Cloud Security Podcast

In this episode of the Virtual Coffee with Ashish edition, we spoke with Matt Johnson, Developer Advocate Lead, Bridgecrew. Host: Ashish Rajan - Twitter @hashishrajan Guest: Matt Johnson - Twitter @metahertz In this episode, Matt & Ashish spoke about What was Matt’s path into Developer Advocate role? What does Cloud Security mean to Matt? What is Infrastructure as Code and Infrastructure Code Security ? Are developers or security teams doing more infrastructure as a code security? What is develop first cloud security? Thoughts on static code and run time analysis? It is a requirements to know Yaml, Python or Json for Cloud Networking? What kind of specific training is recommended for developers who are new to IAC? What open source codes are good resources? Where can people start with infrastructure as security Can people without a security background still take advantage of the open source security tools? How to get started in the open source space? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Pawel Rzepa, Snr Security Consultant, SecuRing. Host: Ashish Rajan - Twitter @hashishrajan Guest: Pawel Rzepa - Twitter @rzepsky In this episode, Pawel & Ashish spoke about What was Pawel’s path into Cybersecurity? What does Cloud Security mean to Pawel? What is Cloud Security Testing and Assessment ? What is a Cyber Kill Chain in a cloud context? What is threat hunting in cloud security assessments? What permissions are required for pentesting in AWS? How does on-premise pentesting translate into cloud? Different tools that can assist with cloud security pentesting. How does hybrid cloud affect the scope of pentester assessments? How to stay on top of your cloud security assessment? The future of cloud security assessment. How github and AWS collaborate to prevent AWS access keys misuse? What are some of the new kind of attacks in cloud? How to get started in cloud pentesting? The need for cloud certification and recommendations for beginners Is there something people are not talking enough about in a cloud security context? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Sriya Potham, Principal Cloud Security Architect Host: Ashish Rajan - Twitter @hashishrajan Guest: Sriya Potham - Linkedin @sriya In this episode, Sriya & Ashish spoke about What was your path into Cybersecurity? Whats your definition of Cloud Security? What is the shared responsibility model? Whats a day in the life of a Cloud Security Architect ? Are cloud architecture reviews different in different industries? As a Cloud Security Architect do you need to focus on the GRC side? Are CCM controls used quite often? What soft and technical skills for you require to be successful as a Cloud Security Architect? Is Cloud Security Architect a technical role? Are certificates important to secure a Cloud Security Architecture role? Does one need to consider doing CCSP? Is architecture different when working with multi-cloud? Is it necessary to know both AWS and Azure? What comes after certification ? Do you need to be technical and have an operational understanding of the controls to give guidance? Are some cloud service provider services not mature enough to be be used in organisations? How do you transition from on premise security architect to cloud security architect? How you get started if you have had no experience in Cloud? Is it better to be experienced in different industries or be specialised in one as a Cloud Security Architect? The difference between Cloud Security Architect and DevSecOps Architect? Can a person be both? Is it valuable to do Comptia Security + ? Is there a myth in cloud security that you hear often? What are people not talking enough about in Cloud Security ? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this Christmas special episode of the Virtual Coffee with Ashish edition, we had a panel of successful CyberSecurity Podcast Hosts that answered questions about starting and running a successful CyberSecurity Podcast. Panel Participants: Host: Ashish Rajan - Twitter @hashishrajan, Host of Cloud Security Podcast Guest 1: Chris Cochran - Linkedin chriscochrancyber ,Podcast co-Host, Hacker Valley Studio Guest 2: James J Azar - Linkedin James-j-azar, Podcast host, The CyberHub Podcast In this episode, Ashish & Panelist spoke about The Journey - A bit about your podcast, how you got started? Thoughts on finding podcast niche? How do you find you “Voice”? Thoughts on audio vs video podcast format? The moments that make you most proud about your podcast? What does it take to start a podcast? 1st few things to consider? How to find podcast guests? Specially as a beginner? What are the big challenges of running a podcast? What is a Big NO in the world of podcasting for you ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Youtube Channel: https://lnkd.in/gUHqSai - Twitch Channel: https://lnkd.in/gxhFrqw

In this episode of the Virtual Coffee with Ashish edition, we spoke with Monica Verma, CISO Host: Ashish Rajan - Twitter @hashishrajan Guest: Monica Verma - Linkedin @monicaverma In this episode, Monica & Ashish spoke about What was your path into Cybersecurity? What does Cloud Security mean for you? How do you explain risk management to people? Can an organisation be risk free? Are there any obvious risk management considerations and challenges people should consider? What are some of the building blocks of risk management that people can start with? Which risk assessment strategy would you suggest for a new business? How has insider risk evolved with cloud? What are the top 10 risks in cloud security? Is there a security strategy roadmap for cloud security business leaders? Should cyber-resilience be the goal for an organisational security roadmap? Cyber secure vs cyber resilience, whats more important? What are the misconceptions about cloud that haven’t been de-mystified yet? Is it better from a risk standpoint to stick to one cloud vendor? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Sam Small, Chief Security Officer, Zerofox Host: Ashish Rajan - Twitter @hashishrajan Guest: Sam Small - Linkedin @samsmallphd In this episode, Sam & Ashish spoke about What was your path into your current role? What are Digital Risk and Digital Threats? How do you identify Digital Risk? what are the broad categories? How is Digital Risk different at an organisation level? Is Digital Risk Protection the same as Cyber Threat intelligence? What risks does Digital Risk Protection (DRP) protect organisations against? What can organisations do as part of Digital Risk Protection (DRP)  apart from seeking legal actions? Is there an overlap between social engineering and digital risk protection? Are digital risk threats on the rise? How do we respond to attacks where social media is being social engineered? How do you assess the maturity of DRP in an organisation? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Matthew Fuller, co-Founder CloudSploit, Aqua Host: Ashish Rajan - Twitter @hashishrajan Guest: Matthew Fuller - Linkedin @mattdfuller In this episode, Matthew & Ashish spoke about What was your path into your current role? What was the inspiration behind CloudSpoilt? What does Cloud Security mean for you? What are your thoughts for organisations navigating the dilemma of buy first vs build first? What is Open Source? Open Source, what is the community driven model here? What is a role of a cloud security engineer? What are the absolute foundational challenges with Open Source? Is experience with Linux beneficial if you are going Open Source? Do the challenges change with hybridcloud, multicloud, polycloud etc? How were you away to stay away from the VCs and basically boot strap What are some of the considerations when choosing between open source and a vendor product? What are the challenges or the bad with Open Source? How do you assess the maturity of security of an environment? Are there cloud security myths that you want to debunk? Whats your advice to people who want to dabble in Open Source? Is there something that isn’t being talked enough about in the Cloud Security Space? As the cloud becomes more featured the amount of complexity and securing the cloud grows, even tools that help you with security require a lot more learning.  Any comments on this statement? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Melissa Benua, Director of Engineering Host: Ashish Rajan - Twitter @hashishrajan Guest: Melissa Benua - Linkedin @mbenua In this episode, Melissa & Ashish spoke about What was your path into the Engineering Manager role? What does Cloud Security mean for you? For those people listening what are some of the foundational Modern Delivery methods - CI/CD, Trunkline deployments etc What roles does security can play in such environments? What does a super mature model of CI/CD look like? What are some of the recommendations for the building blocks? Is continuous monitoring part of CI/CD security Can you do CI/CD without knowing how to code? Is there any role that Cloud plays in enabling this - Cloud Native services vs using other open source options? What is the difference between Github vs GitLab? What are the Challenges for development/security - when transitioning from deploying 6 months to  multiple deployments a day  - quality, speed, Reliability, repeatability during this process What is SDLC? What does CI/CD work at scale? What does Nirvana looks like for a Mature SDLC? How do you measure CI/CD maturity? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Naomi Buckwalter Host: Ashish Rajan - Twitter @hashishrajan Guest: Naomi Buckwalter - Linkedin @naomi-buckwalter In this episode, Naomi & Ashish spoke about What was your path into CyberSecurity? What does Cloud Security mean for you? What is GDPR? Privacy vs Security? How do we define processing data for purposes of GDPR? At what point GDPR become a legal thing vs a security thing? Does an AU company with data is in the EU need to comply with GDPR? Is GDPR in Cloud different? What are the potential landmines that most of us are not aware of? How do small to mid-size business deal with the overhead of being a GDPR compliant? Where do small to medium businesses start with GDPR? Is GDPR like a regular audit? What is a sub processor? What legal representation do you need for GDPR? How to implement GDPR in Azure? Any particular Azure services that you recommend for GDPR compliance? Can you request for your specific data to be deleted from a company as part of GDPR? What are the GDPR challenges for large enterprise? Is there a disconnect between legal and the data protection officer? What is the intention behind GDPR? Do startups have to worry about GDPR? What part of EU citizen data is sensitive ? Can GDPR be automated? What are some things companies need to do in order to comply with the GDPR? How about in the cloud? Are there specific things cloud-based companies must do to comply with the GDPR? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Casey Ellis Host: Ashish Rajan - Twitter @hashishrajan Guest: Casey Ellis - Linkedin @caseyjohnellis In this episode, Casey & Ashish spoke about What was your path into CyberSecurity .What does Cloud Security mean for you? CrowdSource security as a service model & Bug Bounty, can you tell the audience about this space? How do you make people feel comfortable with the concept of crowdsource security? Is bug bounty only for big companies? How do you make sure you are not painting a big bulls eye on your back through crowdsource security? Basic things people can start with - security.txt, responsible disclosure? How can people get into the Bug Bounty Space? Can anyone get into it? How do we fix the ostrich head in the sane mentally of less mature organisations? How can we foster a safer environment to talk about Bug Bounty openly? When Bug Bounty goes wrong? How do economics and game theory play into the crowdsourcing bug bounty scene? Do researchers look for other outlets? How do companies find the sweet spot of payments? Is it better to disclose a bug to a third party or the actual company? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai