196 episodes

Learn Cloud Security in Public Cloud the unbiased way from CyberSecurity Experts solving challenges at Cloud Scale. We can be honest because we are not owned by Cloud Service Provider like AWS, Azure or Google Cloud.

We aim to make the community learn Cloud Security through community stories from small - Large organisations solving multi-cloud challenges to diving into specific topics of Cloud Security.

We LIVE STREAM interviews on Cloud Security Topics every weekend on Linkedin, YouTube, Facebook and Twitter with over 150 people watching and asking questions and interacting with the Guest.

Cloud Security Podcast Cloud Security Podcast Team

    • Technology
    • 4.8 • 21 Ratings

Learn Cloud Security in Public Cloud the unbiased way from CyberSecurity Experts solving challenges at Cloud Scale. We can be honest because we are not owned by Cloud Service Provider like AWS, Azure or Google Cloud.

We aim to make the community learn Cloud Security through community stories from small - Large organisations solving multi-cloud challenges to diving into specific topics of Cloud Security.

We LIVE STREAM interviews on Cloud Security Topics every weekend on Linkedin, YouTube, Facebook and Twitter with over 150 people watching and asking questions and interacting with the Guest.

    HOW TO BUILD A CLOUD SECURITY PROGRAM WITH CONTAINERS

    HOW TO BUILD A CLOUD SECURITY PROGRAM WITH CONTAINERS

    Cloud Security Podcast -  This month we are talking about "Building on the AWS Cloud" and next up on this series, we spoke to Mrunal Shah (Mrunal's Linkedin), Head of Container Security at Warner Bros. Discovery. We talk about how to build a Container or K8s security program while best practices are maintained and team have the right capability and tools. 4 Cs - Cloud, Container & Cluster, Code can be foundational to this

    Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

    Host Twitter: Ashish Rajan (@hashishrajan)

    Guest Twitter:  Mrunal Shah (Mrunal's Linkedin)

    Podcast Twitter - @CloudSecPod @CloudSecureNews

    If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

    - Cloud Security News 

    - Cloud Security Academy

    Spotify TimeStamp for Interview Questions

    (00:00) Intro 

    (02:01) https://snyk.io/csp 

    (02:30) Mrunal's Professional Background 

    (03:04) Why containers are popular (technical reasons) 

    (04:05) Why containers are popular (leadership reasons) 

    (05:39) Challenges with running a Container Security Program (Leadership) 

    (06:34) Team skill challenge in a Container Security Program 

    (08:57) When to pick AWS ECS vs AWS EKS? 

    (10:53) ECS or EKS for building Banking Applications? 

    (13:12) Would Kubernetes/ Containers be preferred for security reasons? 

    (15:04) What would Amazon's responsibility be for security with ECS/EKS? 

    (16:13) What is bad about working with Containers in AWS? 

    (19:40) Is there a need for anti-virus in a container world? 

    (20:36) Balance of security when working with containers? 

    (22:08) Threat Detection and Prevention in a Container Security Program 

    (22:57) Using AWS Services for Threat Detection with Containers? 

    (25:14) Runtime Threat Discovery vs Agentless Threat Discovery for containers in Cloud? 

    (29:11) Prevention on the left vs Detection on the right of SDLC 

    (29:22) Cluster Misconfig vs Service Misconfigurations? 

    (30:19) Vulnerability Management vs Misconfiguration Management? 

    (31:50) Inspector in a Container Security Program? 

    (32:36) Detective in a Container Security Program? 

    (35:36) Can AWS Services help when Non-AWS services are in use?

    See you at the next episode!

    • 44 min
    AWS Cloud Penetration Testing Explained with Example

    AWS Cloud Penetration Testing Explained with Example

    Cloud Security Podcast -  This month we are talking about "Breaking the AWS Cloud" and next up on this series, we spoke to Seth Art (Seth's Linkedin) Cloud Penetration Testing Lead (Principal) at Bishop Fox. AWS cloud project to pentest AWS cloud architecture are not spoken about much - this stops today. We have Seth who works in the Cloud Penetration testing space to talk about open source tools and what Cloud pentesting is all about.

    Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

    Host Twitter: Ashish Rajan (@hashishrajan)

    Guest Twitter:  Seth Art (Seth's Linkedin)

    Podcast Twitter - @CloudSecPod @CloudSecureNews

    If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

    - Cloud Security News 

    - Cloud Security Academy

    Spotify TimeStamp for Interview Questions

    (00:00) Introduction

    (04:24) A bit about Seth

    (06:10) Web App Pentesting vs Cloud Pentesting

    (08:11) Working with scale of multiple AWS accounts

    (10:20) What can you expect to find with Cloud Pentesting?

    (12:14) Foundational pieces about approaching pentesting in Cloud

    (15:19) How to start a Cloud Pentest?

    (18:25) The importance of IAM

    (23:43) Common services in AWS to look at

    (25:58) Mistakes people make for scoping

    (29:18) The role of shared responsibility in Cloud Pentesting

    (32:38) Boundaries for AWS pentesting

    (35:13) Nmap between 2 EC2 instances

    (36:37) How do you explain the findings?

    (40:26) Skillsets required to transition to Cloud Pentesting

    (45:41) Transitioning from Kubernetes to Cloud Pentesting

    (48:55) Resources for learning about Cloud Pentesting.

    (49:47) The Fun Section

    See you at the next episode!

    • 53 min
    AWS Goat - Cloud Penetration Testing

    AWS Goat - Cloud Penetration Testing

    Cloud Security Podcast -  This month we are talking about "Breaking the AWS Cloud" and next up on this series, we spoke to Nishant Sharma (Nishant's Linkedin), Director, Lab Platform, INE. If you have tried pentesting in AWS Cloud or want to start today with AWS Goat, then this episode with Nishant, behind AWS Goat will help you understand how you can upskill and maybe even show others how to be better at pentesting AWS Cloud.

    Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

    Host Twitter: Ashish Rajan (@hashishrajan)

    Guest Twitter:  Nishant Sharma (Nishant's Linkedin)

    Podcast Twitter - @CloudSecPod @CloudSecureNews

    If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

    - Cloud Security News 

    - Cloud Security Academy

    Spotify TimeStamp for Interview Questions

    (00:00) Introduction 

    (03:51) snyk.io/csp

    (04:51) What is Cloud Pentesting?

    (06:19) Cloud pentesting vs Web App & Network

    (08:37) What is AWS Goat?

    (13:12) Do you need permission from AWS to do pentesting?

    (14:03) Pentesting an application vs pentesting AWS S3

    (15:40) What is AWS Goat testing?

    (18:14) Cloud penetration testing tools

    (19:59) How useful is a metadata of a cloud instance?

    (22:24) AWS Pentesting and OWASP Top 10

    (25:31) How to build internal training for Cloud Security?

    (29:43) Keep building knowledge on AWS Goat

    (30:33) Using CloudShell for AWS pentesting

    (34:09) ChatGPT for cloud pentesting

    (36:28) Vulnerable serverless application

    (39:40) Pentesting Amazon ECS

    (43:01) How do you protect against ECS misconfigurations?

    (47:38) What is the future plan for AWS Goat?

    (50:28) Fun Questions

    See you at the next episode!

    • 53 min
    Getting Started with Hacking AWS ECS

    Getting Started with Hacking AWS ECS

    Cloud Security Podcast -  This month we are talking about "Breaking the AWS Cloud" and next up on this series, we spoke to Gafnit Amiga (Gafnit's Linkedin), VP of Security Research at Lightspin who recently discovered the AWS Elastic Container Registry Public (ECR Public) vulnerability. She spoke to us about how she goes about doing cloud security research and what AWS ECS and ECR is.

    Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

    Host Twitter: Ashish Rajan (@hashishrajan)

    Guest Twitter:  Gafnit Amiga (Gafnit's Linkedin)

    Podcast Twitter - @CloudSecPod @CloudSecureNews

    If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

    - Cloud Security News 

    - Cloud Security Academy

    Spotify TimeStamp for Interview Questions

    (00:00) Introduction
    (02:28) snyk.io/csp
    (02:57) A bit about Gafnit
    (05:15) What is AWS ECS and ECR?
    (08:18) Why do people use ECS and ECR?
    (09:58) The ECR vulnerability Gafnit discovered
    (15:16) Vulnerability scanning for containers in AWS ECR
    (16:42) How do you find undocumented APIs in AWS?
    (17:58) Attack techniques in AWS
    (22:43) How to protect your AWS accounts?
    (25:14) Focus areas for Cloud Security Research in 2023
    (25:48) Finding vulnerability through research
    (29:00) Resources for Cloud Security Research

    (31:04) The Fun Section

    See you at the next episode!

