Scale to Zero - No Security Questions Left Unanswered

Scale To Zero

We know security is challenging, but a timely understanding of security is far more challenging! Scale to Zero is built for all the security professionals for helping them to be more privacy and security-sensitive. With this show, we hope to address all the security-related issues that are challenging to understand and resolve without the help of experts. We believed that a community space like Scale to Zero would make things a little bit simpler for everyone after we discovered the discomfort of constantly switching back and forth.

  1. Designing Security for GenAI: 9 Key Concepts | Ft. Shweta Thapa | Ep. 96 | ScaleToZero Podcast

    1D AGO

    Designing Security for GenAI: 9 Key Concepts | Ft. Shweta Thapa | Ep. 96 | ScaleToZero Podcast

    Ever wonder about the security risks lurking behind your favorite AI tools? In this episode, we sit down with Shweta Thapa, Security Specialist Solutions Architect from AWS, to demystify the complex world of GenAI and traditional application security. Transcript: https://www.scaletozero.com/episodes/designing-security-for-genai-with-security-specialist-solutions-architect-shweta-thapa/ Guest: https://www.linkedin.com/in/shwetast/ Host: https://www.linkedin.com/in/mpurusottamc/ Cloudanix: https://cloudanix.com/ We'll cover 9 critical topics that every tech professional, business leader, and security enthusiast needs to know. Get ready to learn about: 00:00 Teaser and Introduction 05:01 Fundamentals of Designing Security for GenAI and Traditional Applications 09:00 Control of Shared Responsibility Model: LLM Provider vs. Consumer 12:25 Top Five Security Checks for GenAI System 17:39 Securing GenAI Outputs: Trustworthy vs. Toxic Content 22:03 Synthetic Data: Helpful or Harmful 24:16 Validating AI Output: Monitoring, Context & Human Judgment 28:07 Strategic Advisory Questions to Ask Stakeholders When Investing in GenAI Application 31:22 Misconceptions of Security Leaders about GenAI Security 35:56 Getting Started with GenAI: Startups vs. Enterprises 43:50 Summary 45:00 Learning Recommendation

    48 min
  2. Beyond the Debate: Security as an Enabler & GRC Maturity | Ft. Winthrop Welch | Ep. 95 | ScaleToZero

    AUG 20

    Beyond the Debate: Security as an Enabler & GRC Maturity | Ft. Winthrop Welch | Ep. 95 | ScaleToZero

    What does it truly take to lead security and GRC in today's complex, high-stakes environments? It's about much more than just technology—it's about building trust, creating champions, and acting as an enabler, not a blocker.In this powerful episode, we sit down with [Guest Name], a seasoned Fractional CISO and Cybersecurity Advisor. With their extensive experience, we'll dive into the real-world lessons learned from bridging the gap between security teams and the rest of the business, and how to turn GRC from a requirement into a strategic advantage.00:00 Teaser and Introduction07:24 Security and Compliance Debate09:55 How are Security and Compliance not different from each other?11:17 Security challenges evolved over the years - from data centers to AI14:10 Challenges of aligning security strategies within enterprises16:53 Tips to build trust and create security champions21:00 How do you support and educate others around you?23:05 How have security engineering and leadership roles helped you evolve?25:35 Security teams working closely with other business teams28:45 Security leaders being open to security teams31:40 GRC maturity levels in organizations today34:50 Implementing GRCs more efficiently38:32 Reducing friction between security and other business teams42:48 Security teams as enablers and not blockers47:49 Scenario where your leadership was tested53:23 Summary54:16 Learning recommendations

    57 min
  3. The Future CISO: AI, Quantum & Becoming a Multidisciplinary Strategist | Ft. Patricia Titus | Ep. 94 | ScaleToZero Podcast

    AUG 6

    The Future CISO: AI, Quantum & Becoming a Multidisciplinary Strategist | Ft. Patricia Titus | Ep. 94 | ScaleToZero Podcast

    The role of a CISO is evolving at an unprecedented pace. It's no longer just about technical defenses; it's about leading multidisciplinary teams, understanding business strategy, and navigating the profound impacts of emerging technologies like AI and Quantum Computing. In this episode, we sit down with Patricia Titus, a seasoned Field CISO, to break down what it takes for today’s security leaders to become the multidisciplinary strategists of tomorrow. We explore how to move beyond traditional security models and embrace a future where security is a core business enabler. Watch the episode on YouTube: https://youtu.be/s6475pSgSxc 00:00 Introduction04:45 From Learning AI to Secure Deployment08:25 Cross-Disciplinary Teams & the CISO's Co-Leadership Role10:05 Will AI impact only GRC or a broader area?13:29 Governance frameworks for CISOs before deploying workloads17:35 Establishing & Measuring AI Governance Frameworks20:50 Behavioral AI: Cultural shifts required to build a security mindset25:20 Measuring the effectiveness of Behavioral AI30:57 How security leaders can stay ahead in the AI native security world?33:27 Non-technical Skills for Future CISOs in the AI world35:52 Areas of expertise today's CISOs must actively cultivate39:48 Explaining the importance of AI and Quantum to stakeholders44:57 Summary45:45 Learning recommendations from Patricia

    48 min
  4. AWS Marketplace, ISV Partnerships, Channel Acquisitions, and More | Cybersecurity Sales | Ep. 93 | ScaleToZero Business Podcast

    JUL 23

    AWS Marketplace, ISV Partnerships, Channel Acquisitions, and More | Cybersecurity Sales | Ep. 93 | ScaleToZero Business Podcast

    Join us for an inspiring and incredibly practical conversation with Faraz Khan, a seasoned AWS Marketplace Leader who shares invaluable insights from a career dedicated to sales, relationships, and driving business growth. This isn't just about tech; it's about the human element of sales, the power of partnerships, and navigating massive commercial opportunities.Faraz Khan: https://www.linkedin.com/in/m-faraz-k-4842883/ Sujay Maheshwari: https://www.linkedin.com/in/sujaymaheshwari/ 0:00 Teaser and Introduction6:50 Sales and Relationship Learnings at Oracle Middle East11:20 Getting into Sales Life14:50 Cracking a $3 Million Deal18:08 Identifying Sales Personality Within People and Coaching Them22:10 Leaving Middle East and Shifting to India26:35 Understanding AWS Marketplace32:30 Getting Successful at AWS Marketplace40:50 Helping Understand AWS Marketplace Co-Sell to Early Adopters47:50 Wisdom for AWS Marketplace Skeptics52:55 Maneuvering AWS Marketplace and Its Different Areas59:30 Faraz Dislikes Some Aspects of His Job01:04:19 Problems Solved with AWS Marketplace India Launch01:07:35 Faraz's Life And A Day in His Life01:11:55 Faraz as a "Shayar" ("Poet") and Life Recently

    1h 22m
  5. Zero Trust Security - The Right Way | Ft. Uttej Badwane | Ep.92 | ScaleToZero Podcast | Cloudanix

    JUL 9

    Zero Trust Security - The Right Way | Ft. Uttej Badwane | Ep.92 | ScaleToZero Podcast | Cloudanix

    Embark with us on a crucial journey into the world of Zero Trust with our guest Uttej Badwane, a seasoned Senior Security Engineer. In this episode, we'll demystify Zero Trust for organizations just getting started, dive into practical implementation steps, and explore the cutting-edge intersection of Zero Trust and Artificial Intelligence.This episode is indispensable for security leaders, engineers, architects, and anyone keen on building resilient, future-ready security postures. Don't forget to Like, Share, and Subscribe for more expert insights!Cloudanix: https://www.cloudanix.com/Zero Trust Security: https://www.cloudanix.com/learn/what-is-zero-trust-securityUttej: https://www.linkedin.com/in/uttej-badwane/00:00 Teaser and Guest Introduction03:55 Defining Zero to Zero Trust for organizations getting started08:48 Steps to evaluate and implement a zero-trust model12:34 Multi-factor Authentication, or Micro-segmentation, or Zero Trust17:38 Challenges of implementing a zero-trust framework25:58 Is Zero Trust a right fit for you?30:24 Balancing organizational complexities and zero-trust implementation35:17 IAM recommendations for a robust zero-trust implementation42:05 Staying on top of operational complexities with practical governance steps48:52 Role of AI in Zero Trust Architecture54:54 How will zero trust models change if servers are running AI agents?58:29 Learning recommendations from Uttej

    1 hr
  6. Scaling IAM Security For Major Cloud Platforms | Ft. Stephen Kuenzli | Ep. 91 | ScaleToZero Podcast

    JUN 25

    Scaling IAM Security For Major Cloud Platforms | Ft. Stephen Kuenzli | Ep. 91 | ScaleToZero Podcast

