Brandon Evans
Senior InstructorOwner and InfoSec Consultant at On-Brand Technologies LLC
Specialities
Cloud Security
SEC504: Hacker Tools, Techniques, and Incident Handling
SEC504Offensive Operations
SEC510: Cloud Security Controls and Mitigations
SEC510Cloud Security
- GIAC Public Cloud Security (GPCS)
- 5 Days (Instructor-Led)
- 38 CPEs / 38 Hours (Self-Paced)
- Labs: 24 Hours of hands-on instruction
Virtual Events
Explore content featuring this instructor’s insights and expertise.
- Slide 1 of 14
The Myth of Cloud Agnosticism: Why Securing Multiple Clouds Using Terraform is Harder Than You Think
Does a single set of Terraform code securely configure all cloud provides? No, it is practically impossible for any tool to work this way. Learn the real, more difficult techniques required to consistently apply security controls across CSPs using Terraform.
WebinarCloud Security
- 10 May 2023
- 10:00 UTC
- Brandon Evans
- Slide 2 of 14
Hands-On Workshop: Multi Cloud Data Security
Securing data in the cloud is so much more than blocking public buckets. Even private data can be exfiltrated, unencrypted, and inappropriately stored. Misconfigurations and mitigations are often highly cloud-specific. In this workshop hosted by Brandon Evans, SANS Certified Instructor and the Lead Author of SEC510: Public Cloud Security: AWS, Azure, and GCP, you will identify and address these concerns using cloud native services in the Big 3 cloud providers.
WebinarCloud Security
- 27 Jun 2023
- 10:00 UTC
- Brandon Evans
- Slide 3 of 14
Securely Integrate Multicloud Environments with Workload Identity Federation
Organizations are becoming multicloud by choice or by chance. Many of them integrate their multiple clouds with one another to improve Availability, support Disaster Recovery, and leverage the services from each provider that best fits their needs.
WebinarCloud Security
- 20 Sep 2023
- 10:00 UTC
- Brandon Evans & Eric Johnson
- Slide 4 of 14
Configuring the Future: Addressing Network and Configuration Risks in Modern Cloud Security
The evolution of cloud technologies has ushered in a new era of opportunities, but with it comes a unique set of challenges, particularly in the realms of configuration and network security. This talk will shed light on the modern practices and strategies essential for safeguarding cloud environments against configuration missteps and network vulnerabilities. We'll dissect real-world scenarios where configuration errors led to breaches and delve into network risks that are often overlooked. By exploring tools, protocols, and best practices, attendees will gain insights into fortifying their cloud infrastructures. Join us on this journey through the intricacies of cloud security, ensuring that your organization remains resilient in the face of ever-evolving threats.
WebinarCloud Security
- 28 Nov 2023
- 13:00 UTC
- Brandon Evans & Avishai Wool
- Slide 5 of 14
2023 Survey Event | Multicloud: Navigating the Complexities of Multiple Clouds
According to market data, more businesses than ever before are utilizing several cloud service providers. The first SANS Multicloud Survey, performed in 2022, indicated that the forces behind the tendency to adopt multiple cloud solutions was driven by a variety of factors, including mergers and acquisitions and concerns around ensuring business continuity. It is also clear that the major cloud service providers continue to innovate and differentiate their services in the face of intense competition.
WebinarCloud Security
- 6 Dec 2023
- 11:00 UTC
- Brandon Evans, Kenneth G. Hartman, Bob Hansmann + 2 more
- Slide 6 of 14
Prevent Cloud Incidents from Becoming Cloud Breaches
The number of cloud security breaches in the headlines have been staggering lately. It seems like a week cannot go by without a massive amount of sensitive data being leaked from either AWS, Azure, or Google Cloud.
WebinarCloud Security- 30 Apr 2024
- 10:00 UTC
- Brandon Evans
- Slide 7 of 14
Prevent Remote Code Execution with Private Endpoints – Aviata Solo Flight Challenge Chapter 2
As demonstrated in the last workshop in the Aviata Cloud series, public cloud resources pose a major risk. One mitigation, Private Endpoints, allows users and workloads to connect to cloud services without internet access.
