Player FM - Internet Radio Done Right
44 subscribers
Checked 2d ago
تمت الإضافة منذ قبل five أعوام
المحتوى المقدم من Cloud Security Podcast Team. يتم تحميل جميع محتويات البودكاست بما في ذلك الحلقات والرسومات وأوصاف البودكاست وتقديمها مباشرة بواسطة Cloud Security Podcast Team أو شريك منصة البودكاست الخاص بهم. إذا كنت تعتقد أن شخصًا ما يستخدم عملك المحمي بحقوق الطبع والنشر دون إذنك، فيمكنك اتباع العملية الموضحة هنا https://ar.player.fm/legal.
Player FM - تطبيق بودكاست
انتقل إلى وضع عدم الاتصال باستخدام تطبيق Player FM !
انتقل إلى وضع عدم الاتصال باستخدام تطبيق Player FM !
المدونة الصوتية تستحق الاستماع
برعاية
B
B2B Agility with Greg Kihlström™: MarTech, E-Commerce, & Customer Success


1 #52: Navigating the effect of AI on marketing jobs and the job market with Sue Keith, Landrum Talent Solutions 19:09
19:09
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب19:09
This episode is brought to you by Landrum Talent Solutions, a national recruiting firm specializing in marketing and HR positions. Our guest today has been keeping us up to date with the current state of hiring for marketers on a quarterly basis, which has taken us on quite a roller coaster ride. Today we’re going to look at how marketing and communication execs are responding to the latest developments in the world while still needing to get their work done. To take a look at the latest here, I’d like to welcome back to the show Sue Keith, Corporate Vice President at Landrum Talent Solutions. About Sue Keith Sue Keith is Corporate Vice President at Landrum Talent Solutions. With deep expertise in navigating complex labor markets, Sue has a front-row seat to the evolving dynamics of marketing roles, hiring trends, and the broader implications of AI and economic uncertainty. RESOURCES Landrum Talent Solutions: https://www.landrumtalentsolutions.com Catch the future of e-commerce at eTail Boston, August 11-14, 2025. Register now: https://bit.ly/etailboston and use code PARTNER20 for 20% off for retailers and brands Online Scrum Master Summit is happening June 17-19. This 3-day virtual event is open for registration. Visit www.osms25.com and get a 25% discount off Premium All-Access Passes with the code osms25agilebrand Don't Miss MAICON 2025, October 14-16 in Cleveland - the event bringing together the brights minds and leading voices in AI. Use Code AGILE150 for $150 off registration. Go here to register: https://bit.ly/agile150 Connect with Greg on LinkedIn: https://www.linkedin.com/in/gregkihlstrom Don't miss a thing: get the latest episodes, sign up for our newsletter and more: https://www.theagilebrand.show Check out The Agile Brand Guide website with articles, insights, and Martechipedia, the wiki for marketing technology: https://www.agilebrandguide.com…
Cloud Security Podcast
وسم كل الحلقات كغير/(كـ)مشغلة
Manage series 2853525
المحتوى المقدم من Cloud Security Podcast Team. يتم تحميل جميع محتويات البودكاست بما في ذلك الحلقات والرسومات وأوصاف البودكاست وتقديمها مباشرة بواسطة Cloud Security Podcast Team أو شريك منصة البودكاست الخاص بهم. إذا كنت تعتقد أن شخصًا ما يستخدم عملك المحمي بحقوق الطبع والنشر دون إذنك، فيمكنك اتباع العملية الموضحة هنا https://ar.player.fm/legal.
Learn Cloud Security in Public Cloud the unbiased way from CyberSecurity Experts solving challenges at Cloud Scale. We can be honest because we are not owned by Cloud Service Provider like AWS, Azure or Google Cloud. We aim to make the community learn Cloud Security through community stories from small - Large organisations solving multi-cloud challenges to diving into specific topics of Cloud Security. We LIVE STREAM interviews on Cloud Security Topics every weekend on Linkedin, YouTube, Facebook and Twitter with over 150 people watching and asking questions and interacting with the Guest.
…
continue reading
317 حلقات
وسم كل الحلقات كغير/(كـ)مشغلة
Manage series 2853525
المحتوى المقدم من Cloud Security Podcast Team. يتم تحميل جميع محتويات البودكاست بما في ذلك الحلقات والرسومات وأوصاف البودكاست وتقديمها مباشرة بواسطة Cloud Security Podcast Team أو شريك منصة البودكاست الخاص بهم. إذا كنت تعتقد أن شخصًا ما يستخدم عملك المحمي بحقوق الطبع والنشر دون إذنك، فيمكنك اتباع العملية الموضحة هنا https://ar.player.fm/legal.
Learn Cloud Security in Public Cloud the unbiased way from CyberSecurity Experts solving challenges at Cloud Scale. We can be honest because we are not owned by Cloud Service Provider like AWS, Azure or Google Cloud. We aim to make the community learn Cloud Security through community stories from small - Large organisations solving multi-cloud challenges to diving into specific topics of Cloud Security. We LIVE STREAM interviews on Cloud Security Topics every weekend on Linkedin, YouTube, Facebook and Twitter with over 150 people watching and asking questions and interacting with the Guest.
…
continue reading
317 حلقات
Toate episoadele
×
1 Understanding a $10B Fraud Vector in Cloud-Native Workflows 44:42
44:42
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب44:42
A $10 billion fraud vector is currently exploiting a common feature in many cloud-native applications: the SMS verification flow. This isn't a traditional breach. Instead of stealing data, adversaries use bots to trigger costs that are quietly absorbed into your company's operational budget, often showing up as an inflated cell phone or marketing bill. We spoke to Frank Teruel, COO at Arkose Labs about how this fraud works at a technical level and why modern, automated cloud workflows can be a perfect hiding place for these costly attacks. He also shares a story of how a single cloud container was hijacked, costing a company half a million dollars in compute costs for crypto mining over one weekend. This is a critical conversation for anyone working in cloud security, DevOps, and engineering who wants to understand the financial risks embedded in the very architecture of their applications. Guest Socials - Frank's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) The $10 Billion Invisible Threat(02:40) Frank Teruel’s Journey into Digital Identity(03:35) Why Identity Remains a Weak Spot for Cybersecurity(05:35) The Evolution of SMS Fraud(07:20) The "$5M Surprise Bill" Story(08:55) What is SMS Toll Fraud?(11:19) Does WAF Catch SMS Fraud?(12:49) Cloud vs. On-Prem: Is One Safer From SMS Fraud?(14:00) Does Single Sign-On Help With This?(15:55) How a Gaming Attack Becomes a Bank Heist(24:54) How AI is Weaponized for Cloud Attacks(25:35) The $500k Cloud Bill from a Hijacked Container(31:18) The Attack Vectors Cloud Teams Underestimate(35:30) What Are "Smart Bots"?(36:46) Where to Start Building a Program Around Fraud?(40:16) Fun Questions: Grandkids, Cooking & Music…

