Cloud Security Podcast by Google
Anton Chuvakin
Cloud Security Podcast by Google focuses on security in the cloud, delivering security from the cloud, and all things at the intersection of security and cloud. Of course, we will also cover what we are doing in Google Cloud to help keep our users' data safe and workloads secure.
We’re going to do our best to avoid security theater, and cut to the heart of real security questions and issues. Expect us to question threat models and ask if something is done for the data subject’s benefit or just for organizational benefit.
We hope you’ll join us if you’re interested in where technology overlaps with process and bumps up against organizational design. We’re hoping to attract listeners who are happy to hear conventional wisdom questioned, and who are curious about what lessons we can and can’t keep as the world moves from on-premises computing to cloud computing.
We’re going to do our best to avoid security theater, and cut to the heart of real security questions and issues. Expect us to question threat models and ask if something is done for the data subject’s benefit or just for organizational benefit.
We hope you’ll join us if you’re interested in where technology overlaps with process and bumps up against organizational design. We’re hoping to attract listeners who are happy to hear conventional wisdom questioned, and who are curious about what lessons we can and can’t keep as the world moves from on-premises computing to cloud computing.
Episodes
Mentioned books
May 27, 2024 • 22min
EP174 How to Measure and Improve Your Cloud Incident Response Readiness: A New Framework
Angelika Rohrer, Sr. Technical Program Manager at Alphabet, discusses the Continuous Improvement Framework for cloud incident response readiness, emphasizing the importance of proactive preparation. Topics include overcoming easy metrics, Google's best practices, real-world examples, and practical implementation advice for organizations.
7 snips
May 20, 2024 • 33min
EP173 SAIF in Focus: 5 AI Security Risks and SAIF Mitigations
Shan Rao, Google's Group Product Manager, discusses AI security risks in cloud environments, covering 5 risks and popular SAIF mitigations. He talks about moving quickly and securely with AI, future trends in securing AI, and the integration of AI security with other domains. The podcast provides various resources for securing AI products with Google SAIF.
9 snips
May 13, 2024 • 27min
EP172 RSA 2024: Separating AI Signal from Noise, SecOps Evolves, XDR Declines?
Exploring the rise of AI buzzwords and decline of XDR in cybersecurity at RSA 2024. Is AI just hype or the real deal? SecOps evolution, cloud security's focus on CSPM, and the battle between security platforms and focused tools. Exciting risks in AI security and the challenges of managing system outputs and model theft risks.
May 6, 2024 • 27min
EP171 GenAI in the Wrong Hands: Unmasking the Threat of Malicious AI and Defending Against the Dark Side
Elie Bursztein, Google DeepMind Cybersecurity Research Lead, discusses the threats of malicious AI in the wrong hands, state-sponsored actors using AI for cyber attacks, and the debate on AI's impact on security. He also touches on vulnerability discovery and why AI favors defenders. The podcast explores real risks of AI in cyber security and the importance of securing AI systems against potential misuse.
7 snips
Apr 29, 2024 • 28min
EP170 Redefining Security Operations: Practical Applications of GenAI in the SOC
Payal Chakravarty, Director of Product Management at Google SecOps, discusses practical applications of GenAI in security operations, challenges, and risks. The podcast explores the role of AI in empowering junior analysts, automation in SOAR, and enhancing security measures. Future insights on AI in security operations and recommended reading are also discussed.
10 snips
Apr 22, 2024 • 28min
EP169 Google Cloud Next 2024 Recap: Is Cloud an Island, So Much AI, Bots in SecOps
The hosts recap Google Cloud Next 2024, highlighting fun security launches, favorite sessions, and new security ideas inspired by the event. They discuss the evolution of cloud-native security, explore new security vendors and the CNAB framework, and delve into the interplay of cloud security, AI, and emerging threats. They also touch on embracing curiosity in technology and science fiction.
13 snips
Apr 15, 2024 • 33min
EP168 Beyond Regular LLMs: How SecLM Enhances Security and What Teams Can Do With It
Join Umesh Shankar and Scott Coull as they discuss teaching AI security, the benefits of security-trained LLMs, the practical applications for security teams, and the feedback on impact. Explore the limitations of LLMs for security tasks and the importance of task-specific training. Delve into using cloud audit logs for anomaly detection and the challenges of intelligent summarization in the security context.
10 snips
Apr 8, 2024 • 25min
EP167 Stolen Cards and Fake Accounts: Defending Google Cloud Against Abuse
Guest Maria Riaz, an Engineering Lead at Google Cloud, discusses counter-abuse and security on GCP, dealing with stolen cards, and relevant competencies for this field. They explore academic vs industry experience, popular abuse types like coin mining, and innovative abuse strategies at Google, emphasizing problem-solving and user safety.
15 snips
Apr 1, 2024 • 30min
EP166 Workload Identity, Zero Trust and SPIFFE (Also Turtles!)
Guests Evan Gilman and Eli Nesterov discuss workload identity, zero trust, and SPIFFE in a lively podcast. They delve into the challenges faced by large organizations, the benefits of adopting modern security paradigms like SPIFFE, and the importance of reimagining traditional technologies for cloud environments. The conversation also touches on the concept of 'solving the bottom turtle' in workload identity and security.
5 snips
Mar 25, 2024 • 25min
EP165 Your Cloud Is Not a Pet - Decoding 'Shifting Left' for Cloud Security
Ahmad Robinson, Cloud Security Architect at Google, discusses 'Pets vs Cattle' mentality in cloud operations, shifting left in cloud security, and the confusion around Policy as Code. He emphasizes the importance of scalability, standardization, and collaboration among teams for efficient security practices.
