1. Cloud Operating Model
    1. Shared Responsibilities - Line Varies
      1. Account Boundary
      2. Network Boundary
      3. Identity and Access Management
    2. Control Plane and Data Plane
    3. Ephemeral Resources
      1. Serverless Architecture
      2. Container Workloads
    4. GuardRails
  2. Threat Modeling
    1. Identify and Tag Assets (Asset Inventory)
    2. Create Data Flow Diagram
    3. Identify Entry Points - API Request Path
    4. Identify Threat Actors
    5. Identify Threats
      1. Build Security Profile based on Application type & Assess their effectiveness (Identify Missing or Weak Controls)
        1. E.g Web App
          1. Input Validation
          2. Authentication
          3. Authorization
          4. Configuration Management
          5. Sensitive Data
          6. Session Management
          7. Access token management
          8. Cryptography
          9. Keys Management
          10. Secrets Management
          11. Parameter Manipulation
          12. Auditing and Logging
          13. PII Data Handling
      2. Know Assent Vulnerabilities
    6. STRIDE Mapping (Threat - Property Violated)
      1. Spoofing (Authentication)
      2. Tampering (Integirty)
      3. Repudiation (Non-Repudiation)
      4. Information Disclosures. (Confidentiality)
      5. Denial Of Service (Availability)
      6. Elevation of Privilege (Authorisation)
  3. Threat Hunting and Threat Detection Framework
    1. MITRE ATTACK
    2. Understand what to look and design for
  4. Threat Management - 5 Execution Domains
    1. Identify
      1. Inventory of Assets and Vulnerabilities
    2. Detect
      1. Logging Maturity
      2. Know any Vulnerabilities are been exploited
      3. Look for IoC
        1. Threat Intel
        2. Deviation from Baseline
        3. Use-Case specific Anomaly Detection
      4. MTTD - MTTR
    3. Investigate
      1. Root cause
      2. lateral movement
    4. Response
      1. Containment
      2. Isolation
      3. Restore
        1. RTO
        2. RPO
    5. Forensics
  5. Security Controls ≠ Security Execution
  6. Security Culture at Scale
    1. Tools and Metrics
      1. Metrics
        1. Specific
        2. Measurable
        3. Actionable
        4. Reflects existing behaviour/configuration
        5. e.g
          1. Patch Age
          2. Intrusion attempts
          3. Long Live Credentials
          4. % of Security Incidents resolved by automation
    2. Mechanism
      1. e.g DevSecOps
    3. Communication to Sr. Leadership
    4. Escalations – the right way
      1. Don't shoot the Messenger
      2. Ticket Culture
  7. Indicent Response
    1. Operating Model
      1. Event Analysis
      2. Triaging
      3. Alerts / Incident Ticekt
      4. Contain
      5. Respond
      6. Remediate