Guest: Alex Pinto , Associate Director of Threat Intelligence, Verizon Business, Lead the Verizon Data Breach Report Topics: How would you define “a cloud breach”? Is that a real (and different) thing? Are cloud breaches just a result of leaked keys and creds? If customers are responsible for 99% of cloud security problems, is cloud breach really about a customer being breached ? Are misconfigurations really responsible for so many cloud security breaches? How are we still failing at configurati...
Jun 09, 2025•35 min•Season 1Ep. 229
Guest Alan Braithwaite , Co-founder and CTO @ RunReveal Topics: SIEM is hard, and many vendors have discovered this over the years. You need to get storage, security and integration complexity just right. You also need to be better than incumbents. How would you approach this now? Decoupled SIEM vs SIEM/EDR/XDR combo. These point in the opposite directions, which side do you think will win? In a world where data volumes are exploding, especially in cloud environments, you're building a SIEM with...
Jun 02, 2025•27 min•Season 1Ep. 228
Guests: Eric Foster , CEO of Tenex.AI Venkata Koppaka , CTO of Tenex.AI Topics: Why is your AI-powered MDR special? Why start an MDR from scratch using AI? So why should users bet on an “AI-native” MDR instead of an MDR that has already got its act together and is now applying AI to an existing set of practices? What’s the current breakdown in labor between your human SOC analysts vs your AI SOC agents? How do you expect this to evolve and how will that change your unit economics? What tasks are...
May 26, 2025•24 min•Season 1Ep. 227
Guest: Christine Sizemore , Cloud Security Architect, Google Cloud Topics: Can you describe the key components of an AI software supply chain, and how do they compare to those in a traditional software supply chain? I hope folks listening have heard past episodes where we talked about poisoning training data. What are the other interesting and unexpected security challenges and threats associated with the AI software supply chain? We like to say that history might not repeat itself but it does r...
May 19, 2025•25 min•Season 1Ep. 226
Hosts: David Homovich , Customer Advocacy Lead, Office of the CISO, Google Cloud Alicja Cade , Director, Office of the CISO, Google Cloud Guest: Christian Karam , Strategic Advisor and Investor Resources: EP2 Christian Karam on the Use of AI (as aired originally) The Cyber-Savvy Boardroom podcast site The Cyber-Savvy Boardroom podcast on Spotify The Cyber-Savvy Boardroom podcast on Apple Podcasts The Cyber-Savvy Boardroom podcast on YouTube Now hear this: A new podcast to help boards get cyber s...
May 14, 2025•25 min•Season 1Ep. 225
Guest: Diana Kelley , CSO at Protect AI Topics: Can you explain the concept of "MLSecOps" as an analogy with DevSecOps, with 'Dev' replaced by 'ML'? This has nothing to do with SecOps, right? What are the most critical steps a CISO should prioritize when implementing MLSecOps within their organization? What gets better when you do it? How do we adapt traditional security testing, like vulnerability scanning, SAST, and DAST, to effectively assess the security of machine learning models? Can we? I...
May 12, 2025•31 min•Season 1Ep. 224
Guests: no guests, just us in the studio Topics: At RSA 2025, did we see solid, measurably better outcomes from AI use in security, or mostly just "sizzle" and good ideas with potential? Are the promises of an "AI SOC" repeating the mistakes seen with SOAR in previous years regarding fully automated security operations? Does "AI SOC" work according to RSA floor? How realistic is the vision expressed by some [yes, really!] that AI progress could lead to technical teams, including IT and security,...
May 05, 2025•32 min•Season 1Ep. 223
Guests: Kirstie Failey @ Google Threat Intelligence Group Scott Runnels @ Mandiant Incident Response Topics: What is the hardest thing about turning distinct incident reports into a fun to read and useful report like M-Trends ? How much are the lessons and recommendations skewed by the fact that they are all “post-IR” stories? Are “IR-derived” security lessons the best way to improve security? Isn’t this a bit like learning how to build safely from fires vs learning safety engineering? The repor...
Apr 28, 2025•35 min•Season 1Ep. 222
Guests: No guests [Tim in Vegas and Anton remote] Topics: So, another Next is done. Beyond the usual Vegas chaos, what was the overarching security theme or vibe you [Tim] felt dominated the conference this year? Thinking back to Next '24, what felt genuinely different this year versus just the next iteration of last year's trends? Last year, we pondered the 'Cloud Island' vs. 'Cloud Peninsula'. Based on Next 2025, is cloud security becoming more integrated with general cyber security, or is it ...
Apr 23, 2025•30 min•Season 1Ep. 221
Guests: Michael Cote , Cloud VRP Lead, Google Cloud Aadarsh Karumathil , Security Engineer, Google Cloud Topics: Vulnerability response at cloud-scale sounds very hard! How do you triage vulnerability reports and make sure we’re addressing the right ones in the underlying cloud infrastructure? How do you determine how much to pay for each vulnerability? What is the largest reward we paid? What was it for? What products get the most submissions? Is this driven by the actual product security or by...
