Episode Summary

In the serverless world, we sometimes take the word “managed” a little too seriously. We often forget that not ALL software responsibilities are taken over by cloud vendors. Oftentimes responsibilities are shared between builders and cloud vendors, like security.

In this episode, Allen and Jason talk about ways to improve your security posture starting today. They dive deep into AWS organizations, talk about how to keep your app teams and security teams friendly with each other, and discuss ways to minimize blast radius.

About Jason

Jason Kao is the Head of Security Research at CloudQuery and passionate about cloud security. He’s worked at large enterprises, starting as an engineer and quickly moving into cybersecurity. Jason has both defensive and offensive security experience including building cloud security infrastructure and working as a security consultant with a wide range of clients from startups to large enterprises in different industries, including highly-regulated industries.

Jason is an author on multiple security patents and has presented at multiple cloud conferences including the inaugural AWS security conference, AWS re:Inforce. His cloud security research has been featured in multiple community security newsletters.

Links

• Jason on LinkedIn
• CloudQuery
• More about AWS Organizations