Cloud Security Podcast

In this episode of the Virtual Coffee with Ashish edition, we spoke with Daniel Miessler Host: Ashish Rajan - Twitter @hashishrajan Guest: Daniel Miessler - Linkedin @danielmiessler In this episode, Daniel & Ashish spoke about What was your path into CyberSecurity Continuous Monitoring(CM) or Continuous Auditing - is that the same thing for you? CI/CD, one would assume CM is obvious, or is CM more of a mature organisation thing? At what point, should an organisation consider Continuous Monitoring? Do smaller organisations need to think about it as well? What is BugBounty? How do we find more about BugBounty resources for continuous monitoring? Are you using Python for automation? How to manage risk around Bounty program? What suggestions do you have for continuous monitoring in a multi cloud environment? Have you added any machine learning algorithms to your methodology or KO moves? How can one start with automation when looking for vulnerability Continuously How do you scale inventory for resources? Can you use it to find fake phishing websites? Custom code vs product for continuous monitoring? Is there alert fatigue in continuous monitoring? Why is it important to do continuous monitoring? Does everyone in tech or in general need to have a personal brand? Tips for Personal Branding for audience that enjoys blogging or podcasting? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Houston Hopkins, Director CyberSecurity, Capital One Host: Ashish Rajan - Twitter @hashishrajan Guest: Houston Hopkins - Linkedin @houstonhopkins In this episode, Houston & Ashish spoke about What was your path into CyberSecurity? How Capital one pioneered as bank moving into AWS Cloud? What immediate security challenges does Cloud Security in a Hybrid world look like, without going into tools. Do you prefer to use AWS native tools for security observability or a vendor product? What are some of the Security challenges to solve when looking at a large cloud landscape? (threat detection at scale, continuous compliance etc) Is accountability a challenge for Cloud at Scale? Does this change quite a bit for security in one cloud compared to another? (resources that know multiple cloud etc) Which approach do you recommend - Standardizing security vs Operationalize and Manage with more staff for effective security across multi-cloud environments? Immediate challenges around multi-cloud -  Maintaining visibility of assets and secure configurations in a large multi-cloud environment What does detection and prevention look like in a cloud landscape? How do you keep track of all the AWS services? What security controls across compute heavy vs serverless vs containers in a multi-cloud world How do you get visibility in the current poly-cloud or multi-cloud world? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Caleb Sima, VP - Security, Databricks Host: Ashish Rajan - Twitter @hashishrajan Guest: Caleb Sima - Linkedin @CalebSima In this episode, Caleb & Ashish spoke about What was your path into CyberSecurity? Bulletin Board vs IRC What is Cloud Security? Are security challenges harder or difficult between Enterprise vs Cloud built companies? What are the challenges for migrating from on-premise to cloud? What are your thoughts on IAM, Roles & VPCs? How many different tools did you need for visibility of vulnerabilities when moving to cloud? Should organisation’s look at Cloud Service Providers outside of Azure, AWS, GCP  e.g Digital Ocean, OpenShift. How important is security culture and how do you see it be part of the success of an organisation? Has the view point changed since the last time you wrote the Do’s,Don’t & Myths of Startups Do you feel industry is adopting preferring more managed security services vs self customization For someone who is starting into CyberSecurity and would like to get to your role, what kind of skill set should they be focussing on? What about people with experience trying to get to a leadership role? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Jerome Walter, Security Modernisation, Director, VMWare Host: Ashish Rajan - Twitter @hashishrajan Guest: Jerome Walter - Linkedin @JWalter In this episode, Jerome & Ashish spoke about What is with the title - Security Modernisation? What is Security Chaos Engineering? What is Chaos Engineering Experiments? Example of a Chaos Engineering Experiment Are the experiments running continuously or point in time? How do we balance between putting security controls vs developer convenience? Is there an element of Pentesting in Security Chaos Engineering? Does the Chaos Experiments need to take place in Production? Is Chaos Engineering and DevSecOps same? How do you know the maturity of a Chaos Engineering Practice? How important is organisation culture when it’s going Agile? Is there a need for people to know Threat Modelling to start with Chaos Engineering experiments? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition for Cloud Security Podcast, we spoke with Alexander J Yawn - ISC2 Miami Board Member | NABCRMP Founding Board Member Host: Ashish Rajan - Twitter @hashishraja Guest: Alexander J Yawn - Linkedin @AJYawn In this episode, AJ & Ashish spoke about What was your path into CyberSecurity? What does Compliance in Cloud mean for you? What is Shared Responsibility? How is Compliance different in a Hybrid world? For anyone who used to audit on-premise, is it difficult to audit cloud environments? There are so many AWS services for security, are those for monitoring or audit? Do Auditors need to be technical like Cloud Engineer to be successful as an auditor in Cloud? Auditors should be open to the idea of learning cloud? Do Auditors need to be Certified Architect? What are the some of the easy things to knocks off to start building foundation stuff? Is there a recommended time frame between audits in a cloud world? Can this Compliance task be automated? How is the GuardDuty report different to Trusted Advisor Report? Is there a company mandate to check these security services? What advice can you provide for preparing for an audit against specific compliance framework? Does a point in time check make sense in cloud? Does the cloud provider provide advice to their customer when they are not secure? How does compliance scale from a startup to an enterprise? Is there additional cost for multiple AWS Accounts? Where can auditors go to know more about doing Audits on Cloud? