Cloud Security Podcast

AWS Landing zones are well known but not as much in the Google Cloud space. In this episode we have Jimmy Barber shares how controls can be automated in GCP to create landing zone to manage security across a large google environment. Episode YouTube Video Link Host Twitter: Ashish Rajan (⁠⁠⁠⁠⁠@hashishrajan⁠⁠⁠⁠⁠) Guest Socials: Jimmy Barber's Linkedin Jimmy Barber Podcast Twitter - ⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠ - ⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠ Spotify TimeStamp for Interview Questions A word from our sponsors - you can visit them on ⁠⁠⁠⁠⁠snyk.io/csp⁠⁠⁠⁠⁠ (00:00) Introduction (03:10) A bit about Jimmy Barber (05:42) Transitioning from on-prem to cloud (07:26) How are things different in GCP? (09:01) Building blocks of working with GCP (14:15) What is a landing zone in GCP? (17:23) Building landing zone in existing GCP environments (20:04) Using Cloud Native services vs others (22:59) Security gaps in GCP (25:15) Non technical challenges moving to cloud and GCP (28:45) Doing security in GCP (31:18) Where to start learning about GCP (32:37) The Fun Section These are some of the resources Jimmy found helpful when learning GCP Security Google Cloud Training See you at the next episode!

Cloud Security Podcast - Yes - AWS Cloud folks are starting to look after Google Cloud security now in a lot of organisations. Caleb Tennis from Sequoia Capital joins us to share his personal experience on how from being an AWS professional he started looking after Google Cloud Identity and how to secure their Google Cloud Environment. Episode YouTube Video - https://youtu.be/k1FrVEe1tGc Host Twitter: Ashish Rajan (⁠⁠⁠⁠⁠@hashishrajan⁠⁠⁠⁠⁠) Guest Socials: Caleb Tennis's Linkedin Caleb Tennis⁠ Podcast Twitter - ⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠@CloudSecureNews⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠ - ⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠ Spotify TimeStamp for Interview Questions A word from our sponsors - you can visit them on ⁠⁠⁠⁠⁠snyk.io/csp⁠⁠⁠⁠⁠ (00:00) Introduction (04:51) A bit about Caleb Tennis (07:27) Caleb's first impressions of GCP (08:53) Google Cloud Blind Spots (12:35) Where to start security GCP? (15:23) Managing identities in GCP (20:17) Temporary Credential in Google Cloud (24:54) Managing identity with scale (29:59) Is there enough Google Cloud Usage (31:14) Google Cloud logging and monitoring (35:48) What does Scale look like in Google Cloud? (37:53) Hardest things to learn in GCP (41:08) Learning GCP Security (42:58) The Fun Section See you at the next episode!

Cloud Security Podcast - Cybersecurity Threat hunting explained for Google Cloud. Day Johnson is a threat detection engineer and in this episode of Cloud security for Google Cloud security we spoke about how to start doing threat detection in Google Cloud, the common threats and attack vectors in GCP Episode YouTube Video - https://youtu.be/FCVG7-lFu0Q Host Twitter: Ashish Rajan (⁠⁠⁠⁠@hashishrajan⁠⁠⁠⁠) Guest Socials: Day Johnson's Linkedin (Day - Linkedin⁠) Podcast Twitter - ⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠ ⁠⁠⁠⁠@CloudSecureNews⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠Cloud Security Newsletter  - ⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠ Spotify TimeStamp for Interview Questions A word from our sponsors - you can visit them on ⁠⁠⁠⁠snyk.io/csp⁠⁠⁠⁠ (00:00) Introduction (02:37) A word from our sponsor snyk.io/csp (03:11) A bit about Day Johnson (04:12) Common Threats in GCP (06:04) Starting Threat Detection in GCP (07:57) Transitioning to GCP from AWS (10:53) Threat modelling by Service (14:27) Where to start with threat detection in GCP (18:17) Common Threat Vectors in GCP (21:53) Automatic Threat Detection (23:13) Services to be mindful of (26:10) Compute Image Creation (28:07) Get started in Detection Engineering (32:45) Helpful resources for Threat Detection (36:00) The fun questions These are some of the resources Day found helpful for threat detection in GCP along with some resources he mentioned + his talk GCP IAM Docs GCP Goat Day's talk on fwd:cloudsec Google Cloud Threat Research Report See you at the next episode!

