CloudSLAW News: Welcome to the Cloud Security Alliance!

I know what you’re thinking…

“Rich is such a slacker! Another week without a new lab? We’re only getting them every 2-3 weeks anymore!”

Yeah, I own that. For the couple thousand of you in the front of the herd the recent new labs have been a little erratic, and for those of you hiding in the middle of the pack I’ve been a bit slow to respond to comments and feedback.

But hey, I have good reasons! And, uh, this is all for free so, like, you know. The tl;dr:

• The latest labs take a LOT more prep work. Some of these are up to 8-12 hours of prep, even though they are still only 30 minutes for you. We are on some advanced topics and the hard part is figuring out how to structure things and keep them as cheap as possible.

• I’ve been transitioning into a new job.

New day, “sorta” new job

I’m excited to announce that as of today I’m the new Chief Analyst at the Cloud Security Alliance! This is a brand-new role they created for me so I… better not screw it up. I’ll spare you the details, but I wrote it all up at this post.

The short version is that my full time job is now research, advising CSA members, and training. Basically to help professionals and organizations as they deal with complex cloud and AI security topics. I’ve been involved with the CSA since the start and built the CCSK training program, wrote multiple versions of the CSA Security Guidance, wrote the Cloud Security maturity Model, and participated in a lot of different working groups and initiatives.

It’s been a 15 year job interview and I finally closed the deal! Time for coffee!

As for the recent lab slowdowns? Closing out my work at FireMon (where I’m still an advisor) so I could transition over to the CSA changed my priorities for the past couple of months and I had less time to devote to CloudSLAW.

The future of CloudSLAW is bright

As of now there are no intended changes to CloudSLAW and it’s now something I can do actively as part of my job, not something that has to be on the side. CloudSLAW will stay where it is and stay free, and I’m keeping Pro since I still handle all the costs through Securosis.

New labs will still be on the every 2-3 week schedule since they really are harder to create.

For those of you interested in continuing education credits and certifications, this is where things will get interesting. While we haven’t figured out exactly how we are going to configure things, we are looking at taking CloudSLAW labs, copying them into the CSA’s training platform, and adding in the tracking and quizzes required to issue credits and certificates.

The main CloudSLAW will remain free to the public and is the first place for new labs! I’m not taking anything away, and we have no plans to lock down old or new labs. The nice thing about what we have going now is that it allows me to build, test, and experiment with labs in a way I can’t do if everything is tied to certificates. \

Remember, the Cloud Security Alliance is a non-profit and its mission is to define and promote cloud and AI security best practices. Membership and certifications are two of the main ways the CSA funds its mission, and keeping CloudSLAW out there for free is completely aligned with the goals of the CSA.

Upcoming Content

As long as I have your attention…

• The next lab will be a week late due (and come out next week). It’s mostly drafted but I ran out of time to test and refine the tech side.

• That lab starts a series on Cloud Security Posture Management (CSPM) and will have about 5-6 labs.

• At the end we will circle back to our Incident Response series (since one facet of incident response is CSPM) and hopefully cover some basics of detection as code.

• I’m unsure about what topic to pick after that and plan on polling the CloudSLAW Pro members. One idea is securing AI apps in AWS. Another is containers. And at some point we need to get to data perimeters.

  • I’m very open to additional ideas, so send them over!

My sincere thanks for your time and support as this crazy experiment continues. People have been coming up to me to talk about CloudSLAW as I’ve been out at conferences and it's really motivational to know that these bits I spew out into the aether sometimes actually help people.

-rich