attendees will enjoy Interface Dallas hosted by Simon Vernon, an in-person only reception, a Cloud Security Night Talk, Cloud Ace swag, Learning with Lattes, printed posters and much more.
Join our SANS Cloud security community in Dallas Texas, Feb. 20 - 25, 2023.
Learn more at https://www.sans.org/u/1oG7 

Stacy Dunn, CISO Dojo podcast Co-Host, OWASP Chapter Co-Leader, SANS Senior Solutions Engineer, and former engineer for Check Point and Snyk, chats with Brandon Evans about the Software Development Lifecycle in the cloud, supply-chain security concerns, and the importance of creativity in a field that they both feel is incorrectly considered a hard science.

Our Guest - Stacy Dunn

Follow Stacy:
LinkedIn
CISO Dojo Podcast

Resources mentioned in this episode

https://hackernoon.com/how-it-feels-to-learn-javascript-in-2016-d3a717dd577f
https://oklahomaartcade.wordpress.com/
Sponsor's Note:
Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcast and would like to learn more about cloud security, SANS Cloud Security curriculum is here to support your journey into building, deploying, and managing secure cloud infrastructure, platforms, and applications. Whether you are on a technical flight plan, or a leadership one, SANS Cloud Security curriculum has resources, training, and certifications to fit your needs.
Focus on where the cloud is going, not where it is today. Your organization is going to need someone with hands-on technical experience and cloud security-specific knowledge. You will be prepared not only for your current role, but also for a cutting-edge future in cloud security.
Review and Download Cloud Security Resources: sans.org/cloud-security/
Join our growing and diverse community of cloud security professionals on your platform of choice:
Discord | Twitter | LinkedIn | YouTube
Don't miss the upcoming SANS Cloud Defender Dallas Conference! 
In-person attendees will enjoy Interface Dallas hosted by Simon Vernon, an in-person only reception, a Cloud Security Night Talk, Cloud Ace swag, Learning with Lattes, printed posters and much more.
Join our SANS Cloud security community in Dallas Texas, Feb. 20 - 25, 2023.
Learn more at https://www.sans.org/u/1oG7 

Brandon Evans reunites with his former co-worker, Josh, a Senior Security Architect at Snowflake, as they discuss how to build security into DevOps organizations and how he was able to identify vulnerabilities in cloud DevOps tooling.
Our Guest - Joshua Makinen
Joshua Makinen is a security expert based out of Seattle who has been working in security design and penetration testing for 6 years. Currently, he works with Snowflake to decompose and mitigate the risks associated with Snowflake's infrastructure and public-facing offerings as a Data Cloud. During his time as a Security Consultant with NCC Group, he was exposed to a multitude of different organizations and was fascinated by the wide variety of problems they faced, technologies they used, and the approaches to cloud security they chose as a result. While much of his career accomplishments are not public, he once released a container image registry scanning tool called go-pillage-registries and also (accidentally) discovered and responsibly disclosed a couple of high-severity bug-bounty findings and CVE-2021-3583 in Ansible. Internal threats to an organization's supply chain and management interfaces for sensitive environments remains as one of Josh's favorite topics to consider in security. 
Follow Joshua
Twitter
LinkedIn
Web
Sponsor's Note:


Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcast and would like to learn more about cloud security, SANS Cloud Security curriculum is here to support your journey into building, deploying, and managing secure cloud infrastructure, platforms, and applications. Whether you are on a technical flight plan, or a leadership one, SANS Cloud Security curriculum has resources, training, and certifications to fit your needs.


Focus on where the cloud is going, not where it is today. Your organization is going to need someone with hands-on technical experience and cloud security-specific knowledge. You will be prepared not only for your current role, but also for a cutting-edge future in cloud security.


Review and Download Cloud Security Resources: sans.org/cloud-security/


Join our growing and diverse community of cloud security professionals on your platform of choice:
Discord | Twitter | LinkedIn | YouTube


Don't miss the upcoming SANS Cloud Defender Dallas Conference! 
In-person attendees will enjoy Interface Dallas hosted by Simon Vernon, an in-person only reception, a Cloud Security Night Talk, Cloud Ace swag, Learning with Lattes, printed posters and much more.
Join our SANS Cloud security community in Dallas Texas, Feb. 20 - 25, 2023.
Learn more at https://www.sans.org/u/1oG7