Here is six minutes of highlights from last week’s video chat: “Hacking AWS: An hour of critical thinking on how to assess the risks of AWS configurations”.

To see the entire replay of the video chat, go here.

Joining me in this entertaining and surprising hour was:

Got feedback? Join the conversation on LinkedIn.

Huge thanks to our sponsor, RiskRecon

Get a toolkit for assessing AWS security configurations! This new playbook and the accompanying questionnaire were built to help you achieve better risk outcomes by providing you with the knowledge and tools to objectively assess the security quality of any Amazon Web Services deployment.

Winner of “Best Bad Idea”

We had a whopping 26 bad ideas for last week’s video chat with Eli Migdal, CEO of Boardish finally pulling out a win. Congrats Eli. Other notable bad ideas included:

“AWS is self serve so we can let all the infrastructure and cyber folks go.” – Patrick Benoit, BISO, CBRE

“Collect the logs, pump them into your SIEM, and ignore them.” – Josh Roth, security solutions executive, Trustwave

“Keep spinning up instances in AWS and don’t turn them off because they’re advertised as ‘serverless’.” – David Lagace, manager, governance, risk and compliance, Lowe’s Canada

Best quotes from the chat room

“The other thing with CSA is it’s very defensible from an audit perspective. This is the industry norm, we use it and here are the findings. Plus vendors can reuse it as it becomes more common.” – Ross Young, CISO, Caterpillar Financial Services Corporation

“I must say privacy, regulation, and compliance did an AMAZING change on our world, No one wants the liability unless its 100% business needed. Compare it to 5-7 years ago – it was the opposite.” – Eli Migdal, CEO, Boardish

“Its not always about the breach but what you do after it happens and being prepared for that.” – Jorden Fajans, director IT security engineering, Pentagon Federal Credit Union