Where can I listen to this podcast?

This podcast is available on 4 platforms including Apple Podcasts, Spotify, and more. You can also use the RSS feed directly.

Does this podcast accept guests?

No, this podcast does not typically feature guests.

fwd:cloudsec

Claim This Podcast

by Fwd:cloudsec

59 episodes

Updated Daily

Accepts GuestsHas SponsorsLocation 🇺🇸

Podcast Authority

Beta

PoorBased on show quality, social media presence, reviews, charts, and more

Quality72

Social0

YouTube0

Engagement0

Learn more

Podcast Overview

fwd:cloudsec is a non-profit conference on cloud security. At this conference you can expect discussions about all the major cloud platforms, both attack and defense research, limitations of security features, the pros and cons of different security strategies, and generally the types of things cloud practitioners want to know, but that don't fit neatly into a vendor conference schedule.

Language

🇺🇲

Publishing Since

7/1/2025

Visit Website View on Apple Podcasts RSS Feed

🇺🇸 Charts #3

Outreach generated

Apple 142

Spotify 827

Instant mention tracking

Perfect fit!

Unlock The Full Podcast Authority Score Report

See how your podcast performs across key metrics

Podcast Authority

Beta

PoorBased on show quality, social media presence, reviews, charts, and more

Quality72

Social0

YouTube0

Engagement0

Learn more

Excellent Areas

Good Performance

Growth Opportunities

excellent

Publishing Consistency

Every 0 days

Performing excellently!

poor

Episode Thumbnails

Recommendations available

Unlock the full report to see detailed tips

+16 More Metrics

Unlock comprehensive insights including:

• YouTube presence analysis
• Social media reach metrics
• RSS compliance scoring
• Podcast 2.0 features
• Technical standards

What's Included in Your Full Report

Detailed Analytics

Complete breakdown of all 19 authority metrics
Personalized recommendations for each metric
Industry benchmarks and comparisons
Technical RSS feed analysis and compliance scoring

Growth Strategies

Step-by-step action plans for improvement
Quick wins to boost your score immediately
Pro tips from successful podcasters

Get your free podcast insights report

See how your show performs across every key metric

Instant delivery

No spam

Attract Better Guests

High authority scores make your podcast more attractive to industry leaders and influencers who want to appear on credible shows.

Secure Sponsorships

Sponsors look for podcasts with proven authority and engagement. Your score demonstrates your podcast's value to potential partners.

Grow Your Audience

Understanding your strengths and weaknesses helps you make data-driven decisions to expand your listener base effectively.

1 verified contact email on file for fwd:cloudsec

Pitch yourself as a guest, propose sponsorships, or reach out directly to the host.

See contact details

Recent Episodes

June 3, 2026

Velocity of a Whisper: When One Vulnerability Cascades Across Cloud Infrastructure - Albin Vattakattu & Ryan Nolette

Speakers: Albin Vattakattu & Ryan NoletteAlbin leads the global Vulnerability Disclosure Program (VDP) for Amazon Web Services (AWS). He co-authored the inaugural AI security whitepaper, jointly published by AWS and SANS institute. Prior to AWS, Albin led incident response teams across North and South America, defending foreign governments and fortune 100 companies against DDoS campaigns orchestrated by APTs. He holds a Master’s degree in cybersecurity from New York University (NYU). Ryan is AWS's Senior Security Engineer for the Outreach Team and CoAuthor of AWS Detective. He has previously held a variety of roles including threat research, incident response consulting, and every level of security operations. With almost 2 decades in the infosec field, Ryan has been on the development and operations side of companies such as Postman, Sqrrl, Carbon Black, Crossbeam Systems, SecureWorks and Fidelity Investments. Ryan has been an active speaker and writer on threat hunting and endpoint security. Talk:A security researcher submits a report. It looks small -maybe even trivial. But in cloud environments, what starts as a whisper can become a roar that echoes across infrastructure you didn't know was connected. This talk reveals what happens behind the scenes when vulnerability reports reach cloud providers at scale. What makes cloud vulnerabilities unique when distributed architectures are in play? How do you prioritize remediation when you're working backwards from customer impact across services you don't directly control? Through a real-world case study told from both the researcher and practitioner perspective, you'll see the crucial trade-offs no one talks about publicly, and a series of challenges that textbook CVD was not designed to handle. And the challenge is growing. AI is accelerating the velocity of vulnerability discovery, and the traditional vulnerability disclosure program (VDP) model was not built for it. This talk introduces three principles for modern VDP: a framework for building programs that don't just survive scale, but use it as a force multiplier. Whether you're finding vulnerabilities or fixing them, you'll leave with practical strategies for navigating today's reality. Recorded at fwd:cloudsec North America 2026 - Bellevue, WAhttps://fwdcloudsec.org/conference/north-america/

