fwd:cloudsec 2025 Conference - Cloud security is more important now than ever before
My takeaways & experiences from the fwd:cloudsec 2025 conference
Life is interesting, isn’t it?
Our lives have a clever way of stimulating us through the experience of these funny things called “feelings”, whatever those are. These dastardly little emotions, as I’m told they are called, pop up throughout the day like a neverending haze of mental gnats in one’s noggin.
In Atlas of the Heart, Brené Brown provides a list of 87 such feelings that “define what it means to be human”; love, hurt, amusement, betrayal, pride, joy, fear, connection, reverence, humility, envy, belonging; that feeling one gets when they’re not sure whether they used a semicolon correctly or not.
Ever since I saw Clint Gibler’s opening keynote at BSidesSF 2025, “Sharing Vulnerabilities”1, I have been on this kick of trying to reframe the security profession in a more human light. In his talk, Clint challenged everyone to embrace the vulnerabilities of our humanity, not run away from them. I walked away from that talk thinking more about how security professionals should care to look out for one another’s humanity, just as much as we strive to protect and care for the focuses of our work.
The fwd:cloudsec 2025 conference did not have me experiencing most of the negative emotions listed by Brené, but I did feel a wide range of emotions as I sat and listened to the material presented and most especially as I reflected on what I had learned.
In a feeble attempt at a segue, I wanted to share the feelings, thoughts, and takeaways I experienced at this year’s fwd:cloudsec 2025 conference.
What is fwd:cloudsec?
Pronounced, “Forward Cloud Sec”, fwd:cloudsec is the shorthand for the Forward CloudSec Association, a 501©(3)2 non-profit organization focused on cloud security. fwd:cloudsec, founded in 2019, brings cloud security professionals together once a year for an annual conference, hosting an event in North America since 2020. 2024 saw the first year of a fwd:cloudsec conference in Europe.3 Full information and recordings for each talk are available through their archives.
This year’s North American conference was held in downtown Denver, Colorado, occupying the entire third floor of the Embassy Suites.
The focus
The types of things cloud practitioners want to know
The stated focus of fwd:cloudsec is, “At this conference you can expect discussions about all the major cloud platforms, both attack and defense research, limitations of security features, the pros and cons of different security strategies, and generally the types of things cloud practitioners want to know, but that don't fit neatly into a vendor conference schedule.”
This truly was a practitioner-focused conference. All talks held technical content. All talks were given by security practitioners. Some talks were presented by founders/co-founders, yet all of those founders or business leaders were still practicing technologists. These ingredients came together nicely for two full days of talks that were relatable to practitioners.
fwd:cloudsec says that they are vendor agnostic and this proved true, as there were talks that covered all three of the major cloud service providers.4
The non-profit entity also aims to provide support for open-source software, with several talks either mentioning the use of open source tooling or announcing the release of new open source projects.5
All talks were categorized according to one of the four categories created:
Mapping the frontier: supporting new clouds and technology
Surveying the wilderness: attacks and vulnerabilities, defensive practices
Packing your gear: tools for operating safely
Forming a fellowship: organizations and community
I think this category was lone-wolf as there was only one talk here
The format
Over the two-day conference, the majority of talks given were held in a “lightning”-style format, covering a maximum of 20 minutes. This meant that both the talk itself and the question-and-answer session with the audience had to take place within that 20 minutes of time.
I enjoyed this format so much! The resulting experience for me was feeling as if the day had flown by while also feeling as if I had absorbed as much content as I possibly could. I took much more away from speakers trimming down talks to 20 minutes than I have at most conference where speakers soak up 50+ minutes of time.
By fwd:cloudsec prioritizing brevity, I think this forced speakers to chip away at unnecessary details and focus on what they thought were the most substantive bits of their subject matter. Some speakers had to cut out live demos for time, while some speakers limited spoken word in favor of demonstrations.
There were a handful of longer, 40-minute talks, which is a timeframe more in line with what you see at most conferences. I could tell that these speakers were handpicked, since they seemed experienced, knowledgeable, and well prepared for the time they were allotted. One first-time speaker, Naor Haziz, did such a nice job with his talk and live demo that I would’ve never known this was their first time speaking.6
The end result was a wide range of experiences as a listener where everything carried a meaningful focus, which made the event much more enjoyable.
And I don’t think I was alone in feeling this way, as many of the talks prompted insightful questions from the audience, a strong sign that attendees were engaged with material presented.
The speakers
Many different walks of life took the stage at fwd:cloudsec. I saw co-founders, CEOs, CTOs, security researchers, and security engineers, among others. These professionals came from companies large and small. The full list of speakers at fwd:cloudsec 2025 is available for you to check out.