Cloud Security Podcast -  AWS Network Security, IAM Security or even Organization security for what can happen in your AWS Environments can be achieved using Data perimeter. John Burgress (⁠John - Linkedin⁠⁠⁠⁠) from Stripe spoke about this topic at  @fwdcloudsec  and shared additional insights on the thinking he had when building data perimeters are guardrails. There were lot more gems dropped so def check out the episode. Episode YouTube Video - https://youtu.be/Hs9ZEaVG7Ww Host Twitter: Ashish Rajan (⁠⁠⁠⁠@hashishrajan⁠⁠⁠⁠) Guest Socials: John Burgress (John - Linkedin⁠) Podcast Twitter - ⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠ ⁠⁠⁠⁠@CloudSecureNews⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠Cloud Security News ⁠⁠⁠⁠ - ⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠ Spotify TimeStamp for Interview Questions A word from our sponsors - you can visit them on ⁠⁠⁠⁠snyk.io/csp⁠⁠⁠⁠ (00:00) Introduction (03:13) A word from our sponsors (03:38) A bit about John Burgess (04:26) Data perimeter in the Cloud (05:10) Defining data perimeter in AWS (06:50) Where to start building AWS data perimeter (08:21) The defense in depth approach 09:09 Approach to enable developers (10:40) Starting point for building data perimeter (11:41) Limitations with Data Perimeter (13:06) Implementing data perimeter for segregation (15:52) Working with Terraform Modules (16:34) Goals behind data perimeter controls (18:31) Proactive detection for third party (20:00) Data perimeter for other CSPs (20:42) Challenges in establishing data perimeter (23:06) Dealing with multiple organisations (23:35) Learn more about data perimeter (24:06) The fun section These are some of the resources John found helpful for data perimeter: Establishing a Data Perimeter on AWS: Overview Data Perimeter Policy ExamplesNetflix: Preventing Credential Compromise See you at the next episode!

Cloud Security Podcast -  NIST Incident response framework has 4 steps including one for Containment. AWS Incident Response being API enabled allows for automating a lot of incident response activity especially containment. In this episode with Damien Burks (⁠Damien - Linkedin⁠) spoke about his  @fwdcloudsec  talk where he shared how he automated Incident Response in AWS environments of Citi. There were lot more gems dropped so def check out the episode. Episode YouTube Video - https://youtu.be/IrLuHMLQs_w Host Twitter: Ashish Rajan (⁠⁠⁠@hashishrajan⁠⁠⁠) Guest Socials: Damien Burks (Damien - Linkedin) Podcast Twitter - ⁠⁠⁠@CloudSecPod⁠⁠⁠ ⁠⁠⁠@CloudSecureNews⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠Cloud Security News ⁠⁠⁠ - ⁠⁠⁠Cloud Security BootCamp⁠⁠⁠ Spotify TimeStamp for Interview Questions A word from our sponsors - you can visit them on ⁠⁠⁠snyk.io/csp⁠⁠⁠ (00:00) Introduction (00:13) A word from our sponsors - Snyk.io/csp (01:16) A bit about Damien Burks (02:24) Incident Response in the cloud context (03:50) Is incident response different in the cloud? (05:22) Average time for an incident response (07:33) AWS services for incident response automation (08:55) AWS Eventbridge (11:56) The phases of incident response (13:42) Containment Phase: Starting point and challenges (17:54) Organisation with Multiple Accounts (20:09) How to structure the process (21:04) Containment for EC2 instance (23:54) Enjoying this cloud security topic so far? (25:17) Containment for S3 Bucket (27:57) Where to start with incident response (30:18) Preparing for Incidents (32:08) Fun Questions See you at the next episode!

