Cloud Security Podcast by Google
Anton Chuvakin
Cloud Security Podcast by Google focuses on security in the cloud, delivering security from the cloud, and all things at the intersection of security and cloud. Of course, we will also cover what we are doing in Google Cloud to help keep our users' data safe and workloads secure.
We’re going to do our best to avoid security theater, and cut to the heart of real security questions and issues. Expect us to question threat models and ask if something is done for the data subject’s benefit or just for organizational benefit.
We hope you’ll join us if you’re interested in where technology overlaps with process and bumps up against organizational design. We’re hoping to attract listeners who are happy to hear conventional wisdom questioned, and who are curious about what lessons we can and can’t keep as the world moves from on-premises computing to cloud computing.
We’re going to do our best to avoid security theater, and cut to the heart of real security questions and issues. Expect us to question threat models and ask if something is done for the data subject’s benefit or just for organizational benefit.
We hope you’ll join us if you’re interested in where technology overlaps with process and bumps up against organizational design. We’re hoping to attract listeners who are happy to hear conventional wisdom questioned, and who are curious about what lessons we can and can’t keep as the world moves from on-premises computing to cloud computing.
Episodes
Mentioned books
Aug 18, 2025 • 25min
EP239 Linux Security: The Detection and Response Disconnect and Where Is My Agentless EDR
Craig H. Rowland, Founder and CEO of Sandfly Security, discusses crucial Linux security insights relevant to diverse environments including cloud and hybrid setups. He addresses significant blind spots for security teams and the misconception that Linux is immune to malware threats. The conversation covers the dangers of SSH key management, operational hurdles in incident response, and the subtle abuse of legitimate Linux utilities in attacks. Rowland also explores the benefits and trade-offs of agentless vs. agent-based monitoring, enhancing security through AI and innovative strategies.
Aug 11, 2025 • 32min
EP238 Google Lessons for Using AI Agents for Securing Our Enterprise
Dominik Swierad, Senior Product Manager for D&R AI and Sec-Gemini, shares his insights on implementing AI agents within Google's security framework. He discusses strategies for building trust among security professionals and identifies key use cases for AI integration. Swierad emphasizes the importance of high-quality data and structured methodologies for evaluating AI performance. He also highlights the evolving roles of security engineers amidst rising automation and raises concerns about how threat actors might exploit similar technologies.
Aug 4, 2025 • 29min
EP237 Making Security Personal at the Speed and Scale of TikTok
Kim Albarella, TikTok's Global Head of Security, shares her expertise in user safety and compliance. She offers essential tips for online security, emphasizing two-step verification and password management. The conversation dives into navigating global compliance challenges, highlighting the balance between local regulations and a unified security approach. Kim also discusses innovative training methods, using TikTok videos to foster a strong internal security culture, making cybersecurity relatable and engaging in today’s digital landscape.
8 snips
Jul 28, 2025 • 27min
EP236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI
Manija Poulatova, Director of Security Engineering and Operations at Lloyd's Banking Group, shares her insights on transforming Security Operations Centers. She reveals her accelerated SIEM migration journey and the challenges faced in balancing people, processes, and technology. The discussion touches on innovative composite alerting techniques and the 'funnel model' for detection. Manija also emphasizes the need for agile methodologies and offers advice for security leaders on successfully integrating AI into their teams. Her experience is a treasure trove for anyone in the cybersecurity field!
Jul 21, 2025 • 34min
EP235 The Autonomous Frontier: Governing AI Agents from Code to Courtroom
Anna Gressel, a Partner at Paul, Weiss and an expert in AI law, dives into the intricate legal landscape of agentic AI. She discusses the unique risks associated with autonomous decision-making in industries like healthcare and defense. The conversation addresses the need for evolving regulatory frameworks to grapple with liability and responsibility in AI systems. Gressel also highlights the importance of transparency and explainability in AI's decision-making processes, emphasizing how these legal considerations can guide safer AI deployment.
14 snips
Jul 14, 2025 • 38min
EP234 The SIEM Paradox: Logs, Lies, and Failing to Detect
Svetla Yankova, Founder and CEO of Citreno, dives into the paradox of SIEM systems in modern security. Despite hefty investments in logging tools, many organizations fail to detect threats effectively. She discusses challenges like data enrichment and the importance of context for SOC analysts. Svetla also addresses common SIEM pitfalls and the expectations surrounding technology migrations. Additionally, she ponders the role of AI in security, questioning whether it's repeating the past mistakes of SOAR vendors or creating new ones.
7 snips
Jul 7, 2025 • 26min
EP233 Product Security Engineering at Google: Resilience and Security
Cristina Vintila, a Product Security Engineering Manager at Google Cloud, dives into the evolution of security practices at Google, focusing on recent threats like Log4j. She discusses the integration of Site Reliability Engineering principles in detection and response, emphasizing the balance between reliability and security. Vintila highlights the importance of understanding critical data for effective vulnerability management and the need for collaboration between security teams and product engineers to enhance overall product security.
8 snips
Jun 30, 2025 • 32min
EP232 The Human Element of Privacy: Protecting High-Risk Targets and Designing Systems
Sarah Aoun, a Privacy Engineer at Google and former consultant on digital security for a world leader, dives into her unique journey from human rights to tech. She discusses the intricacies of designing privacy into Google's Fuschia operating system, particularly for ambient computing. Aoun highlights the importance of understanding who might be a high-risk target in today’s geopolitical landscape and offers insights on enhancing personal security beyond traditional methods. She emphasizes the collective responsibility of individuals and tech companies in prioritizing user privacy.
11 snips
Jun 23, 2025 • 31min
EP231 Beyond the Buzzword: Practical Detection as Code in the Enterprise
David French, a Staff Adoption Engineer at Google Cloud, dives into the intriguing world of 'detection as code.' He clarifies its real meaning and its advantages for security teams, discussing how a software engineering approach can enhance detection processes. Topics include the significance of robust testing methods, the challenges of working with limited API support, and the importance of standardizing detection rules. French also advocates for collaborative sharing of detection content, blurring the lines between traditional alert handling and an engineering-like mindset.
9 snips
Jun 16, 2025 • 26min
EP230 AI Red Teaming: Surprises, Strategies, and Lessons from Google
Daniel Fabian, Principal Digital Arsonist at Google, shares his insights from two years of AI red teaming. He reveals surprising findings about the unique security challenges AI systems pose compared to traditional software. Fabian discusses counterstrategies against prompt injection attacks and highlights the importance of threat modeling. He offers practical advice for organizations new to AI red teaming, emphasizing an adversarial mindset to identify vulnerabilities and the need for collaboration between security teams and developers. Embrace AI in red teaming for better defense!
