�ݺ�ߣshows by User: TeriRadichel

�ݺ�ߣshows by User: TeriRadichel / http://www.slideshare.net/images/logo.gif �ݺ�ߣshows by User: TeriRadichel / Fri, 20 Jun 2025 00:23:02 GMT �ݺ�ߣShare feed for �ݺ�ߣshows by User: TeriRadichel Threat Modeling a Batch Job Framework - Teri Radichel - AWS re:Inforce 2025 /slideshow/threat-modeling-a-batch-job-framework-teri-radichel-aws-re-inforce-2025/280781725 aws-reinforce-tradichel-20260603-250620002302-61cdd628
This presentation is similar to another presentation I gave earlier in the year at the AWS Community Security Day, except that I had less time to present and incorporated some AI slides into the presentation. In this presentation I explain what batch jobs are, how to use them, and that AI Agents are essentially batch jobs. All the same security controls that apply to batch jobs also apply to AI agents. In addition, we have more concerns with AI agents because AI is based on a statistical model. That means that depending on where and how AI is used we lose some of the reliability that we would get from a traditional batch job. That needs to be taken into consideration when selecting how and when to use AI Agents as batch jobs and whether we should use AI to trigger an Agent. As I mention on one side - I don't want you to predict what my bank statement should look like. I want it to be right! By looking at various data breaches we can determine how those attacks worked and whether the system we are building is susceptible to a similar attack or not. ]]>
This presentation is similar to another presentation I gave earlier in the year at the AWS Community Security Day, except that I had less time to present and incorporated some AI slides into the presentation. In this presentation I explain what batch jobs are, how to use them, and that AI Agents are essentially batch jobs. All the same security controls that apply to batch jobs also apply to AI agents. In addition, we have more concerns with AI agents because AI is based on a statistical model. That means that depending on where and how AI is used we lose some of the reliability that we would get from a traditional batch job. That needs to be taken into consideration when selecting how and when to use AI Agents as batch jobs and whether we should use AI to trigger an Agent. As I mention on one side - I don't want you to predict what my bank statement should look like. I want it to be right! By looking at various data breaches we can determine how those attacks worked and whether the system we are building is susceptible to a similar attack or not. ]]> Fri, 20 Jun 2025 00:23:02 GMT /slideshow/threat-modeling-a-batch-job-framework-teri-radichel-aws-re-inforce-2025/280781725 TeriRadichel@slideshare.net(TeriRadichel) Threat Modeling a Batch Job Framework - Teri Radichel - AWS re:Inforce 2025 TeriRadichel This presentation is similar to another presentation I gave earlier in the year at the AWS Community Security Day, except that I had less time to present and incorporated some AI slides into the presentation. In this presentation I explain what batch jobs are, how to use them, and that AI Agents are essentially batch jobs. All the same security controls that apply to batch jobs also apply to AI agents. In addition, we have more concerns with AI agents because AI is based on a statistical model. That means that depending on where and how AI is used we lose some of the reliability that we would get from a traditional batch job. That needs to be taken into consideration when selecting how and when to use AI Agents as batch jobs and whether we should use AI to trigger an Agent. As I mention on one side - I don't want you to predict what my bank statement should look like. I want it to be right! By looking at various data breaches we can determine how those attacks worked and whether the system we are building is susceptible to a similar attack or not. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/aws-reinforce-tradichel-20260603-250620002302-61cdd628-thumbnail.jpg?width=120&height=120&fit=bounds" /> This presentation is similar to another presentation I gave earlier in the year at the AWS Community Security Day, except that I had less time to present and incorporated some AI slides into the presentation. In this presentation I explain what batch jobs are, how to use them, and that AI Agents are essentially batch jobs. All the same security controls that apply to batch jobs also apply to AI agents. In addition, we have more concerns with AI agents because AI is based on a statistical model. That means that depending on where and how AI is used we lose some of the reliability that we would get from a traditional batch job. That needs to be taken into consideration when selecting how and when to use AI Agents as batch jobs and whether we should use AI to trigger an Agent. As I mention on one side - I don't want you to predict what my bank statement should look like. I want it to be right! By looking at various data breaches we can determine how those attacks worked and whether the system we are building is susceptible to a similar attack or not.

Threat Modeling a Batch Job Framework - Teri Radichel - AWS re:Inforce 2025 from 2nd Sight Lab

]]> 97 0 https://cdn.slidesharecdn.com/ss_thumbnails/aws-reinforce-tradichel-20260603-250620002302-61cdd628-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Cross-Cloud Comparison and Security Notes /slideshow/cross-cloud-comparison-and-security-notes/277974842 cloudsecurity-supplementalmaterial-250415150133-0a48866b
This slide deck has a comparison of services across clouds as well as some supplemental materials such as questions you can ask about your cloud security strategy, posture, architecture, and operations. This particular set of slides is associated with my Azure class but it is applicable to cloud security in general for AWS, Azure, and GCP. Note that some things have changed since I wrote these slides. AWS has multiple types of policies now for different use cases: resource cross-account sharing policies (RAM) - which I really hope expands quickly because I find it very useful, declarative policies for resource configurations, service control policies, and so on. Microsoft keeps renaming things every five minutes. Azure AD is now Entra. Passwordless is all the rage on Azure and although other clouds have it, I don't think it is the holy grail Microsoft thinks it is. We'll see. Google has purchased a number of security companies that I think are pretty cool but we'll see how that all shakes out. Cloud providers are always developing new products and services such as the advent of AI Security solutions. AWS, in particular, has had a strong focus on protecting the data you use in conjunction with AI models to ensure your data is not used by them for training or leaked. If you find a broken link, that is a strong indication that something has changed! Make sure you consult the latest documentation.]]>
This slide deck has a comparison of services across clouds as well as some supplemental materials such as questions you can ask about your cloud security strategy, posture, architecture, and operations. This particular set of slides is associated with my Azure class but it is applicable to cloud security in general for AWS, Azure, and GCP. Note that some things have changed since I wrote these slides. AWS has multiple types of policies now for different use cases: resource cross-account sharing policies (RAM) - which I really hope expands quickly because I find it very useful, declarative policies for resource configurations, service control policies, and so on. Microsoft keeps renaming things every five minutes. Azure AD is now Entra. Passwordless is all the rage on Azure and although other clouds have it, I don't think it is the holy grail Microsoft thinks it is. We'll see. Google has purchased a number of security companies that I think are pretty cool but we'll see how that all shakes out. Cloud providers are always developing new products and services such as the advent of AI Security solutions. AWS, in particular, has had a strong focus on protecting the data you use in conjunction with AI models to ensure your data is not used by them for training or leaked. If you find a broken link, that is a strong indication that something has changed! Make sure you consult the latest documentation.]]> Tue, 15 Apr 2025 15:01:33 GMT /slideshow/cross-cloud-comparison-and-security-notes/277974842 TeriRadichel@slideshare.net(TeriRadichel) Cross-Cloud Comparison and Security Notes TeriRadichel This slide deck has a comparison of services across clouds as well as some supplemental materials such as questions you can ask about your cloud security strategy, posture, architecture, and operations. This particular set of slides is associated with my Azure class but it is applicable to cloud security in general for AWS, Azure, and GCP. Note that some things have changed since I wrote these slides. AWS has multiple types of policies now for different use cases: resource cross-account sharing policies (RAM) - which I really hope expands quickly because I find it very useful, declarative policies for resource configurations, service control policies, and so on. Microsoft keeps renaming things every five minutes. Azure AD is now Entra. Passwordless is all the rage on Azure and although other clouds have it, I don't think it is the holy grail Microsoft thinks it is. We'll see. Google has purchased a number of security companies that I think are pretty cool but we'll see how that all shakes out. Cloud providers are always developing new products and services such as the advent of AI Security solutions. AWS, in particular, has had a strong focus on protecting the data you use in conjunction with AI models to ensure your data is not used by them for training or leaked. If you find a broken link, that is a strong indication that something has changed! Make sure you consult the latest documentation. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/cloudsecurity-supplementalmaterial-250415150133-0a48866b-thumbnail.jpg?width=120&height=120&fit=bounds" /> This slide deck has a comparison of services across clouds as well as some supplemental materials such as questions you can ask about your cloud security strategy, posture, architecture, and operations. This particular set of slides is associated with my Azure class but it is applicable to cloud security in general for AWS, Azure, and GCP. Note that some things have changed since I wrote these slides. AWS has multiple types of policies now for different use cases: resource cross-account sharing policies (RAM) - which I really hope expands quickly because I find it very useful, declarative policies for resource configurations, service control policies, and so on. Microsoft keeps renaming things every five minutes. Azure AD is now Entra. Passwordless is all the rage on Azure and although other clouds have it, I don't think it is the holy grail Microsoft thinks it is. We'll see. Google has purchased a number of security companies that I think are pretty cool but we'll see how that all shakes out. Cloud providers are always developing new products and services such as the advent of AI Security solutions. AWS, in particular, has had a strong focus on protecting the data you use in conjunction with AI models to ensure your data is not used by them for training or leaked. If you find a broken link, that is a strong indication that something has changed! Make sure you consult the latest documentation.

