Cloud Security Podcast

In this episode of the Virtual Coffee with Ashish edition, we spoke with Alexandre Sieira - Founder @ Tenchi Security Host: Ashish Rajan - Twitter @hashishrajan Guest: Alexandre Sieira - Twitter @AlexandreSieira In this episode, Alex & Ashish spoke about What was your path into CyberSecurity? What does Cloud Security mean for you? How is Security different in a cloud world? What are the kind of Identities in AWS? What are the challenges with IT? Identity in AWS vs Identity in Azure? Best practices for Privilege and non-Privilege users in AWS? AWS SSO How important are Domain Accounts in Cloud World/ Importance of 2FA? What is Cross Account and why does it matter in Cloud? IAM Role in AWS? AWS STS service in AWS? What about Bio metrics as a 2FA? How does one manage identity across a large cloud landscape? Multi-cloud or Poli-cloud? Security people that know all clouds? How should one manage Root Accounts in AWS? What are the challenges with Identity that people are not talking enough about? Recommendation on good source of AWS security training Thoughts on AWS Cognito? Cognito Research by Andres Riancho- https://andresriancho.com/internet-scale-analysis-of-aws-cognito-security/ Auditing IAM using Cloud Spanning - https://github.com/salesforce/cloudsplaining Policy Sentry - https://github.com/salesforce/policy_sentry IAM Policy Generator and AWS Challenges between products ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with David O’Brien, MVP Azure , Argos Founder Host: Ashish Rajan - Twitter @hashishrajan Guest: David O'Brien - Twitter @david_obrien In this episode, David & Ashish spoke about What does Cloud Security in Azure mean for you? What is Identity & Access Management? What is IAM from Hybrid vs in Cloud? How does this compare to identity in AWS IAM/Organisations? What kind of Human Users exist in Azure? What kind of Robot Users exist in Azure? How does Identity differ for Third Party in Azure? How does Privilege Access Management work in Azure? What kind of Deployment Types exist in a mature vs new built in Azure? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Gaurav Kumar, co-founder of RedLock (now part of Palo Alto Prisma Cloud). Host: Ashish Rajan - Twitter @hashishrajan Guest: Gaurav Kumar - Linkedin In this episode, Gaurav & Ashish spoke about What was your path into CyberSecurity What does Cloud Security mean for you? If I am starting in Cloud today, do I need a CSPM? Do I need a CSPM if I am in multi-cloud with a small foot print? Story behind Gartner not recognising CSPM as a legit space? What are the current problem spaces that are being solved or not solved in Cloud Security? Is Security Observability, same as behaviour analysis? Is Security Observability, appear in cloud space and not just logging? What’s the example of Observability? Is CloudTrail and Insights an example of Observability? How important is logging everything vs relevant observation from logs? What do you think of CASB and that space? How do you find out what to protect the assets you have in cloud? Recommendation on getting over “alert fatigue” from CASB, CSPM? Do you see compliance at scale done really well? Apart from Cost Saving, & moving fast, is security another reason for why people should look at cloud? Are there are any good resources for Cloud Security training for staff? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Darpan Shah, Cloud Security Engineer. Darpan has 8 AWS Certificates, 6 GCP certificates and at his work, he works on both Google Cloud and AWS. Host: Ashish Rajan - Twitter @hashishrajan Guest: Darpan Shah - Website In this episode, Darpan & Ashish spoke about What was your path into CyberSecurity or your current role? What does Cloud Security mean for you? Where does a Startup starting in Google Cloud start for Security Foundation? What is Project? What is an Organisation? How does Identity and Access Management work in Google Cloud? How do you scale the architecture from startup to an Enterprise? How does one manage permissions at scale in Google Cloud? How do you implement a simple architecture of  a web app in Google Cloud? What is VPC? Where can people find information on security in Google Cloud? How is Google Cloud different to Oracle Cloud/Ali Baba cloud? Where can people goto upskill and get a job in Google Cloud? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Nicholas Hughes, CEO of EITR Technologies. Host: Ashish Rajan - Twitter @hashishrajan Guest: Nicholas Hughes - Linkedin In this episode, Nicholas & Ashish spoke about Your path into CyberSecurity What does Cloud Security mean for you? Where does one start when it comes to starting today in Azure? What’s the highest level of segregation that one can have in Azure? What does an Azure AD Tenant & Azure Subscription look like? What is a Resource Group in Azure and how is it different to the one in AWS? Hierarchical and Name space structure of Azure Resources Why would you have a Resource Group per subscription instead of all Resource Group in one subscription? Is Account/Subscription the blast radius? What does blast radius mean? How do you manage Compliance and Access to multiple Subscription/ What is Management Groups in Azure and do subscription live in there? How would you structure Management Groups in a business hierarchy? How does policies get applied to multiple subscriptions using Management Groups? Do you share identity between subscriptions? How does Identity work in Enterprise, where shared identity is the only way? How does Account structure differentiate between a Startup, SMB vs Enterprise? What kind of capability exist for cost? What does Account Vending look like in Azure? How does Azure Policy works? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Clint Gibler Host: Ashish Rajan - Twitter @hashishrajan Guest: Clint Gibler - Linkedin In this episode, Clint & Ashish spoke about Your path into CyberSecurity What does Cloud Security mean for you? What does application security mean for you? What makes a good metrics for an effective security team? Principles, mindsets, and methodologies of highly effective security teams What is SAST, DAST Any open source tools that can be integrated into CI/CD pipeline? Is there pentesting knowledge required to move to use DAST tools? How to effectively setup DAST Tool in an organisation? (19:30) What is Software Composition Analysis How does one bring cohesion between security teams? How does security prove to be valuable to teams like Sales & Marketing How does one reduce the noise to signal ratio from the AppSec team What has been your best or worst security team experience? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Tanya Janca, Founder, SheHacksPurple & WeHackPurple. Host: Ashish Rajan - Twitter @hashishrajan Guest: Tanya Janca - Linkedin     Tanya & Ashish spoke about Who is Tanya Janca? :) What was your path into CyberSecurity or your current role? What has professional life been after leaving Microsoft? What does Cloud Security mean for you? What is Application Security or AppSec? Tanya Janca’s Book - “Alice and Bob learn Application Security” How can someone start in Application Security, specially if they are trying to move laterally? What is Static Code Analysis? What is DevSecOps What is CI/CD Pipeline? Loss of AppSec knowledge when people move on? How do you find the motivation to continue? What is an AppSec Program and how can one make it successful? What does a Mature AppSec Program look like? Are there any tools used for Threat Modelling or is it conducted separately? What’s the most difficult piece of AppSec discipline to explain to others again and again? How do I get buy in from management? How do you do Threat Modelling in CI/CD Pipeline or automate it? What soft skills do you need to be an Application Security person? How do you merge AppSec risk in the infrastructure risk to get a wholistic view? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Aaron Rinehart, CTO Co-Founder Verica. This is episode not to miss. Host: Ashish Rajan - Twitter @hashishrajan Guest: Aaron Rinehart - Linkedin Aaron & Ashish spoke about Who is A-aran? :) What was your path into CyberSecurity or your current role? What is Chaos Engineering? Is Fuzzing part of Chaos Engineering? Is Chaos Engineering for SREs? Is there an example of application fault injection from a cloud perspective? What concepts of Chaos Engineering are people not talking about? Does Chaos Engineering need to happen in production? How does Chaos Engineering affects readiness in terms of incident response? Would Chaos Engineering be part of a Table Top Exercise with executives? How does Chaos Engineering affect automation and Security? What are the trends that you are seeing in Chaos Engineering? Is Cloud Transformation the right time to trigger Chaos Experiments? Is there a Maturity Model to Chaos or Chaos is offered as a service? What are the elements to building a business case for chaos engineering to get support from business stakeholders? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Parul Kharub, CISSP, HMM. Parul has spent number of years in the Operational Technology (OT) space building cybersecurity strategy and if you in the OT space or want to do cybersecurity in this space. This is episode not to miss. Host: Ashish Rajan - Twitter @hashishrajan Guest: Parul Kharub - Linkedin Parul & Ashish spoke about What was your path into CyberSecurity or your current role? What does Cloud Security mean for you? Do you work in any particular cloud provider or multi-cloud? Operational Technology Vs Informational Technology, what’s the difference? Example of industries that use Operational Technology How is the public cloud space effecting OT environments? What is Industry Evolution 4.0? What is IoT? Why would someone move OT environment (physical assets) to Cloud? Example of Cyberattacks in OT and how do these attackers get access to this network? Social Engineering, Phishing, SPAMs are these relevant in Operational Technology environments? How are the different environments like IT, Corporate IT & Operational Technology architected in this industries? Do Executives, C-Suite in such industries know about cybersecurity for OT? Is the Information Security Triad for OT world different? CIA + Safety What are the right process to consider for an Operational Technology environment? What does Incident Response and CyberSafety process and training look like in OT environments? Relevance of IoT and AI in OT (Smart Factory or Smart Devices or 5G LTE)? What certifications and training (certifications) are available for cybersecurity jobs in an Operational Technology industry (e.g Tesla) ? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Abbas Kudrati, CyberSecurity Advisor for Microsoft Asia Pacific Region. Abbas has previously worked in various large companies as a CISO and continues to share and support Microsoft Azure customers understand security in a world of cloud.  This is episode not to miss. Host: Ashish Rajan - Twitter @hashishrajan Guest: Abbas Kudrati - Linkedin Abbas & Ashish spoke about What was your path into CyberSecurity or your current role? Information Security Vs Cyber Security, what’s the difference? What does Cloud Security mean for you? What is Digital Transformation and why CISOs are being involved? Board meetings think about cybersecurity and risk? Has Cloud made Board conversations easier for more budget? What kind of objective is the focus for CISOs within different industries? Example of business use case for moving to O365 for compliance? What are the impact on cyber priorities for CISO because of COVID19? How do you show value of CyberSecurity for the organisation and the Board? What are the Top 3 priorities for CISOs in 2020? Have COVID-19 affected businesses reaching out consulting companies in a particular industry? How has COVID-19 affected the Business Continuity plan, Crisis Management plans, Incident Response Plan and related teams? Longevity of CISO roles, why most roles don’t go beyond 18 months? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch video of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai