Cloud Security Podcast (Cloud Security Podcast Team)
Explorez tous les épisodes de Cloud Security Podcast
| Date | Titre | Durée | |
|---|---|---|---|
| 17 Oct 2021 | What is Cloud Native Application Protection Platform - CNAPP Explained! | 00:48:55 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Om Moolchandani (@omaitrika) is a CISO and CTO at Accurics (@AccuricsSec).. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Om Moolchandani (@omaitrika) Podcast Twitter - Cloud Security Podcast (@CloudSecPod) If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our YouTube Channel: | |||
| 11 Apr 2021 | Cloud Governance using Infrastructure as Code (IaC) | 00:40:52 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Ohad Maishlish is the CEO & Co-Founder of env0. In this episode, Ohad & Ashish spoke about
ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Youtube Channel: https://lnkd.in/gUHqSai | |||
| 26 Aug 2021 | Network Security in a Cloud Native World | 00:51:32 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Karthik Prabhakar (@worldhopper) is an Advisor to AccuKnox (@AccuKnox). Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Linkedin: Karthik Prabhakar (@worldhopper) Podcast Twitter - Cloud Security Podcast (@CloudSecPod) If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our YouTube Channel: - Cloud Security Podcast: https://www.youtube.com/c/cloudsecuritypodcast?sub_confirmation=1 Cloud Security Academy: www.cloudsecuritypodcast.tv/cloud-security-academy | |||
| 16 Jul 2024 | What is confidential computing? Explained for 2024 | 00:22:10 | |
How can you protect your data with Confidential Compute and Containers? Ashish spoke to Zvonko Kaiser, Principal Systems Software Engineer, Confidential Containers and Kubernetes at Nvidia about confidential containers, confidential computing, and their importance in protecting sensitive data. They speak about the various threat models, use cases, and the role of GPUs in enhancing compute power for AI workloads Guest Socials: Zvonko's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security BootCamp Questions asked: (00:00) Introduction (01:45) A word from our sponsor SentinelOne (02:18) A bit about Zvonko (02:24) Encryption for Confidential Computing (04:20) Confidential Computing vs Confidential Containers (05:45) What sectors focus on Confidential Computing? (07:09) Common Threats in Confidential Computing (08:55) What is a Secure Enclave? (10:05) Value of Attestation for Confidential Computing (11:35) Lift and Shift Strategy for AI (13:59) The role of GPU in confidential Computing (15:37) Shared Responsibility with Confidential Computing (17:10) Confidential Computing project you can get involved in (18:16) The fun section | |||
| 08 Jan 2023 | GETTING STARTED WITH HACKING AWS CLOUD | 00:45:36 | |
Cloud Security Podcast - If Hacking the Cloud is on your mind for 2023 then in this "Breaking the AWS Cloud" month we are kicking things with Nick Frichette (Nick's Linkedin), a Senior Security Researcher from DataDog who is also maintains the site Hacking the Cloud linking offensive security research for AWS, Azure, GCP. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Nick Frichette (Nick's Linkedin) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: Spotify TimeStamp for Interview Questions (00:00) Introduction See you at the next episode! | |||
| 20 Jun 2022 | Digital Transformation - ARE WE THERE YET! | 00:14:11 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Heather Ceylan (@heatherceylon) & Ariel Chavan (@ariel-c-ab445a50) from Zoom. Watch the video for this episode on You Tube - Digital Transformation in 2022 Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guests Linkedin: Heather Ceylan (@heatherceylon) & Ariel Chavan (@ariel-c-ab445a50) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: | |||
| 05 May 2021 | Study Hall - What is Kubernetes & Why do you NEED TO know about it? | 00:10:59 | |
In this Study Hall - Ashish goes through WHAT IS Kubernetes? What Kubernetes is NOT? & Should you start refactoring or building infrastructure in Kubernetes today? Host Twitter: twitter.com/hashishrajan To ASK questions from our Guest SUBSCRIBE TO OUR YOUTUBE LINK HERE to JOIN our next LIVE STREAM - : https://www.youtube.com/c/cloudsecuritypodcast?sub_confirmation=1 | |||
| 09 Aug 2020 | HOW TO CREATE AN EFFECTIVE CYBER SECURITY TEAM - CLINT GIBLER | 00:49:29 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Clint Gibler In this episode, Clint & Ashish spoke about
ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai | |||
| 25 Oct 2020 | HOW TO START in BUG BOUNTY IN 2020 with Casey Ellis, BugCrowd | 01:05:55 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Casey Ellis In this episode, Casey & Ashish spoke about
ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai | |||
| 04 Apr 2021 | Kubernetes Security Explained for those starting today! - Kelsey Hightower | 00:54:57 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Kelsey Hightower (@kelseyhightower) is the Staff Advocate at Google Cloud (@GoogleCloud) and co-author of “Kubernetes: Up and Running: Dive Into the Future of Infrastructure.”
In this episode, Kelsey & Ashish spoke about
ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Youtube Channel: https://lnkd.in/gUHqSai | |||
| 27 Oct 2021 | AWS Lands UK Spy Services Contact + Google Cloud + Azure release Q3 results - Cloud Security News | 00:05:33 | |
Cloud Security News this week 27 October 2021
Episode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: | |||
| 05 Apr 2020 | Cloud Center of Excellence in AWS | How Atlassian manages Risk and Compliance - Atlassian 2020 | 00:37:20 | |
In this episode, we sit with Michael Fuller, Cloud Centre of Excellence, Atlassian. Michael & Ashish spoke about
More info and show notes on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan Michael Fuller | |||
| 29 May 2022 | Azure Security Fundamentals - Level 200 | 00:52:31 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Tanya Janca (Tanya's Twitter) Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Tanya Janca (@shehackspurple) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: | |||
| 25 Jul 2023 | Doing Google Cloud Security RIGHT! | 00:34:39 | |
AWS Landing zones are well known but not as much in the Google Cloud space. In this episode we have Jimmy Barber shares how controls can be automated in GCP to create landing zone to manage security across a large google environment. Host Twitter: Ashish Rajan (@hashishrajan) Guest Socials: Jimmy Barber's Linkedin Jimmy Barber Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Newsletter - Cloud Security BootCamp Spotify TimeStamp for Interview Questions A word from our sponsors - you can visit them on snyk.io/csp (00:00) Introduction (03:10) A bit about Jimmy Barber (05:42) Transitioning from on-prem to cloud (07:26) How are things different in GCP? (09:01) Building blocks of working with GCP (14:15) What is a landing zone in GCP? (17:23) Building landing zone in existing GCP environments (20:04) Using Cloud Native services vs others (22:59) Security gaps in GCP (25:15) Non technical challenges moving to cloud and GCP (28:45) Doing security in GCP (31:18) Where to start learning about GCP (32:37) The Fun Section These are some of the resources Jimmy found helpful when learning GCP Security See you at the next episode! | |||
| 09 May 2021 | Risk Analysis of Kubernetes Security - Mark Manning, Snowflake | 00:49:34 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Mark Manning (@antitree) is the Principal Security Architect at Snowflake(@SnowflakeDB). Before this he used to run Kubernetes Risk Analysis at NCC Group (@NCCSECURITYUS) Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Cloud Security Academy: www.cloudsecuritypodcast.tv/cloud-security-academy Host Twitter: twitter.com/hashishrajan If you want to watch videos of this and previous episodes: - Youtube Channel: https://www.youtube.com/c/cloudsecuritypodcast?sub_confirmation=1 | |||
| 25 Aug 2023 | How to detect software supply chain attacks with Honeytokens? | 00:19:09 | |
