Cloud Security Podcast

🚀 How can we Unlock Business Success with Cybersecurity! 🚀 We had the pleasure of speaking to Fredrick Lee, CISO Reddit, Inc. about the role of a Modern CISO. - Reframe Your Approach to Risk: Evaluate your organization's risk tolerance and identify areas where taking risks can lead to significant business opportunities. - Leverage AI for Security: Start exploring AI tools that can help automate and improve your security processes, making your team more effective. - Prioritize Privacy: Implement privacy-by-design principles to build trust with your users and stay ahead of regulatory demands. Flee had some great insights which really made this episode a great one to listen to. We have linked the full episode in the comments below! #ciso #cybersecurityleadership #aisecurity

Is having a CSPM enough for Cloud Security? At RSA Conference 2024, Ashish sat down with returning guest Jimmy Mesta 🤙, Co-Founder and CTO of RAD Security to talk about the complexities of Kubernetes security and why sometimes traditional Cloud Security Posture Management (CSPM) falls short in a Kubernetes-centric world. We speak about the significance of behavioural baselining, the limitations of signature-based detection, the role of tools like eBPF in enhancing real-time security measures and the importance of proactive security measures and the need for a paradigm shift from reactive alert-based systems to a more silent and efficient operational model. #rsac2024 #cloudnativesecurity #kubernetessecurity

🌩️ Cloud Ransomware: A New Era of Cyber Threats 🌩️ How are Ransomware different in the cloud environment? Ashish spoke to Rich Mogull & Chris Farris about this on one of our recent episodes. 🔍 Different Game, Different Rules: Cloud ransomware isn't the NotPetya or Maersk type. No more hunting down offline servers. Instead, they might delete your data or download it and demand crypto to get it back. Sometimes, they bluff about having your data. 🗂️ Data Trails Matter: AWS has highlighted the importance of data trails. Without them, you won't know if the attackers actually have your data. 🔑 Key Deletion Tactics: There's a twist! Attackers threatening to delete your keys? AWS has a seven-day hold on key deletion, meaning you can easily recover your key and thwart the attack. 🤔 Laziness as a Strategy: Turns out, attackers can be just as lazy as anyone else, often taking the path of least resistance. This was a great episode where we explored the challenges and realities of Cloud Security in 2024, we have linked the full episode in the comments below #cloudsecurity #cloudsecuritycareers #threatmodel

🤖 AI is here and its here to stay, but how will it change cybersecurity? 🛡 We spoke to Amol Mathur, SVP & GM Prisma Cloud by Palo Alto Networks AI's role in cybersecurity through three critical dimensions: 🔍 Securing with AI: Imagine a world where threats are detected with unparalleled precision, enabling swift and effective incident response. AI can make this a reality, enhancing threat detection capabilities exponentially. 🛡️ Securing the AI: As generative AI applications proliferate, visibility and posture management become even more important. How do we safeguard these AI systems? How do we detect evolving attacks in real-time? This is the reality of securing our AI-driven future. 🔧 Simplifying Cybersecurity with AI: Generative AI shines here, simplifying complex cybersecurity tasks. From guided investigations and assistive remediation to summarization and multi-language query capabilities, AI can be an invaluable partner in achieving extraordinary outcomes. If AI in Cybersecurity and Cloud Security is of interest to you, definitely do check out this episode that we have linked for you in the comments below, you may also like our sister podcast AI CyberSecurity Podcast where we are breaking down the signal from the noise in the AI Cybersecurity space Palo Alto Networks #aicybersecurity #aisecurity #cloudsecurity

