Cloud Security Podcast by Google

Guest: Jeff Bollinger,  Director of Incident Response and Detection Engineering @ Linkedin  Topics: Observability sounds cool (please define it for us BTW), but relating it to security has been “hand-wavy” at best. What is your opinion on the relevance of observability data for security use cases? What use cases are those, apart from saving the data for IR just in case? How can we best approach observability in the cloud, particularly around network communications, so that we improve security as a result? Are there other areas of cloud where observability might be more relevant? Does the massive shift to TLS 1.3 impact this? If the Internet is shifting towards an end-user/device centric model with everything as a service (SaaS), how does security monitoring even work anymore?  Does it mean the end of both endpoint and network eras and the arrival of the application security monitoring era? Can we do deep monitoring of complex applications and app clusters for abuse or should we just focus on identity and profiling? Resources: “Instrumenting Modern Application Stack for Detection and Response” (ep34) “Crafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan” by Jeff Bollinger, Brandon Enright, Matthew Valites (book) RFC 7258  Pervasive Monitoring Is an Attack RFC 8890 Internet is for end users “(Re)building Threat Detection and Incident Response at LinkedIn” “Martian Chronicles“ by Ray Bradberry (because migrating to cloud is like flying to Mars)

Guests: Alijca Cade, Director, Financial Services, Office of the CISO, Google Cloud Ken Westin, Director, Security Strategy, Cybereason Robert Wallace, Senior Director, Mandiant, now Google Cloud Topics: How are cloud environments attacked and compromised today? Is it still about the configuration mistakes? Do cryptominers represent a serious threat now that they are often mentioned as the most common threat in the cloud? Let’s look at another popular threat - ransomware or, broadly, RansomOps. Based on your research, what can we say about its likely future, especially in the cloud? Are we getting better with detection in the cloud and are we doing it fast enough? Is cloud security a misnomer? Attackers are out to get into an organization, and cloud or on-premise matters less here, right? What does it say about the interdependence of security, on and off cloud? Resources: LIVE @ Security Talks: The Cloud Security Podcast at Cloud Security Talks Q3 2022 Google Cybersecurity Action Team Threat Horizons Report #4 Is Out!

Guest:  Dr Anna Belak, Director of Thought Leadership at Sysdig, former Gartner analyst Questions: Analysts (and vendors) coined a log of “C-something acronyms” for cloud security, and two of the people on this episode were directly involved in some of them. What do you make of all the cloud security acronym proliferation? What is CSPM? What gets better when you deploy it? What is CWPP? Does anything get better when you deploy it? What is CNAPP? What gets better when you deploy it? What is CIEM, Anton’s least fave acronym? Now, what about CDR?  Resources: Gartner acronym glossary “Container Security: The Past or The Future?” (ep54, with Anna as well) “Automate and/or Die?” (ep3) “Impersonating Service Accounts in GCP and Beyond: Cloud Security Is About IAM?” (ep60) “Powering Secure SaaS … But Not with CASB? Cloud Detection and Response?” (ep76) “Does the World Need Cloud Detection and Response (CDR)?” “Announcing Virtual Machine Threat Detection now generally available to Cloud customers” Sysdig Threat Report Blog 2022 Sysdig Cloud-Native Threat Report  Anatomy of Cloud Attacks

Guest: Alicja Cade, Director for Financial Services, Office of the CISO, Google Cloud  Topics: We are talking about your journey as a CISO migrating to the cloud. Could you give us the overview of … What triggered your organization's migration to the cloud? When did you and the security team get brought in? Did you take going to the cloud as an opportunity to change things beyond the tools you were using?  As you got going into the cloud, what was the hardest part for your organization? If that was hardest, what was most surprising? Good surprise and bad surprise? How did you design security controls for the cloud? How do you validate and verify security controls in the cloud? How did you keep both security practitioners and the rest of your IT teams from lift-and-shift thinking? Did your data security practice change? Having covered all that tactical terrain, one final strategic question: is moving to the cloud a net risk reduction? Can it be? Resources: “CISO Walks Into the Cloud: Frustrations, Successes, Lessons ... And Does the Risk Change?” (ep80) “Visualizing Google Cloud: 101 Illustrated References for Cloud Engineers and Architects” by Priyanka Vergadia “Cyberpolitics in International Relations” book CSA CCM v4 Cyber Risk Institute “Modernize Data Security with Autonomic Data Security Approach” (ep79) and the paper on autonomic data security. "Preparing for Cloud Migrations from a CISO Perspective, Part 1" (ep5) "Preparing for Cloud Migrations from a CISO Perspective, Part 2" (ep11) “How CISOs need to adapt their mental models for cloud security” blog

Guests: Lauren Zabierek (@lzxdc), Acting Executive Director of the Belfer Center at the Harvard Kennedy School Christina Morillo (@divinetechygirl), Principal Security Consultant at Trimark Security Topics: We are so excited to have you on the show today talking about your awesome effort, Share The Mic in Cyber. I love that we are Sharing our Mic with you today. Could you please introduce yourself to our listeners? Let's talk about representation and what that means, and why it's especially relevant in cyber security?  Psychological safety is super important for so many reasons, including  in cyber. Could you share a definition of what it is, and why it is important?  Can we talk about how psychological safety and representation intersect?  Let’s bring things back to talk about the #ShareTheMicInCyber / #STMIC project. Could you tell us about one of your favorite things that's come from the project?  Any surprises? Lessons? Plans? Futures? How can our listeners help with #ShareTheMicInCyber? Where to learn more? Resources: #ShareTheMicInCyber site and @ShareInCyber on social Lauren Zabierek (@lzxdc), #ShareTheMic in Cyber co-founder Camille Stewart Gloster (@camilleesq), #ShareTheMic in Cyber co-founder “Missing Diversity Hurts Your Security” (ep42) NEXT Special - Cloud Security and DEI: Being an Ally! (ep36)

