Sign up to save your podcasts
Or
Share AJ Yawn: Cloud, Compliance and Automating Security
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
AJ Yawn: Cloud, Compliance and Automating Security
Click here to send us your ideas and feedback on Blueprint!
Compliance and audit checks can be painful, and that's before you introduce additional cloud services and technology. In this episode featuring AJ Yawn we discuss some incredibly useful and actionable cloud security concepts and tools that can help your team boost visibility and reduce user permissions to help prevent breaches before they happen. In addition, we discuss what a good compliance audit should be, and how to turn audits from painful to incredibly valuable.
Resources mentioned in this episode:
- AWS CloudTrail: https://aws.amazon.com/cloudtrail/
- AWS Well-Architected Framework:https://aws.amazon.com/architecture/well-architected/
- AWS Config: https://aws.amazon.com/config
- AWS Organizations:https://aws.amazon.com/organizations/
- AWS Service Control Policies (SCP): https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html
Our Guest - AJ Yawn
AJ Yawn is the Co-Founder and CEO of ByteChek. He is a seasoned cloud security professional that possesses over a decade of senior information security experience with extensive experience managing a wide range of cybersecurity compliance assessments (SOC 2, ISO 27001, HIPAA, etc.) for a variety of SaaS, IaaS, and PaaS providers.
AJ advises startups on cloud security and serves on the Board of Directors of the ISC2 Miami chapter as the Education Chair, he is also a Founding Board member of the National Association of Black Compliance and Risk Management professions, regularly speaks on information security podcasts, events, and he contributes blogs and articles to the information security community including publications such as CISOMag, InfosecMag, HackerNoon, and ISC2.
Sponsor's Note:
Support for the Blueprint podcast comes from the SANS Institute.
Are you looking for the best in-depth training for your cyber defense team? Look no further than SANS blue team curriculum courses!
Whether you focus on network or host data, Windows or Linux, or even specialize in open source intel, SIEM, SOC, or defensive architecture, the SANS Blue Team curriculum has the course for you. From long-time classics like SEC503 Network Intrusion Detection to the newer SEC530 Defensible Security Architecture and Engineering and SEC487 Open Source Intelligence Gathering - we've got you covered, no matter what your specialty.
With an extensive archive of free webcasts on the SANS site, and free online demos available for most courses, you can easily check out the SANS blue team catalog and see which course is the best fit for you and your team.
Check out the constantly growing list of available courses at
Check out John's SOC Training Courses for SOC Analysts and Leaders:
- SEC450: Blue Team Fundamentals - Security Operations and Analysis
- LDR551: Building and Leader Security Operations Centers
Follow and Connect with John: LinkedIn
View all episodes
By SANS Institute
4.9
131131 ratings
Click here to send us your ideas and feedback on Blueprint!
Compliance and audit checks can be painful, and that's before you introduce additional cloud services and technology. In this episode featuring AJ Yawn we discuss some incredibly useful and actionable cloud security concepts and tools that can help your team boost visibility and reduce user permissions to help prevent breaches before they happen. In addition, we discuss what a good compliance audit should be, and how to turn audits from painful to incredibly valuable.
Resources mentioned in this episode:
- AWS CloudTrail: https://aws.amazon.com/cloudtrail/
- AWS Well-Architected Framework:https://aws.amazon.com/architecture/well-architected/
- AWS Config: https://aws.amazon.com/config
- AWS Organizations:https://aws.amazon.com/organizations/
- AWS Service Control Policies (SCP): https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html
Our Guest - AJ Yawn
AJ Yawn is the Co-Founder and CEO of ByteChek. He is a seasoned cloud security professional that possesses over a decade of senior information security experience with extensive experience managing a wide range of cybersecurity compliance assessments (SOC 2, ISO 27001, HIPAA, etc.) for a variety of SaaS, IaaS, and PaaS providers.
AJ advises startups on cloud security and serves on the Board of Directors of the ISC2 Miami chapter as the Education Chair, he is also a Founding Board member of the National Association of Black Compliance and Risk Management professions, regularly speaks on information security podcasts, events, and he contributes blogs and articles to the information security community including publications such as CISOMag, InfosecMag, HackerNoon, and ISC2.
Sponsor's Note:
Support for the Blueprint podcast comes from the SANS Institute.
Are you looking for the best in-depth training for your cyber defense team? Look no further than SANS blue team curriculum courses!
Whether you focus on network or host data, Windows or Linux, or even specialize in open source intel, SIEM, SOC, or defensive architecture, the SANS Blue Team curriculum has the course for you. From long-time classics like SEC503 Network Intrusion Detection to the newer SEC530 Defensible Security Architecture and Engineering and SEC487 Open Source Intelligence Gathering - we've got you covered, no matter what your specialty.
With an extensive archive of free webcasts on the SANS site, and free online demos available for most courses, you can easily check out the SANS blue team catalog and see which course is the best fit for you and your team.
Check out the constantly growing list of available courses at
Check out John's SOC Training Courses for SOC Analysts and Leaders:
- SEC450: Blue Team Fundamentals - Security Operations and Analysis
- LDR551: Building and Leader Security Operations Centers
Follow and Connect with John: LinkedIn
More shows like Blueprint: Build the Best in Cyber Defense
View all
Security Now (Audio)
1,971 Listeners
Risky Business
361 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
628 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
366 Listeners
CyberWire Daily
1,007 Listeners
Smashing Security
311 Listeners
Click Here
406 Listeners
Darknet Diaries
7,865 Listeners
CISO Series Podcast
187 Listeners
![Talkin' About [Infosec] News, Powered by Black Hills Information Security by Black Hills Information Security](https://podcast-api-images.s3.amazonaws.com/corona/show/516141/logo_300x300.jpeg){kind=logo}
Talkin' About [Infosec] News, Powered by Black Hills Information Security
91 Listeners
Defense in Depth
74 Listeners
Cyber Security Headlines
129 Listeners
How to Fix the Internet
117 Listeners
Cloud Security Podcast by Google
38 Listeners
Risky Bulletin
33 Listeners