Showing 9 episodes for Voices
#214
March 10, 2025
EP214 Reconciling the Impossible: Engineering Cloud Systems for Diverging Regulations
Topics covered:
- You are responsible for building systems that need to comply with laws that are often mutually contradictory. It seems technically impossible to do, how do you do this?
- Google is not alone in being a global company with local customers and local requirements. How are we building systems that provide local compliance with global consistency in their use for customers who are similar in scale to us?
- Originally, Google had global systems synchronized around the entire planet–planet scale supercompute–with atomic clocks. How did we get to regionalized approach from there?
- Engineering takes a long time. How do we bring enough agility to product definition and engineering design to give our users robust foundations in our systems that also let us keep up with changing and diverging regulatory goals?
- What are some of the biggest challenges you face working in the trusted cloud space?
- Is there something you would like to share about being a woman leader in technology? How did you overcome the related challenges?
#210
February 10, 2025
EP210 Cloud Security Surprises: Real Stories, Real Lessons, Real "Oh No!" Moments
Guest:
- Or Brokman, Strategic Google Cloud Engineer, Security and Compliance, Google Cloud
Topics covered:
- Can you tell us about one particular cloud consulting engagement that really sticks out in your memory? Maybe a time when you lifted the hood, so to speak, and were absolutely floored by what you found – good or bad!
- In your experience, what's that one thing – that common mistake – that just keeps popping up? That thing that makes you say 'Oh no, not this again!'
- 'Tools over process' mistake is one of the 'oldies.' What do you still think drives people to it, and how to fix it?
- If you could give just one piece of cloud security advice to every company out there, regardless of their size or industry, what would it be?
#192
September 30, 2024
EP192 Confidential + AI: Can AI Keep a Secret?
Guest:
- Nelly Porter, Director of PM, Cloud Security at Google Cloud
Topics covered:
- Share your story and how you ended here doing confidential AI at Google?
- What problem does confidential compute + AI solve and for what clients?
- What are some specific real-world applications or use cases where you see the combination of AI and confidential computing making the most significant impact?
- What about AI in confidential vs AI on prem? Should those people just do on-prem AI instead?
- Which parts of the AI lifecycle need to be run in Confidential AI: Training? Data curation? Operational workloads?
- What are the performance (and thus cost) implications of running AI workloads in a confidential computing environment?
- Are there new risks that arise out of confidential AI?
#183
July 29, 2024
EP183 Cloud Security Journeys: Improve, Evolve, Transform with Cloud Customers
Topics covered:
- Security transformation is hard, do you have any secret tricks or methods that actually make it happen?
- Can you share a story about a time when you helped a customer transform their cloud security posture? Not just improve, but actually transform!
- What is your process for understanding their needs and developing a security solution that is tailored to them? What to do if a customer does not want to share what is necessary or does not know themselves?
- What are some of the most common security mistakes that you see organizations make when they move to the cloud?
- What about the customers who insist on practicing in the cloud the same way they did on-premise? What do you tell the organizations that insist that “cloud is just somebody else’s computer” and they insist on doing security the old-fashioned way?
- What advice would you give to organizations that are just starting out on their cloud security journey?
- What are the first three cloud security steps you recommend that work for a cloud environment they inherited?
#178
June 24, 2024
EP178 Meet Brandon Wood: The Human Side of Threat Intelligence: From Bad IP to Trafficking Busts
Topics covered:
- Threat intelligence is one of those terms that means different things to everyone–can you tell us what this term has meant in the different contexts of your career? What do you tell people who assume that “TI = lists of bad IPs”?
- We heard while prepping for this show that you were involved in breaking up a human trafficking ring: tell us about that!
- In Anton’s experience, a lot of cyber TI is stuck in “1. Get more TI 2. ??? 3. Profit!” How do you move past that?
- One aspect of threat intelligence that’s always struck me as goofy is the idea that we can “monitor the dark web” and provide something useful. Can you change my mind on this one?
- You told us your story of getting into sales, you recently did a successful rotation into the role of Product Manager,, can you tell us about what motivated you to do this and what the experience was like?
- Are there other parts of your background that inform the work you’re doing and how you see yourself at Google?
- How does that impact our go to market for threat intelligence, and what’re we up to when it comes to keeping the Internet and broader world safe?
#175
June 3, 2024
EP175 Meet Crystal Lister: From Public Sector to Google Cloud Security and Threat Horizons
Topics covered:
- Your background can be sheepishly called “public sector”, what’s your experience been transitioning from public to private? How did you end up here doing what you are doing?
- We imagine you learned a lot from what you just described – how’s that impacted your work at Google?
- How have you seen risk management practices and outcomes differ?
- You now lead Google Threat Horizons reports, do you have a vision for this? How does your past work inform it?
- Given the prevalence of ransomware attacks, many organizations are focused on external threats. In your experience, does the risk of insider threats still hold significant weight? What type of company needs a dedicated and separate insider threat program?
#167
April 8, 2024
EP167 Stolen Cards and Fake Accounts: Defending Google Cloud Against Abuse
Guest:
- Maria Riaz, Cloud Counter-Abuse, Engineering Lead, Google Cloud
Topics covered:
- What is “counter abuse”? Is this the same as security?
- What does counter-abuse look like for GCP?
- What are the popular abuse types we face?
- Do people use stolen cards to get accounts to then violate the terms with?
- How do we deal with this, generally?
- Beyond core technical skills, what are some of the relevant competencies for working in this space that would appeal to a diverse set of audience?
- You have worked in academia and industry. What similarities or differences have you observed?
#165
March 25, 2024
EP165 Your Cloud Is Not a Pet - Decoding 'Shifting Left' for Cloud Security
Guest:
- Ahmad Robinson, Cloud Security Architect, Google Cloud
Topics covered:
- You’ve done a BlackHat webinar where you discuss a Pets vs Cattle mentality when it comes to cloud operations. Can you explain this mentality and how it applies to security?
- What in your past led you to these insights? Tell us more about your background and your journey to Google. How did that background contribute to your team?
- One term that often comes up on the show and with our customers is 'shifting left.' Could you explain what 'shifting left' means in the context of cloud security? What’s hard about shift left, and where do orgs get stuck too far right?
- A lot of “cloud people” talk about IaC and PaC but the terms and the concepts are occasionally confusing to those new to cloud. Can you briefly explain Policy as Code and its security implications? Does PaC help or hurt security?
#161
February 26, 2024
EP161 Cloud Compliance: A Lawyer - Turned Technologist! - Perspective on Navigating the Cloud
Topics covered:
- You work with technical folks at the intersection of compliance, security, and cloud. So what do you do, and where do you find the biggest challenges in communicating across those boundaries?
- How does cloud make compliance easier? Does it ever make compliance harder?
- What is your best advice to organizations that approach cloud compliance as they did for the 1990s data centers and classic IT?
- What has been the most surprising compliance challenge you’ve helped teams debug in your time here?
- You also work on standards development –can you tell us about how you got into that and what’s been surprising in that for you?
- We often say on this show that an organization’s ability to threat model is only as good as their team’s perspectives are diverse: how has your background shaped your work here?
