CLOUD VILLAGE @BSidesCharm 2026

Cloud Village is an open space to meet folks interested in offensive and defensive aspects of cloud security.

About

Cloud village is an open space to meet folks interested in offensive and defensive aspects of cloud security. The village is home to various activities like talks, workshops, CTFs and discussions targeted around cloud services.

If you are a professional who is looking to gain knowledge on securely maintaining the cloud stack and loves to be around like-minded security folks who share the similar zeal towards the community, Cloud Village is the perfect place for you.

This year Cloud Village will be in-person at Sheraton Baltimore North, Townson, Maryland for BSidesCharm 2026. We will be bringing in our amazing-as-always Capture the Flag Event on Cloud Security. Stay Tuned!

Hope to see you all there!

Schedule

+

11:00-13:00

LAB | Surviving the trenches with Kiro

+

Sponsored by: AWS

Speaker: Ryan Nolette

Abstract:

This hands-on workshop demonstrates how to leverage Kiro for managing and troubleshooting Capture the Flag (CTF) challenges at scale. Participants will learn practical techniques used during real-world security conferences including BSidesSF and RSAC Conference to maintain challenge infrastructure and rapidly resolve issues.

What You'll Learn

- Building on the foundational AWS Kiro Workshop, this session focuses on:

- Real-World CTF Operations: Discover how Kiro was deployed during BSidesSF and RSA Conference to troubleshoot challenge issues in real-time

- Custom Configurations: Explore the hooks, specs, and configs used to optimize Kiro for use cases

- Operational Best Practices: Learn techniques for maintaining challenge availability and quickly diagnosing infrastructure problems during live events

Prerequisites:

- Basic familiarity with AWS services

- Understanding of CTF challenge infrastructure concepts

- Laptop with AWS account access

Speaker Bio:

Ryan is AWS's Senior Security Engineer for the Outreach Team and CoAuthor of AWS Detective. He has previously held a variety of roles including threat research, incident response consulting, and every level of security operations. With almost 2 decades in the infosec field, Ryan has been on the development and operations side of companies such as Postman, Sqrrl, Carbon Black, Crossbeam Systems, SecureWorks and Fidelity Investments. Ryan has been an active speaker and writer on threat hunting and endpoint security.

+

14:00-14:20

LIGHTNING TALK | Good Intentions, Bad Exploits: The AWS Vulnerability Lifecycle Explained

+

Speakers: Albin Vattakattu & Ryan Nolette

Abstract:

Cloud services power nearly every digital experience today. As these services become increasingly critical to operations worldwide, identifying and responsibly disclosing vulnerabilities is essential to maintaining trust across the entire ecosystem. This session examines how security researchers and disclosure programs can work together more effectively — from initial discovery through coordinated disclosure and customer protection.

We'll walk through the complete vulnerability lifecycle: how security researchers evaluate cloud services, what makes cloud security research unique compared to traditional software testing, and how working backwards from customer impact shapes remediation priorities. You'll see real-world examples of vulnerabilities discovered in cloud services, understand what makes a high-quality security report, and explore how we balance transparency with giving organizations time to protect their customers.

With AI accelerating vulnerability discovery, traditional Vulnerability Disclosure Program (VDP) models are not built for it. This talk introduces 3 Principles for Modern VDPs: a practical framework for disclosure programs to navigate today's AI-accelerated vulnerability discovery.

Key topics include the research methodology for cloud environments, Coordinated Vulnerability Disclosure (CVD) best practices, how modern VDPs prioritize and remediate findings at scale, Embargo period management, Partnership approaches with the security research community, and the 3 Principles for Modern VDPs.

Speaker Bio(s):

Albin Vattakattu

Albin leads the global Vulnerability Disclosure Program (VDP) for Amazon Web Services (AWS). With over a decade of expertise in large-scale network and application security, he previously spearheaded incident response teams across North and South America. Albin holds a Master’s degree in cybersecurity from New York University (NYU) and maintains multiple industry-leading certifications.