Cloud Security Podcast -  Automating a Security Baseline in Cloud with Olivia Siow (⁠Olivia's Linkedin⁠) and David Levitsky (⁠David's Linkedin⁠). In this episode Olivia and David shared their experience of how they were able to empower developers to always do the right thing through positive reinforcements like making default libraries as part of the AWS Account build to scale security across their organisation. There were lot more gems dropped so def check out the episode. Episode YouTube Video - ⁠https://www.youtube.com/watch?v=8kpiDcowl2A⁠ Host Twitter: Ashish Rajan (⁠⁠@hashishrajan⁠⁠) Guest Socials: Olivia Siow (⁠Olivia's Linkedin⁠) and David Levitsky (⁠David's Linkedin⁠) Podcast Twitter - ⁠⁠@CloudSecPod⁠⁠ ⁠⁠@CloudSecureNews⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠Cloud Security News ⁠⁠ - ⁠⁠Cloud Security BootCamp⁠⁠ Spotify TimeStamp for Interview Questions A word from our sponsors - you can visit them on ⁠⁠snyk.io/csp⁠⁠ (00:00) Introduction (04:16) A bit about Olivia Siow (04:31) A bit about David Levitsky (04:54) Cloud Security Baseline (06:38) Do all organisations need a cloud security baseline? (07:16) Does cloud security baseline help with scaling? (07:34) Success Metrics for establishing cloud security baseline (10:41) The cultural side of building a baseline (11:40) Anatomy of AWS Cloud Account at Scale (12:58) Building Blocks of Cloud Security Baseline (16:54) Non Technical Challenges (19:24) Organisation Challenges (21:41) Would larger organisations have multiple baselines? (23:34) Baseline for Multicloud or hybridcloud (26:10) Use case with terraform cloud and route 53 (30:26) What telemetry is important (32:36) Segregating Logs in a cloud context (33:58) Can be done with any cloud and tool of choice (34:43) Baseline vs CNAPP + CSPM (37:56) Team skill requirement (39:16) The fun section (45:13) Where can you connect with Olivia and David to continue the conversation See you at the next episode!

Cloud Security Podcast - AWS ReInforce 2023 or AWS Re:inforce 2023 highlights in a recap from the 2 Day affair for all things AWS Cloud Security! We were lucky enough to be there. This is a recap of the major announcements and highlights from major themes around the event. Episode YouTube Video - https://www.youtube.com/watch?v=UhVBvnmmfnQ Cloud Security Podcast Website - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠www.cloudsecuritypodcast.tv⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ FREE CLOUD Security BOOTCAMP - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠www.cloudsecuritybootcamp.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Host Twitter: Ashish Rajan (⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@hashishrajan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠) Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecureNews⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security News ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Timeline (00:00) Introduction (02:20) What is AWS re:inforce? (04:33) Neha Rungta explains Verified Access (05:38) Neha Rungta explains Verified Permissions (07:53) What verified permissions means for you! (09:35) Amazon EC2 Connect Endpoint (11:08) Amazon GuardDuty Updates (12:42) Amazon Inspector Code Scan for Lambda function (14:26) Amazon Inspector SBOM Export (17:35) Amazon Code Whisperer (18:00) Amazon Code Guru (20:15) Finding groups in Amazon Detective (22:25) Dual Layer Encryption for AWS S3 (23:18) AWS Global Partner Security Initiative (26:12) Key Themes from AWS re:inforce (26:45) Shared Responsibility Model (27:56) Cloud Security Newsletter (30:04) Generative AI (31:29) Amazon Bedrock (34:04) Shift from ransomware to wiperware (35:29) Nancy Wang explains AWS Backup Vault Lock (37:18) Nancy explains double encryption with S3 Bucket (38:41) Nancy explains how vault helps with data loss. (40:20) AWS Backup Vault Lock (41:55) Zero Trust and Identity (45:03) DevSecOps (46:47) How GenAI will impact cloud security roles? (49:32) Amazon Security Lake (52:26) Quantum Computing See you at the next episode!

