Send us a text On this episode, co-founder and CEO of Cerby, Belsasar Lepe, joins Matt to talk about unmanageable applications (apps that don't support critical security standards like SSO and SCIM). Belsasar was previously the Head of Product at Impira, where he led the company's product life cycle, helping drive a 4x increase in revenue. Before his role at Impira, Bel was co-founder and CTO at Ooyala, where he led a global product, design, and engineering team of 300+ Ooyalans spanning five co...
Feb 21, 2023•39 min•Season 3Ep. 2
Send us a text Episode Summary On this episode, Matt speaks with Senior Executive, Board Director, and leader in Cybersecurity, risk management, and regulatory compliance, Chris Hetner about cybersecurity and the newly-proposed SEC cybersecurity rules. With over 25 years of experience in the cybersecurity space, Chris has served in roles including as Senior Cybersecurity Advisor to the Chairman at the SEC, Managing Director of Information Security Operations at GE Capital, and SVP Information Se...
Jan 21, 2023•47 min•Season 3Ep. 1
Send us a text This episode of the Cloud Security Today podcast welcomes back favorite special guests Jay Chen and Nathaniel “Q” Quist to unpack the latest Cloud Threat Report. Join host Matt Chiodi as he shares insights from the report and analyzes the current state of cloud security. Beginning with an in-depth look at Identity and Access Management (IAM) in cloud security, the guests talk about the latest changes in cloud security. They discuss the report’s findings on permissions and what clo...
Dec 21, 2022•45 min•Season 2Ep. 13
Send us a text Pockets of Innovation with John Chavanne Episode Summary On this episode, Solutions Architect at Palo Alto Networks, John Chavanne, joins Matt to talk about his career of innovation. John’s career spans over 20 years at HSBC before transitioning into DevOps and Cloud Solutions at Palo Alto Networks. Today, John talks about his career arc, transitioning to cloud, and the value of communities of practice groups. Where should organizations start with deploying a CNAP? Hear about the ...
Nov 21, 2022•39 min•Season 2Ep. 12
Send us a text What Serverless Can Do For You? With Mark Gould Episode Summary On this episode, Cloud Security Engineer at Manhattan Associates, Mark Gould, joins Matt to talk about serverless computing. Mark is a Cybersecurity specialist, with a focus on the Google Cloud Platform, and is a Certified Google Architect. Today, Mark talks about serverless computing, the security risk to consider, and working with DevOps teams. What are the top three metrics to start with for automation and security...
Oct 21, 2022•32 min•Season 2Ep. 11
Send us a text Book Review: Startup Secure with Chris Castaldo Episode Summary On this episode, CISO at Crossbeam and Author of Startup Secure: Baking Cybersecurity into your Company from Founding to Exit , Chris Castaldo, joins Matt to talk about startups and security. Chris is an industry-wide recognized CISO, having over 20 years of experience in cybersecurity. Today, Chris talks about his book, Startup Secure , his move to startups from the public sector, and the different startup developmen...
Sep 21, 2022•41 min•Season 2Ep. 10
Send us a text S2E8 - The Software Factory with Chris Hughes Episode Summary On this episode, CISO and Co-Founder of Aquia, Chris Hughes, joins Matt to talk about building security in the cloud using automation and compliance. Chris’s career spans over 20 years in the IT/Cybersecurity industry, as well as in active service in the US Military. Chris talks about licensing and certifications, Cloud innovation, and achieving continuous ATO. How are software factories created and operationalized? Hea...
Aug 22, 2022•38 min•Season 2Ep. 9
Send us a text In today’s episode, the Creator of Zero Trust, John Kindervag, joins Matt on the show to discuss implementing Zero Trust in your organization. While at Forrester Research in 2010, John developed Zero Trust, promising adequate and effective protection of an organization’s most valuable assets. Today, John talks about the driving force behind Zero Trust, the concept of the Protect Surface, and Kipling Method Policies. Why is trust a vulnerability? Hear about Zero Trust, Shadow IT, a...
