Penetration Test of a Web Application hosted on Google Cloud in 2023 is quite different to just a simple/traditional web app pentesting. Cloud Penetration testing is misunderstood to be just config review in Google Cloud. In this video, we have Kat Traxler who is a cloud security researcher, SANS Course author and has worked in the Google Cloud space to even build open source tools that can be used to perform cloud security testing. Episode YouTube: Video Link Host Twitter: Ashish Ra...
Aug 24, 2023•37 min•Season 4Ep. 32
Cloud Security Pentest is not just a Cloud configuration review ! Blackhat 2023 & Defcon 31 conversations included Cloud Security Podcast asking traditional and experienced pentesters about their opinion on cloud security pentesting and the divide was between it being a config review or a product pentest. For this episode we have Seth Art from Bishop Fox to clarify the myth. Episode YouTube: Video Link Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Socials: Seth ...
Aug 22, 2023•54 min•Season 4Ep. 31
Google cloud hacking or pentesting is very different to other popular cloud service providers like aws or azure. In this episode we had Shannon McHale (Mandiant now Google Cloud) to talk about how she approaches pentesting a google cloud environment and how you can too. Episode YouTube: Video Link Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Socials: Shannon McHale's Linkedin ( Shannon's Linkedin ) Podcast Twitter - @CloudSecPod If you ...
Aug 02, 2023•33 min•Season 4Ep. 30
CISOs in organizations that are going through digital transformation have a responsibility of educating the board on how Cloud Security is measured and improved on to manage the risk posture of the organization. We had Phil Venables, CISO of Google Cloud share from his experience of serving as a CISO for so many years on how to best share cybersecurity and cloud security metrics with the c-suite and the board. Episode YouTube Video Link Host Twitter: Ashish Rajan ( @hashishrajan ...
Jul 30, 2023•41 min•Season 4Ep. 29
Google Cloud Security Assessment from a pentester's lens. Anjali from NotSoSecure will be sharing her research into Google Cloud IAP & finding ways to assess the use of Google Cloud IAP in your environment and what are some of the low hanging fruits that you can remove today to reduce any potential risk from the service to your Google Cloud environment. Episode YouTube Video Link Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Socials: Anjali S's Linkedin (Anjali S ) Podcast T...
Jul 26, 2023•33 min•Season 4Ep. 28
AWS Landing zones are well known but not as much in the Google Cloud space. In this episode we have Jimmy Barber shares how controls can be automated in GCP to create landing zone to manage security across a large google environment. Episode YouTube Video Link Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Socials: Jimmy Barber's Linkedin Jimmy Barber Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Che...
Jul 25, 2023•35 min•Season 4Ep. 27
Cloud Security Podcast - Yes - AWS Cloud folks are starting to look after Google Cloud security now in a lot of organisations. Caleb Tennis from Sequoia Capital joins us to share his personal experience on how from being an AWS professional he started looking after Google Cloud Identity and how to secure their Google Cloud Environment. Episode YouTube Video - https://youtu.be/k1FrVEe1tGc Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Socials: Caleb Tennis's Linkedin Caleb Tennis...
Jul 22, 2023•46 min•Season 4Ep. 26
Cloud Security Podcast - Cybersecurity Threat hunting explained for Google Cloud. Day Johnson is a threat detection engineer and in this episode of Cloud security for Google Cloud security we spoke about how to start doing threat detection in Google Cloud, the common threats and attack vectors in GCP Episode YouTube Video - https://youtu.be/FCVG7-lFu0Q Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Socials: Day Johnson's Linkedin (Day - Linkedin ) Podcast Twitter - @CloudSec...
Jul 10, 2023•39 min•Season 4Ep. 25
Cloud Security Podcast - AWS Network Security, IAM Security or even Organization security for what can happen in your AWS Environments can be achieved using Data perimeter. John Burgress ( John - Linkedin ) from Stripe spoke about this topic at @fwdcloudsec and shared additional insights on the thinking he had when building data perimeters are guardrails. There were lot more gems dropped so def check out the episode. Episode YouTube Video - https://youtu.be/Hs9ZEaVG7Ww Host Twitter: Ashi...
Jul 06, 2023•27 min•Season 4Ep. 24
Cloud Security Podcast - NIST Incident response framework has 4 steps including one for Containment. AWS Incident Response being API enabled allows for automating a lot of incident response activity especially containment. In this episode with Damien Burks ( Damien - Linkedin ) spoke about his @fwdcloudsec talk where he shared how he automated Incident Response in AWS environments of Citi. There were lot more gems dropped so def check out the episode. Episode YouTube Video - https://youtu.be/I...
Jul 05, 2023•37 min•Season 4Ep. 23
Cloud Security Podcast - Automating a Security Baseline in Cloud with Olivia Siow ( Olivia's Linkedin ) and David Levitsky ( David's Linkedin ). In this episode Olivia and David shared their experience of how they were able to empower developers to always do the right thing through positive reinforcements like making default libraries as part of the AWS Account build to scale security across their organisation. There were lot more gems dropped so def check out the episode. Episode YouTube Vi...
