Guest: Amos Stern , CEO of SIEMplify, now part of Google Cloud Topics: SOAR is in the news again , so what can we say about the state of SOAR in 2022? What have we learned trying to get SOAR adopted 2015-2022 (that’s 7 years of SOAR-ing for you)? What are the top playbooks to start your SOC automation using SOAR? What about the links between SOAR as security automation and general IT automation? Does the level of consolidation in this market mean that SOAR really is a feature of SIEMs and not a ...
Feb 22, 2022•23 min•Season 1Ep. 53
Guest: Vijay Bolina , CISO at DeepMind Topics: We spend a lot of time on Artificial Intelligence (AI) safety, but what about security? What are some of the useful frameworks for thinking about AI security? What is different about securing AI vs securing another data-intensive, complex, enterprise application? What do we know about threat modeling for AI applications? What attacks against AI systems do we expect to see first in real life? What issues with AI security should we expect to face in 3...
Feb 14, 2022•23 min•Season 1Ep. 52
Guest: Vandy Ramadurai , Product Manager at Google Cloud Topics: What is Cloud Organization Policy , and how is it different from IaC and Policy as code (PaC)? What does successful organization policy design look like from a business and human standpoint? From a technical standpoint? Granular policy work is always hard. How is Google helping users get org policy right? What are the uniquely Google strengths here? Is the AI involved real or is this marketing pixie dust AI? How do users know if so...
Feb 07, 2022•25 min•Season 1Ep. 51
Guest: Elie Bursztein , security, anti-abuse and privacy researcher @ Google Topics: This episode draws on a talk available in the podcast materials . Could you summarize the gist of your talk for the audience? What makes the malicious document problem a good candidate for machine learning (ML)? Could you have used rules? “Millions of documents in milliseconds,” not sure how to even parse it - what is involved in making it work? Can you explain to the listeners the motivation for reanalyzing old...
Jan 31, 2022•31 min•Season 1Ep. 50
Guest: Taylor Lehmann, Director at the Office of the CISO @ Google Cloud, member of Cybersecurity Action Team Topics: What’s top of mind for healthcare organizations’ CISOs now? What common advice do you find yourself giving most often to security leaders in healthcare? Is there a list of top 3 items or is this all “it depends”? What regulations are shaping the healthcare industry and its adoption of new technology? HIPAA is from 1996, how does it work for the cloud in the 2020s? Why do you thin...
Jan 24, 2022•27 min•Season 1Ep. 49
Guest: Nelly Porter, Group Product Manager @ Google Cloud Topics In the past year, what has changed with Confidential Computing here at Google ? Could we please talk about a user or two who has really nailed it with our Confidential Computing? What have we learned about the threat models of clients who are choosing to deploy Confidential Computing? What are they solving for? Doing Confidential Computing “right” feels like a lot more than having some fancy CPUs with magic math. What challenges do...
Jan 18, 2022•30 min•Season 1Ep. 48
Guest: Phil Venables (@ philvenables ), Vice President, Chief Information Security Officer (CISO) @ Google Cloud Topics: Explain the whole cloud security megatrend concept to us? How can we better explain that “yes, cloud is more secure than most client’s data centers”? Can you please explain "shared fate" one more time? Shared fate seems to require shared incentives. Do we see the incentives to invest in security changing within organizations migrating to Cloud? Cloud as the Digital Immune Syst...
Jan 11, 2022•26 min•Season 1Ep. 47
Guests: Alison Reyes , Director, Security Solutions, Google Cloud Iman Ghanizada , Solutions Manager for Security Operations & Analytics @ Google Cloud Topics: What is our thinking on solutions vs products for security? Sure, “security is a process, not a product,” but where do solutions fit in? Security as an industry has too many vendors with little understanding of how users secure things, can solutions approach fix that? Google is sometimes known for writing code and just throwing it out...
Dec 06, 2021•23 min•Season 1Ep. 46
Guests: Vlad Stolyarov , Security Engineer @ Threat Analysis Group (TAG) Vicente Diaz , Threat Intelligence Strategist @ VirusTotal Topics: Why GandCrab / REvil was the most popular ransomware family in 2020? What is ransomware as a service? Is every scary article about ransomware essentially marketing for the criminals? Some ransomware payoffs are huge, how do you think they spend the money? How else do they profit off stolen data apart from double extortion schemes? Are there triple extortion ...
Nov 29, 2021•23 min•Season 1Ep. 45
Guest: Mike Orosz , a Chief Information and Product Security Officer @ Vertiv Topics: What are your views on modern SIEM? What should it do and what should it be? Should it even be called SIEM? Is SaaS/cloud-native SIEM the only way to go? Can anybody build a SIEM in the cloud by installing the regular SIEM on IaaS? What are the top challenges for organizations deploying and operationalizing SIEM today? What are some hidden or commonly forgotten costs for a SIEM deployment? Is open source the an...
