SECURITY EDITION

April 04, 2025

Computer History Museum

0 0 0

00

Days

00

Hours

00

Minutes

00

Seconds

About

Speakers

Agenda

Volunteers

Sponsors

Venue

Contact Us

Register

About

Speakers

Agenda

Volunteers

Sponsors

Venue

Contact Us

AWS Community Day

About AWS Community Day

The world would be such a better place if everyone took information security seriously. Simple misconfigurations and poor security hygiene can lead to catastrophic losses. Education and awareness are the keys to avoiding such disasters.

This Community Day, let's pledge to learn something new, or to make a new friend in the community, or find a security management tool to help us make the world a better place.

The AWS Community Day features expert-led talks, technical workshops, hands-on labs, and networking opportunities with industry leaders and fellow enthusiasts from around the globe. Whether you're an experienced professional or a newcomer in the world of AWS, come join us. Be part of the movement to create a better, smarter, and more connected world.

Topics at the AWS Community Day

Security Governance
Security Assurance
Identity And Access Management
Threat Detection
Vulnerability Management
Infrastructure Protection
Data Protection
Application Security
Incident Response

KEYNOTE SPEAKER

Paul Vixie, VP and Distinguished Engineer AWS Security

Paul Vixie, VP and Distinguished Engineer AWS Security

Paul Vixie is a computer scientist and internet pioneer who is known for his contributions to the development of the internet. Vixie is also the author of several widely-used internet protocols, including DNS, BIND, and DHCP, and he has been involved in the development of many other internet technologies over the course of his career. He is a Fellow of the American Association for the Advancement of Science, the Institute of Electrical and Electronics Engineers, and the American Association of Artificial Intelligence.

https://www.internethalloffame.org/inductees/paul-vixie

DISTINGUISHED SPEAKERS

Betajob

Anton Babenko

Betajob

Streamlining Compliance: Leveraging Open-Source Terraform AWS modules [Advanced]

Are you navigating the complexities of compliance frameworks like SOC2, CIS, and HIPAA and seeking a more efficient path? This talk breaks down these frameworks simply and shows you a time-saving trick, making it perfect for anyone wanting to make their organization's compliance journey much easier. I'll start by outlining the basics of these frameworks and highlighting the challenges businesses face in implementing them. As the creator and maintainer of the terraform-aws-modules projects, I'll be excited to share how using these open-source Terraform AWS modules can streamline the compliance process. I'll walk you through real-life examples showing how such solutions significantly reduce the effort and time required for compliance. At the end of the talk, attendees will get actionable insights on using Terraform AWS modules for efficient compliance management.

View in Agenda
Cloud Brigade

Chris Miller

Cloud Brigade

AWS Security for Front End Devs [Intermediate]

Application Development is very complex due to the many layers from libraries and frameworks, to APIs and IAM. With so many things to keep track of, it's very easy to make critical security mistakes, particularly when deploying apps on complex public cloud platforms like AWS. In this talk we'll cover: * Security best practices * Common mistakes and how to avoid them * How to implement least privilege using Amazon Cognito * Implementing access controls in AWS Amplify Gen2 Security continues to evolve while our codebases age. Our goal is to ensure everyone makes security a priority during each phase of the software development lifecycle. Even if only for review, we hope you'll walk away with renewed knowledge that will make your applications more secure.

View in Agenda
BBC

David Akuma

BBC

Security Considerations for MLOps Infrastructure on AWS [Advanced]

The rapid adoption of MLOps has unlocked new levels of innovation, allowing organizations to build, deploy, and maintain machine learning models efficiently. However, these advantages come with security challenges that are often underestimated, leading to risks such as data breaches, model theft, and unauthorized access. Securing MLOps infrastructure on AWS requires a holistic approach, extending beyond traditional cloud security practices to address the unique needs of machine learning workflows. In this session, we'll explore often overlooked but critical security considerations for MLOps environments.

View in Agenda
Principal Developer Advocate @ AWS

Gunnar Grosch

Principal Developer Advocate @ AWS

Developer Mindset: Embracing GitOps for Network Security and Compliance

As modern cloud-native applications evolve, the traditional network testing and security compliance in infrastructure deployments often struggle to keep up. In this talk we will discuss how leveraging GitOps and Generative AI allows for automated consistent network testing, security compliance enforcement, validation testing and standardization of infrastructure deployments across an organization.

