Claim Ownership

Author:

Subscribed: 0Played: 0
Share

Description

 Episodes
Reverse
Pockets of Innovation

Pockets of Innovation

2022-11-2138:38

Pockets of Innovation with John ChavanneEpisode SummaryOn this episode, Solutions Architect at Palo Alto Networks, John Chavanne, joins Matt to talk about his career of innovation. John’s career spans over 20 years at HSBC before transitioning into DevOps and Cloud Solutions at Palo Alto Networks.Today, John talks about his career arc, transitioning to cloud, and the value of communities of practice groups. Where should organizations start with deploying a CNAP? Hear about the challenges with deploying cloud platforms, and John’s greatest accomplishments. Timestamp Segments·       [01:30] About John.·       [02:54] John’s career.·       [05:47] What is something that cloud makes easier?·       [07:09] Transitioning from network to DevOps and Cloud.·       [10:15] Starting the move to cloud at HSBC.·       [13:15] Cloud communities of practice.·       [18:47] Sharing code.·       [21:27] John’s biggest accomplishment.·       [23:23] Prisma Cloud.·       [26:25] Organizational challenges with deploying cloud platforms.·       [29:41] Where to start with deploying a CNAP.·       [33:54] How does John stay fresh? Notable Quotes·       “You can test things out in the cloud and the price of failure is almost zero.”·       “Innovation happens in pockets.”·       “Reduce waste and build habits that reduce waste.” Relevant LinksRecommended reading:         The Toyota Way.                                                Kubernetes - An Enterprise Guide.KodeKloud:     https://kodekloud.comTwitter:            https://twitter.com/jjchavanneComprehensive, full-stack cloud security Secure infrastructure, apps and data across hybrid and multi-cloud environments with Prisma Cloud.
What Serverless Can Do For You? With Mark GouldEpisode SummaryOn this episode, Cloud Security Engineer at Manhattan Associates, Mark Gould, joins Matt to talk about serverless computing. Mark is a Cybersecurity specialist, with a focus on the Google Cloud Platform, and is a Certified Google Architect.Today, Mark talks about serverless computing, the security risk to consider, and working with DevOps teams. What are the top three metrics to start with for automation and security? Hear about cloud automation, Mark’s NSG alerting system, and his greatest accomplishments in recent years. Timestamp Segments·       [01:22] About Mark.·       [02:49] About Manhattan Associates.·       [04:46] How does cloud fit in?·       [06:16] Automation in the cloud.·       [09:03] Modernization at Manhattan Associates.·       [10:18] Serverless computing.·       [14:39] Security risks with using serverless functions.·       [17:58] Mark’s NSG alerting system.·       [21:27] Three metrics for automation and security.·       [23:33] What should security teams be doing differently when working with DevOps?·       [25:43] What is Mark most proud of?·       [27:45] How does Mark continue to learn?·       [30:31] Is Manhattan Associates hiring? Notable Quotes·       “You definitely have to pick what kind of processes you want to automate and make sure that you’re willing to put in the work to maintain them.”·       “Sometimes serverless isn’t always the cheapest option.”·       “Leaders are learners.” Relevant LinksManhattan Associates:           https://www.manh.comLinkedIn:         https://www.linkedin.com/in/mark-gould-15a7a3149Comprehensive, full-stack cloud security Secure infrastructure, apps and data across hybrid and multi-cloud environments with Prisma Cloud.
Book Review: Startup Secure with Chris CastaldoEpisode SummaryOn this episode, CISO at Crossbeam and Author of Startup Secure: Baking Cybersecurity into your Company from Founding to Exit, Chris Castaldo, joins Matt to talk about startups and security. Chris is an industry-wide recognized CISO, having over 20 years of experience in cybersecurity.Today, Chris talks about his book, Startup Secure, his move to startups from the public sector, and the different startup development phases. What should startups focus on during the different development phases? Hear about security trust centers, the top startup security sins, and get Chris’s formula for personal growth. Timestamp Segments·       [02:03] What prompted Chris to write Startup Secure?·       [04:57] What has changed during the writing process?·       [06:47] Critical decisions throughout Chris’s career.·       [11:17] Moving from public sector to startups.·       [15:39] Startup development phases.·       [20:16] When certifications don’t make sense.·       [26:09] Mistakes in communicating to customers.·       [30:16] Security trust centers.·       [32:45] Startup security sins.·       [35:38] Chris’s formula for personal growth.·       [39:06] Chris’s parting words. Notable Quotes·       “You’re not the target. You’re just the jumping point to that target.”·       “I don’t need to review the security of a company we’re buying desks from.”·       “You just can’t expect everyone to be a cybersecurity expert.” Relevant LinksBuy the Book: https://www.amazon.com/Start-Up-Secure-Cybersecurity-Company-Founding/dp/1119700736LinkedIn:         https://www.linkedin.com/in/chriscastaldoComprehensive, full-stack cloud security Secure infrastructure, apps and data across hybrid and multi-cloud environments with Prisma Cloud.
The Software Factory

