What is GitHub Copilot? Its a AI-powered coding assistant that's redefining how developers write code. We spoke to Joseph Katsioloudes , a security specialist from the GitHub Security Lab. We spoke about how GitHub Copilot has been designed to serve not just developers but security professionals and others involved with code, enhancing productivity, satisfaction, and security across the board. Guest Socials: Joseph Katsioloudes Podcast Twitter - @CloudS...
Mar 12, 2024•21 min•Season 5Ep. 10
How is your Cloud Incident Preparedness? Is your CSPM enough? Ashish spoke to Ariel Parnes , Co-Founder and COO at Mitiga about the concept of "Assume Breach" and its importance in developing a proactive cloud security framework. If you are looking to understand the nuances of of cloud incident response and being prepared for them, the effectiveness of current tools, and the future of cloud security operations strategy, then this episode is for you. Guest Socials: Ariel Parnes Podcast Twitter ...
Mar 08, 2024•36 min•Season 5Ep. 9
Do you need an essential guide for Threat Modeling your Cloud Environment, then this episode is definitely for you. Ashish sat down with Tyson Garrett from TrustOnCloud . We explore why and how organizations should approach threat modeling in cloud to enhance their security posture. Tyson and Ashish go through the practical steps required for effective threat modeling, including identifying and prioritizing threats, and the continuous adaptation required to address the dynamic nature of cloud se...
Mar 01, 2024•50 min•Season 5Ep. 8
What is the role of AI in Legal Research and Data Security? We spoke to Matt McKeever , CISO and Head of Cloud Engineering at LexisNexis , a company that uses GenAI and Custom LLM models to help its customers with legal research, guidance and drafting. Matt spoke to us about intersection of cloud engineering, cybersecurity and the revolutionary impact of Generative AI (GenAI) in the legal sector. He shared how LexisNexis leverages GenAI to enhance legal research, draft legal documents and summar...
Feb 23, 2024•18 min•Season 5Ep. 7
Are you familiar with Sidecars in Kubernetes? We spoke to Magno Logan about the complex world of Kubernetes security and the silent but deadly vulnerabilities associated with sidecar containers. Magno shares his extensive research and insights on how attackers can exploit these vulnerabilities to stay hidden within a Kubernetes environment, posing significant threats beyond the commonly discussed crypto mining attacks. Magno spoke about common attack paths targeting Kubernetes clusters, from exp...
Feb 16, 2024•16 min•Season 5Ep. 6
Navigating modern application security in a world of Cloud, DevSecOps and now AI is getting rather complex. We spoke to Idan Plotnik , who has 24 years of cybersecurity experience under his belt and is the Co-Founder of Apiiro about world of Application Security Posture Management (ASPM) and their relevance in both large and small organizations. Idan speaks about the challenges faced in managing vast quantities of repositories and tackles common misconceptions about ASPM, confirming that it's no...
Feb 02, 2024•40 min•Season 5Ep. 5
We caught up with Troy Hunt and Scott Helme at NDC Security Oslo 2024 to talk about best practices when it come to decoding TLS, password security and data breaches in cloud and AI. Troy Hunt, known for his work with haveibeenpwned.com , spoke to us about the complexities of cloud deployment and paradox of data input versus privacy risk in Large Language Models (LLMs), Cloud. Scott Helme, a security researcher and founder of securityheaders.com , spoke about the importance of early security trai...
Jan 26, 2024•30 min•Season 5Ep. 4
What is a good multicloud strategy in 2024? We spoke to Vivek Menon, CISO for Digital Turbine about the maturity and security capabilities of major cloud service providers, AWS and GCP. Vivek spoke about the journey from on-premise to multi-cloud landscapes, the strategic approaches to cloud security in 2024, and the unique challenges that teams face across different cloud platforms. Vivek shared his insights into IAM, misconfigurations, and the value of dedicated cloud-specific teams provide a ...
Jan 19, 2024•27 min•Season 5Ep. 3
Dive into the world of AI and Kubernetes with Shopify's Shane Lawrence in this episode of the Cloud Security Podcast. Shane, shares his experience in the security team at Shopify and working on the intersection of AI, Large Language Models (LLMs), and Kubernetes security. Shopify is looking to pioneer the use of AI to streamline developer operations, enhance productivity, and bolster security measures in multi-tenant Kubernetes environments. This episode will be valuable for you if you work in K...
Jan 12, 2024•20 min•Season 5Ep. 1
How can you build a robust cloud security program in AWS, particularly as a startup and small to medium-sized businesses navigating AWS in 2024? We spoke to Chris Farris , who is the event chair for fwd:cloudsec , a known cloud security expert and one of the first AWS Heroes for security. Chris shared his insights on how to build a security strategy that is both practical and effective in today's dynamic cloud environment. From discussing the importance of AWS organizations and Identity Centre t...
