Claim OwnershipCloud Security Podcast
Subscribed: 394Played: 12,877
Subscribe
© Cloud Security Podcast Team
Description
Learn Cloud Security in Public Cloud the unbiased way from CyberSecurity Experts solving challenges at Cloud Scale. We can be honest because we are not owned by Cloud Service Provider like AWS, Azure or Google Cloud.
We aim to make the community learn Cloud Security through community stories from small - Large organisations solving multi-cloud challenges to diving into specific topics of Cloud Security.
We LIVE STREAM interviews on Cloud Security Topics every weekend on Linkedin, YouTube, Facebook and Twitter with over 150 people watching and asking questions and interacting with the Guest.
We aim to make the community learn Cloud Security through community stories from small - Large organisations solving multi-cloud challenges to diving into specific topics of Cloud Security.
We LIVE STREAM interviews on Cloud Security Topics every weekend on Linkedin, YouTube, Facebook and Twitter with over 150 people watching and asking questions and interacting with the Guest.
333 Episodes
Reverse
Thinking of building your own AI security tool? In this episode, Santiago Castiñeira, CTO of Maze, breaks down the realities of the "Build vs. Buy" debate for AI-first vulnerability management.While building a prototype script is easy, scaling it into a maintainable, audit-proof system is a massive undertaking requiring specialized skills often missing in security teams. The "RAG drug" relies too heavily on Retrieval-Augmented Generation for precise technical data like version numbers, which often fails .The conversation gets into the architecture required for a true AI-first system, moving beyond simple chatbots to complex multi-agent workflows that can reason about context and risk . We also cover the critical importance of rigorous "evals" over "vibe checks" to ensure AI reliability, the hidden costs of LLM inference at scale, and why well-crafted agents might soon be indistinguishable from super-intelligence .Guest Socials - Santiago's LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Security PodcastQuestions asked:(00:00) Introduction(02:00) Who is Santiago Castiñeira?(02:40) What is "AI-First" Vulnerability Management? (Rules vs. Reasoning)(04:55) The "Build vs. Buy" Debate: Can I Just Use ChatGPT?(07:30) The "Bus Factor" Risk of Internal Tools(08:30) Why MCP (Model Context Protocol) Struggles at Scale(10:15) The Architecture of an AI-First Security System(13:45) The Problem with "Vibe Checks": Why You Need Proper Evals(17:20) Where to Start if You Must Build Internally(19:00) The Hidden Need for Data & Software Engineers in Security Teams(21:50) Managing Prompt Drift and Consistency(27:30) The Challenge of Changing LLM Models (Claude vs. Gemini)(30:20) Rethinking Vulnerability Management Metrics in the AI Era(33:30) Surprises in AI Agent Behavior: "Let's Get Back on Topic"(35:30) The Hidden Cost of AI: Token Usage at Scale(37:15) Multi-Agent Governance: Preventing Rogue Agents(41:15) The Future: Semi-Autonomous Security Fleets(45:30) Why RAG Fails for Precise Technical Data (The "RAG Drug")(47:30) How to Evaluate AI Vendors: Is it AI-First or AI-Sprinkled?(50:20) Common Architectural Mistakes: Vibe Evals & Cost Ignorance(56:00) Unpopular Opinion: Well-Crafted Agents vs. Super Intelligence(58:15) Final Questions: Kids, Argentine Steak, and Closing
In this episode, Cliff Crosland, CEO & co-founder of Scanner.dev, shares his candid journey of trying (and initially failing) to build an in-house security data lake to replace an expensive traditional SIEM.Cliff explains the economic breaking point where scaling a SIEM became "more expensive than the entire budget for the engineering team". He details the technical challenges of moving terabytes of logs to S3 and the painful realization that querying them with Amazon Athena was slow and costly for security use cases .This episode is a deep dive into the evolution of logging architecture, from SQL-based legacy tools to the modern "messy" data lake that embraces full-text search on unstructured data. We discuss the "data engineering lift" required to build your own, the promise (and limitations) of Amazon Security Lake, and how AI agents are starting to automate detection engineering and schema management.Guest Socials - Cliff's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Security PodcastQuestions asked:(00:00) Introduction(02:25) Who is Cliff Crosford?(03:00) Why Teams Are Switching from SIEMs to Data Lakes(06:00) The "Black Hole" of S3 Logs: Cliff's First Failed Data Lake(07:30) The Engineering Lift: Do You Need a Data Engineer to Build a Lake?(11:00) Why Amazon Athena Failed for Security Investigations(14:20) The Danger of Dropping Logs to Save Costs(17:00) Misconceptions About Building Your Own Data Lake(19:00) The Evolution of Logging: From SQL to Full-Text Search(21:30) Is Amazon Security Lake the Answer? (OCSF & Custom Logs)(24:40) The Nightmare of Log Normalization & Custom Schemas(28:00) Why Future Tools Must Embrace "Messy" Logs(29:55) How AI Agents Are Automating Detection Engineering(35:45) Using AI to Monitor Schema Changes at Scale(39:45) Build vs. Buy: Does Your Security Team Need Data Engineers?(43:15) Fun Questions: Physics Simulations & Pumpkin Pie
How do you establish trust in an AI SOC, especially in a regulated environment? Grant Oviatt, Head of SOC at Prophet Security and a former SOC leader at Mandiant and Red Canary, tackles this head-on as a self-proclaimed "AI skeptic". Grant shared that after 15 years of being "scared to death" by high-false-positive AI, modern LLMs have changed the game .The key to trust lies in two pillars: explainability (is the decision reasonable?) and traceability (can you audit the entire data trail, including all 40-50 queries?) . Grant talks about yje critical architectural components for regulated industries, including single-tenancy , bring-your-own-cloud (BYOC) for data sovereignty , and model portability.In this episode we will be comparing AI SOC to traditional MDRs and talking about real-world "bake-off" results where an AI SOC had 99.3% agreement with a human team on 12,000 alerts but was 11x faster, with an average investigation time of just four minutes .Guest Socials - Grant's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Security Podcast(00:00) Introduction(02:00) Who is Grant Oviatt?(02:30) How to Establish Trust in an AI SOC for Regulated Environments(03:45) Explainability vs. Traceability: The Two Pillars of Trust(06:00) The "Hard SOC Life": Pre-AI vs. AI SOC(09:00) From AI Skeptic to AI SOC Founder: What Changed? (10:50) The "Aha!" Moment: Breaking Problems into Bite-Sized Pieces(12:30) What Regulated Bodies Expect from an AI SOC(13:30) Data Management: The Key for Regulated Industries (PII/PHI) (14:40) Why Point-in-Time Queries are Safer than a SIEM (15:10) Bring-Your-Own-Cloud (BYOC) for Financial Services (16:20) Single-Tenant Architecture & No Training on Customer Data (17:40) Bring-Your-Own-Model: The Rise of Model Portability (19:20) AI SOC vs. MDR: Can it Replace Your Provider? (19:50) The 4-Minute Investigation: Speed & Custom Detections (21:20) The Reality of Building Your Own AI SOC (Build vs. Buy)(23:10) Managing Model Drift & Updates(24:30) Why Prophet Avoids MCPs: The Lack of Auditability (26:10) How Far Can AI SOC Go? (Analysis vs. Threat Hunting)(27:40) The Future: From "Human in the Loop" to "Manager in the Loop" (28:20) Do We Still Need a Human in the Loop? (95% Auto-Closed) (29:20) The Red Lines: What AI Shouldn't Automate (Yet) (30:20) The Problem with "Creative" AI Remediation(33:10) What AI SOC is Not Ready For (Risk Appetite)(35:00) Gaining Confidence: The 12,000 Alert Bake-Off (99.3% Agreement) (37:40) Fun Questions: Iron Mans, Texas BBQ & SeafoodThank you to Prophet Security for sponsoring this episode.
Are we underestimating how the agentic world is impacting cybersecurity? We spoke to Mohan Kumar, who did production security at Box for a deep dive into the threats of true autonomous AI agents.The conversation moves beyond simple LLM applications (like chatbots) to the new world of dynamic, goal-driven agents that can take autonomous actions. Mohan took us through why this shift introduces a new class of threats we aren't prepared for, such as agents developing new, unmonitorable communication methods ("Jibber-link" mode).Mohan shared his top three security threats for AI agents in production:Memory Poisoning: How an agent's trusted memory (long-term, short-term, or entity memory) can be corrupted via indirect prompt injection, altering its core decisions.Tool Misuse: The risk of agents connecting to rogue tools or MCP servers, or having their legitimate tools (like a calendar) exploited for data exfiltration.Privilege Compromise: The critical need to enforce least-privilege on agents that can shift roles and identities, often through misconfiguration.Guest Socials - Mohan's LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Security PodcastQuestions asked:(00:00) Introduction(01:30) Who is Mohan Kumar? (Production Security at Box)(03:30) LLM Application vs. AI Agent: What's the Difference?(06:50) "We are totally underestimating" AI agent threats(07:45) Software 3.0: When Prompts Become the New Software(08:20) The "Jibber-link" Threat: Agents Ditching Human Language(10:45) The Top 3 AI Agent Security Threats(11:10) Threat 1: Memory Poisoning & Context Manipulation(14:00) Threat 2: Tool Misuse (e.g., exploiting a calendar tool)(16:50) Threat 3: Privilege Compromise (Least Privilege for Agents)(18:20) How Do You Monitor & Audit Autonomous Agents?(20:30) The Need for "Observer" Agents(24:45) The 6 Components of an AI Agent Architecture(27:00) Threat Modeling: Using CSA's MAESTRO Framework(31:20) Are Leaks Only from Open Source Models or Closed (OpenAI, Claude) Too?(34:10) The "Grandma Trick": Any Model is Susceptible(38:15) Where is AI Agent Security Evolving? (Orchestration, Data, Interface)(42:00) Fun Questions: Hacking MCPs, Skydiving & Risk, BiryaniResources mentioned during the episode:Mohan’s Udemy Course -AI Security Bootcamp: LLM Hacking Basics Andre Karpathy's "Software 3.0" Concept "Jibber-link Mode" VideoCrewAI FrameworkOWASP Top 10 for LLM Applications Cloud Security Alliance (CSA) MAESTRO Framework
The silos between Application Security and Cloud Security are officially breaking down, and AI is the primary catalyst. In this episode, Tejas Dakve, Senior Manager, Application Security, Bloomberg Industry Group and Aditya Patel, VP of Cybersecurity Architecture discuss how the AI-driven landscape is forcing a fundamental change in how we secure our applications and infrastructure.The conversation explores why traditional security models and gates are "absolutely impossible" to maintain against the sheer speed and volume of AI-generated code . Learn why traditional threat modeling is no longer a one-time event, how the lines between AppSec and CloudSec are merging, and why the future of the industry belongs to "T-shaped engineers" with a multidisciplinary range of skills.Guest Socials - Tejas's Linkedin + Aditya's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Security PodcastQuestions asked:(00:00) Introduction(02:30) Who is Tejas Dakve? (AppSec)(03:40) Who is Aditya Patel? (CloudSec)(04:30) Common Use Cases for AI in Cloud & Applications(08:00) How AI Changed the Landscape for AppSec Teams(09:00) Why Traditional Security Models Don't Work for AI(11:00) AI is Breaking Down Security Silos (CloudSec & AppSec)(12:15) The "Hallucination" Problem: AI Knows Everything Until You're the Expert(12:45) The Speed & Volume of AI-Generated Code is the Real Challenge(14:30) How to Handle the AI Code Explosion? "Paved Roads"(15:45) From "Department of No" to "Department of Safe Yes"(16:30) Baking Security into the AI Lifecycle (Like DevSecOps)(18:25) Securing Agentic AI: Why IAM is More Important than the Chat(24:00) The Silo: AppSec Doesn't Have Visibility into Cloud IAM(25:00) Merging Threat Models: AppSec + CloudSec(26:20) Using New Frameworks: MITRE ATLAS & OWASP LLM Top 10(27:30) Threat Modeling Must Be a "Living & Breathing Process"(28:30) Using AI for Automated Threat Modeling(31:00) Building vs. Buying AI Security Tools(34:10) Prioritizing Vulnerabilities: Quality Over Quantity(37:20) The Rise of the "T-Shaped" Security Engineer(39:20) Building AI Governance with Cross-Functional Teams(40:10) Secure by Design for AI-Native Applications(44:10) AI Adoption Maturity: The 5 Stages of Grief(50:00) How the Security Role is Evolving with AI(55:20) Career Advice for Evolving in the Age of AI(01:00:00) Career Advice for Newcomers: Get an IT Help Desk Job(01:03:00) Fun Questions: Cats, Philanthropy, and Thai FoodResources discussed during the interview:Amazon Rufus: (Amazon's AI review summarizer) OWASP Top 10 for LLMsSTRIDE Threat Model: (Microsoft methodology) MITRE ATLASCloud Security Alliance (CSA) Maestro Framework CISA KEV (Known Exploited Vulnerabilities)Book: Range: Why Generalists Triumph in a Specialized World by David Epstein Anjali Charitable TrustAditya Patel's Blog
Is the AI SOC analyst just hype, or is there measurable ROI? We spoke to Edward Wu, founder of Dropzone AI about this and he shared insights from a recent Cloud Security Alliance (CSA) benchmark report that quantified the impact of AI augmentation on SOC teams. The study revealed significant improvements in speed (45-60% faster investigations) and completeness, even for analysts using the tech for the first time.Edward spoke about the "robotic" limitations of traditional SOAR playbooks with the adaptive capabilities of agentic AI systems, which can autonomously investigate alerts end-to-end without pre-defined scripts . He shared that while AI won't entirely replace human analysts ("That's not going to happen"), it will automate much of the manual Tier 1 toil, freeing up humans for higher-value roles like security architecture, transformation, and detection engineering .Guest Socials - Edward's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Security PodcastQuestions asked:(00:00) Introduction(02:40) Who is Edward Wu?(03:30) The Evolution of AI Agents Since ChatGPT(04:35) Surprising Findings from the CSA AI SOC Benchmark Report(06:40) Why Has Traditional Security Automation (SOAR) Underdelivered?(09:30) How AI SOC Analysts Differ from SOAR Playbooks(11:30) Does Agentic AI Reduce the Need for Security Data Lakes?(13:20) The Evolving ROI for SOC in the AI Era(14:50) ROI Use Case 1: Reducing Alert Investigation Latency(15:15) ROI Use Case 2: Increasing Alert Coverage (Mediums & Lows)(16:20) ROI Use Case 3: Depth of Coverage & Skill Uniformity(18:15) Achieving Both Speed and Thoroughness with AI(19:40) How Far Can AI Go? Detection vs. Investigation vs. Response(21:35) AI SOC Hype vs. Reality: Receptiveness and Trust(24:20) The Future Role of Tier 1 SOC Analysts(27:40) What Scale Benefits Most from AI SOC Analysts? (Enterprise & MSPs)(29:00) The Build vs. Buy Dilemma for AI SOC Technology ($20M R&D Reality)(33:10) Training Budgets: What Skills Should Future SOC Teams Learn?Resources spoken about during the episode:Beyond the Hype: AI Agents in the SOC Benchmark StudyRequest a Demo here
Can you just use Claude Code or another LLM to "vibe code" your way into building an AI SOC? In this episode, Ariful Huq, Co-Founder and Head of Product at Exaforce spoke about the reality being far more complex than the hype suggests. He explains why a simple "bolt-on" approach to AI in the SOC is insufficient if you're looking for real security outcomes.We speak about foundational elements required to build a true AI SOC, starting with the data. It's "well more than just logs and event data," requiring the integration of config, code, and business context to remove guesswork and provide LLMs with the necessary information to function accurately . The discussion covers the evolution beyond traditional SIEM capabilities, the challenges of data lake architectures for real-time security processing, and the critical need for domain-specific knowledge to build effective detections, especially for SaaS platforms like GitHub that lack native threat detection .This is for SOC leaders and CISOs feeling the pressure to integrate AI. Learn what it really takes to build an AI SOC, the unspoken complexities, and how the role of the security professional is evolving towards the "full-stack security engineer".Guest Socials - Ariful's LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Security PodcastQuestions asked:(00:00) Introduction(02:30) Who is Ariful Huq?(03:40) Can You Just Use Claude Code to Build an AI SOC?(06:50) Why a "Bolt-On" AI Approach is Tough for SOCs(08:15) The Importance of Data: Beyond Logs to Config, Code & Context(09:10) Building AI Native Capabilities for Every SOC Task (Detection, Triage, Investigation, Response)(12:40) The Impact of Cloud & SaaS Data Volume on Traditional SIEMs(14:15) Building AI Capabilities on AWS Bedrock: Best Practices & Challenges(17:20) Why SIEM Might Not Be Good Enough Anymore(19:10) The Critical Role of Diverse Data (Config, Code, Context) for AI Accuracy(22:15) Data Lake Challenges (e.g., Snowflake) for Real-Time Security Processing(26:50) Detection Coverage Blind Spots, Especially for SaaS (e.g., GitHub)(31:40) Building Trust & Transparency in AI SOCs(35:40) Rethinking the SOC Team Structure: The Rise of the Full-Stack Security Engineer(42:15) Final Questions: Running, Family, and Turkish Food
How do you perform incident response on a Kubernetes cluster when you're not even on the same network? In this episode, Damien Burks, Senior Security engineer breaks down the immense challenges of container security and why most commercial tools are failing at automated response.While many CNAPPs provide runtime detection, they lack a "sophisticated approach to automating incident response or containment" in complex environments like private EKS . He shares his hands-on experience building a platform that uses a dynamically deployed Lambda function to achieve containment of a compromised EKS node in just 10 minutes, a process that would otherwise take hours of manual work and approvals .This is a guide for any DevSecOps or cloud security professional tasked with securing containerized workloads. The conversation also covers a layered prevention strategy, the evolving role of the cloud security engineer, and career advice for those looking to enter the field.Guest Socials - Damien's LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Security PodcastQuestions asked:(00:00) Introduction(02:15) Who is Damien Burks?(03:20) The State of Cloud Incident Response in 2025(05:15) Why There is No Sophisticated, Automated IR for Kubernetes(06:20) A Deep Dive into Kubernetes Incident Response(07:30) The Unique Challenge of a Private EKS Cluster(12:15) A Layered Approach to Prevention in a DevSecOps Culture(17:00) How to Automate Containment in a Private EKS Cluster(17:40) From Hours to 10 Minutes: The Impact of Automation(22:00) The Evolving & Complex Role of the Cloud Security Engineer(25:40) Do We Have Too Much Visibility or Not Enough?(29:00) Career Path: The Value of Learning to Code for DevSecOps(35:00) Damien's Hot Take: "Multi-Cloud Just Means Chaos"(44:20) Career Advice for Traditional IR Professionals Moving to Cloud(47:50) Final Questions: Video Games, Life's Journey, and GumboResources spoke about during the interviewDamien's Website
"The next five years are gonna be wild." That's the verdict from Forrester Principal Analyst Allie Mellen on the state of Security Operations. This episode dives into the "massive reset" that is transforming the SOC, driven by the rise of generative AI and a revolution in data management.Allie explains why the traditional L1, L2, L3 SOC model, long considered a "rite of passage" that leads to burnout is being replaced by a more agile and effective Detection Engineering structure. As a self-proclaimed "AI skeptic," she cuts through the marketing hype to reveal what's real and what's not, arguing that while we are "not really at the point of agentic" AI, the real value lies in specialized triage and investigation agents.Guest Socials - Allie's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Security PodcastQuestions asked:(00:00) Introduction(02:35) Who is Allie Mellen?(03:15) What is Security Operations in 2025? The SIEM & XDR Shakeup(06:20) The Rise of Security Data Lakes & Data Pipeline Tools(09:20) A "Great Reset" is Coming for the SOC(10:30) Why the L1/L2/L3 Model is a Burnout Machine(13:25) The Future is Detection Engineering: An "Infinite Loop of Improvement"(17:10) Using AI Hallucinations as a Feature for New Detections(18:30) AI in the SOC: Separating Hype from Reality(22:30) What is "Agentic AI" (and Are We There Yet?)(26:20) "No One Knows How to Secure AI": The Detection & Response Challenge(28:10) The Critical Role of Observability Data for AI Security(31:30) Are SOC Teams Actually Using AI Today?(34:30) How to Build a SOC Team in the AI Era: Uplift & Upskill(39:20) The 3 Things to Look for When Buying Security AI Tools(41:40) Final Questions: Reading, Cooking, and SushiResources:You can read Allie's blogs here
