Cloud Security Podcast Cloud Security
-
- Technology
-
Learn Cloud Security in Public Cloud the unbiased way from CyberSecurity Experts solving challenges at Cloud Scale. We can be honest because we are not owned by Cloud Service Provider like AWS, Azure or Google Cloud.
We aim to make the community learn Cloud Security through community stories from small - Large organisations solving multi-cloud challenges to diving into specific topics of Cloud Security.
We LIVE STREAM interviews on Cloud Security Topics every weekend on Linkedin, YouTube, Facebook and Twitter with over 150 people watching and asking questions and interacting with the Guest.
-
From Code Suggestions to Security
What is GitHub Copilot? Its a AI-powered coding assistant that's redefining how developers write code. We spoke to Joseph Katsioloudes, a security specialist from the GitHub Security Lab. We spoke about how GitHub Copilot has been designed to serve not just developers but security professionals and others involved with code, enhancing productivity, satisfaction, and security across the board.
Guest Socials: Joseph Katsioloudes
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) A bit about Joseph
(01:07) What is GitHub Copilot?
(02:42) Use case for GitHubCopilot from a security perspective
(04:16) Cloud Development Kits (CDKs) for GitHub Copilot
(05:48) Business Motivation for GitHub Copilot adoption
(07:41) Should we trust AI generated code ?
(08:31) Using GitHub Copilot
(12:00) Data Privacy with Github Copilot
(13:28) GitHub Copilot for Regulated Industries
(14:51) What is GitHub Copilot X?
(16:02) What is GitHub Workspace?
(18:20) The Fun Section -
Cloud Security Operations for Modern Threats
How is your Cloud Incident Preparedness? Is your CSPM enough? Ashish spoke to Ariel Parnes, Co-Founder and COO at Mitiga about the concept of "Assume Breach" and its importance in developing a proactive cloud security framework. If you are looking to understand the nuances of of cloud incident response and being prepared for them, the effectiveness of current tools, and the future of cloud security operations strategy, then this episode is for you.
Guest Socials: Ariel Parnes
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(02:46) A bit about Ariel Parnes
(04:02) Cybersecurity in the world of Cloud
(06:07) What is Cloud Incident Preparedness?
(08:40) Reality of Cloud Incident Preparedness
(11:16) Does a CSPM help with Incident Preparedness?
(13:54) Should logs be sent to SIEM?
(15:59) Whats a good starting point for Incident Preparedness?
(18:31) Gaining deep visibility in your cloud environment
(19:50) Do you need a Security Data Lake?
(25:56) Demonstrating ROI for Security Operations
(28:28) Importance of Human Factor in Security Operations
(30:51) Low Hanging fruits to strengthen cloud operations
(32:31) The Fun Questions -
Understanding Threat Modeling in Cloud
Do you need an essential guide for Threat Modeling your Cloud Environment, then this episode is definitely for you. Ashish sat down with Tyson Garrett from TrustOnCloud. We explore why and how organizations should approach threat modeling in cloud to enhance their security posture. Tyson and Ashish go through the practical steps required for effective threat modeling, including identifying and prioritizing threats, and the continuous adaptation required to address the dynamic nature of cloud services.
Guest Socials: Tyson Garrett
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(02:50) A bit about Tyson Garrett
(04:27) What is Threat Modeling in Cloud?
(06:29) Threat Modeling the right way in the Cloud
(08:23) Threat Modeling in Cloud vs On Prem
(11:05) Examples of Threat Modeling
(13:41) Threat Modeling AI Services from Cloud Providers
(21:58) Including Threat Modeling in Security Programs
(25:09) Threat Modeling Cloud at Scale
(28:08) Different Approaches for Threat Modeling
(30:21) Challenges with Threat Modeling in Cloud
(33:42) Best Practices for Threat Modeling in Cloud
(39:59) Showing ROI on Threat Modeling
(42:57) Maturity Levels of Threat Modeling
(45:21) Starting point for learning about Threat Models
(46:12) The Fun Questions
(48:41) Where can you connect with Tyson
Resources spoken about during the episode
TrustOnCloud has kindly offered a Free ThreatModel of your choice to our listeners - you can register here to pick yours -
Balancing Efficiency & Security: AI’s Transformation of Legal Data Analysis
What is the role of AI in Legal Research and Data Security? We spoke to Matt McKeever, CISO and Head of Cloud Engineering at LexisNexis, a company that uses GenAI and Custom LLM models to help its customers with legal research, guidance and drafting. Matt spoke to us about intersection of cloud engineering, cybersecurity and the revolutionary impact of Generative AI (GenAI) in the legal sector. He shared how LexisNexis leverages GenAI to enhance legal research, draft legal documents and summarize cases efficiently. We learn about the importance of data security in AI applications, especially in the legal industry and the role of custom Large Language Models (LLMs) in securing and processing legal data.
