Ryan Nicholson
Senior InstructorOwner at Blue Mountain Cyber, LLC
Specialities
Cyber Defense, Cloud Security
SEC504: Hacker Tools, Techniques, and Incident Handling
SEC504Offensive Operations
SEC488: Cloud Security Essentials
SEC488Cloud Security
- GIAC Cloud Security Essentials
- 6 Days (Instructor-Led)
- 36 CPEs / 36 Hours (Self-Paced)
- Labs: 40 Hours of hands-on instruction
SEC541: Cloud Security Threat Detection
SEC541Cloud Security
- GIAC Cloud Threat Detection (GCTD)
- 5 Days (Instructor-Led)
- 30 CPEs / 30 Hours (Self-Paced)
- Labs: 22 Hours of hands-on instruction
Virtual Events
Explore content featuring this instructor’s insights and expertise.
- Slide 1 of 12
Pertahanan Keamanan Tanpa Server
Saat mengalihkan beban kerja ke cloud, data peristiwa (khususnya manajemen peristiwa) akan berubah menjadi format baru yang perlu diidentifikasi, disimpan, dan diproses oleh tim keamanan untuk mengidentifikasi adanya potensi ancaman. Diskusi kali ini dimulai dengan membahas siklus hidup peristiwa management plane secara keseluruhan di lingkungan cloud. Hal ini akan membantu kita mengidentifikasi ancaman yang menargetkan sumber daya cloud dengan lebih efektif. Namun, respons apa yang harus diambil? Hingga saat ini, banyak tim yang mengandalkan tim analis keamanan dan tim respons insiden untuk mengidentifikasi dan bereaksi terhadap ancaman yang teridentifikasi di antara sejumlah besar log data.
WebinarCyber Defense
- 20 Apr 2022
- 10:30 UTC
- Ryan Nicholson
- Slide 2 of 12
방어자들을 위한 서버리스
워크로드가 클라우드로 이전될 때, 이벤트 데이터(관리 이벤트)는 새로운 형식을 취하게 됩니다. 보안팀은 잠재적 위협을 발견하기 위해 데이터를 식별, 저장, 처리할 필요가 있습니다. 이번 웹케스트에서는 클라우드 환경에서 관리 평면(Management Plane) 이벤트들의 전체 가용 주기를 단계별로 살펴보는 것으로 시작합니다.
WebinarCyber Defense
- 21 Apr 2022
- 10:30 UTC
- Ryan Nicholson
- Slide 3 of 12
Building Better Cloud Detections... By Hacking? | AWS Edition
As with any enterprise environment, we can (and should) focus on hardening our defenses to keep the adversaries out, but these defenses may some day be evaded via a variety of methods.
WebinarCloud Security
- 14 Mar 2023
- 10:00 UTC
- Ryan Nicholson
- Slide 4 of 12
SANS 2023: Hands-On Cloud Security Workshop: Building Detections in AWS
As with any enterprise environment, we can (and should) focus on hardening our defenses to keep the adversaries out, but these defenses may some day be evaded via a variety of methods. Cloud is no different. In this workshop, which is a follow-on from the talk “Building Better Cloud Detections... By Hacking? (AWS Edition)“, we will work through the process of creating a detection that we can use as defenders to spot an adversary performing attack techniques against our AWS environments. The overall process and takeaways will be:Establish proper logging to detect the adversarial activityPerform the attack to generate the appropriate artifactsReview the log event dataCreate an automated process to quickly discover this activityTest that the automated process is working effectively by “re-attacking” the AWS accountPrerequisites: An AWS account with administrator accessSystem Requirements: A modern web browser
WebinarCloud Security
- 3 Apr 2023
- 19:15 UTC
- Ryan Nicholson
- Slide 5 of 12
Hands-On Workshop: Building Detection in AWS
This is a 2 hour hands-on workshop. As with any enterprise environment, we can (and should) focus on hardening our defenses to keep the adversaries out, but these defenses may some day be evaded via a variety of methods.