Ryan Nolette

+

14:20-14:55

TALK | Signing Your Agent's Homework: Cryptographic Trust for AI Agent Approvals

+

Speakers: Angad Mehata, Bhagavan Bollina & Jainil Malaviya

Abstract:

Human-in-the-loop approval is the primary safety control for enterprise AI agents. When an agent requests permission to delete files or run queries, we trust that what we approve will execute. This assumption is wrong.

This talk exposes TOCTOU (Time-of-Check to Time-of-Use) vulnerabilities in agent approval workflows. We demonstrate how attackers can modify agent actions after user approval but before execution, causing unauthorized operations even with human oversight.

We introduce agent-action-trust, an open-source library that cryptographically binds approvals to actions using content hashing and digital signatures. If an action is modified after approval, execution is automatically blocked.

Speaker Bio(s):

Angad is a security practitioner focused on AI Agent identity system security.

+

16:00-16:35

PANEL | Modern Cloud Defense: Identity, Runtime, and Control Planes in a Multi-Cloud World

+

Sponsored by: AWS

Panelists: Ryan Nolette, Kat Fitzgerald, Teddy Katayama

Panelists Bio(s):

Ryan Nolette

Kat Fitzgerald

Chicago-based (but as of April 29th, Porto, Portugal!) and proudly a natural creature of winter, I thrive on OSS and just the right amount of chaos. Whether sipping Grand Mayan Extra Añejo or warding off cyber threats with a mix of honeypots, magic spells, and a very opinionated flamingo named Sasha (the BSidesChicago.org mascot), I keep things interesting. Honeypots and refrigerators rank among my favorite things—though my neighbors would likely disagree.

Teddy Katayama

Teddy Katayama is a cybersecurity researcher, educator, and practitioner with nearly two decades of experience spanning penetration testing, threat intelligence, machine learning, and secure systems engineering. He is the Co-Founder and Chief Technology Officer of Exploit Strike, where he leads advanced penetration testing engagements and designs secure infrastructure for offensive security research.

Kaoru is completing his Ph.D. in Electrical and Computer Engineering at the University of Delaware, where he also earned a Master’s in Cybersecurity and a Bachelor’s in Computer Engineering. His research focuses on applying machine learning to cybersecurity problems, including large-scale analysis of Indicators of Compromise and malicious behavior detection.

Kaoru also created the University of Delaware’s first VIP Red Team, which led security assessments across the Mid-Atlantic region. He led multiple research projects at Cisco Systems, contributing to advanced threat analytics, encrypted malware detection, and IoC aggregation systems used to reduce false positives in enterprise environments.

In addition to industry work, Kaoru has served for over a decade as a course instructor and teaching assistant at the University of Delaware, teaching and supervising courses in penetration testing, web application security, cryptography, system hardening, and senior design. He is a recipient of the 2024 ECE Outstanding Teaching Assistant Award and has contributed to funded research projects with Cisco.

+

16:10-18:00

L̶A̶B̶ | B̶r̶e̶a̶k̶i̶n̶g̶ “V̶i̶b̶e̶ C̶o̶d̶i̶n̶g̶” W̶o̶r̶k̶s̶h̶o̶p̶ CANCELLED

+

Speaker: Marc Raphael

Abstract:

As we move from chatting with AI to letting AI do things for us, a trend known as Vibe Coding, the security stakes have never been higher. When we give an AI agent the power to run commands on a computer, we are giving a digital intern a master key to our systems. If that intern is easily tricked, your data is at risk.

This beginner friendly, hands-on workshop is a laboratory for the curious. We will build a simple autonomous agent that can read files and act on its own. Then you will learn the dark art of Indirect Prompt Injection to see how easy it is to hijack an agent and turn it against its owner. Finally we will switch to defense. We will show you how to build digital cages and guardrails to keep your AI assistants helpful and harmless. No advanced coding or AI background is required. Just bring a laptop and an inquisitive mind.

Pre-requisites:

Security beginners, IT professionals, and curious developers. No prior AI experience is necessary.

A laptop with a web browser.

Access to a cloud based LLM tool or local equivalent.

Basic understanding of how to create a text file.

Speaker Bio:

Marc Raphael is a Cybersecurity Architect and the founder of 911Cyber, a firm specializing in high stakes incident response. Over the last three years, he has led the integration of AI agents into modern Security Operations Centers to automate complex defense tasks. Through this frontline experience, he has witnessed firsthand how autonomous agents can be compromised to wreak havoc on an organization’s infrastructure.

