Scale to Zero - No Security Questions Left Unanswered

Join us for a deep dive into the evolving landscape of cybersecurity with Stephen Kuenzli, an accomplished former Senior Security Architect and now the founder of a leading cybersecurity/cloud security company. In this episode, we cut through the noise to discuss practical, real-world strategies for Identity and Access Management (IAM) and confront the revolutionary impact of AI on our security programs.This episode is a must-watch for CISOs, Security Architects, Cloud Security Engineers, and anyone looking to navigate the complexities of modern IAM and the AI-driven future of cybersecurity.Watch on YouTube: https://youtu.be/96sztTdlN0000:00 Teaser and Guest Introduction06:40 IAM misconceptions blocking organizations from scaling09:10 How to fix IAM misconceptions?14:12 Practical example of self-serve security policy20:25 Getting started with IAM security in real-time24:47 Practical guide for building a better least privilege policy29:00 Your CSP tools to leverage for scaling Cloud IAM Security38:08 Emerging trends in security with the rise in AI41:10 Possible implications of AI in the world of security46:22 Challenges solved by a custom-built MCP server built by Stephen49:22 Impact on traditional security programs due to AI-based MCP servers55:05 Challenges of AI that security leaders should be aware of01:01:12 Summary01:02:08 Learning recommendations

Join us for a deep dive into the world of Cybersecurity Risk Management with seasoned expert Joseph Haske. Risk Manager, who brings a fresh perspective to navigating complex cyber challenges. In this episode, we unpack crucial topics that every security professional, leader, and stakeholder needs to understand.Transcript:Cloudanix: https://www.cloudanix.com/00:00 Teaser and Introduction03:54 Does non-tech experience help you in the field of security?07:39 Different perspective on the field of risk management with vast experience09:36 Qualitative vs. Quantitative Risk Management, who outgrows whom, and how12:29 Strengths and Weaknesses of the Qualitative and Quantitative Risk Framework14:00 Educating your teams to follow the right risk framework15:36 Fundamental differences between underlying philosophies and the FAIR framework18:00 Selecting the right framework for small and growing organizations19:47 Balancing the usage of Qualitative vs Quantitative risk approach23:00 Importance of the peer review process25:03 Challenges to implementing the FAIR approach27:27 Mitigating the challenges of implementing the FAIR approach29:37 Biggest misconception before starting a risk management program31:31 Future of risk management32:55 Preparing for the future of risk management34:31 Approaching the security challenges raised by new technologies like AI or quantum computing36:40 Building the right culture to drive a successful risk management program39:49 Summary41:00 Learning Recommendations

In this groundbreaking episode of the ScaleToZero podcast, we sit down with Brad Geesaman, a Principal Security Engineer, to explore the revolutionary impact of Agentic AI on Application Security. From the inspiration behind this cutting-edge field to the practicalities of building AI-powered solutions, we cover it all.This episode is a must-listen for CISOs, Security Engineers, CTOs, and anyone looking to understand how AI is redefining the future of AppSec.Transcript: https://www.scaletozero.com/episodes/ai-in-appsec-the-paradigm-shift-with-brad-geesaman/Brad: https://www.linkedin.com/in/bradgeesaman/00:00 Teaser and Introduction04:00 Inspiration to focus on Application Security using AgenticAI05:56 Understanding AgenticAI08:52 Agentic AI versus Traditional AI12:44 Paradigm shift of secure coding with the change of AI15:28 Importance of tool integration and standardization of AgenticAI for AppSec18:00 Standardization of Agent SDKs or NCPs20:22 Using AI to secure AI23:12 Are AI systems reliable considering their nondeterminism25:15 Considerations for adopting AI for AppSec29:54 Impact of AI on organizational structure for security32:27 Elements of AppSec with the least AI benefits36:10 What is Reaperbot42:42 Advantages and disadvantages of testing methods of Reaperbot45:00 Vision for Reaperbot in the near future48:00 Building trust within teams with the rise in these decision-making agents52:12 Recommendations for operations teams to avoid vulnerabilities or misconfiguration54:58 Considerations for the operations team when using AI systems for security purposes01:00:02 Summary01:01:05 Learning recommendations

In this insightful episode of the podcast, we speak with a seasoned Senior Cloud Security Consultant and Architect about a unique approach to security: minimalism. We explore how the principles of minimalist living can be applied to build leaner, more effective security strategies in the cloud and beyond.Whether you're a security leader, architect, or cloud enthusiast, this episode offers a fresh perspective on building robust and efficient security strategies.YouTube: https://youtu.be/plqzCwd1rUM00:00 Teaser and Introduction06:45 Minimalist living09:30 Applying the minimalist living approach to security16:30 Do organizations practice the basics of security?24:45 Investing early in security29:40 Balancing local and global security frameworks37:17 Best ways for startups to work with AWS and vice versa42:55 Educating global leaders to work with Indian customers48:50 Maximizing AWS Benefits for Startups56:19 How can India win in cyberspace?01:08:31 Learning recommendations

In this episode of the Scale To Zero podcast, we dive deep into the world of Security Champions with our guest speaker Bonnie Viteri, a seasoned cybersecurity expert. We explore how to build, scale, and maintain a thriving Security Champions program that truly makes a difference.Watch on YouTube: https://youtu.be/3bpNxeKmWugBonnie: https://www.linkedin.com/in/bonniebyer-viteri/ScaleToZero: https://www.scaletozero.com/Cloudanix: https://www.cloudanix.com/Here's what we covered:00:00 Teaser and Introduction03:15 Defining the role of a security champion04:45 Signals to identify a security champion when working with development teams06:00 Real life example of someone turning into an excelent security champion07:50 Why security teams at Yahoo are called paranoids?09:16 How does a security champion evolve over time?11:20 Principles of successful security champions program13:55 Scaling security champions program along with organization's growth16:28 North star for scaling security champions program19:14 Differences in building champions program at startup vr large orgs22:30 Aligning security champions program with business outcomes26:00 Metrics to show alignment and progress of security program28:55 Data driven security champions program for non-believers31:46 Keeping security champions program fresh and relevant34:28 Keeping individual security champions engaged and happy37:50 Tips to prevent burnout39:34 Examples of recognition and appreciation of security champions42:39 Bridging gaps between security teams and other business teams45:45 Challenges of fostering collaboration between security and other business teams48:28 Summary49:27 Learning recommendations

In this episode of the ScaleToZero podcast, we had an insightful conversation with Rowan Udell, an AWS IAM leader and security consultant, about the future of cloud security. We delved into critical topics like prohibiting human access to production accounts, maximizing ROI in IAM and policy management, and the role of Just-In-Time access. We also explored the impact of LLMs on IAM engineering and discussed practical strategies for minimizing attack surfaces in the healthcare industry. This episode is a must-listen for anyone responsible for AWS security and identity management.Watch on YouTube: https://youtu.be/r0eupMDCqB8#cybersecurity AWS #IAM #CloudSecurity #DevSecOps #JustInTimeAccess #LLM #SecurityBestPractices00:00 Teaser and Introduction05:45 Prohibiting human access to production cloud accounts12:00 Recommendations to prohibit human access to production accounts15:30 Strategy to maximize ROI in IAM and Policy Management19:00 Thoughts on the ability to create users and roles at will in the cloud23:19 What is Just-In-Time and its role in the cloud?30:14 Providing secure access to teams in the healthcare industry via IAM38:05 How organizations can keep the attack surface minimum41:51 Common misconfigurations seen with minimal fix44:22 Less-known features of AWS IAM with great impact48:30 Are LLMs a blessing or curse to IAM engineers?51:20 Shift of LLMs that IAM engineers should expect in 202555:35 Summary56:38 Learning recommendations

In our latest episode of the ScaleToZero podcast, we had a fascinating conversation with Anshuman Bhartiya, an AppSec Tech Lead and cybersecurity expert. We explored the intricacies of product security, including the challenges of implementation, building a strong security culture, and leveraging AI models for application security.Anshuman shared with us practical tips for balancing user experience with robust security measures and offered valuable recommendations for integrating AI into development processes. A must-listen for anyone invested in application security and the future of secure product development.Transcript: Website: https://scaletozero.com/Cloudanix: https://www.cloudanix.com/#podcast AppSec #ProductSecurity #SDLC #Cybersecurity #GenAI #SecurityCulture00:00 Teaser and Introduction04:19 Defining Product Security07:42 Challenges of implementing security10:28 Balancing the workflow with engineering and security teams with use-case15:38 Tools and processes to build secure SDLC processes19:47 Practical ways to build the right security culture22:45 Balancing user experience and security of a product with an example28:52 Catering to the third-party security ecosystem33:00 Key metrics to measure the effectiveness of the product security program39:11 Use of AI models to secure the application43:12 How GenAI has changed the world of product security46:30 Recommendations to appsec team for integrating AI into dev processes49:39 Summary50:49 Learning recommendations

Join us for an in-depth conversation with Jason Jordaan, a seasoned Principal Digital Forensics Analyst, as we unravel the complexities of modern digital forensics. In this episode, we have covered topics such as the most common digital evidence, cloud and mobile impact, essential skills, and the DFIR intersection. Whether you're a seasoned professional or just starting, this episode offers valuable insights into the dynamic world of digital forensics.YouTube: https://youtu.be/JPzgCTFm_j000:00 Teaser and Introduction08:55 Most common types of digital evidence encountered in investigations11:30 Impact of cloud computing and mobile devices in the field of digital forensics15:30 Key skills required in digital forensics19:01 Tackling most challenging aspects of digital forensics investigation24:03 Ensuring the chain of custody and authenticity of digital evidence29:05 Is the Digital Forensics job overwhelming33:50 Intersection of Digital Forensics and Incident Response39:45 Practical ways for organizations to investigate threats via digital forensics45:52 Challenges of investigating deepfakes and other forms of AI-generated content51:02 Advice for beginners interested in Digital Forensics57:00 Summary58:03 Learning recommendations on Digital Forensics

Join us as we delve into the world of threat detection with our expert guest Reanna Shultz, a renowned security leader and community builder.In this insightful podcast, we explore the critical challenges facing security teams today, including the need for real-time threat detection, the constant evolution of the threat landscape, and the importance of stakeholder buy-in. We also discuss strategies for breaking the detection-reaction cycle, leveraging AI/ML for enhanced detection, and the skills needed to thrive as a future detection engineer. This podcast is a must-watch for anyone interested in cybersecurity, threat intelligence, and the future of security operations.00:00 Teaser and guest introduction06:08 Importance of real-time threat detection in consumer electronics industry11:50 How to detect bad actors?16:07 Challenges faced by security teams to convince stakeholders about security21:14 Creating playbooks for threat detection27:45 Balancing threat detection with false positives in high-volume settings.31:13 Staying current with the fast-paced threat landscape.33:15 How to automate keeping up with the threat landscape?37:21 Breaking the detection-reaction cycle in cybersecurity40:32 Rubrik for SOC analysts to manage their stress levels46:55 Scaling programs to prioritize threat detection50:54 Detection-reaction to insider threats54:27 Tips to involve other business areas in security programs56:41 Impact of ML/AI on threat detection59:30 What does a future detection engineer look like?01:02:50 Is the industry moving to build its own SIEM systems?01:05:05 Summary01:06:55 Reading and learning recommendations from Reanna

In this insightful podcast, we explore the transformative impact of AI on the cybersecurity landscape. Join us as we discuss how AI can be leveraged to enhance threat detection, improve incident response, and augment human analysts. We also delve into the emerging risks and threats posed by AI, such as deepfakes and AI-powered attacks. Learn about the evolving role of human factors in cybersecurity and the essential skills security professionals need to thrive in an AI-driven world. Threat Modeling: https://www.cloudanix.com/learn/what-is-threat-modeling ScaleToZero website: https://www.scaletozero.com Cloudanix: https://www.cloudanix.com 00:00 Teaser and Introduction 06:40 How can AI be powerful for enhancing security? 11:22 Emerging risks and threats that AI can introduce 14:22 Role of human factors in deepfakes 20:20 How can AI augment human analysts? 26:50 Leveraging AI for prevention and prediction of cyber attacks 28:31 New skills security professionals require in an AI-driven world 30:52 How do cybercriminals exploit humans? 34:00 How should organizations face insider threat attacks? 40:55 Evolving teams from awareness to taking a proactive security approach 44:00 KPIs to measure implemented security practices 48:42 Protecting data from generative AI tools and maintaining data confidentiality 53:58 Summary 54:49 Learning recommendations