Cloud Security Podcast by Google

Guests:  Alison Reyes, Director, Security Solutions, Google Cloud Iman Ghanizada, Solutions Manager for Security Operations & Analytics @ Google Cloud Topics: What is our thinking on solutions vs products for security? Sure, “security is a process, not a product,” but where do solutions fit in? Security as an industry has too many vendors with little understanding of how users secure things, can solutions approach fix that? Google is sometimes known for writing code and just throwing it out there, do solutions change that dynamic for Google Cloud clients who come to us for security? Who are the target users for our security solutions? Why did we choose those solutions and not others? To me, solutions is how our products actually live in the real world. But can we really hope to transform customer operations with solutions? One of the solutions dear to my heart is Autonomic Security Operations that seeks to “10X the SOC”, how was the experience so far? Is 10X real and what does it mean? How do we know if we succeeded, what are metrics for solutions? How do solutions fit with Google Cybersecurity  Action Team launch? Do we need more action figures now?  Resources: Google Cybersecurity Action Team NEXT Special - Google Cybersecurity Action Team: What's the Story? Google SRE books Autonomic Security Operations Web App and API Protection Achieving Autonomic Security Operations: Reducing toil Autonomic Security Operations: 10X Transformation of the Security Operations Center

Guests: Vlad Stolyarov, Security Engineer  @ Threat Analysis Group (TAG) Vicente Diaz,  Threat Intelligence Strategist @ VirusTotal Topics: Why GandCrab / REvil was the most popular ransomware  family in 2020? What is ransomware as a service? Is every scary article about ransomware essentially marketing for the criminals? Some ransomware payoffs are huge, how do you think they spend the money? How else do they profit off stolen data apart from double extortion schemes? Are there triple extortion schemes? What is the concept of a “trusted brand in ransomware”, is it better for clients because they will return the data? Why did non-Windows ransomware fail as a business? Do we expect 0day exploits  to become more popular in ransomware? Based on this research, what is the key reason for ransomware’s wild success? Resources: “Ransomware in a Global Context” report “Malware Hunting with VirusTotal” (ep30) Google TAG blog NoMoreRansom Org “Cybereason: 80% of orgs that paid the ransom were hit again” Google Cybersecurity Action Team Threat  Horizons Report (full, brief)

Guest: Mike Orosz, a Chief Information and Product Security Officer @ Vertiv Topics: What are your views on modern SIEM?  What should it do and what should it be? Should it even be called SIEM?  Is SaaS/cloud-native SIEM the only way to go? Can anybody build a SIEM in the cloud by installing the regular SIEM on IaaS? What are the top challenges for organizations deploying and operationalizing SIEM today? What are some hidden or commonly forgotten costs for a SIEM deployment? Is open source the answer to SIEM? SIEM today should deliver on detection, hunting and investigation use cases, so what does it mean in terms of practical data retention? Resources: "On “Output-driven” SIEM" "Fake Cloud: Now There Are Two Hands in Your Pocket"

Guests: Amber Shafi, Production Manager GSK Svetlin Zamfirov, Senior Platform Engineer at GSK Ivan Angelov, Principal Platform Engineer at GSK Topics: Tell us about your team, what are you responsible for and how is the team setup to make that happen? What components of cloud security do you cover? Tell us about cloud misconfigurations and why these are different from on- premise misconfiguration? How are you discovering these misconfigurations?  You've automated responses to misconfiguration. Beyond the obvious upsides of reducing team toil and time to response, what are the other benefits? Are there risk in this approach and how are they handled? How did this idea to automate come about, and what lessons did you learn along the way? How have you integrated with the cloud provider security tooling? Resources:  “Automate and/or Die?” (ep3) “Automating Response to Security Events on Google Cloud Platform” from GSK blog GCP security blog

Guest: MK Palmore, Director at Office of the CISO,  Google Cloud, member of Cybersecurity Action Team Topics: Why is there such a huge gap in security professionals who are women and people of color? How does the lack of women and people of color in tech impact the industry, cybersecurity & tech overall? Are diverse teams better performing, better morale, happier people? Are there kinds of threats that we miss in threat modeling exercises for lack of diverse team members? We’ve seen countless examples where AI/ML systems have had problems with laundering biases and having frankly appalling issues due to biased training data. What are security implications here?  Are there organizations helping to close the representation gap in the security workforce and the cloud workforce? Why do the big tech companies and even the smaller ones have trouble identifying diverse talent? Why is this hard even for people and organizations who clearly want to improve it? Why do companies have a hard time retaining diverse talent?  Resources: Cyversity Wicys

CEO of Material Security, Ryan Noon, discusses the challenges of email security beyond phishing. The podcast explores the concept of email security as an application security problem and the importance of protecting sensitive information in a zero trust world. It delves into challenges in the cybersecurity industry and offers tips on enhancing email security. Book recommendations are also provided.

