Cloud Security Podcast

In this episode of the Virtual Coffee with Ashish edition, we spoke with Christopher Hughes, CISSP, Cloud Security Engineer. Host: Ashish Rajan - Twitter @hashishrajan Guest: Chris Hughes - Linkedin Chris & Ashish spoke about What was Chris’s path into CyberSecurity & Cloud Security? What is a Cloud Security Engineer? What does Cloud Security mean in AWS or Azure or GCP context? For any Students/SysAdmins/developers listening, who want to get into the field (certification etc) Have doing the certifications been helpful?. Any recommendations for those who want to pass the AWS Security Speciality Exam? What are some of the beginner or advanced security implementations in AWS that you can share for the audience to learn from? How does one maintain the security review cycle of the cloud service? Examples of Cloud Security scenarios that you get involved with through Cloud Security Alliance work Course for AWS Security Speciality Exam, recommendation by Chris Hughes - https://www.udemy.com/course/aws-certified-security-specialty/ ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch video of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Edwin Kwan, Head of Application and Software Security at Tyro payments. Host: Ashish Rajan - Twitter @hashishrajan Guest: Edwin Kwan - Twitter @edkwan Edwin & Ashish spoke about What was Edwin’s path into CyberSecurity? What is AppSec for people who don't know? What is the difference between Application Security and Software Security? Is being a developer an advantage going into Application Security? Is AppSec any different between cloud compared so an application deployed on-premise? Enabling an engineering security culture - What does this mean for those who don't know? Engineering Security Culture - How has it evolved to now most of the code developed is using open source libraries Enabling an engineering security culture - Where can one start and what should be avoided? What is DevSecOps for you? Edwin’s book - Failure of DevSecOps ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch the previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Alannah Guo, Founder of 0xCC & Pentester. Host: Ashish Rajan - Twitter @hashishrajan Guest: Alannah Guo - Twitter @AlannahGuo Alannah & Ashish spoke about What was your path into CyberSecurity? What's the best way to get into pentesting? Do you have to be a fan of gaming/star wars/mr robot to be connect with fellow cybersecurity people? Is it important to technical as a women to be respected by male colleagues in cybersecurity What are the advantages of working as a pentester, if a female audience member is in cloud and wants to get into web app pentesting, it is an advantage or not? Are there any communities that our audience can be part of to network or learn more about PenTesting What is 0xCC? What was special about the 0xCC merchandise this year? Value of Women in Cyber groups / seeking Mentorship ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch the previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode sponsored by Virtual Coffee with Ashish edition, we spoke with Francesco Cipollone, Chapter Chair (UK), Cloud Security Alliance Host: Ashish Rajan - Twitter @hashishrajan Guest: Francesco Cipollone - Twitter @Frances07789950 Francesco & Ashish spoke about Why would someone choose Google Cloud over AWS or Azure? What does Security in Google Cloud look like for those using other cloud? Is making Terraform a universal script for multi-cloud environment, great idea? Is multi-cloud a good idea? How mature is Security in Google compared to AWS/Azure? For any Security Architect listening to this episode, what should they consider for Google Cloud? EKS vs GKE? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch the previous episodes:  - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode sponsored by Virtual Coffee with Ashish edition, we spoke with Graeme Cantu-Park, CISO of Matilion Host: Ashish Rajan - Twitter @hashishrajan Guest:  Graeme Cantu-Park - Linkedin What is culture - why is it important and how does it intersect with security? How is culture done right for remote employees, thanks COVID! Why is culture in Growth organisations so important? Can you tell me some examples from experience of what worked well there? Security often isn't included in a growth organisation until a later stage (look at zoom). How do you apply security without disrupting culture? Anyone starting in a CISO/Head of Security role with a small team or brought into building the team, what should they focus on in the beginning? Is it more a low cost security product or build first approach you prefer to doing security in a growth environment? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch the previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Alissa Knight, Car Hacker, Author, Cybersecurity Influencer and Entrepreneur Host: Ashish Rajan - Twitter @hashishrajan Guest: Alissa Knight - Twitter @alissaknight What is a Connected Car? What is API? How do I secure APIs? How can someone secure API for Connected Cars? What should you do to monitor API? Can I buy a Tesla? Apple has API to record body contact, which cannot be turned OFF COVID Safe apps and the future of how freely information is collected by internet aware smart devices? Who do you report to when you are concerned about your connected car? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan @alissaknight

In this episode of the Virtual Coffee with Ashish edition, we spoke with Tim Heckman, Sr. SRE Netflix. Host: Ashish Rajan - Twitter @hashishrajan Guest: Tim Heckman What is SRE? Is it helpful to have SRE team when you already have a Security team? What does Security in Netflix look like? How can people scale maturity in security when dealing with cloud and multi-cloud? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan @theckman

In this episode of the Virtual Coffee with Ashish edition, we spoke with @Taylor Hersom about  Why do CyberSecurity Professionals need to think about talking Cyber Security to the board? What kind of cybersecurity metrics works best for Board? Is Fear, Uncertainty, Doubt (FUD) the right way to approach presenting cybersecurity to the board? FAIR methodology to put $ value against each RISK - Risk and Governance is a great space to start for those who want to start in cybersecurity but are not too technical? Does being knowledgable in datacenter governance beneficial in world of Cloud? Can companies get NIST Certified or is it only NIST Compliance? NIST vs ISO vs CMMC and Department of Defence affecting the industry? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan

In this episode, we sit with Chris Cochran & Ronald Eddings from Hacker Valley Studio. Chris Cochran & Ronald Eddings from Hacker Valley Studio & Ashish spoke about How did you get into CyberSecurity? What is Cloud Security? Is multi-cloud a thing? What is a good maturity in the Cloud Security space? How does Security change in a world of COVID19? What are people not talking enough about cloud security ? Mentorship and CyberSecurity Podcast More info and show notes transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan @theHackerValley @chriscochrcyber @ronaldeddings

In this episode, we sit with Abhay Bhargav, CTO, we45. Abhay & Ashish spoke about What is Cloud Security? Is multi-cloud a thing? What is DevSecOps? What is a good maturity in the DevSecOps space? What’s a free tool to get started today for developers? What about starting with Threat Modelling as a beginner? Doing Application Security (AppSec) at scale, what does that look like? How does Security change in a world of serverless? Can there be too many functions? Lack of servers in serverless, mean that Static code analysis, Software Compositions important? What’s the most common misconception of cloud? What are people not talking enough about in the appsecurity and cloud security space? More info and show notes on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan @abhaybhargav