View in Agenda
Senior Solutions Architect @AWS

Ishneet Kaur Dua

Senior Solutions Architect @AWS

Securing Large Language Models: Best Practices for Prompt Engineering and Mitigating Prompt Injection Attacks [Beginner]

The rapid adoption of large language models (LLMs) in enterprise IT environments has introduced new challenges in security, responsible AI, and privacy. One critical risk is the vulnerability to prompt injection attacks, where malicious actors manipulate input prompts to influence the LLM's outputs and introduce biases or harmful outcomes. This guide outlines security guardrails for mitigating prompt engineering and prompt injection attacks. The authors present a comprehensive approach to enhancing the prompt-level security of LLM-powered applications, including robust authentication mechanisms, encryption protocols, and optimized prompt designs. These measures aim to significantly improve the reliability and trustworthiness of AI-generated outputs, while maintaining high accuracy for non-malicious queries. The proposed security guardrails are compatible with various model providers and prompt templates, but require additional customization for specific models. By implementing these best practices, organizations can instill higher trust and credibility in the use of generative AI-based solutions, maintain uninterrupted system operations, and enable in-house data scientists and prompt engineers to uphold responsible AI practices.

View in Agenda
CISO @ JIT

Jacob Berry

CISO @ JIT

Amazon Security Lake: Centralized Data Management for Cloud Native Ops [Advanced]

Amazon Security Lake stands as a paradigm shift in security data management. This service centralizes security data, significantly simplifying its management. Our talk will detail how Security Lake ingests data from a myriad of sources, converts it to the unified schema OCSF, and stores it, ready to be queried using AWS Athena for in-depth insights. Amazon Security Lake's robust architecture, combined with the power of AWS Athena, facilitates a more comprehensive understanding of the security landscape, bringing valuable insights to light. We will present a live demo and provide practical examples to illustrate how AWS Security Lake can seamlessly integrate with your DevSecOps toolchain, enhancing its functionality and efficiency. Attendees will gain a deep understanding of Amazon Security Lake's capabilities, exploring how its features can revolutionize their approach to cybersecurity, promoting a more secure and resilient digital environment.

View in Agenda
Solutions Architect @ AWS.

Jenni Wu

Solutions Architect @ AWS.

Security Workshop

In this workshop, you will learn practical techniques for protecting your web application from the most common threats, without needing to change any code. These techniques can be applied directly against your own AWS environments with minimal time and effort. You will be provided an AWS Account running the OWASP Juice Shop, and perform an attack to exfiltrate its credentials. You will then leverage Amazon GuardDuty to detect and respond to the attack, AWS Web Application Firewall (AWS WAF) to create a virtual patch to stop the exploit, and VPC Endpoint Policies to prevent illicit use of the stolen credentials. You'll also see how AWS WAF can be used to block other exploits using its managed rules. Using these and similar techniques to detect and respond to attacks will let you build fast AND stay secure.

View in Agenda
Principal Technical Account Manager @ AWS

Manas Satpahti

Principal Technical Account Manager @ AWS

Simplify Security Events Log Analysis with Amazon Q [Advanced]

Discover how to build security-focused applications with Amazon Q to analyze AWS accounts for compliance and vulnerabilities. Use automation to centralize security logs and events from AWS services, partner solutions, and open-source tools, and analyze using an intuitive chatbot interface. Through practical examples, explore how Generative AI enhances security analysis, delivering a richer experience with queries in natural language.

View in Agenda
Dolby

Mike Graff

Dolby

Use IAM Roles Anywhere to reduce the use of static IAM keys [Advanced]

Exposed static IAM keys are one of the most common security risks for AWS accounts. Avoiding the use of static keys is a best practice that can be hard to achieve in hybrid cloud environments where access needs to be given to external systems. IAM Roles Anywhere is a service that helps mitigate this risk. In this talk, I detail the problems and risks associated with static keys, how IAM Roles Anywhere can solve this problem, and walk through how to set up the complete solution.

View in Agenda
CTO at Nepra Environmental Solutions

Mona Patel

CTO at Nepra Environmental Solutions

Establish a Secured and Resilient Architecture [Business Focused]

I will demonstrate how to build a secured multi-tier architecture. You are tasked with creating a foundational multi-tier architecture in AWS, which includes a Web Tier, Application Tier, and Database Tier. The goal is to build each tier incrementally, ensuring each layer functions correctly before moving on to the next.

View in Agenda
Technical Leader | AWS Community Builder

Natalie Serebryakoval

Technical Leader | AWS Community Builder

Optimizing GPU Usage in Amazon EKS: Improving Performance and Security in Kubernetes [Advanced]

My talk will be covering how to optimize GPU usage in Amazon EKS for both performance and security. I will go over setting up GPU-enabled EC2 instances, managing resource requests for GPU workloads, and allocating GPUs to meet workload demands. I’ll also cover security practices specific to GPU workloads, e.g.: how to use RBAC to limit access to GPU resources, network policies to isolate sensitive GPU workloads from non-critical ones, and IAM roles to control who can provision and access GPU-powered instances. I hope my talk helps you get started with optimizing and securing GPU workloads in EKS.

