Guest: Charles DeBeck , Cyber Threat Intel Expert @ Google Cloud Topics: What is unique about Google Cloud approach to threat intelligence? Is it the sensor coverage? Size of the team? Other things? Why is Threat Horizons report unique among the threat reports released by other organizations? Based on your research, what are the realistic threats to cloud environments today? What threats are prevalent and what threats are most damaging? Where do you see things in 2023? What should companies look...
Mar 13, 2023•29 min•Season 1Ep. 112
Guest: Brandon Evans , Infosec Consultant and Certified Instructor and Course Author at SANS Topics: What got you interested in security and motivated you to make this your area of focus? You came from a developer background, right? Occasionally, we hear the sentiment that “developers don’t care about security,” how would you counter it (and would you?)? How do we encourage developers and operations to use the appropriate security controls and settings in the cloud? Is “encourage” the right word...
Mar 06, 2023•24 min•Season 1Ep. 111
Guest: David Seidman , Head of Detection and Response @ Robinhood Toipics: Tell us about joining Robinhood and prioritizing focus areas for detection in your environment? Tim and Anton argue a lot about what kind of detection is best - fully bespoke and homemade, or scalable off-the-shelf. First, does our framework here make sense, and second, looking at your suite of detection capabilities, how have you chosen to prioritize detection development and detection triage? You're operating in AWS: th...
Feb 27, 2023•28 min•Season 1Ep. 110
Guest: Ana Oprea , Staff Security Engineer, European Lead of Vulnerability Coordination Center @ Google Topics: What is the scope for the vulnerability management program at Google? Does it cover OS, off-the-shelf applications, custom code we wrote … or all of the above? Our vulnerability prioritization includes a process called “impact assessment.” What does our impact assessment for a vulnerability look like? How do we prioritize what to remediate? How do we decide on the speed of remediation ...
Feb 20, 2023•28 min•Season 1Ep. 109
Guest: John Stoner , Principal Security Strategist @ Google Cloud Topics: Please define threat hunting for us quickly, the term has been corrupted a bit What are your favorite beginner hunts to jump start the effort at a new team? How to incorporate hunting lessons in detection? What are the differences for hunting in the cloud? Are there specific data sources you prefer to have access to when threat hunting? In the cloud? Should every organization threat hunt? What are traits you might look for...
Feb 13, 2023•26 min•Season 1Ep. 108
Guest: Karan Dwivedi , Security Engineering Manager, Enterprise Infrastructure Protection @ Google Cloud Topics: Google’s use of Google Cloud is a massive cloud environment with wildly diverse use cases. Could you share, for our listeners, a few examples of the different kinds of things we’re running in GCP? Given that we’re doing these wildly different things in GCP, how do we think about scaling the right security guardrails to the right places in our GCP org? How do you work with application ...
Feb 06, 2023•29 min•Season 1Ep. 107
Guest: Anoosh Saboori, former Product Manager at Google Cloud Topics: We had zero trust episodes before and definitions vary! When we say zero trust, what do we mean? What about zero trust for workloads in production? When you say “workload,” what do you mean? What is BeyondProd, for those that are unfamiliar with it? And how is this different from BeyondCorp? How has BeyondProd actually been implemented at Google? What threats does it help with? Is this real threats or compliance? Why is now a ...
Jan 30, 2023•26 min•Season 1Ep. 106
Guest: Michele Chubirka , Senior Cloud Security Advocate, Google Cloud Topics: We are here to talk about cloud migrations and we are here to talk about failures. What are your favorites? What are your favorite cloud security process failures? What are your favorite cloud security technical failures? What are your favorite cloud security container and k8s failures? Is "lift and shift" always wrong from the security point of view? Can it at least work as step 1 for a full cloud transformation? Res...
Jan 23, 2023•29 min•Season 1Ep. 105
Guest: Gary Hayslip , CISO at Softbank Topics: "So we're talking about your journey as a CISO migrating to Cloud. Could you give us the 30 second overview of What triggered your organization's migration to the cloud? When did you and the security organization get brought in? How did you plan your security organization's journey to the cloud? Did you take going to cloud as an opportunity to change things beyond the tools you were using? As you got going into the cloud, what was the hardest part f...
Jan 16, 2023•25 min•Season 1Ep. 104
Guest: Nader Zaveri , Senior Manager of IR and Remediation at Mandiant, now part of Google Cloud Topics: Could we start with a story of a cloud incident response (IR) failure and where things went wrong? What should that team have done to get it right? Are there skills that matter more in cloud incidents than they do for on-prem incidents? Are there on-prem instincts that will lead incident responders astray in cloud? What 3 things an IR team leader needs to do to prepare his team for IR in the ...
