Published on: February 10, 2025 Updated 2 times since publishing
SafetyDetectives recently had the opportunity to interview Jayesh Chauhan, the founder of Cloud Village and Cloudurance Security, to discuss the mission and impact of Cloud Village in the cloud security space. In this insightful conversation, Chauhan shared his journey of creating Cloud Village, the challenges facing cloud security professionals, and how the initiative provides hands-on learning opportunities through events, Capture The Flag (CTF) challenges, and workshops. He also highlighted the importance of keeping up with evolving cloud services and offered practical advice for organizations looking to strengthen their cloud security infrastructure in 2025.
Can you introduce yourself tell us about the mission and core focus of Cloud Village?
My name is Jayesh Chauhan. I am the founder of Cloud Village and another company called Cloudurance Security.
Cloud Village started in 2019 with the vision of creating a learning space focused on all aspects of cloud security. The core idea is that anyone who engages with us—whether at our events, workshops, or online—should take away valuable knowledge in cloud security. This is now our seventh year, and our mission remains the same: to be a hub for everything related to cloud security.
What inspired you to start it?
Back in 2017–2018, I built a tool that handled cloud security posture management (CSPM) before the term even became widely recognized. When I started presenting this open-source tool at various conferences, I had the opportunity to speak at DEF CON in 2018.
At DEF CON, I was introduced to the concept of villages—dedicated spaces for hands-on learning and collaboration. Given the vast number of attendees, it wasn’t feasible for everyone to sit in a single room for talks. Instead, villages provided interactive spaces where people could dive deep into specific topics. When I realized there wasn’t a dedicated Cloud Security Village, I saw an opportunity to fill that gap—and that’s how Cloud Village was born.
What are the biggest challenges in cloud security that Cloud Village aims to address?
The biggest challenge in cloud security is its sheer scale. Cloud technology is massive in terms of available services and the complexity of managing an entire infrastructure.
Cloud services are evolving at a rapid pace, which creates an ongoing challenge: the more functionality available, the more opportunities exist for security vulnerabilities. Cloud providers are constantly rolling out new services, but cloud security expertise is not growing at the same rate. It’s unrealistic to expect security professionals to be subject matter experts on every new cloud service.
Cloud Village helps bridge this gap by fostering an ecosystem where people can learn from top industry professionals. Whether you’re just opening an AWS, Azure, or GCP account or you’re a seasoned expert, our goal is to offer learning opportunities tailored to every level. Through events, workshops, and mentorship, we strive to make cloud security knowledge more accessible.
How do Cloud Village’s activities and events, such as CTFs and workshops, help improve cloud security practices?
The core mission of Cloud Village is to create a learning space, and we achieve this through multiple formats. We participate in events like BSides SF and the RSA Conference, tailoring our activities to different audiences.
For example, at BSides SF, we host Capture The Flag (CTF) challenges designed for various skill levels. We intentionally include easier challenges to make cloud security accessible to beginners, preventing them from feeling overwhelmed.
At RSA, we have dedicated spaces where attendees can engage in periodic 15–20 minute learning sessions while participating in CTFs. We guide participants through beginner-level challenges, helping them get on the scoreboard and build confidence.
At DEF CON, our approach is different. While CTFs remain a central learning tool, we also host talks on the latest cloud security research, tool demonstrations, and hands-on workshops. Some of our sessions have even included first-time releases of open-source tools and zero-day discoveries. Our team constantly brainstorms ways to add new learning opportunities each year.
What recent trends or developments in cloud security should businesses and professionals pay attention to?
Cloud services are expanding at a breakneck pace, making it challenging to keep up with new developments. One of the biggest issues is that security risks scale alongside functionality.
A key trend to watch is the rise of cloud-native security services. Many cloud providers now offer built-in security tools, yet many organizations don’t leverage them effectively. For instance, Identity and Access Management (IAM) Access Analyzer exists within major cloud platforms, yet many security teams are unaware of its capabilities.
Staying ahead requires organizations to adopt a structured learning approach. Security professionals must proactively explore new cloud services, understand how they function, identify potential abuse vectors, and implement necessary security measures. At Cloud Village, we aim to centralize knowledge-sharing, but ultimately, organizations need their own frameworks to stay current.
Can you share an example of a key success story or impact Cloud Village has had in the cloud security space?
Rather than calling them success stories, we like to think of them as moments that validate our work. One of the things we cherish most is the sense of community we’ve built—wherever we go, we are welcomed with open arms.
One example is our GitHub repository, which we developed to enhance the efficiency of CTF challenges with automation. We’ve also had Ph.D. students use our CTF as part of their research, and universities like the University of Maryland have contributed volunteers to our community. Seeing this kind of organic engagement is incredibly rewarding.
To us, the best measure of success is the support and enthusiasm we receive from the security community. It’s about fostering an environment where learning and collaboration thrive.
What advice would you give to organizations looking to strengthen their cloud security infrastructure in 2025?
One key mindset shift is understanding that security is the abuse of functionality. The more services and features you have, the more opportunities exist for security risks. Organizations need to be aware of all the services they use and continuously evaluate their security posture.
Some key recommendations:
- Utilize cloud-native security tools. Many companies invest in third-party security solutions without realizing that cloud providers already offer built-in security services.
- Implement a layered security approach. Security needs to be defined at every level, from identity and access management (IAM) to container security and CI/CD pipeline security.
- Cloud Security Posture Management (CSPM) is essential. If you’re not using a cloud-native CSPM solution, make sure you have an alternative in place.
- Prioritize IAM and access controls. Regularly review access permissions, enforce the principle of least privilege, and automate identity management where possible.
- Kubernetes security is critical. If your organization is moving towards Kubernetes, ensure you have security measures in place for your clusters, container images, and CI/CD pipelines.
- Review and pentest your infrastructure. Security isn’t a one-time task; it requires continuous monitoring and regular penetration testing.
- Foster a security-first culture. Security can’t be enforced top-down—it has to be embedded into the company culture. Custom security solutions may be necessary depending on your product and user base.
Lastly, if hiring a full-time security team isn’t feasible, consider working with an experienced security consultant. Good security inherently ensures compliance, but compliance alone does not guarantee strong security. Organizations should focus on proactive security strategies rather than chasing compliance certifications as an afterthought.