Companies developing native cloud apps can gain speed and scale advantages by leveraging resources such as Amazon Web Services, microservices, serverless computing and other modern technologies. Used improperly, however, these technologies can expose infrastructure, code and data, including customer information, to bad actors online. New techniques for detecting and remediating these security vulnerabilities will be revealed at SecTor 2017 in a session led by cybersecurity expert Sean Cassidy.

Cassidy is the co-founder and chief technology officer of DefenseStorm, a company that delivers cybersecurity and cybercompliance solutions specifically built for banking. During his session, Cassidy will reveal risks associated with cloud infrastructure and highlight new vulnerabilities that could be exploited by cybercriminals.

“Infrastructure is becoming increasingly accessible via code, and management tasks formerly handled by system administrators are open to developers who can configure infrastructure using a mix of APIs, virtual machines and containers,” Cassidy said.  “While empowering engineers and automation can be an advantage, it’s vital to provide security leadership in the development process to avoid having omission or errors lead to loopholes that could be exploited to steal data or even take a company down,” Cassidy added.

During his session, Cassidy will showcase a new remote access tool for Amazon Web Services (AWS) to prove how easily an attacker could install malicious code within an AWS dashboard after infecting an administrator’s machine. Attendees will learn how to pinpoint and address these security gaps, and will gain valuable insight on new technologies that modern SaaS companies are using. Cassidy’s session will take place on Tuesday, Nov.14, at 3:55 p.m. ET at the Metro Toronto Convention Center. 

An expert in software development and cloud computing, Cassidy has been a thought leader in the information security community for more than a decade. He currently oversees DefenseStorm’s engineering and software development teams to deliver cloud-based cybersecurity and cybercompliance solutions for financial institutions, and is an innovator in connecting SaaS development with infrastructure security. He also is the author of several open source projects and has spoken at multiple top-tier IT and security conferences.