Last week, we had a very interesting session focused on cybersecurity.
Our guest speaker Brian Contos, shared his expertise on the following critical cybersecurity topics:
β Real-life stories from the trenches, drawn from years of cloud-based incident response. β Exploration of various hacks to illustrate how breaches occur, what happens following a breach, and why organizations struggle to detect and respond. β Mitigation strategies to proactively prepare for a breach, discover malicious activity, and respond effectively.
Malicious actors are counting on your passivity, your blind spots, and your inability to detect and respond to attacks in the cloud. Break their hearts!
Are you ready to learn more about hacking π β the cloud and how to prevent it βοΈ π€ Tune in to hear and learn from real-world stories.
Real-World Examples
Crypto mining on hacked security cameras in a casino.
$15 million wire fraud via compromised Office 365 and fake domains.
MongoDB ransomware where attackers lied about stealing data.
Robot hack demo showing how easy it is to control industrial devices with no authentication.
When and Where
π Date: May 7th, 2025 π Time: 5 PM UTC π Recorded session URL
Don’t miss out on this amazing hacking session. Let’s make the cloud a safer place together!
Last week, we had a great discussion with our guest speaker – Microsoft MVP, HΓ₯kan Silfvernagel. Our topic was Azure Ai services using the Semantic Kernel with simple, yet insightful demos.
By checking this session, you will learn how to build your own CoPilot experience using the Semantic Kernel released as an open-source project. Our speaker has demonstrated how you can use skills, memories, connectors, and plugins in order to enhance the experience for your users.
Our speaker incorporated interesting demos on Azure AI Foundry services, including an explanation of different AI models, Chat playground with examples on how to create filters and block specific types of content.
AI Application Workflow Demos
Another interesting demo is on a typical AI services application that are used in application where an application is using Azure AI services to return responses. This demo screenshot below emphasis a need for protection and/or filtering before returning results back to the requester application – which an end-user or cybercriminal may exploit with your AI system data.
Watch the Recorded Session
If you missed the live session or want to revisit the insights shared, check out the full recording on our Cloud Lunch and Learn YouTube channel. Don’t miss this opportunity to enhance your knowledge and skills in Azure AI security!
Hello, hello my dear friends and community members!
This March month is going to be very busy, as I got notified that one of my solo sessions, and one joint session with Kasun – a Microsoft MVP and Docker captain – has been accepted, two weeks ago. And most importantly, I will be folding my sleeves to start preparations for the following sessions:
The Future of AKS Monitoring: Trends and tools you can’t ignore
Tips and tricks to automate resource governance with Azure Bicep
What to expect from a session – Future of AKS Monitoring?
In this session, we dive deep into the evolving landscape of Azure Kubernetes Service (AKS) monitoring β exploring the latest trends, essential tools, and best practices to future-proof your observability strategy.
What you’ll learn in this session:
β Current state of AKS monitoring: Azure Monitor, Log Analytics, Prometheus, and more. β Must-have tools: Grafana, Azure Managed Prometheus, β Best practices for designing scalable, high-availability monitoring solutions β Live demo: Setting up Prometheus + Grafana on AKS and integration
What to expect from a Governance with Bicep session?
In this new session, you will learn how to simplify resource governance, ensure compliance, and easily maintain control over your Azure environment.
I have following key topics included in the session: β Basics of Azure Policy and its core components β Creating and managing policy definitions and assignments β Leveraging built-in policies and custom policy creation β Integrating Azure Bicep for efficient resource deployment and governance β Real-world examples and use cases
Call to Action
Don’t miss these sessions during the March month, and as always, you are welcome to provide feedback or ask questions.
In the rapidly evolving world of technology, blockchain stands out as a revolutionary force reshaping industries across the globe. As cloud engineers and architects, understanding how to leverage the cloud for blockchain solutions is crucial for staying ahead in this dynamic landscape.
Last week, we had a session with a Blockchain researcher, DevOps and SRE professional – Samule. Our speaker is an experienced engineer with hands-on skills in operating blockchain nodes within cloud environments. This session is aiming to be a deep dive into the intersection of blockchain and cloud technology, offering valuable insights and practical strategies.
The Power of the Cloud in Blockchain
Blockchain technology, with its decentralized nature, demands robust infrastructure to ensure high availability, scalability, and security. The cloud emerges as a critical enabler, providing the necessary resources to support these requirements. Samuel will share his experiences and knowledge on how cloud platforms can effectively power decentralized systems, making them more resilient and efficient.
Real-World Challenges and Solutions
One of the highlights of Samuel’s session will be his exploration of real-world challenges faced when integrating blockchain with cloud environments. From managing the complexities of decentralization to ensuring seamless scalability, Samuel will discuss practical solutions that bridge the gap between centralization and decentralization. His insights will be invaluable for anyone looking to build and deploy blockchain solutions in the cloud.
Building the Next Generation of Web3 Applications
As we move towards a more decentralized web, often referred to as Web3, the role of cloud technology becomes even more significant. Samuel’s session will provide actionable strategies for cloud engineers and architects to design and implement the next generation of Web3 applications. By leveraging the cloud, we can create more robust, scalable, and secure blockchain solutions that drive innovation and transformation.
Feel free to check the recorded session with Samuel and gain the knowledge and tools needed to excel in the world of blockchain and cloud technology. Whether you’re a seasoned professional or just starting your journey, this session is sure to provide valuable insights and inspire you to push the boundaries of what’s possible with blockchain in the cloud.
Recorded Session
If you are intrigued to watch the entire session, then please visit the following YouTube link below on our Cloud Lunch and Learn channel.
Recently, I have been asked more about Azure VNet and some best practices in building a resilient, secure, and scalable network infrastructure in Microsoft Azure platform.
This is a very huge and important topic and will not be addressed with just one post. However, I will try to address this important topic high level recommendations and guidelines that Microsoft recommends, and I followed in my design sessions with the customers.
Where to get started?
Let’s consider the following comprehensive guide that will help you get started. This is – in no way or shape a completed guidelines and does require improvements over time, based on your custom application, compliance and workload requirements.
1οΈβ£ Design Your Network Architecture β Virtual Networks (VNets): Create VNets to logically isolate your resources. Use subnets to segment the network for better management and security. β Hub-and-Spoke Topology: Implement a hub-and-spoke model to centralize shared services in the hub VNet and connect multiple spoke VNets for isolation and scalability
2οΈβ£ Implement Network Security β Network Security Groups (NSGs): Use NSGs to control inbound and outbound traffic to your resources. Define rules based on IP addresses, ports, and protocols. β Azure Firewall: Deploy Azure Firewall for centralized network security. It provides threat intelligence-based filtering and logging β Azure DDoS Protection: Enable DDoS protection to safeguard against distributed denial-of-service attacks.
3οΈβ£ Optimize Performance and Efficiency β Azure Load Balancer: Use load balancers to distribute traffic across multiple resources, ensuring high availability and reliability. β Azure Application Gateway: Implement Application Gateway for web traffic load balancing, SSL termination, and web application firewall capabilities. β ExpressRoute: Establish private connections between your on-premises networks and Azure for faster and more reliable connectivity
4οΈβ£ Ensure Scalability β Virtual Network Peering: Use VNet peering to connect VNets within the same region or across regions, allowing seamless resource access without performance bottlenecks. β Azure Virtual WAN: Optimize and automate branch-to-branch connectivity with Azure Virtual WAN.
5οΈβ£ Monitor and Manage β Azure Monitor: Use Azure Monitor to track the performance and health of your network resources. Set up alerts for critical events. β Network Watcher: Utilize Network Watcher for network diagnostics and visualization. It helps in troubleshooting and monitoring network performance.
Best Practices?
Followings are the high-level “best practices” that will apply to most use cases:
βοΈ Least Privilege Principle: Apply the principle of least privilege to all network resources. βοΈ Regular Audits: Conduct regular security audits and vulnerability assessments. βοΈ Automation: Use infrastructure as code (such as Bicep or ARM) to automate deployments and ensure consistency.
Reference architecture
Following is a reference architecture from Microsoft learn documentation that aims to address the Mission-critical baseline architecture on Azure – and is focused on maximizing reliability and operational effectiveness.
So, how you could apply Zero Trust (ZT) principles to a virtual network in Azure π infrastructure βοΈ π€
Securing your infrastructure with ZT principles
πΒ Securing Your Infrastructure with Zero Trust PrinciplesΒ π In today’s landscape of sophisticated cyber-attacks and data breaches, ensuring the security of your infrastructure is paramount. Implementing a robust security framework is essential to protect your organization’s assets.
One highly recommended approach is adoptingΒ Zero Trust principles. This framework operates under the mantra of “never trust, always verify,” meaning no user or device is automatically trusted, and all requests are verified before access is granted.
What are the benefits of ZT?
The benefits of Zero Trust are very critical in modern security landscape where your customer workloads are running or planned to be migrated to. Thus, let’s identify them with the following three main characteristics: β Enhanced Security: Multiple layers of verification and authentication protect your infrastructure from potential threats. β Complete Visibility: Monitor and track all access requests and transactions in real time to identify potential threats. β Regulatory Compliance: Ensure adherence to industry regulations like GDPR, HIPAA, and PCI-DSS.