I don’t often enjoy talks given by speakers who are leaders at a company. This isn’t because their experiences are any less valid or that they don’t have technical skills to contribute (definitely not the case at fwd:cloudsec), it’s just that leaders often seem to aim their talks to other leaders; the primary goal is to catch the ear of a leader who makes purchasing decisions, not to keep the attention of a practitioner. However, I didn’t get that feeling at fwd:cloudsec, which was a wonderful surprise! The general vibe was much more like a local BSides that was aimed only at cloud security topics.
RSAC Conference and Black Hat USA loom over smaller security conferences like the behemoths that they are. I find myself hunting for meaningful talks to attend, often striking out and/or feeling as if the material lacked a practitioner’s focus. I didn’t get that feeling at fwd:cloudsec, as very little of the conference itself felt like a waste of time at all. If I was sitting in a room listening to a talk, I was soaking in something interesting about 85% of the time.7 Rarely, if ever, did I feel as if someone was talking over me simply because I didn’t hold decision making powers.
Takeaways from fwd:cloudsec 2025
IAM is a big, big problem
…and IAM not kidding around when I say that.8
Identity and access management (IAM) is a massive problem regardless of company size, industry vertical, or the cloud service provider in question. Talk to any security engineer with any amount of experience and I’d bet they would agree with the sentiment that IAM is hard and that there’s no one-size-fits-all approach to the problems that IAM present.
Nine different talks included explicit mentions of IAM in their title or in the abstract of their talk. So out of 42 talks, over 20% of the them involved IAM as a direct point of focus.
This comes as no surprise to security practitioners, who all seem to struggle with the complexities and nuances of IAM permissioning. Jason Kao, founder of a cloud security startup, shed light on the fact that Amazon Web Services alone offers 18,000+ permissions for use across 200+ services in his talk, "The Duplicitous Nature of AWS Identity and Access Management (IAM)”. That’s an insane amount of configuration options, which means that there is an incredible amount of room for misconfiguration. Now, what if you have a multi-cloud presence, or if your company engages with more than one cloud service provider? The complexities involved increase exponentially. In Jason Kao’s case, he outlined how AWS alone provides extreme granularity, but how the granularity itself can make application of that granularity quite challenging.
I’m not sure what I was expecting, but I can say that I didn’t expect to hear so much “IAM” speak at a technical conference. I guess it helped to remind of just how technical IAM is and can be, with a reassuring nod from others, a pat on the back that no one has this whole IAM thing figured out.
IAM is hard
As we’re all pushed to adopt new technologies faster and to create and push out new products more quickly, we have to understand that it’s paramount to include proper permissioning. The final 40-minute talk I heard, “What would you ask a crystal ball for AWS IAM?,” by Netflix’s Nick Siow, gave me two takeaways:
IAM is hard and it’s especially hard at scale, and
It takes keen, focused effort and the willingness to tackle IAM head-on as a technical challenge.
I’m definitely guilty of placing IAM towards of the bottom on my mental list of “cool things in tech”. This year’s conference has me looking at IAM with a new level of importance.
There’s no escape! Oh wait, whoops. Yes there is…
I saw two talks centered around “escapes” of different kinds: (1) container escape, and (2) hijacking, or, “escaping” low-privilege roles to take on higher-privileged roles from other containers.
The first talk on escaping, reported and presented by researchers at Wiz, was a pretty cool one, featuring a container escape vulnerability present in NVIDIA’s container toolkit. Because this toolkit has been widely adopted, it allowed the researchers to hack 10 different cloud service providers (CSPs) through this one vulnerability. The presenter, Andres Riancho, talked about their experiences with three different CSPs out of the 10 involved, Azure, Replicate, and Digital Ocean. It was interesting to hear how each provider reacted differently (Replicate’s blue team detected the lateral movement, shutting them down) and how far they were able to go with each verified exploit (Digital Ocean’s environment allowed for full service takeover). The full service takeover hearkens back to IAM and permissions, as permission limits were not set to prevent the hack from being successful (like Azure, where they were unable to gain cross-tenant access).
Check out Wiz’s full blog post for full details, How Wiz found a Critical NVIDIA AI vulnerability: Deep Dive into a container escape (CVE-2024-0132)
In the second talk, ECS-scape - Hijacking IAM Privileges in Amazon ECS, Naor Haziz did an interesting deep dive into how he was able to discover a similarly over-permissive state with containerized environments. As a new speaker, Naor was wonderfully engaging, tossing in lots of humor on top of his technical talk that culminated in a short demo of the exploit. Here, similar to above, a lack of hardening made the attack possible. He offered advice for general protections against this:
implement task-level hardening
minimize task role permissions
separate high-privilege and low-privilege workloads
Isn’t it funny how containers, something intended to house something else, was the thing highlighted multiple times as being unable to successfully house something else?
