In this episode of Getting Defensive, hosts Jerry Bell and Andrew Kalat welcome Derek Held, a senior cloud security engineer, to discuss the challenges organizations face in cloud security. The conversation explores the transition from traditional IT environments to cloud-native architectures, emphasizing the importance of leveraging cloud capabilities, particularly in identity management. Derek shares insights on avoiding security pitfalls, drawing lessons from notable incidents like Capital One, and highlights the significance of defensive writing in incident response. The discussion also covers the value of public records in researching data breaches and the best practices for learning about cloud identity functionalities.

Derek on infosec.exchange: derekheld (@derekheld@infosec.exchange) – Infosec Exchange

Derek’s presentations/conference talks: