Screaming in the Cloud

Ryan Nolette, a Senior Security Engineer at AWS Outreach with almost two decades in info security, shares insights on vulnerability disclosure. He discusses AWS's commitment to communication with security researchers and the importance of responsible disclosure methods. Ryan highlights the nuances between vulnerability and bug bounty programs, advocating for transparency in security practices. He emphasizes the need for collaboration to tackle security flaws and speaks about the balance between encouraging researchers and managing opportunistic behaviors in the field.

Forrest Brazeal, a cloud educator, cartoonist, and author, shares insights on his journey from leading content at Google Cloud to his current role at Freeman & Forrest. He discusses the importance of community in the cloud space and highlights projects like The Cloud Resume Challenge, designed to help others succeed. Forrest also provides a humorous take on the job interview process, advocating for more authentic assessments. Tune in for his creative approach to combining technical excellence with community engagement!

Miles Ward, CTO of SADA, shares insights from his rich experience at Google Cloud and AWS. He discusses the recent acquisition by Insight, enabling SADA to tackle complex projects like multi-cloud migrations. The conversation dives into AI's evolving role in business, the difficulties of managing its costs, and the distinctions between cloud-to-cloud versus data center migrations. They also touch on the quirks of domain registrars and lament the slow demise of popular Amazon services.

Seth Eliot, Principal Resilience Architect at Arpio and former AWS Global Reliability Lead, shares his expertise in cloud resilience. He explains how Multi-AZ configurations can meet most needs, reserving multi-region setups for specific risks. Seth emphasizes the delicate balance between cost and resilience, cautioning against check-box mentality in disaster recovery. He also discusses common pitfalls in resilience testing and warns about the risks of poorly designed multi-cloud setups, highlighting the importance of real-world complexities in disaster planning.

On this Screaming in the Cloud replay, we’re looking back to our conversation with Cassidy Williams, a Senior Director of Developer Advocacy at GitHub and the co-founder and chief product officer of Cosynd, Inc. Prior to these positions, she worked as the principal developer experience engineer at Netlify, an instructor and senior engineer at React Training, director of outreach at cKeys, a senior software engineer at CodePen, head of developer voice programs at Amazon, and a software engineer at Venmo, among other positions. Join Corey and Cassidy as they reflect on what Netlify is and what a developer experience engineer does, how JavaScript started off as a toy language and why everything that can be built with JavaScript will be moving forward, the benefits of using low-code development tools, how discovering TikTok helped Cassidy drum up a major following on social media, how Cassidy's humor is never directed at people or organizations and why that's the case, the differences between recording a podcast and live streaming on Twitch from the speaker's point of view, and more.Show Highlights(0:00) Intro(0:22) Backblaze sponsor read(0:49) What is Netlify and its role of a principal developer experience engineer(2:50) Is JavaScript the future?(7:46) Using low-code tools for web development(12:12) Having a goofy internet presence in a serious field(17:23) Social platforms as a means to teach(24:50) Twitch streaming and its inherent challenges(28:16) Cassidy’s online coursework and how she answers, “So, what do you do?”(32:12) Unique ways of tracking Twitter followers(37:15) Where you can find more from CassidyAbout Cassidy WilliamsCassidy is a Senior Director of Developer Advocacy at GitHub. She's worked for several other places, including Netlify, CodePen, Amazon, and Venmo, and she's had the honor of working with various non-profits, including cKeys and Hacker Fund as their Director of Outreach. She's active in the developer community, and was one of Glamour Magazine's 35 Women Under 35 Changing the Tech Industry and LinkedIn's Top Professionals 35 & Under. As an avid speaker, Cassidy has participated in several events including the Grace Hopper Celebration for Women in Computing, TEDx, the United Nations, and dozens of other technical events. She wants to inspire generations of STEM students to be the best they can be, and her favorite quote is from Helen Keller: "One can never consent to creep when one feels an impulse to soar." She loves mechanical keyboards and karaoke.LinksTikTok: https://www.tiktok.com/@cassidooNewsletter: https://cassidoo.co/newsletter/Scrimba: https://scrimba.com/teachers/cassidooUdemy: https://www.udemy.com/user/cassidywilliams/Skillshare: https://www.skillshare.com/user/cassidooO’Reilly: https://www.oreilly.com/pub/au/6339Personal website: https://cassidoo.coTwitter: https://twitter.com/cassidooGitHub: https://github.com/cassidooCodePen: https://codepen.io/cassidoo/LinkedIn: https://www.linkedin.com/in/cassidooOriginal Episodehttps://www.lastweekinaws.com/podcast/screaming-in-the-cloud/memes-streams-software-with-cassidy-williams/SponsorBackblaze: https://www.backblaze.com/ 

