Friday, March 1, 2024 — Meeting Recap

Security Engineer's Career Advancement and Networking Importance

Steven shared his upcoming transition into a senior security engineer role at a company of approximately 200 people, his first full-time cybersecurity role. He expressed the need for guidance and mentorship as he is the first security specialist at the company. The company is part of a larger parent company with a larger security team, and Steven is looking forward to learning from them. David mentioned his intention to post about the meeting on LinkedIn. The group, including Jay, David, Shawn, and Rasheed, discussed the importance of networking in their careers and the need for organizations to keep up with technological advancements to prevent incidents like the Capital One breach. Jay was scheduled to present on setting up Cloud Guard rails and centralized audit log collection. Shawn mentioned plans for future presentations and the importance of maintaining industry contacts.

SAP's Cloud Accounts and Transformation Policies

Jay discussed SAP's policies regarding cloud accounts, emphasizing the importance of implementing cloud trails and secure cloud transformation. He highlighted the establishment of a central group to manage all cloud accounts and billing, and noted the successful transformation of their cloud strategy, with 18,000 public cloud accounts across multiple platforms. Jay also touched on the transition from Evident I/O to Transmit Cloud and the acquisition of Evident, as well as the need for compliance tracking through CSPM. He mentioned the challenges faced due to the lack of support for Old GCP or Ali cloud, which led to a year of remediation efforts.

Cloud Journey Challenges and Progress

Jay discussed the challenges faced with Prisma, a company acquired in 2021, due to its size and the subsequent delays in onboarding and data retrieval. The team had to renegotiate the contract with Prisma due to the Covid-19 pandemic and even considered building their own Cloud Security Posture Management (CSPM) tool. A chance encounter with Orca led to potential collaboration. Jay, Shawn, and David discussed the progress and challenges of their cloud journey, including the establishment of a virtual role and the kick-off of next-gen cloud delivery in Q4 2020. They also noted the deployment of a Cnap, made possible by a corporate audit report highlighting vulnerabilities and asset management issues. The team discussed the scalability issues faced, the doubling of cloud resources from 2020 to 2021, and the organizational support provided by the audit report.

Cloud Security Challenges and Solutions

Jay and David discussed their experiences in managing data privacy and security in a cloud landscape. They talked about the implementation of control tower, malware scanning, and vulnerability management. They also emphasized the importance of enforcing account ownership to maintain discipline. They faced challenges due to the complexity of the environment, which resulted from various acquisitions. They also highlighted the need for cloud security skills and talent. The discussion also touched on the importance of the cloud control plane and the difficulties of its understanding.

Cloud Security Challenges and Successes

Jay discussed the challenges faced by the security organization in understanding and managing cloud-based systems. He highlighted the confusion and lack of understanding about the landscape from the rest of the organization. He also shared the difficulties they encountered, such as security incidents, scalability issues, and the inability to onboard more than 750 accounts at a time. Despite these challenges, Jay mentioned the success they had in reducing vulnerabilities and improving visibility. Shawn emphasized that these skills are relevant to cloud security officers and that the journey in the cloud involves explaining and adapting to the unknown.

Cloud Security Preventive Controls Prioritized

Jay emphasized the importance of preventive controls in enhancing cloud security, highlighting the risk of initial compromises through weak or non-existent passwords. He pointed to the effectiveness of controls such as prohibiting certain IP addresses and implementing encryption measures, attributing their high CSPM compliance rate to these measures. Jay, Shawn, and Nuri agreed on the importance of cloud security and discussed the need for default settings that prioritize security over ease of onboarding. Neil shared a recent security incident, underscoring the need for better communication and tool installation. Jay concluded by noting the challenges of balancing centralized control with team autonomy in their large security and compliance organizations.

Capital One Incident's Impact on SAP's Agenda

Jay recounted an incident where a person from Capital One, who had recently joined SAP, was upset after hearing others discuss the Capital One incident. Jay explained that the incident had a different meaning for them, serving as a reference point to emphasize the importance of their work. He also shared that the incident helped garner the attention of executives and support from key stakeholders, allowing them to push their agenda despite opposition from other parts of the organization. Shawn confirmed the unusual situation, noting that it resulted in a significant section of the organization feeling pressured.

Cybersecurity Guest and Office Hours Update

Shawn announced that Lee Caswell, an SVP from New Tanics, would be a guest next week, noting potential interest due to recent events involving VMware and Broadcom. Shawn also shared that their Cloud Security Office Hours had 922 registered attendees with a goal to reach 1,000. christabel shared her experiences with cybersecurity breaches, emphasizing the need for a mindset shift in smaller businesses to underestimate the risk of cyber attacks. Michael shared a documentary about Kevin Mitnick that he believed the team would find interesting. No further discussion or action items were identified.