January Meet

Happy New Year, Security time, We will have two exciting talks, lots of people to meet, and great food. Come join us at Hacker dojo mountain view. This is a joint meetup with Pacific Hackers group(www.phack.org).

Courtesy of our host Tromzo . Tromzo accelerates remediation of risks, from code to cloud. Built by security practitioners & backed by 25+ CISOs.

Talk#1: Frictionless API Observability.Visibility of API assets, and their underlying JSON structure is a critical requirement for any security initiative that manages attack surfaces.This live session will demonstrate how Microservices in a Kubernetes environment can be instrumented by a no-code/agentless sensor to auto-discover, and auto-generate OpenAPI docs for all APIs present.

Speaker: Harish Natraj, co-founder of Levo.ai. He has deep experience in the APIs, microservices, and Kubernetes space. He has spent the last 10 years building and operating API Observability and Security solutions. He is passionate about empowering modern development teams to build secure and robust applications.

Talk#2: Shadow Access has emerged as the most potent attack vector in the Cloud that creates exploitable pathways to an organization's crown jewels. Adversaries are shifting their attention to attacking DATA, Applications and software supply chains by weaponizing exploitable access pathways.

What is Shadow Access?
The widespread use of cloud services and the increase in data-centric applications has led to the proliferation of data stores containing sensitive information. There is a high demand for access to this large volume of data, but it has also created a new problem called Shadow Access, which refers to unauthorized, unregulated, and invisible access to cloud data, applications, and software. In simple terms, shadow access must not exist and should be removed.
What creates Shadow Access? Cloud identities, roles, permissions, policies, entitlements and vulnerabilities combine to create exploitable access pathways to DATA and applications. SEC-2 and SEC-5 of the OWASP Top 10 Security Risks are examples of Shadow Access impacting CI CD systems.
This talk will describe the problem of Shadow Access using the AWS Cloud as an exemplar. It will differentiate between status quo and the state of the art in detection engineering for Shadow Access. The talk will cover more 20+ detections of Shadow Access describing various techniques to detect and remove shadow access and its impact on audit, compliance and governance.

Speaker Bio
Venkat Raghavan is the founder and CEO at Stack Identity. He is an operator, builder, and entrepreneur with over 25 years of enterprise software experience spanning big tech and start-ups. Venkat has held a variety of senior operational roles in products, research and development and general management. His areas of expertise include incubating, developing, and scaling businesses in Cyber Security, Cloud Native technologies and AI/ML.