June 3, 2026

Barbarians at the Gate: Visualizing and Blocking SDLC Infrastructure Threats with SITF - Shay Berkovich

Speaker: Shay BerkovichShay is part of the Threat Research team in Wiz (now acquired by Google) working on various aspects of container and SDLC infrastructure security with the emphasis on (on one hand) Kubernetes emerging threats and (on another hand) CI/CD and VCS security posture. He worked previously at BlackBerry, Symantec and BlueCoat on a range of security products (CWPP, WAF, SWG) doing applied security research and security architecture. Shay holds a Masters’ degree from UW with (somewhat unexpected) thesis in runtime verification and has delivered multiple talks in academic and industrial security conferences. Talk:A security researcher submits a report. It looks small -maybe even trivial. But in cloud environments, what starts as a whisper can become a roar that echoes across infrastructure you didn't know was connected. This talk reveals what happens behind the scenes when vulnerability reports reach cloud providers at scale. What makes cloud vulnerabilities unique when distributed architectures are in play? How do you prioritize remediation when you're working backwards from customer impact across services you don't directly control? Through a real-world case study told from both the researcher and practitioner perspective, you'll see the crucial trade-offs no one talks about publicly, and a series of challenges that textbook CVD was not designed to handle. And the challenge is growing. AI is accelerating the velocity of vulnerability discovery, and the traditional vulnerability disclosure program (VDP) model was not built for it. This talk introduces three principles for modern VDP: a framework for building programs that don't just survive scale, but use it as a force multiplier. Whether you're finding vulnerabilities or fixing them, you'll leave with practical strategies for navigating today's reality. Recorded at fwd:cloudsec North America 2026 - Bellevue, WAhttps://fwdcloudsec.org/conference/north-america/

Episode thumbnail for Transforming Security Incident Metadata to Security Outcomes: the Threat Technique Catalog for AWS Journey - Cydney Stude & Steve de Vera

June 3, 2026

Transforming Security Incident Metadata to Security Outcomes: the Threat Technique Catalog for AWS Journey - Cydney Stude & Steve de Vera

