Intro

fwd:cloudsec is a new, not-for-profit, traveling conference on cloud security. This conference will be hosted near AWS re:Inforce, although we're not affiliated with AWS or AWS re:inforce. fwd:cloudsec is intended to complement that conference by exploring topics not likely to be seen there.

At this conference you can expect discussions about all the major cloud platforms, both attack and defense research, limitations of security features, the pros and cons of different security strategies, and generally the types of things cloud practitioners want to know, but that don't fit neatly into a vendor conference schedule.

When: Monday, June 29, 2020 (the day before re:Inforce)
Where: Le Méridien hotel, 1121 Walker St, Houston, TX 77002

Dates

• CFP is open now! Submit proposals via CMT (registration required)
• May 1, 2020: CFP closes, tickets open.
• June 29, 2020: Conference day!

---

Call For Participation (CFP)

• The CFP is open for submissions! Please read the below and submit your talk proposals here. You will have to register separately on the Conference Management site.

Who should submit

We're looking for talks from any practitioner who is responsible for securing a cloud service.

The definition of "practitioner" here is deliberately vague. We're particularly interested in points of view that don't fit obviously into a larger conference.

Practitioner talks might include:

• Builders presenting tools they built on behalf of an appsec, infrastructure security, or tools team; with insight into what it takes real-world dev teams to ship and maintain secure software.
• Breakers with insight into new attacks against cloud infrastructure and techniques for finding vulnerabilities.
• Operators battling attacks every day, who can help others get from "that's weird" to root cause and remediation; with insight on threat intelligence, detection systems, and incident response.
• Policy stakeholders who can provide guidance on metrics, education, and compliance; such as how to explain their practices to their SOC auditor, PCI QSA, or regulatory overseers.

In particular, this year the following topics are expected to be particularly interesting:

• Security across multiple cloud vendors
• Automation and validation
• Cloud networking & network monitoring
• Security considerations with higher-level services beyond EC2 & Lambda
• New attacks, vulnerabilities and threats (but see our responsible disclosure policy)
• Data sets from monitoring, scanning or testing
• Detection and response
• Training traditional engineering and operations teams

What not to submit

All experience levels are welcome, but fwd:cloudsec attendees will typically have some hands-on experience with cloud engineering. Introductory-level talks on broadly-deployed technologies, vendor presentations, or purely theoretical architecture talks are not likely to be accepted.

As a smaller conference, we're particularly looking for talks that spark discussion, challenges and hallways exchanges — not just lectures expected to be taken as gospel.

How to submit

Most talks are expected to be 20-minute lightning talks on a single topic. There are a limited number of 40-minute slots available, so when proposing a 40-minute talk, please be sure to include an agenda that explains how you will use the additional time.

Submissions must include:

• Speaker name(s) and contact information
• Presentation title
• Preferred talk length - 20-minute or 40-minute
• Abstract (will be shown on the schedule)
• Speaker bio(s), limited to 100 words
• A detailed description of the talk: explain what you are presenting, and how you intend to cover the topic. Do you intend to include a demo or release code? Here is a good place to include that information.
• Other venues this talk has been presented or submitted
• Any special presentation facilities that may be required (aside from power, projector, sound and Internet connectivity)
• Any objections to having your talk recorded for future open access

Submit proposals here You will have to register separately on the Conference Management site.

Diversity

We especially encourage first-time speakers, women and members of other groups less represented at security conferences to present at fwd:cloudsec.

Vulnerability disclosure

If the submission describes, or otherwise takes advantage of, newly identified vulnerabilities, the authors should disclose these vulnerabilities to the vendors/maintainers of affected software or hardware systems prior to the CFP deadline.

When disclosure is necessary, authors should include a statement within their submission and/or final paper about steps taken to fulfill the goal of disclosure. All major cloud providers have published disclosure addresses, including AWS (link, email), Azure (link, email), Google GCP (link), and Oracle OCI (link, email).

---

Sponsors

fwd:cloudsec is a not-for-profit conference dedicated to practitioner education and knowledge-sharing, but limited sponsorship opportunities are available. Contact the organizers at fwdcloudsec@gmail.com to learn more.

---

Contact

Questions? Have a unique skill you think would help in putting on the conference? Email us at fwdcloudsec@gmail.com .

This conference is being organized by:

• Scott Piper
• Joel Thompson
• Aaron Zollman
• Anna McAbee
• Jerin Saji
• Andres Riancho

Follow us on twitter at fwdcloudsec