EP91 “Hacking Google”, Op Aurora and Insider Threat at Google

Guest:

• Mike Sinno, Security Engineering Director, Detection and Response  @ Google

Topics:

• You recently were featured in “Hacking Google” videos, can you share a bit about this effort and what role you played?
• How long have you been at Google? What were you doing before, if you can remember after all your time here? What brought you to Google?
• We hear you now focus on insider threats. Insider threat is back in the news, do you find this surprising?
• A classic insider question is about “malicious vs well-meaning insiders" and which type is a bigger risk. What is your take here?
• Trust is the most important thing when people think about Google, we protect their correspondence, their photos, their private thoughts they search for. What role does detection and response play in protecting user trust?
• One fun thing about working at Google is our tech stack. Your team uses one of our favorite tools in the D&R org! Can you tell us about BrainAuth and how it finds useful things?
• We talked about Google D&R (ep 17 and ep 75) and the role of automation came up many times. And automation is a key topic for a lot of our cloud customers. What do you automate in your domain of D&R?

Resources:

• “Hacking Google” videos  (EP00 with Mike)
• The Secure Reliable Systems book
• The CERT Guide to Insider Threats book
• Common Sense Guide to Mitigating Insider Threats book
• Insider Threats (Cornell Studies in Security Affairs)
• Foreign Espionage in Cyberspace from the NCSC
• “How We Scale Detection and Response at Google: Automation, Metrics, Toil” (ep75)
• “Modern Threat Detection at Google” (ep17)