Scale to Zero - No Security Questions Left Unanswered

Feeling lost in the world of Detection and Response (D&R)? In this episode of ScaletoZero, our guest Pablo Vidal equips you with everything you need, from core concepts and overcoming common challenges to leveraging automation and building a winning incident response process. We explore the future of D&R with Generative AI, offer valuable advice for aspiring security engineers, and provide organizations with strategies to hire top talent and identify red flags during recruitment. Join us and become a D&R master! 00:00 Teaser 01:00 Introduction and more 07:00 Concept of Detection and Response 08:21 Motivation to continue in detection and response 11:40 Challenges in implementing incident detection and response process 13:30 Typical incident response process 15:25 Using automation or orchestration tools for incident response 17:00 Keeping the right balance between SDLC and incident response 19:35 Generative AI and Incident Response Process 22:20 Will GenAi replace security engineers? 24:40 Advice to newbies in incident and response 26:40 Additional skills to have 28:00 Skills organizations should look for while hiring security engineering teams 31:30 Strategies for organizations to attract top talent 33:45 Common do's and don't of hiring security engineering team 35:25 Red flags in candidates during the hiring process 37:37 Summary 38:37 Rating Security Practices

In episode 30 of the ScaletoZero podcast, we had a very thoughtful discussion with Jesse Miller who is also known as an operational powerhouse when it comes to information security and compliance. This episode is a must-watch for all the leaders who are building their cybersecurity teams. Jesse shares some real uncommon insights (without sugarcoating facts) that will help security leaders and SMBs build their cybersecurity teams. 00:00 Teaser + Introduction 07:00 Skills to look for when hiring security teams10:57 How do you attract the right talent to your organization?13:47 Hiring early security roles for growing startups14:22 Setting KPIs for the newly hired security roles17:50 How security teams can engage with other business units?21:30 Where organizations are making mistakes?26:24 What is Building Virtuous Circle?29:40 Benefits of building a virtuous circle with clients in your organization.30:55 How can CISOs educate their clients about sound security investments?32:50 Advice to aspiring CISOs and CIOs35:28 Summary36:18 Rating Security Practices

In episode 29 of the ScaletoZero Podcast, we had an insightful discussion with Josh Pyorre about threat-hunting approaches in today's digital world. Josh shared his expertise on balancing security complexities and creativity while discussing ways to reduce cyber risks for individuals and organizations. 00:00 Teaser 01:00 Introduction 05:00 What is Threat Hunting? 08:00 Why threat hunting is important for organizations? 08:55 Proactive vs. Reactive approach to threat hunting 10:17 Challenges of adopting a proactive or reactive approach 12:00 Creatively approaching Threat Research 16:25 Generative AI in Cybersecurity 18:33 Challenges of GenAI for security threat research 22:22 Keeping balance in presenting complex security topics to a diverse audience 24:25 Why security ecosystems should prioritize startups and non-profits 29:20 Summary 30:20 Rating Security Practices

In this episode of the ScaletoZero podcast, we had an enlightening discussion with cloud security expert Rich Mogull. We delve into the Cloud Security Maturity Model (CSMM) and its profound impact on modern cybersecurity practices. Rich takes us on a journey through the evolution of CSMM, from its inception to its current significance in cloud security strategies. 00:00 Teaser 01:02 Introduction 07:35 What is the Cloud Security Maturity Model? 09:30 Importance of CSMM and Life before Cloud Security Maturity model 13:10 How does CSPM align with the existing cloud framework 17:22 Challenges security leaders face when implementing CSMM 21:50 Recent updates to the Cloud Security Maturity Model 26:50 Impact of updates to organizations following existing CSMM 30:14 How can organizations use CSMM v2 32:32 Cloud Security Lab A Week 35:00 Journey of Cloud security lab a week 37:50 Wisdom for folks thinking of starting a project around cloud security 40:00 Summary 41:00 Rating Security Practices section

Join us with our expert, Joe, as we delve into the evolution, complexities, and solutions for safeguarding data and systems in the cloud. From discussing emerging threats to sharing expert insights on best practices, Joe will unravel the mysteries and empower you with actionable knowledge. Watch the complete episode now! 00:00 Teaser 00:40 Introduction 01:00 Evolution of cloud complexities and it's security 04:00 Securing your own infrastructure based on cloud complexities 05:50 Review and keep the attack surface clean 08:00 Prioritizing risks and what area to focus 10:45 Resources to implement cloud security 12:10 How to remediate security findings 14:40 Evolution of cloud security landscape in the last decade 17:40 Emerging trends and technologies 19:10 Using GenAI for security 23:00 Summary 23:55 Rating Security Practices

In this engaging ScaletoZero podcast episode, cybersecurity expert Htet Aung delves into the complexities of software supply chain security, emphasizing the importance of practices like software bill of materials (SBOM) and container image signing. He also rates key security practices and recommends valuable resources for further exploration. Don't miss out! 00:00 Start and Podcast teaser 01:20 Guest Introduction 04:45 What is Software Supply Chain Security? 05:38 Importance of software supply chain security for organizations 08:10 Tackling supply chain security challenges 11:10 Prioritizing software composition based on SBOMs 14:00 Analyzing SBOMs to improve security and compliance 15:15 What is Container Image Signing? 17:07 Different methods of Container image signing 19:00 Best practices when incorporating container image signing 20:50 Prioritizing container image signing 24:55 Summary 25:55 Rating security practices section

Justice to Identity and Access Management 00:00 Teaser 01:00 Show Introduction 01:45 Guest Introduction 08:20 Why does IAM still need attention? 10:15 Why has IAM been getting more attention recently? 12:34 The ability to create users and roles at will is the advantage of the cloud & downfall of cloud IAM 14:55 How do organizations deal with these double-edged scenarios? 16:30 Prioritizing security configurations for IAM 20:10 Things organizations should keep in mind when working with IAM 23:00 Keeping balance between implementing best practices and SDLC 25:55 Why security is not given enough attention? 31:24 Top 5 IAM considerations for matured organizations 33:38 Summary 34:26 End of Part 1

Join us as we dive deep into the world of IAM and cloud security with the brilliant Andre Rall. 🌟 He's sharing his expert and practical strategies to protect your data, ensuring your digital fortress is impenetrable! 00:00 Teaser 01:18 Introduction 04:40 Day in our guest life 07:20 Why IAM needs attention? 10:55 From network to IAM, what changed? 13:45 Evolution of complexity of cloud security. 17:18 Keeping a balance between multi-cloud and security. 19:45 Top 5 security practices to incorporate in a multi-cloud environment. 22: 30 Mindset shift required in deploying workloads in data centers and in the cloud. 26:00 Mitigating the gap between security professional jobs and required proficiency. 29:00 How can security professionals upskill? 32:22 Building trust with your partners 34:20 Summary 35:20 Rating security practices

Unlock the power of secure coding with Jim Manico! 💡 Dive into the world of application security and learn from an expert like never before. 🤩 Get ready to have your mind blown as Jim Manico shares his deep knowledge on application security using generative AI. 🌟 Discover groundbreaking insights, practical tips, and game-changing strategies that will elevate your coding skills to a whole new level. 00:00 Teaser 00:44 Introduction 04:48 Confidence score on open source and AI-generated code recommendations 06:50 How to keep a balance between generating an AI code and keeping business-critical information safe 09:15 Data security when using Generative AI 13:13 Recommendations for folks using open-source technology 15:32 How does OWASP or CWE apply to GenAI security 17:40 Using Generative AI for secure software architectures 21:55 Secure coding practices 23:20 Mistakes developers often do during storing sensitive data 24:35 How to take care of web application security 28:00 Critical factors to keep in mind when building security applications 29:28 Summary 30:30 Rating security practices 37:00 Thank you

This episode of the Scale to Zero Podcast is an absolute game-changer! We have the brilliant Jeffrey Wheatman, who is dropping some serious knowledge bombs on third-party risk management. Protecting your organization has never been more crucial, but it doesn't have to be complicated. Jeffrey will guide you through the ins and outs, providing valuable insights on mitigating risks and maximizing value. 💼 Get ready to explore the world of risk and discover how it can impact your business. 01:08 Introduction 08:30 What is a third-party risk? 12:09 Do fintech startups need to pay attention to third-party risk management. 14:00 A security questionnaire is not enough? 18:50 Prioritising things to onboard third-party vendors. 24:40 Stack ranking vendors for their onboarding. 29:30 Cultural alignment between business and security teams. 33:50 Measuring the ROI on practices used for third-party risk management. 36:30 How has third-party risk management has evolved and what's the future. 40:30 Summary 41:39 Rating Security Practices section