    Join us for a deep dive into the evolving landscape of cybersecurity with Stephen Kuenzli, an accomplished former Senior Security Architect and now the founder of a leading cybersecurity/cloud security company. In this episode, we cut through the noise to discuss practical, real-world strategies for Identity and Access Management (IAM) and confront the revolutionary impact of AI on our security programs. This episode is a must-watch for CISOs, Security Architects, Cloud Security Engineers, and anyone looking to navigate the complexities of modern IAM and the AI-driven future of cybersecurity. Watch on YouTube: https://youtu.be/96sztTdlN00 00:00 Teaser and Guest Introduction 06:40 IAM misconceptions blocking organizations from scaling 09:10 How to fix IAM misconceptions? 14:12 Practical example of self-serve security policy 20:25 Getting started with IAM security in real-time 24:47 Practical guide for building a better least privilege policy 29:00 Your CSP tools to leverage for scaling Cloud IAM Security 38:08 Emerging trends in security with the rise in AI 41:10 Possible implications of AI in the world of security 46:22 Challenges solved by a custom-built MCP server built by Stephen 49:22 Impact on traditional security programs due to AI-based MCP servers 55:05 Challenges of AI that security leaders should be aware of 01:01:12 Summary 01:02:08 Learning recommendations

    1h 4m
  7. Risk Management and It's Different Types of Approaches | Ft. Joseph Haske | Ep. 90 | ScaleToZero

    JUN 11

    Risk Management and It's Different Types of Approaches | Ft. Joseph Haske | Ep. 90 | ScaleToZero

    Join us for a deep dive into the world of Cybersecurity Risk Management with seasoned expert Joseph Haske. Risk Manager, who brings a fresh perspective to navigating complex cyber challenges. In this episode, we unpack crucial topics that every security professional, leader, and stakeholder needs to understand. Transcript: Cloudanix: https://www.cloudanix.com/ 00:00 Teaser and Introduction03:54 Does non-tech experience help you in the field of security?07:39 Different perspective on the field of risk management with vast experience09:36 Qualitative vs. Quantitative Risk Management, who outgrows whom, and how12:29 Strengths and Weaknesses of the Qualitative and Quantitative Risk Framework14:00 Educating your teams to follow the right risk framework15:36 Fundamental differences between underlying philosophies and the FAIR framework18:00 Selecting the right framework for small and growing organizations19:47 Balancing the usage of Qualitative vs Quantitative risk approach23:00 Importance of the peer review process25:03 Challenges to implementing the FAIR approach27:27 Mitigating the challenges of implementing the FAIR approach29:37 Biggest misconception before starting a risk management program31:31 Future of risk management32:55 Preparing for the future of risk management34:31 Approaching the security challenges raised by new technologies like AI or quantum computing36:40 Building the right culture to drive a successful risk management program39:49 Summary41:00 Learning Recommendations

    43 min
  8. AI in AppSec: The Paradigm Shift with Principal Security Engineer | Ft. Brad Geesaman | Ep. 89

    MAY 28

    AI in AppSec: The Paradigm Shift with Principal Security Engineer | Ft. Brad Geesaman | Ep. 89

    In this groundbreaking episode of the ScaleToZero podcast, we sit down with Brad Geesaman, a Principal Security Engineer, to explore the revolutionary impact of Agentic AI on Application Security. From the inspiration behind this cutting-edge field to the practicalities of building AI-powered solutions, we cover it all. This episode is a must-listen for CISOs, Security Engineers, CTOs, and anyone looking to understand how AI is redefining the future of AppSec. Transcript: https://www.scaletozero.com/episodes/ai-in-appsec-the-paradigm-shift-with-brad-geesaman/ Brad: https://www.linkedin.com/in/bradgeesaman/ 00:00 Teaser and Introduction 04:00 Inspiration to focus on Application Security using AgenticAI 05:56 Understanding AgenticAI0 8:52 Agentic AI versus Traditional AI 12:44 Paradigm shift of secure coding with the change of AI 15:28 Importance of tool integration and standardization of AgenticAI for AppSec 18:00 Standardization of Agent SDKs or NCPs 20:22 Using AI to secure AI 23:12 Are AI systems reliable considering their nondeterminism 25:15 Considerations for adopting AI for AppSec 29:54 Impact of AI on organizational structure for security 32:27 Elements of AppSec with the least AI benefits 36:10 What is Reaperbot 42:42 Advantages and disadvantages of testing methods of Reaperbot 45:00 Vision for Reaperbot in the near future 48:00 Building trust within teams with the rise in these decision-making agents 52:12 Recommendations for operations teams to avoid vulnerabilities or misconfiguration 54:58 Considerations for the operations team when using AI systems for security purposes 01:00:02 Summary 01:01:05 Learning recommendations

    1h 4m
See All (95)

About

We know security is challenging, but a timely understanding of security is far more challenging! Scale to Zero is built for all the security professionals for helping them to be more privacy and security-sensitive. With this show, we hope to address all the security-related issues that are challenging to understand and resolve without the help of experts. We believed that a community space like Scale to Zero would make things a little bit simpler for everyone after we discovered the discomfort of constantly switching back and forth.

Information