Is your business moving into the Cloud? Is it thinking of moving into the Cloud? Or is it already in the Cloud, but perhaps hasn’t yet matured the security of what it has in the Cloud? The presenters work for a multi-brand organisation where their applications and over 9 petabytes of personal data are in the Cloud. However, up until September 2018, no-one owned or managed the security of AWS across the business. This was a problem and risk that needed to be rectified! When one of the presenters joined the business in May 2018, within a number of months he had seen a major gap and decided to take on this responsibility and build a team to progress the security of the org. This presentation is a rundown of that journey so far, what was discovered, our goals and learnings (injecting our normal humour into our talk!) and providing the audience with tangible information to take away to help on their cloud journey. Regardless of the role or the skill set of the audience member, they will leave with an understanding of what it is like at the coal-face of a major internet business running their applications and storing their data in the Cloud.
We will cover the following topics in our talk / presentation flow:
Stu is currently the Head Of Cloud Security at Photobox Group (which includes Moonpig, PosterXXL in Munich, Greetz! and Hofmann). He was instrumental in building Skyscanner’s Security team from 2015-2017, having led them to the final of SC Magazine’s Security Team Of The Year 2017. He has previously worked in security at The Trainline and was part of the Cyber Leadership Team at Capital One UK. He has twice been nominated as a finalist for Cyber Evangelist Of The Year at the Scottish Cyber Awards and runs one of Scotland’s leading Tech Meet Ups; Security Scotland. Stu has appeared at numerous leading Security events such as InfoSec Europe, Cloud Expo Europe and Future Of Cyber Security.
Tash is a Senior Cloud Security Engineer at Photobox Group (which includes Moonpig, PosterXXL in Munich, Greetz! and Hofmann). She is currently building tools and processes to automate all the things/ make the Cloud more secure. Previously Tash was a threat modelling engineer in financial services, she continues to contribute to threat modelling projects and resources via OWASP and other community events.
Tash is also on the review panel for DevSecCon, an OWASP contributor and an avid advocate for Women in Tech/Cyber, appearing at various tech and security events and meet-ups to talk about both technical and behavioural topics.