At HashiConf 2024 in Boston, our host Ashish Rajan had a great chat over some cannolis and a game of Jenga with AJ Oller, AVP of Engineering at The Hartford about how automation, mainframes, and compliance intersect to drive innovation in regulated industries like insurance. They spoke about why regulations aren't barriers but frameworks to prevent failure, the human side of engineering and how to manage change fatigue during transformations and how automation enhances security, disaster recovery, and operational efficiency. Guest Socials: AJ' s Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp Questions asked: (00:00) Introduction (01:53) A bit about AJ Oller (02:17) The Cannoli taste test (04:38) Technology in the Insurance industry (10:19)What is a platform? (11:46) What skillsets do you need in platform team? (14:19) Maturity for building platform teams (19:5)8 Business case for investing in Automation (24:49) Does Automation help with security regulations? (28:10) Leaders communicating automation value to business (30:37) Cheerleading for digital transformation (32:32) The Fun Section
In this episode, Ashish spoke with Kushagra Sharma, Staff Cloud Security Engineer, to delve into the complexities of managing Identity Access Management (IAM) at scale. Drawing on his experiences from Booking.com and other high-scale environments, Kushagra shares insights into scaling IAM across thousands of AWS accounts, creating secure and developer-friendly permission boundaries, and navigating the blurred lines of the shared responsibility model. They discuss why traditional IAM models often fail at scale and the necessity of implementing dynamic permission boundaries, baseline strategies, and Terraform-based solutions to keep up with ever-evolving cloud services. Kushagra also explains how to approach IAM in multi-cloud setups, the challenges of securing managed services, and the importance of finding a balance between security enforcement and developer autonomy. Guest Socials: Kushagra's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp Questions asked: (00:00) Introduction (02:31) A bit about Kushagra (03:29) How large can the scale of AWS accounts be? (03:49) IAM Challenges at scale (06:50) What is a permission boundary? (07:53) Permission Boundary at Scale (13:07) Creating dynamic permission boundaries (18:34) Cultural challenges of building dev friendly security (23:05) How has the shared responsibility model changed? (25:22) Different levels of customer shared responsibility (29:28) Shared Responsibility for MultiCloud (34:05) Making service enablement work at scale (43:07) The Fun Section
In this episode, host Ashish Rajan sits down with Prahathess Rengasamy, a cloud security expert with extensive experience at companies like Credit Karma, Block, and Apple. Together, they explore the challenges and best practices for scaling cloud security, especially in the complex scenarios of mergers and acquisitions. Starting with foundational elements like CSPMs and security policies, Prahathess breaks down the evolution of cloud security strategies. He explains why cloud security cannot succeed in isolation and emphasizes the need for collaboration with platform and infrastructure engineering teams. The conversation delves into real-world examples, including managing AWS and GCP security post-acquisition and navigating the cultural and technical challenges that come with multi-cloud environments. Guest Socials: Prahathess's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp Questions asked: (00:00) Introduction (02:02) A bit about Prahathess (02:36) How does Cloud Security Scale? (07:51) Where do we see just in time provisioning? (10:05) Cloud Security for Mergers and Acquisitions (14:31) Should people become MultiCloud Experts? (15:28) The need for data insights (16:54) Data sources to have as part of data insights (21:06) Benefits of Data insights for Cloud Security Teams (21:30) How to bring the new team along the cloud security journey? (24:29) How to learn about data insights? (26:35) How to maximize security efforts with data? (36:21) The Fun Section
In this episode, Ashish gets into the critical topic of data perimeters in AWS with our guest, Tyler Warren, a Lead Cloud Security Engineer at USAA. As cloud environments continue to evolve, the importance of securing your data through trusted networks and identities has never been more crucial. Tyler shares his insights on the challenges and strategies involved in building effective data perimeters, emphasizing the need for a holistic security approach that includes both preventative and detective controls. We explore how concepts like trusted resources, networks, and identities play a pivotal role in safeguarding your cloud infrastructure and why these elements should be at the core of your security strategy. Join us as we discuss practical steps for implementing and managing data perimeters, the significance of understanding your zones of trust, and how to scale your security measures as your cloud footprint grows. Guest Socials: Tyler's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp Questions asked: (00:00) Introduction (02:28) A bit about Tyler (04:22) Data Perimeter in Cloud Security (08:18) Why was there a need to look into data perimeter? (09:39) Should people look at data perimeter from the beginning? (12:16) Starting point for data perimeter (15:42) Defining boundaries of Zone of Trust (21:25) Data perimeter in hybrid environments (24:47) Challenges in setting up data perimeter (31:31) Should you start in dev, test or prod? (34:55) How often should you review your SCPs? (36:05) What Skillsets does the team need? (37:26) Are Data Perimeters Developer Friendly? (40:06) Technical challenges with detective and preventative controls (42:14) Getting stakeholders onboard (46:56) Levels of maturity for data perimeter strategy (49:30) The Fun Section Resources spoken about during the interview: AWS Data Perimeter at USAA: Things we knew, things we thought we knew and things you should know!
In this episode, we sat down with Lukasz Gogolkiewicz, an Australia-based Cybersecurity Leader and former pentester, to explore his journey from offensive security into cybersecurity leadership. Lukasz, also a speaker coach at BlackHat USA, brings valuable insights into what it takes to shift from being technical to managing compliance, governance, and broader security programs in industries like retail and advertising. Throughout the conversation, we dive into the specific challenges of transitioning from a purely cloud-based tech company to a bricks-and-mortar retail operation, highlighting how the threat models differ dramatically between these environments. Lukasz shares his unique perspective on cybersecurity frameworks like NIST CSF 2.0, essential for building resilient programs, and offers practical advice for selecting the right framework based on your organization's needs. Guest Socials: Lukasz's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp Questions asked: (00:00) Introduction (03:00) A bit about Lukasz (04:32) Security Challenges for Tech First advertising company (05:16) Security Challenges for Retail Industry (06:00) Difference between the two industries (07:01) Best way to build Cybersecurity Program (09:44) NIST CSF 2.0 (13:02) Why go with a framework? (16:26) Which framework to start with for your cybersecurity program? (18:33) Technical CISO vs Non Technical CISO (25:37) The Fun Section Resources spoken about during the interview: NIST CSF 2.0 CIS Benchmark ASD Essential Eight Mapping between the frameworks https://www.cisecurity.org/insights/white-papers/cis-controls-v8-mapping-to-nist-csf-2-0 https://www.cisecurity.org/insights/white-papers/cis-controls-v8-mapping-to-asds-essential-eight Verizon Data Breach Investigations Report (DBIR) Lukasz Woodwork Channel BSides Melbourne
What is the future of SOC? In this episode Ashish sat down with Allie Mellen, Principal Analyst at Forrester, to explore the current state of security operations and the evolving role of AI in cybersecurity. Allie spoke about why Cloud Detection Response (CDR) might be dead, how Generative AI is failing to live up to its hype in security use cases, and why automation will never fully replace human security analysts. We get into the challenges faced by SOC teams today, the burnout issue among security analysts, and how adopting detection engineering and eliminating the outdated structures could transform the way security teams operate. Guest Socials: Allie's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp Questions asked: (00:00) Introduction (02:48) A bit about Allie (03:13) The role of analysts in cybersecurity (05:56) What is EDR? (06:30) What is XDR? (08:42) The impact of GenAI (10:19) How is GenAI going to impact SOAR? (14:52) Where to start with SOC? (24:08) Starting to build your SOC team (27:32) How SOC should respond to new technology? (31:48) Expectations from Managed SOC providers (35:16) Detection challenges for Hybrid Environments (38:01) Level 2 and 3 SOC in new world (42:37) What training is required for the SOC team? (48:49) How will this space evolve? (51:48) The Fun Questions Resources spoken about during the interview: Cloud Detection and Response Tools Do Not Exist
In this episode Ashish Rajan sits down with Shashwat Sehgal, co-founder and CEO of P0 Security, to talk about the complexities of cloud identity lifecycle management. Shashwat spoke to us about why traditional identity solutions like SAML are no longer sufficient in today’s cloud environments. He discusses the need for organisations to adopt a more holistic approach to secure access across cloud infrastructures, addressing everything from managing IAM roles to gaining complete visibility and inventory of all cloud identities. This episode goes into the growing challenges around managing human and non-human identities, and the importance of shifting from legacy solutions to cloud-native governance. Guest Socials: Shashwat's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp Questions asked: (00:00) Introduction (01:47) A bit about Shashwat (02:20) What is Identity Lifecycle Management? (04:55) What is IGA and PAM? (10:10) Complexity of Identity Management (13:12) What are non human identities? (15:56) Maturity Levels for Cloud Identity Lifecycle Management (19:03) The role of SAML in Identity Management (20:07) Identity Management of Third parties and SaaS Providers (21:28) Who’s responsible for identity management in Cloud? (23:28) Changing landscape of identity management (27:46) Native Solutions for identity management (30:03) Fun Questions
In this episode of the Cloud Security Podcast, Ashish sat down with Art Poghosyan, CEO and co-founder of Britive, to explore the changing world of identity and access management (IAM) in the cloud era. With over two decades of experience in the identity space, Art breaks down the challenges of traditional Privileged Access Management (PAM) and how cloud-native environments require a rethinking of security strategies. From understanding the complexities of cloud infrastructure entitlements to unpacking the differences between on-premise and cloud-based PAM, Art explains why "Identity is the new perimeter" and how modern organizations must adapt. They dive deep into the importance of Just-in-Time (JIT) access, non-human identities, and the critical role identity plays as the first and last line of defense in cloud security. Guest Socials: Art's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp Questions asked: (00:00) Introduction (01:53) A bit about Art (02:51) What is IAM? (04:02) What is Cloud Privilege Access Management? (06:08) Why do we need CloudPAM in 2024? (07:52) Non Human Identities (08:39) Privilege in Cloud vs On Premise (09:49) SAML vs PAM (12:21) Just in Time provisioning in Cloud (17:17) Making Access Management Developer Friendly (19:12) What should security team be looking at ? (21:22) Communicating IAM vulnerabilities (23:45) Tactical steps to level up IAM (27:20) Zero Trust and IAM (30:56) Fun Questions
Why does Cloud Security Research matter in 2024? At fwd:cloudsec EU in Brussels, we sat down with Scott Piper, a renowned cloud security researcher at Wiz, to discuss the growing importance of cloud security research and its real-world impact. Scott spoke to us about the critical differences between traditional security testing and cloud security research, explaining how his team investigates cloud providers to find out vulnerabilities, improve detection tools, and safeguard data. Guest Socials: Scott's Linkedin + Scott's Twitter Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp Questions asked: (00:00) Introduction (02:07) A bit about Scott Piper (02:48) What is a Cloud Security Research Team? (04:30) Difference between traditional and Cloud Security Research (07:21) Cloud Pentesting vs Cloud Security Research (08:10) What is request collapsing? (10:26) GitHub Actions and OIDC Research (13:47) How has cloud security evolved? (17:02) Tactical things for Cloud Security Program (18:41) Impact of Kubernetes and AI on Cloud (20:37) How to become a Cloud Security Researcher (22:46) AWS Cloud Security Best Practices (26:35) Trends in AWS Cloud Security Research (28:11) Fun Questions (30:22) A bit about fwd:cloudsec Resources mentioned during the interview: Wiz.io - Cloud Security Podcast listeners can also get a free cloud security health scan PEACH framework Wiz Research Blog Avoiding security incidents due to request collapsing A security community success story of mitigating a misconfiguration Cloudmapper flaws.cloud fwd:cloudsec CTFs The Big IAM Challenge Prompt Airlines , AI Security Challenge Kubernetes LAN Party
How does Edge Security fit into the future of Cloud Protection ? In this episode, we sat down with Brian McHenry, Global Head of Cloud Security Engineering at Check Point at BlackHat USA, to chat about the evolving landscape of cloud security in 2024. With cloud adoption accelerating and automation reshaping how we manage security, Brian spoke to us about the challenges that organizations face today—from misconfigurations and alert fatigue to the role of AI in application security. We tackle the question: Is CSPM (Cloud Security Posture Management) still enough, or do we need to rethink our approach? Brian shares his thoughts on edge security, why misconfigurations are more dangerous than ever, and how automation can quickly turn small risks into significant threats. Guest Socials: Brian's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp Questions asked: (00:00) Introduction (03:28) State of Cloud Market (04:44) Is CSPM not enough? (06:35) Edge Security in Cloud Context (08:31) Where is edge security going? (10:11) Where to start with Cloud Security Tooling? (11:08) Transitioning from Network Security to Cloud Security (13:11) How is AI Changing Edge Security? (14:45) How is WAF and DDos Protection evolving? (18:16) Should people be doing network pentest? (19:57) North Star for WAF in a cybersecurity program (20:55) The evolution to platformization (23:13) Highlight from BlackHat USA 2024
