In this episode of the Virtual Coffee with Ashish edition, we spoke with Caleb Sima, VP - Security, Databricks Host: Ashish Rajan - Twitter @hashishrajan Guest: Caleb Sima - Linkedin @CalebSima In this episode, Caleb & Ashish spoke about What was your path into CyberSecurity? Bulletin Board vs IRC What is Cloud Security? Are security challenges harder or difficult between Enterprise vs Cloud built companies? What are the challenges for migrating from on-premise to cloud? What are your thoughts on IAM, Roles & VPCs? How many different tools did you need for visibility of vulnerabilities when moving to cloud? Should organisation’s look at Cloud Service Providers outside of Azure, AWS, GCP  e.g Digital Ocean, OpenShift. How important is security culture and how do you see it be part of the success of an organisation? Has the view point changed since the last time you wrote the Do’s,Don’t & Myths of Startups Do you feel industry is adopting preferring more managed security services vs self customization For someone who is starting into CyberSecurity and would like to get to your role, what kind of skill set should they be focussing on? What about people with experience trying to get to a leadership role? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Jerome Walter, Security Modernisation, Director, VMWare Host: Ashish Rajan - Twitter @hashishrajan Guest: Jerome Walter - Linkedin @JWalter In this episode, Jerome & Ashish spoke about What is with the title - Security Modernisation? What is Security Chaos Engineering? What is Chaos Engineering Experiments? Example of a Chaos Engineering Experiment Are the experiments running continuously or point in time? How do we balance between putting security controls vs developer convenience? Is there an element of Pentesting in Security Chaos Engineering? Does the Chaos Experiments need to take place in Production? Is Chaos Engineering and DevSecOps same? How do you know the maturity of a Chaos Engineering Practice? How important is organisation culture when it’s going Agile? Is there a need for people to know Threat Modelling to start with Chaos Engineering experiments? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition for Cloud Security Podcast, we spoke with Alexander J Yawn - ISC2 Miami Board Member | NABCRMP Founding Board Member Host: Ashish Rajan - Twitter @hashishraja Guest: Alexander J Yawn - Linkedin @AJYawn In this episode, AJ & Ashish spoke about What was your path into CyberSecurity? What does Compliance in Cloud mean for you? What is Shared Responsibility? How is Compliance different in a Hybrid world? For anyone who used to audit on-premise, is it difficult to audit cloud environments? There are so many AWS services for security, are those for monitoring or audit? Do Auditors need to be technical like Cloud Engineer to be successful as an auditor in Cloud? Auditors should be open to the idea of learning cloud? Do Auditors need to be Certified Architect? What are the some of the easy things to knocks off to start building foundation stuff? Is there a recommended time frame between audits in a cloud world? Can this Compliance task be automated? How is the GuardDuty report different to Trusted Advisor Report? Is there a company mandate to check these security services? What advice can you provide for preparing for an audit against specific compliance framework? Does a point in time check make sense in cloud? Does the cloud provider provide advice to their customer when they are not secure? How does compliance scale from a startup to an enterprise? Is there additional cost for multiple AWS Accounts? Where can auditors go to know more about doing Audits on Cloud? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Alexandre Sieira - Founder @ Tenchi Security Host: Ashish Rajan - Twitter @hashishrajan Guest: Alexandre Sieira - Twitter @AlexandreSieira In this episode, Alex & Ashish spoke about What was your path into CyberSecurity? What does Cloud Security mean for you? How is Security different in a cloud world? What are the kind of Identities in AWS? What are the challenges with IT? Identity in AWS vs Identity in Azure? Best practices for Privilege and non-Privilege users in AWS? AWS SSO How important are Domain Accounts in Cloud World/ Importance of 2FA? What is Cross Account and why does it matter in Cloud? IAM Role in AWS? AWS STS service in AWS? What about Bio metrics as a 2FA? How does one manage identity across a large cloud landscape? Multi-cloud or Poli-cloud? Security people that know all clouds? How should one manage Root Accounts in AWS? What are the challenges with Identity that people are not talking enough about? Recommendation on good source of AWS security training Thoughts on AWS Cognito? Cognito Research by Andres Riancho- https://andresriancho.com/internet-scale-analysis-of-aws-cognito-security/ Auditing IAM using Cloud Spanning - https://github.com/salesforce/cloudsplaining Policy Sentry - https://github.com/salesforce/policy_sentry IAM Policy Generator and AWS Challenges between products ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with David O’Brien, MVP Azure , Argos Founder Host: Ashish Rajan - Twitter @hashishrajan Guest: David O'Brien - Twitter @david_obrien In this episode, David & Ashish spoke about What does Cloud Security in Azure mean for you? What is Identity & Access Management? What is IAM from Hybrid vs in Cloud? How does this compare to identity in AWS IAM/Organisations? What kind of Human Users exist in Azure? What kind of Robot Users exist in Azure? How does Identity differ for Third Party in Azure? How does Privilege Access Management work in Azure? What kind of Deployment Types exist in a mature vs new built in Azure? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Gaurav Kumar, co-founder of RedLock (now part of Palo Alto Prisma Cloud). Host: Ashish Rajan - Twitter @hashishrajan Guest: Gaurav Kumar - Linkedin In this episode, Gaurav & Ashish spoke about What was your path into CyberSecurity What does Cloud Security mean for you? If I am starting in Cloud today, do I need a CSPM? Do I need a CSPM if I am in multi-cloud with a small foot print? Story behind Gartner not recognising CSPM as a legit space? What are the current problem spaces that are being solved or not solved in Cloud Security? Is Security Observability, same as behaviour analysis? Is Security Observability, appear in cloud space and not just logging? What’s the example of Observability? Is CloudTrail and Insights an example of Observability? How important is logging everything vs relevant observation from logs? What do you think of CASB and that space? How do you find out what to protect the assets you have in cloud? Recommendation on getting over “alert fatigue” from CASB, CSPM? Do you see compliance at scale done really well? Apart from Cost Saving, & moving fast, is security another reason for why people should look at cloud? Are there are any good resources for Cloud Security training for staff? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Darpan Shah, Cloud Security Engineer. Darpan has 8 AWS Certificates, 6 GCP certificates and at his work, he works on both Google Cloud and AWS. Host: Ashish Rajan - Twitter @hashishrajan Guest: Darpan Shah - Website In this episode, Darpan & Ashish spoke about What was your path into CyberSecurity or your current role? What does Cloud Security mean for you? Where does a Startup starting in Google Cloud start for Security Foundation? What is Project? What is an Organisation? How does Identity and Access Management work in Google Cloud? How do you scale the architecture from startup to an Enterprise? How does one manage permissions at scale in Google Cloud? How do you implement a simple architecture of  a web app in Google Cloud? What is VPC? Where can people find information on security in Google Cloud? How is Google Cloud different to Oracle Cloud/Ali Baba cloud? Where can people goto upskill and get a job in Google Cloud? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Nicholas Hughes, CEO of EITR Technologies. Host: Ashish Rajan - Twitter @hashishrajan Guest: Nicholas Hughes - Linkedin In this episode, Nicholas & Ashish spoke about Your path into CyberSecurity What does Cloud Security mean for you? Where does one start when it comes to starting today in Azure? What’s the highest level of segregation that one can have in Azure? What does an Azure AD Tenant & Azure Subscription look like? What is a Resource Group in Azure and how is it different to the one in AWS? Hierarchical and Name space structure of Azure Resources Why would you have a Resource Group per subscription instead of all Resource Group in one subscription? Is Account/Subscription the blast radius? What does blast radius mean? How do you manage Compliance and Access to multiple Subscription/ What is Management Groups in Azure and do subscription live in there? How would you structure Management Groups in a business hierarchy? How does policies get applied to multiple subscriptions using Management Groups? Do you share identity between subscriptions? How does Identity work in Enterprise, where shared identity is the only way? How does Account structure differentiate between a Startup, SMB vs Enterprise? What kind of capability exist for cost? What does Account Vending look like in Azure? How does Azure Policy works? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Clint Gibler Host: Ashish Rajan - Twitter @hashishrajan Guest: Clint Gibler - Linkedin In this episode, Clint & Ashish spoke about Your path into CyberSecurity What does Cloud Security mean for you? What does application security mean for you? What makes a good metrics for an effective security team? Principles, mindsets, and methodologies of highly effective security teams What is SAST, DAST Any open source tools that can be integrated into CI/CD pipeline? Is there pentesting knowledge required to move to use DAST tools? How to effectively setup DAST Tool in an organisation? (19:30) What is Software Composition Analysis How does one bring cohesion between security teams? How does security prove to be valuable to teams like Sales & Marketing How does one reduce the noise to signal ratio from the AppSec team What has been your best or worst security team experience? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Tanya Janca, Founder, SheHacksPurple & WeHackPurple. Host: Ashish Rajan - Twitter @hashishrajan Guest: Tanya Janca - Linkedin     Tanya & Ashish spoke about Who is Tanya Janca? :) What was your path into CyberSecurity or your current role? What has professional life been after leaving Microsoft? What does Cloud Security mean for you? What is Application Security or AppSec? Tanya Janca’s Book - “Alice and Bob learn Application Security” How can someone start in Application Security, specially if they are trying to move laterally? What is Static Code Analysis? What is DevSecOps What is CI/CD Pipeline? Loss of AppSec knowledge when people move on? How do you find the motivation to continue? What is an AppSec Program and how can one make it successful? What does a Mature AppSec Program look like? Are there any tools used for Threat Modelling or is it conducted separately? What’s the most difficult piece of AppSec discipline to explain to others again and again? How do I get buy in from management? How do you do Threat Modelling in CI/CD Pipeline or automate it? What soft skills do you need to be an Application Security person? How do you merge AppSec risk in the infrastructure risk to get a wholistic view? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai