25/08/29 Alhaji Bah - From HR to Cloud Security

Alhaji joined Cloud Security Office Hours in our early days. He has successfully moved from HR to Cloud Security and joined Wiz! This is his story.

25/08/22 A. Stryker - From DEFCON 33, Just a TIP

Stryker presents the process of building a Threat Intelligence Platform as an alternative to spending a fortune on commercial products.

25/08/01 Patrick Burke, Chainguard - Minimal Container Images

Patrick Burke led a discussion on minimal container images, focusing on security and compliance aspects. He explained trends in vulnerabilities, emphasizing the increasing number of vulnerabilities discovered each year. Burke also covered the basics of containers and Kubernetes, highlighting their role in standardizing software deployment across different environments. The presentation aimed to help attendees understand why investigating minimal container solutions might be beneficial for reducing manual effort in patching vulnerabilities and improving compliance.

25/07/25 San Holder-Booker, MBA - Mastering the Elevator Pitch

Mastering the Elevator Pitch San, a communication specialist and public speaker, delivered a presentation on crafting effective elevator pitches. She emphasized the importance of confidence and self-knowledge in presenting oneself, noting that people have only 8 seconds to make an impression. San shared statistics on the impact of elevator pitches, highlighting that 33% of sales managers decide on candidates within the first 30 seconds, and 71% of managers believe a well-crafted pitch can advance careers. She concluded by defining an elevator pitch as a brief, compelling introduction designed to engage listeners and leave a lasting impression.

25/06/06 Matt Chiodi - From CISO to COO

Matt Chiodi discusses his transition from CISO to COO at Cerby

25/05/23 Jay Siermarco - AI and the Law

Jay Siermarco - AI and the Law

25/05/09 Neil Carpenter - Minimus

Neil Carpenter discussed his recent transition from Orca Security to an early-stage startup called Minimus. He also shared his experiences in the vulnerability management space, highlighting the importance of meaningful approaches to managing vulnerabilities in container images. Neil emphasized the significance of relationships in career development and shared his journey from working in the marketing organization to sales and go-to-market roles. He also discussed the challenges and opportunities in the vulnerability management space, particularly in the context of container images.

25/04/18 Camille and Corinne - Young Pentesters

Probably the best session we have ever had on Cloud Security Office Hours.  Here we have two young penetration testers who already have confirmed kills and paychecks to go with them.  Please enjoy their story.

25/01/31 Open Session Summary

The meeting involved a diverse group of professionals discussing their experiences and interests in cloud security, with a focus on the potential impact of AI on their work and the future of technology. They discussed the potential benefits and risks of AI in enhancing security and development practices, as well as its potential to change the way they work and the skills required for their roles. The team also expressed concerns about the environmental impact of AI and the need for caution in its use, with a focus on understanding AI security and the potential for AI to become sentient.

25/01/24 Open Session Summary

The team discussed the potential implications of the current administration's actions on cybersecurity and election integrity, with a focus on the potential effects on CISA and NVD. The conversation ended with discussions on open source software, its benefits and challenges, and the potential for monetizing it through services and products built on top of it.

25/01/17 Presentation - Mario Lazo and Dr Walid Amamou - Securing AI Workflows

The meeting involved discussions on the use of AI models, with a focus on the risks associated with them and the importance of protecting enterprise data privacy. The team also explored the potential risks and benefits of using private versus open-source language models for sensitive data, and discussed a technique for using large language models without exposing sensitive data. Lastly, the meeting touched on the importance of systems-level orchestration skills in the AI field and the need for learning from open-source AI communities.

25/01/10 Presentation - Ian McRee - Center for Internet Security

Ian presented on his role as the Azure Cloud Community Leader at CIS and the development process of the CIS benchmarks. The team also discussed the CIS Cloud Benchmarks, the importance of community engagement, and the potential for automation in assessment and remediation. Lastly, they addressed ongoing security issues, the challenges of balancing risk and cost in security, and the importance of security vendors vetting their processes.

25/01/03 Recording and Notes - Threat Detection Engineering - Itay Haral

The meeting began with a presentation by Etay Haral on cloud detection engineering, focusing on role unchaining in AWS and the challenges of tracing activities back to original actors. The discussion then shifted to operationalizing cloud monitoring, log analysis, and the importance of parsers in creating comprehensive investigation graphs, with participants sharing insights on different cloud service providers and vulnerability management strategies. The conversation ended with conversations about proactive threat detection tools, the challenges faced by educational institutions in maintaining cybersecurity, and personal anecdotes shared by team members.

24/11/29 AI Security By The Numbers

The team discussed the importance of considering the self-selected nature of data in security reports, particularly in relation to AI models and cloud security solutions. They also explored the vulnerabilities in AI packages and components, the challenges of regulating AI, and the potential risks and benefits of AI in relation to security and regulation. The conversation ended with plans for a recap session the week after, and the team expressed concerns about protecting against AI model vulnerabilities and the need for human oversight in AI systems.

24/11/22 Open Session Summary

The team discussed various topics including acquisitions and mergers in the cybersecurity sector, the challenges of integrating new technologies into existing systems, and the potential impact of acquisitions on customers. They also explored the current market activity, the role of ego and culture clashes in acquisitions, and the shift towards a more comprehensive approach in the industry. Lastly, they discussed the recent claim about Chinese researchers cracking 50-bit RSA encryption using a quantum computer and the importance of understanding threat models in security issues.

