AWS for Software Companies Podcast

In this AWS panel discussion, Naveen Rao, VP of AI of Databricks and Vijay Karunamurthy, Field CTO of Scale AI share practical insights on implementing generative AI in enterprises, leveraging private data effectively, and building reliable production systems.Topics Include:Sherry Marcus introduces panel discussion on generative AI adoptionScale AI helps make AI models more reliableDatabricks focuses on customizing AI with company dataCompanies often stressed about where to start with AIBoard-level pressure driving many enterprise AI initiativesStart by defining specific goals and success metricsBuild evaluations first before implementing AI solutionsAvoid rushing into demos without proper planningEnterprise data vastly exceeds public training data volumeCustomer support histories valuable for AI trainingModels learning to anticipate customer follow-up questionsProduction concerns: cost, latency, and accuracy trade-offsGood telemetry crucial for diagnosing AI application issuesSpeed matters more for prose, accuracy for legal documentsCost becomes important once systems begin scaling upOrganizations struggle with poor quality existing dataPrivacy crucial when leveraging internal business dataRole-based access control essential for regulated industriesAI can help locate relevant data across legacy systemsModels need organizational awareness to find data effectivelyPrivate data behind firewalls most valuable for AICustomization gives competitive advantage over generic modelsCurrent AI models primarily do flexible data recallNext few years: focus on deriving business valueFuture developments in causal inference expected post-5 yearsComplex multi-agent systems becoming more importantScale AI developing "humanity's last exam" evaluation metricDiscussion of responsibility and liability in AI decisionsCompanies must stand behind their AI system outputsExisting compliance frameworks can be adapted for AIParticipants:Naveen Rao – VP of AI, DatabricksVijay Karunamurthy – Field CTO, Scale AISherry Marcus Ph.D. - Director, Applied Science, AWSSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Suresh Vasudevan, CEO of Sysdig, discusses the evolving challenges of cloud security incident response and the need for new approaches to mitigate organizational risk.Topics Include:Cybersecurity regulations mandate incident response reporting.Challenges of cloud breach detection and response.Complex cloud attack patterns: reconnaissance, lateral movement, exploit.Rapid exploitation - minutes vs. days for on-prem.Importance of runtime, identity, and control plane monitoring.Limitations of EDR and SIEM tools for cloud.Coordinated incident response across security, DevOps, executives.Criticality of pre-defined incident response plans.Increased CISO personal liability risk and mitigation.Documenting security team's diligence to demonstrate due care.Establishing strong partnerships with legal and audit teams.Covering defensive steps in internal communications.Sysdig's cloud-native security approach and Falco project.Balancing prevention, detection, and response capabilities.Integrating security tooling with customer workflows and SOCs.Providing 24/7 monitoring and rapid response services.Correlating workload, identity, and control plane activities.Detecting unusual reconnaissance and lateral movement behaviors.Daisy-chaining events to identify potential compromise chains.Tracking historical identity activity patterns for anomaly detection.Aligning security with business impact assessment and reporting.Adapting SOC team skills for cloud-native environments.Resource and disruption cost concerns for cloud agents.Importance of "do no harm" philosophy for response.Enhancing existing security data sources with cloud context.Challenges of post-incident forensics vs. real-time response.Bridging security, DevOps, and executive domains.Establishing pre-approved incident response stakeholder roles.Maintaining documentation to demonstrate proper investigation.Evolving CISO role and personal liability considerations.Proactive management of cyber risk at board level.Developing strong general counsel and audit relationships.Transparency in internal communications to avoid discovery risks.Security teams as business partners, not just technicians.Sysdig's cloud security expertise and open-source contributions.Participants:·        Suresh Vasudevan – CEO, SysdigSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

From hard-coded credentials to boardroom buy-in, join four tech security leaders from Clumio, Mongo DB, Symphony and AWS, as they unpack how building the right security culture can be your organization's strongest defense against cyber threats.Topics Include:Security culture is crucial for managing organizational cyber riskGood culture enables quick decision-making without constant expert consultationMany security incidents occur from well-meaning people getting dupedPanel includes leaders from AWS, Symphony, MongoDB, and ClumioMeasuring security culture requires both quantitative and qualitative metricsBoard-level engagement indicates organizational security culture maturitySelf-reporting of security incidents shows positive cultural developmentSecurity committees' participation helps measure cultural engagementHard-coded credentials remain persistent problem across organizationsInternal audits and risk committees strengthen security governancePublic security incidents change board conversations about prioritiesLeadership vulnerability and transparency help build trustBeing pragmatic beats emotional responses in security leadershipSecurity programs should align with business revenue goalsCustomer security requirements drive program improvementsExcessive security questionnaires drain resources from actual securitySecurity culture started as exclusionary, evolved toward collaborationFinancial institutions often create unnecessary compliance burdenEarly security involvement in product development prevents delaysSecurity teams must match development team speedTrust between security and development teams enables efficiencySmall security teams can support large enterprise requirementsVendor partnerships help scale security capabilitiesProcess changes work better than adding security toolsSecurity leaders need deep business knowledgeTechnical depth and breadth remain essential skillsEvangelism capability critical for security leadership successInfluencing without authority key for security effectivenessCrisis moments create opportunities for security improvementSocializing between security and development teams builds trustDEF CON attendance helps developers understand security perspectiveBug bounty programs provide continuous security feedbackRegular informal meetings between teams improve collaborationBuilding personal relationships improves security outcomesModern security leadership requires balance of IQ and EQParticipants:Jacob Berry – Head of Information Security, ClumioGeorge Gerchow – Interim CISO, Head of Trust, Mongo DBBrad Levy – Chief Executive Officer, SymphonyBrendan Staveley – Global Sales Leader, Security Services, Amazon Web ServicesSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

AWS executive Giancarlo Casella explains how organizations can navigate global privacy regulations and achieve compliant international expansion using AWS's privacy reference architecture.Topics Include:Welcome to executive forum on security and Gen AIIntroduction of Giancarlo Casella from AWS Security Assurance ServicesAWS helps organizations with compliance and audit readinessGlobal expansion requires understanding local privacy lawsGermany and France interpret GDPR differentlyGermany has Federal Data Protection Act (BDSG)France focuses on consumer privacy through CENILRisk of non-compliance includes fines and reputation damagePrivacy laws existed in only 10 countries in 2000EU Privacy Directive of 1990 was prominentBy 2010, forty countries had privacy lawsHIPAA and GLBA introduced in United StatesNow over 150 countries have privacy regulations75% of world population under privacy laws soonRegulations are vague and open to interpretationGDPR example: encryption requirements lack specificityNeed right stakeholders for privacy complianceLegal team must lead privacy interpretationEngineering implements technical privacy aspectsRisk and compliance teams coordinate evidence gatheringData Protection Officer oversees entire programCIO, CTO, CISO alignment creates strong foundationSecurity transforms from bureaucratic to revenue enablerAWS develops cloud-specific privacy reference architectureIndustry standards provide guidance frameworksAWS privacy reference architecture focuses on cloud specificsData minimization and individual autonomy are keyCase study: Middle Eastern AI company expands to CanadaCompany used CCTV at gas stationsCreated privacy baseline and roadmapData flow documentation essential for complianceContinuous compliance strategy helps enable successAligning stakeholders across different organizational linesFuture of US federal privacy regulation discussedDiscussion of responsible AI usage requirementsParticipants:Giancarlo Casella - Head of Business Development and Growth Strategies, AWS Security Assurance ServicesSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Haggai Polak – Chief Product Officer, Securonix and a veteran cybersecurity expert examines how artificial intelligence, quantum computing, and resource constraints are fundamentally transforming the threat landscape for security leadersTopics Include:AI transformation of cybersecurity landscape from past tactical focusCISO accountability and regulatory pressures increasing significantlyAttack surface expanding beyond traditional network boundariesQuantum computing threatens current cryptographic protectionsDefenders remain understaffed and outmatched against sophisticated threatsSecuronix leads SIEM/SOAR space with 1000+ global customersWorld Economic Forum identifies misinformation/disinformation as major crisisAI