Nov 22, 2021•28 min•Season 1Ep. 44
Guests: Amber Shafi, Production Manager GSK Svetlin Zamfirov, Senior Platform Engineer at GSK Ivan Angelov, Principal Platform Engineer at GSK Topics: Tell us about your team, what are you responsible for and how is the team setup to make that happen? What components of cloud security do you cover? Tell us about cloud misconfigurations and why these are different from on- premise misconfiguration? How are you discovering these misconfigurations? You've automated responses to misconfiguration. Be...
Nov 15, 2021•23 min•Season 1Ep. 43
Guest: MK Palmore , Director at Office of the CISO, Google Cloud, member of Cybersecurity Action Team Topics: Why is there such a huge gap in security professionals who are women and people of color? How does the lack of women and people of color in tech impact the industry, cybersecurity & tech overall? Are diverse teams better performing, better morale, happier people? Are there kinds of threats that we miss in threat modeling exercises for lack of diverse team members? We’ve seen countles...
Nov 08, 2021•24 min•Season 1Ep. 42
Guest: Ryan Noon , CEO @ Material Security Topics: When we think about traditional email security, we think anti-spam/phishing. Your company is doing other things, so what are they? In other words, isn’t email security solved with legacy appliance vendors (SEG) and cloud email providers? What was the combination of technology and security opportunities that really resonated with you and your investors that led to your focus on email security? Security has almost 2000 vendors and they are noisy, ...
Nov 01, 2021•24 min•Season 1Ep. 41
Guests Elie Bursztein , security, anti-abuse and privacy researcher @ Google Kurt Thomas, security, anti-abuse and privacy researcher @ Google Topics: Can we say that “Multi-Factor Authentication - if done well - fixes phishing for good” or is this too much to say? What are the realistic and seen-in-the-wild bypasses for MFA as a protection? How do you think these controls fare vs top tier attackers (clearly, they work vs commodity threats)? What do we know about burden vs value of MFA today? Wh...
Oct 25, 2021•32 min•Season 1Ep. 40
Guest: Jared Atkinson , Adversary Detection Technical Director at SpecterOps Topics: What are bad/good/great detections? Is this all about the Bianco's pyramid? Is high good and low bad? How should we judge the quality of detections? Can there be a quality framework? Is that judgment going to be site specific? What should we do to build more good directions? Is this all about reducing false positives? Can we really measure false negatives? How can we approach this? How can we test for detection ...
Oct 18, 2021•31 min•Season 1Ep. 39
Guests: Stephanie Wong Vicente Diaz, Jerome McFarland Scott Ellis Patrick Faucher Il-Sung Lee, Anoosh Saboori Topics: What is your session about? Why would audience care? What is special about your security technology? Resources: Google Cloud Next 2021 SEC212 6 layers of GCP data center security SEC101 Ransomware and cyber resilience SEC204 Take charge of your sensitive data SEC207 Securing the software supply chain SEC300 Trust the cloud more by trusting it less: Ubiquitous data encryption...
Oct 14, 2021•31 min•Season 1Ep. 38
Guest: Phil Venables ( @philvenables ), Vice President, Chief Information Security Officer (CISO) @ Google Cloud Topics: We are here to talk Google Cybersecurity Action Team , and this is your brainchild, so tell our audience the origin of this idea? How is Cybersecurity Action Team going to help secure GCP enterprise clients? Is there also a “improve the security of the internet” story? Many organizations seem stuck in the pre-cloud thinking and mental models, can Cybersecurity Action Team help...
Oct 13, 2021•21 min•Season 1Ep. 37
Guest: Aditi Joshi, Manager in Cloud Security Team @ Google Cloud Topics: What is Allyship? How is it defined? What is its main goal? Why is allyship important in Cloud Security, specifically? Are there aspects of security that make allyship particularly important? What specifically has Google Cloud Security deployed and operationalized around Allyship? How does effective allyship look like? More personally, how can I be a better ally? How does it fit into Google Cloud Security’s overarching DEI...
Oct 12, 2021•19 min•Season 1Ep. 36
Guest: Rob Sadowski, Trust and Security Lead @ Google Cloud Topics: What are the big security themes at NEXT? Is security still visible? What about invisible security vs autonomic security? Is that just “invisible security” with a neat name? This has got to be your fourth or fifth Next, right? What’s new this year compared to last years, aside from being virtual? Anything particularly uniquely Google we’re talking about? What to watch at NEXT, if you are a CISO? We secure not just GCP with our t...
Oct 11, 2021•21 min•Season 1Ep. 35
Guest: Matt Svensson, Senior Security Engineer @ BetterCloud Topics: What are the approaches for monitoring serverless and other modern application architectures? What are the challenges with these new environments? What approaches don’t work? What can go wrong with modern stack security monitoring? What should we watch for in a modern application stack? Most new architecture setups are predicated on identities so is identity the center of threat detection here or not?...