Cross-Cloud Comparison and Security Notes from 2nd Sight Lab

]]> 195 0 https://cdn.slidesharecdn.com/ss_thumbnails/cloudsecurity-supplementalmaterial-250415150133-0a48866b-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Threat Modeling a Batch Job System - AWS Security Community Day /slideshow/threat-modeling-a-batch-job-system-aws-security-community-day/277589603 threatmodeling-batchjob-awssecuritycommunityday-2025-250406210712-86025f68
I've been working on building a batch job framework for a few years now and blogging about it in the process. This presentation explains how and why I started building and writing about this system and the reason it changed from deploying one simple batch job to a much bigger project. I explore a number of recent data breaches, how they occurred, and what may have prevented them along the way. We consider how what make goes into an effective security architecture and well-designed security controls that avoid common pitfalls. There are friend links to many blog posts in the notes of the presentation that bypass the paywall. Topics include security architecture, IAM, encryption (KMS), networking, MFA, source control, separation of duties, supply chain attacks, and more.]]>
I've been working on building a batch job framework for a few years now and blogging about it in the process. This presentation explains how and why I started building and writing about this system and the reason it changed from deploying one simple batch job to a much bigger project. I explore a number of recent data breaches, how they occurred, and what may have prevented them along the way. We consider how what make goes into an effective security architecture and well-designed security controls that avoid common pitfalls. There are friend links to many blog posts in the notes of the presentation that bypass the paywall. Topics include security architecture, IAM, encryption (KMS), networking, MFA, source control, separation of duties, supply chain attacks, and more.]]> Sun, 06 Apr 2025 21:07:11 GMT /slideshow/threat-modeling-a-batch-job-system-aws-security-community-day/277589603 TeriRadichel@slideshare.net(TeriRadichel) Threat Modeling a Batch Job System - AWS Security Community Day TeriRadichel I've been working on building a batch job framework for a few years now and blogging about it in the process. This presentation explains how and why I started building and writing about this system and the reason it changed from deploying one simple batch job to a much bigger project. I explore a number of recent data breaches, how they occurred, and what may have prevented them along the way. We consider how what make goes into an effective security architecture and well-designed security controls that avoid common pitfalls. There are friend links to many blog posts in the notes of the presentation that bypass the paywall. Topics include security architecture, IAM, encryption (KMS), networking, MFA, source control, separation of duties, supply chain attacks, and more. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/threatmodeling-batchjob-awssecuritycommunityday-2025-250406210712-86025f68-thumbnail.jpg?width=120&height=120&fit=bounds" /> I've been working on building a batch job framework for a few years now and blogging about it in the process. This presentation explains how and why I started building and writing about this system and the reason it changed from deploying one simple batch job to a much bigger project. I explore a number of recent data breaches, how they occurred, and what may have prevented them along the way. We consider how what make goes into an effective security architecture and well-designed security controls that avoid common pitfalls. There are friend links to many blog posts in the notes of the presentation that bypass the paywall. Topics include security architecture, IAM, encryption (KMS), networking, MFA, source control, separation of duties, supply chain attacks, and more.

Threat Modeling a Batch Job System - AWS Security Community Day from 2nd Sight Lab

