Bölümler
-
How CI/CD Tools can expose your Code to Security Risks? In this episode, we’re joined by Mike Ruth, Senior Staff Security Engineer at Rippling and returning guest, live from BlackHat 2024. Mike dives deep into his research on CI/CD pipeline security, focusing on popular tools like GitHub Actions, Terraform, and Buildkite. He reveals the hidden vulnerabilities within these tools, such as the ability for engineers to bypass code reviews, modify configuration files, and run unauthorized commands in production environments.
Mike explains how the lack of granular access control in repositories and CI/CD configurations opens the door to serious security risks. He shares actionable insights on how to mitigate these issues by using best practices like GitHub Environments and Buildkite Clusters, along with potential solutions like static code analysis and granular push rule sets. This episode provides critical advice on how to better secure your CI/CD pipelines and protect your organization from insider threats and external attacks.
Guest Socials: Mike's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introductions
(01:56) A word from episode sponsor - ThreatLocker
(02:31) A bit about Mike Ruth
(03:08) SDLC in 2024
(08:05) Mitigating Challenges in SDLC
(09:10) What is Buildkite?
(10:11) Challenges observed with Buildkite
(12:30) How Terraform works in the SDLC
(15:41) Where to start with these CICD tools?
(18:55) Threat Detection in CICD Pipelines
(21:31) Building defensive libraries
(23:58) Scaling solutions across multiple repositories
(25:46) The Fun Questions
Resources mentioned during the call:
GitHub Actions
Terraform
Buildkite
Mike's BSidesSF Talk
-
In this episode of the Cloud Security Podcast, we bring together an incredible panel of experts to explore the evolving landscape of cloud security in 2024. Hosted by Ashish Rajan, the discussion dives deep into the challenges and realities of today’s multi-cloud environments. With perspectives ranging from seasoned veterans to emerging voices this episode offers a broad spectrum of insights from cloud security practitioners who are living and breathing cloud security everyday. We are very grateful to our panelist who took part in 1st of its kind edition for the State of Cloud Security - Meg Ashby, Damien Burks, Chris Farris, Rich Mogull, Patrick Sanders, Ammar Alim and Abdie Mohamed.
The conversation covers essential topics such as the pitfalls of multi-cloud adoption, the persistent security issues that remain even as cloud technologies advance, and the importance of specializing in one cloud platform while maintaining surface-level knowledge of others. The panelists also share their thoughts on the future of cloud security, including the increasing relevance of Kubernetes and edge security.
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(02:22) How much has Cloud Security Changed?
(07:05) Is the expectation to be MultiCloud?
(19:07) What’s top of mind in Cloud Security in 2024?
(27:17) The current Cloud Service Provider Landscape
(39:26) Where to start in Cloud Security ?
(52:10) The Fun Section
Resources discussed during the episode:
fwd:cloudsec conference
Cloud Security Bootcamp
DevSecBlueprint YouTube Channel - Damien Burks
Rich Mogull’s Cloud Security Lab of the Week
-
Eksik bölüm mü var?
-
What were the main themes at BlackHat USA 2024? With respect to Cloud Security, maybe with a sprinkle of AI Security. Our team was on the ground at BlackHat and DefCon32 this year, we heard many talks and panels, spoke to many practitioner, leaders and CISOs and had the pleasure of recording some great interviews (coming soon!). This conversation is a distillation of everything we heard and the themes we saw.
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(01:15) A word from our episode sponsor, ThreatLocker
(04:35) Resiliency in Cybersecurity
(07:00) Commentary on upcoming US elections
(09:42) Identity Centric Security
(15:55) Cloud Security is getting more Complex
(23:47) Growing importance of Data Security
(25:42) Use Cases for AI Security
(31:25) Shared Responsibility and Shared Fate
(33:21) Is CSPM Dead?
(37:32) The Conclusion
Resources from the episode:
BlackHat USA Keynote - Democracy's Biggest Year: The Fight for Secure Elections Around the World
Generative AI Misuse: A Taxonomy of Tacticsand Insights from Real-World Data
RSAC 2024 Innovation Sandbox Finalist
BlackHat USA 2024 Startup Spotlight
-
In this episode, we sit down with Santiago, a Senior Security Engineer at Canva, to talk about the complexities of building and managing an incident response team, especially in high-growth companies. Santiago shares his experience transitioning from penetration testing to incident response and highlights the unique challenges that come with protecting a rapidly expanding organization.
We explore the differences between incident response in high-growth versus established companies, the importance of having the right personnel, and the critical skills needed for effective incident response.
Guest Socials: Santiago's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(01:58) A word from our sponsor - SentinelOne
(02:48) A bit about Santiago
(03:18) What is Incident Response?
(04:06) How IR differs in different organisations?
(04:48) Red Team vs Incident Response Team
(06:17) Challenges for Incident Response in Cloud
(07:16) Incident Response in a High Growth Company
(07:56) Skillsets required for high growth
(09:14) Cloud vs On Prem Incident Response
(10:03) Building Incident Response in High Growth Company
(11:39) Responding to incidents that are not high risk
(14:41) Transition from pentesting to incident responder
(17:20) Endpoint vulnerability management at scale
(25:32) The Fun Section
Resources from the episode:
Endpoint Vulnerability Management at Scale
-
Leadership Insights on Cloud Security in 2024. Ashish sat down with return guest Srinath Kuruvadi, a seasoned cloud security leader with over two decades of experience in the field. Together, they explored the current state and future of cloud security, discussing the importance of detection & incident response teams, building and maintaining a robust cloud security program, understanding the importance of stakeholder management, and the role of data security in mitigating risks. Srinath shared his perspective on the evolution of cloud security, the critical need for a prevention-first mindset while tackling the challenges of managing security in a multi-cloud environment
Guest Socials: Srinath's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(01:42) A bit about Srinath
(01:55) How has the Cloud Security space changed?
(05:27) Are CloudSec and AppSec merging?
(06:29) Are stakeholders more engaged with Cloud Security?
(08:10) Where are the boundaries for Cloud Security?
(10:06) Finding the right talent in Cloud Security
(12:31) Building a Multi Cloud Security Team
(15:06) The role of platform teams
(16:45) Maturity level for Cloud Security
(19:18) Current patterns in Cloud Security
(22:03) What should CSPs be taking more about?
-
What are you doing differently today that you're stopping tomorrow's legacy? In this episode Ashish spoke to Adrian Asher, CISO and Cloud Architect at Checkout.com, to explore the journey from monolithic architecture to cloud-native solutions in a regulated fintech environment. Adrian shared his perspective on why there "aren't enough lambdas" and how embracing cloud-native technologies like AWS Lambda and Fargate can enhance security, scalability, and efficiency.
Guest Socials: Adrian's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(01:59) A bit about Adrian
(02:47) Cloud Naive vs Cloud Native
(03:54) Checkout’s Cloud Native Journey
(05:44) What is AWS Fargate?
(06:52) There are not enough Lambdas
(09:52) The evolution of the Security Function
(12:15) Culture change for being more cloud native
(15:23) Getting security teams ready for Gen AI
(18:16) Where to start with Cloud Native?
(19:14) Where you can connect with Adrian?
(19:39) The Fun Section
-
How to secure AWS cloud using AWS Lambda? We spoke to Lily Chau from Roku at BSidesSF about her experience and innovative approach to tackling security issues in AWS environments. From deploying IAM roles to creating impactful playbooks with AWS Lambda, Lily shared her take on automating remediation processes. We spoke about the challenges of managing cloud security with tools like CSPM and CNAPP, and how Lily and her team took a different approach that goes beyond traditional methods to achieve real-time remediation.
Guest Socials: Lily Twitter
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(01:56) A bit about Lily
(02:27) What is Auto Remediation?
(03:56) Example of Auto Remediation
(05:19) CSPMs and Auto Remediation
(06:58) Make Auto Remediation in Cloud work for you
(09:49) Where to get started with Auto Remediation?
(11:52) What defines a High Impact Playbook?
(12:58) Auto Remediation for Lateral Movement
(14:35) What is running in the background?
(16:41) What skillset is required?
(19:08) The Fun Section
Resources for the episode:
Lily's talk at BsidesSF
-
How can you protect your data with Confidential Compute and Containers? Ashish spoke to Zvonko Kaiser, Principal Systems Software Engineer, Confidential Containers and Kubernetes at Nvidia about confidential containers, confidential computing, and their importance in protecting sensitive data. They speak about the various threat models, use cases, and the role of GPUs in enhancing compute power for AI workloads
Guest Socials: Zvonko's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(01:45) A word from our sponsor SentinelOne
(02:18) A bit about Zvonko
(02:24) Encryption for Confidential Computing
(04:20) Confidential Computing vs Confidential Containers
(05:45) What sectors focus on Confidential Computing?
(07:09) Common Threats in Confidential Computing
(08:55) What is a Secure Enclave?
(10:05) Value of Attestation for Confidential Computing
(11:35) Lift and Shift Strategy for AI
(13:59) The role of GPU in confidential Computing
(15:37) Shared Responsibility with Confidential Computing
(17:10) Confidential Computing project you can get involved in
(18:16) The fun section
-
How to implement infrastructure as code? Ashish spoke to Armon Dadgar. Co-Founder and CTO at HashiCorp at Hashidays London. Armon speaks about his journey from co-creating Terraform, the first open-source language in the IaC space, to addressing the complex challenges enterprises face in cloud environments today. They speak about why having a platform team from the beginning is crucial for large enterprises, the evolution of IaC, the importance of standardization in managing cloud applications, and how automation plays a key role in maintaining security.
