Streamlining Compliance: Leveraging Open-Source Terraform AWS modules [Advanced]

Are you navigating the complexities of compliance frameworks like SOC2, CIS, and HIPAA and seeking a more efficient path? This talk breaks down these frameworks simply and shows you a time-saving trick, making it perfect for anyone wanting to make their organization's compliance journey much easier. I'll start by outlining the basics of these frameworks and highlighting the challenges businesses face in implementing them. As the creator and maintainer of the terraform-aws-modules projects, I'll be excited to share how using these open-source Terraform AWS modules can streamline the compliance process. I'll walk you through real-life examples showing how such solutions significantly reduce the effort and time required for compliance. At the end of the talk, attendees will get actionable insights on using Terraform AWS modules for efficient compliance management.

Deploy GenAI Apps on AWS with OPEA (Intel AI workshop)

Alex Sin is an AI Software Solutions Engineer at Intel who consults and enables customers, partners, and developers to build generative AI applications using Intel software solutions on Intel® Xeon® Scalable Processors and Gaudi AI Accelerators. He is familiar with Intel-optimized PyTorch, DeepSpeed, and the Open Platform for Enterprise AI (OPEA) to reduce time-to-solution on popular generative AI tasks. Alex also delivers Gaudi workshops, hosts webinars, and shows demos to beginner and advanced developers alike on how to get started with generative AI and large-language models. Alex holds Bachelor’s and Master’s Degrees in Electrical Engineering from UCLA, where his background is in embedded systems and deep learning.

Commvault Ransomware Attack experience - Minutes to Meltdown (workshop)

Join an intimate group of industry peers to experience a simulated cyber-attack, taking on a leadership role in a fictional company during a ransomware negotiation. Engage in a dynamic agenda with a realistic storyline inspired by recent high-profile breaches, confronting challenges and making critical decisions along the way. Topics discussed: Security Assurance, Identity and Access Management, Social Engineering, Threat Detection, Cyber Incident Response, Ransomware, Governance and Reporting Regulation in USA.

RCPs + SCPs: The Missing Link in AWS Access Control [Intermediate]

Cloud access control is harder than it should be—third-party vendors, overpermissioned identities, and unused access create security risks that traditional IAM policies don’t fully address. AWS’s Resource Control Policies (RCPs) and Service Control Policies (SCPs) introduce new ways to enforce least privilege and lock down access, but many teams aren’t using them effectively. In this session, we’ll explore how SmithRx used RCPs and SCPs with Sonrai’s Cloud Permissions Firewall to regain control of their cloud environment. Attendees will leave with practical strategies to apply these policies in their own AWS environments to strengthen security and reduce risk.

AWS Security for Front End Devs [Intermediate]

Application Development is very complex due to the many layers from libraries and frameworks, to APIs and IAM. With so many things to keep track of, it's very easy to make critical security mistakes, particularly when deploying apps on complex public cloud platforms like AWS. In this talk we'll cover: * Security best practices * Common mistakes and how to avoid them * How to implement least privilege using Amazon Cognito * Implementing access controls in AWS Amplify Gen2 Security continues to evolve while our codebases age. Our goal is to ensure everyone makes security a priority during each phase of the software development lifecycle. Even if only for review, we hope you'll walk away with renewed knowledge that will make your applications more secure.

Security Considerations for MLOps Infrastructure on AWS [Advanced]

The rapid adoption of MLOps has unlocked new levels of innovation, allowing organizations to build, deploy, and maintain machine learning models efficiently. However, these advantages come with security challenges that are often underestimated, leading to risks such as data breaches, model theft, and unauthorized access. Securing MLOps infrastructure on AWS requires a holistic approach, extending beyond traditional cloud security practices to address the unique needs of machine learning workflows. In this session, we'll explore often overlooked but critical security considerations for MLOps environments.

