Cloud Security Series : A Preface
After 3+ years working on Microsoft 365/AWS Cloud security actions and detection engineering across DoD contractors, fintech, SMBs, and VC firms, I am commencing a series of observations, short posts around the state and posture of cloud security systems in the present day.
Much of our software has shifted to SaaS models in cloud-hosted, subscription style engagements, priorities of defenders and attackers have obviously moved to a new normal, that is not often well understood by business leaders.
None of this will be very insightful or revelatory to the average detection engineering knee-deep in cloud security work, but I am aiming to add another actionable perspective, that may help all that are curious in real-world learnings that they may benefit from.
What not to expect: This is not going to be a cloud security 101, more likely an intermediate level series of guides and observations. Where possible, I will aim to link towards resources for beginners and newcomers to rapidly improve their understanding and catch-up with the industry, and participate in this discussion.
Here are the first few themes for upcoming posts:
- Post about quick ways to communicate and implement security improvements for SMBs using existing compliance frameworks as a basis
- Post about learnings on implementing observability and detection engineering processes via EDR telemetry and no SIEM
- Testing and validating defenses in cloud systems in log-sparse environments