SciFiDevCon Revisited - Building Cyber Resilience and a Risk Aware Team of Heroes with CyberVengers

Building Cyber Resilience starts at the executive level for support but is a responsibility of everyone in the organization. In this session, Captain Hyperscaler's team of CyberVengers will take you on an adventure of how to roadmap an origin story to build a team of Risk Aware Heroes within your organization.

Taking the steps to build a risk aware and cyber resilient organization

Captain Hyperscaler's Dwayne Natwick is joined by AKYLADE CEO Alyson Laderman and CPO Jason Dion as we discuss the importance of building a risk aware culture and a cyber resilient organization. We will discuss the NIST Cybersecurity Framework 2.0 and the guidance that it provides. We will talk about training paths that are available and how they can provide the initial steps to building risk awareness and cyber resilience.

Skill Up Like a Super Hero podcast - Cybersecurity certification discussion with Ben Malisow

In this episode, Dwayne and guest Ben Malisow will discuss cybersecurity certifications and how they can help you gain knowledge, show your experience and bring value to hiring managers.

Skill Up Like a Super Hero Podcast - CISO Guide to Cyber Resilience - Debra Baker

In this episode, Dwayne Natwick is joined by Debra Baker, CEO of TrustedCISO to discuss her new book about cyber resilience and guidance for CISOs. #SkillUpLikeaSuperHero

Skill Up Like a Super Hero - May Brooks-Kempler, Cybersecurity awareness for everyone

In this episode, Dwayne is joined by May Brooks-Kempler. May is an extremely active board member, speaker, author, and community contributor to cybersecurity and risk awareness. She is an experienced cybersecurity professional, having held roles as a CISO, Security Architect, and Penetration Tester. May and Dwayne discuss a number of topics that culminate with the importance of cybersecurity awareness for everyone.

ISC2 Certified in Cybersecurity challenge: One Million Certified in Cybersecurity – Free ISC2 Certification Exams

Guiding Others to Good Cybersecurity Practices

In this session, May and Dwayne will discuss how cybersecurity professionals can provide guidance to educate and learn about the risks and dangers of being online while not necessarily being diligent.

Cyber Foundation Friday Revisited - NIST Risk Management Framework (RMF)

In this session, Dwayne provides you with an overview of the NIST Risk Management Framework phases and tasks, and their alignment with a System Development Life Cycle and Cybersecurity Framework.

Cyber Foundation Friday Revisited - NIST Cybersecurity Framework (CSF) 2.0

In this session, Dwayne will go over the NIST Cybersecurity Framework 2.0 and the Core functions, categories and subcategories of the CSF.

Building a Cyber Risk Management Action Plan to protect Santa Claus vulnerabilities

Ho Ho Ho! It is the Holiday Season and we are waiting for our favorite holiday characters to deliver gifts in the middle of the night. This creates various risks that could have a high impact and most definitely a high likelihood of taking place. In this session, Dwayne will discuss how to prioritize and build an action plan to prepare you for the adverse physical and technical events that come with the holidays.

Cyber pathways and career entry

In this session, May and Dwayne will discuss the pathway to a career in cybersecurity. We will discuss the different roles and the necessary experience along with barriers and doors to entry.

Cyber Foundation Friday - Risk Analysis and Treatment

This session will discuss the steps for risk analysis and how to handle risk.

Cyber Foundation Friday - Threat Detection and Operations with AI

This session will discuss how AI can assist in threat detection and security operations.

Cyber Foundation Friday - Cyber Resilience Implementation Tiers

This session will provide information on organization implementation tiers and maturity levels for cyber resilience and risk awareness.

Cyber Foundation Friday - AI Security Concepts

This session will provide an overview of AI Security Concepts

Building Governance strategies and a Risk aware culture through frameworks

In this discussion, Vickie Gray from Gray Matter GRC Ltd, and Dwayne Natwick from Captain Hyperscaler, LLC will discuss how your organization can leverage Governance and Risk Management frameworks to build a cyber resilient and Risk aware organizational culture. This will include talking about how frameworks defined within ITIL, NIST, and ISACA can provide customizable and actionable results.

Building Cyber Resilience and a Risk Aware Team of Heroes with the CyberVengers

Building Cyber Resilience starts at the executive level for support but is a responsibility of everyone in the organization. In this session, Captain Hyperscaler's team of CyberVengers will take you on an adventure of how to roadmap an origin story to build a team of Risk Aware Heroes within your organization.

How to Organize your Data Estate for AI

Governance and preparation of your data is an important part of developing a strong strategy for the use of artificial intelligence. Using the tools available to you to know, classify, and protect your data is one of the most important steps in protecting the privacy of sensitive information and PII. This session will discuss strategies to manage this risk and create a organizational level of governance and digital trust.

Steps to building a risk aware organization

In this season, I will discuss the importance of building a risk aware organization and the positive affect that it will have on your organization. This discussion will include steps to take to increase risk awareness from executives, managers, and users.

Santa knows if you've been naughty or nice...protect your PII

The Christmas stories are true, Santa sees you when you're sleeping and knows when you're awake. How is he getting this personal information? How can you protect your PII from Santa or other less jolly elves? This video will provide you with some Microsoft solutions to minimize potential risk to your personal data.

Why Developers need to understand and plan for security from the start of AppDev

In this session, I will dive into the top 5 ways that developers should think about security when creating new apps and connecting to databases. This talk will also highlight how an Azure Web Application Firewall can protect against common attacks on web-based applications noted in the OWASP Top 10.

Data Security Posture Management: Keeping your data secure from development to production

In this session, we will discuss strategies to secure and govern over data in the cloud. Strong data governance is an important aspect of protecting data exposure and maintaining compliance. I will discuss how to know where your data is located, understanding what data is sensitive, and maintaining sovereignty of that data based on regulatory and government privacy restrictions.

5 Ways to Protect Sensitive Data and PII with Microsoft Purview Compliance Manager

In this session, I will discuss how Microsoft Purview Compliance Manager can identify and protect sensitive data and PII. This will include the utilization of data classification, sensitive information types, sensitive label policies, data loss prevention policies, and records management. At the end of this session, you will understand the tools in Microsoft Purview Compliance Manager to maintain and manage a high compliance score within Microsoft 365, Azure, and third-party storage.

Winning the Security "End Game", Tips to enforce secure access on your network

In this session, I will provide tips to isolate and protect access to your network resources and applications through IAM policies, conditional access, web application firewalls, privileged access, and diversion techniques to win the End Game against attackers.

Protecting the Infinity Stones - What Elements of Security did the Avengers fail to enforce?

In this session, I will discuss the manner in which the Infinity stones were able to be collected by Thanos and how enforcing a Zero Trust framework could have avoided the events of Infinity War.

"This is the way" Why developers should be thinking about security "under the helmet".

In this session, I will dive into the top 5 ways that developers should think about security when creating new apps and connecting to databases. This talk will also highlight how an Azure Web Application Firewall can protect against common attacks on web-based applications noted in the OWASP Top 10.

Architecting a Zero Trust Framework in Azure

In this session, Dwayne will provide guidance toward architecting a Zero Trust Framework within your Azure infrastructure. He will provide areas of focus for identity, networking, devices, applications, and data for a defense in depth security design. This will also discuss identifying risk and creating a risk management framework within your secure cloud transformation.

What's new in Cloud Security from Microsoft Ignite

Ask Me Anything about Multicloud MDR with Defender for Cloud and Sentinel

Azure is Mother Nature from the Year without Santa Claus and you need the Heat Miser (AWS) and Cold Miser (GCP) to work together for a complete multi-cloud security posture. Join me for this live stream and ask me how to architect this using Defender for Cloud and Sentinel.

How Machine Learning and AI influence Cloud Security and Governance

In this session, Dwayne will discuss the various ways that machine learning and AI technologies are used within cloud-native tools and SIEM/SOAR solutions for security, governance, and threat detection and response.

Cloud Security - Are you revisiting your risk analysis?

With the capabilities and controls that are included with many cloud services, organizations should revisit their previous risk analysis to determine if there is now an opportunity to mitigate risks that were previously accepted.

Accelerating Cloud Adoption

Discuss how to accelerate to the cloud with Azure Cloud Adoption Framework and secure Cloud Landing Zones

How a Defense in Depth strategy could have saved the Empire

Anyone that has watched the Star Wars franchise should recognize that there are some major security flaws within the Empire. This session will uncover how the Empire could have stopped the Rebels with a proper Defense in Depth security posture.

Microsoft Defender for Cloud - Hybrid Cloud Security Posture Management

In this post, Dwayne will provide guidance for configuring and managing Azure, hybrid, and multi-cloud resources within Microsoft Defender for Cloud for complete security posture management of your infrastructure. After configuring resources for security posture management, you will be guided on how to configure vulnerability scans on these resources for next level security posture management.

Zero Trust testing with Conditional Access Policies' "What If"

In this session, I will provide a quick overview of how Conditional Access Policies enable Zero Trust in your company, and then show you how you can create and test your own policies with the "What if" functionality in Conditional Access.

Responsible AI and Data for public health and law enforcement

In this session, Dwayne will talk about best practices of how Azure data modeling and AI can be used using Law Enforcement & Public Health. This will include how to properly and securely ingest and transform data, and practicing responsible AI practices.

How to manage policy and compliance in Microsoft Defender for Cloud

In this guided presentation, I will provide you with actionable information on how to manage resources and your security posture using Microsoft Defender for Cloud (formerly Azure Security Center). This will include Step by Step instructions on how you can manage compliance standards, defender threats, and best practices.

Connecting and managing data sources with Azure Sentinel

Guided workshop with user lab on how to connect Microsoft and third party data sources to Azure Sentinel. Create actions and tasks using Logic Apps and Log Analytics.

Path to Cloud Security Certification

An overview of the learning objectives for the Microsoft 365 and Azure Security certifications. This will include MS-500, AZ-500, and the new SC certifications. These paths provide security compliance and Identity knowledge and certifications for Microsoft technologies. Additionally, Dwayne will discuss other vendor independent certifications that can assist on your cloud security journey. Including recommended paths and study guides.

Managing governance and compliance for Microsoft 365 and Teams

This session will provide an overview of the challenges that administrators and organizations face in a remote user environment in governing the confidentiality and integrity of data. I will discuss some ways to create and govern policies within Microsoft 365 and Teams to maintain governance of access to applications and data for remote users. I will look at how the security and compliance dashboard can be used to monitor policy compliance for protection of information and user identity. And finally, we will talk about how regulatory compliance can be monitored and managed through the Service Trust Portal

Azure Fundamentals Series - Security services, business continuity, governance, and subscriptions

In this session, we will discuss the various security, monitoring, and management services within Azure. We will discuss business continuity and governance within Azure. We will wrap up this series with a review of how Azure subscriptions are categorized.

Azure Fundamentals Series - Core PaaS and Database services

In this session, we will discuss the various platform services within Azure, including App Services, Databases (SQL and no-SQL), Container services, and server-less/microservices.

Azure Fundamentals Series - Core IaaS, storage, and network services

In this session, we will discuss the core compute, storage, and network services within the Azure environment. This will include Virtual Machines, Azure storage, and VNETs.

Azure Fundamentals Series - Cloud concepts and the Azure structure

In this session, we will explore the basic concepts and services that pertain to cloud services and technologies. We will highlight where some of the Azure service relate to these services.

Using Azure to build and monitor a Defense in Depth security posture

Building a strong defense in depth security posture is much like building and protecting a house. There are multiple levels of security. This session will focus on the foundational areas of protection: Identity protection, Monitoring and Patching, and Data Protection, and how Azure Policy and Azure Security Center can be used to monitor, audit, and manage the environment to protect resources and data.

Using Azure Policy initiatives for organizational governance

Challenges arise within a cloud environment when resources can be created that may affect, cost, security, or regulatory jurisdictions. Role-based access control (RBAC) and the principles of least privilege provide levels of restriction to users and groups within the environment as to what resources they can access or create, but they do not set parameters on where they can be created, the level of cost, or the security requirements. Azure policies are created, assigned, and utilized to govern the resources within your Azure subscription. Policies should be put in place based on the business, security, and financial requirements of the organization. This session will explore these three areas and examples of each that can be assigned and monitored.

Starting Your Azure Exam prep with Microsoft Learn

This session will navigate through Microsoft Learn and how to setup an account, view learning paths, exams, and certification topics, and creating your own Azure exam preparation roadmap.

So You want to be an Azure Architect Expert - Security and Identity

This session will cover the various security and identity management topics necessary for the Azure Architect Expert exams. These will include Azure AD and Azure AD connect, RBAC and MFA, Azure Policy and Security Center, Azure Monitor, and Log Analytics.

So You want to be an Azure Solutions Architect Expert

This session will lay the foundation to get you on the path to becoming an Azure Solutions Architect Expert. We will discuss the exams required and the objective areas covered.

So You want to be an Azure Architect Expert - Labs

This session will go through some hands-on labs to set up resources within Azure. This will include creating a Virtual Machine scale set and availability set, VNET creating and peering, Storage account creation, Database creation with elastic pools, and configuring Azure Migrate and Azure Site Recovery projects.

So You want to be an Azure Architect Expert - PaaS

This session will cover the platform services with Azure needed to pass the Azure Architect Expert exam. These will include App services, Azure Functions, Logic Apps, Event hub, Event grid, and CDN.

So You want to be an Azure Architect Expert - IaaS

This session will cover the various IaaS services needed to pass the Azure Architect Expert exam, including Virtual Machines, Scale sets, availability sets, availability zones, virtual networks, VNET peering, Virtual gateways, hybrid networks, and Load balancers. We will touch on migration and site recovery as well.