On this Screaming in the Cloud Replay, we’re revisiting our conversation with Stephanie Wong. When she first sat down with Corey, she was the Head of Developer Engagement at Google, but today, she serves as the company’s Head of Technical Storytelling. While Stephanie is certainly a key player at such a massive company, her passion lies in her own advocacy for women in tech as well as making tech more approachable to larger audiences. Stephanie is not one to put her job title first. Her bio covers the spread from dancer, to hip-hop medalist, to podcast host. Stephanie gives us the birds eye view on her own non-traditional and interdisciplinary path that led to her work both in and outside of Google. Stephanie’s focus on producing content that reaches across a wide spectrum of participants is crucial to how she has broken the mold on what tech can do, and her lessons are ones we can all learn from.Show Highlights:(0:00) Intro(1:06) Backblaze sponsor read(1:32) Explaining the Head of Developer Engagement(2:13) Stephanie’s background and authenticity in tech(7:11) Approaching developer relations from a non-”traditional” tech background(11:04) Building a personal and company online presence(14:41) Corey’s perceived contradictions with Google Cloud(22:29) Through engaging your audience through media and storytelling(27:23) Helping find the next generation of tech talent(29:23) The cloud and the inflection of tech(38:51) Where you can find more from StephanieAbout Stephanie Wong:Stephanie Wong is an award-winning speaker, engineer, pageant queen, and hip hop medalist. She is a leader at Google with a mission to blend storytelling and technology to create remarkable developer content. At Google, she's created 100s of videos, blogs, courses, and podcasts that have helped developers globally. Stephanie is active in her community, fiercely supporting women in tech and mentoring students.Links:Personal Website: https://stephrwong.comTwitter: https://twitter.com/stephr_wongOriginal Episodehttps://www.lastweekinaws.com/podcast/screaming-in-the-cloud/breaking-the-tech-mold-with-stephanie-wong/SponsorBackblaze: https://www.backblaze.com/ 

Eric Pullen, a cloud economist at Duckbill Group with extensive AWS experience, dives into the evolution of tech careers in a cloud-first world. He shares insights on the unlikely trend of cloud repatriation, emphasizing the efficiency of cloud solutions. The discussion highlights the importance of aligning cloud spending with business value, cloud cost optimization, and the challenges that arise from AWS service deprecation. Pullen also touches on balancing performance with cost and the critical role of effective communication in large enterprise environments.

In this Replay of Screaming in the Cloud, we revisit our inspiring conversation with Jackie Singh. At the time, she had recently served as a senior cybersecurity staffer at the Biden campaign. But her venerated career is considerably more than that alone. Jackie’s time spent in the Army, at the DoD, and eventually at work in the commercial world allows her to bring an adroit sensibility to her work and to this episode. Jackie goes into detail on her time spent at the Biden campaign and the intricacies of working in such highly politicized, and short term, environment. The cyber security threats she faced there were paramount, to downplay it, and have given Jackie a rich and constantly developing perspective on security. That in combination with her career has helped her develop a perspective that she has kindly discussed in detail during this episode! Tune in for the whole story.Show Highlights(0:00) Intro(1:16) Backblaze sponsor read(1:42) Working for the 2020 Biden Campaign(4:45) The high-stakes world of political information security(10:08) Breaking down Jackie’s impressive resume(12:38) Being the target of a far-right tabloid hit piece(16:24) Contemporary politics, bad faith discourse, and its role in tech(23:34) Common Fate sponsor read(24:03) The ethics of reporting InfoSec vulnerabilities(31:13) Explaining “threat modeling”(36:49) Where you can find more from JackieAbout Jackie SinghJackie Singh is an Information Security professional with more than 20 years of hacking experience, beginning in her preteen. She began her career in the US Army, and deployed to Iraq in 2003. Jackie subsequently spent several years in Iraq in cleared roles for the Department of Defense.She is now an independent consultant. Her passion extends to evangelizing best practices, writing and research for her blog, tweeting informative content, speaking at conferences, contributing to podcasts, and collaborating with fellow journalists and security professionals.Links:Disclose.io: https://disclose.ioTwitter: https://twitter.com/hackingbutlegalOriginal Episode:https://www.lastweekinaws.com/podcast/screaming-in-the-cloud/security-challenges-and-working-for-president-biden-with-jackie-singh/SponsorsBackblaze: https://www.backblaze.com/Common Fate: http://commonfate.io/

