Cloud Security Podcast

Join your hosts, Anton Chuvakin and Timothy Peacock, as they talk with industry experts about some of the most interesting areas of cloud security. If you like having threat models questioned and a few bad puns, please tune in!

cloud-security-podcast_high_res.png

Episode list

#10
April 19, 2021

SIEM Modernization? Is That a Thing?

Guest:

Eric Foster, President at CYDERES, a Fishtech Group company

24:41

Topics covered:

  • How do you define “modern” SIEM?
  • Does modern SIEM always imply SaaS SIEM? Is there a future for on-premises SIEM?
  • What are your top 3 root causes for SIEM deployment failure today?
  • Modern or not, does SIEM have a future? Can XDR or some other technology drive it off the rails?
  • What features or inputs should SIEM have to detect modern threats such as those to cloud environments but also others?
  • What’s different about threat detection in Cloud?
  • What is your view of the current frenzy about “AI”/ML for security?
#9
April 12, 2021

Building a Third Party Platform for Cloud Security

Guest:

Avi Shua, CEO and Co-founder @ Orca Security

27:53

Topics covered:

  • Where do you spend more efforts, on detection of pre-fail issues (like configuration errors) or post-fail issues (like incidents)?
  • How do you prioritize the preventative and detective controls in your platform?
  • When talking to CISOs, how do you explain that cloud threat detection is different from the on-premise type?
  • In your opinion, are agents dead in the cloud?
  • Do you think your customers care more about cloud-specific threats or traditional threats against cloud assets?
  • How do you think about the tradeoff for security teams between using cloud native controls vs a 3rd party vendor like, say, you?
#8
April 1, 2021

Zero Trust: Fast Forward from 2010 to 2021

Guest:

John Kindervag, who is widely considered to be the creator of zero trust model in 2010 (currently works at ON2IT)

28:10

Topics covered:

  • Which malware is scarier, state-sponsored or criminal?
  • How do we approach cybercrime mitigation at Google?
  • How do we actually track malware? Don’t we need “attribution” for it?
  • What are the most useful telemetry sources for study in modern malware?
  • Does ransomware have a bright future?
  • Where do you see threat actors making the biggest investments?
#7
March 24, 2021

No One Expects the Malware Inquisition

Guest:

Brandon Levene, Malware Inquisitor @ Google Cloud

25:09

Topics covered:

  • Which malware is scarier, state-sponsored or criminal?
  • How do we approach cybercrime mitigation at Google?
  • How do we actually track malware? Don’t we need “attribution” for it?
  • What are the most useful telemetry sources for study in modern malware?
  • Does ransomware have a bright future?
  • Where do you see threat actors making the biggest investments?

Resources:

"Crimeware In The Modern Era" paper by Brandon Levene

#6
March 17, 2021

Cloud Security Talks Summarized: A Recap Episode

Guest:

no guests, just Tim and Anton 

22:38
#5
March 17, 2021

Preparing for Cloud Migrations from a CISO Perspective, Part 1

Guests:

  • Phil Venables (@philvenables), Vice President, Chief Information Security Officer (CISO) @ Google Cloud
  • Nick Godfrey, Director, Financial Services Security & Compliance and a member of Office of the CISO @ Google Cloud
20:07

Topics covered:

  • Why do you think so many CISOs of traditional organizations fear cloud migrations?
  • What is your best advice to a CISO who wants to migrate to the cloud using the on-premise playbook, or lift and shift? 
  • What are the real tradeoffs in this decision such as using familiar tools/practices vs cloud benefits/effectiveness? 
  • What would you recommend reading for a CISO managing their first cloud migration?
#4
February 24, 2021

Gathering Data for Zero Trust

Guest:

Max Saltonstall (@maxsaltonstall), Developer Advocate @ Google Cloud

24:01

Topics covered:

  • What should be trusted for a zero trust system to work?
  • What is the first thing you need to do to have a zero trust access project succeed?
  • What data needs to be collected for zero trust system operation?
#3
February 11, 2021

Automate and/or Die?

Guest:

Joe Crawford, formerly in charge of cloud-native security at a large bank

17:37

Topics covered:

  • Can we automatically remediate vulnerabilities and threats in the cloud?
  • Did you require humans to be in the loop for your automation? Is that still automation if we do?
  • Does security fear of automation have a place in the cloud?
#2
February 11, 2021

Data Security in the Cloud

Guest:

Andrew Lance, Sidechain

19:58

Topics covered:

  • What is special about data security in the cloud?
  • How data security plays in the shift from perimeter and network security to identity-based security?
  • Can I use detective data security controls and turn them into preventative controls?
#1
February 11, 2021

Confidentially Speaking

Guest:

Nelly Porter, Group Product Manager @ Google.

21:06

Topics covered:

  • What risks are mitigated by confidential computing?
  • What types of organizations must adopt confidential computing?
  • How and where the data is encrypted?