HANDS-ON WORKSHOP | Cloud Security Forensics & Incident Response: Aviata Chapter 9

Explore real-world cloud forensics challenges with Megan Roddie-Fonseca and Terrence Williams as they demonstrate how to identify and respond to complex incidents in enterprise cloud environments.

ACCESS THE DIGITAL WORKBOOK, SLIDES, AND ORIGINAL RECORDING:
https://www.sans.org/webcasts/aviata-...

Join us for an immersive hands-on workshop investigating a sophisticated attack in Google Cloud Platform. Through guided investigation using SOF-ELK, participants will analyze a compromised GenAI application deployment that leads to data exfiltration. Students will learn how organization policies affect attack paths and how to leverage cloud logging for comprehensive incident investigation.

Learning Objectives
Analyze Google Cloud audit logs using SOF-ELK for incident investigation
Understand how organization policies impact security posture and attack paths
Trace service account compromise and privilege escalation patterns
Investigate GCS bucket permission changes and data access patterns
Build accurate incident timelines using SOF-ELK's visualization capabilities
Identify security misconfigurations in IAM roles and service accounts
Understand the impact of folder hierarchy on security controls

About the Speakers:
Megan Roddie-Fonseca currently works as a Senior Security Engineer at Datadog. She is also a co-author of FOR509: Enterprise Cloud Forensics and Incident Response and a frequent presenter at security conferences. In addition to her technical expertise, Megan serves as the CFO of Mental Health Hackers, advocating for mental wellness within the industry. She holds two Master’s degrees—one in Digital Forensics and the other in Information Security Engineering—along with several industry certifications that span a wide range of specialties. Learn more about Megan, https://www.sans.org/profiles/megan-r...

With a trident of expertise in Digital Forensics and Incident Response (DFIR), Computer Science, and Cloud Environments, Terrence Williams approaches each class with the resounding belief that if individuals are not making those around them better, then what are they doing? As an instructor, Terrence's commitment is to ensure that every encounter leaves individuals better equipped and empowered than before. This philosophy underscores his teaching approach, emphasizing the transformative power of cybersecurity and the boundless possibilities that emerge with the right mindset.
Learn more about Terrence, https://www.sans.org/profiles/terrenc...

This hands-on workshop supports content from FOR509: Enterprise Cloud Forensics and Incident Response. Learn more about the course at https://www.sans.org/for509/

SANS Cloud Security focuses the deep resources of SANS on the growing threats to The Cloud by providing training, GIAC certification, research, and community initiatives to help security professionals build, deploy and manage secure cloud infrastructure, platforms, and applications.

SANS Cloud Security Curriculum: www.sans.org/cloud-security
GIAC Cloud Security Certifications: https://www.giac.org/focus-areas/clou...
LinkedIn:   / sanscloudsec  
Discord: www.sansurl.com/cloud-discord
Twitter: @SANSCloudSec