Oct 04, 2021•25 min•Season 1Ep. 34
Guest: Elliott Abraham, Security and Compliance Specialist @ Google Cloud Topics: We talk about lift and shift vs cloud native, what are these and are they fair characterizations? Is lift and shift always negative? Does it always harm security? Are security planning needs different between them? What are the fundamentals with security during cloud migration that you have to get right regardless? What’s your advice to a security team to help make a migration work well? How do you account for thre...
Sep 27, 2021•26 min•Season 1Ep. 33
Guest: Derek Abdine , CTO @ Censys.io Topics: Attack Surface Management (ASM). Why do we need a new toolset and a new category? Isn’t this just 1980s asset management or CMDB? How do we find those assets that may have been misplaced by the organizations? How can any technology do this reliably? ASM seems to often rely on network layer 3 and 4. Can’t bad guys just hit the app endpoints and all your network is irrelevant then? When you think about the threats organizations face due to unknown asse...
Sep 20, 2021•24 min•Season 1Ep. 32
Guest: Iman Ghanizada , Solutions Manager for Security Operations & Analytics @ Google Cloud Topics: What is your book “Google Cloud Certified Professional Cloud Architect All-in-One Exam Guide ” about? What was your journey into writing this book, how long did it take? The book seems to be targeted towards Cloud Architects, but you come from a predominantly security background, how has that influenced your writing of this book? What does this have to do with The Certs Guy (14 certs!?) and w...
Sep 13, 2021•22 min•Season 1Ep. 31
Guest: Vicente Diaz, Threat Intelligence Strategist @ VirusTotal Topics: How would you describe modern threat hunting process? Share some of the more interesting examples of attacker activities or artifacts you've seen? Do we even hunt for malware? What gets you more concerned, malware or human attackers? How do you handle the risk of attackers knowing how you perform hunting? What is the role of threat research role for hunting? Do you need research to hunt well? Does threat research power attr...
Sep 07, 2021•26 min•Season 1Ep. 30
Guest: Sam Curry , Chief Security Officer @ Cybereason and Visiting Fellow @ National Security Institute Topics: EDR was “invented” in 2013 and we are now in 2021. What do you consider to be modern EDR components and capabilities? Where has EDR fallen short on its initial hype? How focused are the attackers on bypassing EDR? How do you think EDR works in the cloud? In your view, how would future EDR work for containers, microservices, etc? Why aren’t we winning the war against ransomware? XDR is...
Aug 30, 2021•28 min•Season 1Ep. 29
Guest: Andy Wen , Product Lead for Abuse & Security @ Google Cloud Topics: What are you doing with AI for security? What kinds of security problems are addressable with AI, and which ones are harder to address with ML techniques? Tell us where you’ve been surprised by AI’s success? Do you expect a) AI use by adversaries and b) attacks focused on disrupting the AI use by defenders? What advice would you give a PM or technical lead starting out on thinking they want to use AI to solve a proble...
Aug 23, 2021•19 min•Season 1Ep. 28
Guest: Keith McCammon , Co-founder and Chief Security Officer, Red Canary Topics: What is Detection Engineering? How it differs from just building rules/analytics? How to convert threat intelligence into detections? How to tell good detections from bad? And perhaps also good from great? How to test detections in the real world? Anything special about building detections for cloud environments? What do you think is the role of “rule-less” (such as ML) detections? Is “ML unicorn cavalry” coming? R...
Aug 16, 2021•30 min•Season 1Ep. 27
Guest: Johnathan Keith , Director of Information Security (CISO) @ ViacomCBS Streaming / Digital (at the time of the recording) Topics: What is the mission for your SOC? Has it evolved in recent years? How do you rate your state of maturity in security operations? I hear that your organization is complex and decentralized, how do you run a SOC in such a case? How do you approach the balance of people, process and technology in your SOC? What is the role of outsourcing in your SOC? Is cloud inclu...
Aug 09, 2021•20 min•Season 1Ep. 26
Guest: John Stone , Chaos Coordinator at the Office of the CISO @ Google Cloud Topics: What are the top European-specific cloud migration security challenges? Are there interesting cloud adoption barriers related to security in Europe? Are some of these challenges more compliance than security related? Do you think compliance still drives security in the cloud for European companies? Do you think Europe can ever "make their own cloud"? So, what do you make of this entire movement about “data sov...
Aug 02, 2021•27 min•Season 1Ep. 25
Guests: Eric Brewer , VP of Infrastructure, and Google Fellow @ Google Aparna Sinha , Director of Product Management @ Google Cloud Topics: What is software supply chain security and how is it different from other kinds of supply chain security? What types of organizations need to care about it? Is supply chain security a concern for large, elite enterprises only? What’s the relationship between what we’re doing here, and what SBOM is? Can you talk us through a quick threat assessment of a suppl...
Jul 26, 2021•23 min•Season 1Ep. 24