I’ve found the following resources useful in my time in the cloud security space. If you’re interested in the field, I’d recommend checking them out.
Places to Hang Out
- Cloud Security Forum Slack Workspace - an open invite slack workspace where most of those active in the cloud security community hang out. It’s a goldmine of knowledge and a great place to get answers to obscure cloud security questions, or to bounce ideas off other people. Drop me a line on twitter, or Scott Piper or most of the other active members of the cloud security community, and we can drop you an invite.
- Cloud Security Zotero Library - a library I maintain of tools, blog posts, articles and other content related to cloud security. Works best with the Zotero desktop client, but usable from the web client too.
- CloudSecDocs - a collection of notes and cheatsheets on cloud security, maintained by Marco Lancini
- Hacking The Cloud - an encyclopedia of offensive cloud content, maintained by Nick Frichette
- Toniblyx’s Arsenal of AWS Security Tools - a list of security tooling for AWS, maintained by Toni de la Fuente
Guides and Frameworks
- The SummitRoute AWS Security Maturity Framework - Scott Piper’s AWS security maturity framework, designed to outline
- The F-Secure Azure Security Framework - how to get your Azure security right across a number of different areas of Azure, by Emilian Cebuc and Chris Philipov.
- The Extended AWS Security Ramp-Up Guide - a learning and development guide for AWS security, published by Rami McCarthy while he was at NCC Group.
Keeping up to Date
- CloudSecList - a weekly digest of cloud security content by Marco Lancini
- TL;DR Sec - Not cloud-specific, but Clint Gibler’s security newsletter frequently includes a lot of useful content around Cloud, DevOps, DevSecOps etc, and is well worth a read.
- Last Week in AWS - Corey Quinn’s AWS newsletter is a great way to keep up to date with the latest AWS news, and tends to be pretty amusing to boot.
- fwd:cloudsec - by far the best of the cloud security-focused conferences. There’s always a ton of great content, and it’s run by some of the biggest names in cloud security. If you pay attention to one cloud conference, make it this one.
- DEF CON Cloud Village - the Cloud Village at DEF CON attracts a lot of attention, by virtue of being part of DEF CON. There’s often some good content there, but talks tend to vary a lot more in quality than at fwd:cloudsec in my experience.