Cyber Security & Cloud Podcast

  This is an enlightening conversation with Michael Smith exploring the intersection between vulnerabilities, DDoS and WAF technologies.  Join us as we reconvene with cybersecurity virtuoso Michael Smith, Field CTO at Verkara, for a rerecording further to explore the fascinating intersection of cybersecurity and cloud technology. Listen in as Michael brings his wealth of experience from military intelligence to web application development to the table, shedding light on how engineering and integration teams navigate regulations and government sector compliance.   The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence. Our conversation ventures into the complexities of application security and the strategic utilization of vulnerabilities. Venture into the murky waters of cyberattacks with us as we discuss how vulnerabilities can be harnessed for DDoS attacks, causing chaos at both the network and application layers. Hear about Phoenix Security Limited's role in software security and how unvalidated pagination can be exploited to strain databases and servers. We wrap up this segment by contrasting the precision of these attacks with broader network-level DDoS strategies, offering insight into crafting robust cybersecurity defenses. Cap off this episode with a crucial discussion on the ethical dimensions of technology. Discover the challenges of differentiating between benign and malicious bot activity, and how technologies like domain fronting have dual purposes. We stress the importance of vigilance and responsibility in the tech sphere, where the same tools can secure or compromise systems. Remember to stay engaged with the content by checking your logs for anomalies and sharing your thoughts for a chance to win an Amazon gift card. Michael's insights are a reminder of the persistent evolution and nuanced nature of cybersecurity in our interconnected world.   Tune in to this enlightening episode to equip yourself with the knowledge and insights needed to navigate the evolving landscape of cybersecurity. 00:02: Introduction to Cybersecurity and Cloud Podcast 00:53: Host and Guest Introduction 01:40: Michael Smith's Journey in Cybersecurity 03:23: Shift Towards Security 04:22: The Evolution of Cybersecurity Roles 06:58: Challenges in IoT and Hardware Security 08:22: Insights from Akamai and Handling Major Incidents 09:58: The Evolution of Cybersecurity Threats 11:35: The Current State of Cybersecurity 14:49: The Future of Cybersecurity and Emerging Threats 17:22: Leveraging Vulnerabilities for DDoS Attacks 22:51: Addressing Sophisticated Cybersecurity Threats 26:27: Advanced Cybersecurity Techniques and Challenges 29:00: The Importance of Collaboration in Cybersecurity 33:58: Closing Thoughts and Positive Takeaways 39:01: Outro and Acknowledgments   Micahel Smith Linkedin: https://www.linkedin.com/in/rybolov/    Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 Linkedin: linkedin.com/in/fracipo  #CSCP #cybermentoringmonday cybercloudpodcast.com    Social Media Links  Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ Linkedin: https://www.linkedin.com/company/35703565/admin/  
 Twitter: https://twitter.com/podcast_cyber   
 Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/  You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
 Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ    #Cybersecurity, #appsec #waf 

  This is an enlighting conversation with Jay Jacobs  - Exploring the Future of Vulnerability Management and Data Science Unlock the secrets of cybersecurity's intricate dance with data science as I, Francesco Cipollone, sit down with tech wizard J Jacobs, co-founder of Cyanthia. Prepare to be captivated by J's inspiring tech odyssey, from his youthful fascination with computing to his trailblazing efforts in quantifying cyber risk. We navigate his professional voyage, spanning IT, pen testing and cryptography, revealing how his deep dive into data science has revolutionized our approach to cyber threats. J also imparts his wisdom on the crucial role of statistics and key management in cryptography, offering priceless insights for anyone invested in fortifying their digital defenses.   The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence.   The journey of vulnerability assessment tools takes center stage as I recount the sophisticated evolution of the Exploit Prediction Scoring System (EPSS). From its humble beginnings as a logistic regression to becoming a powerful API, EPSS serves as a beacon for security professionals looking to quantify the once nebulous concept of risk. The discussion illuminates the delicate dance between utility and data privacy, the quest for a universal risk score, and the aspirational future of EPSS, incorporating additional variables to refine its predictive precision. Finally, J and I tackle the real-world implications of vulnerability management through the lens of EPSS. We dissect the interplay between EPSS scores and CVSS ratings, using the Log4Shell incident to emphasize the critical need for broader threat intelligence. By acknowledging the system's limitations and the nuances within open-source vulnerability analysis, we champion the importance of narrative in data interpretation. With a call to action, we invite the cybersecurity community to join forces, enhancing our collective defense through dialogue and open-source innovation.   Tune in to this enlightening episode to equip yourself with the knowledge and insights needed to navigate the evolving landscape of cybersecurity.   (03:41 - 04:47) Exploring Cryptography and Managing Key Security (66 Seconds) (07:41 - 08:52) Epss (71 Seconds) (11:46 - 12:56) The Beauty of EPSS and Application Security Angle (70 Seconds) (18:02 - 19:16) Exploring EPSS Scores and Vulnerabilities (74 Seconds) (25:27 - 27:09) EPSS and Its Challenges in AppSec (102 Seconds) (31:03 - 32:04) Improving Scanning Tools and Analyzing Vulnerabilities (62 Seconds)   Jay Jacobs Linkedin: https://www.linkedin.com/in/jayjacobs1/  Twitter: https://twitter.com/jayjacobs  Cyentia: https://twitter.com/cyentiainst  EPSS: https://www.first.org/epss/#:~:text=The%20Exploit%20Prediction%20Scoring%20System,be%20exploited%20in%20the%20wild.  YL Profile: https://www.ylventures.com/people/caleb-sima/    Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 Linkedin: linkedin.com/in/fracipo  #CSCP #cybermentoringmonday cybercloudpodcast.com    Social Media Links  Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ Linkedin: https://www.linkedin.com/company/35703565/admin/  
 Twitter: https://twitter.com/podcast_cyber   
 Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/  You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
 Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ    #Cybersecurity, #ai, #cloud, #appsec

