Join your hosts, Anton Chuvakin and Timothy Peacock, as they talk with industry experts about some of the most interesting areas of cloud security. If you like having threat models questioned and a few bad puns, please tune in!
Upon hearing this, many experts suggest that “burn the environment with fire” or “nuke it from orbit” are the only feasible approaches? What is your take on that suggestion?
On the opposite side, what if business demands you don't touch anything but “make it secure” regardless?
Could you walk us through some of the first critical steps you do after “inheriting a cloud” and why they are prioritized in this way?
Why not just say “add MFA everywhere”? What may or will blow up?
We also say “address overly permissive users and roles” and this sounds valuable, but also tricky. How do we go about it?
What are the chances that the environment is in fact compromised already? When is Compromise Assessment the right call, it does cost money, right?
How do you balance your team’s current priorities when you’ve just adopted an insecure cloud environment. How do you make tradeoffs among your existing stack and this new one?
Share your story and how you ended here doing confidential AI at Google?
What problem does confidential compute + AI solve and for what clients?
What are some specific real-world applications or use cases where you see the combination of AI and confidential computing making the most significant impact?
What about AI in confidential vs AI on prem? Should those people just do on-prem AI instead?
Which parts of the AI lifecycle need to be run in Confidential AI: Training? Data curation? Operational workloads?
What are the performance (and thus cost) implications of running AI workloads in a confidential computing environment?
Are there new risks that arise out of confidential AI?
What is the Defender’s Advantage and why did Mandiant decide to put this out there?
This is the second edition. What is different about DA-II?
Why do so few defenders actually realize their Defender’s Advantage?
The book talks about the importance of being "intelligence-led" in cyber defense. Can you elaborate on what this means and how organizations can practically implement this approach?
Detection engineering is presented as a continuous cycle of adaptation. How can organizations ensure their detection capabilities remain effective and avoid fatigue in their SOC?
Many organizations don’t seem to want to make detections at all, what do we tell them?
What is this thing called “Mission Control”- it sounds really cool, can you explain it?
What were you thinking before you took that “Google CISO” job?
Google's infrastructure is vast and complex, yet also modern. How does this influence the design and implementation of your security programs compared to other organizations?
Are there any specific challenges or advantages that arise from operating at such a massive scale?
What has been most surprising about Google’s internal security culture that you wish you could export to the world at large?
What have you learned about scaling teams in the Google context?
How do you design effective metrics for your teams and programs?
So, yes, AI. Every organization is trying to weigh the risks and benefits of generative AI–do you have advice for the world at large based on how we’ve done this here?
We say “identity is the new perimeter,” but I think there’s a lof of nuance to it. Why and how does it matter specifically in cloud and SaaS security?
How do you do IAM right in the cloud?
Help us with the acronym soup - ITDR, CIEM also ISPM (ITSPM?), why are new products needed?
What were the most important challenges you found users were struggling with when it comes to identity management?
What advice do you have for organizations with considerable identity management debt? How should they start paying that down and get to a better place? Also: what is “identity management debt”?
Can you answer this from both a technical and organizational change management perspective?
It’s one thing to monitor how User identities, Service accounts and API keys are used, it’s another to monitor how they’re set up. When you were designing your startup, how did you pick which side of that coin to focus on first?
What’s your advice for other founders thinking about the journey from zero to 1 and the journey from independent to acquisition?
The universe of AI risks is broad and deep. We’ve made a lot of headway with our SAIF framework: can you give us a) a 90 second tour of SAIF and b) share how it’s gotten so much traction and c) talk about where we go next with it?
The Coalition for Secure AI (CoSAI) is a collaborative effort to address AI security challenges. What are Google's specific goals and expectations for CoSAI, and how will its success be measured in the long term?
Something we love about CoSAI is that we involved some unexpected folks, notably Microsoft and OpenAI. How did that come about?
AI is moving quickly. How do we intend to keep up with the pace of change when it comes to emerging threat techniques and actors in the landscape?
What do we expect to see out of CoSAI work and when? What should people be looking forward to and what are you most looking forward to releasing from the group?
We have proposed projects for CoSAI, including developing a defender's framework and addressing software supply chain security for AI systems. How can others use them? In other words, if I am a mid-sized bank CISO, do I care? How do I benefit from it?
An off-the-cuff question, how to do AI governance well?
In your experience, what are the biggest challenges organizations face when migrating to a new SIEM platform? How did you solve them?
Many SIEM projects have problems, but a decent chunk of these problems are not about the tool being broken. How did you decide to migrate? When is it time to go?
Specifically, how to avoid constant change from product to product, each time blaming the tool for what are essentially process failures?
How did you handle detection content during migration? Was AI involved?
How did you test for this: “Which platform will best enable our engineering team to build what we need?”
Tell us more about the Detection as Code pipeline you use?
“Completed SIEM migration in a single week!” Is this for real?