Cloud Security Podcast by Google

Anton Chuvakin
undefined
Jul 21, 2025 • 34min

EP235 The Autonomous Frontier: Governing AI Agents from Code to Courtroom

Anna Gressel, a Partner at Paul, Weiss and an expert in AI law, dives into the intricate legal landscape of agentic AI. She discusses the unique risks associated with autonomous decision-making in industries like healthcare and defense. The conversation addresses the need for evolving regulatory frameworks to grapple with liability and responsibility in AI systems. Gressel also highlights the importance of transparency and explainability in AI's decision-making processes, emphasizing how these legal considerations can guide safer AI deployment.
undefined
Jul 14, 2025 • 38min

EP234 The SIEM Paradox: Logs, Lies, and Failing to Detect

Svetla Yankova, Founder and CEO of Citreno, dives into the paradox of SIEM systems in modern security. Despite hefty investments in logging tools, many organizations fail to detect threats effectively. She discusses challenges like data enrichment and the importance of context for SOC analysts. Svetla also addresses common SIEM pitfalls and the expectations surrounding technology migrations. Additionally, she ponders the role of AI in security, questioning whether it's repeating the past mistakes of SOAR vendors or creating new ones.
undefined
7 snips
Jul 7, 2025 • 26min

EP233 Product Security Engineering at Google: Resilience and Security

Cristina Vintila, a Product Security Engineering Manager at Google Cloud, dives into the evolution of security practices at Google, focusing on recent threats like Log4j. She discusses the integration of Site Reliability Engineering principles in detection and response, emphasizing the balance between reliability and security. Vintila highlights the importance of understanding critical data for effective vulnerability management and the need for collaboration between security teams and product engineers to enhance overall product security.
undefined
8 snips
Jun 30, 2025 • 32min

EP232 The Human Element of Privacy: Protecting High-Risk Targets and Designing Systems

Sarah Aoun, a Privacy Engineer at Google and former consultant on digital security for a world leader, dives into her unique journey from human rights to tech. She discusses the intricacies of designing privacy into Google's Fuschia operating system, particularly for ambient computing. Aoun highlights the importance of understanding who might be a high-risk target in today’s geopolitical landscape and offers insights on enhancing personal security beyond traditional methods. She emphasizes the collective responsibility of individuals and tech companies in prioritizing user privacy.
undefined
11 snips
Jun 23, 2025 • 31min

EP231 Beyond the Buzzword: Practical Detection as Code in the Enterprise

David French, a Staff Adoption Engineer at Google Cloud, dives into the intriguing world of 'detection as code.' He clarifies its real meaning and its advantages for security teams, discussing how a software engineering approach can enhance detection processes. Topics include the significance of robust testing methods, the challenges of working with limited API support, and the importance of standardizing detection rules. French also advocates for collaborative sharing of detection content, blurring the lines between traditional alert handling and an engineering-like mindset.
undefined
9 snips
Jun 16, 2025 • 26min

EP230 AI Red Teaming: Surprises, Strategies, and Lessons from Google

Daniel Fabian, Principal Digital Arsonist at Google, shares his insights from two years of AI red teaming. He reveals surprising findings about the unique security challenges AI systems pose compared to traditional software. Fabian discusses counterstrategies against prompt injection attacks and highlights the importance of threat modeling. He offers practical advice for organizations new to AI red teaming, emphasizing an adversarial mindset to identify vulnerabilities and the need for collaboration between security teams and developers. Embrace AI in red teaming for better defense!
undefined
14 snips
Jun 9, 2025 • 35min

EP229 Beyond the Hype: Debunking Cloud Breach Myths (and What DBIR Says Now)

Alex Pinto, Associate Director of Threat Intelligence at Verizon Business, discusses the nuances of cloud breaches, questioning if they are merely due to leaked credentials. He reveals that customers are often responsible for the majority of security issues and highlights the common problem of misconfigurations. Pinto also talks about the evolving ransomware landscape and its future, pondering if it will remain a threat for the next two decades. Moreover, he touches on the role of AI in shaping the breach report, emphasizing the need for human oversight.
undefined
27 snips
Jun 2, 2025 • 27min

EP228 SIEM in 2025: Still Hard? Reimagining Detection at Cloud Scale and with More Pipelines

Alan Braithwaite, Co-founder and CTO of RunReveal and a passionate data engineer, dives into the challenges of modern Security Information and Event Management (SIEM). He discusses the complexities of storage and integration in SIEM systems while comparing decoupled architectures with integrated solutions. With data volumes surging, Braithwaite envisions using ClickHouse for efficient log management. He also introduces 'Pipeline QL' for detection in SQL, sparking debates about its implications for security engineering and interoperability in the ever-evolving landscape of security data.
undefined
7 snips
May 26, 2025 • 24min

EP227 AI-Native MDR: Betting on the Future of Security Operations?

Eric Foster, CEO of Tenex.AI, is revolutionizing the security services industry through AI innovations. He delves into why starting an AI-native Managed Detection and Response (MDR) service from scratch is a game changer. The discussion highlights the balance between human analysts and AI agents, exploring how their roles will shift in the next five years. Concerns about AI's accuracy in cybersecurity are addressed, alongside essential metrics organizations should prioritize when evaluating MDR efficacy. This insightful chat paves the way for the future of security operations.
undefined
6 snips
May 19, 2025 • 25min

EP226 AI Supply Chain Security: Old Lessons, New Poisons, and Agentic Dreams

Christine Sizemore, a Cloud Security Architect at Google Cloud, dives into the complexities of AI supply chain security. She highlights the stark differences between AI and traditional software supply chains, using engaging examples like the Suez Canal incident. The discussion uncovers unexpected threats, such as data poisoning, and emphasizes the need for continuous security integration. Sizemore explores organizational pitfalls to avoid and humorously questions whether AI can secure itself—she even shares practical strategies for safeguarding AI systems.

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!
App store bannerPlay store banner
Get the app