I’ve found the following resources useful in my time in the cloud security space. If you’re interested in the field, I’d recommend checking them out.

Places to Hang Out

  • Cloud Security Forum Slack Workspace - an open invite slack workspace where most of those active in the cloud security community hang out. It’s a goldmine of knowledge and a great place to get answers to obscure cloud security questions, or to bounce ideas off other people. Drop me a line on twitter, or Scott Piper or most of the other active members of the cloud security community, and we can drop you an invite.

Knowlegebases

Guides and Frameworks

Keeping up to Date

  • CloudSecList - a weekly digest of cloud security content by Marco Lancini
  • TL;DR Sec - Not cloud-specific, but Clint Gibler’s security newsletter frequently includes a lot of useful content around Cloud, DevOps, DevSecOps etc, and is well worth a read.
  • Last Week in AWS - Corey Quinn’s AWS newsletter is a great way to keep up to date with the latest AWS news, and tends to be pretty amusing to boot.

Conferences

  • fwd:cloudsec - by far the best of the cloud security-focused conferences. There’s always a ton of great content, and it’s run by some of the biggest names in cloud security. If you pay attention to one cloud conference, make it this one.
  • DEF CON Cloud Village - the Cloud Village at DEF CON attracts a lot of attention, by virtue of being part of DEF CON. There’s often some good content there, but talks tend to vary a lot more in quality than at fwd:cloudsec in my experience.