Is your organization struggling with secret management across bare metal, hybrid, and multi-cloud environments? Standard cloud-native tools often fall short when you need a single, standardized solution that bridges all your infrastructure. Dan Popescu, Senior Site Reliability Engineer at Booking.com joins us to share how they built a cloud-agnostic secret management strategy using HashiCorp Vault. We dive deep into the technical challenges of providing identity to bare metal machines, rotating ...
Jul 09, 2025•32 min•Season 6Ep. 28
Many organizations focus on keeping attackers out, but what happens when one gets in? We spoke to Ramesh Ramani, Staff Security Engineer at Block about the real challenge, which is preventing them from leaving with your data. In this episode, Ramesh details the innovative system his team built to automate egress access control at scale, moving beyond traditional, inefficient methods. Ramesh explains how by establishing "sources of truth" for both internal applications and external partners, they...
Jul 01, 2025•40 min•Season 6Ep. 27
When you can't protect everything at once, how do you decide what matters most? This episode tackles the core challenge of security prioritization. Geet Pradhan, Senior Security Engineer at Lime joins the podcast to share his framework for building a SecOps plan when you're a small team. Learn why his team made AWS logs their number one priority , how to leverage compliance requirements to guide your strategy , and why he advises starting with a small list of 1-5 critical applications instead of...
Jun 23, 2025•41 min•Season 6Ep. 26
In many organizations, security exception management is a manual process, often treated as a simple compliance checkbox. While necessary, this approach can lead to unmonitored configurations that drift from their approved state, creating inconsistencies in an organization's security posture over time. How can teams evolve this process to support modern development without compromising on security? In this episode, Ashish Rajan sits down with security expert Santosh Bompally, Cloud Security Engin...
Jun 17, 2025•29 min•Season 6Ep. 25
In this episode, Ashish Rajan talks with Harry Wetherald , Co-Founder & CEO of Maze , about the reality of modern vulnerability management. They explore why current tools like CNAPPs can generate up to 90% false positives and how AI agents can provide a real solution by thinking like a security engineer to identify genuine, exploitable threats. Learn about the challenges of building your own AI solutions and how this new approach can eliminate noise and build trust between security and engin...
Jun 17, 2025•38 min•Season 6Ep. 24
AI is reshaping cybersecurity as we know it. From sophisticated AI-driven phishing attacks to the amplified risk of insider threats using tools like Copilot, the landscape is shifting at an unprecedented pace. How can security leaders and practitioners adapt? Join Ashish Rajan and Matthew Radolec (Varonis) as they explore the critical challenges and opportunities AI presents. Learn why 86% of attacks involve credential misuse and how AI agents are making it easier than ever for non-technical ins...
Jun 03, 2025•40 min•Season 6Ep. 23
Is Artificial Intelligence the ultimate security dragon, we need to slay, or a powerful ally we must train? Recorded LIVE at BSidesSF, this special episode dives headfirst into the most pressing debates around AI security. Join host Ashish Rajan as he navigates the complex landscape of AI threats and opportunities with two leading experts: Jackie Bow (Anthropic): Championing the "How to Train Your Dragon" approach, Jackie reveals how we can leverage AI, and even its 'hallucinations,' for advance...
May 27, 2025•38 min•Season 6Ep. 25
As Artificial Intelligence reshapes our world, understanding the new threat landscape and how to secure AI-driven systems is more crucial than ever. We spoke to Ankur Shah , Co-Founder and CEO of Straiker about navigating this rapidly evolving frontier. In this episode, we unpack the complexities of securing AI, from the fundamental shifts in application architecture to the emerging attack vectors. Discover why Ankur believes "you can only secure AI with AI" and how organizations can prepare for...
May 20, 2025•41 min•Season 6Ep. 21
The world of cloud security is evolving at breakneck speed. Are traditional tools and strategies enough to combat the sophisticated threats of tomorrow? In this episode, we're joined by Elad Koren, Vice President of Product Management from Palo Alto Networks, to explore the dynamic journey of cloud security. Elad shares his insights on how the landscape has shifted, moving beyond the era of CSPM and CNAPP as standalone solutions. We delve into why a cloud-aware Security Operations Center (SOC) i...
May 15, 2025•19 min•Season 6Ep. 20
Dive deep into the key takeaways from RSA Conference 2025 with our expert panel! Join Ashish Rajan, James Berthoty, Chris Hughes, Tanya Janca, and Francis Odum as they dissect the biggest trends, surprises, and "hot takes" from one of the world's largest cybersecurity events. In this episode, we cover: Initial reactions and the sheer scale of RSA Conference 2025. Major themes: AI's impact on cybersecurity, especially AppSec, vendor consolidation, the evolution of runtime security, and more. The ...
