Join your hosts, Anton Chuvakin and Timothy Peacock, as they talk with industry experts about some of the most interesting areas of cloud security. If you like having threat models questioned and a few bad puns, please tune in!
What are the different use cases for GenAI in security operations and how can organizations prioritize them for maximum impact to their organization?
We’ve heard a lot of worries from people that GenAI will replace junior team members–how do you see GenAI enabling more people to be part of the security mission?
What are the challenges and risks associated with using GenAI in security operations?
We’ve been down the road of automation for SOCs before–UEBA and SOAR both claimed it–and AI looks a lot like those but with way more matrix math-what are we going to get right this time that we didn’t quite live up to last time(s) around?
Imagine a SOC or a D&R team of 2029. What AI-based magic is routine at this time? What new things are done by AI? What do humans do?
Resources:
Live video (LinkedIn, YouTube) [live audio is not great in these]
Today we have IAM, zero trust and security made easy. With that intro, could you give us the 30 second version of what a workload identity is and why people need them?
What are the challenges you’re seeing large organizations run into when adopting this approach at scale?
Of all the things a CISO could prioritize, why should this one get added to the list? What makes this, which is so core to our internal security model–ripe for the outside world?
How people do it now, what gets thrown away when you deploy SPIFFE? Are there alternative?
SPIFFE is interesting, yet can a startup really “solve for the bottom turtle”?
What in your past led you to these insights? Tell us more about your background and your journey to Google. How did that background contribute to your team?
One term that often comes up on the show and with our customers is 'shifting left.' Could you explain what 'shifting left' means in the context of cloud security? What’s hard about shift left, and where do orgs get stuck too far right?
A lot of “cloud people” talk about IaC and PaC but the terms and the concepts are occasionally confusing to those new to cloud. Can you briefly explain Policy as Code and its security implications? Does PaC help or hurt security?
Since one of us (!) doesn't have a PhD in quantum mechanics, could you explain what a quantum computer is and how do we know they are on a credible path towards being real threats to cryptography? How soon do we need to worry about this one?
We’ve heard that quantum computers are more of a threat to asymmetric/public key crypto than symmetric crypto. First off, why? And second, what does this difference mean for defenders?
Why (how) are we sure this is coming? Are we mitigating a threat that is perennially 10 years ahead and then vanishes due to some other broad technology change?
What is a post-quantum algorithm anyway? If we’re baking new key exchange crypto into our systems, how confident are we that we are going to be resistant to both quantum and traditional cryptanalysis?
Why does NIST think it's time to be doing the PQC thing now? Where is the rest of the industry on this evolution?
How can a person tell the difference here between reality and snakeoil? I think Anton and I both responded to your initial email with a heavy dose of skepticism, and probably more skepticism than it deserved, so you get the rare on-air apology from both of us!