Guests: None Topics: What have we seen at RSA 2024? Which buzzwords are rising (AI! AI! AI!) and which ones are falling (hi XDR)? Is this really all about AI? Is this all marketing? Security platforms or focused tools, who is winning at RSA? Anything fun going on with SecOps? Is cloud security still largely about CSPM? Any interesting presentations spotted? Resources: EP171 GenAI in the Wrong Hands: Unmasking the Threat of Malicious AI and Defending Against the Dark Side (RSA 2024 episode 1 of 2...
May 13, 2024•27 min•Season 1Ep. 172
Guest: Elie Bursztein , Google DeepMind Cybersecurity Research Lead, Google Topics: Given your experience, how afraid or nervous are you about the use of GenAI by the criminals (PoisonGPT, WormGPT and such)? What can a top-tier state-sponsored threat actor do better with LLM? Are there “extra scary” examples, real or hypothetical? Do we really have to care about this “dangerous capabilities” stuff (CBRN)? Really really? Why do you think that AI favors the defenders? Is this a long term or a shor...
May 06, 2024•27 min•Season 1Ep. 171
Guest: Payal Chakravarty , Director of Product Management, Google SecOps, Google Cloud Topics: What are the different use cases for GenAI in security operations and how can organizations prioritize them for maximum impact to their organization? We’ve heard a lot of worries from people that GenAI will replace junior team members–how do you see GenAI enabling more people to be part of the security mission? What are the challenges and risks associated with using GenAI in security operations? We’ve ...
Apr 29, 2024•28 min•Season 1Ep. 170
Guests: no guests ( just us !) Topics: What are some of the fun security-related launches from Next 2024 (sorry for our brief “marketing hat” moment!)? Any fun security vendors we spotted “in the clouds”? OK, what are our favorite sessions? Our own, right? Anything else we had time to go to? What are the new security ideas inspired by the event (you really want to listen to this part! Because “freatures”...) Any tricky questions at the end? Resources: Live video ( LinkedIn , YouTube ) [live audi...
Apr 22, 2024•28 min•Season 1Ep. 169
Guests: Umesh Shankar , Distinguished Engineer, Chief Technologist for Google Cloud Security Scott Coull , Head of Data Science Research, Google Cloud Security Topics: What does it mean to “teach AI security”? How did we make SecLM? And also: why did we make SecLM? What can “security trained LLM” do better vs regular LLM? Does making it better at security make it worse at other things that we care about? What can a security team do with it today? What are the “starter use cases” for SecLM? What ...
Apr 15, 2024•33 min•Season 1Ep. 168
Speakers: Maria Riaz , Cloud Counter-Abuse, Engineering Lead, Google Cloud Topics: What is “counter abuse”? Is this the same as security? What does counter-abuse look like for GCP? What are the popular abuse types we face? Do people use stolen cards to get accounts to then violate the terms with? How do we deal with this, generally? Beyond core technical skills, what are some of the relevant competencies for working in this space that would appeal to a diverse set of audience? You have worked in...
Apr 08, 2024•25 min•Season 1Ep. 167
Guests: Evan Gilman , co-founder CEO of Spirl Eli Nesterov , co-founder CTO of Spril Topics: Today we have IAM, zero trust and security made easy. With that intro, could you give us the 30 second version of what a workload identity is and why people need them? What’s so spiffy about SPIFFE anyway? What’s different between this and micro segmentation of your network–why is one better or worse? You call your book “ solving the bottom turtle ” could you tell us what that means? What are the challen...
Apr 01, 2024•30 min•Season 1Ep. 166
Guest: Ahmad Robinson , Cloud Security Architect, Google Cloud Topics: You’ve done a BlackHat webinar where you discuss a Pets vs Cattle mentality when it comes to cloud operations. Can you explain this mentality and how it applies to security? What in your past led you to these insights? Tell us more about your background and your journey to Google. How did that background contribute to your team? One term that often comes up on the show and with our customers is 'shifting left.' Could you expl...
Mar 25, 2024•25 min•Season 1Ep. 165
Guest: Jennifer Fernick , Senor Staff Security Engineer and UTL, Google Topics: Since one of us (!) doesn't have a PhD in quantum mechanics, could you explain what a quantum computer is and how do we know they are on a credible path towards being real threats to cryptography? How soon do we need to worry about this one? We’ve heard that quantum computers are more of a threat to asymmetric/public key crypto than symmetric crypto. First off, why? And second, what does this difference mean for defe...
Mar 18, 2024•31 min•Season 1Ep. 164
Guest: Phil Venables, Vice President, Chief Information Security Officer (CISO) @ Google Cloud Topics: You had this epic 8 megatrends idea in 2021, where are we now with them? We now have 9 of them , what made you add this particular one (AI)? A lot of CISOs fear runaway AI. Hence good governance is key! What is your secret of success for AI governance? What questions are CISOs asking you about AI? What questions about AI should they be asking that they are not asking? Which one of the megatrend...