WebinarCloud Security- 9 May 2023
- 10:00 UTC
- Ryan Nicholson
- Slide 6 of 12
Building Better Cloud Detections…By Hacking? Azure Edition
Learn how the process of creating a detection that we can use as defenders to spot an adversary performing attack techniques against our Azure environments
WebinarCloud Security- 11 May 2023
- 10:00 UTC
- Ryan Nicholson
- Slide 7 of 12
SANS Security West 2023 - Hands-On Workshop: Building Detections in Azure
This is a 2-hour hands-on workshop. As with any enterprise environment, we can (and should) focus on hardening our defenses to keep the adversaries out, but these defenses may some day be evaded via a variety of methods. Cloud is no different. In this workshop, which is a follow-on from the talk “Building Better Cloud Detections... By Hacking? (Azure Edition)“, we will work through the process of creating a detection that we can use as defenders to spot an adversary performing attack techniques against our Azure environments. The overall process and takeaways will be:- Establish proper logging to detect the adversarial activity- Perform the attack to generate the appropriate artifacts- Review the log event data- Create an automated process to quickly discover this activity- Test that the automated process is working effectively by “re-attacking” the Azure accountPrerequisites: An Azure account with administrator accessSystem Requirements: A modern web browser
WebinarCloud Security
- 16 May 2023
- 22:15 UTC
- Ryan Nicholson
- Slide 8 of 12
Hands-On Workshop: Building Better Detections - Azure Edition
Hands-on Workshop: Work through the process of creating a detection that we can use as defenders to spot an adversary performing attack techniques against our Azure environments.
WebinarCloud Security- 8 Jun 2023
- 15:00 UTC
- Ryan Nicholson
- Slide 9 of 12
SANS Cloud Security - San Francisco 2023: Workshop - Avoiding Data Disasters: Techniques to Identify and Address Cloud Storage Misconfigurations
It appears that every few months, there's news of yet another cloud breach stemming from a carelessly configured cloud storage solution. While this isn't the default for most cloud vendors, some users still manage to make their cloud data publicly accessible by going out of their way - sometimes to a significant extent. Whether it's out of ignorance or convenience, it doesn't matter - this practice must come to an end.To address this issue, we've developed a workshop that equips attendees with various techniques and methods to identify and rectify cloud storage misconfigurations in their own cloud accounts. We'll even demonstrate some ways to prevent these misconfigurations from happening in the first place. Although the chosen vendor for this workshop is AWS, due to its Simple Storage Service (S3) being the one making making headlines, misconfigurations could occur in any cloud environment. Hence, the techniques discussed in this workshop will be applicable to all cloud vendor environments, including Azure, Google Cloud Platform, and Oracle.
WebinarCloud Security- 19 Jul 2023
- 22:15 UTC
- Ryan Nicholson
- Slide 10 of 12
Hands-On Workshop: Avoiding Data Disasters: Techniques to Identify and Address Cloud Storage Misconfigurations
It appears that every few months, there's news of yet another cloud breach stemming from a carelessly configured cloud storage solution. While this isn't the default for most cloud vendors, some users still manage to make their cloud data publicly accessible by going out of their way - sometimes to a significant extent. Whether it's out of ignorance or convenience, it doesn't matter - this practice must come to an end.
WebinarCloud Security- 6 Sep 2023
- 10:00 UTC
- Ryan Nicholson
- Slide 11 of 12
Hands-On Workshop | Least Privilege - An Adventure in Third-Party Cloud Account Access
Many cloud-focused tools and third-party vendors require access to your organization’s cloud account. Sure, you could open up the flood gates and allow full, administrative access, but do those vendors and tools need that level of access?
WebinarCloud Security- 17 Jan 2024
- 10:00 UTC
- Ryan Nicholson
- Slide 12 of 12
SANS 2024: SANS@Night - Attacks in the Cloud | What’s Old is New and What’s New is New
The cloud landscape is always changing, and organizations that focus on old school attacks will catch some, but not all of them. This talk will look at how the attack surface changes in a public cloud, and we will focus in on three attack scenarios as examples. Join Ryan Nicholson, GSE and GX certified, where we will discuss how the attacks work and how to protect and detect them. If you are a cloud novice or expert, you will find something new to take back to work.
WebinarCloud Security
- 25 Mar 2024
- 19:45 UTC
- Ryan Nicholson