The Software Factory

2022-08-2237:44

S2E8 - The Software Factory with Chris HughesEpisode SummaryOn this episode, CISO and Co-Founder of Aquia, Chris Hughes, joins Matt to talk about building security in the cloud using automation and compliance. Chris’s career spans over 20 years in the IT/Cybersecurity industry, as well as in active service in the US Military.Chris talks about licensing and certifications, Cloud innovation, and achieving continuous ATO. How are software factories created and operationalized? Hear about the people side of the business, effectively building a community, and get Chris’s formula for personal growth. Timestamp Segments·       [01:19] Chris’s 28 licenses and certifications.·       [02:44] The value of certifications.·       [05:08] Chris’s Air Force experience.·       [06:25] About Aquia.·       [07:46] DoD vs the federal civilian space.·       [09:01] BatCave.·       [10:04] Federal DoD compliance.·       [12:55] How do agencies achieve Continuous ATO in the cloud?·       [16:04] Software Factories.·       [21:07] How it’s gone wrong.·       [23:12] What it looks like to stand up a Software Factory.·       [25:24] What works on the people side?·       [28:42] What is an effective way to build a community?·       [32:30] Why Chris reads physical books.·       [35:07] Chis’s formula for personal growth. Notable Quotes·       “The journey is going to be unique to the organization. It’s not going to be the same for everyone.”·       “Just be real.” Relevant LinksAquia:              https://www.aquia.usLinkedIn:         https://www.linkedin.com/in/chris-h-97680442 GutHub: Federal DoD Software Factory ComplianceComprehensive, full-stack cloud security Secure infrastructure, apps and data across hybrid and multi-cloud environments with Prisma Cloud.
Zero trust with no FUD

Zero trust with no FUD

2022-07-2146:25

In today’s episode, the Creator of Zero Trust, John Kindervag, joins Matt on the show to discuss implementing Zero Trust in your organization. While at Forrester Research in 2010, John developed Zero Trust, promising adequate and effective protection of an organization’s most valuable assets.Today, John talks about the driving force behind Zero Trust, the concept of the Protect Surface, and Kipling Method Policies. Why is trust a vulnerability? Hear about Zero Trust, Shadow IT, and get John’s recommended resources. Timestamp Segments·       [02:20] About John.·       [05:29] How does John define Zero Trust?·       [07:45] Why is trust a vulnerability?·       [09:56] The Protect Surface.·       [12:32] Kipling Method Policies.·       [17:22] The roadmap to Zero Trust at scale.·       [22:56] It’s the inspection that matters.·       [28:26] Zero Trust in the Cloud.·       [31:33] Shadow IT.·       [38:54] Tracking specific metrics.·       [40:58] John’s resource recommendations. Notable Quote"We can never stop cyber attacks from happening, but we can stop them from being successful.”Relevant LinksRecommended Reading:       The Zero Trust Learning Curve.Antifragile, by Nassim Nicholas Taleb. On Grand Strategy, by John Gaddis.Winning in FastTime, by John Warden.LinkedIn:         https://www.linkedin.com/in/john-kindervag-40572b1ISMG:              https://ismg.ioComprehensive, full-stack cloud security Secure infrastructure, apps and data across hybrid and multi-cloud environments with Prisma Cloud.
Matt joins a startup

