Cloud Security Podcast

Join your hosts, Anton Chuvakin and Timothy Peacock, as they talk with industry experts about some of the most interesting areas of cloud security. If you like having threat models questioned and a few bad puns, please tune in!

cloud-security-podcast_high_res.png

Episode list

#193
October 7, 2024

EP193 Inherited a Cloud? Now What? How Do I Secure It?

Guests:

29:29

Topics covered:

  • There is a common scenario where security teams are brought in after a cloud environment is already established. From your experience, how does this late involvement typically impact the organization's security posture and what are the immediate risks they face?
  • Upon hearing this, many experts suggest that “burn the environment with fire” or “nuke it from orbit” are the only feasible approaches? What is your take on that suggestion?
  • On the opposite side, what if business demands you don't  touch anything but “make it secure” regardless?
  • Could you walk us through some of the first critical steps you do after “inheriting a cloud” and why they are prioritized in this way?
  • Why not just say “add MFA everywhere”? What may or will blow up?
  • We also say “address overly permissive users and roles” and this sounds valuable, but also tricky. How do we go about it?
  • What are the chances that the environment is in fact compromised already? When is Compromise Assessment the right call, it does cost money, right?
  • How do you balance your team’s current priorities when you’ve just adopted an insecure cloud environment. How do you make tradeoffs among your existing stack and this new one?
#192
September 30, 2024

EP192 Confidential + AI: Can AI Keep a Secret?

Guest:

  • Nelly Porter, Director of PM, Cloud Security at Google Cloud

Topics:

Voices
29:29

Topics covered:

  • Share your story and how you ended here doing confidential AI at Google?
  • What problem does confidential compute + AI solve and for what clients?
  • What are some specific real-world applications or use cases where you see the combination of AI and confidential computing making the most significant impact?
  • What about AI in confidential vs AI on prem? Should those people just do on-prem AI instead?
  • Which parts of the AI lifecycle need to be run in Confidential AI: Training? Data curation? Operational workloads?
  • What are the performance (and thus cost) implications of running AI workloads in a confidential computing environment?
  • Are there new risks that arise out of confidential AI?
#191
September 23, 2024

EP191 Why Aren't More Defenders Winning? Defender’s Advantage and How to Gain it!

Guest:

29:29

Topics covered:

  • What is the Defender’s Advantage and why did Mandiant decide to put this out there?
  • This is the second edition. What is different about DA-II?
  • Why do so few defenders actually realize their Defender’s Advantage? 
  • The book talks about the importance of being "intelligence-led" in cyber defense. Can you elaborate on what this means and how organizations can practically implement this approach?
  • Detection engineering is presented as a continuous cycle of adaptation. How can organizations ensure their detection capabilities remain effective and avoid fatigue in their SOC?  
  • Many organizations don’t seem to want to make detections at all, what do we tell them?
  • What is this thing called “Mission Control”- it sounds really cool, can you explain it?
#190
September 16, 2024

EP190 Unraveling the Security Data Fabric: Need, Benefits, and Futures

Guest:

Topics:

SIEM and SOC
29:29

Topics covered:

  • What is this “security data fabric”?  Can you explain the technology? Is there a market for this? Is this same as security data pipelines?
  • Why is this really needed? Won’t your SIEM vendor do it?
  • Who should adopt it? Or, as Tim says, what gets better once you deploy it?
  • Is reducing cost a big part of the security data fabric story?
  • Does the data quality improve with the use of security data fabric tooling?
  • For organizations considering a security data fabric solution, what key factors should they prioritize in their evaluation and selection process?
  • What is the connection between this and federated security data search?
  • What is the likely future for this technology?
#189
September 9, 2024

EP189 How Google Does Security Programs at Scale: CISO Insights

Guest:

29:29

Topics covered:

  • What were you thinking before you took that “Google CISO” job?
  • Google's infrastructure is vast and complex, yet also modern. How does this influence the design and implementation of your security programs compared to other organizations?
  • Are there any specific challenges or advantages that arise from operating at such a massive scale?
  • What has been most surprising about Google’s internal security culture that you wish you could export to the world at large? 
  • What have you learned about scaling teams in the Google context?
  • How do you design effective metrics for your teams and programs?
  • So, yes, AI. Every organization is trying to weigh the risks and benefits of generative AI–do you have advice for the world at large based on how we’ve done this here?
#188
September 2, 2024

