Showing 3 episodes for Voices

#167
April 8, 2024

EP167 Stolen Cards and Fake Accounts: Defending Google Cloud Against Abuse

Guest:

  • Maria Riaz, Cloud Counter-Abuse, Engineering Lead, Google Cloud
27:23

Topics covered:

  • What is “counter abuse”? Is this the same as security?
  • What does counter-abuse look like for GCP?
  • What are the popular abuse types we face? 
  • Do people use stolen cards to get accounts to then violate the terms with?
  • How do we deal with this, generally?
  • Beyond core technical skills, what are some of the relevant competencies for working in this space that would appeal to a diverse set of audience?
  • You have worked in academia and industry. What similarities or differences have you observed?
#165
March 25, 2024

EP165 Your Cloud Is Not a Pet - Decoding 'Shifting Left' for Cloud Security

Guest:

  • Ahmad Robinson,  Cloud Security Architect, Google Cloud
25:25

Topics covered:

  • You’ve done a BlackHat webinar where you discuss a Pets vs Cattle mentality when it comes to cloud operations. Can you explain this mentality and how it applies to security?
  • What in your past led you to these insights?  Tell us more about your background and your journey to Google.  How did that background contribute to your team?
  • One term that often comes up on the show and with our customers is 'shifting left.'  Could you explain what 'shifting left' means in the context of cloud security? What’s hard about shift left, and where do orgs get stuck too far right?
  • A lot of “cloud people” talk about IaC and PaC but the terms and the concepts are occasionally confusing to those new to cloud. Can you briefly explain Policy as Code  and its security implications? Does PaC help or hurt security?
#161
February 26, 2024

EP161 Cloud Compliance: A Lawyer - Turned Technologist! - Perspective on Navigating the Cloud

Guest:

27:27

Topics covered:

  • You work with technical folks at the intersection of compliance, security, and cloud. So what do you do, and where do you find the biggest challenges in communicating across those boundaries?
  • How does cloud make compliance easier? Does it ever make compliance harder?
  • What is your best advice to organizations that approach cloud compliance as they did for the 1990s data centers and classic IT?
  • What has been the most surprising compliance challenge you’ve helped teams debug in your time here?
  • You also work on standards development –can you tell us about how you got into that and what’s been surprising in that for you?
  • We often say on this show that an organization’s ability to threat model is only as good as their team’s perspectives are diverse: how has your background shaped your work here?