The initial data was collected for a talk at BSidesCT 2020: Learning from AWS (Customer) Security Incidents slides here A follow up talk was given at OWASP DevSlop in May 2022. video, slides
- Andoni Alonso, Bsides Málaga 2025: The Cloud Is Just Someone Else's Computer, But It's Still Your Problem
- Abhinav Singh, RSAC 2024: Blueprint For Data Defense in the Public Cloud: Strategies & Playbooks
- Christophe Tafani-Dereeper, Insomni'Hack 2024: Abusing Misconfigured OIDC Authentication In Cloud Environments, video
- Nick Jones, AWS Meetup Copenhagen June 2023: Avoiding Security Breaches in AWS
- Nick Jones, Telia Digital Hub 2023: How to Avoid Security Breaches in the Cloud
- Christopher Doman, SANS DFIR Summit 2023: A New Perspective on Resource-Level Cloud Forensics PAUL SCHWARZENBERGER, DevSecOps London October 2023: ROAD TO IAM ZERO
- Rami McCarthy, OWASP DevSlop: Learning from AWS (Customer) Security Incidents [2022], video
- Chandrapal Badshah, 2022: Automating Cloud Security AWS Edition
- Christophe Tafani-Dereeper, SANS Now2Cyber Summit 2022: Fantastic AWS Hacks and Where to Find Them
- Boik Su, HitCon 2021: 空降危機:雲端攻防二三事
- Rami McCarthy, BSidesCT 2020: Learning from AWS (Customer) Security Incidents
- NoLimitSecu Episode #408
- Cloud Security Podcast: Real-World Cloud Security Challenges and Solutions Explained for 2024
- Soteria Cybersecurity, 2024: You Are Penetration Testing Your Cloud Wrong!
- CloudYali, 2024: How to Monitor AWS Root Users at Scale: Best Practices
- Chris Farris, 2023: breaches.cloud
- Nick Jones, 2022: A Review of the AWS Security Model
- Datadog, 2022: A retrospective on public cloud breaches of 2022, with Rami McCarthy and Houston Hopkins
- Christophe Tafani-Dereeper, 2021: Cloud Security Breaches and Vulnerabilities: 2021 in Review
- CSA: Understanding Cloud Attack Vectors 2023
- RAND: Securing AI Model Weights