Cloud Security Podcast Cloud Security
-
- Technology
-
Learn Cloud Security in Public Cloud the unbiased way from CyberSecurity Experts solving challenges at Cloud Scale. We can be honest because we are not owned by Cloud Service Provider like AWS, Azure or Google Cloud.
We aim to make the community learn Cloud Security through community stories from small - Large organisations solving multi-cloud challenges to diving into specific topics of Cloud Security.
We LIVE STREAM interviews on Cloud Security Topics every weekend on Linkedin, YouTube, Facebook and Twitter with over 150 people watching and asking questions and interacting with the Guest.
-
The role of Real Time Defense in Cloud Security
In this episode from KubeCon Paris 2024, we spoke to Loris Degioanni, Co-Founder and CTO of Sysdig about Open Source Project, Falco that celebrated its graduation this year at KubeconEU, Loris shared with us this proud moment and journey from writing the 1st lines of code to its critical role in protecting Kubernetes environments, and the future roadmap post-graduation. We spoke about the gap between traditional security measures and the dynamic needs of modern infrastructures.
Guest Socials: Loris's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
00:00 Introduction
01:13 A bit about Loris
01:44 What does graduation mean for Falco?
02:58 What is Falco?
04:59 eBPF and Falco
06:01 Why eBPF is secure?
07:11 Runtime Security in Kubernetes
10:32 ROI for leaders for Runtime Security Tools
12:50 Preventative Security vs Runtime Security
14:08 Runtime Security in Modern Environments
16:42 Whats the Future for Falco?
18:31 The Fun Questions -
CISO's guide to embracing risk in business
What is it like to build a successful business based on risk? In this episode Ashish spoke to Fredrick Lee, CISO at Reddit. FLee shared his deep insights into the essential role of risk in driving business success and innovation. With a career that spans across notable tech giants like Square (now Block), Twilio, and Gusto, Lee brings a wealth of experience in both hardware and software security landscapes. Without embracing risk, businesses risk stagnation in a world where competitors are always ready to innovate. From discussing the cost-effective strategies in cybersecurity to exploring the formation and goals of Reddit's S.P.A.C.E team (Security, Privacy, Automation, Compliance, and Engineering), this episode gets into the challenges and opportunities presented by the modern tech environment
Guest Socials: Fredrick Lee's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(04:42) A bit about Fredrick Lee
(07:42) How cloud changed cybersecurity?
(11:37) Threat Landscape in Software vs Hardware
(15:12) Threat Landscape in B2B vs B2C
(17:27) Navigating the First Steps as a New Company's CISO
(20:26) The role of compliance in Cybersecurity
(24:12) The role of privacy in Cybersecurity
(26:11) The role of AI in cybersecurity
(30:36) A bit about AI Cybersecurity Podcast
(31:09) What it means to be a CISO?
(34:34) Building CISO Roadmaps: Balancing Short-Term and Long-Term Goals
(36:49) Where to start with CISO Roadmap?
(39:02) What keeps Fredrick motivated about his CISO role?
(40:36) Whats next for current CISOs?
(42:50) The Fun Questions -
Why Email Breaches Still Happen?
Lets talk about the Evolution of Email Security. We have been speaking about Email Security for years but why has it not been solved? We spoke to Abhishek Agrawal, Co-founder of Material Security about the fact that despite of decades of advancements, email security remains a critical concern, with sophisticated attacks continually bypassing traditional controls. We explored the fascinating landscape of productivity suites like Microsoft 365 and Google Workspace, underscoring their importance beyond just communication tools. What are the critical aspects of threat management, posture management, and the necessity of a focused approach towards securing this often-overlooked segment of our digital infrastructure management.
Guest Socials: Abhishek's Linkedin Abhishek's Twitter
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions
(00:00) Introduction
(03:57) A bit about Abhishek
(04:49) What is a Productivity Suite?
(05:48) Why Email Security is still a focus in 2024?
