Join your hosts, Anton Chuvakin and Timothy Peacock, as they talk with industry experts about some of the most interesting areas of cloud security. If you like having threat models questioned and a few bad puns, please tune in!
Before we dive into all of the awesome cloud migrations you’ve experienced and your learnings there, could we start with a topic of East vs West CISO mentality?
We are talking to more and more CISOs who see the cloud as a net win for security. What’s your take on whether the cloud improves security?
We talked about doing some “big” cloud migrations, could you talk about what you learned back in 2015 about the “right” way to do a cloud migration and how you’ve applied those lessons since?
How are you approaching securing clouds differently in 2023 (vs the dark past of 2015)?
What advice would you give your peers to get out of the “saying no” mentality and into a better collaborative mode?
On the topic of giving advice to people who haven’t asked for it, what advice would you give to teams who are stuck in 1990s thinking when it comes to lift and shifting their security technology stack to cloud?
EP139 What is Chronicle? Beyond XDR and into the Next Generation of Security Operations
Chris Corde, Sr Director of Product Management - Security Operations, Google Cloud
You cover many products, but let’s focus on Chronicle today. An easy question: Chronicle isn’t an XDR, so what is it?
Since you’ve joined the team, what’re you most proud of shipping to clients?
Could you share more about the Mandiant acquisition, what’s been a happy surprise and what are you looking forward to making available to customers?
Some believe that good security operations success is mostly about process, yet we are also building these amazing products. What is your view of how much security ops success hinges on products vs practices?
When it comes to building out Chronicle’s position in the market, how are we leveraging the depth of expertise that people have with other SIEM tools compared to ours?
What advice do you have for security professionals who want to transition into product management?
“Chapter 5. Operating and Observing” is Anton’s favorite. One thing that mystifies me, however, is that you outline how to fail with alerts (send too many), but it is not entirely clear how to practically succeed with them? How does chaos engineering help security alerting / detection?
How chaos engineering (or is it really about software resilience?) intersects with Cloud security--is this peanut butter and chocolate or more like peanut butter and pickles?
How can organizations get started with chaos engineering for software resilience and security?
What is your favorite chaos engineering experiment that you have ever done?
We often talk about using the SRE lessons for security, and yet many organizations do security the 1990s way. Are there ways to use chaos engineering as a forcing function to break people out of their 1990s thinking and time warp them to 2023