Jul 01, 2023•46 min•Season 4Ep. 22
Cloud Security Podcast - AWS ReInforce 2023 or AWS Re:inforce 2023 highlights in a recap from the 2 Day affair for all things AWS Cloud Security! We were lucky enough to be there. This is a recap of the major announcements and highlights from major themes around the event. Episode YouTube Video - https://www.youtube.com/watch?v=UhVBvnmmfnQ Cloud Security Podcast Website - www.cloudsecuritypodcast.tv FREE CLOUD Security BOOTCAMP - www.cloudsecuritybootcamp.com...
Jun 23, 2023•55 min•Season 4Ep. 21
Cloud Security Podcast - Tanya Janca and Caroline Wong were on a panel with @AshishRajan at @RSAConference 2023. The Topic for the panel discussed what's the space of application security with cloud security or is it more they need to be separate camps. Episode YouTube Video - https://www.youtube.com/watch?v=WSIykXAy6Z4 Cloud Security Podcast Website - www.cloudsecuritypodcast.tv FREE CLOUD Security BOOTCAMP - www.cloudsecuritybootcamp.com Host Twitter...
Jun 02, 2023•27 min•Season 4Ep. 20
AI Security Podcast - ChatGPT and other Generative AI use Large Language Model (LLM) but can these AI systems be attacked? ☠ 🤔 . In this 3 part AI Security series from Cloud Security Podcast Original episode, we're going to talk about the importance of AI security and how to protect your Language Model aka llm program from attack. How can LLMs be attacked by malicious threat actors - beyond the phishing email that everyone has been talking about. Who is this episode for? If you work with LLMs u...
May 30, 2023•14 min•Season 4Ep. 19
Cloud Security Podcast - What is DevSecOps in 2023 especially in a world of Cloud and AI which is top of mind for both application security, developers, cybersecurity professionals. In this episode we will share how the updated definition of DevSecOps in 2023 has been redefined with Cloud and AI, also how does one measure success for DevSecOps. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv FREE CLOUD BOOTCAMPs on www....
May 23, 2023•14 min•Season 4Ep. 19
Cloud Security Podcast - we are continuing with our "Kubernetes Security & KubeCon EU 2023" and for the final episode in this series Kubernetes Security Panel from KubeCon EU 2023 . Kubernetes Security has evolved since it's inception with many defaults being more secure and some still insecure or has it not evolved at all. Andrew Martin (Control Plane), Matt Jarvis (Snyk), Kerim Satirli (Hashicorp) were on the Kubernetes Security Panel organized by Cloud Security Podcast. Episode ShowNotes,...
May 14, 2023•55 min•Season 4Ep. 18
Cloud Security Podcast - we are continuing with our "Kubernetes Security & KubeCon EU 2023" and for the fiveth episode in this series Eve Ben Ezra from The New York Times . GitOps, OPA Conftest, ArgoCD are some of the components to add security to a Cloud Native Security Pipeline! - Eve Ben Ezra from The New York Times shared how we can use these tools to create a Dev Friendly Security Pipeline. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcas...
May 11, 2023•32 min•Season 4Ep. 17
Cloud Security Podcast - we are continuing with our "Kubernetes Security & KubeCon EU 2023" and for the fourth episode in this series Mackenzie Jackson from GitGuardian . Mackenzie Jackson from GitGuardian was part of a report that found 10 Million secrets stored across the entire Github space on the internet. In this interview we go into how secrets have evolved from just being username/password to API Tokens, AWS Access Keys and whole lot more. Episode ShowNotes, Links and Transcript on Cl...
May 09, 2023•32 min•Season 4Ep. 16
Cloud Security Podcast - we are continuing with our "Kubernetes Security & KubeCon EU 2023" and for the fourth episode in this series Shane Lawrence and Daniele Santos from Shopify explained how kube-audit an open source tool from Shopify. They spoke about how they have used the audit tool to improve security with a developer security lens. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv FREE CLOUD BOOTCAMPs on www.cloudsecuritybo...
May 03, 2023•41 min•Season 4Ep. 15
Cloud Security Podcast - This month we are talking about "Kubernetes Security & KubeCon EU 2023" and for the third episode in this series, we spoke to Liz Rice ( Liz's Linkedin ) . Liz Rice from Isovalent speaks about how Network Security can be done in Kubernetes. Kubernetes network security with eBPF, Cilium can be raised to be better than selinux seccomp tcpdump - yes the linux networking security tools. Yes you read that right. Episode ShowNotes, Links and Transcript on Cloud Security ...