The race to deploy AI is on, but are the cloud platforms we rely on secure by default? This episode features a practical, in-the-weeds discussion with Kyler Middleton, Principal Developer, Internal AI Solutions, Veradigm and Sai Gunaranjan, Lead Architect, Veradigm as they compare the security realities of building AI applications on the two largest cloud providers.The conversation uncovers critical security gaps you need to be aware of. Sai reveals that Azure AI defaults to sending customer data globally for processing to keep costs low, a major compliance risk that must be manually disabled . Kyler breaks down the challenges with AWS Bedrock, including the lack of resource-level security policies and a consolidated logging system that mixes all AI conversations into one place, making incident response incredibly difficult .This is an essential guide for any cloud security or platform engineer moving into the AI space. Learn about the real-world architectural patterns, the insecure defaults to watch out for, and the new skills required to transition from a Cloud Security Engineer to an AI Security Engineer.Guest Socials - Kyler's Linkedin + Sai's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Security PodcastQuestions asked:(00:00) Introduction(02:30) Who are Kyler Middleton & Sai Gunaranjan?(03:40) Common AI Use Cases: Chatbots & Product Integration(05:15) Beyond IAM: The Full Scope of AI Security in the Cloud(07:30) The Role of the Cloud in Deploying Secure AI(13:10) AWS AI Architecture: Bedrock, Knowledge Bases & Vector Databases(15:10) Azure AI Architecture: AI Services, ML Workspaces & Foundry(21:00) The "Delete the Frontend" Problem: The Risk of Agentic AI(23:25) A Security Deep Dive into Microsoft Azure AI Services(29:20) Azure's Insecure Default: Sending Your Data Globally(31:35) A Security Deep Dive into AWS Bedrock(32:30) The Critical Gap: No Resource Policies in AWS Bedrock(33:20) AWS Bedrock's Logging Problem: A Nightmare for Incident Response(36:15) AWS vs. Azure: Which is More Secure for AI Today?(39:20) A Maturity Model for Adopting AI Security in the Cloud(44:15) From Cloud Security to AI Security Engineer: What's the Skill Gap?(48:45) Final Questions: Toddlers, Kickball, Barbecue & Ice Cream
For the last 30 years, email security has been stuck in the past, focusing almost entirely on stopping bad things from getting into the inbox. In this episode, Rajan Kapoor, Field CISO at Material Security and former Director of Security at Dropbox, argues that this pre-breach mindset is dangerously outdated. The real challenge today is post-breach: protecting the sensitive data that already lives inside your mailboxes.The conversation explores why we must evolve from "email security" to the broader concept of "workspace security" . Rajan explains how interconnected productivity suites like Google Workspace and Microsoft 365 have turned the inbox into a gateway to everything else Drive, accounts, and sensitive company data. We also discuss how the rise of AI co-pilots will create new risks, as they can instantly find and surface over-shared data that was previously hidden in plain sight .Guest Socials - Rajan's LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Security PodcastQuestions asked:(00:00) Introduction(02:00) Who is Rajan Kapoor? Field CISO at Material Security(02:38) What is Email Security in 2025? The 30-Year-Old Problem(03:20) The Critical Shift: From Pre-Breach to Post-Breach Protection(04:20) The Rise of Workspace Security: Beyond the Inbox(06:00) Why Focusing on Email is "Not Even Half" The Problem(06:50) Are Microsoft 365 Security Challenges Different from Google's?(09:30) Rethinking the Approach to Email Security(11:40) How AI Co-Pilots Will Exploit Your Over-Shared Data(13:30) A Real-World Attack: From Email to Malicious OAuth App(17:00) How Should CISOs Structure Their Teams for Workspace Security?(19:25) The Role of CASB vs. API-Based Security for Data at Rest(23:10) How CISOs Can Separate Signal From Noise in a Crowded Market(24:45) Final Questions: Home Automation, Career Risks, and Ethiopian Food
You have the visibility, you see the alerts, but your security backlog is still growing faster than your team can fix it. So, are you actually getting more secure? In this episode, Snir Ben Shimol, CEO of Zest Security, argues that "knowing about an open door or an open window don't make you more secure... just make you more aware" .We spoke about the traditional "whack-a-mole" approach to vulnerability management. Snir shared an analogy: when planning a trip, the most important question isn't who goes first, but "what is the vehicle?" . He explains how AI's ability to perform recursive analysis can find the "vehicle" for your remediation efforts, that one base image upgrade or single code change that can reduce 20-30% of your entire vulnerability backlog in one action .Guest Socials - Snir's LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity PodcastQuestions:(00:00) Introduction(02:30) Who is Snir Ben Shimol?(03:20) What is Cloud Security in 2025? Moving from Visibility to Action(07:25) Why Visibility Isn't Making You More Secure(10:20) The Slow, Manual Process of Remediation Today: Losing the Battle(16:00) The "Vehicle vs. Priority" Analogy for Vulnerability Management(17:45) How AI Enables Recursive Analysis to Find the Most Impactful Fix(20:00) The Three Pillars of AI-Driven Cloud Security Resolution(22:30) Why Your CNAPP/CSPM Can't Solve the Remediation Problem(25:20) Why Traditional Prioritization (EPSS, KEV) is a Waterfall Approach(28:10) The "Buy vs. Build" Dilemma for AI Security Solutions(30:15) The Complexity of Building a Multi-Agent AI System for Security(41:45) How CISOs Can Separate Real AI Products from Marketing Fluff(44:50) Final Questions: Surfing, Communication, and Thai Food
The conversation around cloud security is maturing beyond simple threat detection. As the industry grapples with alert fatigue, we explore the necessary shift from a reactive to a proactive security posture, questioning if a traditional SecOps model is sufficient for modern cloud environments.We spoke with Gil Geron, CEO of Orca Security, to examine the limitations of a SecOps-centric defense. SecOps teams are inherently reactive, they cannot be the sole guardians of cloud infrastructure. Instead, the conversation centers on a new blueprint: viewing cloud security as an end-to-end workflow that integrates development, deployment, and production runtime with a continuous feedback loop into policy.The role of AI is also explored, not just as a threat, but as an opportunity to empower security teams and make knowledge more accessible. We spoke about the power of context in reducing alert volume, citing a case where millions of vulnerabilities were prioritized down to a handful of actionable fixes.Guest Socials - Gil's LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity PodcastQuestions asked:(00:00) Introduction(02:12) Who is Gil Geron? From Check Point to CEO of Orca Security(02:54) What is Cloud Security in 2025? The Evolution to a Modern Workflow(05:50) How AI is Impacting the Cloud Security Landscape: A Salvation, Not a Risk(08:40) The Limits of a Reactive Approach: Why SecOps Can't Be Your Only Defense(12:15) The Surprising Truth: 95% of Cloud Malware is Introduced, Not Hacked(13:40) The Role of Identity in Cloud Security: The New Networking(18:00) The Current Cloud Security Landscape: From "Thumb Mistakes" to Neglected Assets(22:20) How CISOs are Modernizing Security by Modernizing Engineering Workflows(23:50) Reducing SOC Fatigue: How Context Turns Millions of Alerts into a Handful of Fixes(26:20) Is Auto-Remediation Safe? Why It's an Orchestration Challenge, Not a Technical One(35:20) Shifting Left with Production Context: The Future of AppSec & Cloud Sec(38:00) How to Choose a Security Vendor: Finding Hope, Not Fear(42:01) Final Questions: Hiking, Team Pride, and French FriesThank you to our episode sponsor - Orca Security
Identity is the root cause of over 70% of all security incidents, yet many organizations still rely on fundamentally flawed authentication methods. In this episode, Jasson Casey, CEO and co-founder of Beyond Identity, explains why even common forms of MFA are insufficient and why any system that relies on a "secret moving" is vulnerable to attack.The conversation dives deep into the architectural shift needed to truly secure identity: moving from probabilistic tools to deterministic proof. Jasson breaks down how to leverage the hardware-backed secure enclaves (like TPMs and the Secure Enclave) that already exist in our devices to create un-phishable, device-bound credentials that can't be stolen or copied.We also explore how this approach provides a necessary defense against the next wave of AI-enabled threats, including deepfakes and hyper-realistic social engineering attacks that will make it nearly impossible for humans to spot the difference.Guest Socials - Jasson's LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity PodcastQuestions asked:(00:00) Introduction(02:10) Who is Jasson Casey?(04:00) What is the 2025 Version of IAM?(07:15) Why Hasn't The Identity Problem Been Solved?(08:00) The Fundamental Flaw: Relying on Secrets That Move(10:00) The Solution: Un-phishable, Hardware-Backed Identity(12:15) Why Your Current MFA is Insufficient and Easily Exploited(14:42) The Apple Pay Analogy: How Secure Identity Already Works in Your Pocket(18:58) The "Aha!" Moment: Reducing Help Desk & SOC Workload(25:25) The AI Adversary: How Deepfakes Will Break Authentication(30:00) The Answer to AI Threats: Cryptographically Attested, Device-Bound Proof(32:15) Challenges of Adopting a New World of Identity(34:30) Beyond Human Identity: Securing Workloads, Drones & IoT(36:20) Deterministic vs. Probabilistic: A New Blueprint for Security(45:20) Final Questions: Drones, Cooking, and Tex-MexThank you to Beyond Identity for sponsoring this episode
The nature of Security Operations is changing. As cloud environments grow in complexity and data volumes explode, traditional approaches to detection and response are proving insufficient. This episode features an in-depth conversation with Kyle Polley, who leads the AI security team at Perplexity, about a modern blueprint for the Security Operations Center (SOC).The discussion centers on a necessary architectural shift away from traditional SIEMs, which were not built for today's scale, toward a "data lake infrastructure built for detection and response". Kyle explains how this model provides the scalability needed to handle modern data loads and enables a more effective incident response process.A cornerstone of this new model is the use of centralized AI agents. The conversation explores how these agents can be tasked with performing in-depth alert investigations, helping to reduce analyst burnout and allowing security teams to focus on more proactive, high-impact work. This approach moves beyond