© Mapbox, © OpenStreetMap

Speaker

Karl Ots

Karl Ots

Head of Cloud Security at EPAM | Author of Azure Security Handbook | RD & MVP

Zürich, Switzerland

Karl Ots is a cloud and cybersecurity expert, as well as international speaker and trainer, with a broad range of deep Azure expertise. He believes that secure cloud technologies are the key to successful digital transformation. He applies his passion as Head of Cloud Security at EPAM Systems.

Karl has been working with Microsoft Azure since 2011 in a variety of forums ranging from large projects to speaking at largest tech conferences, such as Microsoft Ignite. Karl is a Microsoft Certified Trainer (MCT) and a Certified Information Systems Security Professional (CISSP). He is the author of Azure Security Handbook.

Awards

Area of Expertise

  • Information & Communications Technology

Topics

  • Cloud Security

Kubernetes Security Theatre: How To Get to Drama-Free Deployments

Step into the world of Kubernetes and cloud-native security, where things are not always as they seem. Join us for a theatrical exploration of security theatre – the art of creating an illusion of security in enterprise environments. This session is set to be a dramatic play, where we cast ourselves in the roles of a vigilant enterprise security officer and a savvy Kubernetes practitioner, uncovering the superficial measures that often masquerade as true security.
In this performance, we'll navigate the complex script of enterprise security protocols, distinguishing between mere stage props and the actual, effective security practices. Watch as we demystify the common plot twists in cloud-native security, moving beyond the script to ensure genuine protection.
By the final curtain call, you'll have a deeper understanding of what true security entails in the Kubernetes world, leaving behind the facade of security theatre.

Top 10 Azure security tips from 10 years of securing Azure applications

In the last 10 years, Azure has become one of the most popular cloud platforms for businesses and organizations of all sizes. As the platform has evolved, so has the threat landscape. To understand the present cloud security landscape and predict the future, let's take a trip down the memory lane!

In this session, we will discuss how Azure's security controls have evolved over time. Throughout the session, I will share best practices for securing your Azure infrastructure, applications, and data, so that you can build an architecture that stands the test of time.

Securing Azure Open AI apps in the Enterprise

With the last year bringing us real hands-on experience with Azure OpenAI, and the announcement of OpenAI’s ChatGPT Enterprise. it's time to look at how to properly secure Open AI services in Azure.

In this session, we explore the core security controls for securing usage of OpenAI’s services in an enterprise environment. We cover what controls are available, which are missing, what is their effective coverage, and how to implement them.

Walking out of the session, you will be able to identify and implement security controls that make sense for your organization. You will also be able to identify what is missing and how to mitigate those gaps.

Master the unknown: protect yourself against zero-day cloud vulnerabilities

Congratulations, you've achieved a high level of cloud security maturity and now know how to protect yourself against misconfigurations and manage the ever-present security drift.

But how do you protect against what’s truly unknown, such as Microsoft’s Azure cloud OMIGOD and Amazon Web Service’s SuperGlue vulnerabilities affecting the cloud service provider itself? This is your next challenge in cloud security.

In this session, you will learn through real-life examples about how to assess and protect yourself against cloud service provider vulnerabilities. Specifically, I will walk through 3 distinct examples of recent cloud provider vulnerabilities.

I will provide the audience the tools and mindset on how to evaluate future cloud provider vulnerabilities and rapidly protect yourself against them.

Top pitfalls of Microsoft Azure security and how to avoid them

Did you know that contrary to popular belief, the most common cloud security threats are not outside attacks, but rather misconfigurations? To fully secure public cloud platforms, we need to understand them deeply. This requires both upskilling existing information security office with cloud expertise and shifting the way security responsibilities are spread across the organization.

I have assessed the security hundreds of solutions built on the Microsoft Azure cloud and found that there are some key security pitfalls that are common across all industry verticals and company sizes. In this session, I will share what these security pitfalls are, why do they matter and how to mitigate them.

Lessons learned from enterprise cloud security programs

In the on-premises world, cybersecurity risks were limited to your organization’s network perimeter. In the era of cloud computing, both the impact and likelihood of potential risks are significantly higher. With the corresponding rise of DevOps methodology, security is now the responsibility of everyone who are part of the application development lifecycle, not just security specialists. In this session, I will present my findings on methods and processes to build the cloud security framework that make sense for both your business and your developers. The session is based on real-life experiences from implementing cloud security programs in some of the largest enterprises in the world.

DDD North 2022 Sessionize Event

December 2022 Kingston upon Hull, United Kingdom

KCDC 2022 Sessionize Event

August 2022 Kansas City, Missouri, United States

IglooConf 2022: Midsummer Sessionize Event

June 2022 Helsinki, Finland

DevSum 2022 Sessionize Event

May 2022 Stockholm, Sweden

Global Azure 2022 Sessionize Event

May 2022

Microsoft Azure + AI Conference Spring 2022 Sessionize Event

April 2022 Las Vegas, Nevada, United States

Security BSides Dublin 2022 Sessionize Event

March 2022 Dublin, Ireland

DDD 2021 Sessionize Event

November 2021 Reading, United Kingdom

Automation + DevOps Summit Sessionize Event

November 2021 Nashville, Tennessee, United States

KCDC 2021 Sessionize Event

September 2021 Kansas City, Missouri, United States

India Cloud Security Summit , 2021 Sessionize Event

August 2021

Azure Lowlands Sessionize Event

January 2021

DDD 2020 Sessionize Event

December 2020

Experts Live Switzerland 2020 Sessionize Event

September 2020 Bern, Switzerland

Microsoft Techdays 2020 Sessionize Event

March 2020 Helsinki, Finland

IglooConf 2020 Sessionize Event

January 2020 Helsinki, Finland

CloudBrew 2019 - A two-day Microsoft Azure event Sessionize Event

December 2019 Mechelen, Belgium

ITCamp 2019 Sessionize Event

June 2019 Cluj-Napoca, Romania

Techorama Belgium 2019 Sessionize Event

May 2019 Antwerpen, Belgium

IglooConf 2019 Sessionize Event

January 2019 Helsinki, Finland

Update Conference Prague 2018 Sessionize Event

November 2018 Prague, Czechia

CloudBrew 2018 - A two-day Microsoft Azure event Sessionize Event

October 2018 Mechelen, Belgium

Intelligent Cloud Conference 2018 Sessionize Event

May 2018 Copenhagen, Denmark

Azure Saturday 2018 Sessionize Event

May 2018 Munich, Germany

TechDays Finland 2018

Navigating in the sea of containers in Azure: when to choose which service and why?

March 2018 Helsinki, Finland

CloudBrew 2017 - A full-day Microsoft Azure event Sessionize Event

November 2017

TechDays Sweden 2017

Monitoring advanced Azure PaaS workloads in the enterprise - Level: 200

October 2017 Stockholm, Sweden

TechDays Netherlands 2017

Building globally scalable media solutions with Azure Media Services

October 2017 Amsterdam, The Netherlands

Karl Ots

Head of Cloud Security at EPAM | Author of Azure Security Handbook | RD & MVP

Zürich, Switzerland