How CI/CD Tools can expose your Code to Security Risks? In this episode, we’re joined by Mike Ruth, Senior Staff Security Engineer at Rippling and returning guest, live from BlackHat 2024. Mike dives deep into his research on CI/CD pipeline security, focusing on popular tools like GitHub Actions, Terraform, and Buildkite. He reveals the hidden vulnerabilities within these tools, such as the ability for engineers to bypass code reviews, modify configuration files, and run unauthorized commands in production environments. Mike explains how the lack of granular access control in repositories and CI/CD configurations opens the door to serious security risks. He shares actionable insights on how to mitigate these issues by using best practices like GitHub Environments and Buildkite Clusters, along with potential solutions like static code analysis and granular push rule sets. This episode provides critical advice on how to better secure your CI/CD pipelines and protect your organization from insider threats and external attacks. Guest Socials: Mike's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp Questions asked: (00:00) Introductions (01:56) A word from episode sponsor - ThreatLocker (02:31) A bit about Mike Ruth (03:08) SDLC in 2024 (08:05) Mitigating Challenges in SDLC (09:10) What is Buildkite? (10:11) Challenges observed with Buildkite (12:30) How Terraform works in the SDLC (15:41) Where to start with these CICD tools? (18:55) Threat Detection in CICD Pipelines (21:31) Building defensive libraries (23:58) Scaling solutions across multiple repositories (25:46) The Fun Questions Resources mentioned during the call: GitHub Actions Terraform Buildkite Mike's BSidesSF Talk
In this episode of the Cloud Security Podcast, we bring together an incredible panel of experts to explore the evolving landscape of cloud security in 2024. Hosted by Ashish Rajan, the discussion dives deep into the challenges and realities of today’s multi-cloud environments. With perspectives ranging from seasoned veterans to emerging voices this episode offers a broad spectrum of insights from cloud security practitioners who are living and breathing cloud security everyday. We are very grateful to our panelist who took part in 1st of its kind edition for the State of Cloud Security - Meg Ashby, Damien Burks, Chris Farris, Rich Mogull, Patrick Sanders, Ammar Alim and Abdie Mohamed. The conversation covers essential topics such as the pitfalls of multi-cloud adoption, the persistent security issues that remain even as cloud technologies advance, and the importance of specializing in one cloud platform while maintaining surface-level knowledge of others. The panelists also share their thoughts on the future of cloud security, including the increasing relevance of Kubernetes and edge security. Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp Questions asked: (00:00) Introduction (02:22) How much has Cloud Security Changed? (07:05) Is the expectation to be MultiCloud? (19:07) What’s top of mind in Cloud Security in 2024? (27:17) The current Cloud Service Provider Landscape (39:26) Where to start in Cloud Security ? (52:10) The Fun Section Resources discussed during the episode: fwd:cloudsec conference Cloud Security Bootcamp DevSecBlueprint YouTube Channel - Damien Burks Rich Mogull’s Cloud Security Lab of the Week
What were the main themes at BlackHat USA 2024? With respect to Cloud Security, maybe with a sprinkle of AI Security. Our team was on the ground at BlackHat and DefCon32 this year, we heard many talks and panels, spoke to many practitioner, leaders and CISOs and had the pleasure of recording some great interviews (coming soon!). This conversation is a distillation of everything we heard and the themes we saw. Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp Questions asked: (00:00) Introduction (01:15) A word from our episode sponsor, ThreatLocker (04:35) Resiliency in Cybersecurity (07:00) Commentary on upcoming US elections (09:42) Identity Centric Security (15:55) Cloud Security is getting more Complex (23:47) Growing importance of Data Security (25:42) Use Cases for AI Security (31:25) Shared Responsibility and Shared Fate (33:21) Is CSPM Dead? (37:32) The Conclusion Resources from the episode: BlackHat USA Keynote - Democracy's Biggest Year: The Fight for Secure Elections Around the World Generative AI Misuse: A Taxonomy of Tactics and Insights from Real-World Data RSAC 2024 Innovation Sandbox Finalist BlackHat USA 2024 Startup Spotlight
In this episode, we sit down with Santiago, a Senior Security Engineer at Canva, to talk about the complexities of building and managing an incident response team, especially in high-growth companies. Santiago shares his experience transitioning from penetration testing to incident response and highlights the unique challenges that come with protecting a rapidly expanding organization. We explore the differences between incident response in high-growth versus established companies, the importance of having the right personnel, and the critical skills needed for effective incident response. Guest Socials: Santiago's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp Questions asked: (00:00) Introduction (01:58) A word from our sponsor - SentinelOne (02:48) A bit about Santiago (03:18) What is Incident Response? (04:06) How IR differs in different organisations? (04:48) Red Team vs Incident Response Team (06:17) Challenges for Incident Response in Cloud (07:16) Incident Response in a High Growth Company (07:56) Skillsets required for high growth (09:14) Cloud vs On Prem Incident Response (10:03) Building Incident Response in High Growth Company (11:39) Responding to incidents that are not high risk (14:41) Transition from pentesting to incident responder (17:20) Endpoint vulnerability management at scale (25:32) The Fun Section Resources from the episode: Endpoint Vulnerability Management at Scale
Leadership Insights on Cloud Security in 2024. Ashish sat down with return guest Srinath Kuruvadi, a seasoned cloud security leader with over two decades of experience in the field. Together, they explored the current state and future of cloud security, discussing the importance of detection & incident response teams, building and maintaining a robust cloud security program, understanding the importance of stakeholder management, and the role of data security in mitigating risks. Srinath shared his perspective on the evolution of cloud security, the critical need for a prevention-first mindset while tackling the challenges of managing security in a multi-cloud environment Guest Socials: Srinath's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp Questions asked: (00:00) Introduction (01:42) A bit about Srinath (01:55) How has the Cloud Security space changed? (05:27) Are CloudSec and AppSec merging? (06:29) Are stakeholders more engaged with Cloud Security? (08:10) Where are the boundaries for Cloud Security? (10:06) Finding the right talent in Cloud Security (12:31) Building a Multi Cloud Security Team (15:06) The role of platform teams (16:45) Maturity level for Cloud Security (19:18) Current patterns in Cloud Security (22:03) What should CSPs be taking more about?
What are you doing differently today that you're stopping tomorrow's legacy? In this episode Ashish spoke to Adrian Asher, CISO and Cloud Architect at Checkout.com, to explore the journey from monolithic architecture to cloud-native solutions in a regulated fintech environment. Adrian shared his perspective on why there "aren't enough lambdas" and how embracing cloud-native technologies like AWS Lambda and Fargate can enhance security, scalability, and efficiency. Guest Socials: Adrian's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp Questions asked: (00:00) Introduction (01:59) A bit about Adrian (02:47) Cloud Naive vs Cloud Native (03:54) Checkout’s Cloud Native Journey (05:44) What is AWS Fargate? (06:52) There are not enough Lambdas (09:52) The evolution of the Security Function (12:15) Culture change for being more cloud native (15:23) Getting security teams ready for Gen AI (18:16) Where to start with Cloud Native? (19:14) Where you can connect with Adrian? (19:39) The Fun Section
