Cloud Security Podcast by Google
Anton Chuvakin
Cloud Security Podcast by Google focuses on security in the cloud, delivering security from the cloud, and all things at the intersection of security and cloud. Of course, we will also cover what we are doing in Google Cloud to help keep our users' data safe and workloads secure.
We're going to do our best to avoid security theater, and cut to the heart of real security questions and issues. Expect us to question threat models and ask if something is done for the data subject's benefit or just for organizational benefit.
We hope you'll join us if you're interested in where technology overlaps with process and bumps up against organizational design. We're hoping to attract listeners who are happy to hear conventional wisdom questioned, and who are curious about what lessons we can and can't keep as the world moves from on-premises computing to cloud computing.
We're going to do our best to avoid security theater, and cut to the heart of real security questions and issues. Expect us to question threat models and ask if something is done for the data subject's benefit or just for organizational benefit.
We hope you'll join us if you're interested in where technology overlaps with process and bumps up against organizational design. We're hoping to attract listeners who are happy to hear conventional wisdom questioned, and who are curious about what lessons we can and can't keep as the world moves from on-premises computing to cloud computing.
Episodes
Mentioned books
5 snips
Feb 10, 2025 • 27min
EP210 Cloud Security Surprises: Real Stories, Real Lessons, Real "Oh No!" Moments
Or Brokman, a Strategic Google Cloud Engineer specializing in cybersecurity, shares eye-opening insights from his cloud consulting experiences. He recounts one memorable case that revealed shocking security oversights. Brokman identifies a recurring mistake: prioritizing tools over processes, and discusses how to shift mindset. He emphasizes the vital need for collaboration between security and development teams to better protect organizations. His top advice for all companies? Focus on building a security-first culture to ensure successful cloud transformations.
10 snips
Feb 3, 2025 • 29min
EP209 vCISO in the Cloud: Navigating the New Security Landscape (and Don't Forget Resilience!)
Beth Cartier, a former CISO and founder of Initiative Security, dives into the evolving world of cloud security, particularly for small businesses and startups. She discusses the unique challenges and benefits of vCISO roles in the cloud. The conversation highlights the necessity of resilience in cybersecurity and how organizations are adapting to AI and other emerging trends. Cartier also shares valuable insights on elevating security's importance within companies and staying updated on evolving threats, emphasizing continuous learning in the rapidly changing landscape.
22 snips
Jan 27, 2025 • 31min
EP208 The Modern CISO: Balancing Risk, Innovation, and Business Strategy (And Where is Cloud?)
John Rogers, CISO at MSCI with a rich background in cybersecurity and financial services, shares his insights on the evolving landscape of CISO responsibilities. He discusses the balance between innovative approaches and the real risks faced by organizations, especially in cloud security. The conversation covers the importance of proactive strategies, collaboration between teams, and effective communication with executives. Rogers also emphasizes staying grounded in reality while being forward-looking, advocating for strategic planning to navigate the complex cyber threat environment.
18 snips
Jan 20, 2025 • 33min
EP207 Slaying the Ransomware Dragon: Can a Startup Succeed?
Bob Blakley, co-founder and chief product officer of Mimic, dives deep into the evolving threat of ransomware, tracing its transformation from extortion to a sophisticated exploitation tool influenced by cryptocurrency. He challenges conventional views, arguing that ransomware presents a unique security dilemma distinct from other malware. Bob also discusses the critical need for rapid, machine-speed responses and re-evaluating current cybersecurity practices, particularly within startups, to effectively combat this escalating menace.
12 snips
Jan 13, 2025 • 33min
EP206 Paying the Price: Ransomware's Rising Stakes in the Cloud
Ransomware is a growing threat, with evolving tactics that include data leaks and DDoS attacks. The podcast discusses the intricate business models of ransomware gangs, highlighting their aggressive extortion methods. Challenges specific to cloud environments are examined, stressing the importance of robust data governance. The ethical dilemma of whether to pay ransoms is a key topic, alongside practical advice for organizations to strengthen their defenses. Listeners gain insights into the interconnected roles of cyber insurance and corporate responsibility in combating this menace.
8 snips
Jan 6, 2025 • 28min
EP205 Cybersecurity Forecast 2025: Beyond the Hype and into the Reality
In this discussion, Andrew Kopcienski, a Principal Intelligence Analyst at Google Threat Intelligence Group, shares insights from the new Cybersecurity Forecast 2025 report. He addresses the misconceptions around AI's role in increasing threats, emphasizing the risk of compromised identities in hybrid environments. Andrew highlights the shift from phishing to stolen credentials and examines the growing complexities of zero-day vulnerabilities. He stresses the importance of effective detection strategies and regular audits to combat evolving threats, particularly from nation-state actors.
21 snips
Dec 23, 2024 • 31min
EP204 Beyond PCAST: Phil Venables on the Future of Resilience and Leading Indicators
Phil Venables, CISO at Google Cloud, dives into the increasing obsession with resilience in cybersecurity, potentially sparked by the rise of ransomware. He discusses the PCAST report’s origins and stresses the importance of shifting from lagging to leading indicators for security. Venables introduces 'Cyber-Physical Modularity' as a key concept for enhancing critical infrastructure resilience. He also emphasizes rigorous stress testing and shares insights on overcoming challenges in implementing these strategies, suggesting that organizations can gain resilience benefits by leveraging Google Cloud.
18 snips
Dec 16, 2024 • 37min
EP203 Cloud Shared Responsibility: Beyond the Blame Game with Rich Mogull
Rich Mogull, SVP of Cloud Security at FireMon and CEO at Securosis, dives into the intricacies of cloud security responsibility. He introduces the Cloud Shared Irresponsibilities Model, suggesting that cloud providers bear some blame in breaches due to customer misconfigurations. The discussion includes insights on what 'using the cloud securely' really means today and how to effectively teach cloud security. Rich also touches on balancing free and paid security features in the cloud and shares his top lesson for safer cloud practices.
19 snips
Dec 9, 2024 • 37min
EP202 Beyond Tiered SOCs: Detection as Code and the Rise of Response Engineering
Amine Besson, Tech Lead on Detection Engineering at Behemoth Cyberdefence, shares his insights on the evolution of security operations and the importance of detection engineering. He discusses the inadequacies of traditional tiered SOCs against modern threats and introduces 'detection as code' as a transformative approach. Amine also elaborates on the fusion of threat intelligence with detection and response, stressing real-time actionable insights. Finally, he highlights new architectures like OpenTIDE that enhance threat detection and efficiency.
10 snips
Dec 2, 2024 • 37min
EP201 Every CTO Should Be a CSTO (Or Else!) - Transformation Lessons from The Hoff
Chris Hoff, Chief Secure Technology Officer at LastPass, shares his journey of transforming tech stacks post-incident. He emphasizes that every CTO should adopt a security-first approach, combining technology with cultural shifts. He reveals the importance of integrating security into decision-making and enhancing telemetry for observability. Hoff humorously navigates the complex world of cloud technology, highlighting the need for resilience and collaboration in security. His insights on proactive cybersecurity offer valuable lessons for others in tech.
