Cloud Security Podcast by Google

Balazs Scheidler, CEO at Axoflow and founder of syslog-ng, shares his expertise on the evolving landscape of security data management. He emphasizes the shift from centralization to access, discussing the challenges of managing diverse data pipelines and the necessity of automated classification. Balazs warns against relying solely on source storage, suggesting federated search as a solution. He also highlights the need for pipeline-level enrichment to enhance data relevance while addressing real-world logging failures that impact security operations.

Monzy Merza, co-founder and CEO of Crogl, dives into what makes a Security Operations Center (SOC) 'AI ready.' He discusses the allure of an 'Iron Man suit' for SOCs and the obstacles preventing its realization. Monzy reveals the 'Dr. Jekyll and Mr. Hyde' nature of AI in security, highlighting the critical role of data quality. He emphasizes the foundational steps needed for AI readiness, the inevitable growth of alert volumes, and how to measure progress in AI-driven SOCs effectively.

Guest: Jibran Ilyas, Director for Incident Response at Google Cloud Topics: What is this tabletop thing, please tell us about running a good security incident tabletop? Why are tabletops for incident response preparedness so amazingly effective yet rarely done well? This is cheap/easy/useful so why do so many fail to do it? Why are tabletops seen as kind of like elite pursuit? What's your favorite Cloud-centric scenario for tabletop exercises? Ransomware? But there is little ransomware in the cloud, no? What are other good cloud tabletop scenarios? Resources: EP60 Impersonating Service Accounts in GCP and Beyond: Cloud Security Is About IAM? EP179 Teamwork Under Stress: Expedition Behavior in Cybersecurity Incident Response EP222 From Post-IR Lessons to Proactive Security: Deconstructing Mandiant M-Trends EP177 Cloud Incident Confessions: Top 5 Mistakes Leading to Breaches from Mandiant EP158 Ghostbusters for the Cloud: Who You Gonna Call for Cloud Forensics EP98 How to Cloud IR or Why Attackers Become Cloud Native Faster?

Guest: David Gee, Board Risk Advisor, Non-Executive Director & Author, former CISO Topics: Drawing from the "Aspiring CIO and CISO" book's focus on continuous improvement, how have you seen the necessary skills, knowledge, experience, and behaviors for a CISO evolve, especially when guiding an organization through a transformation? Could you share lessons learned about leadership and organizational resilience during such a critical period, and how does that experience reshape your approach to future transformations? Many organizations are undergoing transformations, often heavily involving cloud technologies. From your perspective, what is the most crucial—and perhaps often overlooked—role a CISO plays in ensuring security is an enabler, not a roadblock, during such large-scale changes? Have you ever seen a CISO who is a cloud champion for the organization? Your best advice for a CISO meeting cloud for the first time? What is your best advice for a CISO meeting AI for the first time? How do you balance the continuous self-improvement and development with the day-to-day pressures and responsibilities? Resources: "A Day in the Life of a CISO: Personal Mentorship from 24+ Battle-Tested CISOs — Mentoring We Never Got" book "The Aspiring CIO and CISO: A career guide to developing leadership skills, knowledge, experience, and behavior" book EP201 Every CTO Should Be a CSTO (Or Else!) - Transformation Lessons from The Hoff EP101 Cloud Threat Detection Lessons from a CISO EP104 CISO Walks Into the Cloud: And The Magic Starts to Happen! EP129 How CISO Cloud Dreams and Realities Collide All CISO podcast episodes "Shadow Agents: A New Era of Shadow AI Risk in the Enterprise" blog "Blocking shadow agents won't work. Here's a more secure way forward" blog

Sumedh Thakar, the President and CEO of Qualys, shares his extensive insights on the evolution of vulnerability management over the past 25 years. He discusses the need for prioritization beyond just CVSS scores, emphasizing the value of threat intelligence and business context in decision-making. Thakar highlights the transformative role of cloud in streamlining remediation and introduces the Risk Operations Center concept, which integrates data for informed prioritization. He also touches on practical AI applications, mitigating risks beyond patching, and the importance of communicating cyber risks to boards.

Rick Caccia, CEO and co-founder of Witness AI, dives into the unique characteristics of the current wave of enterprise AI adoption, likening it to the web era's rapid growth. He emphasizes how CISOs are now more focused on enabling safe AI use rather than merely blocking access. Caccia discusses the challenges posed by consumer-grade AI in the workplace, the risks of shadow AI, and the need for a unified platform to facilitate confident AI adoption. His insights on managing agent identities and the necessity of observability for effective controls are especially thought-provoking.

Jon Oltsik, a security researcher and former ESG analyst, invented the SOAPA concept, which he elaborates on during the discussion. He debates the merits of platform consolidation versus a best-of-breed approach, highlighting how organization size influences these strategies. The talk covers the impact of generative and agentic AI on the Security Operations Center, emphasizing real-world applications and integration challenges. Jon also shares practical insights on leveraging AI for alert triage and security fundamentals in modern threat defense.

Cy Khormaee, CEO of Aegis AI, and Ryan Luo, CTO of Aegis AI, discuss the future of email security amid escalating AI threats. They reveal that by 2025, traditional defenses may falter against sophisticated cyber attacks. The conversation emphasizes the importance of adaptive models and the crucial role of good AI in combating bad AI. They share insights from their experiences at Google and stress the need for innovative strategies to counter personalized phishing tactics. Best practices for using large language models are also highlighted.

In this engaging discussion, Augusto Barros, a Principal Product Manager at Prophet Security and former Gartner analyst, delves into the transformative power of AI in Security Operations Centers (SOC). He defines AI SOC and explores how it can effectively reduce attacker dwell time while acknowledging challenges around signal fidelity. Barros discusses why previous automation attempts fell short and how to measure the success of AI integration. He also addresses common misconceptions about job loss and highlights the importance of transparency in evolving cybersecurity landscapes.

Rick Correa, Uber TL for Google SecOps and expert in detection engineering, shares his journey of scaling curated detections from a mere 70 to over 4,700 rules. He discusses the pivotal lessons learned and the importance of user-friendly interfaces to alleviate customer friction. The conversation dives into the distinction between 'Detection-as-Code' and advanced software engineering practices, emphasizing the need for unit testing and performance reviews. Correa introduces the 'Goldilocks Zone' for detections and provides practical examples of building blocks for enhancing security against threats like VPN and Tor traffic.