Can Honeytokens be used in your supply chain security? Turns out we can! We spoke to Mackenzie Jackson ( @advocatemack ) from @GitGuardian about the benefits of using Honeytokens, which organisations can benefit from them and whats involved in deploying them and next steps once they are triggered. Episode YouTube: Video Link Host Twitter: Ashish Rajan (@hashishrajan) Guest Socials: Mackenzie Jackson ( @advocatemack ) Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Newsletter - Cloud Security BootCamp Spotify TimeStamp for Interview Question (00:00) Introduction (02:01) A bit about Mackenzie Jackson (02:37) What are Honeytokens? (03:35) Traditional threat detection (05:29) Honeytoken in action (07:02) Deployments for Honeytokens (09:46) Role of Honeytoken in Supply Chain (11:02) Deploying and managing Honeytokens (13:12) Incident response with Honeytokens (15:01) What companies should use Honeytokens? (16:05) What if the key is deleted ! Resources: You can find out more about Honeytokens & GitGuardian here! See you at the next episode! | |||
| 31 May 2020 | What is GOOD COMPANY CULTURE (WITH EXAMPLE ) during COVID19 with remote employees! | 00:37:07 | |
In this episode sponsored by Virtual Coffee with Ashish edition, we spoke with Graeme Cantu-Park, CISO of Matilion
ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch the previous episodes: | |||
| 14 Dec 2022 | AWS Reinvent 2022 - RECAP for Cloud Security Professionals! | 00:43:26 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Shilpi Bhattacharjee (Cloud Security Podcast, Producer). We spoke about Announcements from AWS Reinvent for - new security products announced, updates to existing security products, security addition to existing products and products to lookout for. Podcast Link with favourite Talks, Product launch details and more: https://snyk.io/blog/cloud-security-updates-reinvent-2022/ --Announcing Cloud Security Villains Project-- We are always looking to find creative ways to educate folks in Cloud Security and the Cloud Security Villains is part of this education pieces. Cloud Security Villains are coming, you can learn how to defeat them in this YouTube Playlist link Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Shilpi Bhattacharjee (Cloud Security Podcast, Producer) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: Spotify TimeStamp for Interview Questions | |||
| 14 May 2024 | Why Least Privilege Matters in Cloud Security? | 00:26:45 | |
What's the best way to navigate least privilege complexities in a multi cloud environment? And how is the role of identity management evolving? We spoke to Jeff Moncrief from Sonrai Security on why identity is the new network in the cloud-driven world. We speak about the challenges of implementing least privilege in cloud environments, the misconceptions surrounding identity roles, and the critical importance of segmenting access across public clouds just as rigorously as we did on-premises. Guest Socials: Jeff's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp Questions asked: (00:00) Introduction (01:59) A bit about Jeff (03:01) How is identity different in the Cloud? (05:40) Misconceptions about least priviledge in the cloud (08:50) Cloud Native solutions for Permission Attack Surface Management (15:36) Common themes when addressing privilege in Cloud (17:22) Starting point when dealing with identities (20:03) Frameworks when working through least privilege (23:21) Showing ROI on doing least privilege | |||
| 23 Jul 2024 | Fixing Cloud Security with AWS Lambda | 00:21:25 | |
How to secure AWS cloud using AWS Lambda? We spoke to Lily Chau from Roku at BSidesSF about her experience and innovative approach to tackling security issues in AWS environments. From deploying IAM roles to creating impactful playbooks with AWS Lambda, Lily shared her take on automating remediation processes. We spoke about the challenges of managing cloud security with tools like CSPM and CNAPP, and how Lily and her team took a different approach that goes beyond traditional methods to achieve real-time remediation. Guest Socials: Lily Twitter Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security BootCamp Questions asked: (00:00) Introduction (01:56) A bit about Lily (02:27) What is Auto Remediation? (03:56) Example of Auto Remediation (05:19) CSPMs and Auto Remediation (06:58) Make Auto Remediation in Cloud work for you (09:49) Where to get started with Auto Remediation? (11:52) What defines a High Impact Playbook? (12:58) Auto Remediation for Lateral Movement (14:35) What is running in the background? (16:41) What skillset is required? (19:08) The Fun Section Resources for the episode: | |||
| 21 Mar 2021 | Azure Security Best Practices for Cloud Architects - John Savill | 00:57:37 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with John Savill (Linkedin_John Savill) is the Principal Cloud Architect, Author and YouTuber.
In this episode, John & Ashish spoke about
ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Youtube Channel: https://lnkd.in/gUHqSai | |||
| 21 Aug 2022 | HOW TO Threat Model Digital Applications in Cloud | 00:59:48 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Jeevan Singh (Jeevan's Linkedin) about Threat Modelling STRIDE Threat Modelling can be used for self service Application running in Cloud and allowing Security Teams to go on holiday without worrying about Digital Supply Chain. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Jeevan Singh (Jeevan's Linkedin) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: Spotify TimeStamp for Interview Questions (00:00) Ashish's Intro to the Episode (02:15) https://snyk.io/csp (02:40) Jeevan's Professional Background (04:23) What is threat modelling (05:35) Flicking the Threat Modelling switch (06:47) Common AppSec Mistake (09:58) What is Threat Modelling Important? (11:46) Tainted Flow Analysis and Threat Modelling (13:00) Where does this fit in CI/CD? (14:25) Security Teams going on vacation made possible (15:34) Impact of teaching developers how to run Threat Model (16:33) First time running Observe Phase of Threat Modelling with Developers (17:13) Developers are better at Threat Model than Security (19:09) Level of programming expertise for Threat Modelling (21:32) Fixing Threats vs Finding relevant controls for the threat (22:00) Bad example of role of Threat Modelling in Business (23:41) Should Threat Model be done in Dev? (24:54) Example of Threat Model for an App hosted in Cloud? (27:27) Threat Model Skeleton for Cloud Native Apps (30:12) Does complexity increase with multi-cloud/hybrid environments? (32:27) What’s involved in rolling a Threat model program in an organisation? (36:26) Who is the minimum representation in Threat modelling session? (38:30) Advice for folks who are starting threat modelling today in their organization (41:59) Cultural Change required for Threat Modelling (43:19) Example of getting Management agreement (44:58) Jeevan's 4 Stage of Threat model talk - https://www.youtube.com/watch?v=DtvjJL8xcPY (45:28) Time-boxing Threat Model Sessions (48:21) Maintaining Quality of Risk identified during threat modeling (50:21) Keeping developers updated on latest security vulnerabilities (54:07) Jeevan’s Favourite Threat Model Type (55:09) Where can people learn threat modelling? (56:12) Fun Section | |||
| 24 Oct 2021 | Threat Detection and Incident Response in Cloud - Nathan Case | 00:46:38 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Nathan Case ( Linkedin Profile ) is a Senior Director, Security Operations at Resilience. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Nathan Case ( Linkedin Profile ) Podcast Twitter - Cloud Security Podcast (@CloudSecPod) If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our YouTube Channel: | |||
| 22 Jul 2023 | An AWS Centric View of Google Cloud Identity | 00:45:53 | |
Cloud Security Podcast - Yes - AWS Cloud folks are starting to look after Google Cloud security now in a lot of organisations. Caleb Tennis from Sequoia Capital joins us to share his personal experience on how from being an AWS professional he started looking after Google Cloud Identity and how to secure their Google Cloud Environment.