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Alexandre Sieira - Founder @ Tenchi Security Host: Ashish Rajan - Twitter @hashishrajan Guest: Alexandre Sieira - Twitter @AlexandreSieira In this episode, Alex & Ashish spoke about What was your path into CyberSecurity? What does Cloud Security mean for you? How is Security different in a cloud world? What are the kind of Identities in AWS? What are the challenges with IT? Identity in AWS vs Identity in Azure? Best practices for Privilege and non-Privilege users in AWS? AWS SSO How important are Domain Accounts in Cloud World/ Importance of 2FA? What is Cross Account and why does it matter in Cloud? IAM Role in AWS? AWS STS service in AWS? What about Bio metrics as a 2FA? How does one manage identity across a large cloud landscape? Multi-cloud or Poli-cloud? Security people that know all clouds? How should one manage Root Accounts in AWS? What are the challenges with Identity that people are not talking enough about? Recommendation on good source of AWS security training Thoughts on AWS Cognito? Cognito Research by Andres Riancho- https://andresriancho.com/internet-scale-analysis-of-aws-cognito-security/ Auditing IAM using Cloud Spanning - https://github.com/salesforce/cloudsplaining Policy Sentry - https://github.com/salesforce/policy_sentry IAM Policy Generator and AWS Challenges between products ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with David O’Brien, MVP Azure , Argos Founder Host: Ashish Rajan - Twitter @hashishrajan Guest: David O'Brien - Twitter @david_obrien In this episode, David & Ashish spoke about What does Cloud Security in Azure mean for you? What is Identity & Access Management? What is IAM from Hybrid vs in Cloud? How does this compare to identity in AWS IAM/Organisations? What kind of Human Users exist in Azure? What kind of Robot Users exist in Azure? How does Identity differ for Third Party in Azure? How does Privilege Access Management work in Azure? What kind of Deployment Types exist in a mature vs new built in Azure? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Gaurav Kumar, co-founder of RedLock (now part of Palo Alto Prisma Cloud). Host: Ashish Rajan - Twitter @hashishrajan Guest: Gaurav Kumar - Linkedin In this episode, Gaurav & Ashish spoke about What was your path into CyberSecurity What does Cloud Security mean for you? If I am starting in Cloud today, do I need a CSPM? Do I need a CSPM if I am in multi-cloud with a small foot print? Story behind Gartner not recognising CSPM as a legit space? What are the current problem spaces that are being solved or not solved in Cloud Security? Is Security Observability, same as behaviour analysis? Is Security Observability, appear in cloud space and not just logging? What’s the example of Observability? Is CloudTrail and Insights an example of Observability? How important is logging everything vs relevant observation from logs? What do you think of CASB and that space? How do you find out what to protect the assets you have in cloud? Recommendation on getting over “alert fatigue” from CASB, CSPM? Do you see compliance at scale done really well? Apart from Cost Saving, & moving fast, is security another reason for why people should look at cloud? Are there are any good resources for Cloud Security training for staff? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Darpan Shah, Cloud Security Engineer. Darpan has 8 AWS Certificates, 6 GCP certificates and at his work, he works on both Google Cloud and AWS. Host: Ashish Rajan - Twitter @hashishrajan Guest: Darpan Shah - Website In this episode, Darpan & Ashish spoke about What was your path into CyberSecurity or your current role? What does Cloud Security mean for you? Where does a Startup starting in Google Cloud start for Security Foundation? What is Project? What is an Organisation? How does Identity and Access Management work in Google Cloud? How do you scale the architecture from startup to an Enterprise? How does one manage permissions at scale in Google Cloud? How do you implement a simple architecture of  a web app in Google Cloud? What is VPC? Where can people find information on security in Google Cloud? How is Google Cloud different to Oracle Cloud/Ali Baba cloud? Where can people goto upskill and get a job in Google Cloud? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Nicholas Hughes, CEO of EITR Technologies. Host: Ashish Rajan - Twitter @hashishrajan Guest: Nicholas Hughes - Linkedin In this episode, Nicholas & Ashish spoke about Your path into CyberSecurity What does Cloud Security mean for you? Where does one start when it comes to starting today in Azure? What’s the highest level of segregation that one can have in Azure? What does an Azure AD Tenant & Azure Subscription look like? What is a Resource Group in Azure and how is it different to the one in AWS? Hierarchical and Name space structure of Azure Resources Why would you have a Resource Group per subscription instead of all Resource Group in one subscription? Is Account/Subscription the blast radius? What does blast radius mean? How do you manage Compliance and Access to multiple Subscription/ What is Management Groups in Azure and do subscription live in there? How would you structure Management Groups in a business hierarchy? How does policies get applied to multiple subscriptions using Management Groups? Do you share identity between subscriptions? How does Identity work in Enterprise, where shared identity is the only way? How does Account structure differentiate between a Startup, SMB vs Enterprise? What kind of capability exist for cost? What does Account Vending look like in Azure? How does Azure Policy works? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai