Cloud Security Podcast by Google

Guests: Stephanie Wong Vicente Diaz, Jerome McFarland Scott Ellis Patrick Faucher Il-Sung Lee, Anoosh Saboori Topics: What is your session about? Why would audience care? What is special about your security technology? Resources: Google Cloud Next 2021 SEC212 6 layers of GCP data center security SEC101 Ransomware and cyber resilience SEC204 Take charge  of your sensitive data SEC207 Securing the software supply chain SEC300 Trust the cloud more by trusting it less: Ubiquitous data encryption

Guest: Phil Venables (@philvenables), Vice President, Chief Information Security Officer (CISO) @ Google Cloud Topics: We are here to talk Google Cybersecurity Action Team, and this is your brainchild, so tell our audience the origin of this idea? How is Cybersecurity Action Team going to help secure GCP enterprise clients? Is there also a “improve the security of the internet” story? Many organizations seem stuck in the pre-cloud thinking and mental models, can Cybersecurity Action Team help them transform their security? How? When we sometimes present our security innovations to clients, they say “but we are not Google”, so how does Cybersecurity Action Team help us bring more of Google Cybersecurity to the world? What else do we plan to do with Cybersecurity Action Team to help customers modernize their security? How should customers engage with Cybersecurity Action Team? Resources: Google Cybersecurity Action Team "Google Announces Cybersecurity Action Team to Support the Security Transformations of Public and Private Sector Organizations” “Site Reliability Engineering” book (free) “Autonomic Security Operations: 10X Transformation of the Security Operations Center” paper

Guest: Aditi Joshi, Manager in Cloud Security Team @ Google Cloud Topics: What is Allyship? How is it defined? What is its main goal? Why is allyship important in Cloud Security, specifically? Are there aspects of security that make allyship particularly important? What specifically has Google Cloud Security deployed and operationalized around Allyship? How does effective allyship look like? More personally, how can I be a better ally? How does it fit into Google Cloud Security’s overarching DEI efforts?

Guest: Rob Sadowski, Trust and Security Lead @  Google Cloud Topics: What are the big security themes at NEXT? Is security still visible? What about invisible security vs autonomic security? Is that just “invisible security” with a neat name? This has got to be your fourth or fifth Next, right? What’s new this year compared to last years, aside from being virtual? Anything particularly uniquely Google we’re talking about? What to watch at NEXT, if you are a CISO? We secure not just GCP with our tools and approaches, so what to watch if not yet a GCP client? If you have only time for 3 security sessions, which 3 to watch? Resources: Google Cloud NEXT

Guest: Matt Svensson, Senior Security Engineer @ BetterCloud Topics: What are the approaches for monitoring serverless and other modern application architectures? What are the challenges with these new environments? What approaches don’t work? What can go wrong with modern stack security monitoring? What should we watch for in a modern application stack? Most new architecture setups are predicated on identities so is identity the center of threat detection here or not?

Guest: Elliott Abraham, Security and Compliance Specialist @ Google Cloud Topics: We talk about lift and shift vs cloud native, what are these and are they fair characterizations? Is lift and shift always negative? Does it always harm security? Are security planning needs different between them? What are the fundamentals with security during cloud migration that you have to get right regardless? What’s your advice to a security team to help make a migration work well? How do you account for threat model differences in the cloud? Are cloud threats being more different or more the same to the classic ones? Resources: “Google Cloud security foundations guide” "The Phoenix Project" book "Threat Models and Cloud Security" (ep12) "Preparing for Cloud Migrations from a CISO Perspective"  Part 1 (ep5) and Part2 (ep11)

Guest: Derek Abdine, CTO @ Censys.io Topics: Attack Surface Management (ASM). Why do we need a new toolset and  a new category? Isn’t this just 1980s asset management or CMDB? How do we find those assets that may have been misplaced by the organizations? How can any technology do this reliably? ASM seems to often rely on network layer 3 and 4. Can’t bad guys just hit the app endpoints and all your network is irrelevant then? When you think about the threats organizations face due to unknown assets, is data theft at the top of the stack? What should organizations keep in mind as a priority here? Who at an organization is best set up to receive, triage, investigate, and respond to the  alerts about the attack surface? Are there proactive steps organizations can take to prevent shadow IT, or are we stuck responding to each new signal? Isn’t preventing new assets the same as preventing business? Resources: “Cloud Misconfiguration Mayhem An Analysis of Service Exposure Across Cloud Providers“ “Attack Surface Management Buyer’s Guide”

Guest: Iman Ghanizada,   Solutions Manager for Security Operations & Analytics @ Google Cloud Topics: What is your book “Google Cloud Certified Professional Cloud Architect All-in-One Exam Guide” about?  What was your journey into writing this book, how long did it take? The book seems to be targeted towards Cloud Architects, but you come from a predominantly security background, how has that influenced your writing of this book? What does this have to do with The Certs Guy (14 certs!?)  and what's his mission? What’s the intersectional thinking on certificates and making our industry more accessible and inclusive? Do certs help or hurt this? So what’s your advice on certs for various career stages? What are some of the biggest architectural challenges you’ve seen in the field of Cloud Security? Resources: Book "Google Cloud Certified Professional Cloud Architect All-in-One Exam Guide" TheCertsGuy site

Guest: Vicente Diaz,  Threat Intelligence Strategist @ VirusTotal Topics: How would you describe modern threat hunting process? Share some of the more interesting examples of attacker activities or artifacts you've seen? Do we even hunt for malware? What gets you more concerned, malware or human attackers? How do you handle the risk of attackers knowing how you perform hunting? What is the role of threat research role for hunting? Do you need research to hunt well? Does threat research power attribution? How do you tell a good YARA rule from a bad one, and a great one? What’s the evolutionary journey for a YARA rule? What is your view on the future of hunting? Resources: YARA documentation "Deep Thinking: Where Machine Intelligence Ends and Human Creativity Begins" by Gary Kasparov  

Guest:  Sam Curry,  Chief Security Officer @ Cybereason and Visiting Fellow @ National Security Institute Topics: EDR was “invented” in 2013 and we are now in 2021. What do you consider to be modern EDR components and capabilities? Where has EDR fallen short on its initial hype? How focused are the attackers on bypassing EDR? How do you think EDR works in the cloud? In your view, how would future EDR work for containers, microservices, etc? Why aren’t we winning the war against ransomware? XDR is an interesting concept, so how do you define XDR? Is XDR just EDR++ or is XDR SIEM 4.0? Resources: “The Pyramid of Pain” blog by David Bianco “Named: Endpoint Threat Detection & Response” “Dune” book “The Bomber Mafia“ book