Apr 16, 2023•40 min•Season 4Ep. 14
Cloud Security Podcast - This month we are talking about "Kubernetes Security & KubeCon EU 2023" and for the second episode in this series, we spoke to Andrew Martin ( Andrew's Linkedin ) . Kubernetes Security Best practices built using the OWASP Top 10 for Kubernetes is not enough to deal with new and unknown attack vectors for your Kubernetes deployment. In this episode we have Andrew Martin on how you can deal with Kubernetes attack vectors including supply chain issues. Episode ShowNotes...
Apr 14, 2023•58 min•Season 4Ep. 13
Cloud Security Podcast - This month we are talking about "Kubernetes Security & KubeCon EU 2023" and for the first episode in this series, we spoke to Kirsten Newcomer ( Kirsten's Linkedin ) . Kirsten Newcomer from Red Hat has been championing Kubernetes security and the role DevSecOps will play in helping improve security for Kubernetes implementations. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv FREE CLOUD BOOTCAMPs on www.cloudsecur...
Apr 13, 2023•48 min•Season 4Ep. 12
Cloud Security Podcast - This month we are talking about "Cloud Security - the Leadership View" and for the final episode in this series, we spoke to Guy Podjarny ( GuyPo's Linkedin ) . If you are working on building or securing Cloud resources, can you truly imagine solving the next log4j or AWS/Azure/GCP vulnerability without including the help of Platform Engineers or IT engineers? This is the bigger picture of what we CyberSecurity people have to do day in day out. We work with wider team me...
Mar 27, 2023•51 min•Season 4Ep. 11
Cloud Security Podcast - This month we are talking about "Cloud Security - the Leadership View" and this week in this series, we spoke to Larry Whiteside Jr ( Larry's Linkedin ) If you are working on building a CyberSecurity Program in 2023 with Cloud in mind then this episode with Larry who shared his approach to building a CyberSecurity program along with war stories of implementing CyberSecurity in an on-premise world is the episode you need to hear. Episode ShowNotes, Links and Transcript on...
Mar 11, 2023•59 min•Season 4Ep. 10
Cloud Security Podcast - This month we are talking about "Cloud Security - the Leadership View" and first up on this series, we spoke to Bianca Lankford ( Bianca's Linkedin ) about what does it take to build a Cloud Security program that runs behind your favourite TV Show on an OTT Media Platform like Warner Brother Discovery Cloud . In this episode Bianca Lankford, from Warner Brother Discovery, share her experience on building Cloud Security Program and the importance of developers in the solv...
Mar 04, 2023•35 min•Season 4Ep. 9
Cloud Security Podcast - This month we are talking about "Building on the AWS Cloud" and next up on this series, we spoke to Chad Lorenc ( Chad's Linkedin ) about AWS Security Reference Architecture, Cloud Adoption Framework & Security Maturity Model are 3 ways to level up the maturity you have in Cloud . In this episode Chad Lorenc, from AWS shared lessons and talk about How AWS Customers can prepare to use 3 models to Crawl, Walk & Run their security practice. Episode ShowNotes, Links ...
Feb 25, 2023•57 min•Season 4Ep. 8
Cloud Security Podcast - This month we are talking about "Building on the AWS Cloud" and next up on this series, we spoke to Patrick Sanders ( Patrick's Linkedin ) & Jospeh Kjar ( Joseph's Linkedin ), Snr Cloud Security Engineer at Netflix on what does it take to reimagine multi-account deployments gave them both security and speed. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Twitter: Patric...
Feb 21, 2023•55 min•Season 4Ep. 7
Cloud Security Podcast - This month we are talking about "Building on the AWS Cloud" and next up on this series, we spoke to Alexis Robinson ( Alexis's Linkeidn ), Senior Manager, Regulatory Compliance at AWS. FEDRAMP AWS environment can be made easy with the right security assessment framework for your organization. Alexis shared lessons and talk about How AWS Customers can prepare to increase their chances of getting FedRamp certified. Episode ShowNotes, Links and Transcript on Cloud Security ...
Feb 14, 2023•58 min•Season 4Ep. 6
Cloud Security Podcast - This month we are talking about "Building on the AWS Cloud" and next up on this series, we spoke to Mrunal Shah ( Mrunal's Linkedin ), Head of Container Security at Warner Bros. Discovery. We talk about how to build a Container or K8s security program while best practices are maintained and team have the right capability and tools. 4 Cs - Cloud, Container & Cluster, Code can be foundational to this Episode ShowNotes, Links and Transcript on Cloud Security Podcast: ww...
Feb 05, 2023•45 min•Season 4Ep. 5
Cloud Security Podcast - This month we are talking about "Breaking the AWS Cloud" and next up on this series, we spoke to Seth Art ( Seth's Linkedin ) Cloud Penetration Testing Lead (Principal) at Bishop Fox. AWS cloud project to pentest AWS cloud architecture are not spoken about much - this stops today. We have Seth who works in the Cloud Penetration testing space to talk about open source tools and what Cloud pentesting is all about. Episode ShowNotes, Links and Transcript on Cloud Security P...
Jan 30, 2023•53 min•Season 4Ep. 4
