12 episodes

Cloud Ace is your go-to podcast for in-depth expert discussions on all topics that touch cloud security. Information security professionals can tune in for fresh perspectives on building and managing secure cloud infrastructure, platforms, and applications. The insight shared by our experts on this podcast transcends cloud, making it valuable for professionals across all fields of cyber security. Brought to you by SANS Institute, Cloud Ace podcast delivers actionable insight through interviews with some of the top minds leaving their mark in cloud security. Cloud Ace covers the full gamut of cloud topics from multi-cloud and public cloud, to containers, threat detection, cloud pen testing, DevSecOps, automation and everything in between.

Cloud Ace SANS Institute

    • Technology

Cloud Ace is your go-to podcast for in-depth expert discussions on all topics that touch cloud security. Information security professionals can tune in for fresh perspectives on building and managing secure cloud infrastructure, platforms, and applications. The insight shared by our experts on this podcast transcends cloud, making it valuable for professionals across all fields of cyber security. Brought to you by SANS Institute, Cloud Ace podcast delivers actionable insight through interviews with some of the top minds leaving their mark in cloud security. Cloud Ace covers the full gamut of cloud topics from multi-cloud and public cloud, to containers, threat detection, cloud pen testing, DevSecOps, automation and everything in between.

    Marqueze "Q" Sawyers: Fail First, Fast, and Safely in Cloud Engineering

    Marqueze "Q" Sawyers: Fail First, Fast, and Safely in Cloud Engineering

    Brandon Evans reconnects with former co-worker Marqueze “Q” Sawyers, a Senior Manager of Software Engineering at Asurion, as they chat about moving fast while failing safely while developing cloud-based applications, using tools like GitHub actions to enable security pipelines in a DevSecOps environment, and making security look as cool as it is for Security Champions and engineers.

    Our Guest - Marqueze Sawyers

    Twitter: https://twitter.com/MarquezeSawyers
    LinkedIn: https://www.linkedin.com/in/marqueze-sawyers-7a430467/
    Resources mentioned in this episode:
    Blacks in Technology
    Asurion Marketing Site
    Asurion BEST ERG

    Join the global cybersecurity community in its most festive cyber security challenge and virtual conference of the year. The SANS Holiday Hack Challenge is a FREE series of super fun, high-quality, hands-on cybersecurity challenges. The SANS Holiday Hack Challenge is for all skill levels, with a stellar prize at the end for the best of the best entries.Learn more at SANS.org/HHC2022

    • 57 min
    Ahmed AbuGharbia: Upskilling your Security Teammates for Cloud and DevSecOps

    Ahmed AbuGharbia: Upskilling your Security Teammates for Cloud and DevSecOps

    Brandon Evans meets with Ahmed AbuGharbia, a Security Manager and Consultant at Sirius Computer Solutions as well as a Certified Instructor Candidate for SANS SEC540: Cloud Security and DevSecOps Automation, to discuss reskilling traditional security professionals to work with Cloud and DevSecOps, getting executive buy-in for investing in their employees, and about an incident he responded to in which all of the infrastructure within his client’s AWS account was deleted.
    Our Guest - Ahmed AbuGharbia

    Ahmed Abugharbia is a consultant and a manger in the Managed Security Services department at Sirius Computer Solutions in Chicago, IL. Prior to moving to the United States in 2017, Ahmed was a co-founder of Cystack consulting, which has been serving clients in the Middle East for over 10 years, providing assistance to clients with upgrading their information security defenses through deploying security solutions, performing vulnerability and infrastructure assessments, as well as hosting information security training sessions to technical staff. In total, he has over 13 years of experience in the field of information security, with a recent focus on Cloud Security and DevSecOps. Other areas of expertise for Ahmed include Firewalls, IPS, WAF, PKI, Vulnerability Management and Information Security Consulting. Ahmed is an instructor for SEC540: Cloud Security and DevOps Automation

    Sponsor's Note:


    Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcast and would like to learn more about cloud security, SANS Cloud Security curriculum is here to support your journey into building, deploying, and managing secure cloud infrastructure, platforms, and applications. Whether you are on a technical flight plan, or a leadership one, SANS Cloud Security curriculum has resources, training, and certifications to fit your needs.


    Focus on where the cloud is going, not where it is today. Your organization is going to need someone with hands-on technical experience and cloud security-specific knowledge. You will be prepared not only for your current role, but also for a cutting-edge future in cloud security.


