AWS Security focused meetup - tooling & incident stories

Welcome to the AWS Stockholm meetup,
This time we will take a closer look at AWS from a security point of view, we will talk about tooling and some incident stories.

Schedule :
17:15 Doors open, Food, mingle & drinks
18:00 - 18:05 - Intro
18:05 - 18:35 Local language model to improve your AWS security
18.35 - 19.05 Detection as Code: Building a Security Detection Pipeline with Sigma, Grafana, and Loki
19.20 - 19.50 Learning from AWS Customer Security Incidents
20-21 mingle & drinks

Topic 1: Local language model to improve your AWS security (30 min)
Have you ever wished that you could just ask a chat agent how your AWS security looks and what areas have been insecurely configured. A lot of time I tend to ask chatgpt on what commands to run. Now I am using ai agents for everything since 2025 is the year of ai agents. I'm releasing a tool to audit for the most common security task and will show how to run it with a local Language model so that we can query our AWS environment with natural language queries like.

• Hey do i have any s3 buckets that are world readable?
• Oh do i have any acl that are too permissive tied to my lambdas?
• What VPC connections do i have and what networks are they open to?

Speaker : Thomas Olofsson is the CTO at FYEO Inc
LinkedIn / Twitter :
https://www.linkedin.com/in/tolofsson
https://x.com/skjortan

Topic 2: Detection as Code: Building a Security Detection Pipeline with Sigma, Grafana, and Loki (30 min)
This talk will focus on transforming security operations by treating detections as code. It will cover core detection principles, using Sigma for writing rules, and converting these rules into LogQL queries. The presentation will also demonstrate integrating with Grafana Alerting and automating with GitHub Actions for continuous validation. An interactive Q&A session will conclude the talk.
Speaker : Mostafa Moradian is a Senior Software Engineer in Security at Grafana Labs
LinkedIn / Twitter:
https://www.linkedin.com/in/mostafa-moradian/
https://x.com/MosiMoradian

Topic 3: Learning from AWS Customer Security Incidents (30 min)
We will discuss and learn from the public data on dozens of AWS customer security incidents. We’ll walk through the technical details of attacks, establish common root causes, look at lessons learned, and establish how you can proactively secure your environment against these real world risks.
Speaker : Rami McCarthy is a Principal Security Researcher at Wiz
LinkedIn / Blog : https://www.linkedin.com/in/ramimac, https://ramimac.me

How to get here
This event is sponsored by Qred and the venue can be found at Drottninggatan 98, second level · Stockholm. Choose Qred in the intercom and wait for the green light for both of the enterences.