Cloud Security Podcast by Google

Guest:  David Gee, Board Risk Advisor, Non-Executive Director & Author, former CISO Topics: Drawing from the "Aspiring CIO and CISO" book's focus on continuous improvement, how have you seen the necessary skills, knowledge, experience, and behaviors for a CISO evolve, especially when guiding an organization through a transformation? Could you share lessons learned about leadership and organizational resilience during such a critical period, and how does that experience reshape your approach to future transformations? Many organizations are undergoing transformations, often heavily involving cloud technologies. From your perspective, what is the most crucial—and perhaps often overlooked—role a CISO plays in ensuring security is an enabler, not a roadblock, during such large-scale changes? Have you ever seen a CISO who is a cloud champion for the organization? Your best advice for a CISO meeting cloud for the first time? What is your best advice for a CISO meeting AI for the first time? How do you balance the continuous self-improvement and development with the day-to-day pressures and responsibilities? Resources: “A Day in the Life of a CISO: Personal Mentorship from 24+ Battle-Tested CISOs — Mentoring We Never Got” book “The Aspiring CIO and CISO: A career guide to developing leadership skills, knowledge, experience, and behavior” book EP201 Every CTO Should Be a CSTO (Or Else!) - Transformation Lessons from The Hoff EP101 Cloud Threat Detection Lessons from a CISO EP104 CISO Walks Into the Cloud: And The Magic Starts to Happen! EP129 How CISO Cloud Dreams and Realities Collide All CISO podcast episodes “Shadow Agents: A New Era of Shadow AI Risk in the Enterprise” blog “Blocking shadow agents won’t work. Here’s a more secure way forward” blog  

Sumedh Thakar, the President and CEO of Qualys, shares his extensive insights on the evolution of vulnerability management over the past 25 years. He discusses the need for prioritization beyond just CVSS scores, emphasizing the value of threat intelligence and business context in decision-making. Thakar highlights the transformative role of cloud in streamlining remediation and introduces the Risk Operations Center concept, which integrates data for informed prioritization. He also touches on practical AI applications, mitigating risks beyond patching, and the importance of communicating cyber risks to boards.

Rick Caccia, CEO and co-founder of Witness AI, dives into the unique characteristics of the current wave of enterprise AI adoption, likening it to the web era's rapid growth. He emphasizes how CISOs are now more focused on enabling safe AI use rather than merely blocking access. Caccia discusses the challenges posed by consumer-grade AI in the workplace, the risks of shadow AI, and the need for a unified platform to facilitate confident AI adoption. His insights on managing agent identities and the necessity of observability for effective controls are especially thought-provoking.

Jon Oltsik, a security researcher and former ESG analyst, invented the SOAPA concept, which he elaborates on during the discussion. He debates the merits of platform consolidation versus a best-of-breed approach, highlighting how organization size influences these strategies. The talk covers the impact of generative and agentic AI on the Security Operations Center, emphasizing real-world applications and integration challenges. Jon also shares practical insights on leveraging AI for alert triage and security fundamentals in modern threat defense.

Cy Khormaee, CEO of Aegis AI, and Ryan Luo, CTO of Aegis AI, discuss the future of email security amid escalating AI threats. They reveal that by 2025, traditional defenses may falter against sophisticated cyber attacks. The conversation emphasizes the importance of adaptive models and the crucial role of good AI in combating bad AI. They share insights from their experiences at Google and stress the need for innovative strategies to counter personalized phishing tactics. Best practices for using large language models are also highlighted.

In this engaging discussion, Augusto Barros, a Principal Product Manager at Prophet Security and former Gartner analyst, delves into the transformative power of AI in Security Operations Centers (SOC). He defines AI SOC and explores how it can effectively reduce attacker dwell time while acknowledging challenges around signal fidelity. Barros discusses why previous automation attempts fell short and how to measure the success of AI integration. He also addresses common misconceptions about job loss and highlights the importance of transparency in evolving cybersecurity landscapes.

Rick Correa, Uber TL for Google SecOps and expert in detection engineering, shares his journey of scaling curated detections from a mere 70 to over 4,700 rules. He discusses the pivotal lessons learned and the importance of user-friendly interfaces to alleviate customer friction. The conversation dives into the distinction between 'Detection-as-Code' and advanced software engineering practices, emphasizing the need for unit testing and performance reviews. Correa introduces the 'Goldilocks Zone' for detections and provides practical examples of building blocks for enhancing security against threats like VPN and Tor traffic.

Errol Weiss, Chief Security Officer at Health-ISAC, dives deep into the world of cyber resilience in the healthcare sector. He stresses the importance of moving from a focus on 'just cybersecurity' to a broader emphasis on digital resilience. With practical tips, he shares how even under-resourced organizations can enhance their security without breaking the bank. Weiss highlights the need for basic hygiene in cybersecurity and advises on evaluating vendor security to prevent hacks. His insights shine a light on the path to stronger cyber defenses.

Craig H. Rowland, Founder and CEO of Sandfly Security, discusses crucial Linux security insights relevant to diverse environments including cloud and hybrid setups. He addresses significant blind spots for security teams and the misconception that Linux is immune to malware threats. The conversation covers the dangers of SSH key management, operational hurdles in incident response, and the subtle abuse of legitimate Linux utilities in attacks. Rowland also explores the benefits and trade-offs of agentless vs. agent-based monitoring, enhancing security through AI and innovative strategies.

Dominik Swierad, Senior Product Manager for D&R AI and Sec-Gemini, shares his insights on implementing AI agents within Google's security framework. He discusses strategies for building trust among security professionals and identifies key use cases for AI integration. Swierad emphasizes the importance of high-quality data and structured methodologies for evaluating AI performance. He also highlights the evolving roles of security engineers amidst rising automation and raises concerns about how threat actors might exploit similar technologies.