benefits attackers more than defenders currentlySmall/medium enterprises falling below cyber poverty lineAI enables faster, more sophisticated malware developmentDeepfakes caused $25M loss in Hong Kong CFO impersonationDigital tsunami: broadband, IoT, cloud everywhere expanding attack surface50+ democracies face election security challenges in 2024Cloud intrusions increased 75% between 2022-2023Quantum-resistant cryptography transition needed within 10 yearsSEC regulations require specific cybersecurity incident disclosure guidelines4 million unfilled cybersecurity positions globallyCybercrime-as-a-Service growing, estimated $1.6B annual revenue81% of organizations faced ransomware attacks in 2023Insider threats increasing with remote work adoption30,000+ vulnerabilities published last year, half critical/highMean time to exploit now 44 daysSecuronix Eon leverages AI to increase analyst efficiencyDark web selling corporate credentials for $10,000Balance needed between protection and detection/response investmentsParticipants:Haggai Polak – Chief Product Officer, SecuronixSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Dr. Yanbing Li, Chief Product Officer at Datadog, outlines how the company has integrated AI and automation into its incident response framework, helping customers manage both traditional security challenges and emerging AI-specific risks.Topics Include:Introduced talk about incident response and CISO liabilityDatadog founded 14 years ago for cloud-based developmentPlatform unifies observability and security for cloud applicationsCurrent environment has too many fragmented security productsSEC requires material incident reporting within four daysDatadog's incident response automates Slack room creationResponse team includes Legal, Security, Engineering, and ProductSystem tracks non-material incidents to identify concerning patternsReal-time telemetry data drives incident management automationOn-call capabilities manage escalation workflowsDatadog uses own products internally for incident responseCompany focuses on reducing time to incident detectionAI brings new risks: hallucination, data leaks, design exploitationBits.ai launched as LLM-based incident management co-pilotTool synthesizes events and generates incident summariesBits.ai suggests code remediation and creates synthetic testsSecurity built into AI products from initial designPrompt injection prevented through structured validation approachSensitive data anonymized before LLM processingEngineering and security teams collaborate closely on AILLM observability becoming critical for production deploymentsCustomers need monitoring for hallucinations and token usageDatadog extends infrastructure monitoring into security naturallyCompany maintains strong partnership with AWSQ&A covered Bits.ai proactive capabilities and enterprise differentiationParticipants:Yanbing Li – Chief Product Officer - DatadogSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Sanjay Kalra of Zscaler and Randy DeFauw of Amazon Web Services explore the hidden dangers of generative AI security—from invisible text manipulation and deep fakes to data poisoning and dark AI models—while offering practical strategies for protecting your enterprise in this era of generative AI.Topics Include:AI security threats grouped into data, malicious use, trust/safetyData security critical for SaaS-based AI servicesModel training data vulnerable to poisoning and manipulationGenAI lacks traditional data deletion capabilitiesAccess controls difficult once data becomes model embeddingsPrompt injection attacks becoming widespread, with libraries available onlineDeepfake scams increasing in sophistication and frequencyAI enhancing phishing attacks with better written contentDark AI models emerging specifically for malicious purposesModel hallucinations being exploited for security attacksAI accelerating analysis of stolen dataShadow AI usage by employees poses security risksExisting vendor AI integration creating unexpected security challengesFine-grained access controls essential for AI applicationsPII protection critical in both inputs and outputsComprehensive prompt and response logging necessaryInvisible text manipulation emerging in resumes and RFPsModel fine-tuning can compromise built-in security guardrailsMulti-language inputs create new security considerationsCompetition-sensitive content requires careful AI managementAI firewalls needed for input/output monitoringRegular security testing required for AI modelsAI compliance standards emerging globallyMulti-modal AI creating new security challengesBrowser isolation helping control AI application usageParticipants:Sanjay Kalra – Product Management at ZscalerRandy DeFauw – Senior Principal Solutions Architect, Amazon Web ServicesSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

This illuminating conversation with CyberArk's SVP of Finance, Nili Serr-Reuven, reveals how the 25-year-old cybersecurity leader successfully transformed from a traditional software company to a SaaS business model in just five quarters - far faster than the industry standard of 2-2.5 years - while maintaining strong margins and customer trust throughout the transition.Topics Include:Introduction to SaaS transformation challenges and opportunities.Tomaz Perc introduces Nili Serr Reuven from CyberArk.Overview of CyberArk's 25-year history and milestones.Transition from a perpetual model to SaaS.CyberArk's accelerated transformation in just five quarters.Challenges of shifting from product-centric to customer-centric.Importance of market research and peer consultations.Key role of cross-functional collaboration in success.Explanation of "swallowing the fish" in SaaS.Managing short-term revenue drops during SaaS transformation.CyberArk's 70% SaaS revenue share post-transformation.Impact of global economic challenges on business strategy.CyberArk's robust demand for identity security solutions.Strategic leadership's role in transformation execution.CyberArk's disciplined financial planning during uncertainty.Establishing KPIs like ARR and customer satisfaction.Managing rising cloud costs with FinOps practices.CyberArk's approach to pricing and packaging SaaS solutions.Leveraging acquisitions to speed up SaaS capabilities.Impact of transformation on CyberArk's finance department.Evolution of finance roles to support SaaS growth.Communication with investors during transformative periods.The importance of cultural shifts in transformation success.Continuous learning, transparency, and collaboration as cornerstones.Advice for future SaaS leaders: plan, communicate, adapt.Participants:Nili Serr Reuven – SVP Corporate Finance, CyberArkTomaz Perc – SaaS Business Lead, Amazon Web ServicesSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Soumya Banerjee, Associate Partner at McKinsey and Company, shares a comprehensive data-driven exploration of how generative AI is transforming the cybersecurity landscape, revealing emerging threats, organizational challenges, and strategic opportunities for security professionals.Topics Include:AI's transformative potential in cybersecuritySurvey of 500 cybersecurity professionalsGenerative AI's impact on security landscapeRising sophistication of phishing attacksThreat actors leveraging generative AIDeepfake technologies circumventing biometric controlsCybersecurity companies' valuation and growthPlatform versus point solution debatesExpanding cybersecurity attack surfacesCloud security emerging as top priorityAI use cases in threat detectionGenerative AI risks for organizationsSecuring AI investments and budgetsData protection and sensitive information challengesRegulatory scrutiny of AI technologiesTalent gaps in cybersecurity sectorEvolving cyber insurance risk modelsIdentity and access management trendsAPI and machine identity securityLLM prompt and data protectionEnterprise strategies for AI adoptionEmerging technologies for cybersecurity defensePartnerships between cybersecurity vendorsDisclosure risks in generative AIFuture of cybersecurity technology landscapeParticipants:·        Soumya Banerjee – Associate Partner at McKinsey and CompanySee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Brendan Ittelson, Chief Ecosystem Officer of Zoom and Fedrico Torreti of AWS share how Zoom and AWS are leveraging generative AI to revolutionize application development, enhance cross-app personalization, and streamline user experiences with intelligent communication tools.Topics Include:Introduction of speakers and session overview.Generative AI's disruptive impact across industries.Reimagining customer experiences with generative AI.Driving productivity through AI-powered applications.Challenges faced by application developers with AI integration.Importance of AI as a collaborator, not replacement.Cross-functional workplace complexity with multiple apps.Reducing task redundancy via generative AI automation.Case study: AI accelerating creative project briefings.Business outcomes achieved through thoughtful AI implementation.McKinsey and Gartner projections on generative AI's potential.Top use cases: R&D, customer operations, sales, marketing.Bridging data silos for richer user experiences.Security and compliance challenges in AI implementations.Zoom's federated model for adaptable AI architecture.Meeting summaries powered by Zoom AI Companion.Expanding generative AI into chat, whiteboards, voicemails.Vision for AI amplifying, simplifying, and delegating tasks.Integrating external data for personalized user experiences.Open platform approach for seamless data exchange.AI Companion empowering users with actionable insights.Role of AWS in enabling AI-first solutions.Addressing notification overload with smarter AI design.Enhancing end-to-end workflows with unified AI tools.Encouragement for developers to embrace thoughtful AI adoption.Participants:Brendan Ittelson - Chief Ecosystem Officer, ZoomFedrico Torreti - Head of Product, AppFabric, AWSSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/