Cloud Security Podcast

In this episode of the Virtual Coffee with Ashish edition, we spoke with Clint Gibler Host: Ashish Rajan - Twitter @hashishrajan Guest: Clint Gibler - Linkedin In this episode, Clint & Ashish spoke about Your path into CyberSecurity What does Cloud Security mean for you? What does application security mean for you? What makes a good metrics for an effective security team? Principles, mindsets, and methodologies of highly effective security teams What is SAST, DAST Any open source tools that can be integrated into CI/CD pipeline? Is there pentesting knowledge required to move to use DAST tools? How to effectively setup DAST Tool in an organisation? (19:30) What is Software Composition Analysis How does one bring cohesion between security teams? How does security prove to be valuable to teams like Sales & Marketing How does one reduce the noise to signal ratio from the AppSec team What has been your best or worst security team experience? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Tanya Janca, Founder, SheHacksPurple & WeHackPurple. Host: Ashish Rajan - Twitter @hashishrajan Guest: Tanya Janca - Linkedin     Tanya & Ashish spoke about Who is Tanya Janca? :) What was your path into CyberSecurity or your current role? What has professional life been after leaving Microsoft? What does Cloud Security mean for you? What is Application Security or AppSec? Tanya Janca’s Book - “Alice and Bob learn Application Security” How can someone start in Application Security, specially if they are trying to move laterally? What is Static Code Analysis? What is DevSecOps What is CI/CD Pipeline? Loss of AppSec knowledge when people move on? How do you find the motivation to continue? What is an AppSec Program and how can one make it successful? What does a Mature AppSec Program look like? Are there any tools used for Threat Modelling or is it conducted separately? What’s the most difficult piece of AppSec discipline to explain to others again and again? How do I get buy in from management? How do you do Threat Modelling in CI/CD Pipeline or automate it? What soft skills do you need to be an Application Security person? How do you merge AppSec risk in the infrastructure risk to get a wholistic view? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Aaron Rinehart, CTO Co-Founder Verica. This is episode not to miss. Host: Ashish Rajan - Twitter @hashishrajan Guest: Aaron Rinehart - Linkedin Aaron & Ashish spoke about Who is A-aran? :) What was your path into CyberSecurity or your current role? What is Chaos Engineering? Is Fuzzing part of Chaos Engineering? Is Chaos Engineering for SREs? Is there an example of application fault injection from a cloud perspective? What concepts of Chaos Engineering are people not talking about? Does Chaos Engineering need to happen in production? How does Chaos Engineering affects readiness in terms of incident response? Would Chaos Engineering be part of a Table Top Exercise with executives? How does Chaos Engineering affect automation and Security? What are the trends that you are seeing in Chaos Engineering? Is Cloud Transformation the right time to trigger Chaos Experiments? Is there a Maturity Model to Chaos or Chaos is offered as a service? What are the elements to building a business case for chaos engineering to get support from business stakeholders? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Parul Kharub, CISSP, HMM. Parul has spent number of years in the Operational Technology (OT) space building cybersecurity strategy and if you in the OT space or want to do cybersecurity in this space. This is episode not to miss. Host: Ashish Rajan - Twitter @hashishrajan Guest: Parul Kharub - Linkedin Parul & Ashish spoke about What was your path into CyberSecurity or your current role? What does Cloud Security mean for you? Do you work in any particular cloud provider or multi-cloud? Operational Technology Vs Informational Technology, what’s the difference? Example of industries that use Operational Technology How is the public cloud space effecting OT environments? What is Industry Evolution 4.0? What is IoT? Why would someone move OT environment (physical assets) to Cloud? Example of Cyberattacks in OT and how do these attackers get access to this network? Social Engineering, Phishing, SPAMs are these relevant in Operational Technology environments? How are the different environments like IT, Corporate IT & Operational Technology architected in this industries? Do Executives, C-Suite in such industries know about cybersecurity for OT? Is the Information Security Triad for OT world different? CIA + Safety What are the right process to consider for an Operational Technology environment? What does Incident Response and CyberSafety process and training look like in OT environments? Relevance of IoT and AI in OT (Smart Factory or Smart Devices or 5G LTE)? What certifications and training (certifications) are available for cybersecurity jobs in an Operational Technology industry (e.g Tesla) ? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch videos of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Abbas Kudrati, CyberSecurity Advisor for Microsoft Asia Pacific Region. Abbas has previously worked in various large companies as a CISO and continues to share and support Microsoft Azure customers understand security in a world of cloud.  This is episode not to miss. Host: Ashish Rajan - Twitter @hashishrajan Guest: Abbas Kudrati - Linkedin Abbas & Ashish spoke about What was your path into CyberSecurity or your current role? Information Security Vs Cyber Security, what’s the difference? What does Cloud Security mean for you? What is Digital Transformation and why CISOs are being involved? Board meetings think about cybersecurity and risk? Has Cloud made Board conversations easier for more budget? What kind of objective is the focus for CISOs within different industries? Example of business use case for moving to O365 for compliance? What are the impact on cyber priorities for CISO because of COVID19? How do you show value of CyberSecurity for the organisation and the Board? What are the Top 3 priorities for CISOs in 2020? Have COVID-19 affected businesses reaching out consulting companies in a particular industry? How has COVID-19 affected the Business Continuity plan, Crisis Management plans, Incident Response Plan and related teams? Longevity of CISO roles, why most roles don’t go beyond 18 months? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch video of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Darpan Shah, Cloud Security Engineer. Darpan has 8 AWS Certificates, 6 GCP certificates and at his work, he works on both Google Cloud and AWS.  This is episode not to miss. Host: Ashish Rajan - Twitter @hashishrajan Guest: Darpan Shah - Website Darpan & Ashish spoke about What was your path into CyberSecurity or your current role? What does Cloud Security mean for you? What public cloud provider do you focus on? What makes you like Google Cloud over AWS? Vice versa? Where does Kubernetes/Containers fit into maturity stages of Google Cloud? Is multi-cloud in the same organisation a reality? What does security in Google Cloud look like compared to AWS? - Basic security 101s differences, Auditing, threat management, EC2 vs project security examples How is security managed and operationalising across multi-cloud AWS & GCP Where can one start today with security on Google Cloud, if they already are on AWS? Security controls across EC2 vs serverless vs containers in a multi-cloud world Maintaining visibility of assets and secure configurations in a multi-cloud environment? What tools can you use to get a single view for multi-cloud? How do you monitor for threats? Orchestration or detection? What are people not talking about cloud security in multi-cloud? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch video of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Christopher Hughes, CISSP, Cloud Security Engineer. Host: Ashish Rajan - Twitter @hashishrajan Guest: Chris Hughes - Linkedin Chris & Ashish spoke about What was Chris’s path into CyberSecurity & Cloud Security? What is a Cloud Security Engineer? What does Cloud Security mean in AWS or Azure or GCP context? For any Students/SysAdmins/developers listening, who want to get into the field (certification etc) Have doing the certifications been helpful?. Any recommendations for those who want to pass the AWS Security Speciality Exam? What are some of the beginner or advanced security implementations in AWS that you can share for the audience to learn from? How does one maintain the security review cycle of the cloud service? Examples of Cloud Security scenarios that you get involved with through Cloud Security Alliance work Course for AWS Security Speciality Exam, recommendation by Chris Hughes - https://www.udemy.com/course/aws-certified-security-specialty/ ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch video of this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Edwin Kwan, Head of Application and Software Security at Tyro payments. Host: Ashish Rajan - Twitter @hashishrajan Guest: Edwin Kwan - Twitter @edkwan Edwin & Ashish spoke about What was Edwin’s path into CyberSecurity? What is AppSec for people who don't know? What is the difference between Application Security and Software Security? Is being a developer an advantage going into Application Security? Is AppSec any different between cloud compared so an application deployed on-premise? Enabling an engineering security culture - What does this mean for those who don't know? Engineering Security Culture - How has it evolved to now most of the code developed is using open source libraries Enabling an engineering security culture - Where can one start and what should be avoided? What is DevSecOps for you? Edwin’s book - Failure of DevSecOps ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch the previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode of the Virtual Coffee with Ashish edition, we spoke with Alannah Guo, Founder of 0xCC & Pentester. Host: Ashish Rajan - Twitter @hashishrajan Guest: Alannah Guo - Twitter @AlannahGuo Alannah & Ashish spoke about What was your path into CyberSecurity? What's the best way to get into pentesting? Do you have to be a fan of gaming/star wars/mr robot to be connect with fellow cybersecurity people? Is it important to technical as a women to be respected by male colleagues in cybersecurity What are the advantages of working as a pentester, if a female audience member is in cloud and wants to get into web app pentesting, it is an advantage or not? Are there any communities that our audience can be part of to network or learn more about PenTesting What is 0xCC? What was special about the 0xCC merchandise this year? Value of Women in Cyber groups / seeking Mentorship ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch the previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai

In this episode sponsored by Virtual Coffee with Ashish edition, we spoke with Francesco Cipollone, Chapter Chair (UK), Cloud Security Alliance Host: Ashish Rajan - Twitter @hashishrajan Guest: Francesco Cipollone - Twitter @Frances07789950 Francesco & Ashish spoke about Why would someone choose Google Cloud over AWS or Azure? What does Security in Google Cloud look like for those using other cloud? Is making Terraform a universal script for multi-cloud environment, great idea? Is multi-cloud a good idea? How mature is Security in Google compared to AWS/Azure? For any Security Architect listening to this episode, what should they consider for Google Cloud? EKS vs GKE? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch the previous episodes:  - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai