Cloud Security Today

Send us a textOn this episode, the Chief Security Officer of Cloud at Palo Alto Networks, Bob West, joins Matt to discuss Palo Alto Network's latest State of Cloud Native Security Report. Bob joined Palo Alto Networks after more than 20 years in leadership roles with banks, product companies, and professional services organizations. Before joining Palo Alto Networks, Bob served as managing partner at West Strategy Group, managing director in Deloitte’s cyber risk services practice, managing director for CISO for York Risk Services, Chief Trust Officer at CipherCloud, CEO at Echelon One, Chief Information Security Officer (CISO) at Fifth Third Bank, and Information Security Officer at Bank One.Today, Bob talks about the latest installment of the State of Cloud Native Security Report, the severe shortcomings in Cloud Security, and the elevated cost of Cloud Security. Why is it essential to think about security upfront? Hear about the daily mindset shift required to deploy quality code, minimizing complexity to maximize efficiency, and the significant delay in threat management.Timestamp Segments·       [01:46] Bob’s career-changing experiences.·       [04:17] Bob’s advice.·       [11:10] The 10,000-ft view.·       [16:23] The elevated costs of Cloud security.·       [22:36] Increased deployment frequency.·       [24:54] How do security teams keep up?·       [30:44] Security tooling in the Cloud.·       [35:46] Holistic Cloud security.·       [41:18] There will always be issues. Notable Quotes·       “Be nice to your vendors.” - Bob·       “You never know who’s going to be able to help you out at any point.” - Bob·       “You’ve got to build bridges before you need them.” - Matt·       “Common sense isn’t necessarily common practice.” - BobRelevant LinksWebsite:   www.paloaltonetworks.comLinkedIn:  Bob WestResources:Out of the CrisisThe future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Send us a textOn this episode, the Founder of CISO Evolution LLC, Matthew Sharp, joins Matt to talk about his book, CISO Evolution. Prior to founding CISO Evolution LLC, Matt served as a strategic advisor to CISOs of Fortune 500 and global institutions. He holds a Bachelor of Science (BS) in Electrical and Computer Engineering from the University of Colorado and a Master of Business Administration (MBA) from Colorado State University. Matt is a co-author of "The CISO Evolution: Business Knowledge for Cybersecurity Executives."Today, Matthew talks about his 2012 sabbatical, walking the Camino de Santiago, and the CISO Evolution book. Why does process matter more than analysis? Hear about value creation, business negotiations, and Matthew’s formula for personal growth.Timestamp Segments·       [02:06] A bit about Matthew.·       [04:30] Matthew’s sabbatical & the Camino de Santiago.·       [09:21] What prompted the book?·       [12:23] Why does process matter more than analysis?·       [19:08] Did Matthew’s MBA lead him down this path?·       [24:22] Value creation.·       [27:40] Standard metrics.·       [31:23] Why is it important for a CISO to know terms?·       [33:32] Negotiations and decision-making.·       [37:19] What’s Matthew’s formula for personal growth?·       [41:12] Matthew’s words of wisdom. Notable Quotes·       “If you want to be in the room where it happens, then you have to be equipped to participate in the conversation.”·       “Ask the questions that go unasked.”·       “Don’t be afraid to go and look like an idiot in front of another business stakeholder.”The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Send us a textOn this episode, co-founder and CEO of Cerby, Belsasar Lepe, joins Matt to talk about unmanageable applications (apps that don't support critical security standards like SSO and SCIM). Belsasar was previously the Head of Product at Impira, where he led the company's product life cycle, helping drive a 4x increase in revenue. Before his role at Impira, Bel was co-founder and CTO at Ooyala, where he led a global product, design, and engineering team of 300+ Ooyalans spanning five countries and seven offices. Ooyala achieved two successful exits totaling over $440M.Belsasar talks about unmanageable applications, Shadow IT, and why password managers should be considered legacy tech.  Timestamp Segments·       [02:14] A bit about Belsasar.·       [04:57] Unmanageable Applications.·       [07:07] Shadow IT.·       [11:04] Quantifying the risk.·       [14:50] How to identify Unmanageable Apps.·       [17:46] Using different tools.·       [21:03] Where do password managers fall in?·       [22:53] Is passwordless the future?·       [25:29] How Cerby solves the problem.·       [27:11] A Cerby success story.·       [30:48] The future of the market.·       [32:35] Migration to Cloud.·       [35:03] How Belsasar stays fresh. Notable Quotes·       “The first task is understanding the size of the problem.”·       “The initial point of entry is often an unmanageable application.”·       “More businesses will rely on end users for their security.”Cerby's websiteThe future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Send us a textEpisode SummaryOn this episode, Matt speaks with Senior Executive, Board Director, and leader in Cybersecurity, risk management, and regulatory compliance, Chris Hetner about cybersecurity and the newly-proposed SEC cybersecurity rules. With over 25 years of experience in the cybersecurity space, Chris has served in roles including as Senior Cybersecurity Advisor to the Chairman at the SEC, Managing Director of Information Security Operations at GE Capital, and SVP Information Security at Citi.Today, Chris talks about understanding the proposed cybersecurity rules, defining materiality, and the importance of focusing on cyber-resilience. Where does the Cloud come into it? Hear about the cost of cyberattacks, the core risk exposures, and Chris’s formula to personal growth. Timestamp Segments·       [02:47] Chris’s proudest moments.·       [10:00] The new proposed rules.·       [14:26] Defining materiality.·       [23:56] Bridging the language gap.·       [32:14] Focusing on cyber-resilience.·       [35:36] Cybersecurity expertise on the board.·       [41:27] The cloud.·       [45:32] The formula to personal growth. Notable Quotes·       “Ransomware extortion is relatively insignificant relative to the overall cost of the event.”·       “You can’t outsource the risk.”·       “Realize that you’re not always the smartest person in the room.”·       “We don’t know it all, and we never will.”The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Send us a textThis episode of the Cloud Security Today podcast welcomes back favorite special guests Jay Chen and Nathaniel “Q” Quist to unpack the latest Cloud Threat Report. Join host Matt Chiodi as he shares insights from the report and analyzes the current state of cloud security.Beginning with an in-depth look at Identity and Access Management (IAM) in cloud security, the guests talk about the latest changes in cloud security. They discuss the report’s findings on permissions and what cloud systems providers are currently doing (or not doing) to help keep cloud data secure. At the end of the episode, Jay and Q give tips on how to stay up-to-date on developments in the cloud security landscape and reveal the next projects that they’re working on. If you enjoyed this episode, you can show your support for the podcast by rating and reviewing it and by subscribing to Cloud Security Today wherever you listen to podcasts.  Show Notes/Timestamps[2:11] Matt welcomes repeat guests Jay and Q onto the show[3:36] So, what’s changed for Identity and Access Management over the last year? [8:05] Jay lays out what makes good cloud governance so difficult[11:50] Complicating factors in cloud security[14:22] What does the research show about permissions and over permissions on cloud systems? [17:28] “When you can’t figure out what to do, you add more permissions:” How permissions multiply[20:19] Are cloud service providers helping or hindering cloud security?[24:03] Debating the Infrastructure as Code framework[28:13] Q breaks down the Cloud Threat Actor Index [31:32] Q’s top five bad actors on the cloud security landscape[35:11] Jay gives his recommendations for IAM[39:55] How you can stay up-to-date on the latest developments in cloud security[42:10] The next projects that Jay and Q are working onLinksCheck out this episode’s sponsor, Prisma CloudUnit 42 reportsIAM-Deescalate ToolCloud Sec ListThe future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Send us a textPockets of Innovation with John ChavanneEpisode SummaryOn this episode, Solutions Architect at Palo Alto Networks, John Chavanne, joins Matt to talk about his career of innovation. John’s career spans over 20 years at HSBC before transitioning into DevOps and Cloud Solutions at Palo Alto Networks.Today, John talks about his career arc, transitioning to cloud, and the value of communities of practice groups. Where should organizations start with deploying a CNAP? Hear about the challenges with deploying cloud platforms, and John’s greatest accomplishments. Timestamp Segments·       [01:30] About John.·       [02:54] John’s career.·       [05:47] What is something that cloud makes easier?·       [07:09] Transitioning from network to DevOps and Cloud.·       [10:15] Starting the move to cloud at HSBC.·       [13:15] Cloud communities of practice.·       [18:47] Sharing code.·       [21:27] John’s biggest accomplishment.·       [23:23] Prisma Cloud.·       [26:25] Organizational challenges with deploying cloud platforms.·       [29:41] Where to start with deploying a CNAP.·       [33:54] How does John stay fresh? Notable Quotes·       “You can test things out in the cloud and the price of failure is almost zero.”·       “Innovation happens in pockets.”·       “Reduce waste and build habits that reduce waste.” Relevant LinksRecommended reading:         The Toyota Way.                                                Kubernetes - An Enterprise Guide.KodeKloud:     https://kodekloud.comTwitter:            https://twitter.com/jjchavanneThe future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Send us a textWhat Serverless Can Do For You? With Mark GouldEpisode SummaryOn this episode, Cloud Security Engineer at Manhattan Associates, Mark Gould, joins Matt to talk about serverless computing. Mark is a Cybersecurity specialist, with a focus on the Google Cloud Platform, and is a Certified Google Architect.Today, Mark talks about serverless computing, the security risk to consider, and working with DevOps teams. What are the top three metrics to start with for automation and security? Hear about cloud automation, Mark’s NSG alerting system, and his greatest accomplishments in recent years. Timestamp Segments·       [01:22] About Mark.·       [02:49] About Manhattan Associates.·       [04:46] How does cloud fit in?·       [06:16] Automation in the cloud.·       [09:03] Modernization at Manhattan Associates.·       [10:18] Serverless computing.·       [14:39] Security risks with using serverless functions.·       [17:58] Mark’s NSG alerting system.·       [21:27] Three metrics for automation and security.·       [23:33] What should security teams be doing differently when working with DevOps?·       [25:43] What is Mark most proud of?·       [27:45] How does Mark continue to learn?·       [30:31] Is Manhattan Associates hiring? Notable Quotes·       “You definitely have to pick what kind of processes you want to automate and make sure that you’re willing to put in the work to maintain them.”·       “Sometimes serverless isn’t always the cheapest option.”·       “Leaders are learners.” Relevant LinksManhattan Associates:           https://www.manh.comLinkedIn:         https://www.linkedin.com/in/mark-gould-15a7a3149The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Send us a textBook Review: Startup Secure with Chris CastaldoEpisode SummaryOn this episode, CISO at Crossbeam and Author of Startup Secure: Baking Cybersecurity into your Company from Founding to Exit, Chris Castaldo, joins Matt to talk about startups and security. Chris is an industry-wide recognized CISO, having over 20 years of experience in cybersecurity.Today, Chris talks about his book, Startup Secure, his move to startups from the public sector, and the different startup development phases. What should startups focus on during the different development phases? Hear about security trust centers, the top startup security sins, and get Chris’s formula for personal growth. Timestamp Segments·       [02:03] What prompted Chris to write Startup Secure?·       [04:57] What has changed during the writing process?·       [06:47] Critical decisions throughout Chris’s career.·       [11:17] Moving from public sector to startups.·       [15:39] Startup development phases.·       [20:16] When certifications don’t make sense.·       [26:09] Mistakes in communicating to customers.·       [30:16] Security trust centers.·       [32:45] Startup security sins.·       [35:38] Chris’s formula for personal growth.·       [39:06] Chris’s parting words. Notable Quotes·       “You’re not the target. You’re just the jumping point to that target.”·       “I don’t need to review the security of a company we’re buying desks from.”·       “You just can’t expect everyone to be a cybersecurity expert.” Relevant LinksBuy the Book: https://www.amazon.com/Start-Up-Secure-Cybersecurity-Company-Founding/dp/1119700736LinkedIn:         https://www.linkedin.com/in/chriscastaldoThe future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Chris Hughes, CISO and Co-Founder of Aquia, talks about licensing and certifications, cloud innovation, achieving continuous ATO, and building software factories. He also discusses the people side of the business, effective community building, and his formula for personal growth.

Send us a textIn today’s episode, the Creator of Zero Trust, John Kindervag, joins Matt on the show to discuss implementing Zero Trust in your organization. While at Forrester Research in 2010, John developed Zero Trust, promising adequate and effective protection of an organization’s most valuable assets.Today, John talks about the driving force behind Zero Trust, the concept of the Protect Surface, and Kipling Method Policies. Why is trust a vulnerability? Hear about Zero Trust, Shadow IT, and get John’s recommended resources. Timestamp Segments·       [02:20] About John.·       [05:29] How does John define Zero Trust?·       [07:45] Why is trust a vulnerability?·       [09:56] The Protect Surface.·       [12:32] Kipling Method Policies.·       [17:22] The roadmap to Zero Trust at scale.·       [22:56] It’s the inspection that matters.·       [28:26] Zero Trust in the Cloud.·       [31:33] Shadow IT.·       [38:54] Tracking specific metrics.·       [40:58] John’s resource recommendations. Notable Quote"We can never stop cyber attacks from happening, but we can stop them from being successful.”Relevant LinksRecommended Reading:       The Zero Trust Learning Curve.Antifragile, by Nassim Nicholas Taleb. On Grand Strategy, by John Gaddis.Winning in FastTime, by John Warden.LinkedIn:         https://www.linkedin.com/in/john-kindervag-40572b1ISMG:              https://ismg.ioThe future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.