  This is an enlighting conversation with Caleb Sima a returning guest on the podcast - Bridging Offense and Defense in Cybersecurity and AI Promise for the Future. Join us for the return of an esteemed guest, Caleb, for an engaging conversation with cybersecurity veteran Caleb Sima on our latest podcast episode. Caleb, known for his significant contributions to application security and executive roles in leading tech companies, shares his profound insights into the ever-changing world of cybersecurity. He highlights the importance of mastering offensive skills for effective defence, drawing on his vast experience to advocate for a mindset that aligns with understanding and countering attackers.   The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence.   This episode also delves into the critical foundations of cybersecurity, emphasizing the need for a broad spectrum of knowledge, including networking, engineering, and programming. We explore building securely, drawing insightful parallels between everyday safety mechanisms and the integrated security required in organizational infrastructures. Through this discussion, we uncover how intuitive security measures, akin to those in vehicles or smartphones like iPhones, can be mirrored in the seamless security systems within companies. We further discuss the transformational challenges facing security professionals, evolving from defenders to builders, and the vital role of education in this paradigm shift. It's a thought-provoking exploration of proactive and resilient security approaches to enhance user experience without compromising on protection. Tune in to this enlightening episode to equip yourself with the knowledge and insights needed to navigate the evolving landscape of cybersecurity.   01:40 - Caleb Sima: Caleb shares his extensive background in cybersecurity, beginning in the 90s and spanning various roles and accomplishments. 03:34 - Francesco Cipollone: Discussion on the evolving landscape of cybersecurity and its implications for newcomers to the field. 04:19 - Caleb Sima: Caleb's advice to newcomers in cybersecurity emphasises the importance of understanding offensive security and mastering foundational knowledge. 07:44 - Francesco Cipollone: Francesco reflects on Caleb's approach, discussing the potential biases and the importance of a foundational understanding. 08:12 - Caleb Sima: Caleb underscores the necessity of understanding attacks to identify fundamental security problems and prioritize risks. 10:50 - Caleb Sima: Insight into the relationship between effective security foundations, risk management, and compliance. 11:27 - Francesco Cipollone: A discussion on the concepts of security and safety and their interchangeability. 11:39 - Caleb Sima: Caleb's perspective on transitioning from a focus on security to a broader concept of safety. 16:21 - Caleb Sima: The importance of minimizing damage in security incidents and the need for balanced approaches in threat identification, detection, and response. 17:15 - Caleb Sima: The role of security in organizational decision-making and the importance of integrating security from project inception.   21:11 - Francesco Cipollone: Highlighting the shift in security perspectives and the importance of proactive approaches to cybersecurity. 23:04 - Caleb Sima: Caleb discusses the gaps in awareness and knowledge within security teams and the importance of prioritizing security measures. 24:15 - Caleb Sima: Exploring the role of technology in building security foundations and the potential of AI and ML in addressing security challenges. 27:59 - Francesco Cipollone: Reflections on the cultural shift and the growing emphasis on collective responsibility in security. 29:53 - Caleb Sima: Caleb's categorization of AI's role in cybersecurity, focusing on securing AI technologies and utilizing AI to solve cybersecurity challenges. 34:18 - Francesco Cipollone: Discussion on protecting data from AI systems and considerations in data usage and monetization. 36:00 - Caleb Sima: Caleb speculates on the future of data usage restrictions and their potential impact on the internet landscape. 37:13 - Caleb Sima: Caleb concludes with a positive outlook on the growth of talent and knowledge in cybersecurity and the importance of ongoing education and awareness.   Caleb Sima Linkedin: https://www.linkedin.com/in/calebsima/  Twitter: https://twitter.com/csima Other: https://www.nbcnews.com/id/wbna6713649  Blog: https://medium.com/csima/from-founder-to-ciso-my-unconventional-journey-and-the-road-ahead-2fbc262a59be  YL Profile: https://www.ylventures.com/people/caleb-sima/    Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 Linkedin: linkedin.com/in/fracipo  #CSCP #cybermentoringmonday cybercloudpodcast.com    Social Media Links  Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ Linkedin: https://www.linkedin.com/company/35703565/admin/  
 Twitter: https://twitter.com/podcast_cyber   
 Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/  You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
 Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ    #Cybersecurity, #ai, #cloud, #appsec

  Overcoming the Cybersecurity Talent Shortage: Innovation, Culture, and Self-Care with Jitendra Arora Join us for a transformative discussion with Jitendra Arora, the non-South Europe CISO at Deloitte, as we unravel the narrative around the talent shortage in cybersecurity. Jitendra brings a fresh perspective that emphasizes the need for creativity and open-mindedness in talent sourcing. We dissect the "buy versus build" model, where he advocates for nurturing and developing skills in individuals from diverse backgrounds, not just hiring seasoned professionals.   The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence.   Our second chapter addresses the art of fostering a positive organizational culture. We share experiences and insights about the daily efforts required to build a values-based culture, especially during challenging times like the pandemic. Our conversation evolved to discuss the role of a supportive work environment in attracting and retaining talent. Lastly, we explore the essence of self-care and personal development in the high-stress world of cybersecurity. Our discourse underscores the need for balance and provides useful tips on handling stress, offering a refreshing look at life in the cybersecurity field. Tune in for a meaningful conversation that goes beyond the usual.   00:02 - Ads and Introduction: Introduction to the podcast, sponsored by Phoenix Security Limited. 00:59 - Host Introduction: Host Francesco Cipollone introduces the episode's focus on team and skill growth in cybersecurity. 01:38 - Guest Introduction: Jitendra Arora discusses his cybersecurity background and industry insights. 02:51 - Industry Challenges: Discussion about the talent shortage in cybersecurity. 06:23 - Addressing Talent Shortage: Emphasizing innovative hiring and the value of diverse backgrounds. 09:44 - Academia Engagement: Importance of connecting with students and teaching resilience. 12:07 - Supportive Work Culture: Developing a nurturing work environment in cybersecurity. 16:03 - Advertisement Break: Promotional segment for Phoenix Security Limited. 16:44 - Talent Retention: The role of workplace culture in attracting and retaining cybersecurity talent. 18:54 - Leader's Role: Leaders fostering a positive and supportive workplace in cybersecurity.   Jitender Arora Linkedin: https://www.linkedin.com/in/jarora/    Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 Linkedin: linkedin.com/in/fracipo  #CSCP #cybermentoringmonday cybercloudpodcast.com    Social Media Links  Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ  Linkedin: https://www.linkedin.com/company/35703565/admin/  
 Twitter: https://twitter.com/podcast_cyber   
 Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/    #Cybersecurity, #TalentShortage, #TalentSourcing, #Organizational Culture, #Pandemic, #Self-Care, #Personal Development, #Leadership, Creativity, #Open-mindedness, #Buy vs Build, #Diversity, #Skills, #Dialogue, #Profession, Virtual Hallway, Feedback, #Strategic Objectives, #Purpose, Belonging, #Stress, #Emotions, Life Skills, #Mentorship, #Speaking Opportunities, #Support Structure, #Personal Balance    