24/11/15 - Cybersecurity Insurance - Brandon Adcock

A presentation by Brandon Adcock from Coalition on the cybersecurity insurance business.  Quite fascinating!

24/11/08 Open Session Summary

The meeting began with introductions and discussions about the revamped website and the importance of networking within the group. The team also shared their experiences and challenges in the field of cloud security, with a focus on the importance of finding a balance between fulfilling work and financial stability. The conversation concluded with reflections on the importance of learning from others' mistakes, understanding one's interests and strengths, and the need for growth and finding new ways to communicate one's achievements.

24/11/01 Open Session Summary

The team discussed various security issues, including Chinese groups targeting firewalls, the high number of known exploited vulnerabilities in Microsoft, and the use of remote desktop protocol for spear phishing campaigns. They also discussed the importance of evaluating container security, handling security alerts from third-party vendors, and navigating disagreements between engineering and security teams. Lastly, they emphasized the importance of partnership, collaboration, and proper documentation in resolving security issues.

24/10/25 Open Session Summary

The team discussed the challenges and differences between on-premises and cloud-based systems, with a focus on security and infrastructure, and the importance of building resilient architectures. They also shared their personal experiences and career paths, emphasizing the importance of networking, preparation, and a global approach in their field. Lastly, they discussed various projects and technologies, including chaos engineering, graph databases, and cloud security, and the importance of security and privacy in their work.

24/10/18 Open Session Summary

The team discussed the evolution of application development, the benefits and challenges of using containers, and the differences between running containers on AWS using ECS and EKS. They also explored the concept of abstraction in computing, the importance of understanding the underlying layers of abstraction, and the role of code for resource orchestration. The conversation ended with a light-hearted discussion about Microsoft's logging issues and introductions from new attendees.

24/09/27 Open Session Summary

The team discussed the potential of AI to enhance work capabilities and the risks associated with it, including the potential for AI to replace certain jobs. They also discussed a recent vulnerability and the development of a new vulnerability management model, SSB, which uses machine learning to assess the likelihood of exploitation. Lastly, they discussed the shift in security as companies move into cloud security, emphasizing the need for security teams to collaborate more closely.

24/08/30 Open Session Summary

The team discussed the challenges and potential solutions in managing Multi-Factor Authentication (MFA) for shared accounts, with a focus on the use of FIDO keys and the protection of SIM cards. They also explored the evolving roles in application and infrastructure security, emphasizing the importance of breaking down silos and integrating security tools into products. Lastly, they shared their experiences and insights on professional services, stressing the importance of honesty, authenticity, and understanding client needs.

24/08/23 Open Session Summary

The team discussed the challenges and benefits of their children's schooling in Singapore, sales kickoff events, and issues with neighborly dumpster use. They also shared personal experiences and insights on the impact of extensive work-related travel on personal life, the transition from Microsoft to Orca, and the pros and cons of careers involving travel. Lastly, they discussed strategies for career development, the scale of the tech industry, and the transition of Cisco to a cybersecurity company, with a focus on networking and utilizing personal strengths.

24/08/09 Open Session Summary

The team discussed recent vulnerabilities in AWS, the need for improved security policies, and strategies to limit cloud storage sprawl. They also explored the challenges and evolving strategies in cloud detection and response, the potential use of automated forensics, and the integration of AI into infrastructure. Lastly, they delved into the recent issues with Boeing, the potential of low code/no code automation platforms, and shared personal experiences and plans.

24/08/02 - Steve McMichael - Craziest Audit Failures

24/07/26 Open Session Summary

The team discussed the ongoing issues with the Crowdstrike incident, the impact of outdated systems on ATM performance, and the challenges of dealing with nation state actors' malware. They also explored potential solutions, including the creation of a new boot key and the use of secure coding practices. Lastly, they examined a security incident at No Before and the importance of thorough vetting processes, as well as the benefits and challenges of IPV6.

24/07/19 Open Session Summary

The team from Equinix discussed recent infrastructure outages, the potential impact on the company's reputation, and the trend of customers preferring to rent server space. They also explored the potential of AI in container configuration, the implications of a global outage, and the impact of system outages on the health industry and the stock market. Lastly, they discussed the recent challenges faced by Crowdstrike, the potential implications of Google's proposed acquisition of Palo Alto, and the concept of co-opetition.

24/07/05 Recording - CSOH Feedback System Project

24/06/21 Michael Basil - Metashift Dojo

People-First Insightful Learning Circles

24/02/17 What I've Learned - Matt Chiodi

23/12/01 - Rohit Valia - Security and Governance in AI Models

23/07/14 Ansible

23/06/16 Navigating the hiring process

Jeremiah Sullivan

23/06/16 From Alaskan Fishing to Cloud Security

Robbie Mueller, Senior Cloud Threat & Vulnerability Engineer - Humana, describes Jumping Ship

23/06/09 Security in CI/CD Demo

23/06/02 CIEM

23/05/12 Frameworks

23/05/05 Build Cool Stuff

Alex Corstorphine's presentation

23/04/28 Cloud Security Roles - continued

23/04/21 Cloud Security Roles

A brief presentation on some cloud security roles.