Jan 09, 2023•24 min•Season 1Ep. 103
Guest: Sunil Potti , VP / GM, Google Cloud Topics: One of the biggest shifts we’ve noticed is the shift from building security because we think security is good, to building security as a business. How did you make that cultural shift happen in our organization? With organizations migrating to cloud we have a set of tradeoffs between meeting security teams where they are with on-prem expectations of security vs cloud-native approaches. How do you think about investing in next generation products...
Dec 19, 2022•25 min•Season 1Ep. 102
Guest: Jim Higgins , CISO at Snap, former CISO at Square Topics: You were at Google for a long time, and at Google you sat between Google security and Cloud. Now that you're leading security for a major company, how are you prioritizing your focus between your on-premise resources and your cloud resources? How are you thinking about threat detection in the Cloud? In detection, how has your technology changed? How has your process changed? What threats do you mostly focus on? Why don’t we talk ab...
Dec 12, 2022•25 min•Season 1Ep. 101
Guests: John Speed Meyers , Security Data Scientist, Chainguard Todd Kulesza, User Experience Researcher, Google Topics: How did you get involved with this year’s Accelerate State of DevOps Report ( DORA report )? So what is DORA and why did you decide to focus on supply chain security for the 2022 report? What are the big learnings from this year’s report ? What’s the difference between SLSA and SSDF? Is one spicy and the other savory? How’re companies adopting these and how is adoption going? ...
Dec 05, 2022•33 min•Season 1Ep. 100
Guests: Nikhil Sinha, Group Product Manager, Workspace Security Kelly Anderson, Product Marketing Manager, Workspace Security Topics: We are talking about Google Workspace security today. What kinds of threats do we have to care about here? Are there compliance-related motivations for security here too? Is compliance in the cloud changing? How’s adoption of hardware keys for MFA going for your users, and how are you helping them? Is phishing finally solved because of that? Can you explain why ha...
Nov 28, 2022•23 min•Season 1Ep. 99
Guests: Matt Linton , Chaos Specialist @ Google John Stone , Chaos Coordinator @ Office of the CISO, Google Cloud Topics: Let’s talk about security incident response in the cloud. Back in 2014 when I [Anton] first touched on this, the #1 challenge was getting the data to investigate as cloud providers had few logs available. What are the top 2022 cloud incident response challenges? Does cloud change the definition of a security incident? Is “exposed storage bucket” an incident? Is vulnerability ...
Nov 21, 2022•27 min•Season 1Ep. 98
Guest: Greg Sinclair , Security Engineer @ Google Cloud Topics: Could you tell us a bit about your background and how you ended up here at Google? Also, tell us about your team here? We're very excited about the release of the CobaltStrike rules. Could you share more about what they are looking for and second why this is so valuable? How did CobaltStrike come to be so widely used by bad guys? When you were doing this research what was the most surprising thing you uncovered? Could you tell us ab...
Nov 17, 2022•21 min•Season 1Ep. 97
Guest: Jeff Bollinger , Director of Incident Response and Detection Engineering @ Linkedin Topics: Observability sounds cool (please define it for us BTW), but relating it to security has been “hand-wavy” at best. What is your opinion on the relevance of observability data for security use cases? What use cases are those, apart from saving the data for IR just in case? How can we best approach observability in the cloud, particularly around network communications, so that we improve security as ...
Nov 14, 2022•33 min•Season 1Ep. 96
Guests: Alijca Cade , Director, Financial Services, Office of the CISO, Google Cloud Ken Westin , Director, Security Strategy, Cybereason Robert Wallace , Senior Director, Mandiant, now Google Cloud Topics: How are cloud environments attacked and compromised today? Is it still about the configuration mistakes? Do cryptominers represent a serious threat now that they are often mentioned as the most common threat in the cloud? Let’s look at another popular threat - ransomware or, broadly, RansomOp...
Nov 07, 2022•28 min•Season 1Ep. 95
Guest: Dr Anna Belak , Director of Thought Leadership at Sysdig , former Gartner analyst Questions: Analysts (and vendors) coined a log of “C-something acronyms” for cloud security, and two of the people on this episode were directly involved in some of them. What do you make of all the cloud security acronym proliferation? What is CSPM? What gets better when you deploy it? What is CWPP? Does anything get better when you deploy it? What is CNAPP? What gets better when you deploy it? What is CIEM...
Oct 31, 2022•28 min•Season 1Ep. 94
Guest: Alicja Cade , Director for Financial Services, Office of the CISO, Google Cloud Topics: We are talking about your journey as a CISO migrating to the cloud. Could you give us the overview of … What triggered your organization's migration to the cloud? When did you and the security team get brought in? Did you take going to the cloud as an opportunity to change things beyond the tools you were using? As you got going into the cloud, what was the hardest part for your organization? If that w...
