What, exactly, is “the Cloud”? Is it a network of machines connected via the Internet scattered all over the globe? Is it a data center environment located in the United States or anywhere in the world? Is it really just “someone else’s computer”? Or, is there more to it that needs to be understood by the Information Security professional, to arm him or her with enough knowledge to answer the tough question that inevitably will be asked by their employer, “Why should we take the risk to move our most sensitive data into the cloud?” To take it one step further, should in the event of a data breach that same employer should say, “We need to investigate how this happened;” what exactly will the Information Security professional need to know to successfully conduct a digital forensic investigation, especially if he or she doesn’t have direct access to the server or hardware?

After attending this workshop, attendees should have a greater understanding of the following subjects:

*Cloud computing, including the different service models and deployment models

*Differences in Cloud governance laws between the United States and other countries

*Risks involved moving data into the cloud (and how they can be mitigated)

*How to identify the challenges of conducting a cloud-based digital forensics investigation (and how can they be overcome)

*Proper procedures of a cloud-based forensics investigation as defined by laws, regulations, and federal standards

*How to gather evidence from a cloud service provider to conduct a digital forensics investigation

Kerry Hazelton's career in Information Technology has spanned the course of twenty years, and with it he has developed considerable experience with systems and network support, data center operations, and information security. As such, he considers himself a "cybersecurity enthusiast" due to his desire and motivation to read up on the latest trends within the industry, to learn about a new exploit or tool, or his willingness to teach and share with others his experiences over the years. These traits have helped him to continue to thrive in his current position as a Security Engineer for a major healthcare data analytics provider, where he is responsible for managing their cloud security controls, incident response procedures, and security process development. He also has presented technical workshops at prior Security BSides conferences, including Charm, DC, and NoVA.

Kerry has been married to his wife Tracy for over fifteen years, and together they have one son, Benjamin.