The ‘S’ in LLM stands for ‘security’
As in, there is no security in LLMs.9 That’s a phrase pulled off of a slide during Jeremy Snyder’s talk, “Challenges Around AI-as-a-service Logging” (I wish I was that clever).
I wasn’t shocked to see that AI crept up many times across the talks I listened to. The rest of the world is doused in AI so it would make sense that security professionals are, too.
Considering the logs of AI services, Jeremy Snyder, founder and CEO of FireTail, painted a picture of a task that’s seemingly impossible—getting proper logs of AI services used across your company and workforce. Snyder talked about how difficult it was to both collect logs and to analyze logs dynamically. Gathering logs is a challenge because you can’t log what you don’t know exists (“shadow AI”, services unknown to security and IT teams).
Then, automating analysis across logs is tough because, as he outlined, there are vast inconsistencies in logs from service to service, then even inconsistencies across the same logs in the same services.
Estimated that 90% of AI use across companies falls under shadow AI
If you’re reading this and thinking that endpoint-based solutions are the answer here, there are issues with that approach. Namely, you’re at the mercy of the logging mechanisms for whatever endpoint security agent or DLP system you have in place. Snyder described how endpoint agents are great at capturing network requests made, but usually truncate log data to limit the amount of bandwidth needed to send that data to the main system.
The point I appreciated most was when he said, “Things are likely to get worse before they get better.” I didn’t view that statement through the lense of FUD (fear, uncertainty, and doubt). I took it as a refreshing bit of honesty because I feel that he’s right. Security practitioners need to be ready in case things don’t magically improve on their own. And, even if they’re not prepared in full, the acceptance of things getting potentially worse can allow them to move on more quickly towards solutions when going gets tough.
“Things are likely to get worse before they get better.”
The atmosphere of modern business is rich in its thirst for adopting new technologies and scarce in desire to secure those new technologies. I know, I know, we need to move quickly, scale more aggressively, and pump out products so our businesses can grow, but at what cost, in terms of security? I’d argue that the cost is incalculable because you can’t calculate what you don’t know, simply because there are so many unknown-unknowns when it comes to securing AI.
I know I mentioned “FUD” before and I surely do not want to be a contributor to that! I strongly believe that it’s possible to embrace the potential power of new technologies while still allowing yourself to think critically.
Hey, no worries, AI don’t know what I’m doing either
Get it? “AI” instead of the word “I”? Ugh, maybe this is a sign that I need to wrap things up…
When it comes to AI, I was comforted by the realization that no one speaker has perfected it within the realm of cloud security. And, let’s face it, since 99.9% of us are using AI-as-a-Service tools, all of those fancy AI apps fall under the umbrella of cloud security. There were a few talks at fwd:cloudsec that discussed how to approach securing AI, plus how to incorporate AI into security-type tasks.
Jake Berkowsky of Snowflake described how to approach MCP server security in his talk, “Securing Remote MCP Servers”10. He mentioned MCP servers as simply a spec for writing APIs with documentation built-in; while it is technically a new thing, his point was that we should just look at it through the view of API security, not as something completely unknown. Berkowsky advised the use of an API gateway to offer protection and inspection, plus the incorporation of session restrictions at both the server and client levels.
One really neat talk centered on how to train LLMs to detect anomalous activity in cloud logs. Yigael Berger, technologist and entrepreneur, walked the audience through how LLMs take in log data, how they might handle structured log data, and how they can be trained to handle log data more effectively. Using a tool called Transformer Explainer, Yigael showed how changes to the context provided to the LLM generate different levels of probability for the “correct” output. He showed how he has found increased success with LLM-assisted log analysis by using LLMs that are trained specifically for logs. He acknowledged that this wasn’t a perfect process, since any changes to the logs themselves would necessitate a retraining of the underlying model used for analysis, which isn’t a scalable process at the moment. However, his talk gave me hope that future LLMs could help security teams/security products pull out meaningful insights from structured data more easily.
We use AI to write the code for new things, we leverage AI to help secure those things, then it’s only natural for us to use AI to analyze logs for everything right?
GRC, representing at a cloud security conference?
