Intro

fwd:cloudsec is a new, non-profit, conference on cloud security. At this conference you can expect discussions about all the major cloud platforms, both attack and defense research, limitations of security features, the pros and cons of different security strategies, and generally the types of things cloud practitioners want to know, but that don't fit neatly into a vendor conference schedule.

When: September 13 and 14, 2021. A full-day on Monday, and a half-day until noon on Tuesday.
Where: Salt Lake City, UT

Videos from fwd:cloudsec 2021 are on YouTube: playlist here.

Abstracts & Speaker Bios are here

Subscribe for conference updates

Sponsors

Gold

Kloudle Delve Risk Bridgecrew

Silver

Steampipe Lacework IAM Pulse Flatiron

Bronze

Netflix Intruder Indeni Uptycs Sonrai Security

Schedule

Remote speakers are indicated with a .

Time MDTRoom 1 — LivestreamRoom 2 — Livestream
Day 1: Monday, September 13
8:00Check-in opens. Confirmation of COVID vaccination and ensure mask is worn. More here.
9:30
(10)		Welcome remarks
9:40 (40)Blowing stuff up at scale with pitch perfect attack simulations
10:30 (20)Break
10:50 (40) Operationalizing AWS Guard Duty: A Risk Based Story The Enterprise Cloud Journey: Lessons learned taking organizations to cloud
11:40 (20) Crushing Cloud Misconfiguration MTTR Through Open Source Securing Container Image Supply Chains with tools such as Goss and OpenSCAP
12:00 (60)Lunch
13:00 (20) Automating AWS Privilege Escalation Risk Detection With Principal Mapper Kubernetes Security: PSP deprecation is an opportunity for a new security model
13:30 (20) SELECT * for the Cloud: Simplify Cloud Security and Compliance with Cloudquery KISS towards ZTA and service mesh
13:50 (30)Break
14:20 (20) Managing vendor access in AWS is nearly impossible Has Anyone Seen the Principal
14:50 (40) Audit metrics as drivers for zero trust and cloud automation Least-Privilege Kubernetes Authorization with OPA
15:30 (20)Break
16:00 (20) AWS Config Rules & Remediation - Rock'em Sock'em Robots Using ATT&CK® for Containers to Level Up your Cloud Defenses
16:30 (20) Supercharging Alerts using Dassana: A normalization, contextualization, and prioritization tool OH CR&P! I think we've been breached
17:00 (20) Mapping the AWS IAM universe  


Time MDTRoom 1 — LivestreamRoom 2 — Livestream
Day 2: Tuesday, September 14
9:00 (20) An Attacker's Approach to Pentesting IBM Cloud Access Undenied - Automatically discovering the reasons for Access Denied messages in AWS IAM
9:30 (20) Automating security assessments using Cloud Katana CloudTrail Logging Internals - A Methodology For Investigating AWS Security Incidents
10:00 (20) Bridge Your Service Mesh and AWS An Introduction to Azure Offensive Security
10:20 (30)Break
10:50 (20) Building Blocks for Zero-Trust Internal App Defense Why aren’t you using VPC Service Controls yet?
11:20 (20) Security Guardrails at Scale in Azure Challenges with Deleting AWS Accounts at scale
11:50 (20) Standardizing Terraform Linting: How Square proactively detects and prevents cloud misconfiguration Permission Mining in GCP
12:10Birds of a feather sessions: Chatham house rules discussions (not recorded or streamed, in-person attendees only). Sessions will be on "Real Talk About Orgs" (how we actually have our AWS accounts organied) and "Submitting Better PFRs" (how to get cloud providers to implement the features and make the changes we want).

COVID-19 Protocols

Masks and proof of vaccination will be required for all attendees including speakers, volunteers, sponsors, and anyone else at fwd:cloudsec. Speakers may remove their masks while presenting, and other attendees may remove their masks while actively eating or drinking. An actual CDC vaccination card or photo of one on their phone are required as proof of vaccination.

Disclaimer: COVID-19 is an infectious and potentially deadly disease. There is an inherent risk of exposure to and contracting COVID-19 in any public gathering. By purchasing a ticket and attending fwd:cloudsec 2021 (the “Event”), attendees are voluntarily assuming this risk and, on behalf of themselves, their heirs, and/or their assigns, agree to hold harmless the Forward CloudSec Association (the “Association”), its directors and members, any other individuals assisting the Association in any way with hosting the Event (collectively, the “Organizers”), or any sponsors of the Event, for any harm or other tort that might arise from an attendee's attendance at the Event, whether related to COVID-19 or not.

Contact

This conference is being organized by:

Additional help is provided by volunteers:

Follow us on twitter at fwdcloudsec