Cloud Security Podcast -  Tanya Janca and Caroline Wong were on a panel with @AshishRajan at @RSAConference 2023. The Topic for the panel discussed what's the space of application security with cloud security or is it more they need to be separate camps. Episode YouTube Video - https://www.youtube.com/watch?v=WSIykXAy6Z4 Cloud Security Podcast Website - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠www.cloudsecuritypodcast.tv⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ FREE CLOUD Security BOOTCAMP - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠www.cloudsecuritybootcamp.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Host Twitter: Ashish Rajan (⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@hashishrajan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠) Guest Twitter: Tanya Janca (@shehackspurple) Guest Twitter: Caroline Wong (@CarolineWMWong) Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecureNews⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security News ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ See you at the next episode!

AI Security Podcast -  ChatGPT and other Generative AI use Large Language Model (LLM) but can these AI systems be attacked? ☠ 🤔 . In this 3 part AI Security series from Cloud Security Podcast Original episode, we're going to talk about the importance of AI security and how to protect your Language Model aka llm program from attack. How can LLMs be attacked by malicious threat actors - beyond the phishing email that everyone has been talking about. Who is this episode for? If you work with LLMs used by AI system or working on securing of internal LLM being built; then you would this video helpful in understanding the types of attacks that be used against a LLM. Useful Resources are listed here: - NIST AI Risk Management Framework - ⁠⁠https://nvlpubs.nist.gov/nistpubs/ai/NIST.AI.100-1.pdf ⁠⁠ - Attack Mitre for LLM - Atlas ⁠⁠https://atlas.mitre.org/ ⁠⁠ - OWASP Top 10 LLM - ⁠⁠https://owasp.org/www-project-top-10-for-large-language-model-applications/descriptions/⁠⁠ - The AI Attack Surface Map v1.0 - Daniel Miessler, Unsupervised Learning - ⁠⁠https://danielmiessler.com/blog/the-ai-attack-surface-map-v1-0/⁠⁠ YouTube Link to the Episode - ⁠⁠https://youtu.be/Yl9qqt9C5lE⁠⁠ Episode ShowNotes, Links and Transcript on Cloud Security Podcast: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠www.cloudsecuritypodcast.tv⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ FREE CLOUD BOOTCAMPs on ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠www.cloudsecuritybootcamp.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Host Twitter: Ashish Rajan (⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@hashishrajan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠) Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecureNews⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security News ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Spotify TimeStamp for Episode (00:00) Intro (00:49) LLM Explained (01:40) LLM Application Input Prompts (03:01) Data used by LLM Applications (04:58) LLM Applications Themselves (08:15) Infrastructure used to host LLM Application (11:11) What about Responsive AI (12:05) Ways to protect LLM Applications against these attacks (13:00) Useful Resources for AI Security (13:30) How do you defend against AI Attacks? (13:38) Outro - Thank you for watching & Subscribing See you at the next episode!

Cloud Security Podcast -  What is DevSecOps in 2023 especially in a world of Cloud and AI which is top of mind for both application security, developers, cybersecurity professionals. In this episode we will share how the updated definition of DevSecOps in 2023 has been redefined with Cloud and AI, also how does one measure success for DevSecOps. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠www.cloudsecuritypodcast.tv⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ FREE CLOUD BOOTCAMPs on ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠www.cloudsecuritybootcamp.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Host Twitter: Ashish Rajan (⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@hashishrajan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠) Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecureNews⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security News ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Spotify TimeStamp for Episode (00:00) Intro (02:01) Did Cloud enable DevSecOps (03:43) Speed of Security in DevSecOps built on Cloud (05:05) What is DevSecOps explained for 2023 (05:51) DevSecOps RoadMap (08:25) DevSecOps Program Components in 2023 (10:55) Chatgpt Joke on Developers and DevSecOps (11:43) How do you measure DevSecOps success? (12:21) Generative AI impact on DevSecOps (14:02) Thank you for watching & Subscribing See you at the next episode!