Matt joins a startup

2022-06-2722:31

This episode of the Cloud Security Today podcast is a little different from the others because this time host Matthew Chiodi gives the interviewer’s seat over to Yousuf Khan and they talk about an exciting new development in Matt’s career.Matt announces a big career move and talks about how he’s hoping to fix some of the biggest problems in SaaS security today. He tells Yousuf about his new role and the fresh approach that his new company is bringing to the field. At the end of the episode, they discuss working in a start-up environment and give advice to anyone considering working in a start-up.If you enjoyed this episode, subscribe, or follow Cloud Security Today wherever you get your podcasts.Timestamps[0:28] Matt introduces the topic for today’s episode[1:50] Exciting news from Matt about his latest career move[5:10] Matt explains one of the biggest challenges in app security today[7:25] How have we managed app security up to now?[9:20] So how does Cerby work?[11:32] Matt’s new role at Cerby and an outline of his first few months[12:50] Why Matt likes working in a start-up environment[14:05] How Matt became interested in Cerby[16:20] What’s next for Cerby?[18:10] The advice that Matt would give to anyone looking to join a start-up[20:40] Yousuf adds his thoughts about working for a start-upEpisode LinksRidge VenturesYousuf Khan's Linkedin ProfileCerby's websiteMatt's Linkedin Profile
MITRE + Cloud

MITRE + Cloud

2022-06-2140:351

As the world of cloud security continues to progress at high speed, new challenges and threats arise and morph on a constant basis. The MITRE Corporation is a body tasked by the US government with solving some of the largest threats in cybersecurity and beyond, and we are very lucky to welcome Tracy Bannon to the podcast today, who is the Senior Principal and Software Architect & DevOps Advisor at MITRE. Tracy opens up about her career journey leading up to her current position, what drew her into the work at MITRE, and how the simplicity of the solutions-focused mission has embedded her loyalty and passion within the organization. The conversation also goes some way into exploring the potential and limitations of zero trust, and what it actually means to make progress towards safer environments. Along the way, our guest makes some interesting and quite unique arguments for why words matter, and why change is healthier through a philosophy centered on building. So to catch it all in this fascinating conversation, make sure to join us on Cloud Security Today!Key Points From This Episode:Tracy unpacks a brief history of FFRDCs and their role as objective technology advisors.The two main areas of Tracy's work at MITRE; digital transformation of software factories, and data centricity in data environments.Understanding MITRE's practical application and validation of the principles of zero trust theory. Weighing the validity of the negative reputation that developers have when it comes to security.Issues with the terms DevOps, DevSecOps, and SecDevOps, and the overloading and rushing that often happens on security teams. Why Tracy prioritizes 'culture building' over 'culture change' when thinking about progress. Leading teams, modeling behaviors, and realistic expectations for human error. Tools and safety nets in the cloud-native approach; Tracy's perspective on how much value to assign to these.Why the mission at MITRE initially piqued, and subsequently retained, Tracy's interest! Tweetables:“It’s not a recipe. It's not five things you have to do. It's understanding the principles and then applying them, being able to audit them, and validate consistently that they're happening. MITRE does both sides of that.” — @TracyBannon [0:07:44]“Our job is not to land and expand. It’s impact. At all costs, it's to make impact. If it's one person, or a half of that person, it's really defined by the ability to keep the US safe.” — @TracyBannon [0:09:39]Links Mentioned in Today’s Episode:Tracy Bannon on LinkedInTracy Bannon on TwitterMITRE CorporationRevelationThe Kill ChainZero Trust SecurityThe Software Architect ElevatorPeople Before TechComprehensive, full-stack cloud security Secure infrastructure, apps and data across hybrid and multi-cloud environments with Prisma Cloud.
Originally recorded in September of 2021...today’s guest is Justin Berman, the Vice President of Infrastructure and IT and the CISO at Thirty Madison. Thirty Madison is aiming to be a platform that everyone can use to deal with their chronic healthcare needs. Justin’s main focus is on building out the teams that enable scaling. With his development background, Justin has some unique ideas when it comes to cloud security, which makes for a fascinating interview. You’ll walk away from this episode with a new perspective on how to build security into products from the start and a better understanding of how to transition smoothly from on-prem to the cloud.Tweetables“I see security as an engineering problem. What I mean by that is not that there aren't things that you solve with process, or with policy, or training, but rather that in as many places as possible if you want to have a scaled effect within security, you need to write code to solve a problem.” — @justinmberman [0:06:03]Justin Berman on LinkedInPhoenix ProjectSimon SinekComprehensive, full-stack cloud security Secure infrastructure, apps and data across hybrid and multi-cloud environments with Prisma Cloud.
In this episode (originally recorded in November of 2021) we speak with Palo Alto Networks, VP of Threat Intel, Ryan Olson. Ryan helps define what threat intelligence actually is and how to get started building a program. He aptly reminds us that producing threat intel for the sake of threat intel is a waste of time. More importantly you first have to ask yourself, “Who’s going to be using this information?”.Tweetables“Producing threat intel for the sake of threat intel is a waste of time. What you should be doing is thinking ‘Who’s going to take the information that I have produced and use that to make a better decision?’ Because that's the goal of threat intelligence, to help a system, or a person, or a team, or a company make better decisions that will help secure them better.” — Ryan Olson [0:04:24]“If I could give people one recommendation, if you can get access to your SSL traffic so that you can decrypt it and you can inspect it, you will have a much better chance at detecting bad stuff in your network than you would without it.” — Ryan Olson [0:29:58]Links Mentioned in Today’s Episode:Ryan Olson on LinkedInUnit 42Unit 42 on TwitterUnit 42 Palo Alto Networks CareersComprehensive, full-stack cloud security Secure infrastructure, apps and data across hybrid and multi-cloud environments with Prisma Cloud.
Compliant Unicorns