Speakers: Cydney Stude & Steve de VeraCydney is a security researcher and incident responder on the AWS Customer Incident Response Team (CIRT). Cydney studies emerging attack patterns and focuses on translating real-world incident response metadata into actionable detection and prevention strategies for cloud defenders. Cydney leads the quarterly Threat Technique Catalog for AWS releases. Steve de Vera is a security minded professional with over 20 years of experience in various roles including digital forensics and incident response, red teaming, and security engineering. He is currently a senior security engineer for the AWS Security Incident Response Service where he specializes in incident response and threat intelligence. Talk:When a cloud IR team can’t systematically categorize what they’re seeing across incidents, every engagement starts from scratch. In 2019, when a security incident response team tried to discuss incident patterns internally, they hit the same wall every time—no shared vocabulary, no common framework. One responder would describe an attack as 'credential theft,' another as 'privilege escalation,' and they'd spend 20 minutes just aligning on what actually happened before we could extract any lessons. That's when we realized: if we couldn't discuss patterns among ourselves, how could we possibly share impactful lessons learned with customers or the broader security community? This talk chronicles our journey from that frustrating moment to launching an open-source threat intelligence resource now used globally—the Threat Technique Catalog for AWS, written and released by the AWS Customer Incident Response Team. The Threat Technique Catalog for AWS was built out of necessity, and it transformed how CIRT operated. For the first time, they could track incident types and threat actor activity systematically. This visibility enabled the ability to prioritize authoring playbooks for the most common incidents, identify gaps in our response capabilities, and take action on opportunities that we hadn't known existed before. We’ll talk through how systemic incident categorization enabled a cloud IR team to identify response capability gaps, prioritize playbook development for the most frequently observed techniques, and build an evidence base that drove platform-level security improvements – including contributing to the decision to enforce mandatory MFA for root users across all AWS account types. Since the first launch in June 2025, the catalog has become a living resource—the March 2026 update just added new techniques like Cogito that we're seeing in active campaigns right now. Every quarter brings fresh intelligence: novel attack patterns, emerging threat actor behaviors, and the techniques CIRT observes most frequently in the wild. This isn't a static reference—it's an evolving playbook that turns every security incident into an opportunity to educate the community while we work in parallel to make AWS more secure by default. The Talk covers three phases: building the internal taxonomy and the operational improvements it unlocked; using aggregated incident data to advocate for systemic security changes; and the process of taking internal threat intelligence public through a quarterly-updated open-source catalog. We’ll share specific examples of how incident metadata revealed patterns that weren’t visibile at the individual case level, and how those patterns translated into concrete actions – from new detection logic to publicly available IR workshops covering scenarios like unauthorized credential use, ransomware, cryptomining, and SSRF. Attendees will leave with a practical framework for building their own incident categorization system, concrete examples of how threat intelligence devised from IR engagements can drive both tactical and strategic improvements, and an understanding of how to evaluate whether their current monitoring would catch the techniques cloud IR teams see most frequently.

59 total episodes available

Deep-dive analytics for fwd:cloudsec

Frequently asked questions

Have a different question and can't find the answer you're looking for? Reach out to our support team by sending us an email and we'll get back to you as soon as we can.

What is fwd:cloudsec?: fwd:cloudsec is a non-profit conference on cloud security. At this conference you can expect discussions about all the major cloud platforms, both attack and defense research, limitations of security features, the pros and cons of different security strategies, and generally the types of things cloud practitioners want to know, but that don't fit neatly into a vendor conference schedule.
How often does this podcast release new episodes?: This podcast updates daily.
Where can I listen to this podcast?: This podcast is available on 4 platforms including Apple Podcasts, Spotify, and more. You can also use the RSS feed directly.
Does this podcast accept guests?: No, this podcast does not typically feature guests.

Legal Disclaimer

Pod Engine is not affiliated with, endorsed by, or officially connected with any of the podcasts displayed on this platform. We operate independently as a podcast discovery and analytics service.

All podcast artwork, thumbnails, and content displayed on this page are the property of their respective owners and are protected by applicable copyright laws. This includes, but is not limited to, podcast cover art, episode artwork, show descriptions, episode titles, transcripts, audio snippets, and any other content originating from the podcast creators or their licensors.

We display this content under fair use principles and/or implied license for the purpose of podcast discovery, information, and commentary. We make no claim of ownership over any podcast content, artwork, or related materials shown on this platform. All trademarks, service marks, and trade names are the property of their respective owners.

While we strive to ensure all content usage is properly authorized, if you are a rights holder and believe your content is being used inappropriately or without proper authorization, please contact us immediately at hey@podengine.ai for prompt review and appropriate action, which may include content removal or proper attribution.

By accessing and using this platform, you acknowledge and agree to respect all applicable copyright laws and intellectual property rights of content owners. Any unauthorized reproduction, distribution, or commercial use of the content displayed on this platform is strictly prohibited.