]]> 462 0 https://cdn.slidesharecdn.com/ss_thumbnails/threatmodeling-batchjob-awssecuritycommunityday-2025-250406210712-86025f68-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Azure Security - Day6 - Operations And Risk /slideshow/azure-security-day6-operations-and-risk/275588738 azuresecurity-day6-operationsandrisk-250212162052-2274d229
These are the slides for my 6th and final day of an Azure security class. On day 6 we're looking at how to we monitor and manage changes in our environment. Changes - authorized or unauthorized - can lead to cybersecurity risk. How do you determine if authorized changes are increasing or decreasing the risk that your organization will be the victim of a data breach or some other cybersecurity incident that causes harm? How do you find threats in your environment or attacks that may already be present and in progress? How do you monitor and reduce your risk over time? That's what this day of class covers. These topics are applicable not only to Azure but all computer, cloud, and networking systems. However, in these slides, I show some of the features and services available in Azure to find these threats and monitor your risk. Topics: Azure Resource Graph Defender for Cloud Security Assessments Compliance Defender for Cloud Apps Azure Logging Azure Monitor Sentinel Security Operations Incident Response Penetration Testing Risk Management]]>
These are the slides for my 6th and final day of an Azure security class. On day 6 we're looking at how to we monitor and manage changes in our environment. Changes - authorized or unauthorized - can lead to cybersecurity risk. How do you determine if authorized changes are increasing or decreasing the risk that your organization will be the victim of a data breach or some other cybersecurity incident that causes harm? How do you find threats in your environment or attacks that may already be present and in progress? How do you monitor and reduce your risk over time? That's what this day of class covers. These topics are applicable not only to Azure but all computer, cloud, and networking systems. However, in these slides, I show some of the features and services available in Azure to find these threats and monitor your risk. Topics: Azure Resource Graph Defender for Cloud Security Assessments Compliance Defender for Cloud Apps Azure Logging Azure Monitor Sentinel Security Operations Incident Response Penetration Testing Risk Management]]> Wed, 12 Feb 2025 16:20:52 GMT /slideshow/azure-security-day6-operations-and-risk/275588738 TeriRadichel@slideshare.net(TeriRadichel) Azure Security - Day6 - Operations And Risk TeriRadichel These are the slides for my 6th and final day of an Azure security class. On day 6 we're looking at how to we monitor and manage changes in our environment. Changes - authorized or unauthorized - can lead to cybersecurity risk. How do you determine if authorized changes are increasing or decreasing the risk that your organization will be the victim of a data breach or some other cybersecurity incident that causes harm? How do you find threats in your environment or attacks that may already be present and in progress? How do you monitor and reduce your risk over time? That's what this day of class covers. These topics are applicable not only to Azure but all computer, cloud, and networking systems. However, in these slides, I show some of the features and services available in Azure to find these threats and monitor your risk. Topics: Azure Resource Graph Defender for Cloud Security Assessments Compliance Defender for Cloud Apps Azure Logging Azure Monitor Sentinel Security Operations Incident Response Penetration Testing Risk Management <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/azuresecurity-day6-operationsandrisk-250212162052-2274d229-thumbnail.jpg?width=120&height=120&fit=bounds" /> These are the slides for my 6th and final day of an Azure security class. On day 6 we're looking at how to we monitor and manage changes in our environment. Changes - authorized or unauthorized - can lead to cybersecurity risk. How do you determine if authorized changes are increasing or decreasing the risk that your organization will be the victim of a data breach or some other cybersecurity incident that causes harm? How do you find threats in your environment or attacks that may already be present and in progress? How do you monitor and reduce your risk over time? That's what this day of class covers. These topics are applicable not only to Azure but all computer, cloud, and networking systems. However, in these slides, I show some of the features and services available in Azure to find these threats and monitor your risk. Topics: Azure Resource Graph Defender for Cloud Security Assessments Compliance Defender for Cloud Apps Azure Logging Azure Monitor Sentinel Security Operations Incident Response Penetration Testing Risk Management

Azure Security - Day6 - Operations And Risk from 2nd Sight Lab

]]> 193 0 https://cdn.slidesharecdn.com/ss_thumbnails/azuresecurity-day6-operationsandrisk-250212162052-2274d229-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Azure Security - Day5 - Governance And Architecture /slideshow/azure-security-day5-governance-and-architecture/275555821 azuresecurity-day5-governanceandarchitecture-250211171534-d89cbb5c
A lot of the topics in Day 5 of this Azure class are related to this concept of abstracting out what is common - either to create base images, templates, or apply policies across your organization. By defining core tenets to be applied across the board where possible, you reduce complexity and help prevent errors. If done correctly, it makes people's jobs easier, not harder. Two very important concepts covered here include secure deployments - which help prevent rogue code and misconfigurations from entering your environment - and backups which help you recover in a timely manner from disasters. Hopefully both will help you defend your organization against ransomware. This is a 2 hour class so of course we can only cover so much in that time frame. But this class aims to give you a starting point for further development of a solid foundation for your Azure cloud account. Leverage automation. Build secure base components. Think through your organizational structure and policies. Plan for disasters. And of course, consider your costs. Azure Resource Manager The Power of Automation VM Image Automation Governance Strategy Management Groups Azure Policy Azure Blueprints Azure Automation Azure Arc Data Classification Billing and Budgets Secure Deployments Backups & Data Transfer Architecture]]>
A lot of the topics in Day 5 of this Azure class are related to this concept of abstracting out what is common - either to create base images, templates, or apply policies across your organization. By defining core tenets to be applied across the board where possible, you reduce complexity and help prevent errors. If done correctly, it makes people's jobs easier, not harder. Two very important concepts covered here include secure deployments - which help prevent rogue code and misconfigurations from entering your environment - and backups which help you recover in a timely manner from disasters. Hopefully both will help you defend your organization against ransomware. This is a 2 hour class so of course we can only cover so much in that time frame. But this class aims to give you a starting point for further development of a solid foundation for your Azure cloud account. Leverage automation. Build secure base components. Think through your organizational structure and policies. Plan for disasters. And of course, consider your costs. Azure Resource Manager The Power of Automation VM Image Automation Governance Strategy Management Groups Azure Policy Azure Blueprints Azure Automation Azure Arc Data Classification Billing and Budgets Secure Deployments Backups & Data Transfer Architecture]]> Tue, 11 Feb 2025 17:15:34 GMT /slideshow/azure-security-day5-governance-and-architecture/275555821 TeriRadichel@slideshare.net(TeriRadichel) Azure Security - Day5 - Governance And Architecture TeriRadichel A lot of the topics in Day 5 of this Azure class are related to this concept of abstracting out what is common - either to create base images, templates, or apply policies across your organization. By defining core tenets to be applied across the board where possible, you reduce complexity and help prevent errors. If done correctly, it makes people's jobs easier, not harder. Two very important concepts covered here include secure deployments - which help prevent rogue code and misconfigurations from entering your environment - and backups which help you recover in a timely manner from disasters. Hopefully both will help you defend your organization against ransomware. This is a 2 hour class so of course we can only cover so much in that time frame. But this class aims to give you a starting point for further development of a solid foundation for your Azure cloud account. Leverage automation. Build secure base components. Think through your organizational structure and policies. Plan for disasters. And of course, consider your costs. Azure Resource Manager The Power of Automation VM Image Automation Governance Strategy Management Groups Azure Policy Azure Blueprints Azure Automation Azure Arc Data Classification Billing and Budgets Secure Deployments Backups & Data Transfer Architecture <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/azuresecurity-day5-governanceandarchitecture-250211171534-d89cbb5c-thumbnail.jpg?width=120&height=120&fit=bounds" /> A lot of the topics in Day 5 of this Azure class are related to this concept of abstracting out what is common - either to create base images, templates, or apply policies across your organization. By defining core tenets to be applied across the board where possible, you reduce complexity and help prevent errors. If done correctly, it makes people's jobs easier, not harder. Two very important concepts covered here include secure deployments - which help prevent rogue code and misconfigurations from entering your environment - and backups which help you recover in a timely manner from disasters. Hopefully both will help you defend your organization against ransomware. This is a 2 hour class so of course we can only cover so much in that time frame. But this class aims to give you a starting point for further development of a solid foundation for your Azure cloud account. Leverage automation. Build secure base components. Think through your organizational structure and policies. Plan for disasters. And of course, consider your costs. Azure Resource Manager The Power of Automation VM Image Automation Governance Strategy Management Groups Azure Policy Azure Blueprints Azure Automation Azure Arc Data Classification Billing and Budgets Secure Deployments Backups & Data Transfer Architecture

