Cloud Security Podcast

In this episode of the Virtual Coffee with Ashish edition, we spoke with Rodrigo Montoro (Rodrigo's linkedin) about threat modelling and incident response involving the uncommon AWS services which still may be widely used in your organisation and increase your attack surface.  Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter:   Rodrigo Montoro (Rodrigo's linkedin)  Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security News  - Cloud Security Academy Spotify TimeStamp for Interview Questions (00:00) Ashish's Intro to the Episode (02:10) https://snyk.io/csp (03:19) A bit about Rodrigo (04:37) Detection in On-Premise (06:51) The role of API in Cloud (08:06) Common Services in AWS (15:22) Managing unused services (17:38) Incident response for AWS Appstream ? (20:57) integration of services with Cloudtrail (27:14) AWS Pass role (31:38) Incident Response for services (34:00) Pre-signed URL (36:23) How to get started in AWS threat detection? (39:10) Where can people learn more about this? (41:37) How to do AWS threat detection at Scale? (43:30) The Fun Section

In this episode of the Virtual Coffee with Ashish edition, we spoke with Nandesh Guru (Nandesh's Linkedin) about ransomware and supply chain attack mechanisms in AWS and how the world of CSPM have evolved to address the increasing complexities of cloud security  Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter:  Nandesh Guru (Nandesh's Linkedin) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security News  - Cloud Security Academy Spotify TimeStamp for Interview Questions (00:00) Ashish's Intro to the Episode (02:09) https://snyk.io/csp (03:11 )A bit about Nandesh  (05:01) 4 Components of Supply Chain Risks (06:47)Example of AWS Supply Chain Attack  (10:08) Evaluating code scanning tools  (12:30) What is ransomware? (13:06) Ransomware in AWS  (14:55) Attacks on encryption in AWS (19:27) What is a CSPM? (20:46) The role of CSPM and CNAPP in supply chain attacks (22:56) Is CIS Benchmark still a good starting point? (26:38) The evolution of CSPMs (29:47)  Complexity of Cloud Security  (32:59)Where can you learn more about supply chain risks? (33:50) Fun Questions

In this episode of the Virtual Coffee with Ashish edition, we spoke with Christophe Parisel (Christophe's Linkedin) about what how to transition from being a technical architect on premise to a cloud security architect and then a cloud native security architect. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter:  Christophe Parisel (Christophe's Linkedin)  Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security News  - Cloud Security Academy Spotify TimeStamp for Interview Questions (00:00) Ashish's Intro to the Episode (02:21) https://snyk.io/csp (03:18) A little bit about Christophe (05:08) What is Cloud Native? (07:27) Why Cloud Native is important? (09:34) Responsibilities of Cloud Native Architect (13:15) Solution Architect vs Cloud Native Architect (15:32) Culture to move into Cloud Native Environment (18:09) Designing an application in Cloud (21:41) Designing an application using Kubernetes Cluster (24:39) Learning Kubernetes as an Architect (28:09) Common services people should standardise (31:50) Frameworks for Kubernetes Architecture (34:06) Logging with Kubernetes at Scale (38:24) Challenge with transitioning to Cloud Native Security Architect (39:43)Should we trust the cloud? (43:37) Bottlerocket in Kubernetes (46:00) Certifications for Cloud Native Security Architect

In this episode of the Virtual Coffee with Ashish edition, we spoke with Jim Bugwadia (Jim's Twitter) about policy management and compliance as code for Kubernetes and how you can use open source tools like Kyverno and OPA for policy management Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter:  Jim Bugwadia (Jim's Twitter)  Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security News  - Cloud Security Academy Spotify TimeStamp for Interview Questions (00:00) Ashish's Intro to the Episode (03:20) https://snyk.io/csp (05:23) What is Kubernetes Control Plane? (06:51) What is an admission controller? (08:01) What do you need policy management in Kubernetes? (10:13) Pod Security and Policy management (11:57) Policy Management in Managed Kubernetes (13:54) Scaling Policy Management for Kubernetes (19:34) Common use cases for policy management (25:30) Compliance in Kubernetes (32:04) Levels of Maturity in Kubernetes Policy Management (36:47) Future of policy as code (38:46) Kyverno vs OPA (43:39) Kyverno vs gatekeeper (45:15) Where to start with policy management? (46:11) Where you can find Jim

