CloudSLAW Monthly: July Release-O-Rama

A major new training release, summer follies, and a hilarious AI image of my horrific metaphors.

Rich Mogull
July 16, 2024 • Estimated Reading Time: 7 minutes

Since everyone runs through the labs at their own pace, I like to send out a short monthly update to share news, bring the community together, and sync up on the big picture.

Anyone else finishing up their big summer project? Just me?

There is a straight line between the very first Cloud Security Alliance Certificate of Cloud Computing Security Knowledge (CCSK) class and CloudSLAW. CloudSLAW simply wouldn’t exist if the CSA hadn’t called one day.

So I’m incredibly excited to release a MASSIVE update today, including version 5 of the CCSK and the CSA Security Guidance. This was a complete ground-up rewrite we’ve been working on since December. I’ve probably put hundreds of hours into the project, all outside my regular job duties and CloudSLAW. Mike Rothman (my partner at Securosis) and I worked very hard to build materials which reflect real-world cloud security practices.

I see the CCSK and CloudSLAW as complementary. CloudSLAW is basically an endless series of labs designed to teach practical skills. CCSK is a packaged training course and professional certificate (with test) to cover provider-agnostic fundamentals.

But hey, I’m just excited to get this out there. I’m still finishing up the labs which, for now, are only available with an instructor. This was a monster of a project. I feel pretty lucky I still managed to sneak in a short vacation with my wife and dogs to Pismo Beach this summer, while the kids were at camp.

And you can take the very first in-person delivery this summer with me and Mike at Black Hat Trainings. (That’s the AWS version, we also have Azure labs).

Other Summer Stuff

I was at Amazon’s Re:inforce security conference last month and saw some great presentations. The keynote could use some work, but I learned a lot in nearly every session I attended. In a couple weeks I’ll be at Black Hat teaching the new class to live bodies (depending on the heat), and then the kids head back to school and summer comes to a close.

On another note, anyone else miss summers? As a kid, summers seemed to last almost forever. Heck, pre-kids, especially when I lived in Boulder, summers seemed to just drift along — even when I was working hard. Now they seem to disappear before they start.

Tracker really liked this brew pub. There were squirrels.

CloudSLAW Plans and News

As those of you keeping up in real time know, we finished up our big Organizations foundation block and are starting networking and workloads. I suspect this will take us a fair few months to get through, and that’s even before we get into more advanced topics.

BTW- I’m debating on offering a paid/community tier where I have lab office hours, community resources, and official help/support. If that’s interesting, let me know.

From the CloudSLAW Community

I’ve been using some of the episodes as a sanity check/checklist. Just set up an Org + Identity Center w Google Workplace as source of truth. Massively helpful. Even if AWS supplies docs for it all, there are too many ways to wander into questionable practices without some opinionated guidance.

Chris

Thanks Chris. I didn’t plan on CloudSLAW becoming a reference for specific operations, but you aren’t the first to share that you’ve used it this way.

Hey Rich - AWS announced passkey support, particularly for root and org management accounts, and, being a passkey fan, I decided to dive right in -- in my view, passkeys are less phishable than TOTP codes, so implementing passkeys is a win.

So I created a new MFA virtual device for my Cloud Slaw root account of the passkey type, and then signed out and back in.

Here's the fun thing - I'd kinda forgotten that we setup SecurityHub to forward findings through SNS to my email, so I was briefly confused, but then pleasantly surprised to see 3 email messages pop up in my inbox - all were Guard Duty findings for IAMUser-RootCredentialUsage (invocation of the ListSigningCertificates, ListNotificationHubs, and GetAlternateContacts APIs). While I haven't yet dived into interpreting them, the data all looks reasonable for a root login event and credential change.

I haven't yet deactivated my TOTP virtual MFA device for this account, nor created passkeys for any of the other high-privilege accounts, but I'm pleased to see the findings in email.

I thought you might be interested a) that passkey support is there, and b) that the SecurityHub integration works as expected.

Pete

Heh — I just had some ancient alerts I set up years ago trigger when I was working on updating the CCSK labs. Nice to know they just sat there waiting for me.

One note on passkeys, which applies beyond AWS. If you only use a passkey and your username, that is still only single-factor authentication! That’s fine if you are using a passkey to replace a password, but we always want to use MFA in the cloud.

Steve’s AI skills just perfectly nailed my mixed metaphors in the EventBridge lesson. That’s where I talk about bears and X-wings.

Corrections

Another clean run!

My Other Work and Upcoming Training

I won’t link to everything, because I post way too much in way too many places, but I will highlight some bigger things:

We are very deep intodone updating the Cloud Security Alliance CCSK training to version 5.0. This is a ground-up rebuild and a ton of work, but initial feedback from reviewers has been very positive. Mike Rothman will be teaching the first public class at Black Hat this summer.
A few Securosis blog posts to highlight:
- The Cloud Shared Irresponsibilities Model. I think this is one of the most significant posts I’ve written in a while.
- I wrote up a big piece on Apple Intelligence over at TidBITS. It’s designed for people who don’t know the ins and outs of AI.
I’m still really happy with the Universal Cloud Threat Model that Chris Farris and I published.

Thank you everyone, and please keep the feedback coming!

Reply

or to participate.