Cloud Security Podcast by Google

Guest: Chris Sistrunk, Technical Leader, OT Consulting, Mandiant Topics: When we hear "attacks on Operational Technology (OT)" some think of Stuxnet targeting PLCs or even backdoored pipeline control software plot in the 1980s. Is this space always so spectacular or are there less "kaboom" style attacks we are more concerned about in practice? Given the old "air-gapped" mindset of many OT environments, what are the most common security gaps or blind spots you see when organizations start to integrate cloud services for things like data analytics or remote monitoring? How is the shift to cloud connectivity - for things like data analytics, centralized management, and remote access - changing the security posture of these systems? What's a real-world example of a positive security outcome you've seen as a direct result of this cloud adoption? How do the Tactics, Techniques, and Procedures outlined in the MITRE ATT&CK for ICS framework change or evolve when attackers can leverage cloud-based reconnaissance and command-and-control infrastructure to target OT networks? Can you provide an example? OT environments are generating vast amounts of operational data. What is interesting for OT Detection and Response (D&R)? Resources: Video version Cybersecurity Forecast 2026 report by Google Complex, hybrid manufacturing needs strong security. Here's how CISOs can get it done blog "Security Guidance for Cloud-Enabled Hybrid Operational Technology Networks" paper by Google Cloud Office of the CISO DEF CON 23 - Chris Sistrunk - NSM 101 for ICS MITRE ATT&CK for ICS

Guest: Bruce Schneier Topics: Do you believe that AI is going to end up being a net improvement for defenders or attackers? Is short term vs long term different? We're excited about the new book you have coming out with your co-author Nathan Sanders "Rewiring Democracy". We want to ask the same question, but for society: do you think AI is going to end up helping the forces of liberal democracy, or the forces of corruption, illiberalism, and authoritarianism? If exploitation is always cheaper than patching (and attackers don't follow as many rules and procedures), do we have a chance here? If this requires pervasive and fast "humanless" automatic patching (kinda like what Chrome does for years), will this ever work for most organizations? Do defenders have to do the same and just discover and fix issues faster? Or can we use AI somehow differently? Does this make defense in depth more important? How do you see AI as changing how society develops and maintains trust? Resources: "Rewiring Democracy" book "Informacracy Trilogy" book Agentic AI's OODA Loop Problem EP255 Separating Hype from Hazard: The Truth About Autonomous AI Hacking AI and Trust AI and Data Integrity EP223 AI Addressable, Not AI Solvable: Reflections from RSA 2025 RSA 2025: AI's Promise vs. Security's Past — A Reality Check

Heather Adkins, VP of Security Engineering at Google, shares her insights on the emerging threat of autonomous AI hacking. She discusses the term 'AI Hacking Singularity,' weighing the reality against hyperbole. Can AI achieve ‘machine velocity’ exploits without human input? Heather outlines potential worst-case scenarios, from global infrastructure collapses to waves of automated attacks. She also emphasizes the need for redefined defense strategies and the impact on the software supply chain, urging proactive engagement with regulators to navigate this complex threat landscape.

Caleb Hoch, a Consulting Manager at Mandiant, specializes in cyber defense and vulnerability management transformation. He discusses the outdated nature of vulnerability management practices that still linger since the 1990s. Caleb explains why many organizations shy away from authenticated scans due to fear and resource issues. He outlines a gold-standard prioritization process for 2025 that incorporates contextual factors. Additionally, he warns of AI's rapid impact on exploit development, emphasizing the urgent need for effective mitigation strategies.

Sivanesh Ashok and Sreeram KL, both accomplished bug bounty hunters and top contributors to Google's Cloud Vulnerability Reward Program, share their expertise on cloud security. They discuss the art of writing clear and effective bug reports, emphasizing reproducibility to aid triage. The duo dives into the dynamics of collaboration in bug hunting and how to navigate volatility in the field. They reveal insights on targeting integration bugs and offer invaluable advice for aspiring hunters: consistency, patience, and a deep understanding of threat models.

In this discussion, Alexander Pabst, Deputy Group CISO at Allianz, and Lars Koenig, Global Head of Detection & Response, explore the transformative journey of moving from traditional security information and event management (SIEM) to an agentic SOC model. They delve into the intricacies of governing AI agents, emphasizing the balance between automation and necessary human oversight. The guests share insights on enhancing data fidelity, unexpected challenges during implementation, and the dramatic efficiency gains achieved, including saving 68 analyst-years per quarter.

Ari Herbert-Voss, Founder and CEO of RunCybil and former security lead at OpenAI, dives into AI-powered red teaming. He discusses how Sybil automates discovery, testing, and remediation of security flaws, particularly excelling at finding tricky authentication bugs. The conversation addresses the balance of augmenting human efforts without replacing them entirely and the importance of actionable insights for development teams. Ari also shares real-world successes, showcasing how Sybil can uncover significant vulnerabilities rapidly while scaling security efforts.

Balazs Scheidler, CEO at Axoflow and founder of syslog-ng, shares his expertise on the evolving landscape of security data management. He emphasizes the shift from centralization to access, discussing the challenges of managing diverse data pipelines and the necessity of automated classification. Balazs warns against relying solely on source storage, suggesting federated search as a solution. He also highlights the need for pipeline-level enrichment to enhance data relevance while addressing real-world logging failures that impact security operations.

Monzy Merza, co-founder and CEO of Crogl, dives into what makes a Security Operations Center (SOC) 'AI ready.' He discusses the allure of an 'Iron Man suit' for SOCs and the obstacles preventing its realization. Monzy reveals the 'Dr. Jekyll and Mr. Hyde' nature of AI in security, highlighting the critical role of data quality. He emphasizes the foundational steps needed for AI readiness, the inevitable growth of alert volumes, and how to measure progress in AI-driven SOCs effectively.

Guest: Jibran Ilyas, Director for Incident Response at Google Cloud Topics: What is this tabletop thing, please tell us about running a good security incident tabletop? Why are tabletops for incident response preparedness so amazingly effective yet rarely done well? This is cheap/easy/useful so why do so many fail to do it? Why are tabletops seen as kind of like elite pursuit? What's your favorite Cloud-centric scenario for tabletop exercises? Ransomware? But there is little ransomware in the cloud, no? What are other good cloud tabletop scenarios? Resources: EP60 Impersonating Service Accounts in GCP and Beyond: Cloud Security Is About IAM? EP179 Teamwork Under Stress: Expedition Behavior in Cybersecurity Incident Response EP222 From Post-IR Lessons to Proactive Security: Deconstructing Mandiant M-Trends EP177 Cloud Incident Confessions: Top 5 Mistakes Leading to Breaches from Mandiant EP158 Ghostbusters for the Cloud: Who You Gonna Call for Cloud Forensics EP98 How to Cloud IR or Why Attackers Become Cloud Native Faster?