What We Discuss with Cassandra Young:
- 00:00 Intro
- 02:46 Cassandra’s Background
- 03:55 What is Cloud Security Assessment?
- 04:55 Is this same as Pentesting?
- 08:39 Why would someone do an Assessment?
- 09:48 Building Blocks of Cloud Security Assessment?
- 11:55 Common Low Hanging Fruits in Assessments?
- 12:59 Tools for Running Cloud Security Assessments?
- 15:54 Scaling Tools across multiple AWS Accounts?
- 17:32 Do you use any AWS Tools?
- 19:06 Approach to running Cloud Security Assessment
- 21:53 Most common used AWS that you see during Assessments?
- 23:00 Assessing Misconfigured Managed vs UnManaged AWS services?
- 23:56 What is a Control Plane vs Data Plane in Cloud?
- 25:31 Defining Assessment Scopes?
- 26:35 Length of Assessment Engagements?
- 27:50 Enough time for assessments compared to pentest?
- 29:58 What is provided for running Cloud Security Assessments?
- 31:36 What could be foundational practice for good AWS Account(s)
- 34:45 Reset Root password or only put MFA on Root Password for multiple accounts?
- 36:07 What is SCP?
- 38:11 What are Guardrails?
- 38:53 What is AWS Control Tower?
- 42:10 Learning about Cloud Assessments?
- 43:53 Fun Section
THANKS, Cassandra Young!
If you enjoyed this session with Cassandra Young, let her know by clicking on the link below and sending him a quick shout out at Twitter:
And if you want us to answer your questions on one of our upcoming weekly Feedback Friday episodes, drop us a line at email@example.com.