Episode YouTube Video - https://youtu.be/k1FrVEe1tGc Host Twitter: Ashish Rajan (@hashishrajan) Guest Socials: Caleb Tennis's Linkedin Caleb Tennis Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Newsletter - Cloud Security BootCamp Spotify TimeStamp for Interview Questions A word from our sponsors - you can visit them on snyk.io/csp See you at the next episode! | |||
| 06 Mar 2022 | Security for AI/ML Models in AWS | 00:54:55 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Mike Chambers @mikechambers, AWS Hero AI/ML Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Linkedin: Mike Chambers @mikechambers Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: | |||
| 22 Nov 2023 | Attack Path Analysis for Better Kubernetes Security | 00:21:13 | |
Kubernetes security cannot just be Kubernetes but it is like security of a datacenter within another datacenter. In this episode with Tim Miller we spoke about CNAPP, how to approach kubernetes security. Thank you to our episode sponsor Outshift by Cisco Guest Socials: Tim's Linkedin (@timothyemiller) Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Newsletter - Cloud Security BootCamp Questions asked: (00:00) Introduction (02:42) A bit about Tim Miller (03:35) What is CNAPP? (04:30) Traditional Kubernetes Security (05:18) Where to put a CNAPP? (06:20) CSPM vs CNAPP (09:00) Attack Path Analysis (11:05) Kubernetes Attack Path (12:43) The team you need (14:06) Resources to learn more (16:24) Fun Question | |||
| 29 Nov 2020 | RISK MANAGEMENT IN CLOUD SECURITY - MONICA VERMA | 00:48:21 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Monica Verma, CISO In this episode, Monica & Ashish spoke about
ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai | |||
| 20 Sep 2024 | Edge Security is the Key to Cloud Protection | 00:26:41 | |
How does Edge Security fit into the future of Cloud Protection ? In this episode, we sat down with Brian McHenry, Global Head of Cloud Security Engineering at Check Point at BlackHat USA, to chat about the evolving landscape of cloud security in 2024. With cloud adoption accelerating and automation reshaping how we manage security, Brian spoke to us about the challenges that organizations face today—from misconfigurations and alert fatigue to the role of AI in application security. We tackle the question: Is CSPM (Cloud Security Posture Management) still enough, or do we need to rethink our approach? Brian shares his thoughts on edge security, why misconfigurations are more dangerous than ever, and how automation can quickly turn small risks into significant threats. Guest Socials: Brian's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security BootCamp Questions asked: (00:00) Introduction (03:28) State of Cloud Market (04:44) Is CSPM not enough? (06:35) Edge Security in Cloud Context (08:31) Where is edge security going? (10:11) Where to start with Cloud Security Tooling? (11:08) Transitioning from Network Security to Cloud Security (13:11) How is AI Changing Edge Security? (14:45) How is WAF and DDos Protection evolving? (18:16) Should people be doing network pentest? (19:57) North Star for WAF in a cybersecurity program (20:55) The evolution to platformization (23:13) Highlight from BlackHat USA 2024 | |||
| 22 Dec 2019 | AWS Re-invent 2019 Security Announcements - The DevSecOps in AWS edition | 00:39:12 | |
In this DevSecOps in AWS episode, we sit with Arjen Schwarz the host of Ambassador Lounge Podcast and review the security releases from AWS Re:invent 2019 and what it means for DevOps teams and security teams who are currently working together or planning to work together. ShowNotes for the episode can be found on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan @ArjenSchwarz | |||
| 31 Jan 2021 | Security Chaos Engineering Experiments for Beginners | 00:35:11 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with David Lavezzo, Director of Security Chaos Engineering at Capital One In this episode, David & Ashish spoke about
ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai | |||
| 30 Jul 2024 | Cloud Native Strategies from a FinTech CISO | 00:21:56 | |
What are you doing differently today that you're stopping tomorrow's legacy? In this episode Ashish spoke to Adrian Asher, CISO and Cloud Architect at Checkout.com, to explore the journey from monolithic architecture to cloud-native solutions in a regulated fintech environment. Adrian shared his perspective on why there "aren't enough lambdas" and how embracing cloud-native technologies like AWS Lambda and Fargate can enhance security, scalability, and efficiency. Guest Socials: Adrian's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security BootCamp Questions asked: (00:00) Introduction (01:59) A bit about Adrian (02:47) Cloud Naive vs Cloud Native (03:54) Checkout’s Cloud Native Journey (05:44) What is AWS Fargate? (06:52) There are not enough Lambdas (09:52) The evolution of the Security Function (12:15) Culture change for being more cloud native (15:23) Getting security teams ready for Gen AI (18:16) Where to start with Cloud Native? (19:14) Where you can connect with Adrian? (19:39) The Fun Section | |||
| 17 Nov 2021 | Feds go "Cloud Smart"+ Alibaba Cloud targeted by Hackers | 00:04:48 | |
Cloud Security News this week 17 November 2021
Episode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: | |||
| 07 Jun 2020 | Google Cloud Security - How does Google Cloud work? | 00:54:31 | |
In this episode sponsored by Virtual Coffee with Ashish edition, we spoke with Francesco Cipollone, Chapter Chair (UK), Cloud Security Alliance Francesco & Ashish spoke about
ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch the previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai | |||
| 06 Jul 2023 | Using Data Perimeters in AWS To Scale Guardrails | 00:26:58 | |
Cloud Security Podcast - AWS Network Security, IAM Security or even Organization security for what can happen in your AWS Environments can be achieved using Data perimeter. John Burgress (John - Linkedin) from Stripe spoke about this topic at @fwdcloudsec and shared additional insights on the thinking he had when building data perimeters are guardrails. There were lot more gems dropped so def check out the episode. Episode YouTube Video - https://youtu.be/Hs9ZEaVG7Ww Host Twitter: Ashish Rajan (@hashishrajan) Guest Socials: John Burgress (John - Linkedin) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security News - Cloud Security BootCamp Spotify TimeStamp for Interview Questions A word from our sponsors - you can visit them on snyk.io/csp (00:00) Introduction (03:13) A word from our sponsors (03:38) A bit about John Burgess (04:26) Data perimeter in the Cloud (05:10) Defining data perimeter in AWS (06:50) Where to start building AWS data perimeter (08:21) The defense in depth approach 09:09 Approach to enable developers (10:40) Starting point for building data perimeter (11:41) Limitations with Data Perimeter (13:06) Implementing data perimeter for segregation (15:52) Working with Terraform Modules (16:34) Goals behind data perimeter controls (18:31) Proactive detection for third party (20:00) Data perimeter for other CSPs (20:42) Challenges in establishing data perimeter (23:06) Dealing with multiple organisations (23:35) Learn more about data perimeter (24:06) The fun section These are some of the resources John found helpful for data perimeter:
See you at the next episode! | |||
| 01 Aug 2021 | Security Logging is Changing | Observability & Tracing Explained | 00:48:48 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Ted Young (@tedsuo) is a contributor along with AWS, Google Cloud, Microsoft Azure in the Observability eco-system. He is also the Director of Developer Education at LightStep (@LightStepHQ) Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Cloud Security Academy: www.cloudsecuritypodcast.tv/cloud-security-academy Host Twitter: @hashishrajan Guest Linkedin: Ted Young (@tedsuo) Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our YouTube Channel: - Cloud Security Podcast: https://www.youtube.com/c/cloudsecuritypodcast?sub_confirmation=1 | |||
| 27 Mar 2023 | IS THERE DEVSECOPS IN CLOUD? 🤔 | 00:50:57 | |
Cloud Security Podcast - This month we are talking about "Cloud Security - the Leadership View" and for the final episode in this series, we spoke to Guy Podjarny ( GuyPo's Linkedin). If you are working on building or securing Cloud resources, can you truly imagine solving the next log4j or AWS/Azure/GCP vulnerability without including the help of Platform Engineers or IT engineers? This is the bigger picture of what we CyberSecurity people have to do day in day out. We work with wider team members Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv FREE CLOUD BOOTCAMPs on www.cloudsecuritybootcamp.com Host Twitter: Ashish Rajan (@hashishrajan) Guest Socials: Guy Podjarny ( GuyPo's Linkedin) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: Spotify TimeStamp for Interview Questions A word from our sponsors - you can visit them on snyk.io/csp (00:00) Introduction (03:49) A bit about Guy Podjarny (04:51) What is DevSecOps today? (07:15) 3 Phases of DevSecOps (07:44) DevSecOps vs ShiftLeft (09:15) The maturity of DevSecOps (11:52) The notion of start left (13:36) Threat modelling and developers (14:38) What is Cloud Security? (16:03) The notion of App Cloud (17:43) Gartner acronyms and cloud security (22:21) Security champion program in cloud (28:33) Future of IaaS, PaaS and SaaS (32:22) Challenges with Security Championship Program (42:19) Generative AI and DevSecOps in Cloud (47:45) Fun Questions See you at the next episode! | |||
| 23 May 2021 | Kubernetes Runtime Threat Detection and Response - Falco, Sysdig | 00:52:35 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Dan “POP“ Papandrea (@danpopnyc) is the CNCF Ambassador, Director of Open Source Community and Ecosystem (@sysdig) and Podcast Host for @PopcastPop Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Cloud Security Academy: www.cloudsecuritypodcast.tv/cloud-security-academy Host Twitter: twitter.com/hashishrajan Guest Twitter: twitter.com/danpopnyc Podcast Twitter - @kaizenteq If you want to watch videos of this episode and past CSP episodes: - Youtube Channel: https://www.youtube.com/c/cloudsecuritypodcast?sub_confirmation=1 | |||
| 13 Mar 2025 | CNAPPs & CSPMs don’t tell the full cloud security story | 00:49:23 | |
In this episode we speak to Nick Jones, an expert in offensive cloud security and Head of Research at WithSecure to expose the biggest security gaps in cloud environments and why CNAPPs and CSPMs alone are not enough often.