Guest: Mike Sinno, Security Engineering Director, Detection and Response  @ Google Topics: You recently were featured in “Hacking Google” videos, can you share a bit about this effort and what role you played? How long have you been at Google? What were you doing before, if you can remember after all your time here? What brought you to Google? We hear you now focus on insider threats. Insider threat is back in the news, do you find this surprising? A classic insider question is about “malicious vs well-meaning insiders" and which type is a bigger risk. What is your take here? Trust is the most important thing when people think about Google, we protect their correspondence, their photos, their private thoughts they search for. What role does detection and response play in protecting user trust? One fun thing about working at Google is our tech stack. Your team uses one of our favorite tools in the D&R org! Can you tell us about BrainAuth and how it finds useful things? We talked about Google D&R (ep 17 and ep 75) and the role of automation came up many times. And automation is a key topic for a lot of our cloud customers. What do you automate in your domain of D&R? Resources: “Hacking Google” videos  (EP00 with Mike) The Secure Reliable Systems book The CERT Guide to Insider Threats book Common Sense Guide to Mitigating Insider Threats book Insider Threats (Cornell Studies in Security Affairs) Foreign Espionage in Cyberspace from the NCSC “How We Scale Detection and Response at Google: Automation, Metrics, Toil” (ep75) “Modern Threat Detection at Google” (ep17)

Guest: Phil Venables, Vice President and CISO at Google Cloud Topics: Google Cybersecurity Action Team is your brainchild and it is 1 year old, what comes to mind first when we reflect on this anniversary? The team is primarily about helping clients with security, what did we learn doing this for a year? What challenges have we (Google Cybersecurity Action Team) faced in our first year? We released 4 Threat Horizons reports this year, what is the future for this research here? We often hear that in the cloud we need to move away from products towards solutions, how does that work in security? Your famous 8 megatrends post is several months old - any new thoughts or changes coming to this concept? Recently you had a very interesting blog “Crucial Questions from CISOs and Security Teams”, with a list of questions, can you share some of your thinking here? Resources: Security at Google Cloud Next 2022 Next Special - Log4j Reflections, Software Dependencies and Open Source Security Next Special - Improving Browser Security in the New Era of Work Next Special - Can We Escape Ransomware by Migrating to the Cloud? NEXT Special - Google Cybersecurity Action Team: What's the Story? (Next 2021 special episode) Modernizing SOC ... Introducing Autonomic Security Operations  How autonomic data security can help define cloud’s future Google Cloud Threat Horizons Report #1 #2 #3 #4 8 Megatrends drive cloud adoption—and improve security for all “Demystify Data Sovereignty and Sovereign Cloud Secrets at Google Cloud” (ep81) Crucial Questions from CISOs and Security Teams Google Cybersecurity Action Team

Guest:    Nelly Kassem, Security and Compliance Specialist @ Google Cloud Topics: Why did ransomware attacks become so popular? What type of organizations are targeted by ransomware?  Do these affect mostly the organizations with sub-par security? Ransomware has been raging since 2015 and shows few signs of subsiding. Why are these attacks still successful?  Do we see ransomware in the cloud?  Does migrating to the cloud protect you from ransomware? Which of Google Cloud tools are useful to fight ransomware? Resources: Security at Google Cloud Next 2022 Next Special - Log4j Reflections, Software Dependencies and Open Source Security Next Special - Improving Browser Security in the New Era of Work “Future of EDR: Is It Reason-able to Suggest XDR?” (ep29) “2021: Phishing is Solved?” (ep40) Mandiant M-Trends 2022 Google Cloud Threat Horizons Report #1 #2 #3 #4

Guest: Fletcher Oliver, Chrome Browser Customer Engineer, Google Topics: What is browser security? Isn’t it just application security by another name?  Why is browser security more important now than ever?  Do we have statistical measures or data that tell us if we’re succeeding at browser security? Do we know if we’re doing a good job at making this better?  What are the components of modern browser security?  How does this work with an enterprise’s existing stack?  In fact, how does this work with the rest of Google’s tooling?  Resources: Security at Google Cloud Next 2022 NEXT Special - Log4j Reflections, Software Dependencies and Open Source Security Chrome releases blog Chrome Enterprise

Guest: Dr Nicky Ringland, Product Manager for Open Source Insights, Google Topics: Let's talk Open Source Software - are all these dependencies dependable? Why was log4j such a big thing - at a whole ecosystem level? Was it actually a Java / Maven problem? Are other languages “better” or more secure? Is another log4j inevitable? What can organizations to minimise their own risks?  Resources: Google Cloud Next 2022 Open Source Insights at deps.dev Blog at blog.deps.dev with posts on Understanding the Impact of Apache Log4j Vulnerability and what happens After the Advisory Assured Open Source Software service