Join your hosts, Anton Chuvakin and Timothy Peacock, as they talk with industry experts about some of the most interesting areas of cloud security. If you like having threat models questioned and a few bad puns, please tune in!
EP43 Automation as Paved Roads in Cloud Enablement
Guests:
Amber Shafi, Product Manager GSK
Svetlin Zamfirov, Senior Platform Engineer at GSK
Ivan Angelov, Principal Platform Engineer at GSK
25;23
Topics covered:
Tell us about your team, what are you responsible for and how is the team setup to make that happen? What components of cloud security do you cover?
Tell us about cloud misconfigurations and why these are different from on- premise misconfiguration?
How are you discovering these misconfigurations?
You've automated responses to misconfiguration. Beyond the obvious upsides of reducing team toil and time to response, what are the other benefits? Are there risk in this approach and how are they handled?
How did this idea to automate come about, and what lessons did you learn along the way?
How have you integrated with the cloud provider security tooling?
Why is there such a huge gap in security professionals who are women and people of color?
How does the lack of women and people of color in tech impact the industry, cybersecurity & tech overall? Are diverse teams better performing, better morale, happier people?
Are there kinds of threats that we miss in threat modeling exercises for lack of diverse team members?
We’ve seen countless examples where AI/ML systems have had problems with laundering biases and having frankly appalling issues due to biased training data. What are security implications here?
Are there organizations helping to close the representation gap in the security workforce and the cloud workforce?
Why do the big tech companies and even the smaller ones have trouble identifying diverse talent? Why is this hard even for people and organizations who clearly want to improve it?
Why do companies have a hard time retaining diverse talent?
When we think about traditional email security, we think anti-spam/phishing. Your company is doing other things, so what are they? In other words, isn’t email security solved with legacy appliance vendors (SEG) and cloud email providers?
What was the combination of technology and security opportunities that really resonated with you and your investors that led to your focus on email security?
Security has almost 2000 vendors and they are noisy, how do you get to clients without screaming too loud? How do you build a better security vendor?
Related to being better vendors, but more broadly, what can we do as an industry to make it easier to buy and get value out of our investments in new security tooling and technology?
How can we build security tooling that requires less of our precious security team’s time?
NEXT Special - Google Cybersecurity Action Team: What's the Story?
Guest:
Phil Venables (@philvenables), Vice President, Chief Information Security Officer (CISO) @ Google Cloud
23:23
Topics covered:
We are here to talk Google Cybersecurity Action Team, and this is your brainchild, so tell our audience the origin of this idea?
How is Cybersecurity Action Team going to help secure GCP enterprise clients?
Is there also a broader “improve the security of the internet” story?
Many organizations seem stuck in the pre-cloud thinking and mental models, can Cybersecurity Action Team help them transform their security? How?
When we sometimes present our security innovations to clients, they say “but we are not Google”, so how does Cybersecurity Action Team help us bring more of Google Cybersecurity to the world?
What else do we plan to do with Cybersecurity Action Team to help customers modernize their security?
How should customers engage with Cybersecurity Action Team?