Jan 05, 2024•49 min•Season 5Ep. 1
Is Offensive Security part of your 2024 Security Roadmap? We caught up with Sam Kirkman , Director at NetSPI EMEA at BlackHat Europe 2023 about what an Offensive Security Roadmap going into 2024 should look like. Offensive security is much more than pentesting. We spoke about how to build a capable team, different maturity stages of building such a program and resources you can lean on while you are on this journey across different industries. Guest Socials: Sam's Linkedin ( @sam-kirkman-cybe...
Dec 19, 2023•23 min•Season 4Ep. 52
Cloud Security environments looks very complex in 2023, and it will continue to evolve in 2024 now with AI. At AWS re:Invent 2023 this year, we sat down with Alex Jauch, Senior Director of Product Management at Outshift to talk about the complexities in Cloud Security, the role of GenAI and what can be items to consider for your 2024 Cloud Security Program. Podcast Twitter - @CloudSecPod If you want...
Dec 15, 2023•27 min•Season 4Ep. 52
Kubernetes is shaping the future of cloud native technology with interest from security folks, businesses and developers - what does the future of Kubernetes Security look like? At Kubecon NA 2023, we spoke to Emily Fox who is the chair of CNCF's Technical Oversight Committee and Software Engineering Lead at RedHat about how Zero Trust plays out in the Kubernetes environment, challenges and solutions in securing the software supply chain within Kubernetes, the impact of AI workloads on Kubernete...
Dec 14, 2023•33 min•Season 4Ep. 51
Kubernetes security explained : We spoke to Cailyn Edwards, CNCF Ambassador and Senior Security Engineer at Shopify. Interview was recorded at Kubecon NA 2023. We asked her about the complexities of Kubernetes Network Security in a multi-tenant environment. During the interview, she shared the nuances of Kubernetes network security in multi-tenant setups, tools and tactics for securing Kubernetes environments, insights from her journey at Shopify and tips for advancing the security maturity of K...
Dec 12, 2023•26 min•Season 4Ep. 48
Cloud Security Podcast just got back from AWS re:invent 2023, there was a lot of chat around, you guessed it - GenAI but along with that there were plenty of security updates and announcement. Shilpi and Ashish broke them all down for you and what it all actually means for all security practitioners. Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Che...
Dec 05, 2023•56 min•Season 4Ep. 50
eBPF is recent graduate in the CNCF family and this means that the world of Cloud and Kubernetes, networking looks very different with more security capabilities. Cilium the project from Isovalent has been gaining traction for network security for kubernetes as blindsides have been called out in the managed kubernetes deployments. This episode was recorded at KubeCon NA with Thomas Graf from Isovalent to share what the blindsides are and why eBPF provides better network security capability for k...
Nov 30, 2023•23 min•Season 4Ep. 44
Kubernetes security cannot just be Kubernetes but it is like security of a datacenter within another datacenter. In this episode with Tim Miller we spoke about CNAPP, how to approach kubernetes security. Thank you to our episode sponsor Outshift by Cisco Guest Socials: Tim's Linkedin (@ timothyemiller ) Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Ch...
Nov 22, 2023•21 min•Season 4Ep. 43
SaaS Applications support large companies, small startups. We inevitably accumulate SAAS applications to manage our employees, payroll, communication with things like Workday, Slack, Salesforce and now even things like ChatGPT. But how do you find out what you have and if they are secure. We spoke about all things SSPM with Max Feldman who has done Product Security for years at companies like Slack, Salesforce and now AppOmni. Thank you to our episode sponsor AppOmni You can get a copy of their ...
Nov 21, 2023•43 min•Season 4Ep. 45
Threat detection is often limited to popular cloud services, so whats happening to all the "not so popular or commonly known" cloud services in your environment? We are speaking to Suresh Vasudevan , CEO of Sysdig about challenges typically companies find with this space and what should be the approach for threat detection. If you feel you are looking at threats from all cloud services you might want to hear this episode to know you actually are. Thank you to our episode sponsor Vanta and Sysdig...
Nov 11, 2023•35 min•Season 4Ep. 44
Not Escaping Containers but escaping Clusters - Managed Kubernetes distributions such as Amazon EKS, Google Kubernetes Engine (GKE) and Azure Kubernetes Service (AKS) attack vectors can allow you to reach the underlying AWS Account etc. In conversation with Christophe Tafani-Dereeper & Nick Frichette, from Datadog on how this is possible in Amazon EKS and achieving potentially the same in GKE & AKS too. Thank you to our episode sponsor Sagetap Guest Socials: Nick's and Christophe's Linke...