View in Agenda
Sr AI/ML Architect @ AWS

Parth Girish Patel

Sr AI/ML Architect @ AWS

Securing Large Language Models: Best Practices for Prompt Engineering and Mitigating Prompt Injection Attacks [Beginner]

The rapid adoption of large language models (LLMs) in enterprise IT environments has introduced new challenges in security, responsible AI, and privacy. One critical risk is the vulnerability to prompt injection attacks, where malicious actors manipulate input prompts to influence the LLM's outputs and introduce biases or harmful outcomes. This guide outlines security guardrails for mitigating prompt engineering and prompt injection attacks. The authors present a comprehensive approach to enhancing the prompt-level security of LLM-powered applications, including robust authentication mechanisms, encryption protocols, and optimized prompt designs. These measures aim to significantly improve the reliability and trustworthiness of AI-generated outputs, while maintaining high accuracy for non-malicious queries. The proposed security guardrails are compatible with various model providers and prompt templates, but require additional customization for specific models. By implementing these best practices, organizations can instill higher trust and credibility in the use of generative AI-based solutions, maintain uninterrupted system operations, and enable in-house data scientists and prompt engineers to uphold responsible AI practices.

View in Agenda
AWS Community Hero @ Answers for AWS

Peter Sankauskas

AWS Community Hero @ Answers for AWS

Declarative Policies: How to adopt it

Declarative Policies in AWS are a new feature introduced to simplify and enforce security and compliance across an organization. They allow administrators to define desired configurations for AWS services—such as restricting EC2 instance launches to approved AMIs or blocking public access to S3 buckets. AWS automatically prevents actions that violate these policies, ensuring consistent security and governance without the need for custom scripts or manual intervention

View in Agenda
Sr. Solutions Architect @ AWS

Sandeep Mohanty

Sr. Solutions Architect @ AWS

Simplify Security Events Log Analysis with Amazon Q [Advanced]

Discover how to build security-focused applications with Amazon Q to analyze AWS accounts for compliance and vulnerabilities. Use automation to centralize security logs and events from AWS services, partner solutions, and open-source tools, and analyze using an intuitive chatbot interface. Through practical examples, explore how Generative AI enhances security analysis, delivering a richer experience with queries in natural language.

View in Agenda
Security specialist at SNOW Upgrade

Satish Jipster

Security specialist at SNOW Upgrade

Securing Generative AI applications using AWS Services [Business Focused]

Securing generative AI applications using AWS services involves implementing robust strategies to protect data, models, and infrastructure. This presentation explores how AWS tools like Identity and Access Management (IAM), AWS Key Management Service (KMS), and Amazon SageMaker enable secure model development, training, and deployment. Topics include safeguarding sensitive data with encryption, ensuring network security through Virtual Private Clouds (VPCs), and mitigating threats using services like AWS Shield and AWS WAF. Best practices for monitoring AI workloads with Amazon CloudWatch and addressing compliance requirements through AWS Audit Manager will also be discussed. Attendees will gain actionable insights to build and maintain secure, scalable, and resilient generative AI applications on AWS.

View in Agenda
Technical Leader, AWS Solutions Architecture

Shivansh Singh

Technical Leader, AWS Solutions Architecture

Builder cards [Intermediate]

AWS BuilderCards, is a fun and educational deckbuilding card game, designed to teach how different AWS services work together to build well-architected workloads, while having fun with other attendees.

View in Agenda
Sr. Partner Solutions Architect

Syed Hussain

Sr. Partner Solutions Architect

Securing SaaS Applications with Amazon Verified Permissions: From Theory to Practice [Beginner]

As SaaS applications grow more complex, managing authorization can quickly become a bottleneck. Traditional inline authorization approaches often result in security weaknesses, greater development overhead, and maintenance challenges. Amazon Verified Permissions offers a streamlined, centralized approach to authorization, enabling scalable, policy-based access control that evolves independently of your application code. In this session, we’ll explore how to implement Verified Permissions in multi-tenant SaaS environments. We’ll discuss different architectural patterns, weigh their trade-offs, and demonstrate how Verified Permissions can simplify tenant-specific policy management while maintaining strict security boundaries. Attendees will gain practical insights and see live examples of using JWT tokens and other strategies to integrate Verified Permissions into their own SaaS applications.