Xe Iaso returns to Screaming in the Cloud, and it’s been quite an interesting few months for them. They’re now the CEO of Techaro and are back for a discussion that spans career trials, the peculiarities of AI, and the intricacies of video production. Xe shares candid insights about being laid off multiple times and how it paradoxically led to career growth (and the tricks to resume-building). Xe also highlights the nuanced world of video editing and they’re learning tools like DaVinci Resolve.Show Highlights:(00:00) Intro(00:50) Backblaze sponsor read(0:52) Xe’s transparency with their layoffs over the past couple of years(04:39) What Xe has been up to with their coding lately (05:05) Xe’s method of addressing AI models’ Strawberry Problem(10:44) Xe’s use of prompt injection attacks in their resume(13:23) Why Xe has been embracing independent contracting(15:20) How Xe has been working with video(18:10) Common Fate sponsor read(19:56) The shifting nature of content creation and the need for practice(24:23) The importance of having audio backups for presentations(26:17) What Xe is building toward as a contractor(28:50) Where you can find more from XeAbout Xe IasoXe Iaso is a top voice on cloud computing, developer marketing, and shitposting. They focus on making computers easier to understand and entertaining people in the process. They also use satire as a way to cope with the surreal madness that is the technology industry these days.LinksXe’s blog: https://xeiaso.net/ Friend pendant ad: https://www.youtube.com/watch?v=O_Q1hoEhfk4SponsorsBackblaze: https://www.backblaze.com/Common Fate: https://www.commonfate.io/ 

Do we have your permission to share this episode of Screaming in the Cloud with you? Sonrai CTO and Co-Founder Sandy Bird is back on the show to help Corey break down the woes that come with granting permissions in the world of cloud security. As they catch up, the pair touch base on how automation can create major headaches, what goes into navigating the minefield of granting permissions, and if the future of adoption patterns is as grim as Corey predicts. Sandy also answers one of Corey’s long-time questions: how do you pronounce “Sonrai?” Who knows? Maybe Corey will finally learn how to say it properly...Show Highlights:(0:00) Intro(0:30) Breaking down Sonrai’s name(1:45) Sonrai sponsor read(2:25) Getting alerts vs. fixing the root of the problem(4:50) The problems with granting permissions(7:34) The dangers of automating permissions(10:10) "Where do I make this change, and how do I enforce it?" (13:46) The security concerns that come with tagging automation(16:12) Sonrai sponsor read(16:53)  Properly deploying permissions access(21:16) Woes of running reporting in the middle of the night(23:21) Are adoption patterns getting worse?(29:01) Where you can find more from Sonrai SecurityAbout Sandy BirdSandy Bird is the co-founder and CTO of Sonrai Security, helping enterprises protect their data by securing cloud identities and access. Sandy was the co-founder and CTO of Q1 Labs, which was acquired by IBM in 2011. At IBM, Sandy became the CTO for the global security business and worked closely with research, development, marketing and sales to develop new and innovative solutions to help the IBM Security business grow to ~$2B in annual revenue. He is a trusted and experienced cloud security expert., Sandy Bird is the co-founder and CTO of Sonrai Security, helping enterprises protect their data by securing cloud identities and access. Sandy was the co-founder and CTO of Q1 Labs, which was acquired by IBM in 2011. At IBM, Sandy became the CTO for the global security business and worked closely with research, development, marketing and sales to develop new and innovative solutions to help the IBM Security business grow to ~$2B in annual revenue. He is a trusted and experienced cloud security expert.LinksSonrai Security: https://sonraisecurity.com/Sonrai Security free trial: https://sonraisecurity.com/trial/Sonrai Security demos: https://sonraisecurity.com/demo/Sonrai Security learning resources: https://sonraisecurity.com/resource-library/Sonrai Security blog: https://sonraisecurity.com/blog/Sonrai Security ACCESS Virtual Summit: sonrai.co/access-on-demandSponsorSonrai Security: https://sonraisecurity.com/