In this episode, Ashish spoke with Kushagra Sharma, Staff Cloud Security Engineer, to delve into the complexities of managing Identity Access Management (IAM) at scale. Drawing on his experiences from Booking.com and other high-scale environments, Kushagra shares insights into scaling IAM across thousands of AWS accounts, creating secure and developer-friendly permission boundaries, and navigating the blurred lines of the shared responsibility model. They discuss why traditional IAM models often...
Nov 12, 2024•46 min•Season 5Ep. 40
In this episode, host Ashish Rajan sits down with Prahathess Rengasamy, a cloud security expert with extensive experience at companies like Credit Karma, Block, and Apple. Together, they explore the challenges and best practices for scaling cloud security, especially in the complex scenarios of mergers and acquisitions. Starting with foundational elements like CSPMs and security policies, Prahathess breaks down the evolution of cloud security strategies. He explains why cloud security cannot suc...
Nov 09, 2024•39 min•Season 5Ep. 39
In this episode, Ashish gets into the critical topic of data perimeters in AWS with our guest, Tyler Warren, a Lead Cloud Security Engineer at USAA. As cloud environments continue to evolve, the importance of securing your data through trusted networks and identities has never been more crucial. Tyler shares his insights on the challenges and strategies involved in building effective data perimeters, emphasizing the need for a holistic security approach that includes both preventative and detect...
Oct 31, 2024•56 min•Season 5Ep. 38
In this episode, we sat down with Lukasz Gogolkiewicz, an Australia-based Cybersecurity Leader and former pentester, to explore his journey from offensive security into cybersecurity leadership. Lukasz, also a speaker coach at BlackHat USA, brings valuable insights into what it takes to shift from being technical to managing compliance, governance, and broader security programs in industries like retail and advertising. Throughout the conversation, we dive into the specific challenges of transit...
Oct 22, 2024•36 min•Season 5Ep. 37
What is the future of SOC? In this episode Ashish sat down with Allie Mellen, Principal Analyst at Forrester, to explore the current state of security operations and the evolving role of AI in cybersecurity. Allie spoke about why Cloud Detection Response (CDR) might be dead, how Generative AI is failing to live up to its hype in security use cases, and why automation will never fully replace human security analysts. We get into the challenges faced by SOC teams today, the burnout issue among sec...
Oct 15, 2024•56 min•Season 5Ep. 36
In this episode Ashish Rajan sits down with Shashwat Sehgal, co-founder and CEO of P0 Security, to talk about the complexities of cloud identity lifecycle management. Shashwat spoke to us about why traditional identity solutions like SAML are no longer sufficient in today’s cloud environments. He discusses the need for organisations to adopt a more holistic approach to secure access across cloud infrastructures, addressing everything from managing IAM roles to gaining complete visibility and inv...
Oct 08, 2024•33 min•Season 5Ep. 37
In this episode of the Cloud Security Podcast, Ashish sat down with Art Poghosyan , CEO and co-founder of Britive , to explore the changing world of identity and access management (IAM) in the cloud era. With over two decades of experience in the identity space, Art breaks down the challenges of traditional Privileged Access Management (PAM) and how cloud-native environments require a rethinking of security strategies. From understanding the complexities of cloud infrastructure entitlements to u...
Oct 04, 2024•34 min•Season 5Ep. 34
Why does Cloud Security Research matter in 2024? At fwd:cloudsec EU in Brussels, we sat down with Scott Piper, a renowned cloud security researcher at Wiz , to discuss the growing importance of cloud security research and its real-world impact. Scott spoke to us about the critical differences between traditional security testing and cloud security research, explaining how his team investigates cloud providers to find out vulnerabilities, improve detection tools, and safeguard data. Guest Socials...
Oct 02, 2024•35 min•Season 5Ep. 33
How does Edge Security fit into the future of Cloud Protection ? In this episode, we sat down with Brian McHenry, Global Head of Cloud Security Engineering at Check Point at BlackHat USA, to chat about the evolving landscape of cloud security in 2024. With cloud adoption accelerating and automation reshaping how we manage security, Brian spoke to us about the challenges that organizations face today—from misconfigurations and alert fatigue to the role of AI in application security. We tackle the...
Sep 20, 2024•27 min•Season 5Ep. 32
How CI/CD Tools can expose your Code to Security Risks? In this episode, we’re joined by Mike Ruth, Senior Staff Security Engineer at Rippling and returning guest, live from BlackHat 2024. Mike dives deep into his research on CI/CD pipeline security, focusing on popular tools like GitHub Actions, Terraform, and Buildkite. He reveals the hidden vulnerabilities within these tools, such as the ability for engineers to bypass code reviews, modify configuration files, and run unauthorized commands in...
