What We Discuss with Cassandra Young:
- 00:00 Intro
- 02:46 Cassandra’s Background
- 03:55 What is Cloud Security Assessment?
- 04:55 Is this same as Pentesting?
- 08:39 Why would someone do an Assessment?
- 09:48 Building Blocks of Cloud Security Assessment?
- 11:55 Common Low Hanging Fruits in Assessments?
- 12:59 Tools for Running Cloud Security Assessments?
- 15:54 Scaling Tools across multiple AWS Accounts?
- 17:32 Do you use any AWS Tools?
- 19:06 Approach to running Cloud Security Assessment
- 21:53 Most common used AWS that you see during Assessments?
- 23:00 Assessing Misconfigured Managed vs UnManaged AWS services?
- 23:56 What is a Control Plane vs Data Plane in Cloud?
- 25:31 Defining Assessment Scopes?
- 26:35 Length of Assessment Engagements?
- 27:50 Enough time for assessments compared to pentest?
- 29:58 What is provided for running Cloud Security Assessments?
- 31:36 What could be foundational practice for good AWS Account(s)
- 34:45 Reset Root password or only put MFA on Root Password for multiple accounts?
- 36:07 What is SCP?
- 38:11 What are Guardrails?
- 38:53 What is AWS Control Tower?
- 42:10 Learning about Cloud Assessments?
- 43:53 Fun Section
THANKS, Cassandra Young!
If you enjoyed this session with Cassandra Young, let her know by clicking on the link below and sending him a quick shout out at Twitter:
Click here to thank Cassandra Young at Twitter!
Click here to let Ashish know about your number one takeaway from this episode!
And if you want us to answer your questions on one of our upcoming weekly Feedback Friday episodes, drop us a line at email@example.com.