Category: Information Protection

Hack the Cloud: Attackers Love Blind Spots, Break Their Hearts!

Hello Cloud Marathoner friends,

Last week, we had a very interesting session focused on cybersecurity.

Our guest speaker Brian Contos, shared his expertise on the following critical cybersecurity topics:

βœ… Real-life stories from the trenches, drawn from years of cloud-based incident response.
βœ… Exploration of various hacks to illustrate how breaches occur, what happens following a breach, and why organizations struggle to detect and respond.
βœ… Mitigation strategies to proactively prepare for a breach, discover malicious activity, and respond effectively.

Malicious actors are counting on your passivity, your blind spots, and your inability to detect and respond to attacks in the cloud. Break their hearts!

Are you ready to learn more about hacking πŸ” β›” the cloud and how to prevent it ⁉️ πŸ€”
Tune in to hear and learn from real-world stories.

Real-World Examples

  • Crypto mining on hacked security cameras in a casino.
  • $15 million wire fraud via compromised Office 365 and fake domains.
  • MongoDB ransomware where attackers lied about stealing data.
  • Robot hack demo showing how easy it is to control industrial devices with no authentication.

When and Where

πŸ“… Date: May 7th, 2025
πŸ•’ Time: 5 PM UTC
πŸ“ Recorded session URL

Don’t miss out on this amazing hacking session.
Let’s make the cloud a safer place together!

Join the session on How to secure small business in an hour with Cloud Marathoner and Tomasz

Hello Cloud Marathoner friends,

This week, we had an exciting session about what steps you could take in securing your environments for small businesses.

What was the focus of the session?

In this session, we had a conversation with Tomasz, who spoke and demonstrated tips and tricks for making significant and essential changes to secure your environments since the early days of inception.

Several Microsoft and Azure services have been used effectively in this session, which covered; Microsoft Entra ID, Intune, and Defender for Endpoint as your best friends when securing a small business company.



the Question that every SMB asks

A common question is: What is the critical setup to get the best result as soon as possible?

“In the beginning, we don’t need to build sophisticated solutions; there are some standard settings and recommendations to put in place to make significant steps forward for a good, secure posture.”

Thank you, Tomasz!

Tomasz Szulczewski is an ORS Microsoft 365 Cybersecurity Architect with extensive experience with Microsoft products and services. He has been in love with information technology for over 25 years, but still has an IT passion and feels like a geek.

He is a Microsoft 365 architect/cyber security guy and a curious problem solver who thinks that not all people must be IT experts.

Recorded Session

If you are intrigued to watch the entire session, then please visit the following YouTube link below on our Cloud Lunch and Learn channel.

[Book Review] What you need to know about Cloud Native Software πŸ” Security Handbook ⁉ πŸ€”

Hello, Cloud Marathoners!

A couple of days ago, I received a book from Packt – “Cloud Native Software Security Handbook”, authored by Mihir Shah and in this post, I will review and share my observations and impressions with the #cloud#community.

This book starts covering the Foundations of Cloud Native by exploring the tools and platforms offered by CNCF while providing a high-level stage for the rest of the book. Subsequently, the author dives into explaining AppSec culture and how to approach security implementation in cloud-native environments primarily using toolings like K8S, Calico, K9s, Falco, OPA Gateway, and others which I will be mentioning below.

I liked the Cloud Security Operation chapter where open-source tooling sets like Elasticsearch, Fluentd, Kibana, Prometheus, Helm, and K8S have been used to streamline security operations with automation playbooks to minimize human interventions and errors.

In addition, this book covers legal, compliance, and vendor management aspects of cloud-native software security by emphasizing its hidden cost and importance as important as mastering technical skills.

This book also provides code samples, available for online access which is a big plus.

My suggestion would be the addition of more advanced use cases and code samples in the second edition of this book.

Did you read any related book recently that made an impact on you❓
Please, share your feedback in the comments πŸ’¬

Please, check myΒ LinkedIn postΒ to share your feedback. Thanks!