Sep 13, 2024•30 min•Season 5Ep. 31
In this episode of the Cloud Security Podcast, we bring together an incredible panel of experts to explore the evolving landscape of cloud security in 2024. Hosted by Ashish Rajan, the discussion dives deep into the challenges and realities of today’s multi-cloud environments. With perspectives ranging from seasoned veterans to emerging voices this episode offers a broad spectrum of insights from cloud security practitioners who are living and breathing cloud security everyday. We are very grate...
Sep 04, 2024•56 min•Season 5Ep. 30
What were the main themes at BlackHat USA 2024 ? With respect to Cloud Security, maybe with a sprinkle of AI Security. Our team was on the ground at BlackHat and DefCon32 this year, we heard many talks and panels, spoke to many practitioner, leaders and CISOs and had the pleasure of recording some great interviews (coming soon!). This conversation is a distillation of everything we heard and the themes we saw. Podcast Twitter - @CloudSecPod ...
Aug 28, 2024•40 min•Season 5Ep. 29
In this episode, we sit down with Santiago , a Senior Security Engineer at Canva , to talk about the complexities of building and managing an incident response team, especially in high-growth companies. Santiago shares his experience transitioning from penetration testing to incident response and highlights the unique challenges that come with protecting a rapidly expanding organization. We explore the differences between incident response in high-growth versus established companies, the importa...
Aug 22, 2024•27 min•Season 5Ep. 28
Leadership Insights on Cloud Security in 2024. Ashish sat down with return guest Srinath Kuruvadi, a seasoned cloud security leader with over two decades of experience in the field. Together, they explored the current state and future of cloud security, discussing the importance of detection & incident response teams, building and maintaining a robust cloud security program, understanding the importance of stakeholder management, and the role of data security in mitigating risks. Srinath sha...
Aug 06, 2024•26 min•Season 5Ep. 27
What are you doing differently today that you're stopping tomorrow's legacy? In this episode Ashish spoke to Adrian Asher , CISO and Cloud Architect at Checkout.com , to explore the journey from monolithic architecture to cloud-native solutions in a regulated fintech environment. Adrian shared his perspective on why there "aren't enough lambdas" and how embracing cloud-native technologies like AWS Lambda and Fargate can enhance security, scalability, and efficiency. Guest Socials: Adrian's ...
Jul 30, 2024•22 min•Season 5Ep. 26
How to secure AWS cloud using AWS Lambda? We spoke to Lily Chau from Roku at BSidesSF about her experience and innovative approach to tackling security issues in AWS environments. From deploying IAM roles to creating impactful playbooks with AWS Lambda, Lily shared her take on automating remediation processes. We spoke about the challenges of managing cloud security with tools like CSPM and CNAPP, and how Lily and her team took a different approach that goes beyond traditional methods to achieve...
Jul 23, 2024•21 min•Season 5Ep. 25
How can you protect your data with Confidential Compute and Containers? Ashish spoke to Zvonko Kaise r, Principal Systems Software Engineer, Confidential Containers and Kubernetes at Nvidia about confidential containers, confidential computing, and their importance in protecting sensitive data. They speak about the various threat models, use cases, and the role of GPUs in enhancing compute power for AI workloads Guest Socials: Zvonko's Linkedin Podcast Twitter - ...
Jul 16, 2024•22 min•Season 5Ep. 24
How to implement infrastructure as code? Ashish spoke to Armon Dadgar . Co-Founder and CTO at HashiCorp at Hashidays London. Armon speaks about his journey from co-creating Terraform, the first open-source language in the IaC space, to addressing the complex challenges enterprises face in cloud environments today. They speak about why having a platform team from the beginning is crucial for large enterprises, the evolution of IaC, the importance of standardization in managing cloud applications,...
Jul 09, 2024•28 min•Season 5Ep. 23
What is the future of AI Security and Data Protection? At AWS re:Inforce in Philadelphia this year, Ashish spoke to Dan Benjamin , Head of Data, Identity and AI Security at Prisma Cloud about the new category of AI-SPM (Artificial Intelligence Security Posture Management) and why does it fit within all the other toolings organisations have. They spoke about the importance of building an AI and data inventory, understanding AI access, and the critical role of DSPM (Data Security Posture Managemen...
Jul 04, 2024•23 min•Season 5Ep. 22
Can Threat Detection be enhanced with AI? Ashish sat down with Dave Johnson , Senior Threat Intelligence Advisor at Feedly, at BSides SF 2024, where Dave also presented a talk. Dave shares his journey in cyber threat intelligence, including his 15-year career with the FBI and his transition to the private sector. The conversation focuses on the innovative use of large language models (LLMs) to create Sigma rules for threat detection and the challenges faced along the way. Dave spoke about his fo...