I was pleasantly surprised to see AJ Yawn’s name pop up on the fwd:cloudsec schedule, and not only was I surprised to see his name (as a GRC pro & person of influence) but I was excited to see that he’d be talking about GRC Engineering.
In his talk, “Introducing GRC Engineering: A New Era of AWS Compliance”, AJ came right out and said that GRC is changing and that GRC professionals have a unique opportunity to level up their technical game. Instead of coming in after the fact, through audits and reviews, or before the fact, through planning and policy, there’s space for GRC pros to insert compliance mechanisms directly into the tech stack. Rather than making recommendations that tech teams implement, GRC people can take the bull by the horns and equip themselves to implement such compliance checks themselves. He had some harsh criticism about SOC 2 audits11 that I agree with, but his main point was that SOC 2 control checks identify many things that could be automated or auto-detected prior to the audit. He’s advocating for GRC teams to be engineering enablers, not a burden to engineering staff come audit time.
I’d be remiss if I didn’t callout how AJ’s talk coincided with the release of his new book, GRC Engineering for AWS. Check it out and connect with AJ on LinkedIn. I’m sure he’d love to hear feedback on the book.
Overall, a fantastic conference
Remember when I talked about feelings earlier?
I felt a range of feelings while attending fwd:cloudsec:
Wonder
There are a lot of really smart people out there in the world. Most of the talks were impressive, both in terms of substance and speaking ability.
Comparison
I’ll be honest—I see the work of others and I immediately compare it what I do, or what my team is doing. That leads to other feelings, but, if I’m honest, I feel it!
I found myself thinking, how does what I’m hearing compare to what we’re doing? What are we doing right? What could we improve, based on this info?
Trust
I felt as if I could trust the word of the speakers I listened to and the people that I chatted with. You can recognize when someone’s on top of their game, and if they’re willing to share some wisdom with you then you better be open to learning!
Belonging/Connection
As a chronic sufferer of imposter syndrome, I relish opportunities to feel as if I belong. At fwd:cloudsec, the overall vibe, the friendliness of individuals and vendors, and the talks themselves made me feel as if I belong. Not necessarily that I’m on par with the technical abilities of the people I’m surrounded by, but that my existence as a security practitioner matters.12
That feeling of belonging is powerful. I found myself wanting other people in the security world to feel it, too.
Excitement
In general, I walked away from fwd:cloudsec excited about the possibilities of the cloud security space and the work being done from all kinds of security professionals.
I’m motivated to continue learning and dive back into some cloud-focused studies.
While I think that BSides San Francisco is the absolute best bang-for-your-buck security conference in existence13, I now have to say that fwd:cloudsec comes in at a close second. For just over $100 USD, you get two days chock full of talks.
Did I mention that the lunches were delicious? Who knew that you could eat a salad for lunch and still have an awesome day?14
But seriously, overall, I found this conference to be an amazing experience that was well worth the trip. In two days’ time I got to listen to several talks, meet new professionals, and actually enjoy a conference where vendors weren’t literally grabbing you to pull in sales leads.
So, massive kudos to the Forward CloudSec Association for the conference product you put on for others. I’m already looking forward to next year.
Sorry, I’ve looked everywhere for a recording of this talk! If I find it, I will share it, because it’s surely one of the best conference talks I’ve ever experienced.
Yes, I know that’s a “copyright” symbol. Substack apparently was not built for us to talk about non-profit entities.
You are correct—I said “once a year” while talking about something that happens twice a year. I’m only human, you know.
Those being Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).
The conference just happened, so videos haven’t been posted and I can’t link the videos with new open source tools just yet.
Their live demo sparked applause from the audience, giving it a feeling of something more relaxed, akin to DEF CON, where there’s a great appreciation for successful exploit demos.
I only had to take one math course across two music degrees, so take my math-ing as you will.
Tips are accepted for all great jokes that I make. I wonder why my tip jar for this is always empty, though… hmm…
Aw man, did I just explain the joke? I’ll do better, I promise.
I’m super good at stating the obvious.
“SOC 2 is a joke” was the quote, I believe, but I definitely agree that there’s a huge need for change. The AICPA, the accounting body that sets the SOC 2 compliance framework, has really dropped the ball when it comes to keeping the framework up to date and reigning in disreputable audit firms. The result is a cheapened audit product that is lowering the quality of SOC 2 audits across the board.
I feel like I’m being a little vague here, but hopefully you understand what I’m getting at.
I mean, c’mon, it’s $25 USD for (1) an entire weekend of security-focused content from some of the largest names in the industry, (2) a free professional headshot, and (3) free breakfast and lunch. Can you beat it? I don’t think so.
He says, cancelling his Five Guys order.