Scott Piper is a leading cloud security researcher at Wiz, known for his insights into vulnerabilities within cloud environments. He discusses the crucial role of cloud security research as distinct from traditional security testing. Scott explains how his team enhances detection tools and safeguards data while navigating multi-tenant challenges. Additionally, he shares about request collapsing and the evolving collaboration between developers and security teams, highlighting proactive measures that are shaping the future of cloud security.

Brian McHenry, the Global Head of Cloud Security Engineering at Check Point, delves into the future of cloud protection and the critical role of edge security. He discusses how automation reshapes security management and the dangers of misconfigurations. Brian emphasizes the limitations of traditional Cloud Security Posture Management (CSPM) and the need for proactive measures. He also highlights the challenges of securing multi-cloud environments and how AI can help address rising concerns in cloud security. Tune in for expert insights!

Mike Ruth, a Senior Staff Security Engineer at Rippling, discusses the hidden vulnerabilities in CI/CD pipelines during a live segment from BlackHat 2024. He reveals how tools like GitHub Actions and Terraform can pose serious security risks, such as bypassing code reviews and unauthorized command execution. Mike emphasizes the importance of granular access control and offers actionable strategies to mitigate these vulnerabilities, enhancing security in cloud environments and safeguarding against insider and external threats.

In this episode of the Cloud Security Podcast, we bring together an incredible panel of experts to explore the evolving landscape of cloud security in 2024. Hosted by Ashish Rajan, the discussion dives deep into the challenges and realities of today’s multi-cloud environments. With perspectives ranging from seasoned veterans to emerging voices this episode offers a broad spectrum of insights from cloud security practitioners who are living and breathing cloud security everyday. We are very grateful to our panelist who took part in 1st of its kind edition for the State of Cloud Security - Meg Ashby, Damien Burks, Chris Farris, Rich Mogull, Patrick Sanders, Ammar Alim and Abdie Mohamed. The conversation covers essential topics such as the pitfalls of multi-cloud adoption, the persistent security issues that remain even as cloud technologies advance, and the importance of specializing in one cloud platform while maintaining surface-level knowledge of others. The panelists also share their thoughts on the future of cloud security, including the increasing relevance of Kubernetes and edge security. Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp Questions asked: (00:00) Introduction (02:22) How much has Cloud Security Changed? (07:05) Is the expectation to be MultiCloud? (19:07) What’s top of mind in Cloud Security in 2024? (27:17) The current Cloud Service Provider Landscape (39:26) Where to start in Cloud Security ? (52:10) The Fun Section Resources discussed during the episode: fwd:cloudsec conference Cloud Security Bootcamp DevSecBlueprint YouTube Channel - Damien Burks Rich Mogull’s Cloud Security Lab of the Week

Explore cutting-edge themes from BlackHat USA 2024, including the vital push for resiliency in cybersecurity. The conversation dives into the growing complexities of cloud security and the evolving nature of identity-centric security. Learn about the increasing importance of data protection and the potential game-changing role of AI in security practices. The notion of shared responsibility is illuminated, alongside a provocative discussion on whether Cloud Security Posture Management has lost its relevance amid emerging threats.

In this discussion, Santiago, a Senior Security Engineer at Canva, shares insights on building incident response teams in high-growth companies. He explains how incident response differs in fast-paced versus established environments and the vital skills needed for effective management. Santiago also touches on the importance of communication, the dynamic between Red Teams and incident responders, and strategies for enhancing endpoint security. Additionally, he highlights the role of data visualization in security monitoring, emphasizing the need for effective dashboard design.

Srinath Kuruvadi, a cloud security veteran with over 20 years of experience, shares invaluable insights into the evolving landscape of cloud security. He discusses the crucial role of proactive incident response teams and emphasizes the need for a prevention-first strategy in a multi-cloud world. The importance of stakeholder management and robust data security practices also takes center stage. Srinath highlights the challenges of talent acquisition and the significance of tailored AI solutions for enhancing security measures.

Adrian Asher, CISO and Cloud Architect at Checkout.com, discusses his transition from monolithic to cloud-native structures in fintech. He emphasizes the importance of using AWS technologies like Lambda and Fargate for better security and scalability. Adrian explores the differences between cloud-native and cloud-naive approaches, stressing the need for cultural shifts within organizations. He shares insights on preparing security teams for generative AI, showcasing the evolving relationship between development and security practices.

Security expert Lily Chau discusses AWS Lambda for cloud security, auto-remediation, IAM roles, and challenges with CSPM. They cover cultural shifts, high-impact playbooks, and monitoring CloudTrail logs for security. Also, they talk about preventing subdomain takeovers, using Terraform for security, and a favorite restaurant in San Francisco.

Zvonko Kaiser, Nvidia's Principal Systems Software Engineer, discusses confidential computing, secure enclaves, and attestations. He highlights the importance of GPUs in enhancing AI workloads and the transition to confidential containers for data protection. The podcast explores threat models, industry sectors utilizing confidential computing, and the value of isolation and attestation in cloud security.