Azure Security - Day5 - Governance And Architecture from 2nd Sight Lab

]]> 159 0 https://cdn.slidesharecdn.com/ss_thumbnails/azuresecurity-day5-governanceandarchitecture-250211171534-d89cbb5c-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 AzureSecurity Day4 Compute And Application Service Security /slideshow/azuresecurity-day4-compute-and-application-service-security/275524483 azuresecurity-day4-computeandappsecurity-250210180812-2688b793
Day 4 - Azure Security Class - Teri Radichel , 2nd Sight Lab The cloud is generally all about two things - compute and storage. You want to store your data and you want to process it. Where do you process it? Who and what can access it when you do process it in the cloud? On compute resources like virtual machines (your computers in the sky), containers, and serverless functions, possibly using complex systems to run it all like Kubernetes. How do you secure all of that if you don't physically control the servers in your own data center? How can these compute resources be accessed? You'll want to know about proxies and relays that might be bypassing your network controls. How can the data be encrypted and protected on disk? That's what day 4 of my Azure security class is all about. Overview of Azure Compute Virtual Machines + Disks Availability Sets Scale Sets and Load Balancers Application Gateway WAF Functions (+Secrets in Apps) Container Instances Azure Kubernetes Service Service Bus API Management App Service Application Proxy Azure Relay]]>
Day 4 - Azure Security Class - Teri Radichel , 2nd Sight Lab The cloud is generally all about two things - compute and storage. You want to store your data and you want to process it. Where do you process it? Who and what can access it when you do process it in the cloud? On compute resources like virtual machines (your computers in the sky), containers, and serverless functions, possibly using complex systems to run it all like Kubernetes. How do you secure all of that if you don't physically control the servers in your own data center? How can these compute resources be accessed? You'll want to know about proxies and relays that might be bypassing your network controls. How can the data be encrypted and protected on disk? That's what day 4 of my Azure security class is all about. Overview of Azure Compute Virtual Machines + Disks Availability Sets Scale Sets and Load Balancers Application Gateway WAF Functions (+Secrets in Apps) Container Instances Azure Kubernetes Service Service Bus API Management App Service Application Proxy Azure Relay]]> Mon, 10 Feb 2025 18:08:12 GMT /slideshow/azuresecurity-day4-compute-and-application-service-security/275524483 TeriRadichel@slideshare.net(TeriRadichel) AzureSecurity Day4 Compute And Application Service Security TeriRadichel Day 4 - Azure Security Class - Teri Radichel , 2nd Sight Lab The cloud is generally all about two things - compute and storage. You want to store your data and you want to process it. Where do you process it? Who and what can access it when you do process it in the cloud? On compute resources like virtual machines (your computers in the sky), containers, and serverless functions, possibly using complex systems to run it all like Kubernetes. How do you secure all of that if you don't physically control the servers in your own data center? How can these compute resources be accessed? You'll want to know about proxies and relays that might be bypassing your network controls. How can the data be encrypted and protected on disk? That's what day 4 of my Azure security class is all about. Overview of Azure Compute Virtual Machines + Disks Availability Sets Scale Sets and Load Balancers Application Gateway WAF Functions (+Secrets in Apps) Container Instances Azure Kubernetes Service Service Bus API Management App Service Application Proxy Azure Relay <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/azuresecurity-day4-computeandappsecurity-250210180812-2688b793-thumbnail.jpg?width=120&height=120&fit=bounds" /> Day 4 - Azure Security Class - Teri Radichel , 2nd Sight Lab The cloud is generally all about two things - compute and storage. You want to store your data and you want to process it. Where do you process it? Who and what can access it when you do process it in the cloud? On compute resources like virtual machines (your computers in the sky), containers, and serverless functions, possibly using complex systems to run it all like Kubernetes. How do you secure all of that if you don't physically control the servers in your own data center? How can these compute resources be accessed? You'll want to know about proxies and relays that might be bypassing your network controls. How can the data be encrypted and protected on disk? That's what day 4 of my Azure security class is all about. Overview of Azure Compute Virtual Machines + Disks Availability Sets Scale Sets and Load Balancers Application Gateway WAF Functions (+Secrets in Apps) Container Instances Azure Kubernetes Service Service Bus API Management App Service Application Proxy Azure Relay

AzureSecurity Day4 Compute And Application Service Security from 2nd Sight Lab

]]> 199 0 https://cdn.slidesharecdn.com/ss_thumbnails/azuresecurity-day4-computeandappsecurity-250210180812-2688b793-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 AzureSecurity - Day3 - Storage And Key Vault /slideshow/azuresecurity-day3-storage-and-key-vault/275460186 azuresecurity-day3-storageandkeyvault-250207212945-f4b4884e
Day three of this Azure security class is about protecting your data and secrets in the various places where they can be stored in the cloud. This involves understanding permissions to access the data as well as leveraging networking and encryption controls. Topics covered: Data Protection HSMs Key Vault Keys Secrets Certificates Azure Storage Accounts Blobs Files Queues Tables Data Share Databases Data Lake Storage Data Warehouse Encryption in use]]>
Day three of this Azure security class is about protecting your data and secrets in the various places where they can be stored in the cloud. This involves understanding permissions to access the data as well as leveraging networking and encryption controls. Topics covered: Data Protection HSMs Key Vault Keys Secrets Certificates Azure Storage Accounts Blobs Files Queues Tables Data Share Databases Data Lake Storage Data Warehouse Encryption in use]]> Fri, 07 Feb 2025 21:29:45 GMT /slideshow/azuresecurity-day3-storage-and-key-vault/275460186 TeriRadichel@slideshare.net(TeriRadichel) AzureSecurity - Day3 - Storage And Key Vault TeriRadichel Day three of this Azure security class is about protecting your data and secrets in the various places where they can be stored in the cloud. This involves understanding permissions to access the data as well as leveraging networking and encryption controls. Topics covered: Data Protection HSMs Key Vault Keys Secrets Certificates Azure Storage Accounts Blobs Files Queues Tables Data Share Databases Data Lake Storage Data Warehouse Encryption in use <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/azuresecurity-day3-storageandkeyvault-250207212945-f4b4884e-thumbnail.jpg?width=120&height=120&fit=bounds" /> Day three of this Azure security class is about protecting your data and secrets in the various places where they can be stored in the cloud. This involves understanding permissions to access the data as well as leveraging networking and encryption controls. Topics covered: Data Protection HSMs Key Vault Keys Secrets Certificates Azure Storage Accounts Blobs Files Queues Tables Data Share Databases Data Lake Storage Data Warehouse Encryption in use

AzureSecurity - Day3 - Storage And Key Vault from 2nd Sight Lab

]]> 199 0 https://cdn.slidesharecdn.com/ss_thumbnails/azuresecurity-day3-storageandkeyvault-250207212945-f4b4884e-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 AzureSecurity - Day2 - Azure Network Security /slideshow/azuresecurity-day2-azure-network-security-1e68/275459907 azuresecurity-day2-networking-250207210752-bba3faf4
Please review the license agreement and the read the related blog posts. Thank you! Networking is one of the most powerful controls you have to protect your systems. Most people don't understand WHY. Networking is not only about blocking bad things from entering your network. It also helps you spot systems under attack. Many of these slides are applicable to any network - not only Azure Networks. Topics covered: Networking Impact on Security Azure Hierarchy VNets & Subnets Routes & Peering DHCP & IP Addresses DNS NSGs, ASGs, & Firewalls Hybrid Networking Service networking SAAS Networking NAT Bastion DDoS Protection Load Balancing Monitoring and analysis ]]>
Please review the license agreement and the read the related blog posts. Thank you! Networking is one of the most powerful controls you have to protect your systems. Most people don't understand WHY. Networking is not only about blocking bad things from entering your network. It also helps you spot systems under attack. Many of these slides are applicable to any network - not only Azure Networks. Topics covered: Networking Impact on Security Azure Hierarchy VNets & Subnets Routes & Peering DHCP & IP Addresses DNS NSGs, ASGs, & Firewalls Hybrid Networking Service networking SAAS Networking NAT Bastion DDoS Protection Load Balancing Monitoring and analysis ]]> Fri, 07 Feb 2025 21:07:51 GMT /slideshow/azuresecurity-day2-azure-network-security-1e68/275459907 TeriRadichel@slideshare.net(TeriRadichel) AzureSecurity - Day2 - Azure Network Security TeriRadichel Please review the license agreement and the read the related blog posts. Thank you! Networking is one of the most powerful controls you have to protect your systems. Most people don't understand WHY. Networking is not only about blocking bad things from entering your network. It also helps you spot systems under attack. Many of these slides are applicable to any network - not only Azure Networks. Topics covered: Networking Impact on Security Azure Hierarchy VNets & Subnets Routes & Peering DHCP & IP Addresses DNS NSGs, ASGs, & Firewalls Hybrid Networking Service networking SAAS Networking NAT Bastion DDoS Protection Load Balancing Monitoring and analysis <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/azuresecurity-day2-networking-250207210752-bba3faf4-thumbnail.jpg?width=120&height=120&fit=bounds" /> Please review the license agreement and the read the related blog posts. Thank you! Networking is one of the most powerful controls you have to protect your systems. Most people don't understand WHY. Networking is not only about blocking bad things from entering your network. It also helps you spot systems under attack. Many of these slides are applicable to any network - not only Azure Networks. Topics covered: Networking Impact on Security Azure Hierarchy VNets & Subnets Routes & Peering DHCP & IP Addresses DNS NSGs, ASGs, & Firewalls Hybrid Networking Service networking SAAS Networking NAT Bastion DDoS Protection Load Balancing Monitoring and analysis

AzureSecurity - Day2 - Azure Network Security from 2nd Sight Lab

]]> 229 0 https://cdn.slidesharecdn.com/ss_thumbnails/azuresecurity-day2-networking-250207210752-bba3faf4-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 AzureSecurity Day1: Identity and Access Management /slideshow/azuresecurity-day1-identity-and-access-management/275396354 azuresecurity-day1-iam-250205165612-54135ad9
This class is arranged in two hour classes over 6 days. The class doesn’t have labs but the content walks through steps you can try after class and points to the myriad of tutorials for free in the Azure documentation where you can try out different functionality. Feel free to try out the tutorials between classes and ask questions at the next class. The topics we’ll cover include the following arranged by different types of security controls and functions: Identity and Access Management: One of the biggest risks you’ll face in a cloud environment is related to credentials and permissions. Attackers steal credentials or credentials are misused either maliciously or erroneously to expose data and cause security incidents. We’ll cover Azure Active Directory, account structure, and how permissions work on Azure. Networking: Networking is one of your best defenses — even in terms of reducing blast radius when credentials are lost, stolen or misused. We’ll introduce various Azure controls and how to use them to prevent and reduce the impact of data breaches. Storage and Key Vault: On day three we’ll look at how and where data is stored in the cloud and how to protect it, including using Azure Key Vault. Compute and App Security: Generally the point of the cloud is not just to store data but to build distributed, resilient applications. We’ll cover the different types of compute and application security controls on day 4. Governance and Architecture: Governance and Architecture go hand-in-hand to secure cloud environments so we cover these topics together on Day 5. You’ll want to think about the overall structure of your accounts, policies, and how you use them to prevent non-compliant resource from entering your account and how to find them when they exist. Operations and Risk: On day 6 we look at keeping your cloud environment running securely and managing risk. Once you’re up and running in the cloud you need to you handle security incidents effectively and maintain your desired level of risk through monitoring, audits, security assessments, and penetration tests. This is day one: Identity and Access Management: * Cloud Identity Threats * What can Identities do? * Global Administrator * Managing Identities * MFA * B2B and B2C * IdP * SSO * Identities for Applications * JIT & Conditional Access * Custom Roles * Monitoring & Evaluation Note: This material is outdated and it is for beginners. Please read the associated blog posts. Thank you!]]>
This class is arranged in two hour classes over 6 days. The class doesn’t have labs but the content walks through steps you can try after class and points to the myriad of tutorials for free in the Azure documentation where you can try out different functionality. Feel free to try out the tutorials between classes and ask questions at the next class. The topics we’ll cover include the following arranged by different types of security controls and functions: Identity and Access Management: One of the biggest risks you’ll face in a cloud environment is related to credentials and permissions. Attackers steal credentials or credentials are misused either maliciously or erroneously to expose data and cause security incidents. We’ll cover Azure Active Directory, account structure, and how permissions work on Azure. Networking: Networking is one of your best defenses — even in terms of reducing blast radius when credentials are lost, stolen or misused. We’ll introduce various Azure controls and how to use them to prevent and reduce the impact of data breaches. Storage and Key Vault: On day three we’ll look at how and where data is stored in the cloud and how to protect it, including using Azure Key Vault. Compute and App Security: Generally the point of the cloud is not just to store data but to build distributed, resilient applications. We’ll cover the different types of compute and application security controls on day 4. Governance and Architecture: Governance and Architecture go hand-in-hand to secure cloud environments so we cover these topics together on Day 5. You’ll want to think about the overall structure of your accounts, policies, and how you use them to prevent non-compliant resource from entering your account and how to find them when they exist. Operations and Risk: On day 6 we look at keeping your cloud environment running securely and managing risk. Once you’re up and running in the cloud you need to you handle security incidents effectively and maintain your desired level of risk through monitoring, audits, security assessments, and penetration tests. This is day one: Identity and Access Management: * Cloud Identity Threats * What can Identities do? * Global Administrator * Managing Identities * MFA * B2B and B2C * IdP * SSO * Identities for Applications * JIT & Conditional Access * Custom Roles * Monitoring & Evaluation Note: This material is outdated and it is for beginners. Please read the associated blog posts. Thank you!]]> Wed, 05 Feb 2025 16:56:12 GMT /slideshow/azuresecurity-day1-identity-and-access-management/275396354 TeriRadichel@slideshare.net(TeriRadichel) AzureSecurity Day1: Identity and Access Management TeriRadichel This class is arranged in two hour classes over 6 days. The class doesn’t have labs but the content walks through steps you can try after class and points to the myriad of tutorials for free in the Azure documentation where you can try out different functionality. Feel free to try out the tutorials between classes and ask questions at the next class. The topics we’ll cover include the following arranged by different types of security controls and functions: Identity and Access Management: One of the biggest risks you’ll face in a cloud environment is related to credentials and permissions. Attackers steal credentials or credentials are misused either maliciously or erroneously to expose data and cause security incidents. We’ll cover Azure Active Directory, account structure, and how permissions work on Azure. Networking: Networking is one of your best defenses — even in terms of reducing blast radius when credentials are lost, stolen or misused. We’ll introduce various Azure controls and how to use them to prevent and reduce the impact of data breaches. Storage and Key Vault: On day three we’ll look at how and where data is stored in the cloud and how to protect it, including using Azure Key Vault. Compute and App Security: Generally the point of the cloud is not just to store data but to build distributed, resilient applications. We’ll cover the different types of compute and application security controls on day 4. Governance and Architecture: Governance and Architecture go hand-in-hand to secure cloud environments so we cover these topics together on Day 5. You’ll want to think about the overall structure of your accounts, policies, and how you use them to prevent non-compliant resource from entering your account and how to find them when they exist. Operations and Risk: On day 6 we look at keeping your cloud environment running securely and managing risk. Once you’re up and running in the cloud you need to you handle security incidents effectively and maintain your desired level of risk through monitoring, audits, security assessments, and penetration tests. This is day one: Identity and Access Management: * Cloud Identity Threats * What can Identities do? * Global Administrator * Managing Identities * MFA * B2B and B2C * IdP * SSO * Identities for Applications * JIT & Conditional Access * Custom Roles * Monitoring & Evaluation Note: This material is outdated and it is for beginners. Please read the associated blog posts. Thank you! <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/azuresecurity-day1-iam-250205165612-54135ad9-thumbnail.jpg?width=120&height=120&fit=bounds" /> This class is arranged in two hour classes over 6 days. The class doesn’t have labs but the content walks through steps you can try after class and points to the myriad of tutorials for free in the Azure documentation where you can try out different functionality. Feel free to try out the tutorials between classes and ask questions at the next class. The topics we’ll cover include the following arranged by different types of security controls and functions: Identity and Access Management: One of the biggest risks you’ll face in a cloud environment is related to credentials and permissions. Attackers steal credentials or credentials are misused either maliciously or erroneously to expose data and cause security incidents. We’ll cover Azure Active Directory, account structure, and how permissions work on Azure. Networking: Networking is one of your best defenses — even in terms of reducing blast radius when credentials are lost, stolen or misused. We’ll introduce various Azure controls and how to use them to prevent and reduce the impact of data breaches. Storage and Key Vault: On day three we’ll look at how and where data is stored in the cloud and how to protect it, including using Azure Key Vault. Compute and App Security: Generally the point of the cloud is not just to store data but to build distributed, resilient applications. We’ll cover the different types of compute and application security controls on day 4. Governance and Architecture: Governance and Architecture go hand-in-hand to secure cloud environments so we cover these topics together on Day 5. You’ll want to think about the overall structure of your accounts, policies, and how you use them to prevent non-compliant resource from entering your account and how to find them when they exist. Operations and Risk: On day 6 we look at keeping your cloud environment running securely and managing risk. Once you’re up and running in the cloud you need to you handle security incidents effectively and maintain your desired level of risk through monitoring, audits, security assessments, and penetration tests. This is day one: Identity and Access Management: * Cloud Identity Threats * What can Identities do? * Global Administrator * Managing Identities * MFA * B2B and B2C * IdP * SSO * Identities for Applications * JIT & Conditional Access * Custom Roles * Monitoring & Evaluation Note: This material is outdated and it is for beginners. Please read the associated blog posts. Thank you!