Mar 11, 2024•26 min•Season 1Ep. 163
Guest: Kat Traxler , Security Researcher, TrustOnCloud Topics: What is your reaction to “in the cloud you are one IAM mistake away from a breach”? Do you like it or do you hate it? A lot of people say “in the cloud, you must do IAM ‘right’”. What do you think that means? What is the first or the main idea that comes to your mind when you hear it? How have you seen the CSPs take different approaches to IAM? What does it mean for the cloud users? Why do people still screw up IAM in the cloud so ba...
Mar 04, 2024•28 min•Season 1Ep. 162
Guest: Victoria Geronimo , Cloud Security Architect, Google Cloud Topics: You work with technical folks at the intersection of compliance, security, and cloud. So what do you do, and where do you find the biggest challenges in communicating across those boundaries? How does cloud make compliance easier? Does it ever make compliance harder? What is your best advice to organizations that approach cloud compliance as they did for the 1990s data centers and classic IT? What has been the most surpris...
Feb 26, 2024•28 min•Season 1Ep. 161
Guest: Merritt Baer , Field CTO, Lacework, ex-AWS, ex-USG Topics: How can organizations ensure that their security posture is maintained or improved during a cloud migration? Is cloud migration a risk reduction move? What are some of the common security challenges that organizations face during a cloud migration? Are there different gotchas between the three public clouds? What advice would you give to those security leaders who insist on lift/shift or on lift/shift first ? How should security a...
Feb 19, 2024•28 min•Season 1Ep. 160
Guests: Emre Kanlikilicer , Senior Engineering Manager @ Google Sophia Gu , Engineering Manager at Google Topics Workspace makes the claim that unlike other productivity suites available today, it’s architectured for the modern threat landscape. That’s a big claim! What gives Google the ability to make this claim? Workspace environments would have many different types of data, some very sensitive. What are some of the common challenges with controlling access to data and protecting data in hybri...
Feb 12, 2024•26 min•Season 1Ep. 159
Guest: Jason Solomon , Security Engineer, Google Topics: Could you share a bit about when you get pulled into incidents and what are your goals when you are? How does that change in the cloud? How do you establish a chain of custody and prove it for law enforcement, if needed? What tooling do you rely on for cloud forensics and is that tooling available to "normal people"? How do we at Google know when it’s time to call for help, and how should our customers know that it’s time? Can I quote Ray ...
Feb 05, 2024•22 min•Season 1Ep. 158
Guest: Arie Zilberstein , CEO and Co-Founder at Gem Security Topics: How does Cloud Detection and Response (CDR) differ from traditional, on-premises detection and response? What are the key challenges of cloud detection and response? Often we lift and shift our teams to Cloud, and not always for bad reasons, so what’s your advice on how to teach the old dogs new tricks: “on-premise-trained” D&R teams and cloud D&R? What is this new CIRA thing that Gartner just cooked up? Should CIRA exi...
Jan 29, 2024•25 min•Season 1Ep. 157
Guest: Sandra Joyce , VP at Mandiant Intelligence Topics: Could you give us a brief overview of what this power disruption incident was about? This incident involved both Living Off the Land and attacks on operational technology (OT). Could you explain to our audience what these mean and what the attacker did here? We also saw a wiper used to hide forensics, is that common these days? Did the attacker risk tipping their hand about upcoming physical attacks? If we’d seen this intrusion earlier, m...
Jan 22, 2024•25 min•Season 1Ep. 156
Guests: Derek Reveron , Professor and Chair of National Security at the US Naval War College John Savage , An Wang Professor Emeritus of Computer Science of Brown University Topics: You wrote a book on cyber and war , how did this come about and what did you most enjoy learning from the other during the writing process? Is generative AI going to be a game changer in international relations and war, or is it just another tool? You also touch briefly on lethal autonomous weapons systems and ethics...
Jan 15, 2024•39 min•Season 1Ep. 155
Guest: Mike Schiffman, Network Security “UTL” Topics: Given your impressive and interesting history, tell us a few things about yourself? What are the biggest challenges facing network security today based on your experience? You came to Google to work on Network Security challenges. What are some of the surprising ones you’ve uncovered here? What lessons from Google's approach to network security absolutely don’t apply to others? Which ones perhaps do? If you have to explain the difference betw...
Jan 08, 2024•36 min•Season 1Ep. 154
Guest: Kevin Mandia , CEO at Mandiant, part of Google Cloud Topics: When you look back, what were the most surprising cloud breaches in 2023, and what can we learn from them? How were they different from the “old world” of on-prem breaches? For a long time it’s felt like incident response has been an on-prem specialization, and that adversaries are primarily focused on compromising on-prem infrastructure. Who are we seeing go after cloud environments? The same threat actors or not? Could you sha...