Oct 24, 2022•28 min•Season 1Ep. 93
Guests: Lauren Zabierek ( @lzxdc ), Acting Executive Director of the Belfer Center at the Harvard Kennedy School Christina Morillo ( @divinetechygirl ), Principal Security Consultant at Trimark Security Topics: We are so excited to have you on the show today talking about your awesome effort, Share The Mic in Cyber . I love that we are Sharing our Mic with you today. Could you please introduce yourself to our listeners? Let's talk about representation and what that means, and why it's especially...
Oct 21, 2022•23 min•Season 1Ep. 92
Guest: Mike Sinno , Security Engineering Director, Detection and Response @ Google Topics: You recently were featured in “ Hacking Google” videos , can you share a bit about this effort and what role you played? How long have you been at Google? What were you doing before, if you can remember after all your time here? What brought you to Google? We hear you now focus on insider threats. Insider threat is back in the news, do you find this surprising? A classic insider question is about “maliciou...
Oct 17, 2022•26 min•Season 1Ep. 91
Guest: Phil Venables , Vice President and CISO at Google Cloud Topics: Google Cybersecurity Action Team is your brainchild and it is 1 year old, what comes to mind first when we reflect on this anniversary? The team is primarily about helping clients with security, what did we learn doing this for a year? What challenges have we (Google Cybersecurity Action Team) faced in our first year? We released 4 Threat Horizons reports this year, what is the future for this research here? We often hear tha...
Oct 13, 2022•30 min•Season 1Ep. 90
Guest: Nelly Kassem , Security and Compliance Specialist @ Google Cloud Topics: Why did ransomware attacks become so popular? What type of organizations are targeted by ransomware? Do these affect mostly the organizations with sub-par security? Ransomware has been raging since 2015 and shows few signs of subsiding. Why are these attacks still successful? Do we see ransomware in the cloud? Does migrating to the cloud protect you from ransomware? Which of Google Cloud tools are useful to fight ran...
Oct 12, 2022•19 min•Season 1Ep. 89
Guest: Fletcher Oliver , Chrome Browser Customer Engineer, Google Topics: What is browser security? Isn’t it just application security by another name? Why is browser security more important now than ever? Do we have statistical measures or data that tell us if we’re succeeding at browser security? Do we know if we’re doing a good job at making this better? What are the components of modern browser security? How does this work with an enterprise’s existing stack? In fact, how does this work with...
Oct 11, 2022•21 min•Season 1Ep. 88
Guest: Dr Nicky Ringland , Product Manager for Open Source Insights , Google Topics: Let's talk Open Source Software - are all these dependencies dependable? Why was log4j such a big thing - at a whole ecosystem level? Was it actually a Java / Maven problem? Are other languages “better” or more secure? Is another log4j inevitable? What can organizations to minimise their own risks? Resources: Google Cloud Next 2022 Open Source Insights at deps.dev Blog at blog.deps.dev with posts on Understandin...
Oct 10, 2022•27 min•Season 1Ep. 87
Guest: Thiébaut Meyer , Director at Office of the CISO, Google Cloud Topics: Virtualization's arrival caused a major IT upheaval 20 years ago. What can we learn from that revolution for our current cloud transformation? We talk about our three legged security stool of people/process/technology. How do we balance the technical issues (new technology stack, etc.) with the new processes (agile, etc) and the skills? What are the cultural and people transformation differences between the virtualizati...
Oct 04, 2022•23 min•Season 1Ep. 86
Guest: Steve McGhee , Reliability Advocate, Google Cloud Topics: What can security teams learn from the Site Reliability Engineering (SRE) art of rapid and safe deployment? Is this all about the process or do SREs possess some magical technology to do this? What is SRE approach to automation? What are the pillars / components of SRE approach to deployment? SRE is also about scaling. Some security teams have to manage 1000s of detection rules, how can this be done in a manner that does not confli...
Sep 26, 2022•31 min•Season 1Ep. 85
Guest: Alex Polyakov , CEO of Adversa.ai Topics: You did research by analyzing 2000 papers on AI attacks released in the previous decade. What are the main insights? How do you approach discovering the relevant threat models for various AI systems and scenarios? Which threats are real today vs in a few years? What are the common attack vectors? What do you see in the field of supply chain attacks on AI, software supply, data? All these reported cyberphysical attacks on computer vision, how real ...
Sep 19, 2022•26 min•Season 1Ep. 84
Guest: Badr Salmi , Product Manager for reCAPTCHA Topics: What is reCAPTCHA ? Aren’t you guys the super annoying 'click on the busses' thing? What is account defender? Why was this a natural next step for you? What are the actual threats that this handles - and handles well? Specific web attacks? Web fraud? Let’s talk about account fraud, what do these attacks look like and how do bad guys monetize today? What about payment fraud? Could you score a payment session as well as a login session risk...
Sep 12, 2022•27 min•Season 1Ep. 83