In this episode of the Virtual Coffee with Ashish edition, we spoke with Luke Hinds (Luke's Twitter) the open source Sigstore project and how it is helping with software signing and protecting the software supply chain Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter:  Luke Hinds (Luke's Twitter)  Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security News  - Cloud Security Academy Spotify TimeStamp for Interview Questions (00:00) Ashish's Intro to the Episode (01:39) https://snyk.io/csp (05:21) What is the software supply chain and why is it important? (08:20) Common supply chain attacks in Kubernetes (09:53) Codecov attack (11:14 )Kubernetes and API (14:10) Vulnerability scanning tools (16:38) Explaining the importance of supply chain security (19:19) What is a signing service (19:56 )The SLSA framework (20:42) Importance of signing service (23:35) What is Sigstore? (27:57) What is Lets Encrypt (31:48) The aim of sigstore (34:39) What is Co-Sign (36:40) Co-Signing and non-repudiation (46:29) Where to start

In this episode of the Virtual Coffee with Ashish edition, we spoke with Jimmy Mesta (Jimmy's Twitter) about OWASP Kubernetes Top 10 and best practices for securing Kubernetes  Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Jimmy Mesta (Jimmy's Twitter) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security News  - Cloud Security Academy Spotify TimeStamp for Interview Questions (00:00) Ashish's Intro to the Episode (01:39) https://snyk.io/csp (03:55) What is Kubernetes? (05:15 )Kubernetes vs Containers (06:38) Kubernetes and Docker (09:08) Unmanaged Kubernetes (11:14) Managed Kubernetes (13:39) Security for Kubernetes Clusters (15:42) OWASP top 10 Web Application (17:59) Starting to build Kubernetes Cluster or Pod (23:09) Security Misconfigurations in Kubernetes (28:42) Supply Chain Vulnerabilities in Kubernetes (32:06) RBAC and Policy Enforcement (33:32) Logging and Monitoring in Kubernetes (34:30) Broken Authentication (35:17) Missing network segment approach (36:07) Secrets Management Failure (37:09) Misconfigured Cluster Components (38:15) Outdated and vulnerable kubernetes component (42:37) Asset Inventory for Kubernetes Cluster (44:53) Threat Modelling in Kubernetes (46:20)Cert management in Kubernetes (48:02) Learn more about securing Kubernetes

Modern Cloud Security Programs hire for builders who can develop tools that help developers walk down a Paved road where security is not a blocker but at the same time prevents developers from making security mistakes. In this episode we spoke with Travis McPeak who shared his experience from his time at Netflix to talk about Modern Cloud Security Teams look like and work on day to day at scale for a large development team and how others can take some insights from this for their own Cloud Security Programs. This episode is better on video - YouTube Link Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Travis McPeak Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security News  - Cloud Security Academy

Azure Cloud Security Architecture (Day 0) ,Custom Azure Role definitions, Azure Privilege Access Management etc can be complex to build. Continuing from part 1 In the part 2 of our This is My Cloud Security Architecture Series Episode we have Sai, a Cloud Security Architect walking us through how to start with an Azure Security Architecture on Day 0 of your Cloud Security Architect role. Part -2 of the episode will go into Day 1+ of managing and scaling what we have created in Day 0. This episode is better on video - YouTube Link - Part 2 Part 1 of the This is My Cloud Security Architecture Series is here - YouTube Link - Part 1  Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Sai Gunaranjan (Sai's Linkedin) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security News  - Cloud Security Academy

Data Lakes as an asset to collect and build threat actors or hiring for Data Scientists/Analyst are not typical things in Cloud Security well unless the organisation is dealing with PetaBytes of data. At a large scale company these are data problem not a security problem at that point even if the problem is in security team. In this episode with Jonathan Rau, CISO of Lightspin we spoke about his previous experience of creating and growing a SecDataOps team with Cloud Security and Ops in IHSMarkit. We spoke about what is this SecDataOps, What is Security Data Lake and if Cloud Native tools are enough for these problems. This episode is better on video - YouTube Link Cloud Security Meetup Amsterdam - Tech Fashion Theme - Sep,2022  Cloud Security Meetup NewYork - Tech Fashion Theme - Sep,2022 Host Twitter: Ashish Rajan (@hashishrajan) Guest Linkedin: Jonathan Rau Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security News  - Cloud Security Academy

Azure Cloud Security Architecture, Azure Policies can be complex to build. In the part 1 of our This is My Cloud Security Architecture Series Episode we have Sai, a Cloud Security Architect walking us through how to start with an Azure Security Architecture on Day 0 of your Cloud Security Architect role. Part -2 of the episode will go into Day 1+ of managing and scaling what we have created in Day 0. This episode is better on video - YouTube Link Cloud Security Meetup NYC - Cloud Security Meetup NewYork - Tech Fashion Theme Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Sai Gunaranjan (Sai's Linkedin) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security News  - Cloud Security Academy