Guest Socials: Armon's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
00:00 Introduction
01:54 A bit about Armon
02:32 How has infrastructure as code evolved?
03:43 The role of Terraform
04:38 Infrastructure and Security Lifecycle Management
06:51 Best Practice for Infrastructure Lifecycle Management
09:11 Best Practice for Security Lifecycle Management
09:38 What is a Platform Team?
11:02 When should people start thinking about a platform team?
13:02 What is Zero Trust?
14:52 Challenges with IaC
17:35 How GenAI is impacting IaC?
20:04 Starting an open source project?
24:53 The Fun Section
-
What is the future of AI Security and Data Protection? At AWS re:Inforce in Philadelphia this year, Ashish spoke to Dan Benjamin, Head of Data, Identity and AI Security at Prisma Cloud about the new category of AI-SPM (Artificial Intelligence Security Posture Management) and why does it fit within all the other toolings organisations have. They spoke about the importance of building an AI and data inventory, understanding AI access, and the critical role of DSPM (Data Security Posture Management) in creating effective AI security controls.
Guest Socials: Dan's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
00:00 Introduction
02:09 A bit about Dan
02:29 What is AISPM?
03:16 How should CISOs tackle AI Security?
06:16 Right Controls around AI Services
07:32 AISPM vs CSPM
09:52 The role of DSPM
10:25 Tackling data security in world of AI
13:28 Maturity Curve for CISOs to consider
16:36 Security Teams for AI Security
19:51 The Fun Section
-
Can Threat Detection be enhanced with AI? Ashish sat down with Dave Johnson, Senior Threat Intelligence Advisor at Feedly, at BSides SF 2024, where Dave also presented a talk.
Dave shares his journey in cyber threat intelligence, including his 15-year career with the FBI and his transition to the private sector. The conversation focuses on the innovative use of large language models (LLMs) to create Sigma rules for threat detection and the challenges faced along the way. Dave spoke about his four approaches to creating Sigma rules with AI, ultimately highlighting the benefits of prompt chaining and Retrieval Augmented Generation (RAG) systems.
Guest Socials: Dave's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(01:44) A word for our episode sponsor, Panoptica
(02:39) A bit about Dave Johnson
(03:33) What are Sigma Rules?
(04:36) Where to get started with Sigma Rules?
(05:27) Skills required to work with Sigma Rules
(06:32) The four approaches Dave took to Sigma Rules
(11:29) Are Sigma Rules complimentary to existing log systems?
(12:18) Challenges Dave had during his research
(14:09) Validating Sigma Rules
(16:01) Working on Sigma Rule Projects
(18:54) The Fun Section
Resources spoken about during the episode:
Dave's Website
SigmaHQ GitHub
-
How can AI impact Cloud Security Operations? Ashish sat down with Ely Kahn, VP of Cloud Security and AI at SentinelOne to talk about the evolving landscape of cloud security and the future of Security Operations Centers (SOC). Ely spoke about the shift from centralized to decentralized SOC operations, the increasing complexity in cloud security and its benefits.
Guest Socials: Ely's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(02:10) A bit about Ely
(02:47) Has Cloud Security become simpler or more complex?
(05:09) How has the threat landscape for cloud evolved?
(08:00) Who is managing all the alerts?
(09:53) What will happen to SOAR?
(11:03) How AI will impact Cloud Security in 2024?
(18:36) Is there a skillset change coming?
(20:06) The Fun Section
-
Is having a CSPM enough for Cloud Security? At RSA Conference 2024, Ashish sat down with returning guest Jimmy Mesta, Co-Founder and CTO of RAD Security, to talk about the complexities of Kubernetes security and why sometimes traditional Cloud Security Posture Management (CSPM) falls short in a Kubernetes-centric world.
We speak about the significance of behavioural baselining, the limitations of signature-based detection, the role of tools like eBPF in enhancing real-time security measures and the importance of proactive security measures and the need for a paradigm shift from reactive alert-based systems to a more silent and efficient operational model.
Guest Socials: Jimmy's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(03:12) A bit about Jimmy Mesta
(03:48) What is Cloud Native Security?
(05:15) How is Cloud Native different to traditional approach?
(07:37) What is eBPF?
(09:12) Why should we care about eBPF?