With real-world examples from red team engagements and cloud security research, Nick shares insider knowledge on how attackers target AWS, Azure, and Kubernetes environments—and what security teams can do to stop them. Guest Socials: Nick's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) Introduction (02:40) A bit about Nick Jones (03:56) How has Cloud Security Evolved? (05:52) Why do we need pentesting in Cloud Security? (08:09) Misconfiguration vs Vulnerabilities (11:04) Cloud Pentesting in Different Environments (17:05) Impact of Kubernetes Adoption on Offensive Cloud Security (20:19) Planning for a Cloud Pentest (29:04) Common Attacks Paths in Cloud (33:05) Mitigating Common Risk in Cloud (35:14) What is Detection as Code? (41:17) Skills for Cloud Pentesting (45:28) Fun Sections | |||
| 09 Sep 2023 | The Cloud to Code Dilemma - Let's Talk | 00:24:56 | |
Is it code to cloud or cloud to code with Harshil Parikh from Tromzo: A lot of leaders today face the inevitable question of should i start with the code or the cloud first. Harshil Parikh from Tromzo was kind enough to share his CISO experience on the topic on what each of these are and what can CISOs priortise in their programs. Episode YouTube: Video Link Host Twitter: Ashish Rajan (@hashishrajan) Guest Socials: Harshil's Linkedin (Harshil Parikh) Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Newsletter - Cloud Security BootCamp Spotify TimeStamp for Interview Question (00:00) Introduction (02:51) Harshil's path into cybersecurity (04:30) What is code to cloud? (05:19) What is cloud to code? (06:29) How was cybersecurity done traditionally? (08:28) What should CISOs prioritise? (09:43) How different sectors are impacted? (10:56) Where should CISOs start? (12:30) Application vs Cloud vs Product Security (14:44) Is application security becoming cloud security? (16:43) What does maturity look like? (20:18) The fun questions See you at the next episode! | |||
| 14 May 2023 | Evolution of Kubernetes Security | KubeCon EU 2023 | 00:55:23 | |
Cloud Security Podcast - we are continuing with our "Kubernetes Security & KubeCon EU 2023" and for the final episode in this series Kubernetes Security Panel from KubeCon EU 2023. Kubernetes Security has evolved since it's inception with many defaults being more secure and some still insecure or has it not evolved at all. Andrew Martin (Control Plane), Matt Jarvis (Snyk), Kerim Satirli (Hashicorp) were on the Kubernetes Security Panel organized by Cloud Security Podcast. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv FREE CLOUD BOOTCAMPs on www.cloudsecuritybootcamp.com Host Twitter: Ashish Rajan (@hashishrajan) Guest Socials: Andrew Martin (Control Plane), Matt Jarvis (Snyk), Kerim Satirli (Hashicorp) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security News - Cloud Security BootCamp Spotify TimeStamp for Interview Questions (00:00) Introduction (04:28) A bit about Kerim, Andy and Matt (05:13) What is Kubernetes? (06:49) How do you describe Cloud Native Security? (10:21) How Kubecon and Kubernetes has changed over the years? (15:56) The growing presence of security in Kubecon (22:10) Cloud Security and Cloud Native Security (23:00) Maintenance of Kubernetes (24:17) Shared Responsibility Model (27:37) Single Cluster vs Multi Cluster (34:34) Failure of Workload Identity (36:11) Recommendations for learning (42:06) Disaster Recovery for Kubernetes (47:51) ChatGPT - Problem, Solution or Fad? See you at the next episode! | |||
| 30 Jul 2023 | Cloud Security in the BoardRoom - CISO Perspective with Phil Venables | 00:40:41 | |
CISOs in organizations that are going through digital transformation have a responsibility of educating the board on how Cloud Security is measured and improved on to manage the risk posture of the organization. We had Phil Venables, CISO of Google Cloud share from his experience of serving as a CISO for so many years on how to best share cybersecurity and cloud security metrics with the c-suite and the board. Episode YouTube Video Link Host Twitter: Ashish Rajan (@hashishrajan) Guest Socials: Phil Venable's Linkedin (Phil's Linkedin) Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Newsletter - Cloud Security BootCamp Spotify TimeStamp for Interview Questions A word from our sponsors - you can visit them on snyk.io/csp (00:00) Introduction (03:02) A bit about Phil Venables (04:17) Are boards talking about Cloud Security? (05:47) Security Metrics to show to the board (07:48) Are Security Metrics seasonal? (10:23) Aligning security metrics to business goals (13:59) Educating the board about Cloud Security (15:50) CISOs should be braver (18:42) 3 Security Metrics to start with (25:25) Setting the risk appetite as a organisation (27:11) Essential attributes for a CISO (29:14) What makes a successful security program? (32:18) Skillsets required to become a CISO (36:49) The fun questions See you at the next episode! | |||
| 28 Jul 2022 | So Now You Know! | 00:18:55 | |
Special Episode by Shilpi and Ashish announcing the 1 year partnership with Snyk and what does this mean for the podcast community - you and also for Ashish and Shilpi. The new Architecture series we are announcing in the coming weeks and a lot more. We hope you continue to enjoy the vendor neutral content from Cloud Security Practitioners we bring to you. Here is an Interview with Guy Podjarny (Founder of Snyk) that we did as part of the announcement! Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest : Snyk Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: | |||
| 04 Sep 2024 | State of Cloud Security - Practitioner Edition | 00:56:12 | |
In this episode of the Cloud Security Podcast, we bring together an incredible panel of experts to explore the evolving landscape of cloud security in 2024. Hosted by Ashish Rajan, the discussion dives deep into the challenges and realities of today’s multi-cloud environments. With perspectives ranging from seasoned veterans to emerging voices this episode offers a broad spectrum of insights from cloud security practitioners who are living and breathing cloud security everyday. We are very grateful to our panelist who took part in 1st of its kind edition for the State of Cloud Security - Meg Ashby, Damien Burks, Chris Farris, Rich Mogull, Patrick Sanders, Ammar Alim and Abdie Mohamed. The conversation covers essential topics such as the pitfalls of multi-cloud adoption, the persistent security issues that remain even as cloud technologies advance, and the importance of specializing in one cloud platform while maintaining surface-level knowledge of others. The panelists also share their thoughts on the future of cloud security, including the increasing relevance of Kubernetes and edge security. Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security BootCamp Questions asked: (00:00) Introduction (02:22) How much has Cloud Security Changed? (07:05) Is the expectation to be MultiCloud? (19:07) What’s top of mind in Cloud Security in 2024? (27:17) The current Cloud Service Provider Landscape (39:26) Where to start in Cloud Security ? (52:10) The Fun Section Resources discussed during the episode: | |||
| 08 Aug 2021 | What is a SECURITY DATA LAKE? | 00:49:19 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Omer Singer (Linkedin-Omer Singer) is the Head of Cyber Security Strategy at Snowflake - The Data Cloud (@SnowflakeDB). Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Linkedin: Omer Singer (Linkedin-Omer Singer) Podcast Twitter - Cloud Security Podcast (@CloudSecPod) If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our YouTube Channel: - Cloud Security Podcast: https://www.youtube.com/c/cloudsecuritypodcast?sub_confirmation=1 Cloud Security Academy: www.cloudsecuritypodcast.tv/cloud-security-academy | |||
| 02 Oct 2024 | The Role of Cloud Security Research in 2024 | 00:35:26 | |
Why does Cloud Security Research matter in 2024? At fwd:cloudsec EU in Brussels, we sat down with Scott Piper, a renowned cloud security researcher at Wiz, to discuss the growing importance of cloud security research and its real-world impact. Scott spoke to us about the critical differences between traditional security testing and cloud security research, explaining how his team investigates cloud providers to find out vulnerabilities, improve detection tools, and safeguard data. Guest Socials: Scott's Linkedin + Scott's Twitter Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security BootCamp Questions asked: (00:00) Introduction (02:07) A bit about Scott Piper (02:48) What is a Cloud Security Research Team? (04:30) Difference between traditional and Cloud Security Research (07:21) Cloud Pentesting vs Cloud Security Research (08:10) What is request collapsing? (10:26) GitHub Actions and OIDC Research (13:47) How has cloud security evolved? (17:02) Tactical things for Cloud Security Program (18:41) Impact of Kubernetes and AI on Cloud (20:37) How to become a Cloud Security Researcher (22:46) AWS Cloud Security Best Practices (26:35) Trends in AWS Cloud Security Research (28:11) Fun Questions (30:22) A bit about fwd:cloudsec Resources mentioned during the interview: Wiz.io - Cloud Security Podcast listeners can also get a free cloud security health scan Avoiding security incidents due to request collapsing A security community success story of mitigating a misconfiguration CTFs | |||
| 21 Feb 2021 | Kubernetes Security at Scale in A CI/CD Pipeline - Michael Fraser | 00:56:20 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Michael Fraser (@itascode) is the Chief Architect, Co-Founder at refactr (@RefactrIT).
In this episode, Michael & Ashish spoke about
ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai | |||
| 04 Mar 2023 | HOW TO BUILD A CLOUD SECURITY PROGRAM - MEDIA INDUSTRY | 00:34:58 | |
Cloud Security Podcast - This month we are talking about "Cloud Security - the Leadership View" and first up on this series, we spoke to Bianca Lankford (Bianca's Linkedin) about what does it take to build a Cloud Security program that runs behind your favourite TV Show on an OTT Media Platform like Warner Brother Discovery Cloud . In this episode Bianca Lankford, from Warner Brother Discovery, share her experience on building Cloud Security Program and the importance of developers in the solving the Cloud Security challenge. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Socials: Bianca Lankford (Bianca's Linkedin) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: Spotify TimeStamp for Interview Questions (00:00) Introduction (03:06) snyk.io/csp (03:45) A bit about Bianca (04:27) Challenge of Scale in Media Industry (06:38) Cloud based security program vs on prem (08:04) How cloud security can enable businesses (11:11) Cloud Security Program in Media Industry (13:45) Getting leadership buy in for cloud security program (17:05) Explaining cloud security as a business risk (18:33) Pillars of cloud security program at scale (20:12) Multi Cloud Security Program (20:52) Skills required for multi cloud security team (22:25) The future of application security and cloud security (24:01) Metrics of operationalising cloud security program at scale (25:32) Time to detection in Cloud (26:32) Navigating cloud security program through changing compute (28:09) Security guardrails vs security gate (30:53) Stages for a cloud security program (32:35) The Fun Section See you at the next episode! | |||
| 28 Feb 2021 | How to become a CLOUD SECURITY ENGINEER IN 2021? | 00:47:37 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Nicholas McLaren (Linkedin - nmclarencys) is the Cloud Security Engineer, ByteChek(@Bytechek).
In this episode, Nick & Ashish spoke about
ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai | |||
| 17 May 2020 | What is SRE? When should i have SRE? - Virtual Coffee with Ashish - Tim Heckman | 00:40:54 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Tim Heckman, Sr. SRE Netflix.
ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan @theckman | |||
| 21 Nov 2024 | Building Platforms in Regulated Industries | 00:36:32 | |
At HashiConf 2024 in Boston, our host Ashish Rajan had a great chat over some cannolis and a game of Jenga with AJ Oller, AVP of Engineering at The Hartford about how automation, mainframes, and compliance intersect to drive innovation in regulated industries like insurance. They spoke about why regulations aren't barriers but frameworks to prevent failure, the human side of engineering and how to manage change fatigue during transformations and how automation enhances security, disaster recovery, and operational efficiency. Guest Socials: AJ' s Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security BootCamp Questions asked: (00:00) Introduction (01:53) A bit about AJ Oller (02:17) The Cannoli taste test (04:38) Technology in the Insurance industry (10:19)What is a platform? (11:46) What skillsets do you need in platform team? (14:19) Maturity for building platform teams (19:5)8 Business case for investing in Automation (24:49) Does Automation help with security regulations? (28:10) Leaders communicating automation value to business (30:37) Cheerleading for digital transformation (32:32) The Fun Section | |||
| 13 Mar 2022 | What is SBOM, iBOM? | 00:39:19 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Barak Schoster Goihman, Senior Director, Chief Architect at Palo Alto Networks (BridgeCrew) Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Linkedin: Barak Schoster (@barakschoster) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: | |||
| 10 Jan 2021 | Cloud Security Testing in AWS | 00:52:38 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Pawel Rzepa, Snr Security Consultant, SecuRing. In this episode, Pawel & Ashish spoke about
ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai | |||
| 07 Mar 2021 | INCIDENT RESPONSE IN AWS CLOUD | 00:45:45 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Toni de la Fuente (@toniblyx) is the Senior Security Consultant at AWS (@AWSCloud) and author of Prowler - AWS Security Tool.
In this episode, Toni & Ashish spoke about
ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai | |||
| 15 Mar 2020 | Multi Cloud Strategy | Multi Cloud Management for companies of all size - David Linthicum , Chief Cloud Strategy Officer for Delloite | 00:44:01 | |
In this episode, we sit with David Linthicum, Chief Cloud Strategy Officer for Delloite. David & Ashish spoke about
More info and show notes on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan @DavidLinthicum | |||
| 14 Nov 2021 | Challenges with Building Serverless Applications at Scale | 00:38:28 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Ran Ribenzaft (@ranrib) is an AWS Serverless Hero, Forbes under 30 and the co-Founder of Epsagon (@Epsagon). Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tvHost Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Ran Ribenzaft (@ranrib) Podcast Twitter - Cloud Security Podcast (@CloudSecPod) If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our YouTube Channel: | |||
| 24 Jan 2023 | AWS Goat - Cloud Penetration Testing | 00:53:33 | |
Cloud Security Podcast - This month we are talking about "Breaking the AWS Cloud" and next up on this series, we spoke to Nishant Sharma (Nishant's Linkedin), Director, Lab Platform, INE. If you have tried pentesting in AWS Cloud or want to start today with AWS Goat, then this episode with Nishant, behind AWS Goat will help you understand how you can upskill and maybe even show others how to be better at pentesting AWS Cloud. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Nishant Sharma (Nishant's Linkedin) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: Spotify TimeStamp for Interview Questions (00:00) Introduction (03:51) snyk.io/csp (04:51) What is Cloud Pentesting? (06:19) Cloud pentesting vs Web App & Network (08:37) What is AWS Goat? (13:12) Do you need permission from AWS to do pentesting? (14:03) Pentesting an application vs pentesting AWS S3 (15:40) What is AWS Goat testing? (18:14) Cloud penetration testing tools (19:59) How useful is a metadata of a cloud instance? (22:24) AWS Pentesting and OWASP Top 10 (25:31) How to build internal training for Cloud Security? (29:43) Keep building knowledge on AWS Goat (30:33) Using CloudShell for AWS pentesting (34:09) ChatGPT for cloud pentesting (36:28) Vulnerable serverless application (39:40) Pentesting Amazon ECS (43:01) How do you protect against ECS misconfigurations? (47:38) What is the future plan for AWS Goat? (50:28) Fun Questions See you at the next episode! | |||
| 06 Sep 2020 | WHAT IS AZURE IDENTITY MANAGEMENT | CLOUD SECURITY | 00:49:18 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with David O’Brien, MVP Azure , Argos Founder In this episode, David & Ashish spoke about
ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai | |||
| 20 Jul 2022 | HOW TO SECURE AWS CLOUD ENVIRONMENT FOR HEALTHCARE | 00:55:08 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Kyler Middleton (Kyler's Linkedin) Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Kyler Middleton (Kyler's Linkedin) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: | |||
| 19 Sep 2021 | Cloud Security Careers: From University to Security Engineer at Atlassian | 00:46:00 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Kaif Ahsan (@KaifAhsan1) is a Security Engineer at Atlassian (@Atlassian). Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Kaif Ahsan (@KaifAhsan1) Podcast Twitter - Cloud Security Podcast (@CloudSecPod) If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our YouTube Channel: - Cloud Security Podcast: https://www.youtube.com/c/cloudsecuritypodcast?sub_confirmation=1 - Cloud Security Academy: www.cloudsecuritypodcast.tv/cloud-security-academy | |||
| 22 Aug 2024 | Building an Incident Response Team for High-Growth Companies | 00:27:24 | |
In this episode, we sit down with Santiago, a Senior Security Engineer at Canva, to talk about the complexities of building and managing an incident response team, especially in high-growth companies. Santiago shares his experience transitioning from penetration testing to incident response and highlights the unique challenges that come with protecting a rapidly expanding organization. We explore the differences between incident response in high-growth versus established companies, the importance of having the right personnel, and the critical skills needed for effective incident response. Guest Socials: Santiago's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security BootCamp Questions asked: (00:00) Introduction (01:58) A word from our sponsor - SentinelOne (02:48) A bit about Santiago (03:18) What is Incident Response? (04:06) How IR differs in different organisations? (04:48) Red Team vs Incident Response Team (06:17) Challenges for Incident Response in Cloud (07:16) Incident Response in a High Growth Company (07:56) Skillsets required for high growth (09:14) Cloud vs On Prem Incident Response (10:03) Building Incident Response in High Growth Company (11:39) Responding to incidents that are not high risk (14:41) Transition from pentesting to incident responder (17:20) Endpoint vulnerability management at scale (25:32) The Fun Section Resources from the episode: | |||