Protecting your Azure house - Best Practices for Data security

An organization is expected to provide an environment where information is available from anywhere at anytime for users. The growth of cloud technologies has provided a means and a challenge to organizations as they enrich the accessibility of information and applications. Attending this presentation will provide guidance on how to enable best practices within the organization to secure data and application access through the tools provided within cloud environments. These best practices will allow an organization to excel in the ability to provide an expanded ability to enrich user experience and attract talent with the availability of information, while maintaining organizational confidentiality and integrity.

So You want to be an Azure Architect Expert - Data and Storage

This session will cover the data and storage areas to understand when preparing for the Azure Solutions Architect Expert exams. This will include Azure Storage accounts, Azure Data Lake, and Azure Database options.

Building a Certification Roadmap

I will provide guidance and resources that can get you on a path to getting certified in cloud technologies.

Breaking down the use of Platform Service in Azure

This session will help to break down and simplify choosing platform services in Azure. Including the benefits that come with the use of platform services (PaaS) versus infrastructure services (IaaS).

Becoming a Certified Azure Developer Associate

Attending this session will provide you with some guidance on determining your certification path and roadmap, beginning your exam prep, learning resources, and an overview of the objectives for the exam AZ-204: Developing Solutions for Microsoft Azure, related to the Azure Developer Associate Certification.

How to connect Office 365 and Cloud App Security into Azure Sentinel SIEM

This session will provide a 'how-to' guide in connecting Office 365 and Cloud App Security into the Azure Sentinel SIEM to monitor and investigate sign in and application activity. You will learn how to prepare the 365 subscriptions and how to connect the data sources. Once connected, we will review the information that is provided to Azure Sentinel.

Modern Authentication - why passwords are no longer a priority

In this session, Dwayne Natwick will discuss the uses for Modern Authentication and how passwords are having decreased relevance within an identity infrastructure. We will discuss how these new techniques provide additional protection and security for your cloud identities, and demonstrate how to plan and architect a strong hybrid identity structure.

Using conditional access policies for modern authentication

Lightning demo session on how to set up and use conditional access policies to manage and monitor a modern authentication strategy.

Do or do not, there is no try... Zero Trust and Modern Authentication

Whether you are protecting the plans for the Death Star or the secrets of the Jedi, you must protect against unauthorized access. In this session, Dwayne Natwick will discuss Zero Trust and the uses for Modern Authentication. Passwords are needing a decreased relevance within an identity infrastructure. We will discuss how these new techniques provide additional protection and security for your cloud identities, and demonstrate how to plan and architect a strong hybrid identity structure.

Why Low-code/No-code doesn't mean Low/No Security

The fusion of IT and business functions has helped drive greater value from technology investments and placed digital strategies at the heart of new business models. It is only logical that the next step would be to bring this democratization to the end user. Employees like Fred and Jane can quickly develop their own business-centric applications with GUI-driven low-code development platforms that require no programming expertise. On the surface it sounds like an amazing business tool for the modern enterprise, but it poses challenges for those in charge of securing the organizations data and enforcing compliance. This session will discuss these challenges and how to address them.

5 Recommendations to Secure Identities in the Cloud

In this session, Dwayne will discuss five recommendations that can be used to provide secure and protected identities when moving to cloud technologies. As companies move to the cloud, identity becomes the primary perimeter where attackers can exploit vulnerabilities. These recommendations can provide a foundation for securing the cloud and avoiding identities from being compromised.

Multicloud MDR and Security Operations with Defender and Sentinel

In this session, Dwayne discusses how Microsoft Defender, Microsoft 365 Defender, and Microsoft Sentinel can bring together a full multicloud architecture for Detection and Response, and Security Operations.

Security Posture Management for Multi-cloud and Hybrid Infrastructures

In this session, Dwayne provides guidance and tools that can be used for security posture management in multi-cloud and hybrid infrastructures. This will include popular CSPM tools within Microsoft, Google, and AWS.

Multi-cloud Security Operations with Microsoft Sentinel

In this session, Dwayne will discuss how Microsoft Sentinel can bring together a hybrid and multi-cloud architecture with a single cloud-native SIEM and SOAR solution.

Artificial intelligence and machine learning: The future of cybersecurity

Over the past year, it seems that everyone is speaking about Artificial Intelligence (AI) and Machine Learning (ML). But what really is it? What can it do? What are the dangers? How can it be used for good? In this session, you will find possible answers to these questions and hopefully some helpful ways that AI/ML can benefit you.