IAM302 | Create enterprise-wide preventive guardrails, featuring Inter & Co.

If you want to increase your business agility without compromising security, you must let your builders innovate fast to prevent them from going off-road. That means your organization must implement a set of “guardrails” using both preventive and responsive controls. I’m suggesting this session because it puts focus on adoption strategies for SCPs and shows you how to integrate the building of these policies in a CI/CD pipeline.

IAM303 | Balance least privilege & agile development, feat. Fidelity & Merck

Cloud infrastructure provides more agility and responsiveness than traditional IT environments. This requires organizations to think differently about how they guarantee compliance and manage cloud resources. Furthermore, builders need to be able to operate in a cloud environment that’s agile and safe at the same time. This session is the right starting point to understanding the challenge of balancing agility and safety in a cloud world, described by two big enterprise customers.

GRC303 | Security practices for customizing multiple environments

Since AWS Control Tower launched, its customization features and Terraform integration have allowed organizations to use it to automate account creation with preconfigured settings that meet business, security, and compliance requirements. I love this feature and I’m especially looking forward to this session.

GRC305 | Best practices for cloud governance at scale

If your organization is preparing to migrate their workload to the cloud or scaling up their infrastructure, you won’t want to miss this session—it’ll explain the right way to introduce governance services as AWS Control Tower, AWS Organizations, AWS Config, and AWS IAM Identity Center.

GRC351 | Build an end-to-end DevSecOps pipeline on AWS

Companies must adopt a new approach to planning, developing, and testing policies. Just like when we use infrastructure as code in infrastructure automation and the CI/CD approach in application lifecycle management, at the same time our DevSecOps teams must adopt policy as code, especially in a cloud world. Join this session to learn how to best integrate cfn-guard in a CI/CD pipeline using Amazon CodeCatalyst.

GRC354 | Simplify and automate security with compliance as code

When a cloud resource does not meet compliance requirements, it’s important to react quickly and automatically. This session completes the compliance-as-code approach introduced in GRC-351 and walks through the automated remediation steps provided by AWS Systems Manager automation documents.

GRC331-R | Modernize your GRC future with AWS

Understand how to adopt AWS services to meet your upcoming regulatory requirements with this “live performance.” I really appreciate that this chalk talk offers attendees advice on planning the future of GRC in their organization.

GRC371 | Cloud compliance and assurance at scale

Continuous compliance can help keep your organization safe as the threat landscape continually changes and expands. Learn how to evaluate cloud resources and act quickly in case of misconfiguration to become proactive. Learning by doing is the best option, so join this workshop to get hands-on with how to configure AWS Config and create a custom config rule that can help your organization proactively remediate compliance violations.