| 18 Oct 2020 | CONTINUOUS MONITORING FOR CONTROLS & VULNERABILITIES - DANIEL MIESSLER | 00:48:48 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Daniel Miessler In this episode, Daniel & Ashish spoke about
ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai | |||
| 26 Jan 2022 | McFee and FireEye join forces for XDR | 00:03:51 | |
Cloud Security News this week 26 Jan 2022
Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: | |||
| 08 Sep 2021 | IBM Launches Servers for Hybrid Cloud, Microsoft and Verizon bring 5G Edge Cloud Computing - Cloud Security News | 00:02:14 | |
Cloud Security News this week - 8 September 2021
| |||
| 15 Dec 2023 | Understand Your Cloud Security Landscape to cut through the noise! | 00:27:16 | |
Cloud Security environments looks very complex in 2023, and it will continue to evolve in 2024 now with AI. At AWS re:Invent 2023 this year, we sat down with Alex Jauch, Senior Director of Product Management at Outshift to talk about the complexities in Cloud Security, the role of GenAI and what can be items to consider for your 2024 Cloud Security Program. Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp Questions Asked: (00:00) Introduction (01:34) A bit about Alex (02:02) Current Cloud Security Landscape (04:43) The cloud security acronyms (08:44) Dealing with complex infrastructure (12:31) Impact of GenAI on Security (15:26) Do you have GenAi in Production? (16:55) We are all one team! (19:04) 2024 Security Program (20:39) Whats not being spoken about? (22:11) The fun section (26:00) Where you can connect with Alex! | |||
| 02 Jun 2023 | Will Application Security Eat Cloud Security for Lunch! | 00:27:24 | |
Cloud Security Podcast - Tanya Janca and Caroline Wong were on a panel with @AshishRajan at @RSAConference 2023. The Topic for the panel discussed what's the space of application security with cloud security or is it more they need to be separate camps. Episode YouTube Video - https://www.youtube.com/watch?v=WSIykXAy6Z4 Cloud Security Podcast Website - www.cloudsecuritypodcast.tv FREE CLOUD Security BOOTCAMP - www.cloudsecuritybootcamp.com Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Tanya Janca (@shehackspurple) Guest Twitter: Caroline Wong (@CarolineWMWong) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security News - Cloud Security BootCamp See you at the next episode! | |||
| 25 Nov 2022 | Story of a Cloud Architect & Blurry Lines of Control with AWS | 00:53:48 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Ashish Desai (Ashish Desai's Linkedin) about how much of the on-premise can work in Cloud, what the online world is saying versus the reality of what businesses are experiencing. --Announcing Cloud Security Villains Project-- We are always looking to find creative ways to educate folks in Cloud Security and the Cloud Security Villains is part of this education pieces. Cloud Security Villains are coming, you can learn how to defeat them in this YouTube Playlist link Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Ashish Desai (@ashishlogmaster) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: Spotify TimeStamp for Interview Questions (00:00) Intro | |||
| 05 Jan 2020 | Networking , recruiting and retaining female engineers, cyber security influencer, personal branding, mentoring for introvert men and women in cyber Security with Jane Frankland | 00:56:42 | |
In this episode, we sit with Jane Frankland, an award-winning entrepreneur, best-selling author and international speaker. Jane is a CISO advisor and has a diverse background, from being nominated as a Young British Designer after graduating to building my own global hacking firm and becoming a board advisor, awards judge, awards winner, LinkedInTop Voices and a top 20 cybersecurity global influencer. Jane has been a champion in enabling organisation to attract female talent in cybersecurity roles. Jane also is a huge advocate of mentoring women to get into a cyber security role. ShowNotes for the episode can be found on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan @janefrankland | |||
| 10 May 2020 | NIST CyberSecurity Metrics for the Board - Taylor Hersom | 00:57:18 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with @Taylor Hersom about
ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan | |||
| 28 May 2022 | Confidential Computing in Azure Explained | 00:43:12 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Steve Orrin (Steve's Linkedin) Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Steve Orrin (Steve's Linkedin) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: | |||
| 17 Jan 2021 | INFRASTRUCTURE AS CODE SECURITY | 00:50:21 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Matt Johnson, Developer Advocate Lead, Bridgecrew. In this episode, Matt & Ashish spoke about
ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai | |||
| 02 Feb 2020 | Just Eat UK security - cloud security across Scotland uk canada in a world of multi public cloud | 01:04:50 | |
In this episode we speak to Stu Hirst, Principal Cloud Security @Just Eat. Stu and Ashish speak about keeping up security in a world of multi cloud, the challenges of recruiting for cloud security, what should people who are starting today in cloud security focus on . ShowNotes for the episode can be found on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan @stuhirstinfosec | |||
| 19 Apr 2020 | CORONAVIRUS & CYBERSECURITY | ISOLATION LIFE | 00:10:19 | |
In this episode, we are covering a trending topic CORONAVIRUS OR COVID19 and how it is affecting businesses around me and my friends & colleagues. I also talk about my personal challenge with starting a new job in this COVID world with a remote team. I hope you are reaching out to your friends and family to check on them and staying indoors to keep the community safe too. You can reach me on ashish@kaizenteq.com Ashish's Website: www.ashishrajan.com Previous episodes videos are available on www.cloudsecuritypodcast.tv | |||
| 15 Sep 2021 | fwd:cloudsec conference this week, Vulnerabilities discovered in AWS - Cloud Security News | 00:03:19 | |
Cloud Security News this week - 15 September 2021
| |||
| 11 Nov 2023 | Threat Detection for not so Common Cloud Services | 00:34:44 | |
Threat detection is often limited to popular cloud services, so whats happening to all the "not so popular or commonly known" cloud services in your environment? We are speaking to Suresh Vasudevan, CEO of Sysdig about challenges typically companies find with this space and what should be the approach for threat detection. If you feel you are looking at threats from all cloud services you might want to hear this episode to know you actually are. You can find out more about Sysdig here! Find out more about Vanta here! Guest Socials: Suresh's Linkedin (@suvasudevan) Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Newsletter - Cloud Security BootCamp Questions asked: (00:00) Introduction (03:41) A bit about Suresh (05:14) How was threat detection done traditionally? (07:33) How does threat detection translate to cloud? (08:47) Uncommon services attack vector examples (11:00) Uncommon services explained (11:31) Problems with threat detection in cloud (16:53) How to approach prioritisation? (19:48) Bridging Cloud and Applications Resources discussed during the episode! | |||
| 24 May 2020 | What is a Connected Car | How to secure api in connected cars? - Virtual Coffee with Ashish - Alissa Knight | 01:03:12 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Alissa Knight, Car Hacker, Author, Cybersecurity Influencer and Entrepreneur
ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan @alissaknight | |||
| 01 Nov 2020 | HOW TO PREPARE FOR GDPR IN AZURE CLOUD ENVIRONMENT- Naomi Buckwalter | 00:46:17 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Naomi Buckwalter In this episode, Naomi & Ashish spoke about
ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai | |||
| 21 Nov 2021 | Breaking and Building Serverless Application Security | 00:52:12 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Andrew Krug (@andrewkrug) is a AWS Re:invent speaker and Cloud Security Evangelist at DataDog (@DataDogHQ). Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tvHost Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Andrew Krug (@andrewkrug) Podcast Twitter - Cloud Security Podcast (@CloudSecPod) If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our YouTube Channel: | |||
| 12 Jan 2020 | CLOUD SECURITY JOURNEY OF DOW JONES POST THE AWS CLOUD BREACH , WITH JAY KELATH, PRODUCT SECURITY | 00:48:06 | |
In this episode, we sit with Jay Kelath, Director for Product Security at Dow Jones. Jay & I spoke about the Dow Jones breach and how things changed from top down in Dow Jones for the better. We spoke about security lost trust of engineering by trusting security vendors and then How security won the trust of engineering back. The teams together were able to build lot of devops friendly security tools which was open sourced for others to reap benefits from it too. ShowNotes for the episode can be found on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan @kelath | |||
| 21 Sep 2023 | Software Supply Chain Controls for Terraform | 00:40:12 | |
Understanding Software Supply Chain security threats for Terraform which has been the default for Infrastructure as Code is important. in this episode Mike Ruth is sharing his experience of working on securing Terraform Cloud/Terraform Enterprise - no open source was harmed in the making of this episode. Episode YouTube: Video Link Host Twitter: Ashish Rajan (@hashishrajan) Guest Socials: Mike's Linkedin (Mike Ruth) Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Newsletter - Cloud Security BootCamp Spotify TimeStamp for Interview Question (00:00) Introduction (03:27) A bit about Mike Ruth (04:01) What is Terraform? (05:38) Terraform in the context of supply chain (07:24) Flavors of Terraform (09:07) Deploying Terraform (12:25) Terraform Architecture (14:48) Research findings that Mike and Oca made (25:52) Securing Terraform Architecture (28:13) Policy Enforcement (29:13) What is a Module? (30:15) Security best practices for Terraform Deployment (31:53) Learning about Terraform security (34:44) Maturity for Terraform (37:45) The Fun Questions Mike spoke about Terraform Cloud Security Model during the interview. See you at the next episode! | |||
| 13 Feb 2022 | Red Team in Google Cloud | 00:51:16 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Brad Richardson (@Richarjb) Red Team and Vulnerability Management Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Brad Richardson (@Richarjb) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: | |||
| 08 Mar 2020 | CCPA COMPLIANCE | CALIFORNIA CONSUMER PRIVACY ACT | DATA GOVERNANCE BEST PRACTICES - TAYLOR HERSOM, VCISO, AUSTIN,TEXAS | 00:35:39 | |
In this episode, we sit with Taylor Hersom, vCISO, Austin,Texas. Taylor & Ashish spoke about
More info and show notes on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan @taylorhersom | |||
| 01 Sep 2021 | Is your Microsoft Azure Cosmos Database Keys Secure? - Cloud Security News | 00:02:12 | |
Cloud Security News this week - 1 Sep, 2021
Follow us on @CloudSecPod You may also like Cloud Security Podcast | |||
| 25 Jul 2021 | WHAT IS CYBER RESILIENCY IN CLOUD? | 00:38:37 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Chris Hughes (Linkedin - Chris Hughes) & Dr. Nikki Robinson (Linkedin @dr-nikki-robinson) are the host of Resilient Cyber Podcast (@Resilient Cyber Podcast). Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Cloud Security Academy: www.cloudsecuritypodcast.tv/cloud-security-academy Host Twitter: @hashishrajan Guest Linkedin: Chris Hughes (Linkedin - Chris Hughes) & Dr. Nikki Robinson (Linkedin @dr-nikki-robinson) Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our YouTube Channel: - Cloud Security Podcast: https://www.youtube.com/c/cloudsecuritypodcast?sub_confirmation=1 | |||
| 31 May 2024 | Cloud Native Security Strategies for 2024 | 00:31:00 | |
Is having a CSPM enough for Cloud Security? At RSA Conference 2024, Ashish sat down with returning guest Jimmy Mesta, Co-Founder and CTO of RAD Security, to talk about the complexities of Kubernetes security and why sometimes traditional Cloud Security Posture Management (CSPM) falls short in a Kubernetes-centric world. We speak about the significance of behavioural baselining, the limitations of signature-based detection, the role of tools like eBPF in enhancing real-time security measures and the importance of proactive security measures and the need for a paradigm shift from reactive alert-based systems to a more silent and efficient operational model. Guest Socials: Jimmy's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security BootCamp Questions asked: (00:00) Introduction (03:12) A bit about Jimmy Mesta (03:48) What is Cloud Native Security? (05:15) How is Cloud Native different to traditional approach? (07:37) What is eBPF? (09:12) Why should we care about eBPF? (11:51) Separating the signal from the noise (13:48) Challenges on moving to Cloud Native (15:58) Proactive Security in 2024 (17:02) Whose monitoring Cloud Native alerts? (23:10) Getting visibility into the complexities of Kubernetes (24:24) Skillsets and Resources for Kubernetes Security (27:54) The Fun Section Resources spoke about the during the interview: | |||
| 06 Nov 2022 | Ransomware attacks in AWS | 00:37:54 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Nandesh Guru (Nandesh's Linkedin) about ransomware and supply chain attack mechanisms in AWS and how the world of CSPM have evolved to address the increasing complexities of cloud security Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Nandesh Guru (Nandesh's Linkedin) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: Spotify TimeStamp for Interview Questions (00:00) Ashish's Intro to the Episode (02:09) https://snyk.io/csp (03:11 )A bit about Nandesh (05:01) 4 Components of Supply Chain Risks (06:47)Example of AWS Supply Chain Attack (10:08) Evaluating code scanning tools (12:30) What is ransomware? (13:06) Ransomware in AWS (14:55) Attacks on encryption in AWS (19:27) What is a CSPM? (20:46) The role of CSPM and CNAPP in supply chain attacks (22:56) Is CIS Benchmark still a good starting point? (26:38) The evolution of CSPMs (29:47) Complexity of Cloud Security (32:59)Where can you learn more about supply chain risks? (33:50) Fun Questions | |||
| 08 Dec 2021 | AWS Outage - What is impacted? | 00:03:50 | |
Cloud Security News this week 8 December 2021
Episode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: | |||
| 28 Feb 2025 | Realities of Cloud Networking in AWS | 00:53:05 | |
AWS networking isn’t as simple as it seems and when you’re dealing with regulated industries like healthcare, the stakes are even higher. In this episode we sit down with Kyler Middleton and Jack W. Harter from Veradigm — who have navigated complex AWS networking challenges while migrating from on-prem data centers to the cloud. We speak about:
Guest Socials: Kyler's Linkedin + Jack's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) Introduction (01:55) A bit about Kyler and Jack (03:18) Security Challenges in Medical Industry (06:01) Where to start when migrating from data centres to AWS? (07:42) Networking Challenges for Regulated Industries (11:26) Networking in On-Prem vs Cloud (19:24) Security by Design considerations (29:31) The Terraform pieces (34:34) Network Firewall in Cloud (39:46) Lessons learnt from the project (46:21) The Fun Section Resources: Let's Do DevOps - Kyler's Website | |||
| 04 Feb 2025 | Cloud Security Detection & Response Strategies That Actually Work | 00:57:58 | |
We spoke to Will Bengtson (VP of Security Operations at HashiCorp) bout the realities of cloud incident response and detection. From root credentials to event-based threats, this conversation dives deep into:
Guest Socials: Will's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security BootCamp If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) Introduction (00:38) A bit about Will Bengtson (05:41) Is there more awareness of Incident Response in Cloud (07:05) Native Solutions for Incident Response in Cloud (08:40) Incident Response and Threat Detection in the Cloud (11:53) Getting started with Incident Response in Cloud (20:45) Maturity in Incident Response in Cloud (24:38) When to start doing Threat Hunting? (27:44) Threat hunting and detection in MultiCloud (31:09) Will talk about his BlackHat training with Rich Mogull (39:19) Secret Detection for Detection Capability (43:13) Building a career in Cloud Detection and Response (51:27) The Fun Section | |||
| 09 Apr 2024 | CISO's guide to embracing risk in business | 00:48:59 | |
What is it like to build a successful business based on risk? In this episode Ashish spoke to Fredrick Lee, CISO at Reddit. FLee shared his deep insights into the essential role of risk in driving business success and innovation. With a career that spans across notable tech giants like Square (now Block), Twilio, and Gusto, Lee brings a wealth of experience in both hardware and software security landscapes. Without embracing risk, businesses risk stagnation in a world where competitors are always ready to innovate. From discussing the cost-effective strategies in cybersecurity to exploring the formation and goals of Reddit's S.P.A.C.E team (Security, Privacy, Automation, Compliance, and Engineering), this episode gets into the challenges and opportunities presented by the modern tech environment Guest Socials: Fredrick Lee's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp Questions asked: (00:00) Introduction (04:42) A bit about Fredrick Lee (07:42) How cloud changed cybersecurity? (11:37) Threat Landscape in Software vs Hardware (15:12) Threat Landscape in B2B vs B2C (17:27) Navigating the First Steps as a New Company's CISO (20:26) The role of compliance in Cybersecurity (24:12) The role of privacy in Cybersecurity (26:11) The role of AI in cybersecurity (30:36) A bit about AI Cybersecurity Podcast (31:09) What it means to be a CISO? (34:34) Building CISO Roadmaps: Balancing Short-Term and Long-Term Goals (36:49) Where to start with CISO Roadmap? (39:02) What keeps Fredrick motivated about his CISO role? (40:36) Whats next for current CISOs? (42:50) The Fun Questions | |||
| 03 May 2023 | Kubernetes Cluster Security Audit Explained | 00:41:28 | |