1 How BT Tackled 180 Years of Legacy to Build a Passwordless Future 19:51
19:51
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب19:51
How do you modernize security in a 180-year-old company that operates critical national infrastructure? What does it look like when you discover tens or even hundreds of thousands of credentials hidden across your estate? In this episode, we sit down with Christian Schwarz, Security Director for Network Services at BT Group , recorded at HashiDays London. Christian shares the immense challenge and strategic approach to standardizing secret management across one of the world's oldest telecommunication companies. He details BT's journey away from the "moat and a castle" security model towards a future with no passwords for developers , reducing friction and enhancing security by design. Guest Socials - Christian's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) - Why Standardizing Secrets is a Challenge (02:24) - Introducing Christian Schwarz & His Role at BT (05:50) - Beyond the "Castle & Moat": A New Approach to Security (07:59) - The Challenge of Securing a 180-Year-Old Company (10:04) - The Power of Storytelling and Discovering Hidden Credentials (11:59) - The Starting Point: Threat Modeling Your Critical Infrastructure (13:48) - The Upside of Standardization: Reducing Cognitive Load for Teams (16:08) - Fun Questions: Cycling, Innovation, and Favorite Cuisines Thank you to our episode sponsor HashiCorp…

1 Why Security Can Be Stricter: A Zero Trust Approach to AppSec with AI 45:42
45:42
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب45:42
Is AI making application security easier or harder? We spoke to Amit Chita, Field CTO at Mend.io , the rise of AI agents in the Software Development Lifecycle (SDLC) presents a unique opportunity for security teams to be stricter than ever before. As developers increasingly use AI agents and integrate LLMs into applications, the attack surface is evolving in ways traditional security can't handle. The only way forward is a Zero Trust approach to your own AI models Join Ashish Rajan and Amit Chita as they discuss the new threats introduced by AI and how to build a resilient security program for this new era. Guest Socials - Amit's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) Intro: The New Era of AI-Powered AppSec(03:10) Meet Amit Chita: From Founder to Field CTO at Mend.io(03:47) Defining AI-Powered Applications in 2025(05:02) AI-Native vs. AI-Powered: What's the Real Difference?(06:05) How AI is Radically Changing the SDLC: Speed, Scale, and Stricter Security(16:30) The Hidden Risk: Navigating AI Model & Data Licensing Chaos(20:50) SMB vs. Enterprise: Why Their AI Security Problems Are Different(23:00) Why Traditional Security Testing Fails Against AI Threats(26:03) Do You Need to Update Your Entire Security Program for AI?(29:14) The New DevSecOps: Keeping Developers Happy in the Age of AI(31:26) Real AI Threats: Malicious Packages & Indirect Prompt Injection(35:16) Is Regulation Coming for AI? A Look at the Current Landscape(38:00) The AI Security Toolbox: To Build or To Buy?(41:41) Fun Questions: Amit’s Proudest Moment & Favorite Restaurant Thank you to our episode sponsor Mend.io…

1 Guide to Hybrid Cloud & Bare Metal Secret Management 32:23
32:23
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب32:23
Is your organization struggling with secret management across bare metal, hybrid, and multi-cloud environments? Standard cloud-native tools often fall short when you need a single, standardized solution that bridges all your infrastructure. Dan Popescu, Senior Site Reliability Engineer at Booking.com joins us to share how they built a cloud-agnostic secret management strategy using HashiCorp Vault. We dive deep into the technical challenges of providing identity to bare metal machines, rotating dynamic secrets in legacy and modern applications, and why a central "broker" for authentication is critical for security at scale. Guest Socials - Dan 's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) Introduction(02:13) Dan's Background: From Cloud (AWS, GCP) to Bare Metal(03:06) The Core Challenges: Secret Exposure, Rotation & Access Control(04:45) Why Cloud-Native Fails at Scale: The Cost of 500k Requests/Min(07:32) What is a "Secret"? (It's More Than Just Passwords)(09:12) The Secret Lifecycle: Rotation, Revocation & Caching Issues(10:33) Securing Bare Metal: The Unique Challenge of On-Prem Secrets(15:44) Kubernetes & Container Secrets: Sidecars vs. Operators(18:36) The Pain of Moving from Static to Dynamic Secrets(20:40) How Do Machines Get an Identity? (Cloud IAM vs. Bare Metal)(24:28) A Practical Roadmap: Where to Start Standardizing Secrets(26:53) Key Learnings & Technical Pitfalls to Avoid(28:59) The Fun Section…

1 "Escape-Proof" Cloud: How Block built an Automated Approach to Egress Control 40:27
40:27
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب40:27
Many organizations focus on keeping attackers out, but what happens when one gets in? We spoke to Ramesh Ramani, Staff Security Engineer at Block about the real challenge, which is preventing them from leaving with your data. In this episode, Ramesh details the innovative system his team built to automate egress access control at scale, moving beyond traditional, inefficient methods. Ramesh explains how by establishing "sources of truth" for both internal applications and external partners, they created a centralized governance model. This system uses SPIFFE IDs to understand application identity, validates data-sharing requests against partner approvals, and provides a seamless, self-service experience for developers. Discover how this approach not only enhances security by preventing unauthorized data exfiltration but also improves incident response, allowing them to instantly revoke access to compromised third-party domains. Guest Socials - Ramesh's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) - Introduction(00:55) - Ramesh Ramani's Journey: From Network Engineer to Cloud Security at Block(02:03) - The "Trapped Thief" Analogy: Why Egress Is a Critical, Overlooked Problem(04:07) - The Trigger for Automation: Why Traditional Egress Security Doesn't Scale(07:36) - The Secret Sauce: Using SPIFFE IDs for Application Identity Across Any Cloud(14:42) - How It Works: Requesting Access & Denying Leaks to Partners like ChatGPT(30:39) - The Foundation: Why You Must Start with a "Source of Truth" for Apps & Partners(31:23) - Incident Response: Instantly Cutting Off Access When a Partner is Compromised(33:58) - Rollout Strategy: How to Implement Egress Controls Without Burdening Other Teams(37:35) - The Fun Section: Tech, Family, RPGs, and the Best Vegetarian Ramen Resources discussed during the episode: BSidesSF 2025 - Centralizing Egress Access Controls Across a Hybrid Environment.…

1 Prioritizing Cloud Security: How to Decide What to Protect First 41:08
41:08
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب41:08
When you can't protect everything at once, how do you decide what matters most? This episode tackles the core challenge of security prioritization. Geet Pradhan, Senior Security Engineer at Lime joins the podcast to share his framework for building a SecOps plan when you're a small team. Learn why his team made AWS logs their number one priority , how to leverage compliance requirements to guide your strategy , and why he advises starting with a small list of 1-5 critical applications instead of 35. Tune in for a conversation about strategic security for the modern cloud environment. Guest Socials - Geet's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) Introduction (00:32) Meet Geet Pradhan: Senior Security Engineer at Lime (01:17) What is Detection & Response in 2025? (04:35) Defining the Cloud Detection & Response Pipeline (09:42) Why SIEM-Only Alerts Don't Work for Remote Teams (12:02) How to Choose Your First Log Sources (17:00) Building Security Culture: How to Not Be "The Police" (22:45) Where to Find Pre-Built Detection Rules & Alerts (28:38) On-Prem vs. Cloud: Why The Threat Model Is Different (36:53) Fun Questions Resources spoken about during the interview: Geet's BSides SF Talk Nate Lee - Power of Persuasion…

1 Migrating from “Tick Box" Compliance to Automating GRC in a Multi-Cloud World 28:48
28:48
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب28:48
In many organizations, security exception management is a manual process, often treated as a simple compliance checkbox. While necessary, this approach can lead to unmonitored configurations that drift from their approved state, creating inconsistencies in an organization's security posture over time. How can teams evolve this process to support modern development without compromising on security? In this episode, Ashish Rajan sits down with security expert Santosh Bompally, Cloud Security Engineering Team Lead at Humana to discuss a practical framework for automating exception management. Drawing on his journey from a young tech enthusiast to a security leader at Humana, Santosh explains how to transform this process from a manual task into a scalable, continuously monitored system that enables developer velocity. Learn how to build a robust program from the ground up, starting with establishing a security baseline and leveraging policy-as-code, certified components, and continuous monitoring to create a consistent and secure cloud environment. Guest Socials - Santosh's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) Introduction(00:39) From Young Hacker to Cybersecurity Pro(02:14) The "Tick Box" Problem with Exception Management(03:17) Exposing Your Threat Landscape: The Risk of Not Automating(05:43) Where Do You Even Start? The First Steps(08:26) VMs vs Containers vs Serverless: Is It Different?(11:15) Building Your Program: Start with a Security Baseline(14:44) What Standard to Follow? (CIS, PCI, HIPAA)(17:20) The Lifecycle of a Control: When Should You Retire One?(19:42) The 3 Levels of Security Automation Maturity(23:25) Do You Need to Be a Coder for GRC Automation?(26:16) Fun Questions: Home Automation, Family & Food…

1 Using AI Agents to Solve Cloud Vulnerability Overload 38:09
38:09
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب38:09
In this episode, Ashish Rajan talks with Harry Wetherald , Co-Founder & CEO of Maze , about the reality of modern vulnerability management. They explore why current tools like CNAPPs can generate up to 90% false positives and how AI agents can provide a real solution by thinking like a security engineer to identify genuine, exploitable threats. Learn about the challenges of building your own AI solutions and how this new approach can eliminate noise and build trust between security and engineering team Guest Socials - Harry's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) Introduction(02:27) Who is Harry Wetherald?(04:45) The "Wall of Red": Why Security Tools Create 90% False Positives(06:21) The Mission: Solving Vulnerability Overload with AI(10:11) How an AI Agent Investigates a Vulnerability(16:09) The Hard Reality of Building Your Own AI Solution(18:14) Building for a Future of Evolving AI Models(20:00) What is the Role of an MCP (AI Copilot)?(27:31) Building AI Agents for Cloud Security(31:25) "Think Like a Hacker": Asking AI to Red Team Your Cloud(33:04) How AI Will Shape Security Programs in 2025 & Beyond(36:20) Fun Questions with Harry Thank you Maze for sponsoring this episode.…

1 Adapting to New Threats, Copilot Risks & The Future of Data (Feat. Matthew Radolec, Varonis) 39:31
39:31
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب39:31
AI is reshaping cybersecurity as we know it. From sophisticated AI-driven phishing attacks to the amplified risk of insider threats using tools like Copilot, the landscape is shifting at an unprecedented pace. How can security leaders and practitioners adapt? Join Ashish Rajan and Matthew Radolec (Varonis) as they explore the critical challenges and opportunities AI presents. Learn why 86% of attacks involve credential misuse and how AI agents are making it easier than ever for non-technical insiders to exfiltrate data. In this episode, you'll learn about: The "Blast Radius": How AI tools can dramatically increase data exposure. From "Breaking In" to "Logging In": The dominance of credential-based attacks. AI-Powered Social Engineering: The rise of "conversational bait". Copilot Use Cases & "Aha!" Moments Data Integrity in AI: The critical, overlooked pillar of AI security. The Enduring Importance of Access Management in an AI World. Transforming Security Operations: AI for incident response, playbooks, and forensics. Guest Socials - Matt's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) Introduction (01:57) New Threat Landscape in Cloud & AI (08:08) Use cases for regulated industries (10:03) Impact of Agentic AI in the cybersecurity space (12:22) Blind spots of going into AI (18:06) Shared responsibility for LLM providers (20:56) Lifting up security programs for AI (27:82) How is incident response changing with AI? (29:30) Cybersecurity areas that will be most impacted by AI (34:43) The Fun Section Thank you to our episode sponsor Varonis…

1 Securing AI: Threat Modeling & Detection 37:32
37:32
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب37:32
Is Artificial Intelligence the ultimate security dragon, we need to slay, or a powerful ally we must train? Recorded LIVE at BSidesSF, this special episode dives headfirst into the most pressing debates around AI security. Join host Ashish Rajan as he navigates the complex landscape of AI threats and opportunities with two leading experts: Jackie Bow (Anthropic): Championing the "How to Train Your Dragon" approach, Jackie reveals how we can leverage AI, and even its 'hallucinations,' for advanced threat detection, response, and creative security solutions. Kane Narraway (Canva): Taking the "Knight/Wizard" stance, Kane illuminates the critical challenges in securing AI systems, understanding the new layers of risk, and the complexities of AI threat modeling. 🔥 In this episode, we tackle the tough questions: Is the hype around past 'AI-powered' security justified, or was it "hot garbage"? How can you build effective threat models when AI introduces new, complex failure points? What are the real risks and challenges when implementing AI in production? Can AI tools like 'vibe coding' democratize security, or do they risk deskilling professionals? How can defenders possibly keep pace with AI-driven attacks without fully embracing AI themselves? Exploring the future of AI in both offensive and defensive cybersecurity. Guest Socials - Jackie's Linkedin + Kane's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) Intro: Slaying or Training the AI Dragon at BSidesSF? (03:15) Meet Jackie Bow (Anthropic): Training AI for Security Defense (03:41) Meet Kane Narraway (Canva): Securing AI Systems & Facing Risks (04:51) Was Traditional Security Ops "Hot Garbage"? Setting the Scene (06:32) The Real Risks: What AI Brings to Your Organisation (07:27) AI in Action: Leveraging AI for Threat Detection & Response (08:37) AI Hallucinations: Bug, Feature, or Security Blind Spot? (09:54) Threat Modeling AI: The Core Challenges & Learnings (13:29) Getting Started: Practical AI Threat Detection First Steps (17:56) AI & Cloud: Integrating AI into Your Existing Environments (25:38) AI vs. Traditional: Is Threat Modeling Different Now? (29:52) Your First Step: Where to Begin with AI Threat Modeling? (33:17) Fun Questions & Final Thoughts on the Future of AI Security…

1 CYBERSECURITY for AI: The New Threat Landscape & How Do We Secure It? 40:43
40:43
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب40:43
As Artificial Intelligence reshapes our world, understanding the new threat landscape and how to secure AI-driven systems is more crucial than ever. We spoke to Ankur Shah , Co-Founder and CEO of Straiker about navigating this rapidly evolving frontier. In this episode, we unpack the complexities of securing AI, from the fundamental shifts in application architecture to the emerging attack vectors. Discover why Ankur believes "you can only secure AI with AI" and how organizations can prepare for a future where "your imagination is the new limit," but so too are the potential vulnerabilities. Guest Socials - Ankur's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) Introduction (00:30) Meet Ankur Shah (CEO, Straiker) (01:54) Current AI Deployments in Organizations (Copilots & Agents) (04:48) AI vs. Traditional Security: Why Old Methods Fail for AI Apps (07:07) AI Application Types: Native, Immigrant & Explorer Explained (10:49) AI's Impact on the Evolving Cyber Threat Landscape (17:34) Ankur Shah on Core AI Security Principles (Visibility, Governance, Guardrails) (22:26) The AI Security Vendor Landscape (Acquisitions & Startups) (24:20) Current AI Security Practices in Organizations: What's Working? (25:42) AI Security & Hyperscalers (AWS, Azure, Google Cloud): Pros & Cons (26:56) What is AI Inference? Explained for Cybersecurity Pros (33:51) Overlooked AI Attack Surfaces: Hidden Risks in AI Security (35:12) How to Uplift Your Security Program for AI (37:47) Rapid Fire: Fun Questions with Ankur Shah Thank you to this episode's sponsor - Straiker.ai…

1 Cloud Security Evolved: From CNAPP to AI Threats 19:16
19:16
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب19:16
The world of cloud security is evolving at breakneck speed. Are traditional tools and strategies enough to combat the sophisticated threats of tomorrow? In this episode, we're joined by Elad Koren, Vice President of Product Management from Palo Alto Networks, to explore the dynamic journey of cloud security. Elad shares his insights on how the landscape has shifted, moving beyond the era of CSPM and CNAPP as standalone solutions. We delve into why a cloud-aware Security Operations Center (SOC) is no longer a luxury but a necessity, and what "runtime security" truly means in today's complex, multi-cloud environments. The conversation also tackles the double-edged sword of Artificial Intelligence, how it’s empowering both attackers with new capabilities and defenders with advanced tools. Elad discusses the critical considerations for organizations undergoing digital transformation, the importance of AI governance, and provides actionable advice for companies at all stages of their cloud adoption journey, from securing code from day one to building holistic visibility across their entire infrastructure. Guest Socials - Elad's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) Introduction (01:38) How has Cloud Security Evolved? (04:21) Why CNAPP is not enough anymore? (07:13) What is runtime security? (07:54) Impact of AI on Cloud Security (11:41) What to include in your cybersecurity program in 2025? (16:47) The Fun Section Thank you to this episode's sponsor - PaloAlto Networks Resources discussed during the episode: PaloAlto Networks RSAC Announcement 1 PaloAlto Networks RSAC Announcement 2…