  Get ready to embark on a captivating journey into application security with our guest, Chris Ghigliotty, Director of Security Engineering at JustWorks. A man of many talents, Chris hails from a background in teaching and writing, which lends him a unique perspective on the importance of communication within the cybersecurity industry. We promise you this isn't your regular security conversation. We are tearing down the walls of complexity, transforming intricate risk language into digestible business matters.   The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence.   As we navigate through the intricacies of building an application security program, we assure you, no stone will be left unturned. Learn how to control the narrative, comprehend your company's current state and engage with your customers in a meaningful manner. This isn't just another industry podcast; we're here to show you how to demonstrate the program's inherent value, approach investment strategically, and champion ROI as the lifeline of your security program. We've got a powerhouse of insights lined up, especially on program effectiveness, measured in terms of training developers to make security decisions. Drawing the curtains on this episode, we shift gears to focus on the impact of developer training on security. We'll help you identify training outcomes and integrate them into your development process. Our discourse deep-dives into the value of security in products, with special attention to user experience and security features as product differentiators. Remember, folks, curiosity is the key that unlocks the door to the security industry for new generations. So, join us, and let's make security not just a necessity, but a narrative that everyone can understand and appreciate.   00:59 - Christian Ghigliotty's Introduction: Francesco introduces Christian Ghigliotty, spotlighting his expertise in application security and transformation. 01:55 - Background in Cybersecurity: Christian shares his journey into cybersecurity, culminating in his current role at JustWorks, where he oversees application security and posture management. 02:22 - Entry into Cybersecurity: Christian's unconventional path into cybersecurity highlights the diverse skill sets valuable in application security. 03:56 - Communication in Application Security: The importance of effective communication in application security, essential for explaining complex security concepts and gaining organizational buy-in. 04:55 - Overcoming Communication Challenges: Addressing the challenge of making technical application security topics accessible and understandable to non-technical stakeholders. 06:14 - Storytelling in Security: The critical role of narrative in application security to justify security measures, investments, and posture management strategies. 08:00 - Establishing an Application Security Program: Key considerations in starting an application security program, including understanding organizational needs and aligning with business strategies. 09:45 - Investment in Application Security: Long-term investment perspective in application security and posture management, emphasizing the need for measurable returns and strategic alignment with business goals. 11:22 - Measuring Program Effectiveness: The challenge of quantifying the effectiveness of application security programs and the role of developer training in enhancing security posture. 14:45 - Sponsor Message: Phoenix Security, focusing on software security and supply chain visibility. 15:27 - Developer Empowerment in Security: Strategies for empowering developers to prioritize application security in their work, highlighting the importance of business support for security initiatives. 17:00 - Building Development Team Relationships: The significance of fostering strong relationships with development teams to create a culture that values application security and good security posture. 19:24 - Tailoring Security to Teams: Customizing application security approaches to meet the unique challenges and needs of different development teams. 21:40 - Business Buy-In for Security: Exploring effective strategies to secure business buy-in for application security programs and discussing relevant metrics for measuring success. 23:05 - Product Metrics in Application Security: Using product metrics to evaluate the impact of security features on application security and posture management. 25:25 - Enhancing User Experience: Improving user experience in security measures to ensure better adherence to security protocols in application development. 27:17 - Security as a Differentiator: Discussing the potential of positioning application security as a unique selling point, enhancing customer trust and product value. 29:01 - Closing Remarks: Christian shares an optimistic outlook on the future of application security and encourages new talent to join the field. 30:14 - Contact Information: How to find more about Christian Ghigliotty's work in application security.   Christian Ghigliotty Linkedin: https://www.linkedin.com/in/ghigliottyc  Github: https://github.com/ghigliottyc    Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 Linkedin: linkedin.com/in/fracipo  #CSCP #cybermentoringmonday cybercloudpodcast.com    Social Media Links  Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ  Linkedin: https://www.linkedin.com/company/35703565/admin/  
 Twitter: https://twitter.com/podcast_cyber   
 Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/   

  Christopher Russell is the CISO at tZERO Group, a Mesh Security advisor, and a NightDragon Advisor. He is currently getting a PhD in Cybersecurity with a focus on Blockchain Security at DSU. His military intel background helps him keep cool under even the most stressful work situations. In this episodes, Francesco and Chris discuss identity and security in relation to blockchain and digital currency. With decades of experience, Chris has an acute sense of risk and threat   The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence.   0:00 Introduction 1:20 Chris’ background in military 7:40 Military VS cooperate mentality 10:08 Risk management 15:05 MFA and identity 21:00 Zero day 22:00 Social engineering and ransomeware 26:50 Mesh Security 28:48 Identity in blockchain and digital currency 31:50 Public wallets 34:00 Positive message 35:48 Connect with Chris 38:28 Outro   Christopher Russell https://www.linkedin.com/in/christopher-russell-5a9b20a7/ Twitter @cr00ster Github : https://github.com/cr00ster     Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 Linkedin: linkedin.com/in/fracipo  #CSCP #cybermentoringmonday cybercloudpodcast.com    Social Media Links  Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ  Linkedin: https://www.linkedin.com/company/35703565/admin/  
 Twitter: https://twitter.com/podcast_cyber   
 Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/   

