Escolar Documentos
Profissional Documentos
Cultura Documentos
AWS Services
Jeremiah Sahlberg
Director,
Experience in security assessments, risk programs and incident support
Information Security and
Compliance Services • Department of Defense – DISA
• Commercial (banking, media, manufacturing, healthcare, transportation, legal)
• State and local governments
Experience Services
• Threat Services – Vulnerability Scanning, Pen Testing, Web Apps Testing, Social
Engineering
Certifications • Privacy, Enterprise Risk and Compliance – ISO, NIST-800-53, HIPAA, PCI, GDPR,
HITRUST
Certified Information Security Manager (CISM)
Certified Information Systems Security Professional (CISSP)
Payment Card Industry Qualified Security Assessor (QSA) Events and Activities
HITRUST CSF Assessor
• Publications: O’Reilly’s Secure Coding, Web Scanner
• Speaking events: Nevada Digital Summit, NY State Cyber Security Conference, SINET,
NCUA
• Board of Advisors at Liberty University
§ Launched in 2006, over a decade later, we got this figured out, right?
Bongo
Source: http://level3-9afd3927f195e10225021a578e6f78df.flaws.cloud/
§ Online tools
• buckets.grayhatwarfare.com – Online tool
• Google Search - site:s3.amazonaws.com confidential
October 24, 2018 11
AWS S3 Security Checklist
§ Check for open buckets
§ Encrypt the data contents
§ Use Transport Layer Security TLS for connecting to S3 buckets; Use https://
§ Organize your data, use versioning
§ Enable logging
§ Retire unused S3 buckets
AWS Management Console – Artifact (FedRAMP, ISO, PCI, SOC and many more)
§ Over 23 certification packages
§ Listing of included services
§ Includes security responsibilities matrix
§ Will support your compliance needs
18