Nov 07, 2023•59 min•Season 4Ep. 42
You know that feeling when you are unsure if you AWS secret that leaked is still available for use. There is no easy way to check this apart from looking in AWS to see if anyone used it. Turns out there could be another way.We have Ziad Ghalleb from GitGuardian to share free tool they released to help people look up if their secret was exposed on Github Thank you to our episode sponsors GitGuardian and Sysdig Guest Socials: Ziad's Linkedin (@ghallebziad) Podcast Twitter - @Clo...
Nov 06, 2023•29 min•Season 4Ep. 43
Nick McLaren is a Senior Cloud Security Engineer at an Enterprise and he transitioned to this role from a Cloud Security Engineer at a Startup. On this episode he shared with us, how the roles differ between an enterprise and startup, what skills you require to become a senior cloud security engineer and what a day look like in a life of cloud security engineer. Thank you to our sponsors for the this episode Vanta - You can check them out at vanta.com/cloud Snyk - Check them out at Snyk.io/csp G...
Nov 01, 2023•33 min•Season 4Ep. 41
BlackHat 2023 and Defcon 31 Roundup were the breeding ground for new and existing hackers to come together and share what to look out for in 2023 and 2024. The skills that stood out were - Identity - Cloud Infrastructure Security - CI/CD Security - Preventative Security - Data Security Do you agree? Episode YouTube: Video Link Host Twitter: Ashish Rajan ( @hashishrajan ) Podcast Twitter - @CloudSecPod ...
Oct 07, 2023•16 min•Season 4Ep. 40
Michael Piacente has been helping companies find Security Executives (CISO) for a long time for some household name companies like Lyft, Instacart, Airbnb and more . In episode we speak about his current passion for Cloud Native CISOs what they are and what kind of skills should they work on to become CISO in the Cloud native world most organizations are moving ahead with in full force. Thank you to Sagetap for sponsoring this episode, you can find out more about them on - https://www.sagetap.io...
Oct 02, 2023•37 min•Season 4Ep. 39
Understanding Software Supply Chain security threats for Terraform which has been the default for Infrastructure as Code is important. in this episode Mike Ruth is sharing his experience of working on securing Terraform Cloud/Terraform Enterprise - no open source was harmed in the making of this episode. Episode YouTube: Video Link Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Socials: Mike's Linkedin ( Mike Ruth ) Podcast Twitter - ...
Sep 21, 2023•40 min•Season 4Ep. 38
DSPM or Data Security Posture Management with Yotam Segev from Cyera : Most security teams have known about data challenges in their organization and some of them are put in the too hard to solve right now bucket. Yotam came on the show to talk about who should own and manage data security programs and what can a data security roadmap look like for leaders who are working on the data problem today. Episode YouTube: Video Link Host Twitter: Ashish Rajan ( @hashishr...
Sep 18, 2023•17 min•Season 4Ep. 37
Is it code to cloud or cloud to code with Harshil Parikh from Tromzo: A lot of leaders today face the inevitable question of should i start with the code or the cloud first. Harshil Parikh from Tromzo was kind enough to share his CISO experience on the topic on what each of these are and what can CISOs priortise in their programs. Episode YouTube: Video Link Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Socials: Harshil's Linkedin ( Harshil Parikh ...
Sep 09, 2023•25 min•Season 4Ep. 36
Josh Lemo s former CISO of Block and the current CISO of GitLab comes from a pentester background and made his way to become a CISO. We were lucky enough to interview him during the hacker summer camp on his journey, his experience in AI, takeaway from BH CISO summit and types of CISOs & more. Episode YouTube: Video Link Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Socials: Josh's Linkedin ( Josh Lemos ) Podcast Twitter - @CloudSecP...
Sep 06, 2023•20 min•Season 4Ep. 35
Karl Fosaaen, the author of Penetration Testing "Azure for Ethical Hacker" and the VP of Research at NetSPI, came as a guest to share why the penetration Test of a Web Application hosted on Azure Cloud in 2023 is quite different to just a simple/traditional web app pentesting and the skills you need to pentest Azure environments. Cloud Penetration testing is misunderstood to be just config review in Microsoft Azure Cloud just like in AWS and Google Cloud. In this video, we have Karl Fosaaen was ...
Aug 28, 2023•29 min•Season 4Ep. 34
Can Honeytokens be used in your supply chain security? Turns out we can! We spoke to Mackenzie Jackson ( @advocatemack ) from @GitGuardian about the benefits of using Honeytokens, which organisations can benefit from them and whats involved in deploying them and next steps once they are triggered. Episode YouTube: Video Link Host Twitter: Ashish Rajan ( @hashishrajan ) Guest Socials: Mackenzie Jackson ( @advocatemack ) Podcast Twitter - @CloudSecPod ...
Aug 25, 2023•19 min•Season 4Ep. 33
