Scale to Zero - No Security Questions Left Unanswered

Join us as we delve into the critical role of security awareness programs in building a strong security posture.In this insightful podcast episode with Mauricio Duarte, our host Purusottam has discussed the challenges faced by security awareness program managers, the importance of tailored training, and effective methods for delivering engaging and impactful training. We also explore incident response best practices, including measuring effectiveness and leveraging incident data for continuous improvement. Finally, we offer valuable advice for managing stress and burnout within security leadership roles. 00:00 Introduction of Mauricio Durate 08:55 Role of security awareness program manager in an organization 10:00 Challenges faced by the security awareness program manager 11:50 Challenges faced in maintaining security awareness program 14:35 Phishing simulation training programs 21:46 Tailoring security programs to different business stakeholders 24:40 Effective methods of delivering security awareness program 27:27 Ensuring the effective of security awareness training programs 30:57 Determining the severity of the Incident 34:24 Ensuring the least threats to organizational assets during an incident 36:14 Leveraging incident response information for deeper analysis 38:24 Measuring the effectiveness of incident response plan 41:55 How can security culture teams and incident response teams go hand-in-hand 45:54 Tips for burnout and stress caused within security leadership roles 51:45 Summary of episode learnings 52:52 Learning recommendations from Mauricio

Join us as we delve into the world of incident response with our guest expert Giorgio Peticone, a seasoned incident detection and response consultant.In this insightful podcast, we explore real-life incident scenarios, key components of a robust incident response plan, and the critical importance of team collaboration and effective communication. Learn valuable lessons from past incidents, discover how to navigate the challenges of shifting from detection to containment, and gain insights into managing stress and burnout within the incident response team. 00:00 Teaser and Introduction 06:30 Real-life experience of a security incident 09:36 Lessons learned from security incidents 12:47 Key components for building an incident response plan 16:51 Testing and validating an incident response plan 23:46 Team collaboration challenges faced during an incident 27:47 Team collaboration challenges before and after an incident has occurred 31:55 Shift from detection to containment 37:35 Challenges faced when shifting focus from detection to containment 42:00 The Most challenging phase of an incident response 44:50 Approaching a client who recently faced an incident 49:35 Role of automation in improving the efficiency of incident response 52:30 Ensuring automation does not compromise security 55:00 Role of Human Analysts in Incident Response 58:08 Managing stress and burnout after an incident response 01:02:14 Advice for upcoming incident response leaders 01:07:07 How not build a detection engineering capability in an organization? 01:09:55 Summary 01:10:50 Learning recommendation from Giorgio ScaleToZero: https://scaletozero.com/ Cloudanix: https://www.cloudanix.com/

Join us as we delve into the complex world of cybersecurity with our guest Ross Young, a seasoned CISO. In this insightful podcast, we discuss the challenges faced by CISOs, including burnout, leadership, and communication. Learn how to navigate the complexities of cloud security, prioritize vulnerabilities, and stay ahead of emerging threats. We also explore the impact of generative AI on security and the importance of a strong security culture. 00:00 Teaser and Introduction 06:00 73% of CISOs in the world feel burnout 08:03 How to handle burnout 10:27 Where do next-generation CISOs lack? 12:43 Must have leadership skills for CISOs 16:00 Communicating complex problems with different teams 19:40 Implementing cloud security in an organization for the first time CISO 26:27 Major pain points for CISO and Security Leaders 27:55 Generative AI and its Impact on Security 31:22 Vulnerability management program for supply chain security 39:52 Are you prioritizing the right vulnerability? 42:48 Staying on top of emerging vulnerabilities 45:00 Security at government org vs private sectors 47:37 Keeping the right balance between compliance and real risks 50:28 Summary of the podcast 51:45 Learning recommendation from Ross

