Cloud Security Podcast

In this episode of the Virtual Coffee with Ashish edition, we spoke with Sam Small, Chief Security Officer, Zerofox Host: Ashish Rajan - Twitter @hashishrajan Guest: Sam Small - Linkedin @samsmallphd In this episode, Sam & Ashish spoke about What was your path into your current role? What are Digital Risk and Digital Threats? How do you identify Digital Risk? what are the broad categories? How is Digital Risk different at an organisation level? Is Digital Risk Protection the same as Cyber Threat intelligence? What risks does Digital Risk Protection (DRP) protect organisations against? What can organisations do as part of Digital Risk Protection (DRP)  apart from seeking legal actions? Is there an overlap between social engineering and digital risk protection? Are digital risk threats on the rise? How do we respond to attacks where social media is being social engineered? How do you assess the maturity of DRP in an organisation? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Matthew Fuller, co-Founder CloudSploit, Aqua Host: Ashish Rajan - Twitter @hashishrajan Guest: Matthew Fuller - Linkedin @mattdfuller In this episode, Matthew & Ashish spoke about What was your path into your current role? What was the inspiration behind CloudSpoilt? What does Cloud Security mean for you? What are your thoughts for organisations navigating the dilemma of buy first vs build first? What is Open Source? Open Source, what is the community driven model here? What is a role of a cloud security engineer? What are the absolute foundational challenges with Open Source? Is experience with Linux beneficial if you are going Open Source? Do the challenges change with hybridcloud, multicloud, polycloud etc? How were you away to stay away from the VCs and basically boot strap What are some of the considerations when choosing between open source and a vendor product? What are the challenges or the bad with Open Source? How do you assess the maturity of security of an environment? Are there cloud security myths that you want to debunk? Whats your advice to people who want to dabble in Open Source? Is there something that isn’t being talked enough about in the Cloud Security Space? As the cloud becomes more featured the amount of complexity and securing the cloud grows, even tools that help you with security require a lot more learning.  Any comments on this statement? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Melissa Benua, Director of Engineering Host: Ashish Rajan - Twitter @hashishrajan Guest: Melissa Benua - Linkedin @mbenua In this episode, Melissa & Ashish spoke about What was your path into the Engineering Manager role? What does Cloud Security mean for you? For those people listening what are some of the foundational Modern Delivery methods - CI/CD, Trunkline deployments etc What roles does security can play in such environments? What does a super mature model of CI/CD look like? What are some of the recommendations for the building blocks? Is continuous monitoring part of CI/CD security Can you do CI/CD without knowing how to code? Is there any role that Cloud plays in enabling this - Cloud Native services vs using other open source options? What is the difference between Github vs GitLab? What are the Challenges for development/security - when transitioning from deploying 6 months to  multiple deployments a day  - quality, speed, Reliability, repeatability during this process What is SDLC? What does CI/CD work at scale? What does Nirvana looks like for a Mature SDLC? How do you measure CI/CD maturity? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Naomi Buckwalter Host: Ashish Rajan - Twitter @hashishrajan Guest: Naomi Buckwalter - Linkedin @naomi-buckwalter In this episode, Naomi & Ashish spoke about What was your path into CyberSecurity? What does Cloud Security mean for you? What is GDPR? Privacy vs Security? How do we define processing data for purposes of GDPR? At what point GDPR become a legal thing vs a security thing? Does an AU company with data is in the EU need to comply with GDPR? Is GDPR in Cloud different? What are the potential landmines that most of us are not aware of? How do small to mid-size business deal with the overhead of being a GDPR compliant? Where do small to medium businesses start with GDPR? Is GDPR like a regular audit? What is a sub processor? What legal representation do you need for GDPR? How to implement GDPR in Azure? Any particular Azure services that you recommend for GDPR compliance? Can you request for your specific data to be deleted from a company as part of GDPR? What are the GDPR challenges for large enterprise? Is there a disconnect between legal and the data protection officer? What is the intention behind GDPR? Do startups have to worry about GDPR? What part of EU citizen data is sensitive ? Can GDPR be automated? What are some things companies need to do in order to comply with the GDPR? How about in the cloud? Are there specific things cloud-based companies must do to comply with the GDPR? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Casey Ellis Host: Ashish Rajan - Twitter @hashishrajan Guest: Casey Ellis - Linkedin @caseyjohnellis In this episode, Casey & Ashish spoke about What was your path into CyberSecurity .What does Cloud Security mean for you? CrowdSource security as a service model & Bug Bounty, can you tell the audience about this space? How do you make people feel comfortable with the concept of crowdsource security? Is bug bounty only for big companies? How do you make sure you are not painting a big bulls eye on your back through crowdsource security? Basic things people can start with - security.txt, responsible disclosure? How can people get into the Bug Bounty Space? Can anyone get into it? How do we fix the ostrich head in the sane mentally of less mature organisations? How can we foster a safer environment to talk about Bug Bounty openly? When Bug Bounty goes wrong? How do economics and game theory play into the crowdsourcing bug bounty scene? Do researchers look for other outlets? How do companies find the sweet spot of payments? Is it better to disclose a bug to a third party or the actual company? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Daniel Miessler Host: Ashish Rajan - Twitter @hashishrajan Guest: Daniel Miessler - Linkedin @danielmiessler In this episode, Daniel & Ashish spoke about What was your path into CyberSecurity Continuous Monitoring(CM) or Continuous Auditing - is that the same thing for you? CI/CD, one would assume CM is obvious, or is CM more of a mature organisation thing? At what point, should an organisation consider Continuous Monitoring? Do smaller organisations need to think about it as well? What is BugBounty? How do we find more about BugBounty resources for continuous monitoring? Are you using Python for automation? How to manage risk around Bounty program? What suggestions do you have for continuous monitoring in a multi cloud environment? Have you added any machine learning algorithms to your methodology or KO moves? How can one start with automation when looking for vulnerability Continuously How do you scale inventory for resources? Can you use it to find fake phishing websites? Custom code vs product for continuous monitoring? Is there alert fatigue in continuous monitoring? Why is it important to do continuous monitoring? Does everyone in tech or in general need to have a personal brand? Tips for Personal Branding for audience that enjoys blogging or podcasting? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Houston Hopkins, Director CyberSecurity, Capital One Host: Ashish Rajan - Twitter @hashishrajan Guest: Houston Hopkins - Linkedin @houstonhopkins In this episode, Houston & Ashish spoke about What was your path into CyberSecurity? How Capital one pioneered as bank moving into AWS Cloud? What immediate security challenges does Cloud Security in a Hybrid world look like, without going into tools. Do you prefer to use AWS native tools for security observability or a vendor product? What are some of the Security challenges to solve when looking at a large cloud landscape? (threat detection at scale, continuous compliance etc) Is accountability a challenge for Cloud at Scale? Does this change quite a bit for security in one cloud compared to another? (resources that know multiple cloud etc) Which approach do you recommend - Standardizing security vs Operationalize and Manage with more staff for effective security across multi-cloud environments? Immediate challenges around multi-cloud -  Maintaining visibility of assets and secure configurations in a large multi-cloud environment What does detection and prevention look like in a cloud landscape? How do you keep track of all the AWS services? What security controls across compute heavy vs serverless vs containers in a multi-cloud world How do you get visibility in the current poly-cloud or multi-cloud world? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Caleb Sima, VP - Security, Databricks Host: Ashish Rajan - Twitter @hashishrajan Guest: Caleb Sima - Linkedin @CalebSima In this episode, Caleb & Ashish spoke about What was your path into CyberSecurity? Bulletin Board vs IRC What is Cloud Security? Are security challenges harder or difficult between Enterprise vs Cloud built companies? What are the challenges for migrating from on-premise to cloud? What are your thoughts on IAM, Roles & VPCs? How many different tools did you need for visibility of vulnerabilities when moving to cloud? Should organisation’s look at Cloud Service Providers outside of Azure, AWS, GCP  e.g Digital Ocean, OpenShift. How important is security culture and how do you see it be part of the success of an organisation? Has the view point changed since the last time you wrote the Do’s,Don’t & Myths of Startups Do you feel industry is adopting preferring more managed security services vs self customization For someone who is starting into CyberSecurity and would like to get to your role, what kind of skill set should they be focussing on? What about people with experience trying to get to a leadership role? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Jerome Walter, Security Modernisation, Director, VMWare Host: Ashish Rajan - Twitter @hashishrajan Guest: Jerome Walter - Linkedin @JWalter In this episode, Jerome & Ashish spoke about What is with the title - Security Modernisation? What is Security Chaos Engineering? What is Chaos Engineering Experiments? Example of a Chaos Engineering Experiment Are the experiments running continuously or point in time? How do we balance between putting security controls vs developer convenience? Is there an element of Pentesting in Security Chaos Engineering? Does the Chaos Experiments need to take place in Production? Is Chaos Engineering and DevSecOps same? How do you know the maturity of a Chaos Engineering Practice? How important is organisation culture when it’s going Agile? Is there a need for people to know Threat Modelling to start with Chaos Engineering experiments? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition for Cloud Security Podcast, we spoke with Alexander J Yawn - ISC2 Miami Board Member | NABCRMP Founding Board Member Host: Ashish Rajan - Twitter @hashishraja Guest: Alexander J Yawn - Linkedin @AJYawn In this episode, AJ & Ashish spoke about What was your path into CyberSecurity? What does Compliance in Cloud mean for you? What is Shared Responsibility? How is Compliance different in a Hybrid world? For anyone who used to audit on-premise, is it difficult to audit cloud environments? There are so many AWS services for security, are those for monitoring or audit? Do Auditors need to be technical like Cloud Engineer to be successful as an auditor in Cloud? Auditors should be open to the idea of learning cloud? Do Auditors need to be Certified Architect? What are the some of the easy things to knocks off to start building foundation stuff? Is there a recommended time frame between audits in a cloud world? Can this Compliance task be automated? How is the GuardDuty report different to Trusted Advisor Report? Is there a company mandate to check these security services? What advice can you provide for preparing for an audit against specific compliance framework? Does a point in time check make sense in cloud? Does the cloud provider provide advice to their customer when they are not secure? How does compliance scale from a startup to an enterprise? Is there additional cost for multiple AWS Accounts? Where can auditors go to know more about doing Audits on Cloud? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai