Cyber Sentries: AI Insight to Cloud Security TruStory FM

Unlocking the Power of AI in DevSecOps
In this episode of Cyber Sentries, host John Richards sits down with John Bush, solutions architect at GitLab, to explore how artificial intelligence is transforming the day-to-day lives of developers. Bush, who has been coding since childhood, shares his insights on how AI is becoming embedded into every aspect of the DevSecOps pipeline, from writing code to identifying and remediating security vulnerabilities.
John and Bush dive deep into GitLab's AI-powered features, collectively known as Duo, which are sprinkled throughout the software development process. They discuss how these features enhance productivity, automate monotonous tasks, and provide valuable insights to both developers and business users alike. Bush also sheds light on the importance of human oversight in the AI-assisted development process, emphasizing the need for thorough code reviews and security scans.
Questions we answer in this episode:
How is AI changing the daily work of developers?What are some real-world use cases for AI in the DevSecOps pipeline?How can organizations ensure the security and reliability of AI-generated code?Key Takeaways:
AI is becoming an integral part of the entire software development lifecycleDevelopers must still carefully review and vet AI-generated code before deploymentGitLab's AI gateway allows routing requests to the most appropriate AI modelsBush provides a fascinating look at the evolution of DevSecOps, stressing the importance of considering security throughout the development process rather than as an afterthought. He explains how GitLab's AI-powered features, such as vulnerability scanning and automated remediation, help developers efficiently identify and fix security issues early on, saving time and resources in the long run.
This episode is a must-listen for anyone interested in the cutting-edge intersection of AI and DevSecOps. Whether you're a seasoned developer, a security professional, or simply curious about the future of software development, you'll come away with valuable insights and a clearer understanding of how AI is revolutionizing the industry.Episode Notes
Links & Notes
Find John Bush on LinkedInFind John Bush on XTry GitLab DuoLearn more about Paladin CloudGot a question? Ask us here!
(00:00) - Welcome to Cyber Sentries
(00:58) - About John Bush
(03:58) - Moving to GitLab
(05:30) - Solution Architects
(06:40) - Duos AI Solutions
(10:26) - Context
(12:17) - Switching Models
(13:58) - Best Practices
(17:51) - Policy Capability
(22:37) - Remediate the Vulnerabilities
(23:59) - Dev Sec Ops in This Ecosystem
(26:21) - Organization Approaches
(28:55) - Level of Knowledge Required
(31:09) - Finding John
(32:14) - Wrap Up

On this episode, Paladin Cloud’s CEO and co-founder Dan Deeney steps into John Richards’ shoes to play host! He welcomes cybersecurity veteran Mike Crowe to the show. With over 30 years of experience as CIO of Colgate-Palmolive, Mike provides unique insight into the evolution of threats, strategies for defense, and trends that keep CISO’s up at night.
Dan and Mike explore the increasingly complex threat landscape companies face today. From expanding digital footprints and geopolitical instability empowering nation-state attacks, the challenge grows for security teams. However, new tools also emerge to help lighten the load, such as automation that prioritizes risks and enables efficient remediation across global organizations.
The conversation dives into specific trends like AI and how guardrails must develop alongside new capabilities. Open source models offer both risks and opportunities when thoughtfully incorporated into private LLMs. Throughout, Mike stresses finding what you don't know through proactive testing as the best way to stay ahead of attackers.
Questions we answer in this episode:
What are the top threats keeping CISOs up at night?How can security and DevOps teams better collaborate to reduce risks?Key Takeaways:
Continually evolve defenses as the threat landscape grows ever more complexAutomation and integration are critical to managing overwhelming workloadsChallenge your security assumptions through ethical offensive testingWith Mike's wealth of practical experience, this episode provides valuable strategic perspective on cybersecurity that both new and seasoned professionals can apply to strengthening their own organizations' posture. Listeners will gain insights on current realities and where the industry is heading to stay ahead of evolving dangers.
Links & Notes
Learn more about Paladin CloudGot a question? Ask us here!
(00:00) - Welcome to Cyber Sentries
(00:23) - Paladin Cloud CEO Dan Deeney Talks With Mike Crowe
(00:51) - Meet Mike Crowe
(02:01) - Overall Threat Landscape’s Evolution
(03:55) - Example Threat
(05:44) - AI
(08:47) - Open Source
(10:18) - Trends and Strategies in Defense
(12:04) - Risk-Based Prioritization
(13:40) - Remediation
(16:55) - Ticketing Systems
(18:38) - IntegratingTeams
(21:57) - Emergence of a Hybrid Team
(23:51) - Final Thoughts
(27:20) - Wrap Up

Exploring the AI-Powered Future of Cloud Security with Thomas JohnsonOn this episode of Cyber Sentries, host John Richards interviews Thomas Johnson, CTO and co-founder of Multiplayer, about how AI is transforming cloud security. As AI capabilities rapidly advance, Thomas provides insights into how engineering teams can leverage AI to enhance workflows, generate code, and convert basic sketches into functional systems.
John and Thomas dive into key questions surrounding AI ethics, choosing open source vs proprietary models, and best practices for handling sensitive data. Listen in to hear Thomas' advice for developers looking to integrate AI into their tech stacks.
Questions we answer in this episode:
How are dev teams currently using AI like Copilot?What are the main differences between neural networks and other AI?What security risks exist with generative AI models?Key Takeaways
Focus on choosing the right problem and having clean, quality data.Open source models offer more control compared to proprietary models.Do not put sensitive data into generative models.This fascinating discussion explores how AI is transforming cloud security and development workflows. Thomas provides practical insights into leveraging AI's immense potential while avoiding pitfalls. Whether you're an engineering leader or a developer new to AI, this episode offers an enlightening look at the AI-powered future of tech.Links & Notes
MultiplayerLearn more about Paladin CloudGot a question? Ask us here!
(00:00) - Welcome to Cyber Sentries
(00:22) - Meet Thomas Johnson
(01:02) - AI Background
(01:58) - Neural Networks
(02:47) - Current Buzz
(04:43) - Integrating AI
(07:41) - Improving AI
(10:57) - Think About the Problem and Data
(12:25) - If Data Is the Problem
(14:00) - Securities and Access
(15:50) - RAG Model
(17:52) - Open Source v. Proprietary
(19:20) - Training and Inference Side
(20:35) - Multiplayer
(21:43) - Wrap Up

John sits down with Shreyans Mehta, CTO and co-founder of Cequence Security, to discuss how AI and machine learning can be applied to improve cloud security. They provide valuable insights for security teams looking to leverage AI to protect their cloud environments and applications.
The conversation focuses on using AI for security use cases like detecting anomalies and suspicious behavior, identifying misconfigurations, and automating response. Shreyans shares real-world examples of how Cequence Security has developed AI models to analyze network traffic, APIs, logs, and other data sources to detect threats targeting cloud applications and infrastructure.
Questions we answer in this episode:
How can AI improve visibility across cloud environments?What are some common use cases for AI in cloud security?How can AI help overburdened security teams?Key Takeaways:
AI excels at detecting subtle anomalies and identifying emerging threats based on learned patterns.AI models must be continuously trained on new data to remain effective as attacks evolve.AI augments human analysts by automating tedious tasks so they can focus on higher-value security activities.An advantage businesses have in the AI arms race with attackers is being able to train their AI on their unique user activity patterns.This insightful discussion highlights the transformative potential of AI to improve threat detection, investigation, and response. Security teams looking to apply AI can come away with a better understanding of where to start and how to build an effective AI strategy. John and Shreyans explore key considerations around data quality, model accuracy, and responsible AI practices.
Overall, this episode delivers practical guidance to help security leaders successfully navigate the AI landscape. Listen in to learn how to harness the power of AI to advance your cloud security program.
Links & Notes
Paladin CloudCequenceGot a question? Ask us here!Got a question about cybersecurity, AI, or something else related? Ask us here, and we'll get to it in a future episode!

(00:00) - Welcome to Cyber Sentries
(00:22) - Meet Shreyans Mehta
(27:06) - Wrap Up

Exploring the Transformative Potential of AI for Cloud SecurityIn this episode of Cyber Sentries, host John Richards speaks with Shawn Anderson, an expert in cybersecurity and current CTO at Boston Meridian. They have an insightful discussion about how artificial intelligence is transforming cloud security.
Shawn shares his valuable perspective from years of experience leading security initiatives for major corporations. He and John dive into topics like using AI to process massive amounts of data and telemetry, enabling new security capabilities. They also talk about how identity has become cybersecurity's new perimeter.
Key themes from their conversation:
AI allows security teams to analyze data at a scale not possible for humans, identifying risks and vulnerabilities more quickly.With cloud computing, the focus needs to be on protecting data itself, not just traditional network perimeters.Identity is central - knowing the user and device accessing data is critical for zero trust security.Compliance regulations help incentivize robust cybersecurity programs and controls.AI models need transparency, accountability, and governance to avoid misuse.Questions we answer in this episode:
How can AI transform cloud security?What can we learn from past technological shifts like cloud adoption?How does identity enable zero trust security?Key Takeaways:
AI enables security teams to find the most critical risks to prioritize.Mindsets need to evolve as new technologies emerge.Governance and accountability are crucial when applying AI.This insightful episode explores how AI is transforming cloud security and identity management. Shawn provides an expert viewpoint on applying AI securely and responsibly. Any cybersecurity or technology leader will gain valuable perspectives from this discussion.
Links & Notes
Paladin CloudBoston MeridianSean Anderson's blogGot a question? Ask us here!Got a question about cybersecurity, AI, or something else related? Ask us here, and we'll get to it in a future episode!

(00:00) - Welcome to Cyber Sentries
(00:57) - Meet Shawn Anderson
(04:09) - Cybersecurity and AI
(06:32) - Identifying Exploitability
(09:45) - Identity and Security
(12:06) - How to Secure
(14:16) - New Approaches?
(16:58) - Accountability
(22:54) - Exciting Times
(26:03) - Finding Shawn
(28:39) - Wrap Up

Navigating the AI Security Landscape with Somesh JhaIn this Cyber Sentries episode, host John Richards interviews AI expert Somesh Jha on using AI for security. They discuss the promise and perils of AI in cybersecurity, best practices for implementation, challenges with fine-tuning models, and adopting a multi-agent approach.
Jha provides insights on the potential of AI to transform cloud security through automating tasks like intrusion detection. However, attackers could also weaponize AI for large-scale spear phishing. As the technology matures, it remains unclear exactly what will be possible. The episode covers common mistakes like applying AI too broadly, the need for careful benchmarking to avoid hallucinations, the large data requirements for fine-tuning models, and the benefits of a multi-agent framework.
Questions You May Have
How can AI be used for good and bad in cybersecurity?What are some common mistakes when applying AI to security?How can we evaluate if an AI model is working well for security?Key Takeaways
AI can automate spear phishing at scale, but also help detect intrusionsStart with a narrow security problem before expanding AI to broader onesCareful benchmarking is crucial to evaluate AI security toolsBeware of AI hallucinations - grounding techniques can helpFine-tuning AI models requires large datasets to work wellAdopt a multi-agent approach when building AI applicationsJha advises starting with a focused security use case and doing careful benchmarking to demonstrate value before expanding AI more broadly. He notes the challenges of fine-tuning models with limited data. Jha explains how Langroid is designed around a multi-agent approach for maintainable and extensible AI code.
This episode provides insights for security teams on leveraging AI responsibly, with practical advice on implementation pitfalls. Jha offers perspectives on realizing the future potential of AI in cybersecurity. His expertise provides a useful guide for applying AI to security effectively.
Links & Notes
Paladin CloudLangroidGot a question? Ask us here!
(00:00) - Welcome to Cyber Sentries
(32:45) - Wrap Up