Build-time to runtime: Automated security testing in your pipeline [Advanced]

Discover how to implement comprehensive security testing throughout your CI/CD pipeline. This session demonstrates how to integrate static analysis with Amazon CodeGuru Reviewer, dependency scanning with Amazon Inspector, and container security with Amazon ECR scanning. Learn to orchestrate security gates using AWS CodePipeline, implement software composition analysis, and automate vulnerability remediation with Amazon Q Developer. Walk away with practical patterns for embedding security testing at every stage of your delivery pipeline while maintaining development velocity.

Securing Large Language Models: Best Practices for Prompt Engineering and Mitigating Prompt Injection Attacks [Beginner]

The rapid adoption of large language models (LLMs) in enterprise IT environments has introduced new challenges in security, responsible AI, and privacy. One critical risk is the vulnerability to prompt injection attacks, where malicious actors manipulate input prompts to influence the LLM's outputs and introduce biases or harmful outcomes. This guide outlines security guardrails for mitigating prompt engineering and prompt injection attacks. The authors present a comprehensive approach to enhancing the prompt-level security of LLM-powered applications, including robust authentication mechanisms, encryption protocols, and optimized prompt designs. These measures aim to significantly improve the reliability and trustworthiness of AI-generated outputs, while maintaining high accuracy for non-malicious queries. The proposed security guardrails are compatible with various model providers and prompt templates, but require additional customization for specific models. By implementing these best practices, organizations can instill higher trust and credibility in the use of generative AI-based solutions, maintain uninterrupted system operations, and enable in-house data scientists and prompt engineers to uphold responsible AI practices.

Amazon Security Lake: Centralized Data Management for Cloud Native Ops [Advanced]

Amazon Security Lake stands as a paradigm shift in security data management. This service centralizes security data, significantly simplifying its management. Our talk will detail how Security Lake ingests data from a myriad of sources, converts it to the unified schema OCSF, and stores it, ready to be queried using AWS Athena for in-depth insights. Amazon Security Lake's robust architecture, combined with the power of AWS Athena, facilitates a more comprehensive understanding of the security landscape, bringing valuable insights to light. We will present a live demo and provide practical examples to illustrate how AWS Security Lake can seamlessly integrate with your DevSecOps toolchain, enhancing its functionality and efficiency. Attendees will gain a deep understanding of Amazon Security Lake's capabilities, exploring how its features can revolutionize their approach to cybersecurity, promoting a more secure and resilient digital environment.

Simplify Security Events Log Analysis with Amazon Q [Advanced]

Discover how to build security-focused applications with Amazon Q to analyze AWS accounts for compliance and vulnerabilities. Use automation to centralize security logs and events from AWS services, partner solutions, and open-source tools, and analyze using an intuitive chatbot interface. Through practical examples, explore how Generative AI enhances security analysis, delivering a richer experience with queries in natural language.

RCPs + SCPs: The Missing Link in AWS Access Control

Cloud access control is harder than it should be—third-party vendors, overpermissioned identities, and unused access create security risks that traditional IAM policies don’t fully address. AWS’s Resource Control Policies (RCPs) and Service Control Policies (SCPs) introduce new ways to enforce least privilege and lock down access, but many teams aren’t using them effectively. In this session, we’ll explore how SmithRx used RCPs and SCPs with Sonrai’s Cloud Permissions Firewall to regain control of their cloud environment. Attendees will leave with practical strategies to apply these policies in their own AWS environments to strengthen security and reduce risk.

Use IAM Roles Anywhere to reduce the use of static IAM keys [Advanced]

Exposed static IAM keys are one of the most common security risks for AWS accounts. Avoiding the use of static keys is a best practice that can be hard to achieve in hybrid cloud environments where access needs to be given to external systems. IAM Roles Anywhere is a service that helps mitigate this risk. In this talk, I detail the problems and risks associated with static keys, how IAM Roles Anywhere can solve this problem, and walk through how to set up the complete solution.

Establish a Secured and Resilient Architecture [Business Focused]

I will demonstrate how to build a secured multi-tier architecture. You are tasked with creating a foundational multi-tier architecture in AWS, which includes a Web Tier, Application Tier, and Database Tier. The goal is to build each tier incrementally, ensuring each layer functions correctly before moving on to the next.

