Cloud Security Podcast

Yash Kosaraju, CISO of Sendbird, shares insights from transforming the company from a chat API platform to an AI agent powerhouse. He introduces the concept of 'Multi-Layer Trust' as a more pragmatic approach than the traditional 'Zero Trust.' The discussion spans critical topics like securing AI interactions, the blurred lines of incident response when AI agents operate across boundaries, and the benefits of embedding security directly into development teams. Yash also emphasizes the importance of empowering employees with enterprise AI tools while maintaining a robust security culture.

Santiago Castiñeira, CTO of Maze and expert in AI-first vulnerability management, dives into the build vs. buy debate for cybersecurity tools. He highlights the complexities of scaling AI systems beyond basic prototypes, emphasizing the need for specialized skills. Santiago discusses the limitations of current frameworks and the importance of creating robust evaluation pipelines. He warns against reliance on Retrieval-Augmented Generation for accurate technical data and envisions future semi-autonomous security agents that could revolutionize vulnerability management.

Cliff Crosland, co-founder and CEO of Scanner.dev, shares his insights from his journey in transforming security data management. He discusses the high costs and challenges of traditional SIEMs, revealing how his initial attempts at building an in-house data lake hit major roadblocks. Cliff highlights issues like slow queries and the engineering lift required for usability. He also explores the potential of AI in enhancing detection engineering and offers advice on when to build or buy a data lake solution.

Grant Oviatt, Head of Security Operations at Prophet Security and former leader at Mandiant and Red Canary, dives into trust-building in AI-driven SOCs for regulated environments. He discusses the crucial pillars of explainability and traceability, essential for gaining auditor confidence. Transitioning from AI skepticism to advocacy, Grant highlights the impressive speed and accuracy of AI SOCs compared to traditional methods. He shares insights on architecture, the importance of data controls, and real-world success in investigations, demonstrating why AI is a game-changer in security operations.

Mohan Kumar, a production security practitioner at Box with over 14 years in cybersecurity, dives into the uncharted waters of AI agent threats. He highlights how autonomous AI agents can develop secure communication methods, posing new risks like memory poisoning through indirect prompts. Mohan warns of tool misuse, where agents may inadvertently connect to rogue systems, and stresses the importance of enforcing least-privilege. He also discusses the need for robust monitoring and audits to manage these evolving threats in the AI landscape.

In this discussion, Tejas Dakve, a Senior Manager of Application Security at Bloomberg Industry Group, and Aditya Patel, a seasoned Security Architect, dive into how AI is reshaping the security landscape. They tackle the collapse of silos between AppSec and CloudSec, emphasizing the inadequacy of traditional security models against AI-generated threats. Topics include the necessity for continuous threat modeling, the emergence of 'T-shaped engineers,' and the pivotal role of automation in enhancing security practices. Join them as they explore the future of security in an AI-driven world!

In this discussion, Edward Wu, the Founder and CEO of Dropzone AI, explores the transformative potential of AI in security operations centers. He reveals findings from a benchmark report showing AI can accelerate investigations by 45-60% and enhance efficiency. Edward contrasts traditional SOAR playbooks with the adaptability of agentic AI, emphasizing its role in automating Tier 1 tasks and allowing analysts to focus on strategic roles. He warns that AI won't fully replace humans but will revolutionize SOC workflows, particularly benefiting in-house teams and MSSPs.

Ariful Huq, Co-founder and Head of Product at ExaForce, dives into the complexities of building an AI-native SOC. He discusses why bolt-on AI approaches fall short and the necessity of integrating data beyond logs, including configuration and business context. Ariful emphasizes the evolution beyond traditional SIEM capabilities and the importance of real-time processing. He also highlights the need for full-stack security engineers and outlines the challenges posed by SaaS platforms that lack native threat detection.

Damien Burks, a Senior Security Engineer with a wealth of experience in fintech environments, dives into the complexities of incident response for Kubernetes. He explains the challenges of automation in containment for private EKS clusters, revealing why traditional tools often fall short. Damien shares his innovative solution using a dynamically deployed Lambda function that can contain breaches within ten minutes. The conversation also highlights the evolving role of the cloud security engineer and essential career advice for aspiring professionals.

Allie Mellen, a Principal Analyst at Forrester specializing in security analytics and generative AI, digs into the evolving landscape of Security Operations. She explains the ongoing "massive reset" in SOCs driven by generative AI and better data management. Allie advocates for the shift from traditional SOC models to Detection Engineering. She discusses practical AI applications, the importance of explainability, and how companies are leveraging AI for triage. Tune in for insights into the future of AI and its role in enhancing security operations.