Some links:

• Purple Squad Security
• Purple Squad Security Slack Signup Bot

Head In The Cloud was proud to be a part of the GonnaGeek Podcast Network!

Thanks for listening, and have a great week!

Corey Quinn joins me on today's podcast to talk about AWS and how they've been in the news lately for all the wrong reasons. We talk about the shared security model, things we like and may not like so much about AWS, as well as ... chihuahuas? You'll need to listen to get the full story.

Some links:

• Last Week In AWS (Corey's Newsletter)
• Verizon Data Leak
• WWE Data Leak
• Sweden Data Leak

Head In The Cloud is proud to be part of the GonnaGeek Podcast Network!

Want to get in touch?  Want to join the discussion on Slack? Feel free to reach out!

• Website: https://myheadinthe.cloud
• Twitter: @JohnsNotHere
• Peerlyst: https://www.peerlyst.com/users/john-svazic

Thanks for listening, and have a great week!

Disaster recovery is an important part of any security plan you have for your organization. Disaster recovery in the cloud is equally important but is often overlooked. In this episode I take a look at different levels of disaster recover, how to apply them to the cloud and some ideas for defining your own disaster recovery plan.

Some links:

• Compare Azure and AWS Service Offerings
• Compare Google Cloud Platform and AWS Service Offerings
• Gitlab Outage Post Mortem
• Terraform

Head In The Cloud is proud to be part of the GonnaGeek Podcast Network!

Want to get in touch? Feel free to reach out!

• Website: https://myheadinthe.cloud
• Twitter: @JohnsNotHere
• Peerlyst: https://www.peerlyst.com/users/john-svazic

Thanks for listening, and have a great week!

Lots of interesting topics of discussion in this episode you definitely don't want to miss!

Some links:

• flAWS
• SummitRoute
• Downclimb
• Blog Article - Free Tools for Auditing The Security of an AWS Account
• Email Scott
• Twitter: @0xdabbad00

Head In The Cloud is proud to be part of the GonnaGeek Podcast Network!

Want to get in touch? Feel free to reach out!

• Website: https://myheadinthe.cloud
• Twitter: @JohnsNotHere
• Peerlyst: https://www.peerlyst.com/users/john-svazic

Thanks for listening, and have a great week!

The big three! The "ah-s" or "as-s" if you will. I discuss what IaaS, PaaS, and SaaS are, what they stand for and what security related concerns you should have regarding each one.

Some links:

• CIS Hardening Benchmarks

Proud to be part of the GonnaGeek Podcast Network!

Want to get in touch? Feel free to reach out!

• Website: https://myheadinthe.cloud
• Twitter: @JohnsNotHere
• Peerlyst: https://www.peerlyst.com/users/john-svazic

Thanks for listening, and have a great week!

Today's episode is all about Malware - what can we do to protect ourselves, what are some best practices we can follow, etc. I'm a firm believer that Malware is something we can help curtail if we all do our part in protecting ourselves. The fewer systems there are to infect, the less common it will be.

Some links:

• SANS Incident Handling for Small and Medium Businesses Whitepaper
• Cisco's Talos Intelligence Blog
• SANS Internet Storm Center
• AlienVault Open Threat Exchange

Happy to be part of the GonnaGeek Podcast Network!

Want to get in touch? Feel free to reach out!

• Website: https://myheadinthe.cloud
• Twitter: @JohnsNotHere
• Peerlyst: https://www.peerlyst.com/users/john-svazic

Thanks for listening, and have a great week!

In this episode I speak with "Archie" Agarwal about DevSecOps and Rugged DevOps before venturing off to some other topics. Great interview, Archie is very knowledgable and a great guest! Have a listen and make sure to look up his company if you're in the market for threat modeling to increase your security posturing.

Contact info for Archie:

• Email: archie@threatmodeler.com
• Website: threatmodeler.com

Happy to be part of the GonnaGeek Podcast Network!

Want to get in touch?  Feel free to reach out!

• Website: https://myheadinthe.cloud
• Twitter: @JohnsNotHere
• Peerlyst: https://www.peerlyst.com/users/john-svazic

Thanks for listening, and have a great week!

Happy to be part of the GonnaGeek Podcast Network!

Want to get in touch? Feel free to reach out!

• Website: https://myheadinthe.cloud
• Twitter: @JohnsNotHere
• Peerlyst: https://www.peerlyst.com/users/john-svazic

Thanks for listening, and have a great week!

In this week's podcast I take a look at Intrusion Detection Systems (IDSs), what they are, what they do, how they work and how they fit into a cloud security model. I went a bit long on this one but I think it's necessary given the breadth of this topic.