    Review and Download Cloud Security Resources: sans.org/cloud-security/


    Join our growing and diverse community of cloud security professionals on your platform of choice:
    Discord | Twitter | LinkedIn | YouTube


    Join the global cybersecurity community in its most festive cyber security challenge and virtual conference of the year. The SANS Holiday Hack Challenge is a FREE series of super fun, high-quality, hands-on cybersecurity challenges. The SANS Holiday Hack Challenge is for all skill levels, with a stellar prize at the end for the best of the best entries.Learn more at SANS.org/HHC2022

    • 53 min
    Jabez Abraham: Creating a Cloud Security Enterprise Architecture Strategy for Global Organizations

    Jabez Abraham: Creating a Cloud Security Enterprise Architecture Strategy for Global Organizations

    Jabez Abraham, Senior Cyber Security Cloud Architect at Paige, meets with his former co-worker Brandon Evans to discuss how cloud native security capabilities can eliminate complexity while applying consistent security controls for organizations spanning multiple geographies, cloud accounts, and regulatory regimes.


    Our Guest - Jabez Abraham

    As a Senior Cyber Security Cloud Architect at Paige.ai, Jabez is passionate about cloud computing. He thrives on solving problems by leveraging native cloud services to build secure and supportable solutions. At Paige.ai, he helps define the strategies, roadmaps, and solutions to embrace the value of the public cloud and ensure the protection of Paige.ai infrastructure, applications, and data for Cloud Native, Hybrid, and inter-cloud deployments. He has spent an extensive amount of time working through the various aspects of adoption while embracing a #Cloudbydefault approach. Jabez also leads organizational transformation in Cloud and Security Domains.

    Sponsor's Note:


    Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcast and would like to learn more about cloud security, SANS Cloud Security curriculum is here to support your journey into building, deploying, and managing secure cloud infrastructure, platforms, and applications. Whether you are on a technical flight plan, or a leadership one, SANS Cloud Security curriculum has resources, training, and certifications to fit your needs.


    Focus on where the cloud is going, not where it is today. Your organization is going to need someone with hands-on technical experience and cloud security-specific knowledge. You will be prepared not only for your current role, but also for a cutting-edge future in cloud security.


    Review and Download Cloud Security Resources: sans.org/cloud-security/


    Join our growing and diverse community of cloud security professionals on your platform of choice:
    Discord | Twitter | LinkedIn | YouTube


    Join the global cybersecurity community in its most festive cyber security challenge and virtual conference of the year. The SANS Holiday Hack Challenge is a FREE series of super fun, high-quality, hands-on cybersecurity challenges. The SANS Holiday Hack Challenge is for all skill levels, with a stellar prize at the end for the best of the best entries.Learn more at SANS.org/HHC2022

    • 46 min
    Stacy Dunn: Creative Problem Solving in Cloud Security and the Software Development Lifecycle

    Stacy Dunn: Creative Problem Solving in Cloud Security and the Software Development Lifecycle

    Stacy Dunn, CISO Dojo podcast Co-Host, OWASP Chapter Co-Leader, SANS Senior Solutions Engineer, and former engineer for Check Point and Snyk, chats with Brandon Evans about the Software Development Lifecycle in the cloud, supply-chain security concerns, and the importance of creativity in a field that they both feel is incorrectly considered a hard science.

    Our Guest - Stacy Dunn

    Follow Stacy:
    LinkedIn
    CISO Dojo Podcast

    Resources mentioned in this episode

    https://hackernoon.com/how-it-feels-to-learn-javascript-in-2016-d3a717dd577f
    https://oklahomaartcade.wordpress.com/
    Sponsor's Note:
    Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcast and would like to learn more about cloud security, SANS Cloud Security curriculum is here to support your journey into building, deploying, and managing secure cloud infrastructure, platforms, and applications. Whether you are on a technical flight plan, or a leadership one, SANS Cloud Security curriculum has resources, training, and certifications to fit your needs.
    Focus on where the cloud is going, not where it is today. Your organization is going to need someone with hands-on technical experience and cloud security-specific knowledge. You will be prepared not only for your current role, but also for a cutting-edge future in cloud security.
    Review and Download Cloud Security Resources: sans.org/cloud-security/
    Join our growing and diverse community of cloud security professionals on your platform of choice:
    Discord | Twitter | LinkedIn | YouTube
    Join the global cybersecurity community in its most festive cyber security challenge and virtual conference of the year. The SANS Holiday Hack Challenge is a FREE series of super fun, high-quality, hands-on cybersecurity challenges. The SANS Holiday Hack Challenge is for all skill levels, with a stellar prize at the end for the best of the best entries.Learn more at SANS.org/HHC2022

    • 39 min
    Joshua Makinen: Building and Breaking Secure DevOps

    Joshua Makinen: Building and Breaking Secure DevOps

    Brandon Evans reunites with his former co-worker, Josh, a Senior Security Architect at Snowflake, as they discuss how to build security into DevOps organizations and how he was able to identify vulnerabilities in cloud DevOps tooling.
    Our Guest - Joshua Makinen
    Joshua Makinen is a security expert based out of Seattle who has been working in security design and penetration testing for 6 years. Currently, he works with Snowflake to decompose and mitigate the risks associated with Snowflake's infrastructure and public-facing offerings as a Data Cloud. During his time as a Security Consultant with NCC Group, he was exposed to a multitude of different organizations and was fascinated by the wide variety of problems they faced, technologies they used, and the approaches to cloud security they chose as a result. While much of his career accomplishments are not public, he once released a container image registry scanning tool called go-pillage-registries and also (accidentally) discovered and responsibly disclosed a couple of high-severity bug-bounty findings and CVE-2021-3583 in Ansible. Internal threats to an organization's supply chain and management interfaces for sensitive environments remains as one of Josh's favorite topics to consider in security. 
    Follow Joshua
    Twitter
    LinkedIn
    Web
    Sponsor's Note:


    Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcast and would like to learn more about cloud security, SANS Cloud Security curriculum is here to support your journey into building, deploying, and managing secure cloud infrastructure, platforms, and applications. Whether you are on a technical flight plan, or a leadership one, SANS Cloud Security curriculum has resources, training, and certifications to fit your needs.


    Focus on where the cloud is going, not where it is today. Your organization is going to need someone with hands-on technical experience and cloud security-specific knowledge. You will be prepared not only for your current role, but also for a cutting-edge future in cloud security.


    Review and Download Cloud Security Resources: sans.org/cloud-security/


    Join our growing and diverse community of cloud security professionals on your platform of choice:
    Discord | Twitter | LinkedIn | YouTube


    Join the global cybersecurity community in its most festive cyber security challenge and virtual conference of the year. The SANS Holiday Hack Challenge is a FREE series of super fun, high-quality, hands-on cybersecurity challenges. The SANS Holiday Hack Challenge is for all skill levels, with a stellar prize at the end for the best of the best entries.Learn more at SANS.org/HHC2022

    • 44 min
    Lysandra Capella: Leading Secure Cloud Transformation at Large Financial Institutions

    Lysandra Capella: Leading Secure Cloud Transformation at Large Financial Institutions

    Brandon Evans talks about building a Cloud Adoption Roadmap with Lysandra Capella, a manager at one of the largest financial institutions in the Dutch Caribbean and a SANS superstar (23 GIAC certs!)

    Our Guest - Lysandra Capella
    As a Banking professional with more than 10 years’ experience in cybersecurity domain, Lysandra currently supports executive management at a Financial Institution with strategy formulation, security assurance and IT governance. She comes with a background where she has worked as SME for critical incidents investigations, forensics, vulnerability assessment, penetrations testing and cloud security assessments.
    As a Cybersecurity professional she thrives on solving problems when leveraging native (cloud) services for building secure and supportable solutions. She has over 30 industry cybersecurity certifications and is very passionate about sharing her experience and knowledge as a SANS subject matter expert for a variety of classes.


    Follow Lysandra
    Twitter: https://twitter.com/L_Capella
    LinkedIn: https://www.linkedin.com/in/lysandracapella/

    Sponsor's Note:


    Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcast and would like to learn more about cloud security, SANS Cloud Security curriculum is here to support your journey into building, deploying, and managing secure cloud infrastructure, platforms, and applications. Whether you are on a technical flight plan, or a leadership one, SANS Cloud Security curriculum has resources, training, and certifications to fit your needs.


    Focus on where the cloud is going, not where it is today. Your organization is going to need someone with hands-on technical experience and cloud security-specific knowledge. You will be prepared not only for your current role, but also for a cutting-edge future in cloud security.


    Review and Download Cloud Security Resources: sans.org/cloud-security/


    Join our growing and diverse community of cloud security professionals on your platform of choice:
    Discord | Twitter | LinkedIn | YouTube






    Join the global cybersecurity community in its most festive cyber security challenge and virtual conference of the year. The SANS Holiday Hack Challenge is a FREE series of super fun, high-quality, hands-on cybersecurity challenges. The SANS Holiday Hack Challenge is for all skill levels, with a stellar prize at the end for the best of the best entries.Learn more at SANS.org/HHC2022

    • 51 min

Top Podcasts In Technology

Lex Fridman
Mikko Hyppönen & Tomi Tuominen
Jack Rhysider
Sähköautomiehet
Markus Hjort, Yrjö Kari-Koskinen
Chris Tarbell & Hector Monsegur

You Might Also Like

Johannes B. Ullrich
CISO Series
CyberWire, Inc.
The Record by Recorded Future
CyberWire Inc.
ITWC