
Cloud Security Podcast by Google
Cloud Security Podcast by Google focuses on security in the cloud, delivering security from the cloud, and all things at the intersection of security and cloud. Of course, we will also cover what we are doing in Google Cloud to help keep our users' data safe and workloads secure.
We’re going to do our best to avoid security theater, and cut to the heart of real security questions and issues. Expect us to question threat models and ask if something is done for the data subject’s benefit or just for organizational benefit.
We hope you’ll join us if you’re interested in where technology overlaps with process and bumps up against organizational design. We’re hoping to attract listeners who are happy to hear conventional wisdom questioned, and who are curious about what lessons we can and can’t keep as the world moves from on-premises computing to cloud computing.
Latest episodes

Apr 23, 2025 • 30min
EP221 Special - Semi-Live from Google Cloud Next 2025: AI, Agents, Security ... Cloud?
The chaotic vibes of a live conference set the stage for insightful talks on AI’s growing role in security. Discussions unveiled the Model Armor initiative and the evolving integration of AI with cybersecurity. Surprising trends and marketing strategies caught attention, while a hopeful outlook emerged for transforming Security Operations Centers. The urgency for security professionals to adopt AI was emphasized, with a clear warning: adapt or risk falling behind in this fast-evolving landscape.

Apr 21, 2025 • 29min
EP220 Big Rewards for Cloud Security: Exploring the Google VRP
Guests: Michael Cote, Cloud VRP Lead, Google Cloud Aadarsh Karumathil, Security Engineer, Google Cloud Topics: Vulnerability response at cloud-scale sounds very hard! How do you triage vulnerability reports and make sure we’re addressing the right ones in the underlying cloud infrastructure? How do you determine how much to pay for each vulnerability? What is the largest reward we paid? What was it for? What products get the most submissions? Is this driven by the actual product security or by trends and fashions like AI? What are the most likely rejection reasons? What makes for a very good - and exceptional? - vulnerability report? We hear we pay more for “exceptional” reports, what does it mean? In college Tim had a roommate who would take us out drinking on his Google web app vulnerability rewards. Do we have something similar for people reporting vulnerabilities in our cloud infrastructure? Are people making real money off this? How do we actually uniquely identify vulnerabilities in the cloud? CVE does not work well, right? What are the expected risk reduction benefits from Cloud VRP? Resources: Cloud VRP site Cloud VPR launch blog CVR: The Mines of Kakadûm

Apr 14, 2025 • 32min
EP219 Beyond the Buzzwords: Decoding Cyber Risk and Threat Actors in Asia Pacific
Steve Ledzian, APAC CTO at Mandiant, dives into the evolving landscape of cybersecurity in the Asia Pacific region. He discusses how many boards still see cyber risks solely as technical issues, missing critical human factors. Steve tackles the confusing jargon plaguing the industry, emphasizing clear communication. He highlights unexpected benefits from the Google-Mandiant merger and shares insights on reducing dwell time in cyber incidents. Finally, he forecasts significant cybersecurity challenges ahead and what organizations should do now to prepare.

Apr 7, 2025 • 30min
EP218 IAM in the Cloud & AI Era: Navigating Evolution, Challenges, and the Rise of ITDR/ISPM
Henrique Teixeira, Senior VP of Strategy at Saviynt and former Gartner analyst, dives into the evolution of Identity and Access Management (IAM) amidst cloud and AI advancements. He addresses the challenges and opportunities these shifts create, particularly with ITDR (Identity Threat Detection and Response) and ISPM (Identity Security Posture Management). The discussion explores the unique security needs of machine identities versus human identities, as well as tips for creating memorable tech acronyms, blending humor with valuable insights on identity management.

