Chris Farris of fwd:cloudsec

In this special in-person episode of Modern Cyber, recorded at fwd:cloudsec Europe, Jeremy is joined by cloud security expert and conference organizer Chris Farris. Drawing on his over 30 years in IT, Chris recounts his journey into cloud security, from his early days with Linux to moving video archives to AWS S3. The conversation revisits the foundational mindset shifts that occurred with the rise of the cloud, focusing on the agility it brought and the security gaps it created, such as the transition from rigid, on-premises governance to the chaotic freedom of API calls and ClickOps.The core of the episode explores the concept of the Sovereign Cloud, specifically Amazon's intended European Sovereign Cloud. Chris clarifies that simple data residency is not true sovereignty due to the US Cloud Act. He details the unique nature of the European partition—a completely separate partition, billing system, and support staff operated only by EU citizens—and identifies the primary flaw: the lack of a legal statute protecting the European employees from being compelled to act under the Cloud Act. Finally, Chris shares a powerful reflection on the fwd:cloudsec community, calling it a "second cloud family".Guest BioChris Farris is a highly experienced IT professional with a career spanning over 25 years. During this time, he has focused on various areas, including Linux, networking, and security. For the past eight years, he has been deeply involved in public-cloud and public-cloud security in media and entertainment, leveraging his expertise to build and evolve multiple cloud security programs.Chris is passionate about enabling the broader security team’s objectives of secure design, incident response, and vulnerability management. He has developed cloud security standards and baselines to provide risk-based guidance to development and operations teams. As a practitioner, he has architected and implemented numerous serverless and traditional cloud applications, focusing on deployment, security, operations, and financial modeling.He is one of the organizers of the fwd:cloudsec conference and presented at various AWS conferences and BSides events. He was named one of the inaugural AWS Security Heroes. Chris shares his insights on security and technology on social media platforms like BlueSky, Mastodon and his website chrisfarris.com.Episode Links‍https://fwdcloudsec.orghttps://fwdcloudsec.org/forum/https://www.chrisfarris.comDiscover all of your Shadow AI nowWorried about AI security? Get Complete AI Visibility in 15 Minutes. Book a demo of Firetail's AI Security & Governance Platform.