Cloud Security Podcast

Special Episode by Shilpi and Ashish sharing their recap, highlights, big takeaways, Cloud Talks and Training from Hacker Summer Camp - Blackhat Defcon Diana Initiative BSides Vegas 2022. Blog with links: Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security News  - Cloud Security Academy Spotify TimeStamp (00:00) Intro (00:43) What is Hacker Summer Camp (01:24) Who should attend Hacker Summer Camp (02:00)  Black Hat 2022 KeyNote Recap (07:48) Cloud Themes at Black Hat 2022 (14:41) Buzzword Bingo at Black Hat 2022 (20:11) Black Hat 2022 Recap - CISO Perspective (22:23) SBOM in Cloud at Black Hat 2022? (23:31) Black Hat 2022 Recap - Cloud Perspective (30:27) Zero Trust in Cloud at Black Hat 2022? (33:15) Defcon 30 2022 Recap (43:17) Defcon 30 Cloud Village Talks Recap (45:49) Ashish reacts to 10yrs of people failing default best practice (48:57) Defcon 30 Cloud Village Talks Recap Contd (52:32) Cloud Talks from other Defcon 30 Villages - Red Team, Recon Village, AppSec Village (55:11) BSides Vegas 2022 Recap (58:26) Diana Initiative 2022 (58:58) Are things getting worse before they get better (comment below) (1:00:24) Ashish Conclusion

In this episode of the Virtual Coffee with Ashish edition, we spoke with Jeevan Singh (Jeevan's Linkedin) about Threat Modelling STRIDE Threat Modelling can be used for self service Application running in Cloud and allowing Security Teams to go on holiday without worrying about Digital Supply Chain. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Jeevan Singh (Jeevan's Linkedin) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security News  - Cloud Security Academy Spotify TimeStamp for Interview Questions (00:00) Ashish's Intro to the Episode (02:15) https://snyk.io/csp (02:40) Jeevan's Professional Background (04:23) What is threat modelling (05:35) Flicking the Threat Modelling switch (06:47) Common AppSec Mistake (09:58) What is Threat Modelling Important? (11:46) Tainted Flow Analysis and Threat Modelling (13:00) Where does this fit in CI/CD? (14:25) Security Teams going on vacation made possible (15:34) Impact of teaching developers how to run Threat Model (16:33) First time running Observe Phase of Threat Modelling with Developers (17:13) Developers are better at Threat Model than Security (19:09) Level of programming expertise for Threat Modelling (21:32) Fixing Threats vs Finding relevant controls for the threat (22:00) Bad example of role of Threat Modelling in Business (23:41) Should Threat Model be done in Dev? (24:54) Example of Threat Model for an App hosted in Cloud? (27:27) Threat Model Skeleton for Cloud Native Apps (30:12) Does complexity increase with multi-cloud/hybrid environments? (32:27) What’s involved in rolling a Threat model program in an organisation? (36:26) Who is the minimum representation in Threat modelling session? (38:30) Advice for folks who are starting threat modelling today in their organization (41:59) Cultural Change required for Threat Modelling (43:19) Example of getting Management agreement (44:58) Jeevan's 4 Stage of Threat model talk - https://www.youtube.com/watch?v=DtvjJL8xcPY (45:28) Time-boxing Threat Model Sessions (48:21) Maintaining Quality of Risk identified during threat modeling (50:21) Keeping developers updated on latest security vulnerabilities (54:07) Jeevan’s Favourite Threat Model Type (55:09) Where can people learn threat modelling? (56:12) Fun Section

In this episode of the Virtual Coffee with Ashish edition, we spoke with Karthik Ramamoorthy (Karthik's Linkedin) about Container security with NIST Framework for financial services organizations. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Karthik Ramamoorthy (Karthik's Linkedin) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security News  - Cloud Security Academy

Special Episode by Shilpi and Ashish sharing their recap, highlights, big takeaways, meh moments and in person experience from AWS ReInforce 2022. Twitter Space with Cloud Security Community about the AWS Re:Inforce 2022 Recap & Highlights Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security News  - Cloud Security Academy

In this episode of the Virtual Coffee with Ashish edition, we spoke with Cassandra Young (@muteki_rtw) Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Cassandra Young (@muteki_rtw) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security News  - Cloud Security Academy

Special Episode by Shilpi and Ashish announcing the 1 year partnership with Snyk and what does this mean for the podcast community - you and also for Ashish and Shilpi. The new Architecture series we are announcing in the coming weeks and a lot more. We hope you continue to enjoy the vendor neutral content from Cloud Security Practitioners we bring to you.  Here is an Interview with Guy Podjarny (Founder of Snyk) that we did as part of the announcement! Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest : Snyk Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security News  - Cloud Security Academy

In this episode of the Virtual Coffee with Ashish edition, we spoke with Kyler Middleton (Kyler's Linkedin) Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Kyler Middleton (Kyler's Linkedin) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security News  - Cloud Security Academy

Zero Trust is top of mind but is it achievable? In this "What to LookOut for in 2022" series - we interviewed experts at RSA and BSidesSF about what Zero Trust is important today and the paradoxes in achieving it. Watch the video for this episode on You Tube - ZERO TRUST AND THE TRIPLE PARADOX Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guests Linkedin: Thank you to Anudeep Parhar, Daniel Tranner, Dylan Owen & Bill Malik for participating in this episode. Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security News  - Cloud Security Academy

In this episode of the Virtual Coffee with Ashish edition, we spoke with Kinnaird McQuade (Kinnaird's Twitter) Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Kinnaird McQuade (Kinnaird's Twitter) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security News  - Cloud Security Academy

The Digital Supply Chain is broken and getting challenging to fix. In this "What to LookOut for in 2022" series - we interviewed experts at RSA and BSidesSF on the Broken Digital Supply Chain and ways in which we can fix it. Watch the video for this episode on You Tube - Fix the Broken Digital Supply Chain Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter + Linkedin: Ashish Rajan (@hashishrajan) + Shilpi Bhattacharjee (@shilpibhattacharjee) Guests Linkedin: Thank you to Mikko Hypponen, Shamla Naidoo, Clint Gibler, Ryan F, Mike Ruth, Paul Calatayud, Shay Levi, Dylan Ayrey, Aaron Brown, Mackenzie Jackson & Dan Gordon for participating in this episode. Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security News  - Cloud Security Academy