Back for its second year, fwd:cloudsec is looking for presentations on cloud security, multi-cloud governance, or nifty ways to hack the cloud.
We're looking for talks from any practitioner who is responsible for securing a cloud service or service provider. The definition of "practitioner" here is deliberately vague. We're particularly interested in points of view that don't necessarily fit into large vendor-driven conferences. Our review process this year is geared toward helping first time speakers (See Schedule below).
As a non-profit with a limited budget, we are unable to reimburse speakers for travel or hotel costs, but we will provide a free ticket to the event to speakers.
One of the things that makes fwd:cloudsec unique is real-time interaction with a community of practitioners. All the talks will be streamed live, and we encourage talks and research that inspire people to ask questions. fwd:cloudsec will be a hybrid conference (in-person and streamed live). Speakers who don’t feel safe travelling or cannot travel will have the opportunity to present remotely.
Topics in this track would cover new tactics and techniques for gaining foothold into a cloud account, persisting or elevating access, or bypassing commonly deployed security controls.
Identity and access management is a broad and complex topic, one that is vastly different across cloud providers and is difficult to get right. This was the singular most popular topic for submissions in 2020, so in 2021, we’d especially like to hear about recent attacks, what changes you’d need to make to run multi-cloud, and how newer features like ABAC and shared resources have changed your plans.
Topics around cloud network security, data protection, threat-detection and incident response all fit into this category. We’re always interested in new tools for cloud defense or novel ways to defend cloud infrastructure and applications.
Cloud infrastructure and security engineers pay a lot of attention to defending the cloud from other infrastructure and security engineers. Less well covered: practical advice in how to defend a cloud program against other naysayers in finance, audit, legal and HR. Talks that speak to cloud practitioners in our language, while solving problems in the language of those other teams, will help.
The Shared Responsibility Model is often used as an excuse when bad things happen. Billion-dollar cloud providers wash their hands of responsibility when their significantly less-funded customers get themselves into trouble. This track covers the ways that cloud providers abuse Shared Responsibility or downright fail on their parts of it.
Move beyond the operating systems of the past into a new frontier where your cloud service provider does all of that heavy lifting. What security gremlins lie beneath the surface of the Shared Responsibility Model? Hint: there are servers in serverless.
Your talk doesn’t have to fit strictly into one of the above tracks. We’re seeking innovative ideas along with new topics and tools. Conference organizers are looking for submissions that cover not just AWS, but all the cloud providers. Diversity in which cloud provider your talk covers will be one of the factors for acceptance.
All experience levels are welcome, but fwd:cloudsec attendees will typically have some hands-on experience with cloud engineering and security. Introductory-level talks on broadly-deployed technologies, vendor presentations, or purely theoretical architecture talks are not likely to be accepted.
As a smaller conference, we're particularly looking for talks that spark discussion, challenges and hallways exchanges — not just lectures expected to be taken as gospel.
Most talks are expected to be 20-minute lightning talks on a single topic. There are a limited number of 40-minute slots available, so when proposing a 40-minute talk, please be sure to include an agenda that explains how you will use the additional time. Submissions must include:
May 16th — Call for Participants opens.
June 11th — Round One submissions close at 5pm Eastern Time (GMT-5).
June 28th — All participants who submit by the Round One deadline will hear back from the program committee. Rejected submissions will have feedback on how to improve during the second round.
July 16th — Round 2 closes at midnight Eastern Time (GMT-5).
August 2nd — Final acceptance and rejections are sent out.
September 13th & 14th — fwd:cloudsec held in Salt Lake City, UT and virtually.
As shown in the dates, those who submit their talk within the first month will receive feedback if it is not accepted so that you can resubmit. We hope this both encourages people not to wait until the final July 16 dead-line, and encourages those who may not have experience submitting a talk to a conference.
We especially encourage first-time speakers, women, and members of other groups less represented at security conferences to present at fwd:cloudsec.
If the submission describes, or otherwise takes advantage of, newly identified vulnerabilities, the authors should disclose these vulnerabilities to the vendors/maintainers of affected software or hardware systems prior to the CFP deadline.
When disclosure is necessary, authors should include a statement within their submission and/or final paper about steps taken to fulfill the goal of disclosure. All major cloud providers have published disclosure addresses, including AWS (link, email), Azure (link, email), Google GCP (link), and Oracle OCI (link, email).
Submit your talk proposals here. You will have to register separately on the Conference Management site. The CFP closes on July 16, 2021.