simple automation to create a system where AI augments and enhances the capabilities of the human team.Guest Socials - Kyle's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity PodcastQuestions asked:(00:00) Introduction to Kyle Polley & The Future of SOCs(01:03) The Core Argument: Why You Must Build Your SOC Before Compliance(03:34) Beyond the Certificate: The Difference Between Being Compliant vs. Secure(04:20) Today's #1 AI Threat: The Challenge of Prompt Injection(06:00) The Architectural Flaw: Handling Untrusted Data in AI Systems(08:20) The "Security Data Lake": Moving Beyond the Traditional SIEM(15:00) The Future is Now: A Centralized AI Agent for Automated Investigations(20:06) Will AI Take My Job? How AI Elevates, Not Replaces, the Security Analyst(25:20) Redefining "Shifting Left" with Personal AI Security Agents(31:00) Can AI Reason? How Modern AI Agents Intelligently Query Logs(37:05) Rethinking Incident Response Playbooks in the Age of AI(41:00) The MVP SOC: A Practical Roadmap for Small & Medium Companies(46:08) Final Questions: Maintaining Optimism, Woodworking, and Tex-Mex(50:08) Where to Connect with Kyle PolleyResources spoken about during the episode:Easy Agents: an open-source frameworkHow to give every department their own AI Agent
What does the integration of AI into a Security Operations Center (SOC) practically look like? This episode explores the concept of the "Agentic SOC," moving beyond marketing terms to discuss its real-world applications and limitations.Ashish Rajan is joined by Edward Wu, CEO of Dropzone AI, for an in-depth discussion on the current state of artificial intelligence in cybersecurity. Edward, who holds numerous patents in the field, shares his perspective on how AI is changing security operations. The conversation details how AI agents can function as a tool to support human analysts rather than replace them, and why the idea of a fully autonomous SOC is not yet a reality.The "Agentic SOC" model: A framework where AI agents assist human security engineers.AI's role in alert investigation: How AI can autonomously investigate alerts by making over a hundred large language model invocations for a single alert.Practical limitations of AI: A discussion on challenges like AI hallucinations and the need for organizational context.Building vs. buying AI tools: An overview of the complexities involved in creating in-house AI agents for security.The impact on SOC metrics: How AI can influence Mean Time To Resolution (MTTR) by investigating alerts in parallel within minutes.The future for security professionals: How the role of a Level 1 SOC analyst is expected to evolve as AI handles more repetitive tasks.Guest Socials - Edward's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity PodcastQuestions asked:(00:00) Introduction: Why Agentic AI in the SOC Matters Now(03:03) Meet Edward Wu: 30 Patents and a Mission to Fix Alert Fatigue(04:03) What is an "Agentic SOC"? (AI Foot Soldiers & Human Generals)(06:27) Why SOAR & Playbooks Are Not Enough for Modern Threats(08:18) Reality vs. Hype: Can AI Create a Fully Autonomous SOC?(11:55) The New SOC Workflow: How AI Changes Daily Operations(14:10) Can You Build Your Own AI Agent? The Hidden Complexities(19:06) From Skepticism to Demand: The Evolution of AI in Security(22:00) Slashing MTTR: How AI Transforms Key SOC Metrics(28:42) Are AI-Powered Cyber Attacks Really on the Rise?(31:01) How Smart SOC Teams Use ChatGPT & Co-Pilots Today(32:38) The 4 Maturity Levels of Adopting AI in Your SOC(37:04) How to Build Trust in Your AI's Security Decisions(41:28) Beyond the SOC: Which Cybersecurity Jobs Will AI Disrupt Next?(46:44) What is the Future for Level 1 SOC Analysts?(49:11) Getting to Know Edward: Sim Racing & StarCraft ChampionResources spoken about during the episode:Take a self-guided demo of Dropzone.aiRequest a Demo Download a Copy of the Gartner Hype Cycle for Security Operations 2025 Thank you to our episode sponsor Dropzone.ai
A $10 billion fraud vector is currently exploiting a common feature in many cloud-native applications: the SMS verification flow. This isn't a traditional breach. Instead of stealing data, adversaries use bots to trigger costs that are quietly absorbed into your company's operational budget, often showing up as an inflated cell phone or marketing bill.We spoke to Frank Teruel, COO at Arkose Labs about how this fraud works at a technical level and why modern, automated cloud workflows can be a perfect hiding place for these costly attacks. He also shares a story of how a single cloud container was hijacked, costing a company half a million dollars in compute costs for crypto mining over one weekend.This is a critical conversation for anyone working in cloud security, DevOps, and engineering who wants to understand the financial risks embedded in the very architecture of their applications.Guest Socials - Frank's LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity PodcastQuestions asked:(00:00) The $10 Billion Invisible Threat(02:40) Frank Teruel’s Journey into Digital Identity(03:35) Why Identity Remains a Weak Spot for Cybersecurity(05:35) The Evolution of SMS Fraud(07:20) The "$5M Surprise Bill" Story(08:55) What is SMS Toll Fraud?(11:19) Does WAF Catch SMS Fraud?(12:49) Cloud vs. On-Prem: Is One Safer From SMS Fraud?(14:00) Does Single Sign-On Help With This?(15:55) How a Gaming Attack Becomes a Bank Heist(24:54) How AI is Weaponized for Cloud Attacks(25:35) The $500k Cloud Bill from a Hijacked Container(31:18) The Attack Vectors Cloud Teams Underestimate(35:30) What Are "Smart Bots"?(36:46) Where to Start Building a Program Around Fraud?(40:16) Fun Questions: Grandkids, Cooking & Music