(11:43) Where to start with Productivity Suite Security?
(15:03) The role of Cloud Native Tools in Productivity Suite Security
(19:38) Where can security leaders start with Productivity Suite Security
(24:39) Where can people learn more about Productivity Suite Security
(26:44) Fun Questions -
Essential Strategies to master Incident Response in Cloud
How do you build a Robust Detection Framework? Ashish spoke to Andrew Tabona, SVP of Cyber Threat Management and Incident Response at a Fortune 500 company about challenging the conventional wisdom of applying on-premise incident response plans to cloud environments. They speak about the critical metrics of mean time to detect, respond, and recover, and why mastering the fundamentals is key to effective cloud security.
The conversation also covers practical strategies for building a detection framework, the importance of a balanced approach to log ingestion, and the nuanced differences in incident response between cloud and traditional on-premise environments.
Guest Socials: Andrew Tabona
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(03:20) A bit about Andrew Tabona
(04:26) What is Threat Detection and Response?
(06:14) Why incident response is different in Cloud?
(09:18) Benefits of doing Incident Response in Cloud?
(10:29) Is CSPM your incident response tool?
(12:33) Where to start with Detection in Cloud?
(16:35) Getting buy in from other teams for threat detection
(20:15) Should you build or buy a cybersecurity solution?
(22:34) Responding to incidents in a Cloud Context
(26:01) Containing incidents in a Cloud Context
(28:34) What kind of access do IR teams need?
(30:36) Balancing the signal to noise ratio
(32:10) Where to start with Threat Detection and Response
(34:37) Challenges an organisation might face
(35:58) Threat Detection and Response in MultiCloud
(37:52) Showing ROI of Cybersecurity to the business
(38:57) Where to learn about IR and Threat Detection?
(41:09) Fun Section
(44:14) Where you can connect with Andrew -
From Code Suggestions to Security
What is GitHub Copilot? Its a AI-powered coding assistant that's redefining how developers write code. We spoke to Joseph Katsioloudes, a security specialist from the GitHub Security Lab. We spoke about how GitHub Copilot has been designed to serve not just developers but security professionals and others involved with code, enhancing productivity, satisfaction, and security across the board.
Guest Socials: Joseph Katsioloudes
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) A bit about Joseph
(01:07) What is GitHub Copilot?
(02:42) Use case for GitHubCopilot from a security perspective
(04:16) Cloud Development Kits (CDKs) for GitHub Copilot
(05:48) Business Motivation for GitHub Copilot adoption
(07:41) Should we trust AI generated code ?
(08:31) Using GitHub Copilot
(12:00) Data Privacy with Github Copilot
(13:28) GitHub Copilot for Regulated Industries
(14:51) What is GitHub Copilot X?
(16:02) What is GitHub Workspace?
(18:20) The Fun Section -
Cloud Security Operations for Modern Threats
How is your Cloud Incident Preparedness? Is your CSPM enough? Ashish spoke to Ariel Parnes, Co-Founder and COO at Mitiga about the concept of "Assume Breach" and its importance in developing a proactive cloud security framework. If you are looking to understand the nuances of of cloud incident response and being prepared for them, the effectiveness of current tools, and the future of cloud security operations strategy, then this episode is for you.
Guest Socials: Ariel Parnes
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(02:46) A bit about Ariel Parnes
(04:02) Cybersecurity in the world of Cloud
(06:07) What is Cloud Incident Preparedness?
(08:40) Reality of Cloud Incident Preparedness
(11:16) Does a CSPM help with Incident Preparedness?
(13:54) Should logs be sent to SIEM?
(15:59) Whats a good starting point for Incident Preparedness?
(18:31) Gaining deep visibility in your cloud environment
(19:50) Do you need a Security Data Lake?
(25:56) Demonstrating ROI for Security Operations
(28:28) Importance of Human Factor in Security Operations
(30:51) Low Hanging fruits to strengthen cloud operations
(32:31) The Fun Questions