— Cloud Security Community Networking Event
Quick recap. The meeting began with birthday celebrations and introductions of new participants, followed by discussions about potential future presentations and networking opportunities within the cloud security community. The group then addressed security concerns regarding the Scattered Spider threat actor and explored challenges around zero trust implementation, with various members sharing their experiences and recommendations. The conversation ended with advice for Alhaji, who is starting a new role in cloud security, with emphasis on learning, professional development, and maintaining connections within the community.
Show 5 discussion topics
Cloud Security Community Networking Event
The meeting began with Shawn celebrating his 60th birthday and welcoming new participants, including Ardy from Orca Security and Lara from Germany who is transitioning into the security field. The group discussed potential topics for future presentations, with Patrick Burke expressing interest in presenting on Chain Guard in 6-7 weeks, though keeping it vendor-neutral. The meeting served as a networking opportunity, with Shawn emphasizing the importance of connecting with others in the cloud security community, and several members shared their backgrounds and current roles in the field.
Alhaji's Cloud Security Career Journey
Shawn led a Cloud Security Office Hours meeting where Alhaji announced he would be joining Wiz as an associate technical account manager on July 7th after a 3-month intensive job interview process. The group celebrated Alhaji's success, with Chris and Shawn noting that his persistence and networking within the community played key roles in his achievement. Shawn invited Alhaji to share his journey in a future session to inspire others, and Alhaji expressed willingness to help others navigate their career paths in the challenging market.
Scattered Spider Security Countermeasures
The team discussed security measures against the Scattered Spider threat actor, with WalidYaqoobi sharing insights from a previous incident where the group targeted infrastructure. Walid recommended implementing FIDO authentication, device trust, and out-of-band communication, while Neil emphasized the importance of zero trust methodology and supply chain security. The discussion highlighted the need for better security hygiene, including limiting user access and securing document sharing, though Stryker noted challenges in implementing these practices due to organizational resistance.
Zero Trust Implementation Challenges
The group discussed challenges and strategies around zero trust implementation, with Stryker expressing concerns about the theoretical appeal of zero trust versus practical challenges. Neil shared insights from his experience, emphasizing that zero trust is a journey rather than a destination, and highlighted contrasting examples between Microsoft and Cloudflare's security incidents. Mario contributed an analogy about the "Dyson syndrome" in change management, advocating for clear visibility of risks to help drive security awareness and action. The conversation concluded with a lighthearted discussion about upcoming security conferences, including DEF CON and Black Hat, and plans for potential meetups.
Cloud Security Role Onboarding Advice
The meeting focused on providing advice to Alhaji, who is starting a new role in cloud security. Matt, Shawn, Tyler, Neil, and Don shared their experiences and recommendations, emphasizing the importance of learning, asking questions, and managing personal responsibilities during the first 90 days. They advised Alhaji to focus on self-directed learning, take notes on everything, and pay attention to soft skills in customer interactions. The group also discussed the psychological challenges of support roles and the benefits of maintaining a LinkedIn page for the group.