Karim El-Melhaoui

Securing the cloud: Policy as Code and post-exploitation techniques

Karim El-Melhaoui is a Security Architect at Norges Bank Investment Management, currently a part of its Cloud Centre of Excellence team where he is helping ensure a secure journey to the cloud. In addition to the ongoing Cloud journey he is a member of the organizations “Blue team”, responsible for increasing the security posture and implementing an architecture capable of defending against sophisticated attackers.

His stories are based on actual implementations and challenges faced by many organizations today.

He has spent the past years working mostly on Cloud security and has experience training IT professional in both Cloud and security through public classrooms and private engagements for corporations.


How can you ensure protection while still benefiting from the availability Cloud provides? The cloud introduces new attack vectors. Are you still aware of how to identify, protect and respond? This will demonstrate crucial security monitoring for your Azure subscription and post-exploitation techniques. 

Most organizations already started moving or are planning to move to the cloud the next year. Are your organization ready to tackle the security challenges faced in the cloud? Going from a private datacentre to a public cloud for your internal systems means you’re just a click away from publicly exposing sensitive information. This session will demonstrate how to secure your cloud environment by implementing effective mitigations/detections in addition to covering demonstrations of different attack vectors that allows for reconnaissance, privilege escalation and gaining foothold in your Azure environment using open-source and self-developed functions.

Disclaimer: Speaker is serving in his personal capacity and not on behalf of employer. Views and opinions expressed are solely those of the speaker.