Guest: Amine Besson , Tech Lead on Detection Engineering, Behemoth Cyberdefence Topics: What is your best advice on detection engineering to organizations who don’t want to engineer anything in security? What is the state of art when it comes to SOC ? Who is doing well? What on Earth is a fusion center? Why classic “tiered SOCs” fall flat when dealing with modern threats? Let’s focus on a correct definition of detection as code. Can you provide yours? Detection x response engineering - is there ...
Dec 09, 2024•37 min•Season 1Ep. 202
Guest: Chris Hoff , Chief Secure Technology Officer at Last Pass Topics: I learned that you have a really cool title that feels very “now” - Chief Secure Technology Officer? What’s the story here? Weirdly, I now feel that every CTO better be a CSTO or quit their job :-) After, ahem, not-so-recent events you had a chance to rebuild a lot of your stack, and in the process improve security. Can you share how it went, and what security capabilities are now built in? How much of a culture change did ...
Dec 02, 2024•37 min•Season 1Ep. 201
Guest: Michael Czapinski , Security & Reliability Enthusiast, Google Topics: “How Google protects its production services” paper covers how Google's infrastructure balances several crucial aspects, including security, reliability, development speed, and maintainability. How do you prioritize these competing demands in a real-world setting? What attack vectors do you consider most critical in the production environment, and how has Google’s defenses against these vectors improved over time? C...
Nov 25, 2024•28 min•Season 1Ep. 200
Guests: Michele Chubirka , Staff Cloud Security Advocate, Google Cloud Sita Lakshmi Sangameswaran , Senior Developer Relations Engineer, Google Cloud Topics: What is your reaction to “in the cloud you are one IAM mistake away from a breach”? Do you like it or do you hate it? Or do you "it depends" it? :-) Everyone's talking about how "identity is the new perimeter" in the cloud. Can you break that down in simple terms? A lot of people say “in the cloud, you must do IAM ‘right’”. What do you thin...
Nov 18, 2024•29 min•Season 1Ep. 199
Guests: Ante Gojsalic , Co-Founder & CTO at SplxAI Topics: What are some of the unique challenges in securing GenAI applications compared to traditional apps? What current attack surfaces are most concerning for GenAI apps, and how do you see these evolving in the future? Do you have your very own list of top 5 GenAI threats? Everybody seem to! What are the most common security mistakes you see clients make with GenAI? Can you explain the main goals when trying to add automation to pentestin...
Nov 11, 2024•27 min•Season 1Ep. 198
Guest: Travis Lanham , Uber Tech Lead (UTL) for Security Operations Engineering, Google Cloud Topics: There’s been a ton of discussion in the wake of the three SIEM week about the future of SIEM-like products. We saw a lot of takes on how this augurs the future of disassembled or decoupled SIEMs . Can you explain what these disassembled SIEMs are all about? What are the expected upsides of detaching your SIEM interface and security capabilities from your data backend? Tell us about the early day...
Nov 04, 2024•30 min•Season 1Ep. 197
Guest: Vijay Ganti , Director of Product Management, Google Cloud Security Topics: What have been the biggest pain points for organizations trying to use threat intelligence (TI)? Why has it been so difficult to convert threat knowledge into effective security measures in the past? In the realm of AI, there's often hype (and people who assume “it’s all hype”). What's genuinely different about AI now, particularly in the context of threat intelligence? Can you explain the concept of "AI-driven op...
Oct 28, 2024•28 min•Season 1Ep. 196
Cross-over hosts: Kaslin Fields , co-host at Kubernetes Podcast Abdel Sghiouar , co-host at Kubernetes Podcast Guest: Michele Chubirka , Cloud Security Advocate, Google Cloud Topics: How would you approach answering the question ”what is more secure, container or a virtual machine (VM)?” Could you elaborate on the real-world implications of this for security, and perhaps provide some examples of when one might be a more suitable choice than the other? While containers boast a smaller attack surf...
Oct 21, 2024•41 min•Season 1Ep. 195
Guest: Daniel Shechter , Co-Founder and CEO at Miggo Security Topics: Why do we need Application Detection and Response (ADR)? BTW, how do you define it? Isn’t ADR a subset of CDR (for cloud)? What is the key difference that sets ADR apart from traditional EDR and CDR tools? Why can’t I just send my application data - or eBPF traces - to my SIEM and achieve the goals of ADR that way? We had RASP and it failed due to instrumentation complexities. How does an ADR solution address these challenges ...
Oct 14, 2024•31 min•Season 1Ep. 194
Guests: Taylor Lehmann , Director at Office of the CISO, Google Cloud Luis Urena , Cloud Security Architect, Google Cloud Topics There is a common scenario where security teams are brought in after a cloud environment is already established . From your experience, how does this late involvement typically impact the organization's security posture and what are the immediate risks they face? Upon hearing this, many experts suggest that “burn the environment with fire” or “nuke it from orbit” are t...