What are the challenges in ZT?
There are always challenges with the new change or framework, especially in established organizations. Thus, expect resistance to the changes and work with the stakeholders of the organization and program to overcome these high-level challenges below:
β Starting Point: It can be overwhelming to secure everything at once. β Access Management: Adopting a least-privilege access approach requires careful management of identity and access policies. β Up-to-date Security: Ensuring all components, from OS to cloud services, are secure and current.
Are there best practices for implementation?
Yes, of course we will share those points with you. Based on a number of feedbacks from reputable organizations. here is the summarized version of expected challenges in your way. 1οΈβ£ Create a Clear Roadmap: Define goals and timelines for implementing Zero Trust principles. 2οΈβ£ Build a Comprehensive Strategy: Regularly assess infrastructure, continuously monitor for threats, and establish rapid incident response processes. 3οΈβ£ Phased Approach: Break down the implementation process into manageable steps, prioritizing critical areas first. 4οΈβ£ Leverage Azure Tools: Utilize Azure Active Directory, Azure Sentinel, and Azure Policy to automate security tasks and gain real-time visibility. 5οΈβ£ Invest in Training: Ensure your team has the necessary skills and knowledge to implement Zero Trust effectively.
Practical application of ZT in Azure VNet
There is a good reference to architectural diagram on Microsoft Learn documentation. You could use the Use the following diagram as a starting point to secure access to the VNet and applications in your Azure environment.
This reference architecture includes two main parts: π₯ Securing traffic within the Azure environment to the application. π₯ Using multifactor authentication and conditional access policies for user access to the application.
[Credit π] Apply Zero Trust principles to a spoke virtual network in Azure at Microsoft Learn docs π https://lnkd.in/ei-rWUhc
Call to action
Please, let me know your feedback and challenges with ZT principals, and specifically the security controls you are applying or planning to apply into your networking environment.
Hello dear #CloudMarathoner family and community members!
I’m thrilled to share that Sessionize.com has recognized me as one of the top 3% most active speakers for 2024 π
This is my second time receiving this honor in the past few years, thanks to 42 international speaking events over the years.
Thank you for support
Huge Thank You to everyone for your incredible support, including our awesome #CloudMarathoner community and Sessionize.com for this recognitionπ
I also want to extend my gratitude to T-Rex Solutions, LLC for their unwavering support in my Microsoft MVP and speaker journey. Your encouragement has been invaluable!
My Sessionize.com presentations
If you never checked it before, then please feel free to check my speaker profile π https://lnkd.in/eUcQ2tWS
You should be able to see my bio, past and upcoming events, and the topics I love discussing in my online and in-person sessions.
Let’s keep pushing the boundaries of cloud engineering and learning together π
I am trilled and honored to share this great news with all of you. As of the beginning of January, I have been notified and recognized as Microsoft Certified Trainer (#MCT) Community Lead for the #USA region for 2025!
What is MCT Community Lead?
This role represents an incredible opportunity to continue empowering our vibrant training and learning community, fostering collaboration, and supporting MCTs in their mission to deliver impactful training experiences.
As your MCT Community Lead (previously known as, MCT Regional Lead), my focus will remain on sharing knowledge, nurturing connections, and elevating the presence of #Microsoft technologies across regions while helping new #MCT colleagues to excel!
Honored to serve you as MCT Community Lead in 2025
I am excited to continue working alongside my high-caliber trainer friends, driving meaningful initiatives, and building on the strong foundation of innovation and mentorship that makes our #community thrive in helping customers with #Microsoft technologies.
If you are into managed Kubernetes services and Infrastructure as a Code implementation on Microsoft Azure, then keep reading.
Session Announcement
Next week. join our tech-savvy workshop with Kasun Rajapakse, an Azure MVP and Docker Captain. In this festive session for the Festive Tech Calendar event, we will unwrap the wonders of Azure Kubernetes Service (also known as AKS) provisioning using the Bicep language and showcase the latest AKS features.
What will be covered?
In this jolly session, we’ll delve into the secrets of deploying AKS clusters with Bicep, turning your cloud infrastructure into a winter wonderland of efficiency and scalability. Whether you’re an experienced elf or a newbie on Santa’s list, this session is perfect for everyone eager to harness the power of Azure Kubernetes Service.
What you need to do before session?
Get ready to sleigh your cloud game with our festive demonstrations of AKS features. Deck the halls with knowledge and cheer as we bring the magic of AKS and Bicep to life!
Call to Action
Please come prepared to our session with your great questions on gears and skills that elves need to learn about. Your help to get them prepared will be appreciated very deeply.
Join elves for a holly jolly tech adventure session with the details below:
