Bojan Magušić

October 16, 2023 9:41 pm Published by user_298812

Presentation outline: What I want to share with you in this session is important and it affects companies big and small. I'd like to start with an example of a real world breach (without mentioning any names). I'll walk you through what happened, covering the impact to the company itself, followed by what could have been done to prevent it. Here I'll touch on the importance of ensuring that cloud resources adhere to best practice guidance and share with you some trends I see in the real world. Some misconfigurations tend to be more riskier than others, for example open ports carry more risk to your organization's overall security posture than enabling logging. I'll also share with you what cloud services I typically see targeted the most. Even for organizations that use more than one public cloud provider. While detecting misconfigurations in your cloud environments is important, ideally after you remediate misconfigurations, this should be applied to how you deploy resources going forward. Ensuring misconfigurations that you detected, don't happen again going forward. Here I'll speak about the importance of applying best practice guidance at scale, ensuring consistency across your environment and even integrating with pre-deployment (keyword: SecDevOps). While the industry is full of jargon of tools that can be used by different vendors to help with the technology side of things, interestingly enough implementing sound security hygiene continues to be the least attractive yet highly effective practice that companies can do to minimize the likelihood of security incidents. One might ask themselves, what is then the problem with efficiently implementing sound security hygiene in the real world? I'd like to offer a perspective. It's not just having the right tools in place, it has very much to do with the way that people operate them and how they're used inside of an organization. This is why as part of this session, I'll share with you some best practices I've seen in the real world on how organizations approach governance, readiness and leadership sponsorship.

Free takeaways:

At the end of this session, you can expect to:

- Be able to explain why security hygiene should be an organizational-wide priority

- Understand how lack of security hygiene can impact your organization and its business

- Understand which security misconfigurations of cloud services you should prioritize and fix first

- Understand which cloud services are targeted more often than others, even across multicloud

- How to use Infrastructure as Code to embed security hygiene into pre-deployment

- Learn how to integrate continuous monitoring of cloud workloads with CI/CD and IaC

- Learn how other organizations are approaching governance and leadership sponsorship

Bojan is technologist, published author, and public speaker on cybersecurity topics.

Working with Microsoft as a Product Manager on the Customer Experience Engineering Team, where I act as a technology expert for Fortune 500 companies on the most complex and leading edge deployments, that help them realize the full value of their security investments and improve their overall security posture.

Author of the Manning book on Azure Security, a practical guide to the native security services of Microsoft Azure that teaches how to use native security services of Azure to effectively improve system security and secure the various resources in the environment against threats.

I have a strong passion for cybersecurity, advancing women in tech and professional development. I'm very interested in building partnerships with other companies and cyber professionals to learn how they support, advance, and retain their cyber talent.

In addition to various technical certifications (21+ and counting), I've also received certifications from INSEAD and Kellogg School of Management.

Categorised in: 2023

This post was written by user_298812

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Bojan Magušić

Terms and Conditions

Privacy Statement

Order of payments

Payment Security

Delivery and Disputes

Terms of Use

About Us

Uvjeti korištenja

Izjava o privatnosti

Narudžbe i način plaćanja

Sigurnost plaćanja

Dostava i reklamacije

Uvjeti korištenja

O nama