Blueprint: Build the Best in Cyber Defense
Click here to send us your ideas and feedback on Blueprint!
Compliance and audit checks can be painful, and that's before you introduce additional cloud services and technology. In this episode featuring AJ Yawn we discuss some incredibly useful and actionable cloud security concepts and tools that can help your team boost visibility and reduce user permissions to help prevent breaches before they happen. In addition, we discuss what a good compliance audit should be, and how to turn audits from painful to incredibly valuable.
Resources mentioned in this episode:
- AWS CloudTrail: https://aws.amazon.com/cloudtrail/
- AWS Well-Architected Framework:https://aws.amazon.com/architecture/well-architected/
- AWS Config: https://aws.amazon.com/config
- AWS Organizations:https://aws.amazon.com/organizations/
- AWS Service Control Policies (SCP): https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html
Our Guest - AJ Yawn
AJ Yawn is the Co-Founder and CEO of ByteChek. He is a seasoned cloud security professional that possesses over a decade of senior information security experience with extensive experience managing a wide range of cybersecurity compliance assessments (SOC 2, ISO 27001, HIPAA, etc.) for a variety of SaaS, IaaS, and PaaS providers.
AJ advises startups on cloud security and serves on the Board of Directors of the ISC2 Miami chapter as the Education Chair, he is also a Founding Board member of the National Association of Black Compliance and Risk Management professions, regularly speaks on information security podcasts, events, and he contributes blogs and articles to the information security community including publications such as CISOMag, InfosecMag, HackerNoon, and ISC2.
Sponsor's Note:
Support for the Blueprint podcast comes from the SANS Institute.
Are you looking for the best in-depth training for your cyber defense team? Look no further than SANS blue team curriculum courses!
Whether you focus on network or host data, Windows or Linux, or even specialize in open source intel, SIEM, SOC, or defensive architecture, the SANS Blue Team curriculum has the course for you. From long-time classics like SEC503 Network Intrusion Detection to the newer SEC530 Defensible Security Architecture and Engineering and SEC487 Open Source Intelligence Gathering - we've got you covered, no matter what your specialty.
With an extensive archive of free webcasts on the SANS site, and free online demos available for most courses, you can easily check out the SANS blue team catalog and see which course is the best fit for you and your team.
Check out the constantly growing list of available courses at sansurl.com/blueteamops
Follow SANS Cyber Defense: Twitter | LinkedIn | YouTube
Follow John Hubbard: Twitter | LinkedIn