EP268 Weaponizing the Administrative Fabric: Cloud Identity and SaaS Compromise in M Trends 2026
Update: 2026-03-23
Description
Guests:
- Kelli Vanderlee, Senior Manager, Threat Analysis, Mandiant, Google Cloud
- Scott Runnels, Mandiant Incident Response, Google Cloud
Topics:
- Do we need to rethink "Mean Time to Respond" entirely, or are we just in deep trouble?
- Why are threat groups collaborating so well, and are there actual lessons for defenders in their "business" model?
- What is the scalable advice for teams worried about voice phishing and GenAI cloning?
- What does "weaponizing the administrative fabric" actually mean in a world where identity is the perimeter?
- Why is identity/SaaS compromise "news" in 2026 when cloud security folks have been shouting about it for years? What actually changed?
- What's the latest in supply chain compromise, particularly regarding malicious open-source packages?
- How do we defend against malware that is "lazy" enough to use the victim's own AI tools for reconnaissance?
- What is the specific advice for Detection and Response (D&R) teams to handle "living off the land" (or "living off the cloud")?
- How do you fix the situation when IT and Security departments genuinely hate each other?
- Besides reading the report, what is the one book or piece of advice for a CISO to survive this year?
Resources:
- Video version
- M-Trends 2026 Report
- EP222 From Post-IR Lessons to Proactive Security: Deconstructing Mandiant M-Trends
- EP254 Escaping 1990s Vulnerability Management: From Unauthenticated Scans to AI-Driven Mitigation
- EP205 Cybersecurity Forecast 2025: Beyond the Hype and into the Reality
- EP147 Special: 2024 Security Forecast Report
- "The Evolution of Cooperation" book
Comments
In Channel
Download from Google Play
Download from App Store
United States00:00
00:00
x