Optimizing GPU Usage in Amazon EKS: Improving Performance and Security in Kubernetes [Advanced]

My talk will be covering how to optimize GPU usage in Amazon EKS for both performance and security. I will go over setting up GPU-enabled EC2 instances, managing resource requests for GPU workloads, and allocating GPUs to meet workload demands. I’ll also cover security practices specific to GPU workloads, e.g.: how to use RBAC to limit access to GPU resources, network policies to isolate sensitive GPU workloads from non-critical ones, and IAM roles to control who can provision and access GPU-powered instances. I hope my talk helps you get started with optimizing and securing GPU workloads in EKS.

Securing Large Language Models: Best Practices for Prompt Engineering and Mitigating Prompt Injection Attacks [Beginner]

The rapid adoption of large language models (LLMs) in enterprise IT environments has introduced new challenges in security, responsible AI, and privacy. One critical risk is the vulnerability to prompt injection attacks, where malicious actors manipulate input prompts to influence the LLM's outputs and introduce biases or harmful outcomes. This guide outlines security guardrails for mitigating prompt engineering and prompt injection attacks. The authors present a comprehensive approach to enhancing the prompt-level security of LLM-powered applications, including robust authentication mechanisms, encryption protocols, and optimized prompt designs. These measures aim to significantly improve the reliability and trustworthiness of AI-generated outputs, while maintaining high accuracy for non-malicious queries. The proposed security guardrails are compatible with various model providers and prompt templates, but require additional customization for specific models. By implementing these best practices, organizations can instill higher trust and credibility in the use of generative AI-based solutions, maintain uninterrupted system operations, and enable in-house data scientists and prompt engineers to uphold responsible AI practices.

Everything you didn't want to know about IAM [Beginner]

If you have used AWS, you have seen an error message stating "x is not authorized to perform y". This is a annoying fact. But how do you solve these? In this talk, Peter will walk though how IAM is designed, different types of policies and when they are useful. You will leave with techniques for understanding and debugging those access issues you wish didn't exist.

Simplify Security Events Log Analysis with Amazon Q [Advanced]

Discover how to build security-focused applications with Amazon Q to analyze AWS accounts for compliance and vulnerabilities. Use automation to centralize security logs and events from AWS services, partner solutions, and open-source tools, and analyze using an intuitive chatbot interface. Through practical examples, explore how Generative AI enhances security analysis, delivering a richer experience with queries in natural language.

Securing Generative AI applications using AWS Services [Business Focused]

Securing generative AI applications using AWS services involves implementing robust strategies to protect data, models, and infrastructure. This presentation explores how AWS tools like Identity and Access Management (IAM), AWS Key Management Service (KMS), and Amazon SageMaker enable secure model development, training, and deployment. Topics include safeguarding sensitive data with encryption, ensuring network security through Virtual Private Clouds (VPCs), and mitigating threats using services like AWS Shield and AWS WAF. Best practices for monitoring AI workloads with Amazon CloudWatch and addressing compliance requirements through AWS Audit Manager will also be discussed. Attendees will gain actionable insights to build and maintain secure, scalable, and resilient generative AI applications on AWS.

Creating secure code with Amazon Q Developer [Beginner]

In this session you will learn how to use Amazon Q Developer to create secure code. Write unit tests, optimize code, and scan for vulnerabilities, and discover how Amazon Q Developer suggests remediations that help fix your code instantaneously. Also, learn how you can use Amazon Q Developer security scanning to outperform other publicly benchmarkable tools on detection across popular programming languages.

Threat Modeling a Batch Job System on AWS [Advanced]

I’ve been blogging about building a batch job system on AWS for about two years now as time allows, documented at https://medium.com/cloud-security/automating-cybersecurity-metrics-890dfabb6198. Initially I was “just” going to quickly show how to use batch jobs to run tools to analyze security in AWS accounts. For example, I run Prowler and other proprietary tools on AWS penetration tests and I can run those tools as batch jobs. But it turned into a much bigger endeavor as I considered how to deploy and run those jobs ~ securely ~ in a production environment. In this presentation, I’ll walk through some of the threats, mitigations, and I’ll talk about some unpublished developments.