Jump to navigation Jump to content

Speaker

David Okeyode

David Okeyode

Azure MVP - Cloud Security Consultant

Oxford, United Kingdom

Actions

David is the EMEA Chief Technology Officer for Azure at Palo Alto Networks. Before that, he was an independent consultant helping companies secure their Azure environments through private expert level trainings and assessments. He has authored two books on Azure security - "Penetration Testing Azure for Ethical Hackers" and "Microsoft Azure Security Technologies Certification and Beyond" (https://amzn.to/3C7mrcL). He has also authored multiple cloud computing courses for the popular cybersecurity training platform - Cybrary. He holds over 15 cloud certifications across Azure and AWS platforms, including the Azure Security Engineer, Azure DevOps and AWS Security Specialist certifications.

David has over a decade of experience in Cybersecurity (consultancy, design, implementation) and over 7 years of experience as a trainer. He has worked with organizations of different sizes from startups to major enterprises to government organizations.

David has developed multiple vulnerable by design automation templates that can be used to practice cloud penetration testing techniques. He regularly speaks on cloud security at user groups and major industry events like Microsoft Future Decoded and the European Information Security Summit.

David is married to a lovely girl who makes the best banana cake in the world. They love travelling the world together!

Links

Awards

Area of Expertise

  • Information & Communications Technology

Topics

  • Azure Security
  • Azure
  • Microsoft Azure
  • Azure IaaS
  • Azure Active Directory
  • azure penetration testing
  • azure pentesting
  • azure vulnerability assessment
  • Azure Cognitive Services
  • Azure PaaS
  • Azure CosmosDB
  • Azure Logic Apps
  • Azure Data Factory
  • Azure Security Center (ASC)
  • Azure Virtual Machines
  • azure serverless security
  • azure paas security
  • Azure DevOps
  • devops security
  • shift left testing
  • continuous security validation
  • Azure BCDR
  • DevOps & Automation
  • DevSecOps
  • azure devops security

Sessions

When the Walls Come Tumbling Down: Learnings from Supply Chain Attacks

Join us for a thought-provoking talk on the latest learnings from Azure supply chain attacks. As more and more organizations move to the cloud, the threat of supply chain attacks is becoming increasingly prevalent. We will delve into the common methods used by hackers to compromise organizations' cloud environments, and discuss the key vulnerabilities that leave companies vulnerable to supply chain attacks. We will also share insights on how organizations can protect themselves, including best practices for monitoring suspicious activity, implementing multi-factor authentication, and having a comprehensive incident response plan in place. Don't miss this opportunity to gain valuable knowledge and insights on how to safeguard your organization from Azure supply chain attacks.

Securing the code to cloud pipeline using GitHub and Azure

Security is a major concern for businesses. The rapid pace of development and constant evolution of the Azure cloud has left many organizations struggling to keep up with security and compliance of their applications. Our goal in this session is to help the attendee to gain a clear understanding of how to implement continuous security into every phase of the DevOps workflow for organizations that are adopting the Azure Cloud, its services and DevOps toolchain.

We will share from both of our experiences the common patterns that we have seen in organizations that have successfully implemented continuous security from code to the cloud using GitHub and Azure.

IaC DevSecOps for Azure

Through discussion and demonstration you’ll gain insight into implementing continuous security verification tests for Azure IaC templates at the three phases of development/authoring, build/integration, and deployment

Continuous Security in an Azure DevOps Pipeline

Is "DevSecOps" a myth, a buzzword or are organizations really implementing security in their build and release pipelines to improve the quality of software that they release? In this session, I'll establish the key principles of continuous security and what should be included. I'll also demonstrate an example implementation of continuous security validation at the three phases of development/authoring, build/integration, and deployment in an Azure DevOps pipeline.

An Introduction to Azure Offensive Security

In this session, I'll introduce the following topics in relation to the Azure platform: Identifying entry points on Azure; Credential access techniques; Discovering and attacking specific cloud services; Account persistence; Post exploit enumeration; Backdooring the account

How vulnerable is your Azure environment?

Through discussion and demonstration you’ll gain insight into the following topics:

Azure Attack Chain - Methods that hackers use to exploit Azure environments; Identifying critical flaws in your attack surface; Lessons to learn from recent cloud breaches; Top 5 steps to prevent attacks to your Azure environments

Lessons from recent Azure vulnerability disclosures!

The Azure cloud is Microsoft's public cloud computing platform. Recently, three cross-tenant/cross-account vulnerabilities were disclosed by security researchers! The vulnerabilities have since been patched but there are lessons that we could learn from them.

In this session, I will cover these in details and share some thoughts on how you could keep your workloads protected against cross-tenant/cross-account platform vulnerabilities.

David Okeyode

Azure MVP - Cloud Security Consultant

Oxford, United Kingdom

Links

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top