Walking on Broken Clouds, RSA Conference

Presenter: Chris Farris, Cloud Security Architect, Prime Harbor

Cloud Security in 2023 is the same dumpster fire it was back in 2017. Organizations have a hundred thousand CSPM findings. There aren't enough security architects and the providers are releasing new services all the time. This session will talk through some successes and failures had in building a cloud security program and cover what worked, what was a waste of time, and a few new things to try.

BSides Budapest IT Security Conference 2022 - 11 videos

Playlist: https://youtube.com/playlist?list=PLq9wT6ZZJ_TmBEJ6C_ZEn48Zja9WW7jMF

Schedule: https://2022.bsidesbud.com/schedule/

BSides Oslo 2022 - 10 videos - https://www.youtube.com/@BSidesOslo/videos?view=0&sort=dd&shelf_id=0

About Bsides Oslo https://bsidesoslo.no/#about

Talks:
https://administraitor.video/edition/BSides%20Ljubljana/0x7E7

Website: https://0x7e7.bsidesljubljana.si

Educating Your Guesses: How To Quantify Risk and Uncertainty - Sara Anstey - BSides Knoxville - 37 minutes

https://youtu.be/Ud9dZgD8NRM

At its core, cybersecurity is all about risk. We need to understand, report, and mitigate our risk. However, the industry adopted methods for analyzing risk lead to inaccurate assessments, invalid math, and ultimately bad decision making and spending. I will show you why, and how to fix it.

Asking for budget and justifying spend in cybersecurity departments can be a difficult task due to limited data and high uncertainty of future events. This talk will dive into quantitative risk analysis as it relates to cybersecurity - how to model uncertain events and understand financial risk. Attendees will see a first hand demonstration of how quantitative modeling can be used to communicate risk and understand ROI. Attendees will walk away with the tools needed to present cyber risk as a dollar amount that can be easily understood by other business decision makers at their company.

Body https://youtu.be/Rn9VuC0jQRQ

Our path to an open source, GitOps heaven has exposed new security challenges as our CI solutions are exposed to the outside world. The soft underbelly of our pipeline is as visible to willing contributors as it is to malicious subversives. In this talk, we’ll look at examples of known exploits to GitHub Actions workflows showing how simple bad practices can open our supply chain to attackers.

https://www.rsaconference.com/library/presentation/usa/2023/Pwning the CI GitHub Actions Edition

Playlist: https://youtube.com/playlist?list=PLiVMecYmLYz5ttqhfXcwrdHB0iQDPXRRq

Schedule : https://bsidesnyc.org/schedule/

The videos on Youtube: https://www.youtube.com/@bsidesbuffalo1851/videos

Talk schedule: https://www.bsidesbuffalo.org/?p=113

https://www.sstic.org/2023/programme/

Conférence francophone sur le thème de la sécurité de l'information. Elle se déroulera à Rennes du 7 au 9 juin 2023.

Playlist: https://youtube.com/playlist?list=PL4Y7a5_0ahMIA-Bu3OhItWHCMOwUE86DH

Schedule: https://www.cheltenhambsides.org.uk/schedule/bsides-cheltenham-2023

Omar Avilez worked in the CSIRT of the Dominican Republic when a major cyber security incident erupted. Omar walks us through what happened and the incident response procedures that he went through.