Cloud Security Podcast - we are continuing with our "Kubernetes Security & KubeCon EU 2023" and for the fourth episode in this series Shane Lawrence and Daniele Santos from Shopify explained how kube-audit an open source tool from Shopify. They spoke about how they have used the audit tool to improve security with a developer security lens. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv FREE CLOUD BOOTCAMPs on www.cloudsecuritybootcamp.com Host Twitter: Ashish Rajan (@hashishrajan) Guest Socials: Shane Lawrence (Shane's Linkedin) and Daniele Santos (Dani's Linkedin) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security News - Cloud Security BootCamp Spotify TimeStamp for Interview Questions (00:00) Introduction (02:52) A bit about Shane (03:45) A bit about Dani (04:23) Which kubecons have Shane and Dani attended? (05:03) A bit about Dani and Shane's talk at Kubecon EU (06:42) Misconfigurations in Kubernetes (09:48) Dani talks about the Kubernetes Security Report (10:13) Use case for Kubernetes Misconfiguration (11:45) What is Azure Escape? (12:51) What is container escape? (15:26) What is kubeaudit? (15:49) Contributing to kubeaudit (16:40) The maturity of kubeaudit (19:04) How would kubeaudit help with an azure escape? (19:41) The developer experience (21:34) How shopify uses kubeaudit (24:59) Getting started with kubeaudit (25:53) Challenges with implementing kubeaudit (27:19) Maturity of kubernetes security and kubecon (30:02) Learning about kubernetes (34:07) Areas of security not being spoken about enough (36:16) Open Source and Software supply chain risks See you at the next episode! | |||
| 12 Nov 2024 | Dynamic Permission Boundaries: A New Approach to Cloud Security | 00:46:05 | |
In this episode, Ashish spoke with Kushagra Sharma, Staff Cloud Security Engineer, to delve into the complexities of managing Identity Access Management (IAM) at scale. Drawing on his experiences from Booking.com and other high-scale environments, Kushagra shares insights into scaling IAM across thousands of AWS accounts, creating secure and developer-friendly permission boundaries, and navigating the blurred lines of the shared responsibility model. They discuss why traditional IAM models often fail at scale and the necessity of implementing dynamic permission boundaries, baseline strategies, and Terraform-based solutions to keep up with ever-evolving cloud services. Kushagra also explains how to approach IAM in multi-cloud setups, the challenges of securing managed services, and the importance of finding a balance between security enforcement and developer autonomy. Guest Socials: Kushagra's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security BootCamp Questions asked: (00:00) Introduction (02:31) A bit about Kushagra (03:29) How large can the scale of AWS accounts be? (03:49) IAM Challenges at scale (06:50) What is a permission boundary? (07:53) Permission Boundary at Scale (13:07) Creating dynamic permission boundaries (18:34) Cultural challenges of building dev friendly security (23:05) How has the shared responsibility model changed? (25:22) Different levels of customer shared responsibility (29:28) Shared Responsibility for MultiCloud (34:05) Making service enablement work at scale (43:07) The Fun Section | |||
| 29 Sep 2021 | Cloud Security ranks in 2021 OWASP Top 10 - Cloud Security News | 00:03:53 | |
Cloud Security News this week - 29 September 2021
Episode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: | |||
| 07 Feb 2021 | Cloud Security in $25 Billion dollar Company - Siemens USA | 00:54:52 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Kurt John, Chief CyberSecurity Officer CISO at Siemens USA
In this episode, Kurt & Ashish spoke about
ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai | |||
| 12 Jan 2022 | UK Financial Regulators monitoring Cloud Providers Closely | 00:04:25 | |
Cloud Security News this week 12 Jan 2022
Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: | |||
| 08 Oct 2024 | Cloud Identity Lifecycle Management Explained! | 00:33:03 | |
In this episode Ashish Rajan sits down with Shashwat Sehgal, co-founder and CEO of P0 Security, to talk about the complexities of cloud identity lifecycle management. Shashwat spoke to us about why traditional identity solutions like SAML are no longer sufficient in today’s cloud environments. He discusses the need for organisations to adopt a more holistic approach to secure access across cloud infrastructures, addressing everything from managing IAM roles to gaining complete visibility and inventory of all cloud identities. This episode goes into the growing challenges around managing human and non-human identities, and the importance of shifting from legacy solutions to cloud-native governance. Guest Socials: Shashwat's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security BootCamp Questions asked: (00:00) Introduction (01:47) A bit about Shashwat (02:20) What is Identity Lifecycle Management? (04:55) What is IGA and PAM? (10:10) Complexity of Identity Management (13:12) What are non human identities? (15:56) Maturity Levels for Cloud Identity Lifecycle Management (19:03) The role of SAML in Identity Management (20:07) Identity Management of Third parties and SaaS Providers (21:28) Who’s responsible for identity management in Cloud? (23:28) Changing landscape of identity management (27:46) Native Solutions for identity management (30:03) Fun Questions | |||
| 10 Nov 2021 | Microsoft releases CSPM for AWS & More Linux Security Support on Azure | 00:03:59 | |
Cloud Security News this week 10 November 2021
Episode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: | |||
| 10 Oct 2022 | KUBERNETES BEST PRACTICES 2022 | 00:50:37 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Jimmy Mesta (Jimmy's Twitter) about OWASP Kubernetes Top 10 and best practices for securing Kubernetes Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Jimmy Mesta (Jimmy's Twitter) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: Spotify TimeStamp for Interview Questions (00:00) Ashish's Intro to the Episode (01:39) https://snyk.io/csp (03:55) What is Kubernetes? | |||
| 22 Oct 2024 | Navigating NIST CSF 2.0: Guide to Frameworks and Governance | 00:36:29 | |
In this episode, we sat down with Lukasz Gogolkiewicz, an Australia-based Cybersecurity Leader and former pentester, to explore his journey from offensive security into cybersecurity leadership. Lukasz, also a speaker coach at BlackHat USA, brings valuable insights into what it takes to shift from being technical to managing compliance, governance, and broader security programs in industries like retail and advertising. Throughout the conversation, we dive into the specific challenges of transitioning from a purely cloud-based tech company to a bricks-and-mortar retail operation, highlighting how the threat models differ dramatically between these environments. Lukasz shares his unique perspective on cybersecurity frameworks like NIST CSF 2.0, essential for building resilient programs, and offers practical advice for selecting the right framework based on your organization's needs. Guest Socials: Lukasz's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security BootCamp Questions asked: (00:00) Introduction (03:00) A bit about Lukasz (04:32) Security Challenges for Tech First advertising company (05:16) Security Challenges for Retail Industry (06:00) Difference between the two industries (07:01) Best way to build Cybersecurity Program (09:44) NIST CSF 2.0 (13:02) Why go with a framework? (16:26) Which framework to start with for your cybersecurity program? (18:33) Technical CISO vs Non Technical CISO (25:37) The Fun Section Resources spoken about during the interview: Mapping between the frameworks https://www.cisecurity.org/insights/white-papers/cis-controls-v8-mapping-to-nist-csf-2-0 https://www.cisecurity.org/insights/white-papers/cis-controls-v8-mapping-to-asds-essential-eight | |||
| 14 Mar 2021 | WHAT IS INFRASTRUCTURE AS CODE SECURITY? - Barak Schoster | 00:38:57 | |
In this episode of the Virtual Coffee with Ashish edition, we spoke with Barak Schoster Goihman (@barakschoster) is the Co-Founder and CTO of Bridgecrew (@Bridgecrewio).
In this episode, Barak & Ashish spoke about
ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Youtube Channel: https://lnkd.in/gUHqSai | |||
| 30 Jan 2023 | AWS Cloud Penetration Testing Explained with Example | 00:53:20 | |
Cloud Security Podcast - This month we are talking about "Breaking the AWS Cloud" and next up on this series, we spoke to Seth Art (Seth's Linkedin) Cloud Penetration Testing Lead (Principal) at Bishop Fox. AWS cloud project to pentest AWS cloud architecture are not spoken about much - this stops today. We have Seth who works in the Cloud Penetration testing space to talk about open source tools and what Cloud pentesting is all about. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Seth Art (Seth's Linkedin) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: Spotify TimeStamp for Interview Questions (00:00) Introduction (04:24) A bit about Seth (06:10) Web App Pentesting vs Cloud Pentesting (08:11) Working with scale of multiple AWS accounts (10:20) What can you expect to find with Cloud Pentesting? (12:14) Foundational pieces about approaching pentesting in Cloud (15:19) How to start a Cloud Pentest? (18:25) The importance of IAM (23:43) Common services in AWS to look at (25:58) Mistakes people make for scoping (29:18) The role of shared responsibility in Cloud Pentesting (32:38) Boundaries for AWS pentesting (35:13) Nmap between 2 EC2 instances (36:37) How do you explain the findings? (40:26) Skillsets required to transition to Cloud Pentesting (45:41) Transitioning from Kubernetes to Cloud Pentesting (48:55) Resources for learning about Cloud Pentesting. (49:47) The Fun Section See you at the next episode! | |||