Dec 18, 2023•29 min•Season 1Ep. 153
Guest: Michee Smith , Director, Product Management for Global Affairs Works, Google Topics: What is Google Annual Transparency Report and how did we get started doing this? Surely the challenge of a transparency report is that there are things we can’t be transparent about, how do we balance this? What are those? Is it a safe question? What Access Transparency Logs are and if they are connected to the report –other than in Tim's mind and your career? Beyond building the annual transparency repor...
Dec 11, 2023•26 min•Season 1Ep. 152
Guest: Monica Shokrai , Head Of Business Risk and Insurance For Google Cloud Topics: Could you give us the 30 second run down of what cyber insurance is and isn't? Can you tie that to clouds? How does the cloud change it? Is it the case that now I don't need insurance for some of the "old school" cyber risks? What challenges are insurers facing with assessing cloud risks? On this show I struggle to find CISOs who "get" cloud, are there insurers and underwriters who get it? We recently heard abou...
Dec 04, 2023•26 min•Season 1Ep. 151
Guest: Dr Gary McGraw , founder of the Berryville Institute of Machine Learning Topics: Gary, you’ve been doing software security for many decades, so tell us: are we really behind on securing ML and AI systems? If not SBOM for data or “DBOM”, then what? Can data supply chain tools or just better data governance practices help? How would you threat model a system with ML in it or a new ML system you are building? What are the key differences and similarities between securing AI and securing a tr...
Nov 27, 2023•26 min•Season 1Ep. 150
Guests: John Stoner , Principal Security Strategist, Google Cloud Security Dave Herrald , Head of Adopt Engineering, Google Cloud Security Topics: In your experience, past and present, what would make clients trust vendor detection content? Regarding “canned”, default or “out-of-the-box” detections, how to make them more production quality and not merely educational samples to learn from? What is more important, seeing the detection or being able to change it, or both? If this is about seeing th...
Nov 20, 2023•29 min•Season 1Ep. 149
Guest: Adrian Sanabria , Director of Valence Threat Labs at Valence Security , ex-analyst Topics: When people talk about “cloud security” they often forget SaaS, what should be the structured approach to using SaaS securely or securing SaaS? What are the incidents telling us about the realistic threats to SaaS tools? Is the Microsoft 365 breach a SaaS breach, a cloud breach or something else? Do we really need CVEs for SaaS vulnerabilities? What are the least understood aspects of securing SaaS?...
Nov 12, 2023•30 min•Season 1Ep. 148
Guest: Kelli Vanderlee , Senior Manager, Threat Analysis, Mandiant at Google Cloud Topics: Can you really forecast threats? Won’t the threat actors ultimately do whatever they want? How can clients use the forecast? Or as Tim would say it, what gets better once you read it? What is the threat forecast for cloud environments? It says “Cyber attacks targeting hybrid and multi-cloud environments will mature and become more impactful“ - what does it mean? Of course AI makes an appearance as well: “L...
Nov 08, 2023•23 min•Season 1Ep. 147
Guest: Wei Lien Dang , GP at Unusual Ventures Topics: We have a view at Google that AI for security and security for AI are largely separable disciplines. Do you feel the same way? Is this distinction a useful one for you? What are some of the security problems you're hearing from AI companies that are worth solving? AI is obviously hot, and as always security is chasing the hotness. Where are we seeing the focus of market attention for AI security? Does this feel like an area that's going to ha...
Nov 05, 2023•24 min•Season 1Ep. 146
Guest: Jay Thoden van Velzen , Strategic Advisor to the CSO, SAP Topics: What are the challenges with shared responsibility for cloud security? Can you explain "shared" vs "separated" responsibility? In your article , you mention “shared faith”, we have “shared fate” , but we never heard of shared faith. What is this? Can you explain? What about the cloud models (SaaS, PaaS, IaaS), how does this sharing model differ? While at it, what is cloud, really? [yes, we really did ask this!] Resources: L...
Oct 29, 2023•21 min•Season 1Ep. 145
Guest: Kathryn Shih , Group Product Manager, LLM Lead in Google Cloud Security Topics: Could you give our audience the quick version of what is an LLM and what things can they do vs not do? Is this “baby AGI” or is this a glorified “autocomplete”? Let’s talk about the different ways to tune the models, and when we think about tuning what are the ways that attackers might influence or steal our data? Can you help our security listener leaders have the right vocabulary and concepts to reason about...
Oct 23, 2023•29 min•Season 1Ep. 144
Guests: Tomer Schwartz, Dazz CTO Topics: It seems that in many cases the challenge with cloud configuration weaknesses is not their detection, but remediation, is that true? As far as remediation scope, do we need to cover traditional vulnerabilities (in stock and custom code), configuration weaknesses and other issues too? One of us used to cover vulnerability management at Gartner, and in many cases the remediation failures [on premise] were due to process, not technology, breakdowns. Is this ...
Oct 16, 2023•26 min•Season 1Ep. 143