May 09, 2025•54 min•Season 6Ep. 19
Join Ashish Rajan in this episodeas he dives deep into the evolving world of cloud security with Sergej Epp, formerly of Deutsche Bank and Palo Alto Networks, now with Sysdig. Discover why traditional security approaches fall short in today's dynamic cloud-native environments, where workloads resemble swarms of drones rather than predictable trains. Sergej explains the critical shift from basic posture management (CSPM/CNAPP) towards runtime security, emphasizing the need for an "assume breach" ...
Apr 24, 2025•35 min•Season 6Ep. 18
Are you struggling to implement robust container security at scale without creating friction with your development teams? In this episode, host Ashish Rajan sits down with Cailyn Edwards, Co-Chair of Kubernetes SIG Security and Senior Security Engineer, for a masterclass in practical container security. This episode was recorded LIVE at KubeCon EU, London 2025. In this episode, you'll learn about: Automating Security Effectively: Moving beyond basic vulnerability scanning to implement comprehens...
Apr 17, 2025•28 min•Season 6Ep. 16
In this episode, Ashish sits down with Christian Philipov, Principal Security Consultant at WithSecure, to explore the stealth tactics threat actors are using in Azure and why many of these go undetected. Christian breaks down the lesser-known APIs like Ibiza and PIM, how Microsoft Graph differs from legacy APIs, and what this means for defenders. The 3 common ways attackers stay stealthy in Azure Why read-only enumeration activity often isn’t logged What detection is possible and how to improve...
Apr 10, 2025•35 min•Season 6Ep. 16
Ever tried solving DNS security across a multi-cloud, multi-cluster Kubernetes setup? In this episode recorded live at KubeCon, Ashish chats with Nimisha Mehta and Alvaro Aleman from Confluent's Kubernetes Platform Team. Together, they break down the complex journey of migrating to Cilium from default CNI plugins across Azure AKS, AWS EKS, and Google GKE. You’ll hear: How Confluent manages Kubernetes clusters across cloud providers. Real-world issues encountered during DNS security migration. De...
Apr 02, 2025•16 min•Season 6Ep. 14
The cloud security landscape may have just shifted — and we're here to break it down. In this special panel episode, host Ashish Rajan is joined by an all-star group of cloud and cybersecurity experts to discuss one of the most important conversations in cloud security today: the changing nature of security architecture, SOC readiness, and how teams must evolve in a multi-cloud world. Guests include: Chris Hughes – CEO at Acqui & host of Resilient Cyber James Berthoty – Cloud and AppSec engi...
Mar 26, 2025•52 min•Season 6Ep. 14
Detection rules aren’t just for fun—they’re critical for securing cloud environments. But are you using them the right way? In this episode, Ashish Rajan sits down with David French, Staff Adoption Engineer for Security at Google Cloud, to break down how organizations can scale Detection as Code across AWS, Azure, and Google Cloud. Why prevention isn’t enough—and how detection fills the gap The biggest mistakes in detection rules that could blow up your SOC How to scale detections across hundred...
Mar 20, 2025•43 min•Season 6Ep. 13
In this episode we speak to Nick Jones, an expert in offensive cloud security and Head of Research at WithSecure to expose the biggest security gaps in cloud environments and why CNAPPs and CSPMs alone are not enough often. How cloud pentesting differs from traditional pentesting Why CSPMs & CNAPPs don’t tell the full cloud security story The biggest cloud attack paths—identity, IAM users, and CI/CD Why “misconfigurations vs vulnerabilities” is the wrong debate How organizations should prepa...
Mar 13, 2025•49 min•Season 6Ep. 12
What does it take to secure AI-based applications in the cloud? In this episode, host Ashish Rajan sits down with Bar-el Tayouri, Head of Mend AI at Mend.io , to dive deep into the evolving world of AI security. From uncovering the hidden dangers of shadow AI to understanding the layers of an AI Bill of Materials (AIBOM), Bar-el breaks down the complexities of securing AI-driven systems. Learn about the risks of malicious models, the importance of red teaming, and how to balance innovation with ...
Mar 06, 2025•45 min•Season 6Ep. 11
AWS networking isn’t as simple as it seems and when you’re dealing with regulated industries like healthcare, the stakes are even higher. In this episode we sit down with Kyler Middleton and Jack W. Harter from Veradigm — who have navigated complex AWS networking challenges while migrating from on-prem data centers to the cloud. We speak about: The real struggles of moving from data centers to AWS Why networking can feel like a black box The anti-pattern that surprisingly worked best How to buil...
Feb 28, 2025•53 min•Season 6Ep. 10
In this episode, we dive deep into Azure security, incident response, and the evolving cloud threat landscape with Katie Knowles, Security Researcher and former Azure Incident Responder. We spoke about common Azure incident response scenarios you need to prepare for, how identity and privilege escalation work in Azure, how Active Directory and Entra ID expose new risks and what security teams need to know about Azure networking and logging. Guest Socials: Katie's Linkedin Podcast Twitte...
Feb 20, 2025•54 min•Season 6Ep. 9
🚀 How do you secure thousands of AWS accounts without slowing down developers? Netflix’s cloud security experts Patrick Sanders & Joseph Kjar join us to break down their identity-first security model and share lessons from scaling security across a massive AWS multi-account environment. In this episode, we cover: Why identity, not network, is the best security boundary The challenges of least privilege and right-sized access How Netflix migrates IAM roles while minimizing disruptions The im...
Feb 13, 2025•51 min•Season 6Ep. 8
We spoke to Will Bengtson (VP of Security Operations at HashiCorp) bout the realities of cloud incident response and detection. From root credentials to event-based threats, this conversation dives deep into: Why cloud security is NOT like on-prem – and how that affects incident response How attackers exploit APIs in seconds (yes, seconds—not hours!) The secret to building a cloud detection program that actually works The biggest detection blind spots in AWS, Azure, and multi-cloud environments ...
Feb 04, 2025•58 min•Season 6Ep. 7
In this episode, we sit down with Sunil Rane, an experienced cybersecurity leader with over 20 years in cybersecurity across industries like healthcare, education, media, and consulting. Sunil shares unique insights into the diverse challenges faced by CISOs, from managing data sensitivity in healthcare to the lack of standardized frameworks in media, how to balance data availability and security without compromising operational efficiency, the complexities of being a custodian of data in consul...
Jan 28, 2025•32 min•Season 6Ep. 5
In this episode we’re joined by Francis Odum , founder and lead research analyst at Software Analyst Cyber Research. Drawing from his extensive research and conversations with CISOs, security operators, and vendors, Francis shares his insights on the state of identity security and the rise of non-human identities (NHI) in the cloud, why solving the data problem is critical to reducing false positives, improving SOC efficiency, and cutting costs, the early but growing landscape of AI and LLM secu...
Jan 24, 2025•51 min•Season 6Ep. 4
In this episode, host Ashish Rajan spoke to Mike Privette , founder of Return on Security, to explore the landscape of cybersecurity as we look toward 2025. Mike shared his unique insights on the economics of cybersecurity, breaking down industry trends, and discussing how AI is revolutionizing areas like governance, risk, compliance (GRC), and data loss prevention (DLP). They dive into the convergence of cloud security and application security, the rise of startups, and the ever-present "cat-an...
Jan 21, 2025•26 min
In this episode of the Cloud Security Podcast, host Ashish Rajan speaks to James Berthoty, founder of Latio.Tech and an engineer-driven analyst, for a discussion on cloud security tools. In this episode James breaks down CNAPP and what it really means for engineers, if kubernetes secuity is the new baseline for cloud security and runtime security vs vulnerability management. Guest Socials: James's Linkedin Podcast Twitter - @Cl...
Jan 14, 2025•40 min•Season 6Ep. 2
In this episode our host Ashish Rajan sat down with Ross Haleliuk , author of Cybersecurity for Builders and creator of the Venture in Security blog , to explore the current state and future of the cybersecurity industry. From understanding the challenges of building a cybersecurity startup to the dynamics of security engineering and market trends for 2025. Ross and Ashish explore why the cybersecurity industry isn’t as crowded as it seems and the divide between companies that build in-house sec...
Jan 10, 2025•1 hr 10 min•Season 6Ep. 1
In this episode, Meg Ashby, a senior cloud security engineer shares how her team tackled AWS’s centralized VPC interface endpoints, a design often seen as an anti-pattern. She explains how they turned this unconventional approach into a cost-efficient and scalable solution, all while maintaining granular controls and network visibility. She shares why centralized VPC endpoints are considered an AWS anti-pattern, how to implement granular IAM controls in a centralized model and the challenges of ...
Dec 17, 2024•49 min•Season 5Ep. 43
In this episode, recorded at Kubecon NA in Salt Lake City, we spoke about about Kubernetes security with Shauli Rozen , co-founder and CEO of ARMO Security . From the challenges of runtime protection to the potential of CADR (Cloud Application Detection and Response), Shauli breaks down the gaps in traditional CSPM tools and how Kubernetes plays a central role in cloud security strategy. The episode gets into the "Four C's" of cloud security: Cloud, Cluster, Container, Code, why runtime data, po...
Dec 05, 2024•29 min•Season 5Ep. 38
At HashiConf 2024 in Boston, our host Ashish Rajan had a great chat over some cannolis and a game of Jenga with AJ Oller, AVP of Engineering at The Hartford about how automation, mainframes, and compliance intersect to drive innovation in regulated industries like insurance. They spoke about why regulations aren't barriers but frameworks to prevent failure, the human side of engineering and how to manage change fatigue during transformations and how automation enhances security, disaster recover...
Nov 21, 2024•37 min•Season 5Ep. 41