Jun 25, 2024•22 min•Season 5Ep. 21
How can AI impact Cloud Security Operations? Ashish sat down with Ely Kahn , VP of Cloud Security and AI at SentinelOne to talk about the evolving landscape of cloud security and the future of Security Operations Centers (SOC). Ely spoke about the shift from centralized to decentralized SOC operations, the increasing complexity in cloud security and its benefits. Guest Socials: Ely's Linkedin Podcast Twitter - @CloudSecPod ...
Jun 14, 2024•23 min
Is having a CSPM enough for Cloud Security? At RSA Conference 2024, Ashish sat down with returning guest Jimmy Mesta , Co-Founder and CTO of RAD Security , to talk about the complexities of Kubernetes security and why sometimes traditional Cloud Security Posture Management (CSPM) falls short in a Kubernetes-centric world. We speak about the significance of behavioural baselining, the limitations of signature-based detection, the role of tools like eBPF in enhancing real-time security measures an...
May 31, 2024•31 min•Season 5Ep. 19
What are the practical steps for orienting yourself in a new cloud environment? Ashish sat down with Rich Mogull and Chris Farris to explore the intricacies of effective cloud security strategies. Drawing on their extensive experience, Rich and Chris speak about critical importance of moving beyond just addressing vulnerabilities and embracing a more comprehensive approach to cloud security.Rich and Chris share their professional experiences and practical advice for anyone who finds themselves "...
May 21, 2024•59 min•Season 5Ep. 18
What's the best way to navigate least privilege complexities in a multi cloud environment? And how is the role of identity management evolving? We spoke to Jeff Moncrief from Sonrai Security on why identity is the new network in the cloud-driven world. We speak about the challenges of implementing least privilege in cloud environments, the misconceptions surrounding identity roles, and the critical importance of segmenting access across public clouds just as rigorously as we did on-premises. Gue...
May 14, 2024•27 min•Season 5Ep. 17
How is eBPF impacting Kubernetes Network Security? In this episode, recorded LIVE at Kubecon EU Paris 2024, Liz Rice , Chief Open Source Officer at Isovalent took us through the technical nuances of eBPF and its role in enabling dynamic, efficient network policies that go beyond traditional security measures. She also discusses Tetragon, the new subproject under Cilium, designed to enhance runtime security with deeper forensic capabilities. A great conversation for anyone involved in Kubernetes ...
Apr 30, 2024•20 min•Season 5Ep. 16
How can we leverage AI for more secure and efficient code and how will it impact devsecops? Ashish spoke to Michael Hanley , CSO and SVP of Engineering at GitHub , about the transformative impact of GitHub Copilot and AI on software development and security. Michael speaks about GitHub's internal use of Copilot for over three years and its role in enhancing developer satisfaction and productivity by removing mundane coding tasks. They speak about the broader implications for DevSecOps, the futur...
Apr 23, 2024•38 min•Season 5Ep. 15
In this episode from KubeCon Paris 2024, we spoke to Loris Degioanni, Co-Founder and CTO of Sysdig about Open Source Project, Falco that celebrated its graduation this year at KubeconEU, Loris shared with us this proud moment and journey from writing the 1st lines of code to its critical role in protecting Kubernetes environments, and the future roadmap post-graduation. We spoke about the gap between traditional security measures and the dynamic needs of modern infrastructures. Guest Socials: ...
Apr 16, 2024•22 min•Season 5Ep. 14
What is it like to build a successful business based on risk? In this episode Ashish spoke to Fredrick Lee , CISO at Reddit. FLee shared his deep insights into the essential role of risk in driving business success and innovation. With a career that spans across notable tech giants like Square (now Block), Twilio, and Gusto, Lee brings a wealth of experience in both hardware and software security landscapes. Without embracing risk, businesses risk stagnation in a world where competitors are alwa...
Apr 09, 2024•49 min•Season 5Ep. 13
Lets talk about the Evolution of Email Security. We have been speaking about Email Security for years but why has it not been solved? We spoke to Abhishek Agrawal , Co-founder of Material Security about the fact that despite of decades of advancements, email security remains a critical concern, with sophisticated attacks continually bypassing traditional controls. We explored the fascinating landscape of productivity suites like Microsoft 365 and Google Workspace, underscoring their importance b...
Apr 05, 2024•30 min•Season 5Ep. 12
How do you build a Robust Detection Framework? Ashish spoke to Andrew Tabona , SVP of Cyber Threat Management and Incident Response at a Fortune 500 company about challenging the conventional wisdom of applying on-premise incident response plans to cloud environments. They speak about the critical metrics of mean time to detect, respond, and recover, and why mastering the fundamentals is key to effective cloud security. The conversation also covers practical strategies for building a detection f...
Apr 02, 2024•46 min•Season 5Ep. 11
