Cloud Security Podcast by Google

Sivanesh Ashok and Sreeram KL, both accomplished bug bounty hunters and top contributors to Google's Cloud Vulnerability Reward Program, share their expertise on cloud security. They discuss the art of writing clear and effective bug reports, emphasizing reproducibility to aid triage. The duo dives into the dynamics of collaboration in bug hunting and how to navigate volatility in the field. They reveal insights on targeting integration bugs and offer invaluable advice for aspiring hunters: consistency, patience, and a deep understanding of threat models.

In this discussion, Alexander Pabst, Deputy Group CISO at Allianz, and Lars Koenig, Global Head of Detection & Response, explore the transformative journey of moving from traditional security information and event management (SIEM) to an agentic SOC model. They delve into the intricacies of governing AI agents, emphasizing the balance between automation and necessary human oversight. The guests share insights on enhancing data fidelity, unexpected challenges during implementation, and the dramatic efficiency gains achieved, including saving 68 analyst-years per quarter.

Ari Herbert-Voss, Founder and CEO of RunCybil and former security lead at OpenAI, dives into AI-powered red teaming. He discusses how Sybil automates discovery, testing, and remediation of security flaws, particularly excelling at finding tricky authentication bugs. The conversation addresses the balance of augmenting human efforts without replacing them entirely and the importance of actionable insights for development teams. Ari also shares real-world successes, showcasing how Sybil can uncover significant vulnerabilities rapidly while scaling security efforts.

Balazs Scheidler, CEO at Axoflow and founder of syslog-ng, shares his expertise on the evolving landscape of security data management. He emphasizes the shift from centralization to access, discussing the challenges of managing diverse data pipelines and the necessity of automated classification. Balazs warns against relying solely on source storage, suggesting federated search as a solution. He also highlights the need for pipeline-level enrichment to enhance data relevance while addressing real-world logging failures that impact security operations.

Monzy Merza, co-founder and CEO of Crogl, dives into what makes a Security Operations Center (SOC) 'AI ready.' He discusses the allure of an 'Iron Man suit' for SOCs and the obstacles preventing its realization. Monzy reveals the 'Dr. Jekyll and Mr. Hyde' nature of AI in security, highlighting the critical role of data quality. He emphasizes the foundational steps needed for AI readiness, the inevitable growth of alert volumes, and how to measure progress in AI-driven SOCs effectively.

Guest: Jibran Ilyas, Director for Incident Response at Google Cloud Topics: What is this tabletop thing, please tell us about running a good security incident tabletop? Why are tabletops for incident response preparedness so amazingly effective yet rarely done well? This is cheap/easy/useful so why do so many fail to do it? Why are tabletops seen as kind of like elite pursuit? What's your favorite Cloud-centric scenario for tabletop exercises? Ransomware? But there is little ransomware in the cloud, no? What are other good cloud tabletop scenarios? Resources: EP60 Impersonating Service Accounts in GCP and Beyond: Cloud Security Is About IAM? EP179 Teamwork Under Stress: Expedition Behavior in Cybersecurity Incident Response EP222 From Post-IR Lessons to Proactive Security: Deconstructing Mandiant M-Trends EP177 Cloud Incident Confessions: Top 5 Mistakes Leading to Breaches from Mandiant EP158 Ghostbusters for the Cloud: Who You Gonna Call for Cloud Forensics EP98 How to Cloud IR or Why Attackers Become Cloud Native Faster?

Guest: David Gee, Board Risk Advisor, Non-Executive Director & Author, former CISO Topics: Drawing from the "Aspiring CIO and CISO" book's focus on continuous improvement, how have you seen the necessary skills, knowledge, experience, and behaviors for a CISO evolve, especially when guiding an organization through a transformation? Could you share lessons learned about leadership and organizational resilience during such a critical period, and how does that experience reshape your approach to future transformations? Many organizations are undergoing transformations, often heavily involving cloud technologies. From your perspective, what is the most crucial—and perhaps often overlooked—role a CISO plays in ensuring security is an enabler, not a roadblock, during such large-scale changes? Have you ever seen a CISO who is a cloud champion for the organization? Your best advice for a CISO meeting cloud for the first time? What is your best advice for a CISO meeting AI for the first time? How do you balance the continuous self-improvement and development with the day-to-day pressures and responsibilities? Resources: "A Day in the Life of a CISO: Personal Mentorship from 24+ Battle-Tested CISOs — Mentoring We Never Got" book "The Aspiring CIO and CISO: A career guide to developing leadership skills, knowledge, experience, and behavior" book EP201 Every CTO Should Be a CSTO (Or Else!) - Transformation Lessons from The Hoff EP101 Cloud Threat Detection Lessons from a CISO EP104 CISO Walks Into the Cloud: And The Magic Starts to Happen! EP129 How CISO Cloud Dreams and Realities Collide All CISO podcast episodes "Shadow Agents: A New Era of Shadow AI Risk in the Enterprise" blog "Blocking shadow agents won't work. Here's a more secure way forward" blog

Sumedh Thakar, the President and CEO of Qualys, shares his extensive insights on the evolution of vulnerability management over the past 25 years. He discusses the need for prioritization beyond just CVSS scores, emphasizing the value of threat intelligence and business context in decision-making. Thakar highlights the transformative role of cloud in streamlining remediation and introduces the Risk Operations Center concept, which integrates data for informed prioritization. He also touches on practical AI applications, mitigating risks beyond patching, and the importance of communicating cyber risks to boards.

Rick Caccia, CEO and co-founder of Witness AI, dives into the unique characteristics of the current wave of enterprise AI adoption, likening it to the web era's rapid growth. He emphasizes how CISOs are now more focused on enabling safe AI use rather than merely blocking access. Caccia discusses the challenges posed by consumer-grade AI in the workplace, the risks of shadow AI, and the need for a unified platform to facilitate confident AI adoption. His insights on managing agent identities and the necessity of observability for effective controls are especially thought-provoking.

Jon Oltsik, a security researcher and former ESG analyst, invented the SOAPA concept, which he elaborates on during the discussion. He debates the merits of platform consolidation versus a best-of-breed approach, highlighting how organization size influences these strategies. The talk covers the impact of generative and agentic AI on the Security Operations Center, emphasizing real-world applications and integration challenges. Jon also shares practical insights on leveraging AI for alert triage and security fundamentals in modern threat defense.