AzureSecurity Day1: Identity and Access Management from 2nd Sight Lab

]]> 312 0 https://cdn.slidesharecdn.com/ss_thumbnails/azuresecurity-day1-iam-250205165612-54135ad9-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 So You Want a Job in Cybersecurity /slideshow/so-you-want-a-job-in-cybersecurity/259623625 2021-cybersecurity-careers-230804200441-92d9b3c8
Different types of jobs and careers in cybersecurity. How to learn about cybersecurity. Tips for getting a job in cybersecurity. ]]>
Different types of jobs and careers in cybersecurity. How to learn about cybersecurity. Tips for getting a job in cybersecurity. ]]> Fri, 04 Aug 2023 20:04:41 GMT /slideshow/so-you-want-a-job-in-cybersecurity/259623625 TeriRadichel@slideshare.net(TeriRadichel) So You Want a Job in Cybersecurity TeriRadichel Different types of jobs and careers in cybersecurity. How to learn about cybersecurity. Tips for getting a job in cybersecurity. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/2021-cybersecurity-careers-230804200441-92d9b3c8-thumbnail.jpg?width=120&height=120&fit=bounds" /> Different types of jobs and careers in cybersecurity. How to learn about cybersecurity. Tips for getting a job in cybersecurity.

So You Want a Job in Cybersecurity from 2nd Sight Lab

]]> 501 0 https://cdn.slidesharecdn.com/ss_thumbnails/2021-cybersecurity-careers-230804200441-92d9b3c8-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Cloud Offense Informs Cloud Defense.pptx /slideshow/cloud-offense-informs-cloud-defensepptx/259623598 cloudoffenseinformsclouddefense-230804200157-ae8ef201
Learning from cloud attacks to improve Cloud Defenses. Leveraging a CSPM and prioritizing vulnerabilities.]]>
Learning from cloud attacks to improve Cloud Defenses. Leveraging a CSPM and prioritizing vulnerabilities.]]> Fri, 04 Aug 2023 20:01:57 GMT /slideshow/cloud-offense-informs-cloud-defensepptx/259623598 TeriRadichel@slideshare.net(TeriRadichel) Cloud Offense Informs Cloud Defense.pptx TeriRadichel Learning from cloud attacks to improve Cloud Defenses. Leveraging a CSPM and prioritizing vulnerabilities. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/cloudoffenseinformsclouddefense-230804200157-ae8ef201-thumbnail.jpg?width=120&height=120&fit=bounds" /> Learning from cloud attacks to improve Cloud Defenses. Leveraging a CSPM and prioritizing vulnerabilities.

Cloud Offense Informs Cloud Defense.pptx from 2nd Sight Lab

]]> 77 0 https://cdn.slidesharecdn.com/ss_thumbnails/cloudoffenseinformsclouddefense-230804200157-ae8ef201-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Underrated AWS Security Controls ~ AWS Atlanta Summit 2022 /slideshow/underratedsecuritycontrolspptx/251816125 final-202205-aws-atl-summit-teriradichel-220519174112-70775c47
Security controls you might not be using but you should consider. In June 2021, an Ermetic report found that most of the companies surveyed experienced a cloud data breach in the prior 18 months. AWS has a number of security controls that can help prevent common data breaches and security incidents. Find out what these controls are and how they can help you secure your data.]]>
Security controls you might not be using but you should consider. In June 2021, an Ermetic report found that most of the companies surveyed experienced a cloud data breach in the prior 18 months. AWS has a number of security controls that can help prevent common data breaches and security incidents. Find out what these controls are and how they can help you secure your data.]]> Thu, 19 May 2022 17:41:12 GMT /slideshow/underratedsecuritycontrolspptx/251816125 TeriRadichel@slideshare.net(TeriRadichel) Underrated AWS Security Controls ~ AWS Atlanta Summit 2022 TeriRadichel Security controls you might not be using but you should consider. In June 2021, an Ermetic report found that most of the companies surveyed experienced a cloud data breach in the prior 18 months. AWS has a number of security controls that can help prevent common data breaches and security incidents. Find out what these controls are and how they can help you secure your data. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/final-202205-aws-atl-summit-teriradichel-220519174112-70775c47-thumbnail.jpg?width=120&height=120&fit=bounds" /> Security controls you might not be using but you should consider. In June 2021, an Ermetic report found that most of the companies surveyed experienced a cloud data breach in the prior 18 months. AWS has a number of security controls that can help prevent common data breaches and security incidents. Find out what these controls are and how they can help you secure your data.

Underrated AWS Security Controls ~ AWS Atlanta Summit 2022 from 2nd Sight Lab

]]> 650 0 https://cdn.slidesharecdn.com/ss_thumbnails/final-202205-aws-atl-summit-teriradichel-220519174112-70775c47-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Real World Cloud Compromise /slideshow/real-world-cloud-compromise/239969495 real-world-cloud-compromise-issa-201210224927
Cloud vulnerabilities I'm finding on penetration tests, bug bounties, and seeing in data breaches]]>
Cloud vulnerabilities I'm finding on penetration tests, bug bounties, and seeing in data breaches]]> Thu, 10 Dec 2020 22:49:27 GMT /slideshow/real-world-cloud-compromise/239969495 TeriRadichel@slideshare.net(TeriRadichel) Real World Cloud Compromise TeriRadichel Cloud vulnerabilities I'm finding on penetration tests, bug bounties, and seeing in data breaches <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/real-world-cloud-compromise-issa-201210224927-thumbnail.jpg?width=120&height=120&fit=bounds" /> Cloud vulnerabilities I'm finding on penetration tests, bug bounties, and seeing in data breaches

Real World Cloud Compromise from 2nd Sight Lab

]]> 556 0 https://cdn.slidesharecdn.com/ss_thumbnails/real-world-cloud-compromise-issa-201210224927-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Serverless Attack Vectors /slideshow/serverless-attack-vectors-229417297/229417297 rsac2020-serverlessattackvectors-teriradichel-f3-200229013339
Serverless attacks, exploits, architectures, and defenses. Presentation for RSA 2020. Serverless and cloud penetration testing. ~ Teri Radichel, CEO, 2nd Sight Lab]]>
Serverless attacks, exploits, architectures, and defenses. Presentation for RSA 2020. Serverless and cloud penetration testing. ~ Teri Radichel, CEO, 2nd Sight Lab]]> Sat, 29 Feb 2020 01:33:39 GMT /slideshow/serverless-attack-vectors-229417297/229417297 TeriRadichel@slideshare.net(TeriRadichel) Serverless Attack Vectors TeriRadichel Serverless attacks, exploits, architectures, and defenses. Presentation for RSA 2020. Serverless and cloud penetration testing. ~ Teri Radichel, CEO, 2nd Sight Lab <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/rsac2020-serverlessattackvectors-teriradichel-f3-200229013339-thumbnail.jpg?width=120&height=120&fit=bounds" /> Serverless attacks, exploits, architectures, and defenses. Presentation for RSA 2020. Serverless and cloud penetration testing. ~ Teri Radichel, CEO, 2nd Sight Lab

Serverless Attack Vectors from 2nd Sight Lab

]]> 492 0 https://cdn.slidesharecdn.com/ss_thumbnails/rsac2020-serverlessattackvectors-teriradichel-f3-200229013339-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Top Priorities for Cloud Application Security /slideshow/top-priorities-for-cloud-application-security-207404571/207404571 aws-cloud-app-security-final-191218223325
Are you trying to make sure your cloud applications are secure? You might think the biggest thing you need to worry about is S3 buckets, but you can actually leverage the cloud and DevSecOps in much more powerful ways to secure your applications. This talk was first presented at Countermeasure IT in Ottawa, Canada in November 2018]]>
Are you trying to make sure your cloud applications are secure? You might think the biggest thing you need to worry about is S3 buckets, but you can actually leverage the cloud and DevSecOps in much more powerful ways to secure your applications. This talk was first presented at Countermeasure IT in Ottawa, Canada in November 2018]]> Wed, 18 Dec 2019 22:33:25 GMT /slideshow/top-priorities-for-cloud-application-security-207404571/207404571 TeriRadichel@slideshare.net(TeriRadichel) Top Priorities for Cloud Application Security TeriRadichel Are you trying to make sure your cloud applications are secure? You might think the biggest thing you need to worry about is S3 buckets, but you can actually leverage the cloud and DevSecOps in much more powerful ways to secure your applications. This talk was first presented at Countermeasure IT in Ottawa, Canada in November 2018 <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/aws-cloud-app-security-final-191218223325-thumbnail.jpg?width=120&height=120&fit=bounds" /> Are you trying to make sure your cloud applications are secure? You might think the biggest thing you need to worry about is S3 buckets, but you can actually leverage the cloud and DevSecOps in much more powerful ways to secure your applications. This talk was first presented at Countermeasure IT in Ottawa, Canada in November 2018

Top Priorities for Cloud Application Security from 2nd Sight Lab

]]> 232 2 https://cdn.slidesharecdn.com/ss_thumbnails/aws-cloud-app-security-final-191218223325-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Azure for Auditors /slideshow/azure-for-auditors/191534941 2sl-azure-for-auditors-191108031720
Auditors can have a significant positive impact on Cybersecurity. This slide deck is from a sold out presentation on Azure for Auditors for ISACA and IIA in Seattle. How can auditors help cloud security? What should auditors and those performing cloud security assessments consider when evaluating cloud security on Azure? If you'd like to learn more check out my cybersecurity classes at https://2ndsightlab.com]]>
Auditors can have a significant positive impact on Cybersecurity. This slide deck is from a sold out presentation on Azure for Auditors for ISACA and IIA in Seattle. How can auditors help cloud security? What should auditors and those performing cloud security assessments consider when evaluating cloud security on Azure? If you'd like to learn more check out my cybersecurity classes at https://2ndsightlab.com]]> Fri, 08 Nov 2019 03:17:20 GMT /slideshow/azure-for-auditors/191534941 TeriRadichel@slideshare.net(TeriRadichel) Azure for Auditors TeriRadichel Auditors can have a significant positive impact on Cybersecurity. This slide deck is from a sold out presentation on Azure for Auditors for ISACA and IIA in Seattle. How can auditors help cloud security? What should auditors and those performing cloud security assessments consider when evaluating cloud security on Azure? If you'd like to learn more check out my cybersecurity classes at https://2ndsightlab.com <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/2sl-azure-for-auditors-191108031720-thumbnail.jpg?width=120&height=120&fit=bounds" /> Auditors can have a significant positive impact on Cybersecurity. This slide deck is from a sold out presentation on Azure for Auditors for ISACA and IIA in Seattle. How can auditors help cloud security? What should auditors and those performing cloud security assessments consider when evaluating cloud security on Azure? If you'd like to learn more check out my cybersecurity classes at https://2ndsightlab.com

