The Role of Cloud Security Research in 2024
Description
Why does Cloud Security Research matter in 2024? At fwd:cloudsec EU in Brussels, we sat down with Scott Piper, a renowned cloud security researcher at Wiz, to discuss the growing importance of cloud security research and its real-world impact. Scott spoke to us about the critical differences between traditional security testing and cloud security research, explaining how his team investigates cloud providers to find out vulnerabilities, improve detection tools, and safeguard data.
Guest Socials: Scott's Linkedin + Scott's Twitter
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security BootCamp
Questions asked:
(00:00 ) Introduction
(02:07 ) A bit about Scott Piper
(02:48 ) What is a Cloud Security Research Team?
(04:30 ) Difference between traditional and Cloud Security Research
(07:21 ) Cloud Pentesting vs Cloud Security Research
(08:10 ) What is request collapsing?
(10:26 ) GitHub Actions and OIDC Research
(13:47 ) How has cloud security evolved?
(17:02 ) Tactical things for Cloud Security Program
(18:41 ) Impact of Kubernetes and AI on Cloud
(20:37 ) How to become a Cloud Security Researcher
(22:46 ) AWS Cloud Security Best Practices
(26:35 ) Trends in AWS Cloud Security Research
(28:11 ) Fun Questions
(30:22 ) A bit about fwd:cloudsec
Resources mentioned during the interview:
Wiz.io - Cloud Security Podcast listeners can also get a free cloud security health scan
Avoiding security incidents due to request collapsing
A security community success story of mitigating a misconfiguration
CTFs
Prompt Airlines , AI Security Challenge