In this episode of the Virtual Coffee with Ashish edition, we spoke with Sriya Potham, Principal Cloud Security Architect Host: Ashish Rajan - Twitter @hashishrajan Guest: Sriya Potham - Linkedin @sriya In this episode, Sriya & Ashish spoke about What was your path into Cybersecurity? Whats your definition of Cloud Security? What is the shared responsibility model? Whats a day in the life of a Cloud Security Architect ? Are cloud architecture reviews different in different industries? As a Cloud Security Architect do you need to focus on the GRC side? Are CCM controls used quite often? What soft and technical skills for you require to be successful as a Cloud Security Architect? Is Cloud Security Architect a technical role? Are certificates important to secure a Cloud Security Architecture role? Does one need to consider doing CCSP? Is architecture different when working with multi-cloud? Is it necessary to know both AWS and Azure? What comes after certification ? Do you need to be technical and have an operational understanding of the controls to give guidance? Are some cloud service provider services not mature enough to be be used in organisations? How do you transition from on premise security architect to cloud security architect? How you get started if you have had no experience in Cloud? Is it better to be experienced in different industries or be specialised in one as a Cloud Security Architect? The difference between Cloud Security Architect and DevSecOps Architect? Can a person be both? Is it valuable to do Comptia Security + ? Is there a myth in cloud security that you hear often? What are people not talking enough about in Cloud Security ? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this Christmas special episode of the Virtual Coffee with Ashish edition, we had a panel of successful CyberSecurity Podcast Hosts that answered questions about starting and running a successful CyberSecurity Podcast. Panel Participants: Host: Ashish Rajan - Twitter @hashishrajan, Host of Cloud Security Podcast Guest 1: Chris Cochran - Linkedin chriscochrancyber ,Podcast co-Host, Hacker Valley Studio Guest 2: James J Azar - Linkedin James-j-azar, Podcast host, The CyberHub Podcast In this episode, Ashish & Panelist spoke about The Journey - A bit about your podcast, how you got started? Thoughts on finding podcast niche? How do you find you “Voice”? Thoughts on audio vs video podcast format? The moments that make you most proud about your podcast? What does it take to start a podcast? 1st few things to consider? How to find podcast guests? Specially as a beginner? What are the big challenges of running a podcast? What is a Big NO in the world of podcasting for you ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Youtube Channel: https://lnkd.in/gUHqSai - Twitch Channel: https://lnkd.in/gxhFrqw

In this episode of the Virtual Coffee with Ashish edition, we spoke with Monica Verma, CISO Host: Ashish Rajan - Twitter @hashishrajan Guest: Monica Verma - Linkedin @monicaverma In this episode, Monica & Ashish spoke about What was your path into Cybersecurity? What does Cloud Security mean for you? How do you explain risk management to people? Can an organisation be risk free? Are there any obvious risk management considerations and challenges people should consider? What are some of the building blocks of risk management that people can start with? Which risk assessment strategy would you suggest for a new business? How has insider risk evolved with cloud? What are the top 10 risks in cloud security? Is there a security strategy roadmap for cloud security business leaders? Should cyber-resilience be the goal for an organisational security roadmap? Cyber secure vs cyber resilience, whats more important? What are the misconceptions about cloud that haven’t been de-mystified yet? Is it better from a risk standpoint to stick to one cloud vendor? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Sam Small, Chief Security Officer, Zerofox Host: Ashish Rajan - Twitter @hashishrajan Guest: Sam Small - Linkedin @samsmallphd In this episode, Sam & Ashish spoke about What was your path into your current role? What are Digital Risk and Digital Threats? How do you identify Digital Risk? what are the broad categories? How is Digital Risk different at an organisation level? Is Digital Risk Protection the same as Cyber Threat intelligence? What risks does Digital Risk Protection (DRP) protect organisations against? What can organisations do as part of Digital Risk Protection (DRP)  apart from seeking legal actions? Is there an overlap between social engineering and digital risk protection? Are digital risk threats on the rise? How do we respond to attacks where social media is being social engineered? How do you assess the maturity of DRP in an organisation? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Matthew Fuller, co-Founder CloudSploit, Aqua Host: Ashish Rajan - Twitter @hashishrajan Guest: Matthew Fuller - Linkedin @mattdfuller In this episode, Matthew & Ashish spoke about What was your path into your current role? What was the inspiration behind CloudSpoilt? What does Cloud Security mean for you? What are your thoughts for organisations navigating the dilemma of buy first vs build first? What is Open Source? Open Source, what is the community driven model here? What is a role of a cloud security engineer? What are the absolute foundational challenges with Open Source? Is experience with Linux beneficial if you are going Open Source? Do the challenges change with hybridcloud, multicloud, polycloud etc? How were you away to stay away from the VCs and basically boot strap What are some of the considerations when choosing between open source and a vendor product? What are the challenges or the bad with Open Source? How do you assess the maturity of security of an environment? Are there cloud security myths that you want to debunk? Whats your advice to people who want to dabble in Open Source? Is there something that isn’t being talked enough about in the Cloud Security Space? As the cloud becomes more featured the amount of complexity and securing the cloud grows, even tools that help you with security require a lot more learning.  Any comments on this statement? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Melissa Benua, Director of Engineering Host: Ashish Rajan - Twitter @hashishrajan Guest: Melissa Benua - Linkedin @mbenua In this episode, Melissa & Ashish spoke about What was your path into the Engineering Manager role? What does Cloud Security mean for you? For those people listening what are some of the foundational Modern Delivery methods - CI/CD, Trunkline deployments etc What roles does security can play in such environments? What does a super mature model of CI/CD look like? What are some of the recommendations for the building blocks? Is continuous monitoring part of CI/CD security Can you do CI/CD without knowing how to code? Is there any role that Cloud plays in enabling this - Cloud Native services vs using other open source options? What is the difference between Github vs GitLab? What are the Challenges for development/security - when transitioning from deploying 6 months to  multiple deployments a day  - quality, speed, Reliability, repeatability during this process What is SDLC? What does CI/CD work at scale? What does Nirvana looks like for a Mature SDLC? How do you measure CI/CD maturity? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Naomi Buckwalter Host: Ashish Rajan - Twitter @hashishrajan Guest: Naomi Buckwalter - Linkedin @naomi-buckwalter In this episode, Naomi & Ashish spoke about What was your path into CyberSecurity? What does Cloud Security mean for you? What is GDPR? Privacy vs Security? How do we define processing data for purposes of GDPR? At what point GDPR become a legal thing vs a security thing? Does an AU company with data is in the EU need to comply with GDPR? Is GDPR in Cloud different? What are the potential landmines that most of us are not aware of? How do small to mid-size business deal with the overhead of being a GDPR compliant? Where do small to medium businesses start with GDPR? Is GDPR like a regular audit? What is a sub processor? What legal representation do you need for GDPR? How to implement GDPR in Azure? Any particular Azure services that you recommend for GDPR compliance? Can you request for your specific data to be deleted from a company as part of GDPR? What are the GDPR challenges for large enterprise? Is there a disconnect between legal and the data protection officer? What is the intention behind GDPR? Do startups have to worry about GDPR? What part of EU citizen data is sensitive ? Can GDPR be automated? What are some things companies need to do in order to comply with the GDPR? How about in the cloud? Are there specific things cloud-based companies must do to comply with the GDPR? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Casey Ellis Host: Ashish Rajan - Twitter @hashishrajan Guest: Casey Ellis - Linkedin @caseyjohnellis In this episode, Casey & Ashish spoke about What was your path into CyberSecurity .What does Cloud Security mean for you? CrowdSource security as a service model & Bug Bounty, can you tell the audience about this space? How do you make people feel comfortable with the concept of crowdsource security? Is bug bounty only for big companies? How do you make sure you are not painting a big bulls eye on your back through crowdsource security? Basic things people can start with - security.txt, responsible disclosure? How can people get into the Bug Bounty Space? Can anyone get into it? How do we fix the ostrich head in the sane mentally of less mature organisations? How can we foster a safer environment to talk about Bug Bounty openly? When Bug Bounty goes wrong? How do economics and game theory play into the crowdsourcing bug bounty scene? Do researchers look for other outlets? How do companies find the sweet spot of payments? Is it better to disclose a bug to a third party or the actual company? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Daniel Miessler Host: Ashish Rajan - Twitter @hashishrajan Guest: Daniel Miessler - Linkedin @danielmiessler In this episode, Daniel & Ashish spoke about What was your path into CyberSecurity Continuous Monitoring(CM) or Continuous Auditing - is that the same thing for you? CI/CD, one would assume CM is obvious, or is CM more of a mature organisation thing? At what point, should an organisation consider Continuous Monitoring? Do smaller organisations need to think about it as well? What is BugBounty? How do we find more about BugBounty resources for continuous monitoring? Are you using Python for automation? How to manage risk around Bounty program? What suggestions do you have for continuous monitoring in a multi cloud environment? Have you added any machine learning algorithms to your methodology or KO moves? How can one start with automation when looking for vulnerability Continuously How do you scale inventory for resources? Can you use it to find fake phishing websites? Custom code vs product for continuous monitoring? Is there alert fatigue in continuous monitoring? Why is it important to do continuous monitoring? Does everyone in tech or in general need to have a personal brand? Tips for Personal Branding for audience that enjoys blogging or podcasting? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Houston Hopkins, Director CyberSecurity, Capital One Host: Ashish Rajan - Twitter @hashishrajan Guest: Houston Hopkins - Linkedin @houstonhopkins In this episode, Houston & Ashish spoke about What was your path into CyberSecurity? How Capital one pioneered as bank moving into AWS Cloud? What immediate security challenges does Cloud Security in a Hybrid world look like, without going into tools. Do you prefer to use AWS native tools for security observability or a vendor product? What are some of the Security challenges to solve when looking at a large cloud landscape? (threat detection at scale, continuous compliance etc) Is accountability a challenge for Cloud at Scale? Does this change quite a bit for security in one cloud compared to another? (resources that know multiple cloud etc) Which approach do you recommend - Standardizing security vs Operationalize and Manage with more staff for effective security across multi-cloud environments? Immediate challenges around multi-cloud -  Maintaining visibility of assets and secure configurations in a large multi-cloud environment What does detection and prevention look like in a cloud landscape? How do you keep track of all the AWS services? What security controls across compute heavy vs serverless vs containers in a multi-cloud world How do you get visibility in the current poly-cloud or multi-cloud world? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai