Cloud Security Podcast

Experienced cloud security experts Rich Mogull and Chris Farris share insights on effective cloud security strategies, moving beyond vulnerabilities. They discuss the Universal Threat Actor Model, practical steps in cloud environments, and managing a large volume of CSPM findings. The podcast also explores real-world security breaches, triaging, and automation of security responses, along with the speakers' diverse hobbies and favorite cuisines.

Jeff Moncrief, a cloud security and identity management expert, discusses the challenges of implementing least privilege in cloud environments, the evolving role of identity management, and the importance of segmenting access across public clouds. The podcast highlights misconceptions surrounding identity roles and emphasizes the critical need to approach permissions management strategically and comprehensively.

How is eBPF impacting Kubernetes Network Security? In this episode, recorded LIVE at Kubecon EU Paris 2024, Liz Rice, Chief Open Source Officer at Isovalent took us through the technical nuances of eBPF and its role in enabling dynamic, efficient network policies that go beyond traditional security measures. She also discusses Tetragon, the new subproject under Cilium, designed to enhance runtime security with deeper forensic capabilities. A great conversation for anyone involved in Kubernetes workload management, offering a peek into the future of cloud-native technologies and the evolving landscape of network security. Guest Socials: ⁠Liz's Linkedin⁠ Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp Questions asked: (00:00) Introduction (01:46) A bit about Liz Rice (02:11) What is eBPF and Cilium? (03:24) SC Linux vs eBPF (04:11) Business use case for Cilium (06:37) Cilium vs Cloud Managed Services (08:51) Why was there a need for Tetragon? (11:20) Business use case for Tetragon (11:32) Projects related to Multi-Cluster Deployment (12:45) Where can you learn more about eBPF and Tetragon (13:50) Hot Topics from Kubecon EU 2024 (15:07) The Fun Section (15:35) How has Kubecon changed over the years? Resources spoken about during the interview: Cilium Tetragon eBPF

How can we leverage AI for more secure and efficient code and how will it impact devsecops? Ashish spoke to Michael Hanley, CSO and SVP of Engineering at GitHub, about the transformative impact of GitHub Copilot and AI on software development and security. Michael speaks about GitHub's internal use of Copilot for over three years and its role in enhancing developer satisfaction and productivity by removing mundane coding tasks. They speak about the broader implications for DevSecOps, the future of AI in coding, and strategic tips for integrating AI tools within organizations. Guest Socials: Michael's Linkedin Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠ Questions asked: (00:00) Introduction (02:19) A bit about Michael Hanley (04:25) Making Security Easy for Developers (07:17) What is GitHub Copilot? (10:01) Whats the Future of AI for Security and Developers? (13:36) Security Recommendations for using AI (16:35) How is data stored in GitHub Copilot? (17:40) How is AI impacting DevSecOps? (21:50) The balance between Security and Innovation (24:18) The evolution of education with AI (27:30) Strategic Approach for CISOs implementing AI Pair Programmers (30:08) Bridging the gap between Security and Engineering (34:37) The Fun Questions Resources spoken about during the episode: https://resources.github.com/copilot-trust-center/https://www.github.careers/careers-home 

Loris Degioanni, Co-Founder and CTO of Sysdig, discusses the Open Source Project, Falco, and its role in protecting Kubernetes environments. They talk about the gap between traditional security measures and modern infrastructures, the significance of eBPF technology, ROI for runtime security tools, preventative security vs. runtime security, and the future roadmap for Falco.

Fredrick Lee, CISO at Reddit, delves into embracing risk in business for innovation. Topics cover cost-effective cybersecurity strategies, Reddit's S.P.A.C.E team, and challenges in the modern tech environment. The conversation explores the importance of risk-taking, driving success, and the evolving landscape of security priorities.

Abhishek Agrawal, Co-founder of Material Security, discusses the persistence of email security challenges and the importance of focusing on threat management and posture management in today's digital landscape. The podcast delves into the evolving tactics used in email breaches, emphasizing the need for enhanced identity protection measures and highlighting the critical aspects of securing productivity suites like Microsoft 365 and Google Workspace.

Andrew Tabona, SVP of Cyber Threat Management, challenges traditional incident response plans in the cloud. They discuss mean time to detect, respond, and recover, strategies for building a detection framework, nuances of incident response in cloud vs. on-premise environments, balanced log ingestion, and the importance of mastering fundamentals for effective cloud security.

Learn all about GitHub Copilot, an AI-powered coding assistant redefining how developers write code. From its impact on security professionals to the trustworthiness of AI-generated code, discover how GitHub Copilot enhances productivity and security in the coding world. Explore the versatility of this tool in various programming languages and its potential for revolutionizing software development. Plus, enjoy a fun chat about gaming, work-life balance, and favorite cuisines.

The podcast delves into the concept of 'Assume Breach' for cloud incident preparedness, the effectiveness of CSPM, and the importance of logs in incident response. It also discusses gaining deep visibility in cloud environments, the need for a Security Data Lake, and demonstrating ROI for Security Operations.