How do you modernize security in a 180-year-old company that operates critical national infrastructure? What does it look like when you discover tens or even hundreds of thousands of credentials hidden across your estate?In this episode, we sit down with Christian Schwarz, Security Director for Network Services at BT Group , recorded at HashiDays London. Christian shares the immense challenge and strategic approach to standardizing secret management across one of the world's oldest telecommunication companies.He details BT's journey away from the "moat and a castle" security model towards a future with no passwords for developers , reducing friction and enhancing security by design.Guest Socials - Christian's LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity PodcastQuestions asked:(00:00) - Why Standardizing Secrets is a Challenge(02:24) - Introducing Christian Schwarz & His Role at BT(05:50) - Beyond the "Castle & Moat": A New Approach to Security(07:59) - The Challenge of Securing a 180-Year-Old Company(10:04) - The Power of Storytelling and Discovering Hidden Credentials(11:59) - The Starting Point: Threat Modeling Your Critical Infrastructure(13:48) - The Upside of Standardization: Reducing Cognitive Load for Teams(16:08) - Fun Questions: Cycling, Innovation, and Favorite CuisinesThank you to our episode sponsor HashiCorp
Is AI making application security easier or harder? We spoke to Amit Chita, Field CTO at Mend.io, the rise of AI agents in the Software Development Lifecycle (SDLC) presents a unique opportunity for security teams to be stricter than ever before. As developers increasingly use AI agents and integrate LLMs into applications, the attack surface is evolving in ways traditional security can't handle. The only way forward is a Zero Trust approach to your own AI modelsJoin Ashish Rajan and Amit Chita as they discuss the new threats introduced by AI and how to build a resilient security program for this new era.Guest Socials - Amit's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity PodcastQuestions asked:(00:00) Intro: The New Era of AI-Powered AppSec(03:10) Meet Amit Chita: From Founder to Field CTO at Mend.io(03:47) Defining AI-Powered Applications in 2025(05:02) AI-Native vs. AI-Powered: What's the Real Difference?(06:05) How AI is Radically Changing the SDLC: Speed, Scale, and Stricter Security(16:30) The Hidden Risk: Navigating AI Model & Data Licensing Chaos(20:50) SMB vs. Enterprise: Why Their AI Security Problems Are Different(23:00) Why Traditional Security Testing Fails Against AI Threats(26:03) Do You Need to Update Your Entire Security Program for AI?(29:14) The New DevSecOps: Keeping Developers Happy in the Age of AI(31:26) Real AI Threats: Malicious Packages & Indirect Prompt Injection(35:16) Is Regulation Coming for AI? A Look at the Current Landscape(38:00) The AI Security Toolbox: To Build or To Buy?(41:41) Fun Questions: Amit’s Proudest Moment & Favorite RestaurantThank you to our episode sponsor Mend.io
Is your organization struggling with secret management across bare metal, hybrid, and multi-cloud environments? Standard cloud-native tools often fall short when you need a single, standardized solution that bridges all your infrastructure.Dan Popescu, Senior Site Reliability Engineer at Booking.com joins us to share how they built a cloud-agnostic secret management strategy using HashiCorp Vault. We dive deep into the technical challenges of providing identity to bare metal machines, rotating dynamic secrets in legacy and modern applications, and why a central "broker" for authentication is critical for security at scale.Guest Socials - Dan 's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity PodcastQuestions asked:(00:00) Introduction(02:13) Dan's Background: From Cloud (AWS, GCP) to Bare Metal(03:06) The Core Challenges: Secret Exposure, Rotation & Access Control(04:45) Why Cloud-Native Fails at Scale: The Cost of 500k Requests/Min(07:32) What is a "Secret"? (It's More Than Just Passwords)(09:12) The Secret Lifecycle: Rotation, Revocation & Caching Issues(10:33) Securing Bare Metal: The Unique Challenge of On-Prem Secrets(15:44) Kubernetes & Container Secrets: Sidecars vs. Operators(18:36) The Pain of Moving from Static to Dynamic Secrets(20:40) How Do Machines Get an Identity? (Cloud IAM vs. Bare Metal)(24:28) A Practical Roadmap: Where to Start Standardizing Secrets(26:53) Key Learnings & Technical Pitfalls to Avoid(28:59) The Fun Section
Download from Google Play
Download from App Store
United States
Great podcast about Cloud Security! Highly recommend it! Ashish is the best!
Thank you so much for amazing resources, will keep a look on it always!
The podcast has finished recording 50 episodes so far with guests from Netflix, Capital One, Hashicorp on how they do security in cloud, definitely worth checking out. FULL DISCLOSURE: I'm the host of the podcast and each month we pick a review to be featured on the podcast website (www.cloudsecuritypodcast.tv). Make sure you leave a review to be featured.