Apr 21, 2025•29 min•Season 1Ep. 220
Guest: Steve Ledzian , APAC CTO, Mandiant at Google Cloud Topics: We've seen a shift in how boards engage with cybersecurity. From your perspective, what's the most significant misconception boards still hold about cyber risk, particularly in the Asia Pacific region, and how has that impacted their decision-making? Cybersecurity is rife with jargon. If you could eliminate or redefine one overused term, which would it be and why? How does this overloaded language specifically hinder effective com...
Apr 14, 2025•32 min•Season 1Ep. 219
Guest: Henrique Teixeira , Senior VP of Strategy, Saviynt, ex-Gartner analyst Topics: How have you seen IAM evolve over the years, especially with the shift to the cloud, and now AI? What are some of the biggest challenges and opportunities these two shifts present? ITDR (Identity Threat Detection and Response) and ISPM (Identity Security Posture Management) are emerging areas in IAM. How do you see these fitting into the overall IAM landscape? Are they truly distinct categories or just extensio...
Apr 07, 2025•30 min•Season 1Ep. 218
Guest: Alex Polyakov , CEO at Adversa AI Topics: Adversa AI is known for its focus on AI red teaming and adversarial attacks. Can you share a particularly memorable red teaming exercise that exposed a surprising vulnerability in an AI system? What was the key takeaway for your team and the client? Beyond traditional adversarial attacks, what emerging threats in the AI security landscape are you most concerned about right now? What trips most clients, classic security mistakes in AI systems or AI...
Mar 31, 2025•23 min•Season 1Ep. 217
Guest: James Campbell , CEO, Cado Security Chris Doman , CTO, Cado Security Topics: Cloud Detection and Response (CDR) vs Cloud Investigation and Response Automation( CIRA ) ... what’s the story here? There is an “R” in CDR, right? Can’t my (modern) SIEM/SOAR do that? What about this becoming a part of modern SIEM/SOAR in the future? What gets better when you deploy a CIRA (a) and your CIRA in particular (b)? Ephemerality and security, what are the fun overlaps? Does “E” help “S” or hurts it? Wh...
Mar 24, 2025•32 min•Season 1Ep. 216
Guest: Meador Inge , Security Engineer, Google Cloud Topics: Can you walk us through Google's typical threat modeling process? What are the key steps involved? Threat modeling can be applied to various areas. Where does Google utilize it the most? How do we apply this to huge and complex systems? How does Google keep its threat models updated? What triggers a reassessment? How does Google operationalize threat modeling information to prioritize security work and resource allocation? How does it ...
Mar 17, 2025•26 min•Season 1Ep. 215
Guest: Archana Ramamoorthy , Senior Director of Product Management, Google Cloud Topics: You are responsible for building systems that need to comply with laws that are often mutually contradictory. It seems technically impossible to do, how do you do this? Google is not alone in being a global company with local customers and local requirements. How are we building systems that provide local compliance with global consistency in their use for customers who are similar in scale to us? Originally...
Mar 10, 2025•29 min•Season 1Ep. 214
Guest: Yigael Berger , Head of AI, Sweet Security Topic: Where do you see a gap between the “promise” of LLMs for security and how they are actually used in the field to solve customer pains? I know you use LLMs for anomaly detection. Explain how that “trick” works? What is it good for? How effective do you think it will be? Can you compare this to other anomaly detection methods? Also, won’t this be costly - how do you manage to keep inference costs under control at scale? SOC teams often grapp...
Mar 03, 2025•28 min•Season 1Ep. 213
Guest: Dave Hannigan , CISO at Nu Bank Topics: Tell us about the challenges you're facing as CISO at NuBank and how are they different from your past life at Spotify? You're a big cloud based operation - what are the key challenges you're tracking in your cloud environments? What lessons do you wish you knew back in your previous CISO run [at Spotify]? What metrics do your team report for you to understand the security posture of your cloud environments? How do you know “your” cloud use is as se...
Feb 24, 2025•33 min•Season 1Ep. 212
Guest: Kimberly Goody , Head of Intel Analysis and Production, Google Cloud Topics: Google's Threat Intelligence Group (GTIG) has a unique position, accessing both underground forum data and incident response information. How does this dual perspective enhance your ability to identify and attribute cybercriminal campaigns? Attributing cyberattacks with high confidence is important. Can you walk us through the process GTIG uses to connect an incident to specific threat actors, given the complexit...
Feb 17, 2025•26 min•Season 1Ep. 211
Guest: Or Brokman , Strategic Google Cloud Engineer, Security and Compliance, Google Cloud Topics: Can you tell us about one particular cloud consulting engagement that really sticks out in your memory? Maybe a time when you lifted the hood, so to speak, and were absolutely floored by what you found – good or bad! In your experience, what's that one thing – that common mistake – that just keeps popping up? That thing that makes you say 'Oh no, not this again!' 'Tools over process' mistake is one...
