Cloud Security Podcast

Cloud Security Detection & Response Strategies That Actually Work

Feb 4, 2025

Will Bengtson, VP of Security Operations at HashiCorp, dives into the complexities of cloud security. He explains how cloud incident response differs from on-prem solutions and reveals how quickly attackers exploit APIs. Will shares insights on building effective detection programs while highlighting detection blind spots in AWS and Azure. He also discusses the importance of collaboration in threat hunting and the evolving challenges in managing cloud security. Along the way, he reflects on personal growth and culinary favorites, adding a delightful twist to the conversation.

57:58

Creator website

Episode guests

Will Bengtson

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Cloud security necessitates a distinct incident response strategy compared to on-premise methods due to the unique challenges of cloud environments.

APIs, while crucial for cloud operations, can be exploited by attackers in mere seconds if not properly secured and managed.

Ongoing training and adaptive detection strategies are essential for security teams to keep pace with evolving threats in multi-cloud infrastructures.

Deep dives

The Significance and Risks of Cloud APIs

The discussion highlights the dual nature of APIs in cloud environments, noting their vital role in enabling success while also presenting significant risks. Skilled threat actors can exploit APIs to cause extensive damage, especially if they gain access to privileged credentials. This underscores the importance of secure API management and robust authentication practices in cloud security. The speaker emphasizes that understanding how to wield the power of APIs responsibly is crucial for organizations to avoid potential calamities.

Intro

2min

Evolving Incident Response in Cloud Security

19min

Scaling Cloud Security: From Basics to Advanced Detection Strategies

5min

Navigating Cloud Security Threat Hunting

14min

Navigating Cloud Security Challenges

12min

Life Beyond Threat Detection

4min

Personal Reflections and Culinary Favorites

3min

We spoke to Will Bengtson (VP of Security Operations at HashiCorp) bout the realities of cloud incident response and detection. From root credentials to event-based threats, this conversation dives deep into:

Why cloud security is NOT like on-prem – and how that affects incident response
How attackers exploit APIs in seconds (yes, seconds—not hours!)
The secret to building a cloud detection program that actually works
The biggest detection blind spots in AWS, Azure, and multi-cloud environments
What most SOC teams get WRONG about cloud security

Guest Socials: ⁠⁠⁠⁠⁠⁠⁠Will's Linkedin

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠

If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠ AI Cybersecurity Podcast

Questions asked:

(00:00) Introduction

(00:38) A bit about Will Bengtson

(05:41) Is there more awareness of Incident Response in Cloud

(07:05) Native Solutions for Incident Response in Cloud

(08:40) Incident Response and Threat Detection in the Cloud

(11:53) Getting started with Incident Response in Cloud

(20:45) Maturity in Incident Response in Cloud

(24:38) When to start doing Threat Hunting?

(27:44) Threat hunting and detection in MultiCloud

(31:09) Will talk about his BlackHat training with Rich Mogull

(39:19) Secret Detection for Detection Capability

(43:13) Building a career in Cloud Detection and Response

(51:27) The Fun Section

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Cloud Security Podcast

Cloud Security Detection & Response Strategies That Actually Work

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The Significance and Risks of Cloud APIs

Evolution of Incident Response in Cloud Security

Driving Incident Response Training and Awareness

Importance of Building Detection Capabilities

Navigating the Evolving Cloud Security Landscape

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Cloud Security Podcast

Cloud Security Detection & Response Strategies That Actually Work

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The Significance and Risks of Cloud APIs

Evolution of Incident Response in Cloud Security

Driving Incident Response Training and Awareness

Importance of Building Detection Capabilities

Navigating the Evolving Cloud Security Landscape

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights