Month: October 2022

CSA HKM Knowledge Sharing Event – November 2022

After the successful staging of the Cloud Security Alliance Hong Kong & Macau Summit on October 12, it is time to go back to the regular CSA Knowledge Sharing Event in November.

This month we will look into cloud security from an attacker’s viewpoint. As we mentioned before, despite the fact that cloud environment is quite secure after many years of enhancement, attacks still happen.

In our next Knowledge Sharing Event, we invited Boris So, a technical professional, to bring us into the cloud security from the “dark side”. Boris is a technical expert and has in-depth knowledge in hacking and security attack. He will be showing us more information about common attack to cloud workloads with demonstration.

Participants will claim 1 CPE.

DATE: November 24, 2022 (Thursday)
TIME: 12:30 – 01:30 pm
FORMAT: Webinar
TOPIC: Attacks on Cloud Workloads
Media of Language: Cantonese
SPEAKER: Boris So, OWASP HK Chapter Lead,  Cloud Service Provider Technical Expert

AGENDA:

  • Address common attacks targeting cloud workloads, with demonstration simulating a major incident hitting the global news headline as well as other complicated attack vectors discovered in red team exercises.
  • From the attack paths identified in these scenarios we are able to draw an abstract pattern of how attackers find a way in and escalate privilege.
  • Finally we will try to go back to answer the fundamental question: is the cloud secure?

THE SPEAKER: 

Boris is a software security specialist specializing in software design and architecture, threat modeling, secure programming and static code analysis, penetration and simulation test, code obfuscation, steganography, as well as rootkit research.

Currently Boris is working in a major cloud service provider, where he joined from one of the world’s leading US financial services institutes.

He is also the OWASP HK chapter lead, and he holds 2 US patents, 2 bachelor degrees in computing and surveying, and 2 master degrees in computer forensics and applied psychology.

Boris is an enthusiast in aviation and he holds a private pilot license. During his free time, he is probably spending his time flying while not hacking.

VIEW THE PRESENTATION: https://youtu.be/W8-Ssmy_8lk

More Trainings about Cloud Security in the Cloud Security Alliance

Last week, when I taught the CCSP class by ISC2 in Hong Kong Productivity Council, I discussed with the participants in our cloud journey about the upcoming trend in Cloud Security which are Cloud Data Security, Zero Trust and Cloud Audit.

Almost at the same time, Cloud Security Alliance published the new document about Cloud Data Security and Zero Trust Training.

Cloud Data Security is one of the most important elements within Cloud Security. So CSA published the Understanding Cloud Data Security and Priorities. This summarises what should be the priorities in defining cloud data security aspects. More details can be found in this link.

Zero Trust Technology is considered as one of the hot topics in this year. Many companies mentioned about their solutions related to Zero Trust. In fact, Zero Trust Technology is not just a specific product but a philosophy and mindset. CSA CTO Daniele Catteddu mentioned about this in both the ISSummit 2022 event and also in CSA HK & Macau Chapter Summit 2022 event that held this month. In the presentation, Daniele also mentioned that CSA is going to develop a micro training series which is open and free for everyone. So it is definitely a good time for us to learn online together.

In the event, Daniele also mentioned about Cloud Audit Training which is CCAK training. After some time, we (CSA and Hatter Company Limited) successfully get the CCAK and hopefully CCSK (another flagship training by Cloud Security Alliance) to be officially endorsed by VTC under the RTTP program. Our first public class will be held on 7 – 9 Nov, 2022 (virtually through zoom). Seats are still available for registration.

Lastly, CSA also prepared some Cloud Security for Financial Services webinar. So anyone can check in and join the webinar.

Happy Learning.

CSA HKM Supports PwC’s HackaDay 2022

The Cloud Security Alliance Hong Kong & Macau Chapter is excited to support #PwC ‘s annual #HackaDay #cybersecurity conference on 24 November! Find out more from the event official website https://www.pwchk.com/en/events/hackaday-2022-conference.html?icid=con-sp-csa!

* This event is by invitation only and seats are limited.