Feb 10, 2025•27 min•Season 1Ep. 210
Guests: Beth Cartier , former CISO, vCISO, founder of Initiative Security Guest host of the CISO mini-series: Marina Kaganovich , Executive Trust Lead, Office of the CISO @ Google Cloud Topics: How is that vCISO’ing going? What is special about vCISO and cloud? Is it easier or harder? AI, cyber, resilience - all are hot topics these days. In the context of cloud security, how are you seeing organizations realistically address these trends? Are they being managed effectively (finally?) or is secu...
Feb 03, 2025•29 min•Season 1Ep. 209
Guest host: Marina Kaganovich , Executive Trust Lead, Office of the CISO @ Google Cloud Guest: John Rogers , CISO @ MSCI Topics: Can you briefly walk us through your CISO career path? What are some of the key (cloud or otherwise) trends that CISOs should be keeping an eye on? What is the time frame for them? What are the biggest cloud security challenges CISOs are facing today, and how are those evolving? Given the rapid change of pace in emerging tech, such as what we’ve seen in the last year o...
Jan 27, 2025•31 min•Season 1Ep. 208
Guest: Bob Blakley , Co-founder and Chief Product Officer of Mimic Topics: Tell us about the ransomware problem - isn't this a bit of old news? Circa 2015, right? What makes ransomware a unique security problem? What's different about ransomware versus other kinds of malware? What do you make of the “RansomOps” take (aka “ransomware is not malware”)? Are there new ways to solve it? Is this really a problem that a startup is positioned to solve? Aren’t large infrastructure owners better positione...
Jan 20, 2025•33 min•Season 1Ep. 207
Guest: Allan Liska , CSIRT at Recorded Future, now part of Mastercard Topics: Ransomware has become a pervasive threat. Could you provide us with a brief overview of the current ransomware landscape? It's often said that ransomware is driven by pure profit. Can you remind us of the business model of ransomware gangs, including how they operate, their organizational structures, and their financial motivations? Ransomware gangs are becoming increasingly aggressive in their extortion tactics. Can y...
Jan 13, 2025•33 min•Season 1Ep. 206
Guest: Andrew Kopcienski , Principal Intelligence Analyst, Google Threat Intelligence Group Questions: You have this new Cybersecurity Forecast 2025 report , what’s up with that? We are getting a bit annoyed about the fear-mongering on “oh, but attackers will use AI.” You are a threat analyst, realistically, how afraid are you of this? The report discusses the threat of compromised identities in hybrid environments (aka “no matter what you do, and where, you are hacked via AD”). What steps can o...
Jan 06, 2025•28 min•Season 1Ep. 205
Guest: Phil Venables , Vice President, Chief Information Security Officer (CISO) @ Google Cloud Topics Why is our industry suddenly obsessed with resilience? Is this ransomware’s doing? How did the PCAST report come to be? Can you share the backstory and how it was created? The PCAST report emphasizes the importance of leading indicators for security and resilience. How can organizations effectively shift their focus from lagging indicators to these leading indicators? The report also emphasizes...
Dec 23, 2024•31 min•Season 1Ep. 204
Guest: Rich Mogull , SVP of Cloud Security at Firemon and CEO at Securosis Topics: Let’s talk about cloud security shared responsibility. How to separate the blame? Is there a good framework for apportioning blame? You've introduced the Cloud Shared Irresponsibilities Model , stating cloud providers will be considered partially responsible for breaches even if due to customer misconfigurations. How do you see this impacting the relationship between cloud providers and their customers? Will it le...
Dec 16, 2024•37 min•Season 1Ep. 203
Guest: Amine Besson , Tech Lead on Detection Engineering, Behemoth Cyberdefence Topics: What is your best advice on detection engineering to organizations who don’t want to engineer anything in security? What is the state of art when it comes to SOC ? Who is doing well? What on Earth is a fusion center? Why classic “tiered SOCs” fall flat when dealing with modern threats? Let’s focus on a correct definition of detection as code. Can you provide yours? Detection x response engineering - is there ...
Dec 09, 2024•37 min•Season 1Ep. 202
Guest: Chris Hoff , Chief Secure Technology Officer at Last Pass Topics: I learned that you have a really cool title that feels very “now” - Chief Secure Technology Officer? What’s the story here? Weirdly, I now feel that every CTO better be a CSTO or quit their job :-) After, ahem, not-so-recent events you had a chance to rebuild a lot of your stack, and in the process improve security. Can you share how it went, and what security capabilities are now built in? How much of a culture change did ...
Dec 02, 2024•37 min•Season 1Ep. 201
Guest: Michael Czapinski , Security & Reliability Enthusiast, Google Topics: “How Google protects its production services” paper covers how Google's infrastructure balances several crucial aspects, including security, reliability, development speed, and maintainability. How do you prioritize these competing demands in a real-world setting? What attack vectors do you consider most critical in the production environment, and how has Google’s defenses against these vectors improved over time? C...
Nov 25, 2024•28 min•Season 1Ep. 200