Jul 21, 2022•46 min•Season 2Ep. 8
Send us a text This episode of the Cloud Security Today podcast is a little different from the others because this time host Matthew Chiodi gives the interviewer’s seat over to Yousuf Khan and they talk about an exciting new development in Matt’s career. Matt announces a big career move and talks about how he’s hoping to fix some of the biggest problems in SaaS security today. He tells Yousuf about his new role and the fresh approach that his new company is bringing to the field. At the end of t...
Jun 27, 2022•23 min•Season 2Ep. 7
Send us a text As the world of cloud security continues to progress at high speed, new challenges and threats arise and morph on a constant basis. The MITRE Corporation is a body tasked by the US government with solving some of the largest threats in cybersecurity and beyond, and we are very lucky to welcome Tracy Bannon to the podcast today, who is the Senior Principal and Software Architect & DevOps Advisor at MITRE. Tracy opens up about her career journey leading up to her current positio...
Jun 21, 2022•41 min•Season 2Ep. 6
Send us a text Originally recorded in September of 2021...today’s guest is Justin Berman, the Vice President of Infrastructure and IT and the CISO at Thirty Madison. Thirty Madison is aiming to be a platform that everyone can use to deal with their chronic healthcare needs. Justin’s main focus is on building out the teams that enable scaling. With his development background, Justin has some unique ideas when it comes to cloud security, which makes for a fascinating interview. You’ll walk away fr...
May 21, 2022•47 min•Season 2Ep. 5
Send us a text In this episode (originally recorded in November of 2021) we speak with Palo Alto Networks, VP of Threat Intel, Ryan Olson. Ryan helps define what threat intelligence actually is and how to get started building a program. He aptly reminds us that producing threat intel for the sake of threat intel is a waste of time. More importantly you first have to ask yourself, “Who’s going to be using this information?”. Tweetables “Producing threat intel for the sake of threat intel is a was...
Apr 18, 2022•37 min•Season 2Ep. 4
Send us a text Nearly all companies that have started in the last few years have been cloud-native from the very start. Someone who has experienced this is today’s guest Nate Lee. Nate is the Chief Information Security Officer for Tradeshift, a cloud-based business networking platform for supply chain payments, marketplaces, and applications. In this episode, Nate joins us to talk about the company’s journey, its success, and what he has learned here over the past seven years. Nate explains how ...
Mar 21, 2022•37 min•Season 2Ep. 3
Send us a text In a world where cyber-attacks are ever-changing, cybersecurity has to adapt accordingly. Joining us today to delve into the world of cloud security for federal agencies is Sandeep Shilawat, Vice President of Cloud and Edge Computing at ManTech. Sandeep has extensive experience in both Commercial and Federal technology markets. We’ll get to hear his predictions on where the cloud world is heading, as well as what the Federal Authority to Operate (ATO) process will look like in the...
Feb 14, 2022•34 min•Season 2Ep. 2
Send us a text The pharmaceutical industry has a reputation for being cautious when it comes to adopting new technologies. However, in this episode, you’ll hear from the CISO at Takeda Pharmaceuticals, Mike Towers, that for Takeda cloud has been a game-changer (albeit not without some challenges). As we like to do, we’ll start by diving into Mike’s background and then pivot to understand where Takeda is today in their cloud journey and where they are going over the next 24 months. Get your pen r...
Jan 17, 2022•38 min•Season 2Ep. 1
Send us a text Despite the media coverage afforded to the SolarWinds and Kaseya breaches, Palo Alto Networks, Unit 42 threat research indicates supply chain security in the cloud continues its growth as an emerging threat. Much remains misunderstood about both the nature of these attacks and the most effective means of defending against them. To better understand how supply chain attacks occur in the cloud, Unit 42 researchers analyzed data from a variety of public data sources around the world ...
Dec 15, 2021•32 min•Season 1Ep. 10
Send us a text The journey toward the cloud is filled with challenges, but the benefits it brings make the struggle worthwhile. Today we talk about all things cloud adoption with Rob Brown, CTO at the US Citizenship and Immigration Services Group. We jump in with some introductory comments about who the USCIS are and what they do, with Rob giving listeners an idea of his role within the organization. We hear about the massive move toward digitization at USCIS and some of the biggest challenges t...