Some useful links from this podcast:

• Snort
• Bro
• Suricata
• OSSEC
• Samhain
• Wazuh
• Tripwire
• ThreatStack
• Evident.io
• AWS re:Invent 2014 | (SEC402) Intrusion Detection in the Cloud

Want to get in touch? Feel free to reach out!

• Website: https://myheadinthe.cloud
• Twitter: @JohnsNotHere
• Peerlyst: https://www.peerlyst.com/users/john-svazic

Thanks for listening, and have a great week!

In this week's podcast I welcome Ishay Tentser to discuss data residency, privacy and law. This is an important topic that can get overlooked as you focus on security, but with a global economy, it's important to keep it at the forefront. Ishay is the CEO of IniTech-Digital Products & Innovation and was kind enough to join me from Jerusalem, Israel to discuss this important topic. Definitely not one you want to miss! You can reach Ishay via his email address, ishay@initech.co.il.

Some useful links from this podcast:

• Privacy by Design Presentation
• Ishay's LinkedIn Profile
• Overview of the GDPR
• Privacy Shield Framework
• IniTech Website

Want to get in touch? Feel free to reach out!

• Website: https://myheadinthe.cloud
• Twitter: @JohnsNotHere
• Peerlyst: https://www.peerlyst.com/users/john-svazic

Thanks for listening, and have a great week!

Taking a bit of a different turn in this episode. I will be looking at relationship building, whom to start with and who may require a softer touch. Do you want to be the security dictator or someone who is viewed as a peer? Fears or respected? Have a listen!

Want to get in touch? Feel free to reach out!

• Website: https://myheadinthe.cloud
• Twitter: @JohnsNotHere
• Peerlyst: https://www.peerlyst.com/users/john-svazic

Thanks for listening, and have a great week!

Back from a mini-break for Mother's Day, in today's podcast I take a look at system provisioning and the tools your DevOps team may want to look into, and how these tools can help increase your security stance in the cloud! Tools like Chef, Puppet, Terraform and Cloudformation are on the agenda and can be invaluable for success in your adventures in the cloud!

Some links:

• Chef
• Puppet
• Ansible
• Test Kitchen
• Terraform
• CloudFormation
• Autoscaling with Chef

Want to get in touch? Feel free to reach out!

• Website: https://myheadinthe.cloud
• Twitter: @JohnsNotHere
• Peerlyst: https://www.peerlyst.com/users/john-svazic

Thanks for listening, and have a great week!

In this episode I speak with Loïc Simon, the author of Scout2, a great tool to assess your security posture on AWS. We cover what Scout2 is, why it came about and how it differs from other tools like AWS Trusted Advisor. It's a great interview with an author of a great tool, so definitely check it out! You can reach Loic on Twitter (links below).

Some links:

• Scout2
• Loïc's Twitter
• Loïc's Blog

Want to get in touch? Feel free to reach out!

• Website: https://myheadinthe.cloud
• Twitter: @JohnsNotHere
• Peerlyst: https://www.peerlyst.com/users/john-svazic

Thanks for listening, and have a great week!

In this episode we will finish off the remaining sections of the CIS AWS Foundations Benchmark, looking at sections 2 through 4. Lots of good stuff in here, including a number of things you may not have considered if you're new to AWS, so it's definitely worth a listen!

Some links:

• Center for Internet Security AWS Foundations Benchmark v1.1.0

Want to get in touch? Feel free to reach out!

• Website: https://myheadinthe.cloud
• Twitter: @JohnsNotHere
• Peerlyst: https://www.peerlyst.com/users/john-svazic

Thanks for listening, and have a great week!

In the second episode of the podcast I take a look at some first steps in securing your AWS account by looking at the Center for Internet Security's AWS Foundations Benchmark! Since this is a long benchmark, we will be focusing on Section 1 in this podcast, with the remaining sections in a follow-up podcast.

Some links:

• Center for Internet Security AWS Foundations Benchmark v1.1.0
• IAM Policy Samples for MFA
• Granting AWS Billing Access To Non-Root Account IAM Users

Want to get in touch? Feel free to reach out!

• Website: https://myheadinthe.cloud
• Twitter: @JohnsNotHere
• Peerlyst: https://www.peerlyst.com/users/john-svazic

Thanks for listening, and have a great week!

In this first podcast I introduce myself and then cover 5 common security misconceptions related to cloud computing, in no particular order. Still getting my bearings, so please bear with me.

Some links:

• Synergy Research Group Cloud Provider Market Share Report

Want to get in touch? Feel free to reach out!

• Website: https://myheadinthe.cloud
• Twitter: @JohnsNotHere
• Peerlyst: https://www.peerlyst.com/users/john-svazic

Thanks for listening!