    • 32 min
    GETTING STARTED WITH HACKING AWS CLOUD

    GETTING STARTED WITH HACKING AWS CLOUD

    Cloud Security Podcast - If Hacking the Cloud is on your mind for 2023 then in this "Breaking the AWS Cloud" month we are kicking things with Nick Frichette (Nick's Linkedin), a Senior Security Researcher from DataDog who is also maintains the site Hacking the Cloud linking offensive security research for AWS, Azure, GCP.

    Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

    Host Twitter: Ashish Rajan (@hashishrajan)

    Guest Twitter:  Nick Frichette (Nick's Linkedin)

    Podcast Twitter - @CloudSecPod @CloudSecureNews

    If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

    - Cloud Security News 

    - Cloud Security Academy

    Spotify TimeStamp for Interview Questions

    (00:00) Introduction
    (02:38) snyk.io/csp
    (03:26) A bit about Nick  
    (04:15) How is Security research different?
    (05:55) How to approach cloud security research?
    (07:24) How to pick the service you want to research?
    (08:51) What is AWS AppSync?
    (09:30) What is Confused Deputy Vulnerability?
    (10:16) The AppSync Vulnerability
    (12:09) Cross Account in AWS
    (13:41) Blue Teaming Controls when doing research
    (14:22) Framework for detective controls
    (16:01) What to do if you find an AWS vulnerability?
    (17:20) Legal constraints of security research
    (20:13) Where to get started in Cloud Security Research?
    (22:45) Are some misconfigurations becoming less common?
    (24:59) What is IMDSv2 and how is it different to IMDSv1?
    (27:00) Why is SSRF bad?
    (28:52) Cloud Pentesting Platforms
    (29:57) The story being hacking the cloud
    (31:25) Who should think about breaking the cloud?
    (34:02) Cloud Security Research Tools
    (36:38) How to access AWS environment for research?
    (39:12) Security Lab Resources  
    (40:04) The Fun Questions

    See you at the next episode!

    • 45 min
    AWS Reinvent 2022 - RECAP for Cloud Security Professionals!

    AWS Reinvent 2022 - RECAP for Cloud Security Professionals!

    In this episode of the Virtual Coffee with Ashish edition, we spoke with Shilpi Bhattacharjee (Cloud Security Podcast, Producer). We spoke about Announcements from AWS Reinvent for - new security products announced, updates to existing security products, security addition to existing products and products to lookout for. 

    Podcast Link with favourite Talks, Product launch details and more: https://snyk.io/blog/cloud-security-updates-reinvent-2022/ 

    --Announcing Cloud Security Villains Project--

    We are always looking to find creative ways to educate folks in Cloud Security and the Cloud Security Villains is part of this education pieces. Cloud Security Villains are coming, you can learn how to defeat them in this YouTube Playlist link

    Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

    Host Twitter: Ashish Rajan (@hashishrajan)

    Guest Twitter:  Shilpi Bhattacharjee (Cloud Security Podcast, Producer)

    Podcast Twitter - @CloudSecPod @CloudSecureNews

    If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

    - Cloud Security News 

    - Cloud Security Academy

    Spotify TimeStamp for Interview Questions

    • 43 min

Customer Reviews

4.8 out of 5
21 Ratings

21 Ratings

EngelR22 ,

Refreshing content !

Finally some refreshing content, delivered in only the way Ashish can. Not only is he a snappy dresser and fashionista, but his podcast content is just as smooth and insightful.
Great job making this happen Ashish, your passion is definitely in full flight here! Cheers

newly_registered26 ,

Solid content and diverse participants

Ashish delivers some solid content on cloud security, not just AWS and interviews a number of diverse peeps from the security community.

MegaMooMa ,

Awesome Podcast, a Must Listen!

Every episode is so informative. Great line up of speakers discussing great topics, AWS, DevSecOps, Security the list goes on!
Highly recommended.

Top Podcasts In Technology

Lex Fridman
Jason Calacanis
The New York Times
Jack Rhysider
The Cut & The Verge
The Wall Street Journal

You Might Also Like

ITWC
CyberWire, Inc.
CISO Series
Johannes B. Ullrich
Graham Cluley & Carole Theriault
Cybereason