By combining his background in traditional incident response with cutting edge AI orchestration, he provides a unique perspective on the "execution gap" in agentic security. He is dedicated to helping organizations adopt AI automation without sacrificing their security posture.

+

10:00-12:00

LAB | AWS Foundational Governance & Risk Management Workshop

+

Sponsored by: AWS

Speaker: Jerry Jones IV

Abstract:

This workshop covers core AWS security concepts through practical, guided exercises. You'll gain experience with the most important AWS security services while learning how to establish compliance monitoring and audit logging frameworks while operating on AWS.

Speaker Bio:

Jerry Jones IV is an Associate Delivery Consultant – Security at Amazon Web Services, where he specializes in helping customers architect and implement secure, compliant cloud solutions. With extensive experience spanning federal cybersecurity, cloud security architecture, and AI/ML implementations, Jerry brings a unique perspective on building resilient systems that meet rigorous regulatory requirements.

Prior to joining AWS, Jerry served as an Information System Security Officer at the U.S. Department of Education, where he led complex Authorization to Operate (ATO) efforts for mission-critical systems, successfully navigating the transition from NIST 800-53 rev4 to rev5 and managing cybersecurity operations for systems with budgets exceeding $5 million. His federal service also includes roles at the Federal Deposit Insurance Corporation, where he administered the agency's Cyber Security Assessment and Management (CSAM) tool and guided authorization efforts across 19 diverse divisions, and the U.S. Department of Agriculture, where he contributed to cloud migration strategies and high-value asset protection.

Jerry's technical expertise spans cloud architecture, security automation, and AI/ML integration. He has designed and deployed enterprise-grade solutions including centralized backup and logging strategies for AWS Organizations, multi-account governance frameworks, and automated security baselines that ensure consistent compliance across distributed environments.

+

12:00-12:35

PANEL | Mythos and the New Cloud Threat Curve: Securing Control Planes, AI Infrastructure, and Agentic Operations

+

Sponsored by: Trend AI

Panelists: Brandon Wingard, Chris Maenner, Kevin Figueroa

Panelists Bio(s):

Brandon Wingard

Brandon Wingard is a Principal Solutions Engineer at TrendAI with over two decades of experience across cloud security, infrastructure, and enterprise IT operations. With a background spanning healthcare IT and systems administration, he brings a practitioner-first perspective to helping organizations secure modern cloud environments, with a focus on identity, detection, and real-world operational challenges.

Chris Maenner

Chris is Head of Security at Ybor Technologies, where he focuses on securing Kubernetes platforms, AI workloads, and cloud-native infrastructure. He has been working in security engineering since 2006, spanning roles from early-stage startups to enterprise platform teams.

Chris serves as a board member of BSidesPhilly and is a frequent speaker at security conferences, including multiple BSides events, Boardwalk Bytes, and corporate conferences. He's passionate about helping fast-moving teams build secure systems without sacrificing velocity.

Outside of security, Chris builds music applications and spends his free time visiting music venues around the world.

Kevin Figueroa

Red Team operator with experience breaching enterprise environments through sophisticated network, web application, API exploitation campaigns. Kevin Figueroa specializes in full-scope penetration testing, living-off-the-land techniques, and custom tooling development. Passionately tracking adversary TTPs while weaponizing AI and vector databases for automated attack path discovery and payload generation to expose and close critical gaps in organizational defenses.

+

12:35-13:10

TALK | Build It to Believe It: The AWS Security Challenge

+

Speaker: Ryan Nolette

Abstract:

Think you can build something cool with AWS security tools? Prove it. In this interactive competition, attendees receive a challenge prompt before the conference: build the most creative, impactful solution using AWS security services and go home with bragging rights and prizes.