View in Agenda

AGENDA

TimeSession Details
Morning Sessions
08:00 AM - 4:00 PM
Badge pick up, Assisted Registration, Information Desk - Grand Lobby
08:30 AM - 09:20 AM
50 minutes
Breakfast and Networking - Grand Hall
Closes 10 minutes before Keynote.
09:30 AM - 10:00 AM
30 minutes
Welcome, Introductions and Sponsors Parade - John Varghese - AWS Hero - Hahn Auditorium
10:00 AM - 10:45 AM
45 minutes
Keynote - TBD - Paul Vixie - VP and DE AWS Security - Hahn Auditorium
10:45 AM - 11:15 AM
30 minutes
Tea/coffee break and Networking - Grand Hall Sponsored by AWS
Tracks
Hahn Auditorium
Lovelace
Boole
Glass rooms
11:15 AM - 11:45 AM
30 minutes
Use IAM Roles Anywhere to reduce the use of static IAM keys [Advanced]

--Mike Graff

Security Considerations for MLOps Infrastructure on AWS [Advanced]

--David Akuma

Intel AI workshop

--Speaker TBD

Builder cards: AWS BuilderCards, is a fun and educational deckbuilding card game, designed to teach how different AWS services work together to build well-architected workloads, while having fun with other attendees.

--Shivansh Singh

11:50 AM - 12:40 AM
40 minutes
Optimizing GPU Usage in Amazon EKS: Improving Performance and Security in Kubernetes [Advanced]

--Natalie Serebryakoval

AWS Security for Front End Devs [Intermediate]

--Chris Miller

12:20 PM - 1:20 PM
1 hour
Lunch and Networking - Grand Hall SPONSORS WANTED!!
Post Lunch Sessions
Tracks
Hahn Auditorium
Lovelace
Boole
Glass rooms
1:30 PM - 1:55 PM
25 minutes
Amazon Security Lake: Centralized Data Management for Cloud Native Ops [Advanced]

--Jacob Berry

Securing Generative AI applications using AWS Services [Business Focused]

--Satish Jipster

Commvault workshop - Minutes to Meltdown!

--Commvault - Continuous Business

Unconference like Dynamic Conversations that Explore & Evolve

--Conference Attendees

2:00 PM - 2:35 PM
35 minutes
Streamlining Compliance: Leveraging Open-Source Terraform AWS modules [Advanced]

--Anton Babenko

Establish a Secured and Resilient Architecture[Business Focused]

--Mona Patel

2:30 PM - 2:55 PM
25 minutes
Afternoon Tea break SPONSORS WANTED!!
Tracks
Hahn Auditorium
Lovelace
Boole
Glass rooms
3:00 PM - 3:25 PM
25 minutes
Developer Mindset: Embracing GitOps for Network Security and Compliance [Advanced]

--Gunnar Grosch

Securing SaaS Applications with Amazon Verified Permissions: From Theory to Practice [Beginner]

--Syed Hussain

Declarative Policies: How to adopt it

--Peter Sankauskus

Nothing planned yet. Let’s see what happens!

--Conference Attendees

3:30 PM - 3:55 PM
25 minutes
Simplify Security Events Log Analysis with Amazon Q [Advanced]

--Manas Satpathi & Sandeep Mohanty

Securing Large Language Models: Best Practices for Prompt Engineering and Mitigating Prompt Injection Attacks [Beginner]

--Parth Patel and Ishneet Dua

Building with Generative AI on AWS using PartyRock, Amazon Bedrock, and Amazon Q (Laptop Required)

--Jenni Wu

Nothing planned yet. Let’s see what happens!

--Conference Attendees

3:55 PM - 4:05 PM
10 minutes
Raffle & Closing Note - Hahn Auditorium

VOLUNTEERS

I want to volunteer!

Platinum Sponsors

AWS

AWS

Amazon Web Services (AWS) is the world's most comprehensive and broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. Millions of customers—including the fastest-growing startups, largest enterprises, and leading government agencies—are using AWS to lower costs, become more agile, and innovate faster.

Intel AI

Intel AI

AI, Optimized. Build, train, and deploy AI on managed, high-performance, and cost-effective infrastructure at scale with Intel® Tiber™ AI Cloud and Intel® Tiber™ AI Studio.

Gold Sponsors

Commvault

Commvault

Only Commvault® Cloud enables continuous business for the cloud-first enterprise. One platform to help you scan for risk, test for recovery and instantly rewind business after the breach — continuously and with total compliance. It’s enterprise-grade resilience, at the speed and scale of the cloud-first world.

Silver Sponsors

NOVAworks

NOVAworks

NOVAworks is at the heart of our community’s workforce success, offering free, personalized career navigation and training services to individuals 17 and up in San Mateo and northern Santa Clara counties. We don’t just connect people with jobs—we connect them with opportunities to thrive. We fund internships that spark careers, advanced training that empowers workers to reimagine their futures, and innovative workforce solutions that fuel local businesses and communities.


COMMUNITY PARTNERS

AWS Bay AreaBay Area InfracodersPublic Cloud SecurityAdvanced AWSAWS East Bay Official EventsData Science on AWS

Venue

Computer History Museum

1401 N Shoreline Blvd,

Mountain View, CA 94043