WebinarCloud Security- 16 May 2024
- 10:00 UTC
- Brandon Evans
- Slide 8 of 14
Critical Vulnerability Spotted in Microsoft Defender: What You Need to Know
Join Brandon as he discusses widespread issues with cross-cloud integrations, this specific critical vulnerability in Microsoft Defender for Cloud, and how to proactively protect your organization from this class of vulnerabilities.
WebinarCloud Security- 16 Oct 2024
- 11:00 UTC
- Brandon Evans
- Slide 9 of 14
Cloud Security: First Principles and Future Opportunities Part 4 of 5 - Evolving Cloud Security with a Modern Approach
Part 4: Evolving Cloud Security with a Modern ApproachIn this session, we'll explore how organizations can adapt their security practices to fit the dynamic nature of cloud infrastructure. While the cloud isn't inherently insecure, traditional on-premises security techniques often fall short. We'll dive into the shared responsibility model between cloud providers and users, the advantages of cloud-native security controls, and how AI tools can aid automation and threat detection-without losing sight of the critical role of human analysts.
WebinarCloud Security- 6 Dec 2024
- 11:00 UTC
- Frank Kim, Dr. Anton Chuvakin & Brandon Evans
- Slide 10 of 14
The Cloud Won't Save You from Ransomware: Here's What Will
Cloud enthusiasts often tout how using a public cloud service provider helps mitigate ransomware attacks. Unfortunately, this is not true by default. Regardless of where files are stored, an attacker can download them, make them inaccessible to the target organization, and demand a payment for restoring their mission-critical data.
WebinarCloud Security- 23 Jan 2025
- 10:30 UTC
- Brandon Evans
- Slide 11 of 14
Prevent Real Cloud Attacks with Terraform
Implementing cloud security controls is hard. Implementing them at scale is harder.
WebinarCloud Security
- 28 May 2025
- 14:00 UTC
- Brandon Evans
- Slide 12 of 14
SANS 2025 Cloud Security Exchange
Prepare for the Next Era of Cloud Security
WebinarCloud Security- 21 Aug 2025
- 10:30 UTC
- Dr. Anton Chuvakin, Dr. Paul Vixie, Frank Kim + 3 more
- Slide 13 of 14
SANS 2025 AI Survey Webcast & Forum: Measuring AI's Impact on Security Three Years Later
This webcast is built on insights from one of our most anticipated cybersecurity surveys of the year—offering an in-depth look at how the community is adopting, adapting to, and defending against artificial intelligence in all its forms. From broad AI applications to generative models like LLMs, the 2025 SANS AI Survey uncovers how security professionals are integrating AI into their workflows—and what risks and opportunities are emerging as a result.
WebinarArtificial Intelligence- 4 Sep 2025
- 10:30 UTC
- Ahmed Abugharbia & Brandon Evans
- Slide 14 of 14
SANS CloudSecNext Summit Solutions Track 2025
Securing the cloud isn’t easy. Thales Group reported that the percentage of corporate data stored in the cloud has doubled from 2015 (30%) to 2022 (60%). Meanwhile, the 2023 Unit 42 Attack Surface Threat Report, published by a threat research branch of Palo Alto Networks, reported that “80% of security exposures were observed in cloud environments.” Because this percentage is significantly larger than the percentage of data in the cloud, this implies that the cloud is somehow uniquely vulnerable, or that the cloud is uniquely challenging for security teams.Enter the SANS CloudSecNext Summit Solutions Track 2025. This event will provide you with practical solutions to these challenges from some of the world’s leading experts. We will deliver the latest tools, techniques, and procedures for cloud, multicloud, and hybrid environments. We hope you will be able to take what you learn in this event to make your cloud environments as secure, if not more secure, than your infrastructure on-premises.
WebinarCloud Security- 3 Oct 2025
- 10:00 MT
- Brandon Evans