Join us as we delve into privacy engineering with our guest speaker Apoorvaa Deshpande, a seasoned privacy expert. Apoorvaa is currently a Senior Privacy Engineer at Google Cloud, working on privacy design, privacy-enhancing technologies (PETs), and data governance for AI. Prior to that, she was a tech lead at Snap Inc., leading the design and execution of several innovative PETs. Before that, she completed her PhD in Computer Science (cryptography) from Brown University. In this insightful podcast, we explore the fundamental concepts of privacy by design and privacy engineering, the tools and techniques used to implement privacy-enhancing technologies (PETs), and the challenges and opportunities in this field. Discover how to balance user experience with privacy, the risks of building AI-powered features, and the future of privacy engineering. 00:00 Teaser and Introduction 08:10 What is Privacy Engineering? 13:15 Tools and types of libraries used by privacy engineers 15:25 Privacy by design vs. Privacy engineering 20:59 Implementing the concepts of privacy by design 24:00 Privacy Enhancing Technologies (PETs) 29:29 Case studies of PETs 36:42 Does privacy add friction to development teams? 43:00 Keeping balance between user experience and privacy 48:30 Designing privacy to encounter decision fatigue 50:58 Biggest Privacy Vulnerabilities available today 55:08 Risk of building AI-powered features 57:40 Future of Privacy Enhancing Technologies 01:01:30 Open source Proactive Privacy Solutions 01:03:37 Summary 01:04:30 Keeping a balance between Security, Developer productivity, and experience 01:06:45 Tips to handle work burnouts 01:09:00 Learning resources

Join us as we delve into the world of cloud pen-testing with our guest Scott Weston, a seasoned cybersecurity expert. In this insightful podcast, we discuss the development of GCPwn, a powerful tool for identifying vulnerabilities in Google Cloud Platform (GCP) environments. Learn about the tool's capabilities, limitations, and future roadmap. We also explore the broader landscape of cloud security, including the shared responsibility model, common misconfigurations, and the importance of continuous learning. Whether you're a seasoned security professional or just starting your journey, this podcast offers valuable insights and practical advice. Shared Responsibility Model: https://www.cloudanix.com/learn/what-is-shared-responsibility-model 00:00 Teaser and Introduction 04:35 Introducing self-developed tool GCPwn 07:30 Is GCPwn an active or passive pen testing tool? 08:47 Envisioning GCPwn for users 10:15 Areas GCPwn does not suit well 12:16 Future Roadmap of GCPwn 13:41 AWS Pwn landscape after year 2016 15:51 Describing Shared Responsibility Model 19:20 Security considerations of cloud platforms as a cloud pentester 22:25 Are pentesting certifications enough? 28:07 Common cloud misconfiguration to look for 35:26 Tools to get started with pen-testing 38:38 Cloud platforms to focus on as a beginner 41:30 Where to get started as a cloud pentester 44:00 Learning resources 53:29 Summary 54:30 Reading and other recommended resources

Join us as we delve into the world of Zero Trust security with Dr. Natalia Semenova, a seasoned cybersecurity expert. In this insightful podcast, we discuss the key differences between Zero Trust and traditional defense approaches, the challenges organizations face in adopting Zero Trust, and practical strategies for overcoming these hurdles. Learn how to prioritize security areas, gain buy-in from stakeholders, and provide secure data access in remote-first cultures. We also explore the importance of security maturity models, the levels of maturity, and how to map them to your overall security architecture. Discover the latest trends in AI security and how to get started with threat modeling. 00:00 Teaser and Introduction 06:05 Defining Zero Trust 07:40 Zero Trust vs. Traditional Defence Approach 10:25 Challenges of Adopting to Zero Trust Architecture 12:23 Overcoming the Challenges of Zero Trust 15:00 Getting Started with Zero Trust Journey 17:00 Prioritizing Security Areas and Approaching Stakeholders for Buy-In 20:15 Providing Data Access to the Teams Working in Remote-First Culture 23:25 Introducing Security Maturity Models 25:27 Levels of Security Maturity Models 28:17 Mapping the Levels of Security Maturity Models to Overall Security Architecture 31:50 Additional Frameworks that Expert Follows 33:44 How security leaders can transition to the AI Security domain 37:27 Getting Started with Threat Modeling 39:51 Summary 40:51 Learning Recommendations

Are you struggling to navigate the complex landscape of cloud security? Our latest podcast episode features Richard Stiennon, a seasoned cybersecurity expert who shares invaluable insights and practical advice. From vendor selection to multi-cloud strategies and beyond, this podcast covers it all. YouTube: https://youtu.be/XVcXBZVgfeA 00:00 Teaser and Introduction 05:58 Key factors to evaluate cloud security needs - vendor selection. 14:29 Key considerations in case of multi-cloud environments. 16:34 Common mistakes organizations make while evaluating cloud security platforms. 18:18 Showing security tool values to business leaderships. 20:57 How to avoid mistakes and get better at tool selection process. 22:53 Do Gartner Leader Reports add value to CISOs? 26:44 Are partnerships between security vendors and insurance companies worth it? 30:38 What to look for in vendor support and training resources? 32:02 Impact of Agile methodologies on vendors as well as customers. 35:42 Right time to invest in Zero Trust Security. 39:35 Observations of sophisticated attack on Solarwinds. 43:50 Preparing for emerging threats in security space. 46:25 Burnout and stress in CISO's life and How to handle. 50:10 End of IDS (Intrusion detection system). 57:24 Summary 58:19 Learning recommendations from Richard. 59:54 Thank you and Closure

In this episode of the ScaletoZero podcast, we have discussed how to build a resilient cloud security posture with cybersecurity expert Hilal. We have also covered some of the important areas of incident response like incident response teams, planning, tools, vulnerabilities, the role of AI, and more. Discover expert insights and best practices. Watch complete episode on YouTube: https://youtu.be/ydA82eUXmA0 00:00 Teaser and Introduction 07:17 Structuring incident response teams to effectively handle cloud-based incidents. 09:57 Developing and maintaining a comprehensive incident response plan. 12:35 Tooling or processes should be in-house or outside of the organization? 15:51 Top 3 areas to define security controls around vulnerabilities or incidents. 19:01 Practical example of handling an incident response. 24:24 Lessons Learned from a security incident. 26:35 Scrutinizing an open-source library. 30:09 Continuous monitoring for AWS and multi-cloud organizations, and effectiveness of OSS in it. 35:35 Use of Generative AI to generate incident response playbooks and other security challenges. 42:28 Staying updated in the threat landscape and using generative AI in it. 45:46 Skills and expertise required in high-performing detection engineering teams. 48:41 Handling stress and burnouts. 52:44 Summary 53:26 Learning recommendations from Hilal for security leaders.

In this episode of ScaletoZero podcast, join us for an insightful exploration of the role of generative AI in cybersecurity. Discover the challenges it presents for practitioners, the importance of explainability and privacy, and the limitations of traditional cybersecurity frameworks. Learn how to harness the power of AI while mitigating inherent risks and ensuring a robust security posture. 00:00 Teaser and Introduction 05:38 Role of generative AI in cybersecurity. 10:54 Generative AI - A challenge for cybersecurity practitioners. 12:32 Concept of Explainability and its importance when it comes to generative AI. 17:02 Designing AI-powered security solutions to respect user privacy. 21:07 What is Differential Privacy and its role in generative AI. 30:15 Cybersecurity frameworks fall short when it comes to inherent cybersecurity risks. 34:53 Consequences of organizations solely relying on cybersecurity frameworks. 39:11 Key considerations to prioritize when addressing inherent cybersecurity risks. 44:50 Cybersecurity vs. Risk Management vs. Privacy. 46:50 Summary 47:47 Rating Security Practices Section

In this episode of the ScaletoZero podcast, discover the transformative potential of auto-remediation in cloud environments. Learn how to prioritize remediation activities, measure their impact, and choose between IaC and auto-remediation. Explore the challenges and benefits of implementing auto-remediation, and gain valuable insights from a seasoned expert Lily Chau. 00:00 Introduction and teaser 04:27 Role of auto-remediation in cloud security program 07:21 Benefits of auto-remediation 08:37 Factors to consider in prioritizing auto-remediation 13:09 How to measure the impact and ROI of remediation activities 15:22 IaC or Auto-remediations - where to focus? 19:24 How to avoid security mishaps? 21:10 Better alternatives to auto-remediation 22:45 Challenges of designing and implementing auto-remediation 25:35 Stakeholders involved in implementing auto-remediation 27:06 Recommendation for organizations implementing auto-remediation 29:30 How to stay updated on new security vulnerabilities 31:10 Future of auto-remediations 33:25 Challenges of AI in security space 35:50 Cybersecurity framework that has helped Lily 37:18 Summary 38:15 Rating Security Practices Section