Cloud Security Podcast

Join your hosts, Anton Chuvakin and Timothy Peacock, as they talk with industry experts about some of the most interesting areas of cloud security. If you like having threat models questioned and a few bad puns, please tune in!

cloud-security-podcast_high_res.png

Episode list

#45
November 29, 2021

EP45 VirusTotal Insights on Ransomware Business and Technology

Guest:

23:23

Topics covered:

  • Why GandCrab / REvil was the most popular ransomware  family in 2020?
  • What is ransomware as a service?
  • Is every scary article about ransomware essentially marketing for the criminals?
  • Some ransomware payoffs are huge, how do you think they spend the money?
  • How else do they profit off stolen data apart from double extortion schemes? Are there triple extortion schemes?
  • What is the concept of a “trusted brand in ransomware”, is it better for clients because they will return the data?
  • Why did non-Windows ransomware fail as a business?
  • Do we expect 0day exploits  to become more popular in ransomware?
  • Based on this research, what is the key reason for ransomware’s wild success?
Read more
#44
November 22, 2021

EP44 Evolving a SIEM for the Future While Learning from the Past

Guest:

  • Mike Orosz, a Chief Information and Product Security Officer @ Vertiv
23:23

Topics covered:

  • What are your views on modern SIEM?  What should it do and what should it be?
  • Should it even be called SIEM? 
  • Is SaaS/cloud-native SIEM the only way to go?
  • Can anybody build a SIEM in the cloud by installing the regular SIEM on IaaS?
  • What are the top challenges for organizations deploying and operationalizing SIEM today?
  • What are some hidden or commonly forgotten costs for a SIEM deployment?
  • Is open source the answer to SIEM?
  • SIEM today should deliver on detection, hunting and investigation use cases, so what does it mean in terms of practical data retention?
Read more
#43
November 15, 2021

EP43 Automation as Paved Roads in Cloud Enablement

Guests:

  • Amber Shafi, Product Manager GSK
  • Svetlin Zamfirov, Senior Platform Engineer at GSK
  • Ivan Angelov, Principal Platform Engineer at GSK
25;23

Topics covered:

  • Tell us about your team, what are you responsible for and how is the team setup to make that happen? What components of cloud security do you cover?
  • Tell us about cloud misconfigurations and why these are different from on- premise misconfiguration?
  • How are you discovering these misconfigurations? 
  • You've automated responses to misconfiguration. Beyond the obvious upsides of reducing team toil and time to response, what are the other benefits? Are there risk in this approach and how are they handled?
  • How did this idea to automate come about, and what lessons did you learn along the way?
  • How have you integrated with the cloud provider security tooling?
Read more
#42
November 8, 2021

EP42 Missing Diversity Hurts Your Security

Guest:

23:23

Topics covered:

  • Why is there such a huge gap in security professionals who are women and people of color?
  • How does the lack of women and people of color in tech impact the industry, cybersecurity & tech overall? Are diverse teams better performing, better morale, happier people?
  • Are there kinds of threats that we miss in threat modeling exercises for lack of diverse team members?
  • We’ve seen countless examples where AI/ML systems have had problems with laundering biases and having frankly appalling issues due to biased training data. What are security implications here? 
  • Are there organizations helping to close the representation gap in the security workforce and the cloud workforce?
  • Why do the big tech companies and even the smaller ones have trouble identifying diverse talent? Why is this hard even for people and organizations who clearly want to improve it?
  • Why do companies have a hard time retaining diverse talent? 

Resources:

Read more
#41
November 1, 2021

EP41 Beyond Phishing: Email Security Isn't Solved

Guest:

23:23

Topics covered:

  • When we think about traditional email security, we think anti-spam/phishing. Your company is doing other things, so what are they? In other words, isn’t email security solved with legacy appliance vendors (SEG) and cloud email providers? 
  • What was the combination of technology and security opportunities that really resonated with you and your investors that led to your focus on email security?
  • Security has almost 2000 vendors and they are noisy, how do you get to clients without screaming too loud? How do you build a better security vendor?
  • Related to being better vendors, but more broadly, what can we do as an industry to make it easier to buy and get value out of our investments in new security tooling and technology? 
  • How can we build security tooling that requires less of our precious security team’s time?
Read more
#40
October 25, 2021

EP40 2021: Phishing is Solved?

Guests:

  • Elie Bursztein, security, anti-abuse and privacy researcher @ Google
  • Kurt Thomas, security, anti-abuse and privacy researcher @ Google
23:27

Topics covered:

  • Can we say that “Multi-Factor Authentication (MFA) - if done well - fixes phishing for good” or is this too much to promise?
  • What are the realistic and seen-in-the-wild bypasses for MFA as a protection?
  • How do you think these controls fare vs top tier attackers (clearly, they work vs commodity threats)?
  • What do we know about burden vs value of MFA today?
  • What can we realistically do to increase MFA/2FA adoption to the 90%s?
  • Can we share anything about what we’re seeing as industry benchmarks on MFA adoption so far? 
  • We’ve seen a lot of ugly debates over the value of SMS as MFA, what is your research-based take on this?
Read more
#39
October 18, 2021

EP39 From False Positives to Karl Popper: Rationalizing Cloud Threat Detection

Guest:

27:23

Topics covered:

  • What are bad/good/great detections? Is this all about the Bianco's pyramid? Is high good and low bad?
  • How should we judge the quality of detections? Can there be a quality framework? Is that judgment going to be site specific?
  • What should we do to build more good directions? Is this all about reducing false positives?
  • Can we really measure false negatives? How can we approach this?
  • How can we test for detection goodness in the real world? What are the methods that work? It can’t be just about paper ATT&CK coverage, right?
  • What are your top 3 tips for improving the detection practice at an organization?
Read more
#38
October 14, 2021

NEXT Special - 6 Cloud Security PMs (and a Developer Advocate!) Walk into a Studio

Guests:

  • Stephanie Wong,
  • Vicente Diaz, Jerome McFarland
  • Scott Ellis
  • Patrick Faucher
  • Il-Sung Lee, Anoosh Saboori
30:31

Topics covered:

  • What is your session about?
  • Why would audience care?
  • What is special about your security technology?
Read more
#37
October 13, 2021

NEXT Special - Google Cybersecurity Action Team: What's the Story?

Guest:

  • Phil Venables (@philvenables), Vice President, Chief Information Security Officer (CISO) @ Google Cloud
23:23

Topics covered:

  • We are here to talk Google Cybersecurity Action Team, and this is your brainchild, so tell our audience the origin of this idea?
  • How is Cybersecurity Action Team going to help secure GCP enterprise clients?
  • Is there also a broader “improve the security of the internet” story?
  • Many organizations seem stuck in the pre-cloud thinking and mental models, can Cybersecurity Action Team help them transform their security? How?
  • When we sometimes present our security innovations to clients, they say “but we are not Google”, so how does Cybersecurity Action Team help us bring more of Google Cybersecurity to the world?
  • What else do we plan to do with Cybersecurity Action Team to help customers modernize their security?
  • How should customers engage with Cybersecurity Action Team?
Read more
#36
October 12, 2021

NEXT Special - Cloud Security and DEI: Being an Ally!

Guest:

  • Aditi Joshi, Manager in Cloud Security Team @ Google Cloud
23:23

Topics covered:

  • What is Allyship? How is it defined? What is its main goal?
  • Why is allyship important in Cloud Security, specifically? Are there aspects of security that make allyship particularly important?
  • What specifically has Google Cloud Security deployed and operationalized around Allyship?
  • How does effective allyship look like? More personally, how can I be a better ally?
  • How does it fit into Google Cloud Security’s overarching DEI efforts?
Read more