Multi-Cloud Detection and Incident Response: Practical Lessons from a Fortune 500 Security Leader

Tuesday, December 12, 2023

8:00 - 9:00 AM PST

60 minutes, including Q&A

The cloud enables greater business agility and innovation – but also introduces unprecedented challenges for incident response teams.

Leveraging the cloud’s centralized control plane, attackers can now rapidly execute multi-step attack chains by programmatically discovering resources, escalating privileges, moving laterally, and encrypting and exfiltrating data. The richness of cloud services creates endless opportunities and multiple attack paths for adversaries, many of which are specific to each cloud provider.

For incident responders, modern multi-cloud infrastructures – AWS, Azure, GCP, and more – also bring increased complexity, massive scale, and accelerated rates of change, along with the need for new and specialized skills which are in short supply.

In this webinar, led by a senior security leader for a Fortune 500 financial services firm with operations in more than 40 countries, we’ll explore:

  • Key differences and similarities between cloud and on-premises incident response.
  • Why the scale and diversity of cloud services require new approaches to log ingestion, detection engineering, noise reduction, and investigation.
  • The need to define playbooks and cross-functional processes that enable IR teams to quickly contain incidents and “stop the bleeding” before they cause major impact to your business.
  • The forensic and investigation capabilities required to respond to cloud threats at speed.
  • Why Cloud Security Posture Management (CSPM) alone is not enough.
  • How to shift your SecOps team’s mindset and prepare them for threats in the cloud era.

Sponsored by:

Gem Security


Andrew Tabona

SVP of Cyber Threat Management & Incident Response

Fortune 500 Financial Services Firm

Andrew is a cybersecurity leader with oversight of the Cyber Incident Response, Threat Intelligence, and Red Team functions at a global Fortune 500 company, where he’s been for the past 10+ years. During a 20+ year career in the financial services and software industries, Andrew has held various technical roles within the areas of digital forensics, e-discovery, cyber investigations, technical support, and technical writing. Andrew holds an MSc in Computer Forensics and E-Discovery, a BSc (Hons) in Computer Science, as well as multiple industry certifications including CISSP, GISP, GCIH, GCFE, GCFA, and GCLD.

Ron Konigsberg

CTO & Co-Founder

Gem Security

Ron leads technology, innovation, and engineering at Gem Security, the cloud detection and incident response company recognized by Gartner as a Cool Vendor in Modern Security Operations. Prior to Gem, he was Chief Architect and Chief Growth Officer at Singular, a cloud-native data analytics company. Ron started his career as a software developer and team leader in the cyber division of the 8200 unit of the IDF. Ron holds an MSc in Computer Science and Machine Learning from Bar-Ilan University and a BSc in Computer Science from the College of Management Academic Studies, where he graduated with honors.

Terry Sweeney


Black Hat

Terry Sweeney is a Los Angeles-based writer and editor who's covered business technology for three decades. He's written about cyber security for more than 15 years and was one of the founding editors of Dark Reading. Sweeney has covered enterprise networking extensively, as well as its supporting technologies like storage, wireless, cloud-based apps and the emerging Internet of Things. He's been a contributing editor to The Washington Post, Crain’s New York Business, Red Herring, Information Week, Network World, SearchAWS.com, and Stadium Tech Report.

Sustaining Partners