Nov 10, 2021•35 min•Season 1Ep. 9
Send us a text When thinking of innovation, the first things that usually come to mind are tech startups. It’s not often you think of examples from the US Government or, more specifically, the Department of Defense. Our guest today has unprecedented insight, not only into what it takes to build a startup but how to create a startup-like culture in massive organizations like the US Department of Defense. Nic Chaillan, has had tremendous success as an entrepreneur and, in 2016, decided to pursue p...
Oct 18, 2021•35 min•Season 1Ep. 8
Send us a text Some of the most pertinent issues in cloud security are also very foundational. Questions like where to start, what works, and also what doesn’t work, can leave teams feeling frustrated and at a loss over how to proceed. Here to help us unpack these important questions is Jonathan Villa, the Cloud Security Practice director at GuidePoint Security. Jonathan’s career wasn’t always in security, he has spent time as an application developer, and as a pentester. All of this led him to ...
Sep 21, 2021•37 min•Season 1Ep. 7
Send us a text Today’s guest is Guy Eisenkot and he joins us to talk about how culture is a critical aspect of shift-left security and DevOps. Guy is the Co-Founder of Bridgecrew, a tool that solves the talent shortage gap for building secure infrastructure in the public cloud. Our conversation begins with Guy giving some insight about his path into development and security, and he details his training in the Israeli military and subsequent experience building security tools for the civil market...
Aug 10, 2021•40 min•Season 1Ep. 6
Send us a text Cloud security is essential for any business but particularly for government agencies. On today’s episode, we speak with an expert in the field, Ravi Raghava, who is Chief Cloud Strategist at General Dynamics Information Technology (GDIT). Ravi speaks about his personal experience with dozens of cloud deployments for civil agencies and shares best practices. Acronyms ATO = Authority to Operate POAM = Plan of Action and Milestones CDM = Continuous Diagnostics and Mitigation OCM = O...
Jul 13, 2021•40 min•Season 1Ep. 5
Send us a text In this episode, Nathanial Quist, also known as ‘Q’ returns along with Dr. Jay Chen, both of whom listeners might recognize from our inaugural episode where we discussed how common identity misconfigurations can undermine cloud security. Both Jay and Q are threat researchers with Palo Alto Networks Unit 42. Unit 42 is the global threat intelligence team at Palo Alto Networks and a recognized authority on cyberthreats, frequently sought out by enterprises and government agencies ar...
Jun 14, 2021•35 min•Season 1Ep. 4
Send us a text Keeping it simple is Brett’s mantra, and it has led to a great amount of success for him and the company he works for. As a security leader at Zoetis, the world’s largest animal healthcare company, Brett has managed to get ahead of the business in terms of adopting cloud securely. Although it may sound boring, standardizing security processes was a key element in the journey to automation for the Zoetis SOC. In today’s episode, Brett also talks about how he ended up in the world o...
May 10, 2021•36 min•Season 1Ep. 3
Send us a text While most companies have significantly increased their investments in SaaS, they have not updated their security controls and processes to ward off threats posed by this medium. Leaving SaaS security to Cloud Access Security Brokers (CASB) is not sufficient. The security controls need to be placed around the data, APIs, and applications that are running inside a cloud environment, not outside its perimeter. This is the kind of security that AppOmni provides and today we have its ...
Apr 12, 2021•43 min•Season 1Ep. 2
Send us a text Welcome to a brand new cloud security podcast, Cloud Security Today. Instead of focusing on the latest news, we’re exploring a different take on cloud security where we dig deeper into its eclectic “how-to” side. On Cloud Security Today, we are going to talk with experts from all over the community so you can do cloud security better. Today’s experts are Nathaniel Quist (Q) and Jay Chen, and they will be talking about Unit 42’s latest cloud threat research. First up Q and J, as we...
Mar 10, 2021•46 min•Season 1Ep. 1