Participants can tackle challenges like:

OCSF Innovation: Leverage Security Hub's OCSF (Open Cybersecurity Schema Framework) support to normalize and correlate security findings across multiple sources in creative ways

Security Automation with Kiro: Use hooks, specs, and tools to build robust security code that automates threat response or compliance workflows

AI-Powered Security Review: Deploy AWS Security Agent to automatically review and assess solution architectures for security best practices

Custom Threat Detection: Create GuardDuty custom signatures to detect organization-specific threats or novel attack patterns

Then, join AWS live at BSides Charm for a 30-minute showcase, submmisions will be briefly shown to to a live audience. The crowd votes live via an online form, and the top three winners walk away with AWS account credits.

Whether you're automating threat detection, streamlining compliance, building AI-assisted security reviews, or inventing something nobody saw coming, this is your chance to show what's possible — and learn from what others built along the way. Come for the competition, stay for the inspiration.

Speaker Bio:

+

13:10-14:55

LAB | CTF 101 Workshop

+

Speakers: Cloud Village CTF Leads

Abstract:

Whether you're a total beginner or just need to sharpen your cloud hacking skills, this arcade-themed walkthrough will help you level up fast. Learn how to approach CTF challenges, explore common cloud misconfigurations, and get hands-on with puzzle-solving across AWS, Azure, and GCP. Bonus points if you bring curiosity and caffeine.

+

15:00-16:00

LAB | Fix It, Snooze It, or Ignore It? Cloud Security Decisions Under Pressure

+

Sponsored by: Aikido

Speaker: Mackenzie Jackson

Abstract:

Cloud security teams rarely struggle to find issues. They struggle to decide what actually matters.

In this interactive CloudSec Village lab hosted by Aikido Security, attendees step into the role of a cloud security lead responsible for a realistic environment spanning containers, Kubernetes, serverless, and virtual machines.

Participants evaluate real cloud security findings, assess exposure and exploitability, decide whether to fix, defer, or ignore them, and determine remediation ownership. The session highlights how context and attack paths often matter more than severity scores.

This drop-in lab focuses on practical decision-making under pressure rather than tooling or theory. Join at any time, make the call, and see how your prioritization compares.

Speaker Bio:

Mackenzie Jackson is a Developer Advocate at Aikido Security. He has significant experience in the tech, developer and IT security spaces; being a co-founder and CTO of Conpago and a developer advocate at GitGuardian.

Cloud Village CTF

CTF start - 11 AM ET, 25 Apr 2026

CTF close - 12 PM ET, 26 Apr 2026

If you ever wanted to break stuff on the cloud, or if you like rabbit holes that take you places you did not think you would go to, follow complicated story lines to only find you could have reached to the flag without scratching your head so much - then this CTF is for you!

Our CTF is a contest where we have a bunch of challenges hosted across multiple Cloud providers across multiple categories of difficulty.

See you on the other side!

Our sponsors at

BSidesCharm

DIAMOND SPONSOR
(ANNUAL)

Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, our cybersecurity platform protects 500,000+ organisations and 250+ million individuals across clouds, networks, devices, and endpoints. Know More

DIAMOND SPONSOR
(ANNUAL)

Varonis protects the data where it lives. Their platform is purpose-built to look deeply inside and around data—and then automate its protection using patented, battle-hardened machine learning and AI. Know More

DIAMOND SPONSOR
(ANNUAL)

Amazon Web Services is the world’s most comprehensive and broadly adopted cloud, enabling customers to build almost anything they can imagine. They offer the greatest choice of innovative cloud and AI capabilities and expertise, on the most extensive global infrastructure, with industry-leading security, reliability, and performance. Know More

PLATINUM SPONSOR
(ANNUAL)

Aikido have category-leading security products across code, cloud, runtime, and autonomous penetration testing.
What makes them even stronger is context. By connecting code, cloud, and runtime data, their products work together to find the right issues and fix them faster. Know More

CLOUD VILLAGE @BSidesCharm 2026

About

Schedule

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

Cloud Village CTF

Our sponsors at

BSidesCharm

DIAMOND SPONSOR (ANNUAL)

DIAMOND SPONSOR (ANNUAL)

DIAMOND SPONSOR (ANNUAL)

PLATINUM SPONSOR (ANNUAL)

DIAMOND SPONSOR
(ANNUAL)

DIAMOND SPONSOR
(ANNUAL)

DIAMOND SPONSOR
(ANNUAL)

PLATINUM SPONSOR
(ANNUAL)