EP188 Beyond the Buzzwords: Identity's True Role in Cloud and SaaS Security

Guest:

  • Dor Fledel, Founder and CEO of Spera Security, now Sr Director of Product Management at Okta
29:29

Topics covered:

  • We say “identity is the new perimeter,” but I think there’s a lof of nuance to it. Why and how does it matter specifically in cloud and SaaS security?
  • How do you do IAM right in the cloud?
  • Help us with the acronym soup - ITDR, CIEM also ISPM (ITSPM?), why are new products needed?
  • What were the most important challenges you found users were struggling with when it comes to identity management?
  • What advice do you have for organizations with considerable identity management debt? How should they start paying that down and get to a better place? Also: what is “identity management debt”?
  • Can you answer this from both a technical and organizational change management perspective?
  • It’s one thing to monitor how User identities, Service accounts and API keys are used, it’s another to monitor how they’re set up. When you were designing your startup, how did you pick which side of that coin to focus on first?
  • What’s your advice for other founders thinking about the journey from zero to 1 and the journey from independent to acquisition?
#187
August 26, 2024

EP187 Conquering SOC Challenges: Leadership, Burnout, and the SIEM Evolution

Guest:

  • Nicole Beckwith, Sr. Security Engineering Manager, Threat Operations @ Kroger

Topics:

SIEM and SOC
29:29

Topics covered:

  • What are the most important qualities of a successful SOC leader today?
  • What is your approach to building and maintaining a high-functioning SOC team?
  • How do you approach burnout in a SOC team?
  • What are some of the biggest challenges facing SOC teams today?
  • Can you share some specific examples of how you have built and - probably more importantly! - maintained a high-functioning SOC team?
  • What are your thoughts on the current state of SIEM technology? Still a core of SOC or not?
  • What advice would you give to someone who inherited a SOC? What should his/her 7/30/90 day plan include?
#186
August 19, 2024

EP186 Cloud Security Tools: Trust the Cloud Provider or Go Third-Party? An Epic Debate, Anton vs Tim

Guest:

  • A debate between Tim and Anton, no guests
29:29

Topics covered:

  • You must buy the majority of cloud security tools from a cloud provider, here is why.
  • You must buy the majority of cloud security tools from a 3rd party security vendor, here is why.
#185
August 12, 2024

EP185 SAIF-powered Collaboration to Secure AI: CoSAI and Why It Matters to You

Guest:

29:29

Topics covered:

  • The universe of AI risks is broad and deep. We’ve made a lot of headway with our SAIF framework: can you give us a) a 90 second tour of SAIF and b) share how it’s gotten so much traction and c) talk about where we go next with it?
  • The Coalition for Secure AI (CoSAI) is a collaborative effort to address AI security challenges. What are Google's specific goals and expectations for CoSAI, and how will its success be measured in the long term?
  • Something we love about CoSAI is that we involved some unexpected folks, notably Microsoft and OpenAI. How did that come about?
  • How do we plan to work with existing organizations, such as Frontier Model Forum (FMF) and Open Source Security Foundation (OpenSSF)? Does this also complement emerging AI security standards?
  • AI is moving quickly. How do we intend to keep up with the pace of change when it comes to emerging threat techniques and actors in the landscape?
  • What do we expect to see out of CoSAI work and when? What should people be looking forward to and what are you most looking forward to releasing from the group?
  • We have proposed projects for CoSAI, including developing a defender's framework and addressing software supply chain security for AI systems. How can others use them?  In other words, if I am a mid-sized bank CISO, do I care? How do I benefit from it?
  • An off-the-cuff question, how to do AI governance well?
#184
August 5, 2024

EP184 One Week SIEM Migration: Fact or Fiction?

Guest:

Topics:

SIEM and SOC
27:27

Topics covered:

  • In your experience, what are the biggest challenges organizations face when migrating to a new SIEM platform? How did you solve them?
  • Many SIEM projects have problems, but a decent chunk of these problems are not about the tool being broken. How did you decide to migrate? When is it time to go? 
  • Specifically, how to avoid constant change from product to product, each time blaming the tool for what are essentially process failures?
  • How did you handle detection content during migration? Was AI involved?
  • How did you test for this: “Which platform will best enable our engineering team to build what we need?”
  • Tell us more about the Detection as Code pipeline you use?
  • “Completed SIEM migration in a single week!” Is this for real?