First Time in Vienna: DeepSec, BSidesVienna, Schnitzel, and Cloud Security Realities

Just got back from the stunning city of Vienna, where I had the pleasure of speaking at not one, but two fantastic conferences: DeepSec and BSidesVienna. These events gather some of the best minds in security, all set against a backdrop of Viennese charm. And let me tell you, the setting didn’t disappoint. Between wandering the historic streets, stuffing myself with schnitzel, and discussing the finer points of cloud security, it was a weekend I won’t forget anytime soon.

DeepSec and BSidesVienna were both incredible experiences, combining deep technical dives with a laid-back atmosphere that makes networking so much more enjoyable. I mean, it’s not every day you get to chat about credential theft over a slice of Sachertorte. My talk this year was titled “Attackers Aren’t Breaking In, They’re Logging In: Cloud Security Asymmetry,” and it was an eye-opening experience to share some hard truths about cloud security with audiences who totally got it.

The Cloud Asymmetry: Where Attackers Have the Upper Hand

So, what was the talk all about? In a nutshell, it was about the fundamental imbalance we’re seeing between cloud attackers and defenders. In today’s landscape, attackers aren’t going all Mission Impossible to break into your systems—they’re simply logging in with a valid set of credentials. And why is that? Because in the cloud, identity is the new perimeter. Once attackers have credentials, they’re in. It’s like being given the keys to the kingdom—except the kingdom is hosted on multiple servers, globally accessible, and more complex than a Viennese opera plot.

Attackers are finding cloud environments far easier to compromise compared to traditional on-premises systems. I talked about why this is happening, and how the accessibility of cloud services means there’s a much lower barrier for attackers. I mean, forget needing to be a sophisticated hacker; nowadays, if you can get hold of a single set of credentials, you’re basically a cloud intruder in training. And let’s not forget the sheer complexity involved—the diverse configurations, varying logging systems, and the frustratingly inconsistent visibility across cloud environments. It’s enough to make any defender wish they had a simpler job. Like, I don’t know, herding cats.

Identity, Complexity, and the Challenge of Cloud Incident Response

One of the big themes of the talk was the struggle defenders face in gaining proper visibility into cloud environments. Unlike on-premises systems, where we have decades of experience perfecting monitoring and detection, cloud systems are a different beast entirely. The global nature of cloud means services are accessible everywhere, which is great for remote work—but also great for anyone with bad intentions. It’s a double-edged sword, and defenders are left trying to catch up with attackers who are already comfortably in the system.

I also touched on the unique skill set required for incident response in the cloud. The days of just knowing your firewalls and anti-virus tools are over. Now, it’s about understanding how each cloud provider works, how their logging differs, and what subtle signs might indicate an attack in progress. It’s like learning to read the nuances of a foreign language—except that language is spoken by AWS, Azure, and Google Cloud, and no one seems to agree on grammar.

DeepSec and BSidesVienna: Two Conferences, One Mission

Being at both DeepSec and BSidesVienna was a reminder of why we do this work in the first place—because it matters. Cloud environments are where more and more of our critical data resides, and the reality is that attackers are finding ways in faster than we’re finding ways to keep them out. BSidesVienna was essentially a condensed version of my DeepSec talk—half the time, but just as much enthusiasm and engagement from the audience. It was like doing a speed run of cloud security problems, but with the same energy and a lot of great questions from the audience.

The questions I got after both talks were thoughtful, challenging, and, quite frankly, the kind of discussions that I wish we could have more often.

A huge thank you to the DeepSec and BSidesVienna organizers for putting together such engaging and thought-provoking events. It’s not every day you get to combine the beauty of a historic city with the latest in security research. And to everyone who attended my talks: thank you for your interest, your questions, and your willingness to dig into the nitty-gritty of cloud defense.

And hey, if anyone’s still unsure whether attending these conferences is worth it, let me just say this: come for the security, stay for the schnitzel.

“The foundation of all human connection is the sharing of ideas.” — Stefan Zweig