Friday, July 4, 2025 — Meeting Recap

Meeting Attendance and Group Dynamics

Shawn led a casual meeting with Neil and Jay, discussing attendance patterns and the effectiveness of email notifications for meetings. They noted that sending emails the night before often resulted in lower attendance, while sending them during the hour of the meeting seemed to increase participation. Alex joined later, mentioning their preference for smaller group discussions over larger ones, as they believed smaller groups fostered better conversations. The conversation ended with Shawn and Alex discussing the benefits of smaller group dynamics, while Neil was present but not actively participating in the conversation.

Cross-Location Weather Discussion Meeting

The group discussed weather conditions across different locations, with participants from California, New York, Chicago, and Ontario sharing their experiences. Alan joined the call from Boston, and Alhaji was congratulated for his recent success at Wiz, with plans to document his story. Jay mentioned he would provide a recap of a recent event called "Reinforce," noting that his report would be internal to SAP and contain his personal opinions.

AWS Cloud Security Conference Review

Jay attended AWS's Annual Cloud Security Conference, which had about 5,000 attendees focused on topics like sovereign cloud, security at scale, and alert fatigue. The keynote, delivered by new CISO Amy Herzog, emphasized AWS's use of AI in security but received a muted response when transitioning to AI topics. Jay noted that many announcements, such as extended threat detection and new security features, were incremental and already in use by some customers, though AWS's security offerings remain mature overall.

European Cloud Sovereignty Debate

Jay discussed the European Union's approach to cloud computing, highlighting AWS's plan to build parallel cloud regions in Europe for guaranteed data control and compliance with EU laws. He noted that while this addresses European concerns about data sovereignty, there is skepticism about its sufficiency, as individual EU countries may want their own sovereign clouds. Bartek emphasized that the issue is primarily political, with a need for a strong European hyperscaler to reduce dependency on US-based companies, but he expressed frustration with the lack of innovation in European cloud alternatives.

Sovereign Clouds: Control and Efficiency

Shawn and Jay discussed the concept of sovereign clouds, with Shawn explaining that their primary purpose is to give sovereign states control over data stored within their borders. Jay suggested that encryption key control is more important than physical data center security, and proposed that Google's approach of treating sovereign clouds as features of existing regions is more efficient than AWS's parallel cloud model. Jay also shared insights from recent meetings with community leaders, including Torsten Deuttrech from Global Dots, a cloud and cybersecurity consultancy firm, and Ross Haleliuk, a cybersecurity blogger and author.

Cloud Security and GRC Innovation

Jay discusses several cloud security and governance topics. He mentions the emerging discipline of GRC (Governance, Risk, and Compliance) engineering for cloud infrastructure, noting its potential as a future area for innovation. Jay also introduces Tam Noon, a tool that helps with managed remediation by creating prioritized remediation plans for developers. The conversation then shifts to the challenges of ownership in cloud security, with Shawn highlighting the need to consider both business and application ownership when assessing GRC posture. They discuss how some tools are beginning to integrate ownership data to provide more business-oriented insights. Jay concludes by mentioning several other security companies and tools, including Sierra for data security, Orca and Wiz for cloud security, and Sneak for developer security tooling.

Optimizing Data Storage and Access

Jay discussed the challenges and opportunities in distributed query and federated search platforms, comparing them to existing data solutions like Splunk and data lakes. He emphasized the importance of efficiently managing data storage by categorizing it into different tiers based on usage, such as business-critical data in in-memory databases, analytics data in relational databases, and archival data in cheaper storage solutions. Jay suggested that startups should focus on orchestrating this data management approach to optimize costs while maintaining effective querying capabilities.

AWS Security Hub and SAP Conference

The team discussed AWS Security Hub, noting confusion about its recent announcement as it seemed incremental to existing features. Juninho suggested it might be a new version, while Jay expressed concern about the lack of clear communication about whether it was a full rebuild. Jay shared insights from a recent AWS Reinforce conference, highlighting a joint session with SAP and a positive interaction with a vendor who approached them after seeing the session. The vendor's interest demonstrated the disconnect between their customers' awareness of SAP and their own ecosystem, prompting Jay to consider attending the conference again next year.

Meeting Plans and Safety Discussion

The meeting began with Jay recounting his delayed return from Philadelphia due to thunderstorms, mentioning his experiences there including a Juneteenth block party. Shawn noted the large attendance of 17 people and mentioned plans for a future meeting with Alhaji, who expressed interest in sharing his story and preparing power slides. The group discussed fireworks safety concerns, with Shawn and Neil sharing experiences about illegal fireworks in their areas. The conversation ended with tentative plans for Alhaji to speak at the next meeting, pending confirmation.