Compliant Unicorns

2022-03-2137:13

Nearly all companies that have started in the last few years have been cloud-native from the very start. Someone who has experienced this is today’s guest Nate Lee. Nate is the Chief Information Security Officer for Tradeshift, a cloud-based business networking platform for supply chain payments, marketplaces, and applications. In this episode, Nate joins us to talk about the company’s journey, its success, and what he has learned here over the past seven years. Nate explains how Tradeshift’s vision is to digitize and connect everything that happens between a buyer and a seller anywhere in the world, and how being cloud-native from the start has supported this mission. We discuss how you can leverage automation and DevSecOps to scale on some very difficult items like ISO 27000 among other certifications. You will also hear how security has been the key differentiator that led to Tradeshift’s success, how the strategic focus of Tradeshift’s security program has shifted over time and the key metrics that Tradeshift tracks to maintain its certifications and compliance efforts.Tweetables“[The vision] is connecting every company in the world. You can't do that with a bunch of islands running in individual data centers. It was an easy choice to be cloud-native back then, as well as a smart choice in general for any company starting these days.” — @JustAnotherNate [0:08:56]"In security and software development these days, if you're not constantly learning, you're falling behind just as quickly.” — @JustAnotherNate [0:32:48]Links Mentioned in Today’s EpisodeNate's LinkedIn profileTradeshift's websiteNate's blog on Transforming Technical Debt from Burden to ToolThe Unicorn ProjectComprehensive, full-stack cloud security Secure infrastructure, apps and data across hybrid and multi-cloud environments with Prisma Cloud.
Fed Clouds

Fed Clouds

2022-02-1434:08

In a world where cyber-attacks are ever-changing, cybersecurity has to adapt accordingly. Joining us today to delve into the world of cloud security for federal agencies is Sandeep Shilawat, Vice President of Cloud and Edge Computing at ManTech. Sandeep has extensive experience in both Commercial and Federal technology markets. We’ll get to hear his predictions on where the cloud world is heading, as well as what the Federal Authority to Operate (ATO) process will look like in the future. We learn the benefits of cloud compliance standards, as well as how FedRAMP is leveling the playing field in federal cloud computing. We also touch on the role of 5G in cloud computing, and why its presence will disrupt going forward. Join us as we pick Sandeep’s brain for some insights into the present and future of federal cybersecurity.Tweetables“Visibility has become [the] single biggest challenge and nobody's dealing with cloud management in a multi-cloud perspective from cradle to grave.” — @Shilawat [0:09:03]“I think that having a managed cloud service is probably the first approach that should be considered by an agency head. I do think that that's where the market is heading. Sooner or later, it will probably become a de facto way of doing cloud security.” — @Shilawat [0:19:43]Comprehensive, full-stack cloud security Secure infrastructure, apps and data across hybrid and multi-cloud environments with Prisma Cloud.
Cloud Native Pharma