Guests Elie Bursztein, security, anti-abuse and privacy researcher @ Google Kurt Thomas, security, anti-abuse and privacy researcher @ Google Topics: Can we say that “Multi-Factor Authentication - if done well - fixes phishing for good” or is this too much to say? What are the realistic and seen-in-the-wild bypasses for MFA as a protection? How do you think these controls fare vs top tier attackers (clearly, they work vs commodity threats)? What do we know about burden vs value of MFA today? What can we realistically do to increase MFA/2FA adoption to the 90%s? Can we share anything about what we’re seeing as industry benchmarks on MFA adoption so far?  We’ve seen a lot of ugly debates over the value of SMS as MFA, what is your research-based take on this? Resources: Google Titan Security Key “Malicious Documents Emerging Trends: A Gmail Perspective” (RSA 2020) “New research: How effective is basic account hygiene at preventing hijacking” “New Research: Lessons from Password Checkup in action” “New research reveals who’s targeted by email attacks” “New research: Understanding the root cause of account takeover” “"Why wouldn't someone think of democracy as a target?": Security practices & challenges of people involved with U.S. political campaigns” "Tales from the Trenches: Using AI for Gmail Security" (ep28)

Guest: Jared Atkinson, Adversary Detection Technical Director at SpecterOps Topics: What are bad/good/great detections? Is this all about the Bianco's pyramid? Is high good and low bad? How should we judge the quality of detections? Can there be a quality framework? Is that judgment going to be site specific? What should we do to build more good directions? Is this all about reducing false positives? Can we really measure false negatives? How can we approach this? How can we test for detection goodness in the real world? What are the methods that work? It can’t be just about paper ATT&CK coverage, right? What are your top 3 tips for improving the detection practice at an organization? Resources: “The Pyramid of Pain” post by David Bianco “On Threat Detection Uncertainty” “Detection Coverage and Detection-in-Depth”  “Detection in Depth” by SpecterOps “Philosophy of Science: Rationality Without Foundations" by Karl Popper (yes, really) Red Canary “2021 Threat Detection Report”  "The Black Swan: The Impact of the Highly Improbable" by Nassim Nicholas Taleb John Piaget's theory of cognitive development

Guests: Stephanie Wong Vicente Diaz, Jerome McFarland Scott Ellis Patrick Faucher Il-Sung Lee, Anoosh Saboori Topics: What is your session about? Why would audience care? What is special about your security technology? Resources: Google Cloud Next 2021 SEC212 6 layers of GCP data center security SEC101 Ransomware and cyber resilience SEC204 Take charge  of your sensitive data SEC207 Securing the software supply chain SEC300 Trust the cloud more by trusting it less: Ubiquitous data encryption

Guest: Phil Venables (@philvenables), Vice President, Chief Information Security Officer (CISO) @ Google Cloud Topics: We are here to talk Google Cybersecurity Action Team, and this is your brainchild, so tell our audience the origin of this idea? How is Cybersecurity Action Team going to help secure GCP enterprise clients? Is there also a “improve the security of the internet” story? Many organizations seem stuck in the pre-cloud thinking and mental models, can Cybersecurity Action Team help them transform their security? How? When we sometimes present our security innovations to clients, they say “but we are not Google”, so how does Cybersecurity Action Team help us bring more of Google Cybersecurity to the world? What else do we plan to do with Cybersecurity Action Team to help customers modernize their security? How should customers engage with Cybersecurity Action Team? Resources: Google Cybersecurity Action Team "Google Announces Cybersecurity Action Team to Support the Security Transformations of Public and Private Sector Organizations” “Site Reliability Engineering” book (free) “Autonomic Security Operations: 10X Transformation of the Security Operations Center” paper