Build Better Defenses
October 29–30, 2017: Training
October 30–November 1, 2017: Tutorials & Conference
New York, NY

In-Person Training
Pragmatic cloud security: AWS edition

James Arlen (Securosis)
Sunday, October 29 & Monday, October 30, 9:00am - 5:00pm
Location: Clinton Level: Intermediate

Participants should plan to attend both days of this 2-day training course. Platinum and Training passes do not include access to tutorials on Monday.

James Arlen leads a hands-on exploration of techniques for protecting the cloud, with extensive labs in Amazon Web Services. The first day focuses on root account security, virtual networking security, IAM, and logging and monitoring; the second day covers leveraging PaaS services, using immutable infrastructure, and automating security controls.

What you'll learn, and how you can apply it

  • Understand core AWS security, with an emphasis on network security, IAM, and monitoring
  • Gain an introduction to automating cloud security to manage and enforce controls across services and accounts
  • Learn how to leverage cloud architectures to enhance security beyond what is possible for comparable cost in traditional data centers

This training is for you because...

  • You need to effectively secure cloud-based infrastructure and answer questions regarding your company’s implementation.

Prerequisites:

  • Familiarity with Linux, shell, and basic scripting (bash, Python, or Ruby)
  • A solid understanding of security fundamentals, especially basic networking, including CIDR notation and simple firewall rules

Cloud computing has evolved from a bleeding-edge technology to the dominant platform for building and deploying new applications and services. While there are plenty of hand-wringing FUD sessions at industry conferences, there are few opportunities to learn the practical skills for security IaaS and PaaS deployments. Many of your security skills still apply in the cloud, but you need to leverage them in new ways.

James Arlen leads a hands-on exploration of techniques for protecting the cloud, with extensive labs in Amazon Web Services. The first day focuses on root account security, virtual networking security, IAM, and logging and monitoring; the second day covers leveraging PaaS services, using immutable infrastructure, and automating security controls.

If you’re responsible for designing or architecting security for infrastructure or platform-as-a-service deployments, if your organization is moving into cloud computing and you need the skills to defend it, or if you’re interested in learning how to secure Amazon Web Services and implement security automation for the cloud, this tutorial is for you.

About your instructor

Photo of James Arlen

James Arlen is a member of Heroku’s security team assisting customers in understanding how Heroku enables security programs and reduces the impact of compliance and security operations allowing them to move fast and focus on their apps. Over the past 20 years, James has delivered information security solutions to Fortune 500, TSE 100, and major public-sector organizations. James is a frequent speaker at industry conferences and a prolific contributor to standards bodies and media. He is also a contributing analyst with Securosis and has a recurring column in Liquidmatrix Security Digest. He is best described as an infosec geek, hacker, social activist, author, speaker, and parent.

Twitter for myrcurial

Conference registration

Get the Platinum pass or the Training pass to add this course to your package.

Leave a Comment or Question

Help us make this conference the best it can be for you. Have questions you'd like this speaker to address? Suggestions for issues that deserve extra attention? Feedback that you'd like to share with the speaker and other attendees?

Join the conversation here (requires login)

Comments

Bryan Pearson | SR SYSTEM ENGINEER
10/27/2017 9:15pm EDT

Looking forward to the training.
I am not seeing any prerequisites like tools installed on a VM such as the CLI http://docs.aws.amazon.com/cli/latest/userguide/installing.html
Will I be fine just showing up with a laptop?