Boulder AWS User Group
Welcome to the Boulder AWS User Group! We're an inclusive community that brings together anyone interested in cloud computing and AWS technologies. Whether you're a seasoned cloud developer, infrastructure engineer, DevOps professional, student exploring tech careers, or hobbyist tinkering with AWS in your spare time - you belong here. Our group welcomes all skill levels and backgrounds, fostering learning, networking, and knowledge sharing in a supportive environment.
Building AWS Security From The Ground Up
by Jason Bovée
Building AWS Security From The Ground Up
Explore how cybersecurity starts at the endpoint and scales to the cloud, covering practical strategies for identity management, access control, least privilege, encryption, and compliance readiness. We’ll connect everyday cybersecurity practices to cloud configurations and emerging insurance requirements, helping attendees understand how to secure systems efficiently and align with industry standard IT and cybersecurity frameworks.
Meetup Highlights
Jason delivered an engaging presentation on building security from the endpoint all the way to the cloud, covering essential topics like identity management, access control, and compliance frameworks.
What We Learned
Jason’s talk covered critical security concepts from endpoints to cloud infrastructure:
Key Takeaways
Security as Culture - Jason emphasized that security isn’t just a technical challenge, it’s a cultural one. Building an effective security culture requires leadership to lead by example, make security practices visible, and normalize incident reporting without blame.
Compliance from Day One - Rather than treating compliance as an afterthought, organizations should consider regulatory requirements from the start of any project or infrastructure design.
Automate, Test, and Iterate - Security isn’t a one-time implementation. Continuous automation, regular testing, and iterative improvements are essential for staying ahead of threats.
Learn from Every Breach - A practical tip: whenever you read about a security breach in the news, immediately conduct a tabletop exercise with your team. Ask “What would we do if this happened to us?” This proactive approach helps identify gaps before they’re exploited.
AI and the Compliance Gap - Jason highlighted the unique challenge of protecting data in the age of AI tools. The technology is advancing faster than compliance models can adapt, creating new risks that security teams must navigate carefully.
IDN Homograph Attacks - One specific threat discussed was the IDN homograph attack. This attack exploits visual similarity between characters from different writing systems to create deceptive domain names. Attackers can register domains that look identical to legitimate sites using Cyrillic or other Unicode characters, making phishing attacks extremely difficult to detect visually.
A Fun Discovery
One of our community members brought an interesting treat to share - fried chicken flavored candy! It definitely tastes like chicken, and we do not recommend. A memorable (if not entirely pleasant) culinary experience that sparked some fun conversations during the meetup.
tags: aws - cloud_security
