Cloud Security Podcast - This month we are talking about "Breaking the AWS Cloud" and next up on this series, we spoke to Nishant Sharma ( Nishant's Linkedin ), Director, Lab Platform, INE. If you have tried pentesting in AWS Cloud or want to start today with AWS Goat, then this episode with Nishant, behind AWS Goat will help you understand how you can upskill and maybe even show others how to be better at pentesting AWS Cloud. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: w...
Jan 24, 2023•54 min•Season 4Ep. 3
Cloud Security Podcast - This month we are talking about "Breaking the AWS Cloud" and next up on this series, we spoke to Gafnit Amiga ( Gafnit's Linkedin ), VP of Security Research at Lightspin who recently discovered the AWS Elastic Container Registry Public ( ECR Public) vulnerability. She spoke to us about how she goes about doing cloud security research and what AWS ECS and ECR is. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: A...
Jan 12, 2023•33 min•Season 4Ep. 2
Cloud Security Podcast - If Hacking the Cloud is on your mind for 2023 then in this "Breaking the AWS Cloud" month we are kicking things with Nick Frichette ( Nick's Linkedin ), a Senior Security Researcher from DataDog who is also maintains the site Hacking the Cloud linking offensive security research for AWS, Azure, GCP. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Twitter: Nick Frichette ( Ni...
Jan 08, 2023•46 min•Season 4Ep. 1
In this episode of the Virtual Coffee with Ashish edition, we spoke with Shilpi Bhattacharjee ( Cloud Security Podcast, Producer ) . We spoke about Announcements from AWS Reinvent for - new security products announced, updates to existing security products, security addition to existing products and products to lookout for. Podcast Link with favourite Talks, Product launch details and more: https://snyk.io/blog/cloud-security-updates-reinvent-2022/ --Announcing Cloud Security Villains Project-- ...
Dec 14, 2022•43 min•Season 3Ep. 56
In this episode of the Virtual Coffee with Ashish edition, we spoke with Justin Garrison ( Personal Website ) from AWS to talk about what scenarios make sense to choose AWS EKS vs AWS ECS vs AWS Fargate vs bare metal Kubernetes & everything you need to understand for implementing AWS EKS in your environment. --Announcing Cloud Security Villains Project-- We are always looking to find creative ways to educate folks in Cloud Security and the Cloud Security Villains is part of this education pi...
Dec 10, 2022•58 min•Season 3Ep. 55
In this episode of the Virtual Coffee with Ashish edition, we spoke with Ashish Desai ( Ashish Desai's Linkedin ) about how much of the on-premise can work in Cloud, what the online world is saying versus the reality of what businesses are experiencing. --Announcing Cloud Security Villains Project-- We are always looking to find creative ways to educate folks in Cloud Security and the Cloud Security Villains is part of this education pieces. Cloud Security Villains are coming, you can learn how ...
Nov 25, 2022•54 min•Season 3Ep. 54
In this episode of the Virtual Coffee with Ashish edition, we spoke with Kat Traxler ( Kat's Linkedin ) about the skillset, certification and knowledge base required to become a cloud security architect in 2023. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Twitter: Kat Traxler ( Kat's Linkedin ) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED epis...
Nov 13, 2022•54 min•Season 3Ep. 53
In this episode of the Virtual Coffee with Ashish edition, we spoke with Rodrigo Montoro ( Rodrigo's linkedin ) about threat modelling and incident response involving the uncommon AWS services which still may be widely used in your organisation and increase your attack surface. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Twitter: Rodrigo Montoro ( Rodrigo's linkedin ) Podcast Twitter - @CloudSec...
Nov 10, 2022•47 min•Season 3Ep. 52
In this episode of the Virtual Coffee with Ashish edition, we spoke with Nandesh Guru (Nandesh's Linkedin) about ransomware and supply chain attack mechanisms in AWS and how the world of CSPM have evolved to address the increasing complexities of cloud security Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Twitter: Nandesh Guru (Nandesh's Linkedin) Podcast Twitter - @CloudSecPod @CloudSecureNews I...
Nov 06, 2022•38 min•Season 3Ep. 51
In this episode of the Virtual Coffee with Ashish edition, we spoke with Christophe Parisel ( Christophe's Linkedin ) about what how to transition from being a technical architect on premise to a cloud security architect and then a cloud native security architect. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Twitter: Christophe Parisel (Christophe's Linkedin ) Podcast Twitter - @CloudSecPod @Clou...
Oct 30, 2022•51 min•Season 3Ep. 50
In this episode of the Virtual Coffee with Ashish edition, we spoke with Jim Bugwadia ( Jim's Twitter ) about policy management and compliance as code for Kubernetes and how you can use open source tools like Kyverno and OPA for policy management Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Twitter: Jim Bugwadia ( Jim's Twitter ) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watc...
Oct 24, 2022•47 min•Season 3Ep. 49
In this episode of the Virtual Coffee with Ashish edition, we spoke with Luke Hinds ( Luke 's Twitter ) the open source Sigstore project and how it is helping with software signing and protecting the software supply chain Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Twitter: Luke Hinds ( Luke 's Twitter ) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STR...
Oct 16, 2022•51 min•Season 3Ep. 48
In this episode of the Virtual Coffee with Ashish edition, we spoke with Jimmy Mesta ( Jimmy's Twitter) about OWASP Kubernetes Top 10 and best practices for securing Kubernetes Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Twitter: Jimmy Mesta ( Jimmy's Twitter) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out o...
Oct 10, 2022•51 min•Season 3Ep. 47
Modern Cloud Security Programs hire for builders who can develop tools that help developers walk down a Paved road where security is not a blocker but at the same time prevents developers from making security mistakes. In this episode we spoke with Travis McPeak who shared his experience from his time at Netflix to talk about Modern Cloud Security Teams look like and work on day to day at scale for a large development team and how others can take some insights from this for their own Cloud Secur...
Sep 29, 2022•39 min•Season 3Ep. 46
Azure Cloud Security Architecture (Day 0) ,Custom Azure Role definitions, Azure Privilege Access Management etc can be complex to build. Continuing from part 1 In the part 2 of our This is My Cloud Security Architecture Series Episode we have Sai, a Cloud Security Architect walking us through how to start with an Azure Security Architecture on Day 0 of your Cloud Security Architect role. Part -2 of the episode will go into Day 1+ of managing and scaling what we have created in Day 0. This episod...
Sep 25, 2022•1 hr 4 min•Season 3Ep. 45
Data Lakes as an asset to collect and build threat actors or hiring for Data Scientists/Analyst are not typical things in Cloud Security well unless the organisation is dealing with PetaBytes of data. At a large scale company these are data problem not a security problem at that point even if the problem is in security team. In this episode with Jonathan Rau , CISO of Lightspin we spoke about his previous experience of creating and growing a SecDataOps team with Cloud Security and Ops in IHSMark...
Sep 16, 2022•47 min•Season 3Ep. 44
Azure Cloud Security Architecture, Azure Policies can be complex to build. In the part 1 of our This is My Cloud Security Architecture Series Episode we have Sai, a Cloud Security Architect walking us through how to start with an Azure Security Architecture on Day 0 of your Cloud Security Architect role. Part -2 of the episode will go into Day 1+ of managing and scaling what we have created in Day 0. This episode is better on video - YouTube Link Cloud Security Meetup NYC - Cloud Security Meetup...
Sep 12, 2022•56 min•Season 3Ep. 43
In this episode of the Virtual Coffee with Ashish edition, we spoke with Jack Naglieri ( Jack's Twitter ) about what Security Monitoring can look like for a Cloud Native Company Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Twitter: Jack Naglieri ( Jack's Twitter ) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check ou...
Sep 08, 2022•37 min•Season 3Ep. 42
In this episode of the Virtual Coffee with Ashish edition, we spoke with Corey Ball ( Corey's Twitter ) about what does API in a modern software stack looks like and how these can be attacked and protected Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Twitter: Corey Ball ( Corey's Twitter ) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode an...