Cloud Native Pharma

2022-01-1738:16

The pharmaceutical industry has a reputation for being cautious when it comes to adopting new technologies. However, in this episode, you’ll hear from the CISO at Takeda Pharmaceuticals, Mike Towers, that for Takeda cloud has been a game-changer (albeit not without some challenges). As we like to do, we’ll start by diving into Mike’s background and then pivot to understand where Takeda is today in their cloud journey and where they are going over the next 24 months. Get your pen ready because Mike is going to drop a massive amount of knowledge in a short period of time.Tweetables:“One of the things that's the toughest in the biopharmaceutical industry is focus because it's really easy to get tempted to try to solve a lot of different problems.” — @MichaelATowers [0:02:47]“We’ll be exclusively cloud, within probably, I would say, 15 months from now.” — @MichaelATowers [0:17:51]Links Mentioned in Today’s Episode:Prisma CloudMike Towers on TwitterMike Towers on LinkedInTakedaNavigating the Digital AgeComprehensive, full-stack cloud security Secure infrastructure, apps and data across hybrid and multi-cloud environments with Prisma Cloud.
Supply Chain Security

Supply Chain Security

2021-12-1531:54

Despite the media coverage afforded to the SolarWinds and Kaseya breaches, Palo Alto Networks, Unit 42 threat research indicates supply chain security in the cloud continues its growth as an emerging threat. Much remains misunderstood about both the nature of these attacks and the most effective means of defending against them. To better understand how supply chain attacks occur in the cloud, Unit 42 researchers analyzed data from a variety of public data sources around the world and, at the request of a large SaaS provider, executed a red team exercise against their software development environment. As you'll hear in the podcast, overall, the findings indicate that many organizations may still be lulled into a false sense of supply chain security in the cloud. Case in point: Even with limited access to the customer’s development environment, it took a single Unit 42 researcher only three days to discover several critical software development flaws that could have exposed the customer to an attack similar to that of SolarWinds and Kaseya. In the podcast, Unit 42 researchers Nathaniel "Q" Quist and Dr. Jay Chen, draw on Unit 42’s analysis of past supply chain attacks. The Cloud Threat Report explains the full scope of supply chain attacks, discusses poorly understood details about how they occur, and recommends actionable best practices that organizations can adopt today to help protect their supply chains in the cloud. Comprehensive, full-stack cloud security Secure infrastructure, apps and data across hybrid and multi-cloud environments with Prisma Cloud.
Cloud Immigration

Cloud Immigration

2021-11-1034:42

The journey toward the cloud is filled with challenges, but the benefits it brings make the struggle worthwhile. Today we talk about all things cloud adoption with Rob Brown, CTO at the US Citizenship and Immigration Services Group. We jump in with some introductory comments about who the USCIS are and what they do, with Rob giving listeners an idea of his role within the organization. We hear about the massive move toward digitization at USCIS and some of the biggest challenges the organization is facing as far as cloud adoption. From there, our conversation touches on the benefits of a multi-cloud approach, how USCIS is implementing Zero Trust with regards to cloud security, and how microsegmentation fits into all of this. Tuning in, listeners will also learn about the metrics Rob uses to assess the process of cloud adoption at USCIS, how the shift to the cloud has helped address the issue of siloing, and the benefits of implementing a unified pipeline grounded by standardization. We wrap up with some current initiatives Rob is most occupied with before hearing about how he likes to stay sharp using an approach grounded in experimentation and testing. Rob is filled with insights to help keep teams robust and agile during sticky situations, so be sure to tune in and hear them all.Tweetables“We have got a very good security team and a pretty savvy group of application developers and infrastructure folks that take security and shift it as far to the left as possible.” — Rob Brown [0:17:19]“Standardization, to me, has been critical in creating some of these unified pipelines.” — Rob Brown [0:29:14]Links Mentioned in Today’s Episode:Rob Brown on LinkedInUS Citizenship and Immigration ServicesJobs at USCISComprehensive, full-stack cloud security Secure infrastructure, apps and data across hybrid and multi-cloud environments with Prisma Cloud.
When thinking of innovation, the first things that usually come to mind are tech startups. It’s not often you think of examples from the US Government or, more specifically, the Department of Defense. Our guest today has unprecedented insight, not only into what it takes to build a startup but how to create a startup-like culture in massive organizations like the US Department of Defense. Nic Chaillan, has had tremendous success as an entrepreneur and, in 2016, decided to pursue public service when he took a job with the US government. Over the past 20 years, Nic has built hundreds of products that were sold to dozens of Fortune 500 companies. After taking a break from entrepreneurship, Nicolas served as the Chief Software Officer for the US Air Force and Space Force and introduced game-changing innovations to the government’s software operations. In our conversation with Nic, we discuss agile practices and how he used DevSecOps to elevate the Department of Defense’s software security. We unpack how his experience as an entrepreneur motivated him and why it was a commonsense decision to apply those lessons when he started in government.Tweetables:“When you look at the desired outcomes, you realize pretty quickly that DevSecOps is the main enabler to get all of these things done fast while not creating more risk. In fact, I would argue, it reduces both cyber and operational testing risk as well.” — @NicolasChaillan [0:06:30]“That’s also something to think about: what kind of access control do you want to have in place when it comes to these kinds of tools and how do you mitigate the blast radius?” — @NicolasChaillan [0:16:39]“I am also a big believer that education and continuous learning has to drastically change and improve.” — @NicolasChaillan [0:33:59]Nicolas M. Chaillan on LinkedIn
Some of the most pertinent issues in cloud security are also very foundational. Questions like where to start, what works, and also what doesn’t work, can leave teams feeling frustrated and at a loss over how to proceed. Here to help us unpack these important questions is Jonathan Villa, the Cloud Security Practice director at GuidePoint Security. Jonathan’s career wasn’t always in security, he has spent time as an application developer, and as a pentester. All of this led him to build solutions in the cloud over a decade ago which organically transitioned into cloud security. In our conversation with Jonathan, we discuss what he learned about cloud security throughout his career, what he has found to be effective, both in terms of technology and managing teams. We explore important issues like how security has struggled with automation and how to address it. Later we address the challenges facing talent development in security and how to address them, including having leadership take a more long-term view and training junior staff members. Jonathan also discusses the RACI model, why so many companies struggle to implement it correctly and how best to be effective. Today’s episode offers key insight into cloud security, leadership, and the importance of teams, so make sure you tune in today!Jonathan's LinkedIn profile“I think that if security organizations really look to build more, they may attract more talent with development experience.” — Jonathan Villa [0:08:07]“When you look at the average tenure of a CISO, I don't know what it is now, it's like two years or something like that. It's like, how do you build a long-term talent development model if the leaders themselves are gone every two years?” — Jonathan Villa [0:20:39]Comprehensive, full-stack cloud security Secure infrastructure, apps and data across hybrid and multi-cloud environments with Prisma Cloud.
Today’s guest is Guy Eisenkot and he joins us to talk about how culture is a critical aspect of shift-left security and DevOps. Guy is the Co-Founder of Bridgecrew, a tool that solves the talent shortage gap for building secure infrastructure in the public cloud. Our conversation begins with Guy giving some insight about his path into development and security, and he details his training in the Israeli military and subsequent experience building security tools for the civil market. In today’s discussion, Guy gets into how the security responsibilities of platform and infrastructure teams have changed as well as what security teams are missing when it comes to DevOps security. He shares his insights about how security and DevOps teams have been able to synchronize and also gets into some of the biggest pitfalls in DevOps as far as cybersecurity best practices. We explore how infrastructure as code could be the driver of two paths, one leading to a dangerous amount of freedom, and the other, to the standardization necessary for automation. Toward the end of our conversation, Guy weighs in on the parts of the industry that show maturity as far as DevSecOps versus those that don’t, and he also talks about how the OpenSource tool Checkov helps solve poor security configurations during resource deployment. Tune in today and get ready to take some notes!Tweetables:“We were learning what are the limitations of these orchestration capabilities, and how we can take legacy infrastructure and promote it into a modern stack. And that's where we saw DevOps is practically everywhere.” — @guysenkot [0:06:28]“Bridgecrew essentially builds developer tools that help people from engineering organizations build secure infrastructure in the public cloud.” — @guysenkot [0:12:19]“Where both security and DevOps come together for me is when you realize that in the cloud both of these buckets of initiatives are sitting on the same infrastructure.” — @guysenkot [0:20:38]Links Mentioned in Today’s Episode:Guy EisenkotGuy Eisenkot on TwitterBridgecrewCheckovComprehensive, full-stack cloud security Secure infrastructure, apps and data across hybrid and multi-cloud environments with Prisma Cloud.
Cloud security is essential for any business but particularly for government agencies. On today’s episode, we speak with an expert in the field, Ravi Raghava, who is Chief Cloud Strategist at General Dynamics Information Technology (GDIT). Ravi speaks about his personal experience with dozens of cloud deployments for civil agencies and shares best practices.AcronymsATO = Authority to OperatePOAM = Plan of Action and MilestonesCDM = Continuous Diagnostics and MitigationOCM = Organizational Change ManagementTweetables:“Over the next few years, we will see a lot of traction and we will see accelerated workload migration to the cloud. It's not just one cloud but multiple clouds, and multi-cloud is becoming the new norm.” — Ravi Raghava [0:04:55]“We are very strong advocates of OCM, and we work with our government customers to have a well thought-through strategy, providing the right skills, the right training, right medium of training to people.” — Ravi Raghava [0:25:43]“Having those security frameworks in place, testing infrastructure, having those security tools in place nicely help you automate the entire thing because automation is key.” — Ravi Raghava [0:31:20]Links Mentioned in Today’s Episode:Ravi Raghava on LinkedInGDITJFrogPrisma CloudComprehensive, full-stack cloud security Secure infrastructure, apps and data across hybrid and multi-cloud environments with Prisma Cloud.
In this episode, Nathanial Quist, also known as ‘Q’ returns along with Dr. Jay Chen, both of whom listeners might recognize from our inaugural episode where we discussed how common identity misconfigurations can undermine cloud security. Both Jay and Q are threat researchers with Palo Alto Networks Unit 42. Unit 42 is the global threat intelligence team at Palo Alto Networks and a recognized authority on cyberthreats, frequently sought out by enterprises and government agencies around the world.In our conversation, they discuss what they found in their latest Cloud Threat Report examining the impact of the COVID-19 pandemic. We explore how the tremendous increase in remote work has affected cloud security and why Jay is more concerned over the number of mistakes that people are making, rather than the type of mistakes. Tuning in you’ll hear what organizations can do to curtail the recent rise in security incidents and some interesting observations that Q and Jay learned from their data, such as the fact that even malicious hackers need a holiday and don’t want to spend all their time in front of a computer cryptojacking :-) Key Points From This Episode:Cloud security incidents grew, on average, 188% pre vs. post COVID-19 discovery.Retail organizations saw the greatest increase in security incidents at 402%.The cloud is no longer for low-impact data: 69% of data is PII.Tweetables:“We saw a decrease in crypto mining operations during the holiday period between December 24th through January 3rd. It just kind of goes to show that even malicious crypto miners want to take a holiday.” — Nathanial Quist [0:25:26]“Standardization can help you find the issue but automation can help you to prevent or mitigate [it].” — Jay Chen [0:32:02]Links Mentioned in Today’s Episode:Cloud Threat ReportClip from Tommy BoyNathaniel Quist on LinkedInJay Chen on LinkedInCloud Security TodayComprehensive, full-stack cloud security Secure infrastructure, apps and data across hybrid and multi-cloud environments with Prisma Cloud.
Keeping it simple is Brett’s mantra, and it has led to a great amount of success for him and the company he works for. As a security leader at Zoetis, the world’s largest animal healthcare company, Brett has managed to get ahead of the business in terms of adopting cloud securely. Although it may sound boring, standardizing security processes was a key element in the journey to automation for the Zoetis SOC. In today’s episode, Brett also talks about how he ended up in the world of cybersecurity after majoring in ecommerce, the different facets that make up his current role at Zoetis, as well as some of the tools that are extremely useful to Brett and his team. Brett also opines on how automation has led to a reduction in talent-drain on his team. We also briefly delve into the SolarWinds hack and how this changed the way Brett thinks and approaches supply chain security. Key Points From This Episode:Getting ahead of the business, build it before they come!Standardization MUST come before automation.Automation reduces talent-drain.Metrics that Brett and his team follow up on constantly.Tweetables:“Standardization...I just live and die by our process. We're very process-oriented. You can do that in the cloud but you have to take time to do that, and that's how it should be done.” — Brett Tode [0:10:38]“Your standardized processes are the things that really are going to keep you in control and keep you effective over time. Automation is really cool and great because it's going to save us time. But without that standardized process, you can never get to automation.” — Brett Tode [0:13:04]“In almost everything I do, I try to keep things simple. Don't try to make something so complex from the get-go because it’s just never going to work.” — Brett Tode [0:24:49]“We’re always going to strive to be better. I think everyone should do that because making yourself better is just providing more value for the company. At the end of the day, that's what we're all supposed to be doing.” — Brett Tode [0:25:52]Links Mentioned in Today’s Episode:Brett on LinkedInZoetis CareersComprehensive, full-stack cloud security Secure infrastructure, apps and data across hybrid and multi-cloud environments with Prisma Cloud.
Comments 
Download from Google Play
Download from App Store