In its second year running, this year’s Team Sec Con was a half-day digital conference event organised by Atlassian. With Cloud Security as the main event theme, and particular focus on how to get started in it, participants were encouraged to put forward questions to the panelists through a Slack channel.
Alice White, the security training manager at Atlassian, hosted the session and began with a quick introduction and icebreaker with the panelists.
Panel Sharing Session
Joining Shamane on the panel was Michelle Price from AustCyber, Julia Knecht from Netflix, and Ben Walther from Atlassian.
- It started with her obtaining a degree in computer engineering but choosing to branch into executive talent augmentation before branching into cyber risk advisory – with the support of Privasec (now Sekuro). She highlighted how the company had provided her with many growth and development opportunities, which has propelled her in her career achievements.
- She was also inspired by the people she met at the Australian Women in Security Network (AWSN), and encouraged to see the diversity of everyone’s backgrounds.
- Currently, Shamane is leading the outreach strategy in Sekuro as the Chief Growth Officer, where she works with the CISOs and CIOs to achieve their business growth objectives through cyber risk management.
What are some good ways that you’ve seen CISO leaders exercise in improving cloud security capabilities?
Highlighting a common sentiment from her CISOs and CIOs network, Shamane shared their concerns about how some businesses are enthusiastic about migration to the cloud services but neglected the importance of understanding the risks of the fairly complex and new environment.
For a start, businesses can leverage third-party tools and upskill staff e.g. through free CSP enterprise support that can help lay the foundation. The mindset of businesses need to shift as well, from a more traditional parameter and console-based defence to a DevSecOps – development, security, and operations – mentality. It is no longer just about server hardening, but infrastructure as a code.
Shamane also emphasized how cloud security should not be treated differently from any infrastructure or applications, as cloud migration is not guaranteed to be secure. Businesses still need to independently assess their own system to be aware of what data they are publicly exposing. Constant surveillance and testing of the cloud environment are necessary for businesses to mitigate any compliance issues and reduce or limit breaches.
What are the challenges businesses face in migrating to cloud services?
The crucial considerations include the scalability, possession of appropriate skill sets, ability to translate huge amounts of data like Personal Identifiable Information (PII) or Chinese characters, and bridging gaps within the internal team. Accompanying them, are common issues that require looking into, such as Amazon Web Services’ (AWS) S3 bucket misconfiguration, and data leaks.
What makes it tricky, is how compliance measures security at a point in time, where it is a less straightforward tracking on a cloud. There is also the element of trust that CISOs need provide its clients with, but again, embedding trust into the cloud is potentially complex.
How have you educated and up-skilled yourself in cloud security? Any advice to others or resources you’d like to point to?
To constantly update skill sets with security resources, Shamane recommends simply exploring options around that are available at the moment:
- Consult your cloud security experts if you have them, and get their assistance with sound boarding and advice
- Community resources such as AWS and Azure are also valuable for foundation courses on cloud technology and security
- Podcasts such as cloud security Podcast in Australia, hosted by Ashish Rajan, are also recommended
Basically, do not be afraid to reach out or even ask for mentorship from someone experienced, and never underestimate the power of networking!
Shamane’s sharings, captured in real-time by the illustrator Ashton Rodenhiser.
All in all, it was a great exchange of ideas throughout the session, and the Sekuro team is thankful for Atlassian’s organising of this virtual conference, and inviting us to share invaluable insights through Shamane!
If you missed the event, catch up with the recording uploaded on Atlassian’s Youtube channel: