Certification Contributions
Contributing to industry-standard security certifications
TAISE
Trustworthy AI Security & Ethics certification contributor. Helped develop the framework for responsible AI implementation.
CCSP
Founding committee member for the (ISC)² Certified Cloud Security Professional certification.
CCSK
Contributor to the Cloud Security Alliance's Certificate of Cloud Security Knowledge.
CCAK
Certificate of Cloud Auditing Knowledge contributor and trainer.
CSA Research Publications
Contributing to Cloud Security Alliance research and guidance
Cloud Security for Startups 2024
SaaS-based startups face distinct security challenges requiring a tailored approach. These companies often begin with small security teams and limited budgets, yet customers expect them to achieve full maturity quickly. This second edition (first published 2017) provides comprehensive guidance specifically for SaaS-based startups, emphasizing strategic decisions and tactical recommendations for achieving enterprise-level security maturity.
Understanding Cloud Attack Vectors
The goal of this document is to map the various attack vectors that are actually being used during cloud-based attacks in IaaS/PaaS and to map the vectors and their mitigating controls to various resources. The motivation for this document came after we analyzed much research around cloud security and realized that they are listing a combination of risks, threats, attack vectors, vulnerabilities, and concerns. And while there are many risks and threats to IaaS/PaaS platforms and applications, most of the risks are associated with a very specific number of attack vectors.
Security Guidelines for Providing and Consuming APIs
In modern application workloads, organizations are often required to integrate their application with other parties such as Software-as-a-Service (SaaS) providers, customers applications, and business partners. The purpose of this document is to provide a framework for securely connecting external entities such as customers or third parties. The document provides a usable list of security considerations in order to estimate the risk involved with the specific connectivity and a technical checklist for the implementation of security controls.
Cloud Security for Startups
As a Software-as-a-Service (SaaS) startup, it's important to build solid security foundations in order to gain and maintain customers' trust. This document provides an outline of cloud security best practices that SaaS organizations should follow, including guidelines for application security, platform security, and security management. Designed for founders, CTOs, product managers, and architects of cloud-based startups developing on public IaaS/PaaS.
Articles & Insights
Blog posts, articles, and shorter research pieces
A comprehensive guide for auditors and security professionals entering the cloud domain. Part 1 covers essential cloud terminology, NIST definitions, service models (IaaS/PaaS/SaaS), and the shared responsibility model. Part 2 explores cloud governance frameworks, security policies, assessment methodologies, and the critical role of contracts in managing cloud provider relationships.
The Evolution of IAM in Cloud
Video interview discussing the evolution of Identity and Access Management in cloud environments, covering federated identity, single sign-on challenges, and best practices for securing cloud-based identity systems.
CSA Summit at RSA 2014
Coverage of the Cloud Security Alliance Summit at RSA Conference 2014, featuring insights on emerging cloud security trends, industry announcements, and expert discussions on the future of cloud security.
Key Takeaways: CSA CEE Summit
Highlights from the CSA Central Eastern Europe Summit in Ljubljana, covering crime-as-a-service trends, security services maturation, cloud brokerage models, and the impact of government surveillance on cloud adoption.
The Day After PRISM
Analysis of cloud security concerns following the Snowden revelations, discussing government surveillance, provider transparency efforts, and strategies for building trust between cloud providers and users.
Advanced Cloud Security
Technical deep-dive into advanced cloud security concepts, published in Israel's leading security e-zine. Covers cloud architecture security, attack vectors, and defensive strategies.
Cloud Computing in Israel
Early analysis of cloud computing adoption and security challenges in Israel, discussing local market trends, regulatory considerations, and recommendations for Israeli organizations moving to the cloud.