Guest Socials: Matt McKeever
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(00:26) LexisNexis use case for GenAI
(02:37) Amazon's Generative AI services
(03:24) Cybersecurity Threats when using GenAI
(05:14) Where to get started with Security in GenAI?
(06:53) Balancing Security and Innovation
(08:20) Business reason for GenAI
(09:13) Lessons from working with GenAI
(11:14) Having Custom Large Language Model
(13:42) Impact of AI on Cloud Security Roles
(14:50) Get Started with Custom Large Language Model
(15:48) Fun Questions
(17:49) Where to connect with Matt McKeever? -
Sidecar Container Vulnerability in Kubernetes explained
Are you familiar with Sidecars in Kubernetes? We spoke to Magno Logan about the complex world of Kubernetes security and the silent but deadly vulnerabilities associated with sidecar containers. Magno shares his extensive research and insights on how attackers can exploit these vulnerabilities to stay hidden within a Kubernetes environment, posing significant threats beyond the commonly discussed crypto mining attacks. Magno spoke about common attack paths targeting Kubernetes clusters, from exploiting application vulnerabilities to leveraging exposed Kubernetes services and compromised valid accounts.
Guest Socials: Magno Logan
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(01:26) A bit about Magno Logan
(01:49) Kubernetes Common Threats Explained
(02:23) Kubernetes Cluster Attack Entry Points
(04:28) How attackers maintain persistent access in Kubernetes?
(05:30) Container Escape Explained
(07:03) Maintaining Persistence in Kubernetes Clusters
(08:18) What are Sidecars?
(10:43) How to secure your sidecars?
(12:33) Where can people learn more about this
(13:57) The Fun Section
Resources spoken about on the podcast
Mitre Att&ck Containers Matrix
Microsoft Threat Matrix -
Role of application security posture management in cybersecurity
Navigating modern application security in a world of Cloud, DevSecOps and now AI is getting rather complex. We spoke to Idan Plotnik, who has 24 years of cybersecurity experience under his belt and is the Co-Founder of Apiiro about world of Application Security Posture Management (ASPM) and their relevance in both large and small organizations. Idan speaks about the challenges faced in managing vast quantities of repositories and tackles common misconceptions about ASPM, confirming that it's not intended to replace existing security pipelines.
Guest Socials: Idan Plotnik
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(04:58) A bit about Idan Plotnik
(05:56) Application Security tools explained
(08:09) Why Application Security Orchestration Correlation (ASOC) didn't work?
(09:14) Difference between Cloud Security and Application Security Tools
(14:51) Why is there a growing need for Application Security Tools today?
(19:07) Do Small to Medium size businesses need Application Security Tools?
(21:46) Managing Cybersecurity Tools
(26:08) API Security for Applications
(30:29) Dealing with Regulatory Requirements in Cybersecurity
(34:16) Evolving Goals in Application Security
(35:49) Deciphering MTTR in Cybersecurity
(37:54) The Fun Questions
(39:37) Where you can connect with Idan?
Customer Reviews
Refreshing content !
Finally some refreshing content, delivered in only the way Ashish can. Not only is he a snappy dresser and fashionista, but his podcast content is just as smooth and insightful.
Great job making this happen Ashish, your passion is definitely in full flight here! Cheers
Solid content and diverse participants
Ashish delivers some solid content on cloud security, not just AWS and interviews a number of diverse peeps from the security community.
Awesome Podcast, a Must Listen!
Every episode is so informative. Great line up of speakers discussing great topics, AWS, DevSecOps, Security the list goes on!
Highly recommended.