  Steve Springett is the Director of Product Security at ServiceNow, helping 4,000+ developers build secure and resilient software. He’s a leader of multiple OWASP projects including Dependency Track, SCVS, and Cyclone DX. In this conversation, Steve and Francesco discuss the term SBOM (software bill of materials), the importance of regulations, and the state of the industry.   The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence.   0:00 Introduction 1:35 Steve’s background 2:35 State of the industry 7:00 Breach fatigue 10:00 Shift left, shift smart 13:45 How to make asset management sexy again 17:10 Threat modeling 20:00 Regulation 26:00 Security metrics 28:15 OWASP projects—SBOM platform 34:14 Final positive message 36:09 Get connected 37:20 Outro   Steve Springett https://www.linkedin.com/in/stevespringett/ https://infosec.exchange/@stevespringett Twitter @stevespringett https://dependencytrack.org/ https://scvs.owasp.org/ https://cyclonedx.org/   Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 Linkedin: linkedin.com/in/fracipo  #CSCP #cybermentoringmonday cybercloudpodcast.com    Social Media Links  Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ  Linkedin: https://www.linkedin.com/company/35703565/admin/  
 Twitter: https://twitter.com/podcast_cyber   
 Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/   

  Christophe Parisel is a Senior Cloud security architect at Société Générale. He has extensively researched risk vulnerability and native cloud security. He specializes in IaaS, PaaS, and devSecOps. Two of his major contributions to the Cloud are Azure Firewall and Azure Policy. When asked, he says he’s is optimistic about the future of Cloud security and is proud of the progress made within the last five years.   The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence.   0:00 Introduction 1:40 Christophe’s background 5:10 Cloud security research 8:40 Adoption VS security 10:07 Cloud shared responsibility model 14:52 CVSS (Common Vulnerability Scoring System) 19:00 Vulnerabilities 20:20 Environmental score 21:30 Measuring vulnerability of cloud provider 25:55 Odds of a cloud breach 29:50 Final positive message 32:10 Get connected 33:00 Outro   Christophe Parisel https://www.linkedin.com/in/parisel/   Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 Linkedin: linkedin.com/in/fracipo  #CSCP #cybermentoringmonday cybercloudpodcast.com    Social Media Links  Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ  Linkedin: https://www.linkedin.com/company/35703565/admin/  
 Twitter: https://twitter.com/podcast_cyber   
 Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/   

Travis McPeak, a security expert with experience at Netflix and other tech giants, talks about creating a secure cloud infrastructure. He discusses the 'paved road' concept from Netflix, the challenges of security at small organizations, and the importance of DevSecOps. Travis emphasizes shared responsibility between developers and security ops, aiming to simplify security practices for modern startups.

  Nathan is the manager of the application security team at Intuit Mailchimp. He has over 7 years of experience in application security working at both startups and Fortune 500 companies. In that time, Nathan has been both an engineer and a leader. His primary focus has been on building out application security programs by implementing scalable processes and efficient methodologies. Nathan holds a Master’s in Digital Forensics and CyberSecurity from John Jay College of Criminal Justice and a Bachelor’s in Music Composition from University of the Arts.   In this show, Nathan and Francesco discuss the start in application security, how to mentor new interns and bridge the skillgap and how to measure application security progress when deploying shift left methodologies in devsecops    The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://www.phoenix.security for a free 14-day licence.     2:00 - Nathan's Intro 7:30 – from music to cybersecurity and new generation 11:00 – State of application security 14:00 – Vulnerability – What is a vulnerability in software 18:00 – How do you bring in the business in appsec – Product security 12:00 - Cybersecurity technicalities - Pen-tests  and regulation 16:00 - Cybersecurity and regulation in USA 19:00 - SBOM, Digital Software supply chain 20:00 – Risk for application security and business perspective 22:00 – Business categories of risk for application security 24:00 – Business criticality vs low criticality – how to talk about risk 26:00 – Prioritize work based on risk in application security    27:00 – Avoiding burnout and preventing risk – Mailchimp program of work – SPIDER 31:00 – Doing more with less in application security 33:00 – Measuring shift left effectiveness – Dentist story 37:00 – Positive message and conclusion   Nathan   Blog: https://nathancooke.com/  Linkedin: https://www.linkedin.com/in/nathancooke7/     Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 Linkedin: linkedin.com/in/fracipo  #CSCP #cybermentoringmonday cybercloudpodcast.com    Social Media Links  Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ  Linkedin: https://www.linkedin.com/company/35703565/admin/  
 Twitter: https://twitter.com/podcast_cyber   
 Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/