Cloud Security Podcast by Google cover image

Cloud Security Podcast by Google

Latest episodes

undefined
Apr 23, 2025 • 30min

EP221 Special - Semi-Live from Google Cloud Next 2025: AI, Agents, Security ... Cloud?

The chaotic vibes of a live conference set the stage for insightful talks on AI’s growing role in security. Discussions unveiled the Model Armor initiative and the evolving integration of AI with cybersecurity. Surprising trends and marketing strategies caught attention, while a hopeful outlook emerged for transforming Security Operations Centers. The urgency for security professionals to adopt AI was emphasized, with a clear warning: adapt or risk falling behind in this fast-evolving landscape.
undefined
Apr 21, 2025 • 29min

EP220 Big Rewards for Cloud Security: Exploring the Google VRP

Guests: Michael Cote, Cloud VRP Lead, Google Cloud Aadarsh Karumathil, Security Engineer, Google Cloud Topics: Vulnerability response at cloud-scale sounds very hard! How do you triage vulnerability reports and make sure we’re addressing the right ones in the underlying cloud infrastructure? How do you determine how much to pay for each vulnerability? What is the largest reward we paid? What was it for? What products get the most submissions? Is this driven by the actual product security or by trends and fashions like AI? What are the most likely rejection reasons?  What makes for a very good - and exceptional? - vulnerability report? We hear we pay more for “exceptional” reports, what does it mean? In college Tim had a roommate who would take us out drinking on his Google web app vulnerability rewards. Do we have something similar for people reporting vulnerabilities in our cloud infrastructure? Are people making real money off this?  How do we actually uniquely identify vulnerabilities in the cloud? CVE does not work well, right? What are the expected risk reduction benefits from Cloud VRP? Resources: Cloud VRP site Cloud VPR launch blog CVR: The Mines of Kakadûm
undefined
Apr 14, 2025 • 32min

EP219 Beyond the Buzzwords: Decoding Cyber Risk and Threat Actors in Asia Pacific

Steve Ledzian, APAC CTO at Mandiant, dives into the evolving landscape of cybersecurity in the Asia Pacific region. He discusses how many boards still see cyber risks solely as technical issues, missing critical human factors. Steve tackles the confusing jargon plaguing the industry, emphasizing clear communication. He highlights unexpected benefits from the Google-Mandiant merger and shares insights on reducing dwell time in cyber incidents. Finally, he forecasts significant cybersecurity challenges ahead and what organizations should do now to prepare.
undefined
Apr 7, 2025 • 30min

EP218 IAM in the Cloud & AI Era: Navigating Evolution, Challenges, and the Rise of ITDR/ISPM

Henrique Teixeira, Senior VP of Strategy at Saviynt and former Gartner analyst, dives into the evolution of Identity and Access Management (IAM) amidst cloud and AI advancements. He addresses the challenges and opportunities these shifts create, particularly with ITDR (Identity Threat Detection and Response) and ISPM (Identity Security Posture Management). The discussion explores the unique security needs of machine identities versus human identities, as well as tips for creating memorable tech acronyms, blending humor with valuable insights on identity management.
undefined
Mar 31, 2025 • 23min

EP217 Red Teaming AI: Uncovering Surprises, Facing New Threats, and the Same Old Mistakes?

In a fascinating discussion, Alex Polyakov, CEO of Adversa AI and expert in AI red teaming, dives into the vulnerabilities plaguing AI systems. He recounts a memorable red teaming exercise that unveiled surprising flaws. Polyakov highlights emerging threats like linguistic-based attacks and emphasizes how classic security mistakes resurface in AI. He critiques the industry's misconceptions about AI security and prompts organizations to rethink their cyber frameworks. Furthermore, he discusses the irony of using AI to safeguard AI, raising essential questions about the future of technology.
undefined
14 snips
Mar 24, 2025 • 32min

EP216 Ephemeral Clouds, Lasting Security: CIRA, CDR, and the Future of Cloud Investigations

In this enlightening discussion, James Campbell, CEO of Cado Security, and Chris Doman, CTO, dive into the evolving landscape of cloud security. They clarify the differences between Cloud Detection and Response (CDR) and Cloud Investigation and Response Automation (CIRA), highlighting the critical role automation plays in enhancing security. The conversation explores the challenges of ephemeral cloud infrastructure and its impact on compliance. Listeners will gain insights into how modern SIEM/SOAR systems can integrate with CIRA for better cloud security strategies.
undefined
9 snips
Mar 17, 2025 • 26min

EP215 Threat Modeling at Google: From Basics to AI-powered Magic

Meador Inge, a security engineer at Google, dives into the intricacies of threat modeling, detailing its essential steps and applications in complex systems. He explains how Google continuously updates its threat models and operationalizes the information to enhance security. The conversation explores the challenges faced in scaling threat modeling practices and how AI, particularly large language models like Gemini, is reshaping the landscape. With a humorous twist, Inge shares insights into unexpected threats and effective strategies for organizations starting their threat modeling journey.
undefined
Mar 10, 2025 • 29min

EP214 Reconciling the Impossible: Engineering Cloud Systems for Diverging Regulations

Guest: Archana Ramamoorthy, Senior Director of Product Management, Google Cloud Topics: You are responsible for building systems that need to comply with laws that are often mutually contradictory. It seems technically impossible to do, how do you do this? Google is not alone in being a global company with local customers and local requirements. How are we building systems that provide local compliance with global consistency in their use for customers who are similar in scale to us?  Originally, Google had global systems synchronized around the entire planet–planet scale supercompute–with atomic clocks. How did we get to regionalized approach from there?  Engineering takes a long time. How do we bring enough agility to product definition and engineering design to give our users robust foundations in our systems that also let us keep up with changing and diverging regulatory goals? What are some of the biggest challenges you face working in the trusted cloud space? Is there something you would like to share about being a woman leader in technology?  How did you overcome the related challenges? Resources: Video “Compliance Without Compromise” by Jeanette Manfra (2020, still very relevant!) “Good to Great” book “Appreciative Leadership” book
undefined
12 snips
Mar 3, 2025 • 28min

EP213 From Promise to Practice: LLMs for Anomaly Detection and Real-World Cloud Security

Yigael Berger, Head of AI at Sweet Security, shares insights into the application of large language models (LLMs) for cloud security. He discusses the gap between LLMs' potential and their real-world effectiveness, especially in anomaly detection. Berger explains how LLMs analyze event sequences to enhance accuracy while managing noise. He also addresses the challenges SOC teams face with false positives and negatives, emphasizing the psychological barriers to embracing AI in security. Ultimately, he posits that LLMs may tip the balance in favor of defenders in the cybersecurity battle.
undefined
10 snips
Feb 24, 2025 • 33min

EP212 Securing the Cloud at Scale: Modern Bank CISO on Metrics, Challenges, and SecOps

Dave Hannigan, CISO at Nu Bank, brings a wealth of knowledge from his time at Spotify to discuss the unique challenges faced in neobanking. He dives into the complexities of regulatory compliance and the innovative security practices necessary in the rapidly evolving Latin American finance landscape. Hannigan highlights the critical role of identity and access management in cloud security and shares key metrics for assessing security posture. He also reflects on the cultural shifts needed for effective cloud operations and why he chose Google SecOps for his team.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
App store bannerPlay store banner