Oct 07, 2024•31 min•Season 1Ep. 193
Guest: Nelly Porter , Director of PM, Cloud Security at Google Cloud Topics: Share your story and how you ended here doing confidential AI at Google? What problem does confidential compute + AI solve and for what clients? What are some specific real-world applications or use cases where you see the combination of AI and confidential computing making the most significant impact? What about AI in confidential vs AI on prem? Should those people just do on-prem AI instead? Which parts of the AI life...
Sep 30, 2024•33 min•Season 1Ep. 192
Guest: Dan Nutting , Manager - Cyber Defense, Google Cloud Topics: What is the Defender’s Advantage and why did Mandiant decide to put this out there? This is the second edition. What is different about DA-II? Why do so few defenders actually realize their Defender’s Advantage? The book talks about the importance of being "intelligence-led" in cyber defense. Can you elaborate on what this means and how organizations can practically implement this approach? Detection engineering is presented as a...
Sep 23, 2024•24 min•Season 1Ep. 191
Guest: Josh Liburdi , Staff Security Engineer, Brex Topics: What is this “security data fabric”? Can you explain the technology? Is there a market for this? Is this same as security data pipelines? Why is this really needed? Won’t your SIEM vendor do it? Who should adopt it? Or, as Tim says, what gets better once you deploy it? Is reducing cost a big part of the security data fabric story? Does the data quality improve with the use of security data fabric tooling? For organizations considering a...
Sep 16, 2024•30 min•Season 1Ep. 190
Guest: Royal Hansen , CISO, Alphabet Topics: What were you thinking before you took that “Google CISO” job? Google's infrastructure is vast and complex, yet also modern. How does this influence the design and implementation of your security programs compared to other organizations? Are there any specific challenges or advantages that arise from operating at such a massive scale? What has been most surprising about Google’s internal security culture that you wish you could export to the world at ...
Sep 09, 2024•30 min•Season 1Ep. 189
Guest: Dor Fledel , Founder and CEO of Spera Security, now Sr Director of Product Management at Okta Topics: We say “identity is the new perimeter,” but I think there’s a lof of nuance to it. Why and how does it matter specifically in cloud and SaaS security? How do you do IAM right in the cloud? Help us with the acronym soup - ITDR, CIEM also ISPM (ITSPM?), why are new products needed? What were the most important challenges you found users were struggling with when it comes to identity managem...
Sep 02, 2024•29 min•Season 1Ep. 188
Guest: Nicole Beckwith , Sr. Security Engineering Manager, Threat Operations @ Kroger Topics: What are the most important qualities of a successful SOC leader today? What is your approach to building and maintaining a high-functioning SOC team? How do you approach burnout in a SOC team? What are some of the biggest challenges facing SOC teams today? Can you share some specific examples of how you have built and - probably more importantly! - maintained a high-functioning SOC team? What are your ...
Aug 26, 2024•30 min•Season 1Ep. 187
Guests: A debate between Tim and Anton, no guests Debate positions: You must buy the majority of cloud security tools from a cloud provider, here is why. You must buy the majority of cloud security tools from a 3rd party security vendor, here is why. Resources: EP74 Who Will Solve Cloud Security: A View from Google Investment Side EP22 Securing Multi-Cloud from a CISO Perspective, Part 3 EP176 Google on Google Cloud: How Google Secures Its Own Cloud Use “The cloud trust paradox: To trust cloud c...
Aug 19, 2024•27 min•Season 1Ep. 186
Guest: David LaBianca , Senior Engineering Director, Google Topics: The universe of AI risks is broad and deep. We’ve made a lot of headway with our SAIF framework: can you give us a) a 90 second tour of SAIF and b) share how it’s gotten so much traction and c) talk about where we go next with it? The Coalition for Secure AI (CoSAI) is a collaborative effort to address AI security challenges. What are Google's specific goals and expectations for CoSAI, and how will its success be measured in the...
Aug 12, 2024•24 min•Season 1Ep. 185
Guest: Manan Doshi , Senior Security Engineer @ Etsy Questions: In your experience, what are the biggest challenges organizations face when migrating to a new SIEM platform? How did you solve them? Many SIEM projects have problems, but a decent chunk of these problems are not about the tool being broken. How did you decide to migrate? When is it time to go? Specifically, how to avoid constant change from product to product, each time blaming the tool for what are essentially process failures? Ho...
Aug 05, 2024•25 min•Season 1Ep. 184
Guests: Jaffa Edwards , Senior Security Manager @ Google Cloud Lyka Segura , Cloud Security Engineer @ Google Cloud Topics: Security transformation is hard , do you have any secret tricks or methods that actually make it happen? Can you share a story about a time when you helped a customer transform their cloud security posture? Not just improve, but actually transform! What is your process for understanding their needs and developing a security solution that is tailored to them? What to do if a...