Sep 05, 2022•40 min•Season 3Ep. 41
Special Episode by Shilpi and Ashish sharing their recap, highlights, big takeaways, Cloud Talks and Training from Hacker Summer Camp - Blackhat Defcon Diana Initiative BSides Vegas 2022. Blog with links: Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan ( @hashishrajan ) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Sec...
Aug 28, 2022•1 hr 3 min•Season 3Ep. 40
In this episode of the Virtual Coffee with Ashish edition, we spoke with Jeevan Singh ( Jeevan's Linkedin ) about Threat Modelling STRIDE Threat Modelling can be used for self service Application running in Cloud and allowing Security Teams to go on holiday without worrying about Digital Supply Chain. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Twitter: Jeevan Singh ( Jeevan's Linkedin ) Podcast...
Aug 21, 2022•1 hr•Season 3Ep. 39
In this episode of the Virtual Coffee with Ashish edition, we spoke with Karthik Ramamoorthy ( Karthik's Linkedin ) about Container security with NIST Framework for financial services organizations. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Twitter: Karthik Ramamoorthy ( Karthik's Linkedin ) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episo...
Aug 07, 2022•56 min•Season 3Ep. 39
Special Episode by Shilpi and Ashish sharing their recap, highlights, big takeaways, meh moments and in person experience from AWS ReInforce 2022. Twitter Space with Cloud Security Community about the AWS Re:Inforce 2022 Recap & Highlights Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan ( @hashishrajan ) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past e...
Aug 02, 2022•53 min•Season 3Ep. 37
In this episode of the Virtual Coffee with Ashish edition, we spoke with Cassandra Young ( @muteki_rtw ) Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Twitter: Cassandra Young ( @muteki_rtw ) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security News - Cloud ...
Jul 30, 2022•49 min•Season 3Ep. 36
Special Episode by Shilpi and Ashish announcing the 1 year partnership with Snyk and what does this mean for the podcast community - you and also for Ashish and Shilpi. The new Architecture series we are announcing in the coming weeks and a lot more. We hope you continue to enjoy the vendor neutral content from Cloud Security Practitioners we bring to you. Here is an Interview with Guy Podjarny (Founder of Snyk) that we did as part of the announcement! Episode ShowNotes, Links and Transcript on ...
Jul 28, 2022•19 min
In this episode of the Virtual Coffee with Ashish edition, we spoke with Kyler Middleton ( Kyler's Linkedin ) Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Twitter: Kyler Middleton ( Kyler's Linkedin ) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security New...
Jul 20, 2022•55 min•Season 3Ep. 35
Zero Trust is top of mind but is it achievable? In this "What to LookOut for in 2022" series - we interviewed experts at RSA and BSidesSF about what Zero Trust is important today and the paradoxes in achieving it. Watch the video for this episode on You Tube - ZERO TRUST AND THE TRIPLE PARADOX Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan ( @hashishrajan ) Guests Linkedin: Thank you to Anudeep Parhar, Daniel Tranner , Dy...
Jul 09, 2022•21 min•Season 3Ep. 34
In this episode of the Virtual Coffee with Ashish edition, we spoke with Kinnaird McQuade ( Kinnaird's Twitter) Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Twitter: Kinnaird McQuade ( Kinnaird's Twitter) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security...
Jul 04, 2022•45 min•Season 3Ep. 34
The Digital Supply Chain is broken and getting challenging to fix. In this "What to LookOut for in 2022" series - we interviewed experts at RSA and BSidesSF on the Broken Digital Supply Chain and ways in which we can fix it. Watch the video for this episode on You Tube - Fix the Broken Digital Supply Chain Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter + Linkedin: Ashish Rajan ( @hashishrajan ) + Shilpi Bhattacharjee ( @shilpibhattacha...
Jul 03, 2022•15 min•Season 3Ep. 33
The Digital Supply Chain is broken and getting challenging to fix. In this "What to LookOut for in 2022" series - we interviewed experts at RSA and BSidesSF on the Broken Digital Supply Chain and why it has become a challenge. Watch the video for this episode on You Tube - 3 THINGS THAT BROKE THE DIGITAL SUPPLY CHAIN Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan ( @hashishrajan ) Guests Linkedin: Thank you to Keatron Eva...
Jun 26, 2022•17 min•Season 3Ep. 31
