Chatting with Ashish Rajan on his Cloud Security Podcast about Zero Trust using Microsoft 365 and Azure security services
I'll be giving the first public presentation and live demo of our open source tool Domain Protect at SANS CloudSecNext virtual summit 2022, 3 - 4 May, free to register here.
My first in-person talk since Security BSides 2019!
Which cloud provider has the best security services and features - AWS, Azure or GCP? Find out at (ISC)² SECURE London with demos of all three platforms, opinionated award ceremonies, and time for questions or controversy
We’ve updated our open source tool Domain Protect to include optional automated takeover of vulnerable subdomains, see my blog post OVO vs Bug Bounty researchers - round 2
The CIISec Masterclass "AWS, Azure and GCP security" is now online:
Which cloud has the best security features? Find out at my online CIISec Masterclass "AWS, Azure and GCP Security" on 12 January 2022.
Sign up at the LinkedIn Events page
Which cloud has the best security features - AWS, Azure or GCP? Find out at my talk on the final day of the ISC2 Security Congress.
At OVO Energy, we recently released a tool to prevent subdomain takeovers: Domain Protect, available at https://github.com/ovotech/domain-protect.
I've published a blog post where I go through the basics of domain takeover, talk about how the requirement arose at OVO, and describe the tool’s features, findings, and planned next steps.
And you’ll see how we saved many thousands of US Dollars in fees to Bug Bounty researchers.
Microsoft recently released the MS-500 exam - Microsoft 365 Certified Security Administrator. I decided to study for this, as I'm working for an organisation in a role where I'm responsible for Microsoft 365 security, and I wanted to improve my knowledge and understanding of the subject.
I had never previously studied for any Microsoft 365 certifications. I was fortunate to already have a good knowledge of Azure AD thanks to the on-line course I developed for AZ-500, Azure Security Technologies. However, Azure AD is only one part of the syllabus for MS-500, so I needed additional training material.
Click the read more link below to see how I studied for the exam.
Paul Schwarzenberger's talk "Centralizing identity across AWS, Azure and GCP" at fwd:cloudsec 2020 is now online. fwd:cloudsec is a new community driven, not for profit, independent conference focusing on cloud security.
The conference was streamed live on 29 June, with 15 excellent talks on a range of cloud security topics across AWS, Azure and GCP.
Paul Schwarzenberger is a Cloud Security Architect and DevSecOps specialist