Jul 29, 2024•30 min•Season 1Ep. 183
Guest: Adam Bateman , Co-founder and CEO, Push Security Topics: What is Identity Threat Detection and Response ( ITDR )? How do you define it? What gets better at a client organization once ITDR is deployed? Do we also need “ISPM” (parallel to CDR/CSPM), and what about CIEM? Workload identity ITDR vs human identity ITDR? Do we need both? Are these the same? What are the alternatives to using ITDR? Can’t SIEM/UEBA help - perhaps with browser logs? What are some of the common types of identity-bas...
Jul 22, 2024•28 min•Season 1Ep. 182
Guest: Zack Allen , Senior Director of Detection & Research @ Datadog, creator of Detection Engineering Weekly Topics: What are the biggest challenges facing detection engineers today? What do you tell people who want to consume detections and not engineer them? What advice would you give to someone who is interested in becoming a detection engineer at her organization? So, what IS a detection engineer? Do you need software skills to be one? How much breadth and depth do you need? What shoul...
Jul 15, 2024•31 min•Season 1Ep. 181
Guests: Mitchell Rudoll , Specialist Master, Deloitte Alex Glowacki , Senior Consultant, Deloitte Topics: The paper outlines two paths for SOCs: optimization or transformation . Can you elaborate on the key differences between these two approaches and the factors that should influence an organization's decision on which path to pursue? The paper also mentions that alert overload is still a major challenge for SOCs. What are some of the practices that work in 2024 for reducing alert fatigue and i...
Jul 08, 2024•28 min•Season 1Ep. 180
Guests: Robin Shostack , Security Program Manager, Google Jibran Ilyas , Managing Director Incident Response, Mandiant, Google Cloud Topics: You talk about “teamwork under adverse conditions” to describe expedition behavior (EB). Could you tell us what it means? You have been involved in response to many high profile incidents, one of the ones we can talk about publicly is one of the biggest healthcare breaches at this time. Could you share how Expedition Behavior played a role in our response? ...
Jul 01, 2024•23 min•Season 1Ep. 179
Guest: Brandon Wood, Product Manager for Google Threat Intelligence Topics: Threat intelligence is one of those terms that means different things to everyone–can you tell us what this term has meant in the different contexts of your career? What do you tell people who assume that “TI = lists of bad IPs”? We heard while prepping for this show that you were involved in breaking up a human trafficking ring: tell us about that! In Anton’s experience, a lot of cyber TI is stuck in “1. Get more TI 2. ...
Jun 24, 2024•32 min•Season 1Ep. 1
Guests: Omar ElAhdan , Principal Consultant, Mandiant, Google Cloud Will Silverstone , Senior Consultant, Mandiant, Google Cloud Topics: Most organizations you see use both cloud and on-premise environments. What are the most common challenges organizations face in securing their hybrid cloud environments? You do IR so in your experience, what are top 5 mistakes organizations make that lead to cloud incidents? How and why do organizations get the attack surface wrong? Are there pillars of attack...
Jun 17, 2024•30 min•Season 1Ep. 177
Guest: Seth Vargo , Principal Software Engineer responsible for Google's use of the public cloud, Google Topics: Google uses the public cloud, no way, right? Which one? Oh, yeah, I guess this is obvious: GCP, right? Where are we like other clients of GCP? Where are we not like other cloud users? Do we have any unique cloud security technology that we use that others may benefit from? How does our cloud usage inform our cloud security products? So is our cloud use profile similar to cloud natives...
Jun 10, 2024•27 min•Season 1Ep. 176
Guest: Crystal Lister , Technical Program Manager, Google Cloud Security Topics: Your background can be sheepishly called “public sector”, what’s your experience been transitioning from public to private? How did you end up here doing what you are doing? We imagine you learned a lot from what you just described – how’s that impacted your work at Google? How have you seen risk management practices and outcomes differ? You now lead Google Threat Horizons reports , do you have a vision for this? Ho...
Jun 03, 2024•27 min•Season 1Ep. 175
Guest: Angelika Rohrer, Sr. Technical Program Manager , Cyber Security Response at Alphabet Topics: Incident response (IR) is by definition “reactive”, but ultimately incident prep determines your IR success. What are the broad areas where one needs to prepare? You have created a new framework for measuring how ready you are for an incident, what is the approach you took to create it? Can you elaborate on the core principles behind the Continuous Improvement (CI) Framework for incident response?...
May 27, 2024•22 min•Season 1Ep. 174
Guest: Shan Rao , Group Product Manager, Google Topics: What are the unique challenges when securing AI for cloud environments, compared to traditional IT systems? Your talk covers 5 risks, why did you pick these five? What are the five, and are these the worst? Some of the mitigation seems the same for all risks. What are the popular SAIF mitigations that cover more of the risks? Can we move quickly and securely with AI? How? What future trends and developments do you foresee in the field of se...
May 20, 2024•33 min•Season 1Ep. 173
