Cloud Security Podcast
Cloud Security Podcast Team
Learn Cloud Security in Public Cloud the unbiased way from CyberSecurity Experts solving challenges at Cloud Scale. We can be honest because we are not owned by Cloud Service Provider like AWS, Azure or Google Cloud.
We aim to make the community learn Cloud Security through community stories from small - Large organisations solving multi-cloud challenges to diving into specific topics of Cloud Security.
We LIVE STREAM interviews on Cloud Security Topics every weekend on Linkedin, YouTube, Facebook and Twitter with over 150 people watching and asking questions and interacting with the Guest.
We aim to make the community learn Cloud Security through community stories from small - Large organisations solving multi-cloud challenges to diving into specific topics of Cloud Security.
We LIVE STREAM interviews on Cloud Security Topics every weekend on Linkedin, YouTube, Facebook and Twitter with over 150 people watching and asking questions and interacting with the Guest.
Episodes
Mentioned books
Jul 15, 2025 • 46min
Why Security Can Be Stricter: A Zero Trust Approach to AppSec with AI
Amit Chita, Field CTO at Mend.io and former founder of Atom Security, dives into the dynamic intersection of AI and application security. He explores how AI agents are reshaping the Software Development Lifecycle, triggering the need for a stricter Zero Trust approach. The conversation highlights new vulnerabilities posed by generative AI and the necessity of adapting security practices accordingly. Amit also discusses licensing complexities and the challenges of balancing rapid development with robust security measures in an evolving tech landscape.
Jul 9, 2025 • 32min
Guide to Hybrid Cloud & Bare Metal Secret Management
Dan Popescu, a Senior Site Reliability Engineer at Booking.com, shares insights on managing secrets across hybrid cloud and bare metal environments. He explores the complexities of integrating authentication and dynamic secrets using HashiCorp Vault. The discussion emphasizes the importance of a central broker for security scalability and effective lifecycle management. Listeners will also enjoy a light-hearted dive into culinary passions and the nuances of multi-course dining, showcasing the balance between technical prowess and personal interests.
Jul 1, 2025 • 40min
"Escape-Proof" Cloud: How Block built an Automated Approach to Egress Control
Ramesh Ramani, a Staff Security Engineer at Block, specializes in cloud security with a solid background in network engineering. In this discussion, he highlights how organizations can improve data security by focusing on egress control. Ramesh introduces an innovative automated system that centralizes governance for outbound access, streamlining security and compliance with SPIFFE IDs. He also emphasizes the importance of a phased approach in enhancing egress control and improving incident response, ensuring organizations can swiftly manage third-party access and data protection.
Jun 23, 2025 • 41min
Prioritizing Cloud Security: How to Decide What to Protect First
Geet Pradhan, a Senior Security Engineer at Lime, addresses how small teams can prioritize cloud security. He shares insights on focusing first on critical applications, recommending starting with just 1-5 instead of overwhelming teams with a larger list. Geet explains why AWS logs became their top priority and how compliance requirements can shape security strategies. The conversation highlights the importance of collaboration within security teams and the need for effective threat identification to streamline operations in a complex cloud environment.
12 snips
Jun 17, 2025 • 29min
Migrating from “Tick Box" Compliance to Automating GRC in a Multi-Cloud World
Santosh Bompally, Cloud Security Engineering Team Lead at Humana, shares his journey from a tech enthusiast to a security leader. He discusses transforming security exception management from a manual checkbox approach to an automated, continuously monitored system. Santosh emphasizes the importance of a solid security baseline and policy-as-code to enhance compliance in multi-cloud environments. He also highlights the complexities organizations face in maintaining rigorous security standards and the evolving role of automation in governance, risk, and compliance.
14 snips
Jun 17, 2025 • 38min
Using AI Agents to Solve Cloud Vulnerability Overload
In this engaging conversation, Harry Wetherald, Co-Founder & CEO of Maze and former product manager at Tessian, dives into the complexities of modern vulnerability management. He reveals how traditional tools often yield 90% false positives and advocates for AI agents that emulate security engineers to pinpoint real threats. Harry also discusses the hurdles of developing effective AI solutions and how they can foster collaboration between security and engineering teams, ultimately enhancing cloud security practices.
16 snips
Jun 3, 2025 • 40min
Adapting to New Threats, Copilot Risks & The Future of Data (Feat. Matthew Radolec, Varonis)
Matthew Radolec leads systems engineering and incident response at Varonis, passionately dedicated to data protection. He delves into the surge of AI-driven phishing and the risks posed by tools like Copilot. The conversation highlights the alarming statistic that 86% of attacks stem from credential misuse and discusses the rising threat of AI-powered social engineering. Radolec emphasizes the critical need for robust access management and proactive measures in a landscape increasingly dominated by AI, ensuring data integrity amidst evolving challenges.
23 snips
May 27, 2025 • 38min
Securing AI: Threat Modeling & Detection
Joining the discussion are Jackie Bow, a technical lead at Anthropic focused on threat detection, and Kane Narraway, head of enterprise security at Canva specializing in zero trust. They debate whether AI is a security threat or an innovative ally. Jackie reveals how to harness AI, even its quirks, for effective threat detection, while Kane emphasizes the need for robust threat modeling amid new risks. They also tackle the complexities of AI in production and whether AI tools enhance or jeopardize security skills, all served with a dash of humor.
9 snips
May 20, 2025 • 41min
CYBERSECURITY for AI: The New Threat Landscape & How Do We Secure It?
In this engaging discussion, Ankur Shah, Co-Founder and CEO of Straiker, dives into the intersection of AI and cybersecurity. He emphasizes the need for innovative security measures as AI reshapes threat landscapes. Ankur reveals why securing AI requires AI itself and highlights the unique challenges posed by unstructured data. He discusses market movements in AI security, recent acquisitions, and the vital distinction between training and inference in AI. Personal anecdotes spice up the conversation, including a touch of his love for Indian cuisine.
May 15, 2025 • 19min
Cloud Security Evolved: From CNAPP to AI Threats
Elad Koren, Vice President of Product Management at Palo Alto Networks, shares his expertise on the fast-paced evolution of cloud security. He discusses the shift from traditional tools to the necessity of cloud-aware Security Operations Centers. The conversation dives into the dual role of AI, empowering both attackers and defenders. Elad emphasizes the importance of AI governance and offers practical tips for organizations navigating their cloud adoption journey, from securing code early on to ensuring comprehensive infrastructure visibility.
