Cloud Security Podcast

Join your hosts, Anton Chuvakin and Timothy Peacock, as they talk with industry experts about some of the most interesting areas of cloud security. If you like having threat models questioned and a few bad puns, please tune in!

cloud-security-podcast_high_res.png

Episode list

#31
September 13, 2021

EP31 Cloud Certifications, and Cloud Security with TheCertsGuy

Guest:

  • Iman Ghanizada,   Solutions Manager for Security Operations & Analytics @ Google Cloud
23:23

Topics covered:

  • What is your book “Google Cloud Certified Professional Cloud Architect All-in-One Exam Guide” about? 
  • What was your journey into writing this book, how long did it take?
  • The book seems to be targeted towards Cloud Architects, but you come from a predominantly security background, how has that influenced your writing of this book?
  • What does this have to do with The Certs Guy (14 certs!?)  and what's his mission?
  • What’s the intersectional thinking on certificates and making our industry more accessible and inclusive? Do certs help or hurt this?
  • So what’s your advice on certs for various career stages?
  • What are some of the biggest architectural challenges you’ve seen in the field of Cloud Security?
Read more
#30
September 7, 2021

EP30 Malware Hunting with VirusTotal

Guest:

  • Vicente Diaz,  Threat Intelligence Strategist @ VirusTotal
25:25

Topics covered:

  • How would you describe modern threat hunting process?
  • Share some of the more interesting examples of attacker activities or artifacts you've seen?
  • Do we even hunt for malware? What gets you more concerned, malware or human attackers?
  • How do you handle the risk of attackers knowing how you perform hunting?
  • What is the role of threat research role for hunting? Do you need research to hunt well?
  • Does threat research power attribution?
  • How do you tell a good YARA rule from a bad one, and a great one?
  • What’s the evolutionary journey for a YARA rule?
  • What is your view on the future of hunting?
Read more
#29
August 30, 2021

Future of EDR: Is It Reason-able to Suggest XDR?

Guest:

  • Sam Curry,  Chief Security Officer @ Cybereason and Visiting Fellow @ National Security Institute
29:11

Topics covered:

  • EDR was “invented” in 2013 and we are now in 2021. What do you consider to be modern EDR components and capabilities?
  • Where has EDR fallen short on its initial hype?
  • How focused are the attackers on bypassing EDR?
  • How do you think EDR works in the cloud?
  • In your view, how would future EDR work for containers, microservices, etc?
  • Why aren’t we winning the war against ransomware?
  • XDR is an interesting concept, so how do you define XDR? Is XDR just EDR++ or is XDR SIEM 4.0?
Read more
#28
August 23, 2021

Tales from the Trenches: Using AI for Gmail Security

Guest:

  • Andy Wen, Product Lead for Abuse & Security @ Google Cloud
25:21

Topics covered:

  • What are you doing with AI for security?
  • What kinds of security problems are addressable with AI, and which ones are harder to address with ML techniques?
  • Tell us where you’ve been surprised by AI’s success?
  • Do you expect a) AI use by adversaries and b) attacks focused on disrupting the AI use by defenders?
  • What advice would you give a PM or technical lead starting out on thinking they want to use AI to solve a problem?
Read more
#27
August 16, 2021

The Mysteries of Detection Engineering: Revealed!

Guest:

28:29

Topics covered:

  • What is Detection Engineering? How it differs from just building rules/analytics?
  • How to convert threat intelligence into detections? 
  • How to tell good detections from bad? And perhaps also good from great?
  • How to test detections in the real world?
  • Anything special about building detections for cloud environments?
  • What do you think is the role of “rule-less” (such as ML) detections? Is “ML unicorn cavalry” coming?
Read more
#26
August 9, 2021

SOC in a Large, Complex and Evolving Organization

Guest:

Johnathan Keith, Director of Information Security (CISO) @ ViacomCBS Streaming / Digital (at the time of the recording)

23:27

Topics covered:

  • What is the mission for your SOC? Has it evolved in recent years?
  • How do you rate your state of maturity in security operations?
  • I hear that your organization is complex and decentralized, how do you run a SOC in such a case?
  • How do you approach the balance of people, process and technology in your SOC?
  • What is the role of outsourcing in your SOC?
  • Is cloud included in your SOC mission scope?
  • What are the immediate things you plan to improve?

Resources:

Read more
#25
August 2, 2021

Beyond Compliance: Cloud Security in Europe

Guest:

  • John Stone, Chaos Coordinator at the Office of the CISO @ Google Cloud
27:15

Topics covered:

  • What are the top European-specific cloud migration security challenges?
  • Are there interesting cloud adoption barriers related to security in Europe?
  • Are some of these challenges more compliance than security related?
  • Do you think compliance still drives security in the cloud for European companies?
  • Do you think Europe can ever "make their own cloud"?
  • So, what do you make of this entire movement about “data sovereignty”?
Read more
#24
July 26, 2021

Linking Up The Pieces: Software Supply Chain Security at Google and Beyond

Guests:

  • Eric Brewer, VP of Infrastructure, and Google Fellow @ Google
  • Aparna Sinha, Director of Product Management @ Google Cloud
23:23

Topics covered:

  • What is software supply chain security and how is it different from other kinds of supply chain security?
  • What types of organizations need to care about it? Is supply chain security a concern for large, elite enterprises only?
  • What’s the relationship between what we’re doing here, and what SBOM is?
  • Can you talk us through a quick threat assessment of a supply chain security issue? What are the realistic threats here and who are the threat actors involved?
  • How does Google try to solve these problems internally? Have we succeeded?
  • How does this translate into our products? By the way, what’s SLSA?
Read more
#23
July 19, 2021

Threat Detection at Google Cloud Security Summit

Guest:

No guests. Just us.

23:23

Topics covered:

  • What would you say are the most things that Chronicle is trying to address today?
  • What are the good ways to use threat intel to detect threats that do not ruin your SOC?
  • What does “autonomic” security mean, anyway? Is this a fancy way of saying “automatic” or something more?
  • For sure, “the Cloud is not JUST someone else’s computer“ - but how does this apply to threat detection?
  • What makes threat detection “cloud-native”?
  • What kinds of ML magic does your mini UEBA inside SCC use?
  • Can you really do automated remediation in the cloud?
Read more
#22
July 12, 2021

Securing Multi-Cloud from a CISO Perspective, Part 3

Guests:

  • Phil Venables (@philvenables), Vice President, Chief Information Security Officer (CISO) @ Google Cloud 
  • Dave Hannigan, Director, Financial Services Security & Compliance @ Google Cloud 
25:11

Topics covered:

  • As a CISO, would you ever decide to use multiple clouds, if it were in your hands? 
  • How is security typically considered when companies go multi-cloud in their approach?
  • Practically, or operationally, how does one think through securing multiple public cloud environments?
  • What are the top challenges here? Different controls? Lack of tools? Confusing process? Skills on the team?
  • Would you always buy security tools from a 3rd party (not a CSP) if you have to cover more than one cloud provider?
  • Anything to add about compliance across multiple clouds?
  • What is the best approach for securing multiple SaaS services that your company uses?
Read more