Andoni Alonso
Building Open Cloud Security at Prowler.
I started as a sysadmin, was a Site Reliability Engineer until a few years ago when I moved to the dark side... Security. I've been hooked to CTFs and anything with a scoreboard for a long time.
Starting the unicrons.cloud project to share knowledge about cloud security with the community.
Sessions
Misconfigured cloud resources remain one of the top causes of security breaches, yet manual compliance audits don't scale in fast-moving, multi-cloud environments.
This hands-on workshop dives into Prowler, a powerful open-source tool designed to assess and improve your cloud security posture, with support for AWS, Azure, GCP, M365, Github, Kubernetes and more. In this workshop, participants will learn how to deploy and customize Prowler to perform automated compliance checks aligned with industry standards such as CIS, GDPR, HIPAA, and more.
The session will also introduce practical techniques for extending Prowler’s capabilities with (or without) the help from our MCP, and basic AI-assisted analysis to prioritize risks and surface actionable insights.
Recent months have seen several supply chain attacks, such as the tj-actions incident. Is your CI/CD pipeline prepared to defend against them?
Pipelines have privileged access to your code, infrastructure, and secrets, making them a critical component of any modern software development lifecycle (SDLC).
In this talk, we will show practical strategies to secure your pipeline, covering both common vulnerabilities and lesser-known attack vectors. We will go beyond basic recommendations like pinning actions by SHA, and explore how misconfigured repositories can lead to remote code execution (RCE) simply by opening a pull request.
Attendees will leave with actionable steps and a deeper understanding of how to fortify their pipelines against real-world threats.