☸️ What does DevSecOps in the world of Kubernetes look like? ☸️ ⚙ Holistic Security for the Application Lifecycle: From deployment to production, use golden images and pathways to maintain full control and security. 🛡️ ⚙ Advanced Security Practices: Integrating SAST, DAST, and secrets management can streamline your security processes. 🔍 ⚙ Ecosystem Complexity: Understand the challenges of securing service-oriented architectures and the cognitive load on developers. 🤯 ⚙ Centralized Remediation: Explore strategies to centralize security within teams to effectively remediate issues without overwhelming developers. 🤝 ⚙ Power of Kubernetes: Kubernetes can help create immutable applications and provide the resilience needed to handle attacks. 💪 ⚙ Quick Recovery Strategies: Importance of mean time to recovery and how to achieve it with a robust, state-consolidated approach. ⏱️ We spoke to Sarah Polan, Field CTO EMEA for HashiCorp at Kubecon EU to talk about all things DevSecOps in the land of Kubernetes and Cloud Native, if these topics are of interest to you, definitely check out the full episode that we have linked in the comments below #cloudnativesecurity #kubernetesecurity #cloudsecurity

How has DevSecOps matured over the years? Can AI help with developer security? Ashish sat down with David DeSanto, Chief Product Officer at GitLab, at the RSA Conference to talk about how #DevSecOps has advanced through the year, the practical applications of AI in security, the reduction of false positives, and the importance of fostering a collaborative culture between development and security teams. #aisecurity #rsac2024

❗️💬 "It's a matter of maturity." The journey to the cloud begins with ensuring your posture is correct. The evolution of the CSPM industry reflects this priority. But what happens next? 🤔 📈 As your cloud presence grows and your business becomes increasingly reliant on cloud operations, it's time to face an inevitable truth: Cyber attacks often are not a question of if, but when. How prepared are you to detect and respond to these threats? We spoke to Ariel Parnes, Co-Founder Mitiga about this and lot more! 🛑 Transitioning to the Cloud: Ensuring your initial posture and the role of CSPM. Maturity in Cloud Operations: Recognizing when your business relies on cloud operationally and the importance of crown jewels in the cloud. 🛑 Detection and Response: Moving beyond prevention to a comprehensive strategy that includes detection and response capabilities. 🛑 The Role of a Security Data Lake: How it fits into your overall security strategy. Full episode linked in the comments below #cloudsecurity #incidentresponse #cloudcomputing

🛠️ Building a Cloud Security Program on AWS?⚔️ Here are some insights that might help from our chat with Mark Terenzoni, GM, Security Services at Amazon Web Services (AWS). - Initial Cloud Migration Challenges: Many organizations start their cloud journey without integrating security, only to realize later the critical need to backtrack and secure their environment. 🤔💭 - Speed vs. Security: The cloud enables teams to move faster, but this speed can be a double-edged sword if security isn't part of the initial migration plan. ⚡🔒 - Preventative Measures: Starting with preventative security measures can save you from future headaches. Establishing controls up front based on your security requirements can solve many problems before they arise. 🛡️🛠️ - Monitoring and Maintenance: Even with strong preventative measures, continuous monitoring is essential. A balanced approach ensures fewer issues in your cloud environment. 👀✅ If you are working with AWS, this conversation would be a good listen, we have linked the full episode in the comments below! #cloudsecurity #cloudsecurityprogram #awssecurity

One of the largest Cybersecurity Conferences weeks of the year wrapped up a couple of weeks ago and the Co-Hosts of our sister podcast AI CyberSecurity Podcast were there as speakers and panelists. Caleb gave an incredible keynote (which we have linked in the comments) at BSidesSF. Ashish and Caleb sat down to share their insights and observations around AI Security conversations and trends at RSA Conference and BSides SF. This was a great episode and if you are interested in AI Security, do check this out! #aisecurity #aicybersecurity #llmsecurity

What is AI's role in modern cybersecurity? Ashish sat down with Amol Mathur, SVP & GM of Prisma Cloud by Palo Alto Networks to talk about how cybersecurity is evolving in 2024. Amol spoke about the shift in threat landscapes and how attackers are increasingly targeting cloud infrastructure due to its critical importance. The transition from traditional enterprise SOCs to ones that natively understand cloud constructs and technologies and the challenges and solutions in bridging the cloud knowledge gap. #cloudsecurity #aisecurity #aicybersecurity Palo Alto Networks