My talk at BSides London "AWS vs Azure Security" is now online:

As I mention in the last slide, if you're interested in learning more about AWS, Azure and GCP security, I'll be delivering Cloud Security and DevSecops training at 44CON from 9 - 11 September.

My 44CON Cloud Security and DevSecOps training course this September includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own. As I described in Part 1, I also decided to build a training platform, so that students can connect to a virtual desktop in the cloud with all the software they need pre-installed.

That way they can come on to the course with any laptop or even tablet which supports the Amazon WorkSpaces client.

I built the supporting infrastructure in AWS using Terraform which you can read about in Part 2 of my blog, and then scripted user setup across all environments as described in Part 3. And as you might expect, I incorporated lots of security features, and wrote about them in Part 4.
 
In this last blog of the series, you’ll hear about a lost USB key, the bill, feedback to Amazon and their response. Click on the "Read More" link below to view.

My 44CON Cloud Security and DevSecOps training course this June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own. As I described in Part 1, I also decided to build a training platform, so that students can connect to a virtual desktop in the cloud with all the software they need pre-installed.

That way they can come on to the course with any laptop or even tablet which supports the Amazon WorkSpaces client.

I built the supporting infrastructure in AWS using Terraform which you can read about in Part 2 of my blog, and then scripted user setup across all environments as described in Part 3.

Click on the "Read More" link below to see the security features I built in to the system.

My 44CON Cloud Security and DevSecOps training course this June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own. As I described in Part 1, I also decided to build a training platform, so that students can connect to a virtual desktop in the cloud with all the software they need pre-installed.

That way they can come on to the course with any laptop or even tablet which supports the Amazon WorkSpaces client.

I built the supporting infrastructure in AWS using Terraform – a great tool for infrastructure as code – see Part 2 for more details and screenshots.

Click on the "Read More" link below to see how I automated the user setup.

The Cloud Security and DevSecOps training course I’m delivering for 44CON in June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own. As I described in my last blog, I also decided to build a training platform, so that students can connect to a virtual desktop in the cloud with all the software they need pre-installed.
 
That way they can come on to the course with any laptop or even tablet which supports the Amazon WorkSpaces client.
 
The next step after the proof of concept and design was to build it using as much automation as possible – to keep cost low, I wanted to easily destroy everything as soon as a course finished, and to rebuild just before starting the next one. 

Click on the "Read More" link below to see details of the infrastructure as code.

Here are the slides for my talk "Real-life Cloud Security Issues" which I presented recently at the Photobox meetup "An evening of AWS Security". Many thanks to all at Photobox for a great evening, and to Tash Norris and Toni de la Fuente for their excellent talks - I've already incorporated Toni's open source Prowler tool to the AWS compliance lab in my cloud security course at 44CON. 

The Cloud Security and DevSecOps training course I’m delivering for 44CON in June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own.

​So I started looking at building a training platform which students can use – and as this is a cloud security course, what better place to do this than in the cloud?

Click on the "Read More" link below to see the proof of concept and design.

Yesterday I took the new 2019 version of the AWS Certified Solutions Architect Professional exam – roughly 2 weeks after it was launched in February.
 
….click on the "Read More" link to see my journey

I'm looking forward to demonstrating real-life cloud security issues next week at "An evening of AWS Security" at Photobox's new offices in London

My recent talk at DevSecCon London 2018 "a journey to continuous cloud compliance" is now on YouTube:

To see the presentation slides, click on "Read More"