How to secure AWS cloud using AWS Lambda? We spoke to Lily Chau from Roku at BSidesSF about her experience and innovative approach to tackling security issues in AWS environments. From deploying IAM roles to creating impactful playbooks with AWS Lambda, Lily shared her take on automating remediation processes. We spoke about the challenges of managing cloud security with tools like CSPM and CNAPP, and how Lily and her team took a different approach that goes beyond traditional methods to achieve real-time remediation. Guest Socials: Lily Twitter Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp Questions asked: (00:00) Introduction (01:56) A bit about Lily (02:27) What is Auto Remediation? (03:56) Example of Auto Remediation (05:19) CSPMs and Auto Remediation (06:58) Make Auto Remediation in Cloud work for you (09:49) Where to get started with Auto Remediation? (11:52) What defines a High Impact Playbook? (12:58) Auto Remediation for Lateral Movement (14:35) What is running in the background? (16:41) What skillset is required? (19:08) The Fun Section Resources for the episode: Lily's talk at BsidesSF
How can you protect your data with Confidential Compute and Containers? Ashish spoke to Zvonko Kaiser, Principal Systems Software Engineer, Confidential Containers and Kubernetes at Nvidia about confidential containers, confidential computing, and their importance in protecting sensitive data. They speak about the various threat models, use cases, and the role of GPUs in enhancing compute power for AI workloads Guest Socials: Zvonko's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp Questions asked: (00:00) Introduction (01:45) A word from our sponsor SentinelOne (02:18) A bit about Zvonko (02:24) Encryption for Confidential Computing (04:20) Confidential Computing vs Confidential Containers (05:45) What sectors focus on Confidential Computing? (07:09) Common Threats in Confidential Computing (08:55) What is a Secure Enclave? (10:05) Value of Attestation for Confidential Computing (11:35) Lift and Shift Strategy for AI (13:59) The role of GPU in confidential Computing (15:37) Shared Responsibility with Confidential Computing (17:10) Confidential Computing project you can get involved in (18:16) The fun section
How to implement infrastructure as code? Ashish spoke to Armon Dadgar. Co-Founder and CTO at HashiCorp at Hashidays London. Armon speaks about his journey from co-creating Terraform, the first open-source language in the IaC space, to addressing the complex challenges enterprises face in cloud environments today. They speak about why having a platform team from the beginning is crucial for large enterprises, the evolution of IaC, the importance of standardization in managing cloud applications, and how automation plays a key role in maintaining security. Guest Socials: Armon's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp Questions asked: 00:00 Introduction 01:54 A bit about Armon 02:32 How has infrastructure as code evolved? 03:43 The role of Terraform 04:38 Infrastructure and Security Lifecycle Management 06:51 Best Practice for Infrastructure Lifecycle Management 09:11 Best Practice for Security Lifecycle Management 09:38 What is a Platform Team? 11:02 When should people start thinking about a platform team? 13:02 What is Zero Trust? 14:52 Challenges with IaC 17:35 How GenAI is impacting IaC? 20:04 Starting an open source project? 24:53 The Fun Section
What is the future of AI Security and Data Protection? At AWS re:Inforce in Philadelphia this year, Ashish spoke to Dan Benjamin, Head of Data, Identity and AI Security at Prisma Cloud about the new category of AI-SPM (Artificial Intelligence Security Posture Management) and why does it fit within all the other toolings organisations have. They spoke about the importance of building an AI and data inventory, understanding AI access, and the critical role of DSPM (Data Security Posture Management) in creating effective AI security controls. Guest Socials: Dan's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp Questions asked: 00:00 Introduction 02:09 A bit about Dan 02:29 What is AISPM? 03:16 How should CISOs tackle AI Security? 06:16 Right Controls around AI Services 07:32 AISPM vs CSPM 09:52 The role of DSPM 10:25 Tackling data security in world of AI 13:28 Maturity Curve for CISOs to consider 16:36 Security Teams for AI Security 19:51 The Fun Section
Magno Logan
Great podcast about Cloud Security! Highly recommend it! Ashish is the best!
Mohammed Saqeeb
Thank you so much for amazing resources, will keep a look on it always!
Ashish Rajan
The podcast has finished recording 50 episodes so far with guests from Netflix, Capital One, Hashicorp on how they do security in cloud, definitely worth checking out. FULL DISCLOSURE: I'm the host of the podcast and each month we pick a review to be featured on the podcast website (www.cloudsecuritypodcast.tv). Make sure you leave a review to be featured.