Cloud Security Podcast by Google

Kathryn Shih, Group Product Manager in Google Cloud Security, discusses the capabilities and risks of Large Language Models (LLMs). Topics covered include understanding LLMs, their association with intelligence, risks of model tuning, data access control, and security considerations. The podcast provides insights into the nuances and challenges of working with LLMs and offers tips for improving outcomes with them.

In this episode, Tomer Schwartz, CTO at Dazz, discusses the challenges of cloud security remediation, including detecting vulnerabilities, overcoming process breakdowns, and addressing automation. The chapter topics cover difficulties in vulnerability management, patching containers, and the need for alignment between security and development teams.

Guests Anton Chuvakin and Tim Peacock discuss their journeys into security, the '3am test' for effective alerts, sourcing topics for the podcast, and hopes for the future of security.

Jeremiah Kung, Global Head of Information Security at AppLovin, discusses East vs West CISO mentality and the cloud's impact on security. He shares lessons from cloud migrations in 2015 and offers advice for securing clouds in 2023. Kung also provides tips for collaborative mindset and transforming outdated security technology stack.

Guest:  Andrew Hoying, Senior Security Engineering Manager @ Google Topics: What is different about system hardening today vs 20 years ago?  Also, what is special about hardening systems at Google massive scale? Can I just apply CIS templates and be done with it? Part of hardening has to be following up with developers after they have un-hardened things – how do we operationalize that at scale without getting too much in the way of productivity? A part of hardening has got to be responding to new regulation and compliance regimes, how do you incorporate new controls and stay responsive to the changing world around us? Are there cases where we have taken lessons from hardening at scale and converted those into product improvements? What metrics do you track to keep your teams moving, and what metrics do your leads look at to understand how you’re doing? [Spoiler: the answer here is VERY fun!] Resources: “Why Shared Fate is a Better Way to Manage Cloud Risk” article (and this too) CIS for GCP GCP IAM Deny CloudSecList by Marco Lancini

The podcast discusses Chronicle, the Mandiant acquisition, and the balance between products and practices in security operations. They explore leveraging expertise for Chronicle's market position and offer advice for security professionals transitioning into product management.

Guest Rosemary Wang, Developer Advocate at HashiCorp, discusses using Terraform for security automation, applying security best practices, and the relationship between Terraform and policy as code. Tips for getting started and recommendations for enhancing security journey with Terraform are also shared.

Guests:  no guests, all banter, all very fun :-) Topics: How is Google Next this year? What is new in cloud security? Is Google finally a security vendor? What are some of the fun security presentations we've seen, including our own? Any impactful launches in security? What was the most interesting overall? Resources: “Next 2023 Special: Building AI-powered Security Tools - How Do We Do It?” (ep136) “RSA 2023 - What We Saw, What We Learned, and What We're Excited About” (ep119) “Cyber Defense Matrix and Does Cloud Security Have to DIE to Win?” (ep67) “Detecting, investigating, and responding to threats in your Google Cloud environment” at Cloud Next 2023 by Anton “Prevent cloud compromises: Learn how Uber discovers cyber risks and remediates threats” at Cloud Next 2023 by Tim “Generative AI for defenders with Sec-PaLM 2 and Duet AI” at Cloud Next 2023 by Eric Doerr (his episode) “A blueprint for modern security operations” at Cloud Next 2023 by our future guest, Chris… Kevin Mandia at Next keynote (start at 1:15:00) “New AI capabilities that can help address your security challenges” blog

Eric Doerr, VP of Engineering at Google Cloud Security, discusses the exciting prospects of using AI for security and trusting AI in the business context. They also explore threat modeling AI systems and the worst security use cases for GenAI. Teaching AI security and the surprising challenges involved are also covered.

Phil Venables, Google Cloud's Chief Information Security Officer, discusses the game-changing potential of AI in cybersecurity. Topics include the impact of AI and machine learning on security, the use of generative AI to enhance productivity and secure software development, and the asymmetry between attackers and defenders in AI systems. The concept of shared faith in securing AI and the intersection of AI, security, and board governance are also explored.