Cloud Security Podcast

How can we leverage AI for more secure and efficient code and how will it impact devsecops? Ashish spoke to Michael Hanley, CSO and SVP of Engineering at GitHub, about the transformative impact of GitHub Copilot and AI on software development and security. Michael speaks about GitHub's internal use of Copilot for over three years and its role in enhancing developer satisfaction and productivity by removing mundane coding tasks. They speak about the broader implications for DevSecOps, the future of AI in coding, and strategic tips for integrating AI tools within organizations. Guest Socials: Michael's Linkedin Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠ Questions asked: (00:00) Introduction (02:19) A bit about Michael Hanley (04:25) Making Security Easy for Developers (07:17) What is GitHub Copilot? (10:01) Whats the Future of AI for Security and Developers? (13:36) Security Recommendations for using AI (16:35) How is data stored in GitHub Copilot? (17:40) How is AI impacting DevSecOps? (21:50) The balance between Security and Innovation (24:18) The evolution of education with AI (27:30) Strategic Approach for CISOs implementing AI Pair Programmers (30:08) Bridging the gap between Security and Engineering (34:37) The Fun Questions Resources spoken about during the episode: https://resources.github.com/copilot-trust-center/https://www.github.careers/careers-home 

Loris Degioanni, Co-Founder and CTO of Sysdig, discusses the Open Source Project, Falco, and its role in protecting Kubernetes environments. They talk about the gap between traditional security measures and modern infrastructures, the significance of eBPF technology, ROI for runtime security tools, preventative security vs. runtime security, and the future roadmap for Falco.

Fredrick Lee, CISO at Reddit, delves into embracing risk in business for innovation. Topics cover cost-effective cybersecurity strategies, Reddit's S.P.A.C.E team, and challenges in the modern tech environment. The conversation explores the importance of risk-taking, driving success, and the evolving landscape of security priorities.

Abhishek Agrawal, Co-founder of Material Security, discusses the persistence of email security challenges and the importance of focusing on threat management and posture management in today's digital landscape. The podcast delves into the evolving tactics used in email breaches, emphasizing the need for enhanced identity protection measures and highlighting the critical aspects of securing productivity suites like Microsoft 365 and Google Workspace.

Andrew Tabona, SVP of Cyber Threat Management, challenges traditional incident response plans in the cloud. They discuss mean time to detect, respond, and recover, strategies for building a detection framework, nuances of incident response in cloud vs. on-premise environments, balanced log ingestion, and the importance of mastering fundamentals for effective cloud security.

Learn all about GitHub Copilot, an AI-powered coding assistant redefining how developers write code. From its impact on security professionals to the trustworthiness of AI-generated code, discover how GitHub Copilot enhances productivity and security in the coding world. Explore the versatility of this tool in various programming languages and its potential for revolutionizing software development. Plus, enjoy a fun chat about gaming, work-life balance, and favorite cuisines.

The podcast delves into the concept of 'Assume Breach' for cloud incident preparedness, the effectiveness of CSPM, and the importance of logs in incident response. It also discusses gaining deep visibility in cloud environments, the need for a Security Data Lake, and demonstrating ROI for Security Operations.

Exploring the importance of threat modeling in cloud, the differences between cloud and on-prem threat modeling, practical examples, and challenges of scaling threat modeling. Discussions on incorporating threat modeling in security programs, various approaches to threat modeling, and personal insights on building effective threat models.

Discover how GenAI and Custom LLM models are transforming legal data analysis at LexisNexis. Explore the intersection of cloud engineering, cybersecurity, and AI in the legal sector. Learn about the importance of data security in AI applications for legal research and document drafting.

Magno Logan, an expert in Kubernetes security, talks about the silent but deadly vulnerabilities of sidecar containers in Kubernetes. He discusses common attack paths, entry points for attackers, container escape, and ways to secure sidecars, shedding light on the threats beyond crypto mining attacks.