Cloud Security Podcast by Google cover image

Cloud Security Podcast by Google

Latest episodes

undefined
8 snips
Jun 30, 2025 • 32min

EP232 The Human Element of Privacy: Protecting High-Risk Targets and Designing Systems

Sarah Aoun, a Privacy Engineer at Google and former consultant on digital security for a world leader, dives into her unique journey from human rights to tech. She discusses the intricacies of designing privacy into Google's Fuschia operating system, particularly for ambient computing. Aoun highlights the importance of understanding who might be a high-risk target in today’s geopolitical landscape and offers insights on enhancing personal security beyond traditional methods. She emphasizes the collective responsibility of individuals and tech companies in prioritizing user privacy.
undefined
11 snips
Jun 23, 2025 • 31min

EP231 Beyond the Buzzword: Practical Detection as Code in the Enterprise

David French, a Staff Adoption Engineer at Google Cloud, dives into the intriguing world of 'detection as code.' He clarifies its real meaning and its advantages for security teams, discussing how a software engineering approach can enhance detection processes. Topics include the significance of robust testing methods, the challenges of working with limited API support, and the importance of standardizing detection rules. French also advocates for collaborative sharing of detection content, blurring the lines between traditional alert handling and an engineering-like mindset.
undefined
9 snips
Jun 16, 2025 • 26min

EP230 AI Red Teaming: Surprises, Strategies, and Lessons from Google

Daniel Fabian, Principal Digital Arsonist at Google, shares his insights from two years of AI red teaming. He reveals surprising findings about the unique security challenges AI systems pose compared to traditional software. Fabian discusses counterstrategies against prompt injection attacks and highlights the importance of threat modeling. He offers practical advice for organizations new to AI red teaming, emphasizing an adversarial mindset to identify vulnerabilities and the need for collaboration between security teams and developers. Embrace AI in red teaming for better defense!
undefined
14 snips
Jun 9, 2025 • 35min

EP229 Beyond the Hype: Debunking Cloud Breach Myths (and What DBIR Says Now)

Alex Pinto, Associate Director of Threat Intelligence at Verizon Business, discusses the nuances of cloud breaches, questioning if they are merely due to leaked credentials. He reveals that customers are often responsible for the majority of security issues and highlights the common problem of misconfigurations. Pinto also talks about the evolving ransomware landscape and its future, pondering if it will remain a threat for the next two decades. Moreover, he touches on the role of AI in shaping the breach report, emphasizing the need for human oversight.
undefined
27 snips
Jun 2, 2025 • 27min

EP228 SIEM in 2025: Still Hard? Reimagining Detection at Cloud Scale and with More Pipelines

Alan Braithwaite, Co-founder and CTO of RunReveal and a passionate data engineer, dives into the challenges of modern Security Information and Event Management (SIEM). He discusses the complexities of storage and integration in SIEM systems while comparing decoupled architectures with integrated solutions. With data volumes surging, Braithwaite envisions using ClickHouse for efficient log management. He also introduces 'Pipeline QL' for detection in SQL, sparking debates about its implications for security engineering and interoperability in the ever-evolving landscape of security data.
undefined
7 snips
May 26, 2025 • 24min

EP227 AI-Native MDR: Betting on the Future of Security Operations?

Eric Foster, CEO of Tenex.AI, is revolutionizing the security services industry through AI innovations. He delves into why starting an AI-native Managed Detection and Response (MDR) service from scratch is a game changer. The discussion highlights the balance between human analysts and AI agents, exploring how their roles will shift in the next five years. Concerns about AI's accuracy in cybersecurity are addressed, alongside essential metrics organizations should prioritize when evaluating MDR efficacy. This insightful chat paves the way for the future of security operations.
undefined
6 snips
May 19, 2025 • 25min

EP226 AI Supply Chain Security: Old Lessons, New Poisons, and Agentic Dreams

Christine Sizemore, a Cloud Security Architect at Google Cloud, dives into the complexities of AI supply chain security. She highlights the stark differences between AI and traditional software supply chains, using engaging examples like the Suez Canal incident. The discussion uncovers unexpected threats, such as data poisoning, and emphasizes the need for continuous security integration. Sizemore explores organizational pitfalls to avoid and humorously questions whether AI can secure itself—she even shares practical strategies for safeguarding AI systems.
undefined
May 14, 2025 • 25min

EP225 Cross-promotion: The Cyber-Savvy Boardroom Podcast: EP2 Christian Karam on the Use of AI

Christian Kram, a strategic advisor and investor with a knack for AI, joins to discuss essential insights for board members navigating the complex world of emerging technologies. He underscores the importance of cohesive AI strategies over fragmented approaches. The conversation dives into the challenges boards face while harmonizing AI integration and cybersecurity measures, highlighting the transformative power of AI in supply chains. Kram advocates for a collaborative environment, reassuring employees that AI is a tool for enhancing efficiency, not a threat to job security.
undefined
May 12, 2025 • 31min

EP224 Protecting the Learning Machines: From AI Agents to Provenance in MLSecOps

Guest: Diana Kelley, CSO at Protect AI  Topics: Can you explain the concept of "MLSecOps" as an analogy with DevSecOps, with 'Dev' replaced by 'ML'? This has nothing to do with SecOps, right? What are the most critical steps a CISO should prioritize when implementing MLSecOps within their organization? What gets better  when you do it? How do we adapt traditional security testing, like vulnerability scanning, SAST, and DAST, to effectively assess the security of machine learning models? Can we? In the context of AI supply chain security, what is the essential role of third-party assessments, particularly regarding data provenance? How can organizations balance the need for security logging in AI systems with the imperative to protect privacy and sensitive data? Do we need to decouple security from safety or privacy? What are the primary security risks associated with overprivileged AI agents, and how can organizations mitigate these risks?  Top differences between LLM/chatbot AI security vs AI agent security?  Resources: “Airline held liable for its chatbot giving passenger bad advice - what this means for travellers” “ChatGPT Spit Out Sensitive Data When Told to Repeat ‘Poem’ Forever” Secure by Design for AI by Protect AI “Securing AI Supply Chain: Like Software, Only Not” OWASP Top 10 for Large Language Model Applications OWASP Top 10 for AI Agents  (draft) MITRE ATLAS “Demystifying AI Security: New Paper on Real-World SAIF Applications” (and paper) LinkedIn Course: Security Risks in AI and ML: Categorizing Attacks and Failure Modes
undefined
8 snips
May 5, 2025 • 32min

EP223 AI Addressable, Not AI Solvable: Reflections from RSA 2025

Hosts share their insights from the RSA cybersecurity conference, revealing a mix of excitement and skepticism about AI in cloud security. They analyze the potential of AI SOCs while cautioning against the pitfalls of automation. The reliance on outdated security technology is debated, alongside the importance of human oversight in AI applications. Humorous anecdotes lighten the discussion, including memorable marketing strategies and adventures at the event. Ultimately, the conversation navigates the evolving landscape of AI-native technologies versus adding AI to existing platforms.

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!
App store bannerPlay store banner
Get the app