Mar 31, 2025 • 23min
EP217 Red Teaming AI: Uncovering Surprises, Facing New Threats, and the Same Old Mistakes?
In a fascinating discussion, Alex Polyakov, CEO of Adversa AI and expert in AI red teaming, dives into the vulnerabilities plaguing AI systems. He recounts a memorable red teaming exercise that unveiled surprising flaws. Polyakov highlights emerging threats like linguistic-based attacks and emphasizes how classic security mistakes resurface in AI. He critiques the industry's misconceptions about AI security and prompts organizations to rethink their cyber frameworks. Furthermore, he discusses the irony of using AI to safeguard AI, raising essential questions about the future of technology.

14 snips
Mar 24, 2025 • 32min
EP216 Ephemeral Clouds, Lasting Security: CIRA, CDR, and the Future of Cloud Investigations
In this enlightening discussion, James Campbell, CEO of Cado Security, and Chris Doman, CTO, dive into the evolving landscape of cloud security. They clarify the differences between Cloud Detection and Response (CDR) and Cloud Investigation and Response Automation (CIRA), highlighting the critical role automation plays in enhancing security. The conversation explores the challenges of ephemeral cloud infrastructure and its impact on compliance. Listeners will gain insights into how modern SIEM/SOAR systems can integrate with CIRA for better cloud security strategies.

9 snips
Mar 17, 2025 • 26min
EP215 Threat Modeling at Google: From Basics to AI-powered Magic
Meador Inge, a security engineer at Google, dives into the intricacies of threat modeling, detailing its essential steps and applications in complex systems. He explains how Google continuously updates its threat models and operationalizes the information to enhance security. The conversation explores the challenges faced in scaling threat modeling practices and how AI, particularly large language models like Gemini, is reshaping the landscape. With a humorous twist, Inge shares insights into unexpected threats and effective strategies for organizations starting their threat modeling journey.

Mar 10, 2025 • 29min
EP214 Reconciling the Impossible: Engineering Cloud Systems for Diverging Regulations
Guest: Archana Ramamoorthy, Senior Director of Product Management, Google Cloud Topics: You are responsible for building systems that need to comply with laws that are often mutually contradictory. It seems technically impossible to do, how do you do this? Google is not alone in being a global company with local customers and local requirements. How are we building systems that provide local compliance with global consistency in their use for customers who are similar in scale to us? Originally, Google had global systems synchronized around the entire planet–planet scale supercompute–with atomic clocks. How did we get to regionalized approach from there? Engineering takes a long time. How do we bring enough agility to product definition and engineering design to give our users robust foundations in our systems that also let us keep up with changing and diverging regulatory goals? What are some of the biggest challenges you face working in the trusted cloud space? Is there something you would like to share about being a woman leader in technology? How did you overcome the related challenges? Resources: Video “Compliance Without Compromise” by Jeanette Manfra (2020, still very relevant!) “Good to Great” book “Appreciative Leadership” book

12 snips
Mar 3, 2025 • 28min
EP213 From Promise to Practice: LLMs for Anomaly Detection and Real-World Cloud Security
Yigael Berger, Head of AI at Sweet Security, shares insights into the application of large language models (LLMs) for cloud security. He discusses the gap between LLMs' potential and their real-world effectiveness, especially in anomaly detection. Berger explains how LLMs analyze event sequences to enhance accuracy while managing noise. He also addresses the challenges SOC teams face with false positives and negatives, emphasizing the psychological barriers to embracing AI in security. Ultimately, he posits that LLMs may tip the balance in favor of defenders in the cybersecurity battle.

10 snips
Feb 24, 2025 • 33min
EP212 Securing the Cloud at Scale: Modern Bank CISO on Metrics, Challenges, and SecOps
Dave Hannigan, CISO at Nu Bank, brings a wealth of knowledge from his time at Spotify to discuss the unique challenges faced in neobanking. He dives into the complexities of regulatory compliance and the innovative security practices necessary in the rapidly evolving Latin American finance landscape. Hannigan highlights the critical role of identity and access management in cloud security and shares key metrics for assessing security posture. He also reflects on the cultural shifts needed for effective cloud operations and why he chose Google SecOps for his team.
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.