Conf42: DevSecOps 2021

...

Minimizing the Blast Radius of a Cloud Breach

Josh Stella
CEO & CTO @ Fugue

Josh Stella's LinkedIn account Josh Stella's twitter account


Today’s cloud attacks don’t exploit a single misconfiguration, but rather a series of them. Josh will walk through a process for understanding the blast radius of potential security events in your environment, and steps you can take to prevent minor ones from becoming catastrophic breaches.

The recent Twitch breach may have begun with a lone server misconfiguration, but it’s blast radius reached everything from sensitive customer data to source code for yet-to-be-released applications. Today’s cloud attacks don’t exploit a single misconfiguration, but rather a series of them.

In this session, Josh Stella will walk through a process for understanding the blast radius of a variety of potential security events in your environment, and steps you can take to prevent minor ones from becoming catastrophic breaches.

You’ll walk away from this session with an understanding of how to:

  • Evaluate your Identity and Access Management (IAM) resources for weaknesses that attackers can exploit
  • Employ penetration testing methodologies to assess the blast radius of public-facing resource misconfigurations
  • Harden your cloud security posture using policy as code to address complex, multi-resource “blast radius” risks

Awesome conferences for

Priority access to all content

Community Discord

Exclusive promotions and giveaways