1 RSA Conference 2025 Recap: Top Themes, Actionable Insights & Future Trends 53:52
53:52
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب53:52
Dive deep into the key takeaways from RSA Conference 2025 with our expert panel! Join Ashish Rajan, James Berthoty, Chris Hughes, Tanya Janca, and Francis Odum as they dissect the biggest trends, surprises, and "hot takes" from one of the world's largest cybersecurity events. In this episode, we cover: Initial reactions and the sheer scale of RSA Conference 2025. Major themes: AI's impact on cybersecurity, especially AppSec, vendor consolidation, the evolution of runtime security, and more. The rise of AI-native applications and how they're reshaping the landscape. Deep dives into Application Security (AppSec), secure coding with AI, and the future of vulnerability management. Understanding runtime security beyond DAST and its critical role. Unexpected insights and surprising takeaways from the conference floor. Guests include: Chris Hughes – CEO at Aquia & host of Resilient Cyber James Berthoty – Cloud and AppSec engineer, known for sharp vendor analysis and engineering-first content and Latio Tech Tanya Janca – Founder of She Hacks Purple Francis Odum – Founder of S oftware Analyst Cyber Research Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) Introduction: Unpacking the RSA Conference 2025 (02:20) Meet the Experts: Panelist Introductions (03:39) RSAC First Impressions: Scale, Excitement & Attendee Numbers (07:52) Top Themes from RSA Conference 2025 (16:01) AI's Evolution: Native Applications & AppSec's Transformation (33:30) Demystifying Runtime Security (Beyond DAST) (40:23) RSA Surprises & Unexpected Takeaways…

1 Mindset: Modern SOC Strategies for Cloud & Kubernetes (Ft Sergej Epp. Ex-Deutsche Bank) 35:01
35:01
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب35:01
Join Ashish Rajan in this episodeas he dives deep into the evolving world of cloud security with Sergej Epp, formerly of Deutsche Bank and Palo Alto Networks, now with Sysdig. Discover why traditional security approaches fall short in today's dynamic cloud-native environments, where workloads resemble swarms of drones rather than predictable trains. Sergej explains the critical shift from basic posture management (CSPM/CNAPP) towards runtime security, emphasizing the need for an "assume breach" mindset. Learn about the staggering reality that over 60% of containers now live for less than a minute and the immense challenges this poses for detection, incident response, and forensics. This episode covers: The evolution from traditional security to cloud-native and runtime security. Why CNAPP/CSPM is like a map, but runtime security is the essential radar. The complexities of modern incident response with ephemeral workloads. Key strategies for Security Operations Centers (SOC) adapting to the cloud. The importance of visibility, data collection, and tools for hybrid and even air-gapped environments. How AI is starting to aid security operations and forensics. Guest Socials: Sergej Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) Introduction: Cloud Security & The One-Minute Container Problem (01:31) Meet Sergej Epp: 20+ Years in Cybersecurity (Deutsche Bank, Palo Alto, Sysdig) (02:44) What is Cloud Native Today? From Train Stations to Airports with Drones (05:34) Runtime Security Explained: Why It's Crucial Now (11:05) The Evolution of Cloud Security: Beyond Basic Posture Management (13:49) Incident Response Evolution: Tackling One-Minute Containers (18:34) Who Needs Runtime Security? Platform Engineers, SOC Teams & More (21:01) Runtime Security as a Platform: Beyond Detection to Prevention & Insights (24:45) Cloud Security Program Maturity: From On-Prem to Cloud Native SOC (29:20) AI in SOC Operations: Speeding Up Forensics & Context…

1 Scaling Container Security Without Slowing Developers 28:13
28:13
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب28:13
Are you struggling to implement robust container security at scale without creating friction with your development teams? In this episode, host Ashish Rajan sits down with Cailyn Edwards, Co-Chair of Kubernetes SIG Security and Senior Security Engineer, for a masterclass in practical container security. This episode was recorded LIVE at KubeCon EU, London 2025. In this episode, you'll learn about: Automating Security Effectively: Moving beyond basic vulnerability scanning to implement comprehensive automation Bridging the Security-Developer Gap: Strategies for educating developers, building trust, fostering collaboration, and understanding developer use cases instead of just imposing rules. The "Shift Down" Philosophy: Why simply "Shifting Left" isn't enough, and how security teams can proactively provide secure foundations, essentially "Shifting Down." Leveraging Open Source Tools: Practical discussion around tools like Trivy, Kubeaudit, Dependabot, RenovateBot, TruffleHog, Kube-bench, OPA, and more. The Power of Immutable Infrastructure: Exploring the benefits of using minimal, immutable images to drastically reduce patching efforts and enhance security posture. Understanding Real Risks: Discussing the dangers lurking in default configurations and easily exposed APIs/ports in container environments. Getting Leadership Buy-In: The importance of aligning security initiatives with business goals and securing support from leadership. Guest Socials: Cailyn's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) Intro: Container Security at Scale (01:56) Meet Cailyn Edwards: Kubernetes SIG Security Co-Chair (03:34) Why Container Security Matters: Risks & Exposures Explained (06:21) Automating Container Security: From Scans to Admission Controls (12:19) Essential Container Security Tools (Trivy, OPA, Chainguard & More) (19:35) Overcoming DevSecOps Challenges: Working with Developers (21:31) Proactive Security: Shifting Down, Not Just Left (25:24) Fun Questions with Cailyn Resources spoken about during the interview: Cailyn's talk at KubeCon EU 2025…
C
Cloud Security Podcast

1 How Attackers Stay Hidden Inside Your Azure Cloud 35:27
35:27
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب35:27
In this episode, Ashish sits down with Christian Philipov, Principal Security Consultant at WithSecure, to explore the stealth tactics threat actors are using in Azure and why many of these go undetected. Christian breaks down the lesser-known APIs like Ibiza and PIM, how Microsoft Graph differs from legacy APIs, and what this means for defenders. The 3 common ways attackers stay stealthy in Azure Why read-only enumeration activity often isn’t logged What detection is possible and how to improve it How conditional access and logging configuration can help defenders Why understanding Microsoft Graph matters for security ops Guest Socials: Christian's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) Introduction (02:09) A bit about Christian (02:39) What is considered stealthy in Azure? (04:39) Which services are stealthy in Azure? (06:25) PIM and Ibiza API (12:53) The role of Defender for Cloud (18:04) Does the Stealthy API approach scale? (19:26) Preventing Stealthy API attacks (21:49) Best Practices for Prevention in Azure (25:47) Behaviour Analysis in Azure (29:31) The Fun Section Resources spoken about during the interview: Christian's fwd:cloudsec talk - Staying Sneaky in Microsoft Azure Christian's Disobey Talk…
C
Cloud Security Podcast

1 How Confluent Migrated Kubernetes Networking Across AWS, Azure & GCP 15:32
15:32
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب15:32
Ever tried solving DNS security across a multi-cloud, multi-cluster Kubernetes setup? In this episode recorded live at KubeCon, Ashish chats with Nimisha Mehta and Alvaro Aleman from Confluent's Kubernetes Platform Team. Together, they break down the complex journey of migrating to Cilium from default CNI plugins across Azure AKS, AWS EKS, and Google GKE. You’ll hear: How Confluent manages Kubernetes clusters across cloud providers. Real-world issues encountered during DNS security migration. Deep dives into cloud-specific quirks with Azure’s overlay mode, GKE’s Cilium integration, and AWS’s IP routing limitations. Race conditions, IP tables, reverse path filters, and practical workarounds. Lessons they’d share for any platform team planning a similar move. Guest Socials: Alvaro's Linkedin + Nimisha's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) Introduction (01:55) A bit about Alvaro (02:41) A bit about Nimisha (03:11) About their Kubecon NA talk (03:51) The Cilium use case (05:16) Using Kubernetes Native tools in all 3 cloud providers (011:41) Lessons learnt from the project Resources spoken about during the interview Confluent's Multi-Cloud Journey to Cilium: Pitfalls and Lessons Lea... Nimisha Mehta & Alvaro Aleman…
C
Cloud Security Podcast

1 The New Future of Cloud Security: Vendor Lock-In, Runtime, and SOC Readiness 51:35
51:35
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب51:35
The cloud security landscape may have just shifted — and we're here to break it down. In this special panel episode, host Ashish Rajan is joined by an all-star group of cloud and cybersecurity experts to discuss one of the most important conversations in cloud security today: the changing nature of security architecture, SOC readiness, and how teams must evolve in a multi-cloud world. Guests include: Chris Hughes – CEO at Acqui & host of Resilient Cyber James Berthoty – Cloud and AppSec engineer, known for sharp vendor analysis and engineering-first content and Latio Tech Mike Privette – Founder of Return on Security , expert in cybersecurity economics Francis Odum – Founder of S oftware Analyst Cyber Research We Cover: Why cloud security is now beyond CSPM and CNAPP The impact of major market moves on enterprise cloud strategy What vendor lock-in really means in a multi-cloud era How runtime and real-time security are taking center stage The rise of AI-SPM and AI-powered SOCs What CISOs and practitioners should actually be doing now Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) Introduction (02:05) A bit about our panelists (04:24) Current Cloud Security Landscape (09:36) Challenges with Multi-Cloud Security (18:06) Runtime Security for Cloud (23:34) Can SOC deal with CNAPP Alerts (26:23) CISO planning their cybersecurity program (32:38) Regulatory requirements in public sector (36:27) Success Metrics for Modern Cloud Security Program…
C
Cloud Security Podcast

1 Detection Engineering with Google Cloud 42:31
42:31
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب42:31
Detection rules aren’t just for fun—they’re critical for securing cloud environments. But are you using them the right way? In this episode, Ashish Rajan sits down with David French, Staff Adoption Engineer for Security at Google Cloud, to break down how organizations can scale Detection as Code across AWS, Azure, and Google Cloud. Why prevention isn’t enough—and how detection fills the gap The biggest mistakes in detection rules that could blow up your SOC How to scale detections across hundreds (or thousands) of cloud accounts The ROI of Detection as Code—why security leaders should care Common low-hanging fruit detections every cloud security team should implement David has spent over a decade working in detection engineering, threat hunting, and building SIEM & EDR products. He shares real-world insights on how companies can improve their detection strategies and avoid costly security missteps. Guest Socials: David's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) Introduction (03:06) What is Detection as Code? (03:41) What was before Detection as Code? (05:36) Business ROI for doing Detection as Code? (07:49) Building Security Operations in Google Cloud (12:41) Threat Detection for different type of workload (14:54) What is Google SecOps? (20:36) Different kinds of Detection people can create (24:46) Scaling Detection across many Google Cloud accounts (28:47) The role of Data Pipeline in Detection (31:44) Detections people can start with (34:14) Stages of maturity for detection (36:43) Skillsets for Detection Engineering (39:32) The Fun Section…
C
Cloud Security Podcast

1 CNAPPs & CSPMs don’t tell the full cloud security story 49:23
49:23
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب49:23
In this episode we speak to Nick Jones, an expert in offensive cloud security and Head of Research at WithSecure to expose the biggest security gaps in cloud environments and why CNAPPs and CSPMs alone are not enough often. How cloud pentesting differs from traditional pentesting Why CSPMs & CNAPPs don’t tell the full cloud security story The biggest cloud attack paths—identity, IAM users, and CI/CD Why “misconfigurations vs vulnerabilities” is the wrong debate How organizations should prepare for a cloud pentest With real-world examples from red team engagements and cloud security research, Nick shares insider knowledge on how attackers target AWS, Azure, and Kubernetes environments—and what security teams can do to stop them. Guest Socials: Nick's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) Introduction (02:40) A bit about Nick Jones (03:56) How has Cloud Security Evolved? (05:52) Why do we need pentesting in Cloud Security? (08:09) Misconfiguration vs Vulnerabilities (11:04) Cloud Pentesting in Different Environments (17:05) Impact of Kubernetes Adoption on Offensive Cloud Security (20:19) Planning for a Cloud Pentest (29:04) Common Attacks Paths in Cloud (33:05) Mitigating Common Risk in Cloud (35:14) What is Detection as Code? (41:17) Skills for Cloud Pentesting (45:28) Fun Sections…
C
Cloud Security Podcast

What does it take to secure AI-based applications in the cloud? In this episode, host Ashish Rajan sits down with Bar-el Tayouri, Head of Mend AI at Mend.io , to dive deep into the evolving world of AI security. From uncovering the hidden dangers of shadow AI to understanding the layers of an AI Bill of Materials (AIBOM), Bar-el breaks down the complexities of securing AI-driven systems. Learn about the risks of malicious models, the importance of red teaming, and how to balance innovation with security in a dynamic AI landscape. What is an AIBOM and why it matters The stages of AI adoption: experimentation to optimization Shadow AI: A factor of 10 more than you think Practical strategies for pre- and post-deployment security The future of AI security with agent swarms and beyond Guest Socials: Bar-El's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) Introduction (02:24) A bit about Bar-el (03:32) What is AIBOM? (12:58) What is an embedding model? (16:12) What should Leaders have in their AI Security Strategy? (19:00) Whats different about the AI Security Landscape? (23:50) Challenges with integrating security into AI based Applications (25:33) Has AI solved the disconnect between Security and Developers (28:39) Risk framework for AI Security (32:26) Dealing with threats for current AI Applications in production (36:51) Future of AI Security (41:24) The Fun Section…
C
Cloud Security Podcast

AWS networking isn’t as simple as it seems and when you’re dealing with regulated industries like healthcare, the stakes are even higher. In this episode we sit down with Kyler Middleton and Jack W. Harter from Veradigm — who have navigated complex AWS networking challenges while migrating from on-prem data centers to the cloud. We speak about: The real struggles of moving from data centers to AWS Why networking can feel like a black box The anti-pattern that surprisingly worked best How to build secure cloud networks—without losing your sanity The hidden security & compliance challenges in healthcare cloud migration Guest Socials: Kyler's Linkedin + Jack's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) Introduction (01:55) A bit about Kyler and Jack (03:18) Security Challenges in Medical Industry (06:01) Where to start when migrating from data centres to AWS? (07:42) Networking Challenges for Regulated Industries (11:26) Networking in On-Prem vs Cloud (19:24) Security by Design considerations (29:31) The Terraform pieces (34:34) Network Firewall in Cloud (39:46) Lessons learnt from the project (46:21) The Fun Section Resources: Let's Do DevOps - Kyler's Website Jack's Website Day Two DevOps - Podcast Co-Hosted by Kyler…
C
Cloud Security Podcast

1 Cloud Incident Response in Microsoft Azure 54:15
54:15
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب54:15
In this episode, we dive deep into Azure security, incident response, and the evolving cloud threat landscape with Katie Knowles, Security Researcher and former Azure Incident Responder. We spoke about common Azure incident response scenarios you need to prepare for, how identity and privilege escalation work in Azure, how Active Directory and Entra ID expose new risks and what security teams need to know about Azure networking and logging. Guest Socials: Katie's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) Introduction (02:27) A bit about Katie (03:17) Domain Admin in Azure (07:03) Common causes of incidents in Azure (08:53) Identities in Azure (11:44) Third Party Identities in Azure (17:34) Azure Networking and Incident Response (22:35) Common Incidents in Azure (26:53) AI specific incidents in Azure (28:45) Privilege escalation in Azure (39:37) Where to start with Azure Research? (48:20) The Fun Questions…
C
Cloud Security Podcast

1 AWS Multi-Account Security: What Netflix Learned 50:33
50:33
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب50:33
🚀 How do you secure thousands of AWS accounts without slowing down developers? Netflix’s cloud security experts Patrick Sanders & Joseph Kjar join us to break down their identity-first security model and share lessons from scaling security across a massive AWS multi-account environment. In this episode, we cover: Why identity, not network, is the best security boundary The challenges of least privilege and right-sized access How Netflix migrates IAM roles while minimizing disruptions The impact of multi-account AWS security strategies Guest Socials: Patrick's Linkedin + Joseph's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) Introduction (02:05) A bit about Joseph (02:32) A bit about Patrick (02:38) Scaling security across multiple accounts (03:29) Least Privilege is hard (06:44) Why go down the identity path? (08:49) Identity based approach for least privilege (15:43) Security at scale for Multi Account in AWS (23:54) Lessons from the project (27:02) What would be classified as an easy migration? (30:55) How the project has progressed? (35:01) Automation Pieces that enabled the project (37:54) Where to start with scaling security across Multi Accounts? (39:21) Resource Access Manager and how it fits into migration Resources discussed in this interview: Accelerate insights using AWS SDK instrumentation Talk Patrick and Joseph’s Talk - Netflix's massive multi-account journey: Year two Joseph and Patrick's previous interview on Cloud Security Podcast…
C
Cloud Security Podcast

1 Cloud Security Detection & Response Strategies That Actually Work 57:58
57:58
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب57:58
We spoke to Will Bengtson (VP of Security Operations at HashiCorp) bout the realities of cloud incident response and detection. From root credentials to event-based threats, this conversation dives deep into: Why cloud security is NOT like on-prem – and how that affects incident response How attackers exploit APIs in seconds (yes, seconds—not hours!) The secret to building a cloud detection program that actually works The biggest detection blind spots in AWS, Azure, and multi-cloud environments What most SOC teams get WRONG about cloud security Guest Socials: Will's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) Introduction (00:38) A bit about Will Bengtson (05:41) Is there more awareness of Incident Response in Cloud (07:05) Native Solutions for Incident Response in Cloud (08:40) Incident Response and Threat Detection in the Cloud (11:53) Getting started with Incident Response in Cloud (20:45) Maturity in Incident Response in Cloud (24:38) When to start doing Threat Hunting? (27:44) Threat hunting and detection in MultiCloud (31:09) Will talk about his BlackHat training with Rich Mogull (39:19) Secret Detection for Detection Capability (43:13) Building a career in Cloud Detection and Response (51:27) The Fun Section…
C
Cloud Security Podcast

In this episode, we sit down with Sunil Rane, an experienced cybersecurity leader with over 20 years in cybersecurity across industries like healthcare, education, media, and consulting. Sunil shares unique insights into the diverse challenges faced by CISOs, from managing data sensitivity in healthcare to the lack of standardized frameworks in media, how to balance data availability and security without compromising operational efficiency, the complexities of being a custodian of data in consulting and how to manage cross-industry compliance and why communication and collaboration are critical for CISOs, from internal stakeholders to public sector regulators. Guest Socials: Sunil's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) Introduction (02:13) A bit about Sunil Rane (03:25) Cybersecurity in education and healthcare (09:12) Cybersecurity and consulting (15:49) Cybersecurity challenges in public and private sector (18:35) Cybersecurity in the media industry (25:48) Skillset for becoming a CISO (29:36) The Fun Section…
C
Cloud Security Podcast

1 Why Solving the Data Problem is Key to Cloud Security? 50:33
50:33
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب50:33
In this episode we’re joined by Francis Odum , founder and lead research analyst at Software Analyst Cyber Research. Drawing from his extensive research and conversations with CISOs, security operators, and vendors, Francis shares his insights on the state of identity security and the rise of non-human identities (NHI) in the cloud, why solving the data problem is critical to reducing false positives, improving SOC efficiency, and cutting costs, the early but growing landscape of AI and LLM security and its intersection with DSPM and data governance and predictions for 2025 trends, including what should be ditched and what the cybersecurity industry should prioritize. Guest Socials: Francis's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) Introduction (01:56) A bit about Francis (03:45) What is CNAPP in 2025? (06:55) The Identity space in 2025 (10:34) The state of SOC in 2025 (19:23) The AI Security Ecosystem (24:44) DSPM vs DLP (29:48) What should we ditch in 2025? (33:01) What should we see a lot more in 2025? (41:39) A bit about Cloud Security Bootcamp (42:58) The Fun Section Resources spoken about during the episode: Software Analyst Cyber Research…
C
Cloud Security Podcast

1 The economics of cybersecurity and trends 26:03
26:03
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب26:03
In this episode, host Ashish Rajan spoke to Mike Privette , founder of Return on Security, to explore the landscape of cybersecurity as we look toward 2025. Mike shared his unique insights on the economics of cybersecurity, breaking down industry trends, and discussing how AI is revolutionizing areas like governance, risk, compliance (GRC), and data loss prevention (DLP). They dive into the convergence of cloud security and application security, the rise of startups, and the ever-present "cat-and-mouse game" of adapting to investor and buyer needs. Guest Socials: Mike's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) Introduction (00:27) A bit about Mike (00:49) The story behind Return On Security (01:40) How big is the cybersecurity landscape? (04:36) Cybersecurity Trends from 2024 (07:03) AI Security in 2024 (08:10) Cybersecurity Trends in 2025 (13:16) Trends to look at when starting a company (16:18) Trends for Startups (17:37) Do new vendors enter the cybersecurity market? (18:53) Whats a healthy cybersecurity industry? (20:12) The world of startup acquisitions (22:29) The Fun Section…
C
Cloud Security Podcast

1 The Truth About CNAPP and Kubernetes Security 40:08
40:08
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب40:08
In this episode of the Cloud Security Podcast, host Ashish Rajan speaks to James Berthoty, founder of Latio.Tech and an engineer-driven analyst, for a discussion on cloud security tools. In this episode James breaks down CNAPP and what it really means for engineers, if kubernetes secuity is the new baseline for cloud security and runtime security vs vulnerability management. Guest Socials: James's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) Introduction (02:26) A bit about James (03:20) What in Cloud Security in 2025? (04:51) What is CNAPP? (07:01) Differentiating a vulnerability from misconfiguration (11:51) Vulnerability Management in Cloud (15:38) Is Kubernetes becoming the default? (21:50) Is there a good way to do platformization? (24:16) Should CNAPP include Kubernetes? (28:07) What is AI Security in 2025? (35:06) Tool Acronyms for 2025 (37:27) Fun Questions…
C
Cloud Security Podcast

1 Cybersecurity Isn’t Crowded: Security Engineering and the 5,000 Vendor Problem 1:10:13
1:10:13
التشغيل لاحقا
التشغيل لاحقا
قوائم
إعجاب
احب1:10:13
In this episode our host Ashish Rajan sat down with Ross Haleliuk , author of Cybersecurity for Builders and creator of the Venture in Security blog , to explore the current state and future of the cybersecurity industry. From understanding the challenges of building a cybersecurity startup to the dynamics of security engineering and market trends for 2025. Ross and Ashish explore why the cybersecurity industry isn’t as crowded as it seems and the divide between companies that build in-house security and those that rely on vendors. Ross also unpacks why sales and marketing aren’t “dirty words” in cybersecurity, why security engineering is “the present,” and how practitioners can balance business needs with technical aspirations. Guest Socials: Ross's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) Introduction (05:33) How Venture in Security started? (09:33) Security Engineering in Cybersecurity (18:18) Cybersecurity markets that will be top of mind in 2025 (24:15) GTM for Defender Tools (30:09) Vulnerabilities vs Misconfiguration Tools (37:56) How should product companies think about GTM? (44:27) How to decide between different security tools? (56:36) Cybersecurity for Builders book (01:05:00) The Fun Section Resources shared during the episode: Venture in Security Blog Cyber for Builders Book Challenges in Security Engineering Programs - Rami McCarthy Cybersecurity is not a market for lemons. It is a market for silver bullets The Market for Silver Bullets…
مرحبًا بك في مشغل أف ام!
يقوم برنامج مشغل أف أم بمسح الويب للحصول على بودكاست عالية الجودة لتستمتع بها الآن. إنه أفضل تطبيق بودكاست ويعمل على أجهزة اندرويد والأيفون والويب. قم بالتسجيل لمزامنة الاشتراكات عبر الأجهزة.