Azure for Auditors from 2nd Sight Lab

]]> 2030 2 https://cdn.slidesharecdn.com/ss_thumbnails/2sl-azure-for-auditors-191108031720-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 How the Cloud Changes Cyber Security /slideshow/how-the-cloud-changes-cyber-security-179877243/179877243 2019-isaca-quebec-how-cloud-changes-security-191008011901
If your company is moving to the cloud, or you are auditing a company using cloud technology, what's different? What stays the same? ~ Keynote presentation for Bienvenue au congrès ISACA Québec 2019 ~ Copyright 2nd Sight Lab, LLC https://2ndsightlab.com]]>
If your company is moving to the cloud, or you are auditing a company using cloud technology, what's different? What stays the same? ~ Keynote presentation for Bienvenue au congrès ISACA Québec 2019 ~ Copyright 2nd Sight Lab, LLC https://2ndsightlab.com]]> Tue, 08 Oct 2019 01:19:01 GMT /slideshow/how-the-cloud-changes-cyber-security-179877243/179877243 TeriRadichel@slideshare.net(TeriRadichel) How the Cloud Changes Cyber Security TeriRadichel If your company is moving to the cloud, or you are auditing a company using cloud technology, what's different? What stays the same? ~ Keynote presentation for Bienvenue au congrès ISACA Québec 2019 ~ Copyright 2nd Sight Lab, LLC https://2ndsightlab.com <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/2019-isaca-quebec-how-cloud-changes-security-191008011901-thumbnail.jpg?width=120&height=120&fit=bounds" /> If your company is moving to the cloud, or you are auditing a company using cloud technology, what's different? What stays the same? ~ Keynote presentation for Bienvenue au congrès ISACA Québec 2019 ~ Copyright 2nd Sight Lab, LLC https://2ndsightlab.com

How the Cloud Changes Cyber Security from 2nd Sight Lab

]]> 469 0 https://cdn.slidesharecdn.com/ss_thumbnails/2019-isaca-quebec-how-cloud-changes-security-191008011901-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Are you ready for a cloud pentest? AWS re:Inforce 2019 /slideshow/are-you-ready-for-a-cloud-pentest-aws-reinforce-2019/153304294 are-you-ready-reinforce-20190620-teriradichel-190703063206
�ݺ�ߣs from presentation at AWS re:Inforce 2019]]>
�ݺ�ߣs from presentation at AWS re:Inforce 2019]]> Wed, 03 Jul 2019 06:32:06 GMT /slideshow/are-you-ready-for-a-cloud-pentest-aws-reinforce-2019/153304294 TeriRadichel@slideshare.net(TeriRadichel) Are you ready for a cloud pentest? AWS re:Inforce 2019 TeriRadichel �ݺ�ߣs from presentation at AWS re:Inforce 2019 <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/are-you-ready-reinforce-20190620-teriradichel-190703063206-thumbnail.jpg?width=120&height=120&fit=bounds" /> �ݺ�ߣs from presentation at AWS re:Inforce 2019

Are you ready for a cloud pentest? AWS re:Inforce 2019 from 2nd Sight Lab

]]> 547 2 https://cdn.slidesharecdn.com/ss_thumbnails/are-you-ready-reinforce-20190620-teriradichel-190703063206-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Are You Ready for a Cloud Pentest? /slideshow/are-you-ready-for-a-cloud-pentest/137384205 areyoureadyforacloudpentest-190320204955
Is your company in need of a cloud penetration test on AWS, Azure, or Google? Here are some things you might want to consider before starting your cloud pentest. Also tips for pentesters getting started in the cloud.]]>
Is your company in need of a cloud penetration test on AWS, Azure, or Google? Here are some things you might want to consider before starting your cloud pentest. Also tips for pentesters getting started in the cloud.]]> Wed, 20 Mar 2019 20:49:55 GMT /slideshow/are-you-ready-for-a-cloud-pentest/137384205 TeriRadichel@slideshare.net(TeriRadichel) Are You Ready for a Cloud Pentest? TeriRadichel Is your company in need of a cloud penetration test on AWS, Azure, or Google? Here are some things you might want to consider before starting your cloud pentest. Also tips for pentesters getting started in the cloud. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/areyoureadyforacloudpentest-190320204955-thumbnail.jpg?width=120&height=120&fit=bounds" /> Is your company in need of a cloud penetration test on AWS, Azure, or Google? Here are some things you might want to consider before starting your cloud pentest. Also tips for pentesters getting started in the cloud.

Are You Ready for a Cloud Pentest? from 2nd Sight Lab

]]> 1559 3 https://cdn.slidesharecdn.com/ss_thumbnails/areyoureadyforacloudpentest-190320204955-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Red Team vs. Blue Team on AWS ~ re:Invent 2018 /slideshow/red-team-vs-blue-team-on-aws-reinvent-2018/130646306 redvblue-reinvent-v5-190205232051
Red Teaming and Pen Testing steps taken on a vulnerable account followed by Blue Teaming and cloud security defensive strategies. Teri Radichel and Kolby Allen at re:Invent 2018]]>
Red Teaming and Pen Testing steps taken on a vulnerable account followed by Blue Teaming and cloud security defensive strategies. Teri Radichel and Kolby Allen at re:Invent 2018]]> Tue, 05 Feb 2019 23:20:51 GMT /slideshow/red-team-vs-blue-team-on-aws-reinvent-2018/130646306 TeriRadichel@slideshare.net(TeriRadichel) Red Team vs. Blue Team on AWS ~ re:Invent 2018 TeriRadichel Red Teaming and Pen Testing steps taken on a vulnerable account followed by Blue Teaming and cloud security defensive strategies. Teri Radichel and Kolby Allen at re:Invent 2018 <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/redvblue-reinvent-v5-190205232051-thumbnail.jpg?width=120&height=120&fit=bounds" /> Red Teaming and Pen Testing steps taken on a vulnerable account followed by Blue Teaming and cloud security defensive strategies. Teri Radichel and Kolby Allen at re:Invent 2018

Red Team vs. Blue Team on AWS ~ re:Invent 2018 from 2nd Sight Lab

]]> 529 3 https://cdn.slidesharecdn.com/ss_thumbnails/redvblue-reinvent-v5-190205232051-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 https://cdn.slidesharecdn.com/profile-photo-TeriRadichel-48x48.jpg?cb=1750380358 SAAS, AWS, Cloud and Application Penetration Testing. Please visit my website at 2ndsightlab.com and Linked at linkedin.com/in/teriradichel for more information. You can also find me on BlueSky, Mastodon, X, Threads, and Facebook (2nd Sight Lab). 2ndsightlab.com https://cdn.slidesharecdn.com/ss_thumbnails/aws-reinforce-tradichel-20260603-250620002302-61cdd628-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/threat-modeling-a-batch-job-framework-teri-radichel-aws-re-inforce-2025/280781725 Threat Modeling a Batc... https://cdn.slidesharecdn.com/ss_thumbnails/cloudsecurity-supplementalmaterial-250415150133-0a48866b-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/cross-cloud-comparison-and-security-notes/277974842 Cross-Cloud Comparison... https://cdn.slidesharecdn.com/ss_thumbnails/threatmodeling-batchjob-awssecuritycommunityday-2025-250406210712-86025f68-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/threat-modeling-a-batch-job-system-aws-security-community-day/277589603 Threat Modeling a Batc...