(11:51) Separating the signal from the noise
(13:48) Challenges on moving to Cloud Native
(15:58) Proactive Security in 2024
(17:02) Whose monitoring Cloud Native alerts?
(23:10) Getting visibility into the complexities of Kubernetes
(24:24) Skillsets and Resources for Kubernetes Security
(27:54) The Fun Section
Resources spoke about the during the interview:
OWASP Kubernetes Top Ten
-
What are the practical steps for orienting yourself in a new cloud environment? Ashish sat down with Rich Mogull and Chris Farris to explore the intricacies of effective cloud security strategies. Drawing on their extensive experience, Rich and Chris speak about critical importance of moving beyond just addressing vulnerabilities and embracing a more comprehensive approach to cloud security.Rich and Chris share their professional experiences and practical advice for anyone who finds themselves "airdropped" into an organization's cloud environment. They also discuss the development of the Universal Threat Actor Model and how it can help prioritize security efforts in a chaotic landscape of constant alerts and threats.
Guest Socials: Rich's Linkedin + Chris's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(02:26) A bit about Chris Farris
(03:10) A bit about Rich Mogull
(03:45) First Cloud Service they worked on!
(06:27) Where to start in an AWS environment?
(10:50) Cloud Security Threat Landscape
(15:25) Navigating through the CSPM findings
(18:14) Using the Universal Cloud Threat Model
(23:16) How is Cloud Ransomware different?
(25:44) Surprising attacks or compromises in Cloud
(29:43) Where are the CSPM Alerts going?
(36:30) Cloud Security Landscape in 2024
(45:37) The need for Cloud Security training in 2024
(46:58) Good starting point to learn Cloud Security
(52:13) The Fun Section
Resources spoken about during the episode:
The Universal Cloud Threat Model
AWS Customer Security Incidents by Rami McCarthy
Breaches.cloud
CloudSLAW
-
What's the best way to navigate least privilege complexities in a multi cloud environment? And how is the role of identity management evolving? We spoke to Jeff Moncrief from Sonrai Security on why identity is the new network in the cloud-driven world. We speak about the challenges of implementing least privilege in cloud environments, the misconceptions surrounding identity roles, and the critical importance of segmenting access across public clouds just as rigorously as we did on-premises.
Guest Socials: Jeff's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(01:59) A bit about Jeff
(03:01) How is identity different in the Cloud?
(05:40) Misconceptions about least priviledge in the cloud
(08:50) Cloud Native solutions for Permission Attack Surface Management
(15:36) Common themes when addressing privilege in Cloud
(17:22) Starting point when dealing with identities
(20:03) Frameworks when working through least privilege
(23:21) Showing ROI on doing least privilege
-
How is eBPF impacting Kubernetes Network Security? In this episode, recorded LIVE at Kubecon EU Paris 2024, Liz Rice, Chief Open Source Officer at Isovalent took us through the technical nuances of eBPF and its role in enabling dynamic, efficient network policies that go beyond traditional security measures. She also discusses Tetragon, the new subproject under Cilium, designed to enhance runtime security with deeper forensic capabilities. A great conversation for anyone involved in Kubernetes workload management, offering a peek into the future of cloud-native technologies and the evolving landscape of network security.
Guest Socials: Liz's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(01:46) A bit about Liz Rice
(02:11) What is eBPF and Cilium?
(03:24) SC Linux vs eBPF
(04:11) Business use case for Cilium
(06:37) Cilium vs Cloud Managed Services
(08:51) Why was there a need for Tetragon?
(11:20) Business use case for Tetragon
(11:32) Projects related to Multi-Cluster Deployment
(12:45) Where can you learn more about eBPF and Tetragon
(13:50) Hot Topics from Kubecon EU 2024
(15:07) The Fun Section
(15:35) How has Kubecon changed over the years?
Resources spoken about during the interview:
Cilium
Tetragon
eBPF
-
How can we leverage AI for more secure and efficient code and how will it impact devsecops? Ashish spoke to Michael Hanley, CSO and SVP of Engineering at GitHub, about the transformative impact of GitHub Copilot and AI on software development and security. Michael speaks about GitHub's internal use of Copilot for over three years and its role in enhancing developer satisfaction and productivity by removing mundane coding tasks. They speak about the broader implications for DevSecOps, the future of AI in coding, and strategic tips for integrating AI tools within organizations.
Guest Socials: Michael's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(02:19) A bit about Michael Hanley
(04:25) Making Security Easy for Developers
(07:17) What is GitHub Copilot?
(10:01) Whats the Future of AI for Security and Developers?
(13:36) Security Recommendations for using AI
(16:35) How is data stored in GitHub Copilot?
(17:40) How is AI impacting DevSecOps?
(21:50) The balance between Security and Innovation
(24:18) The evolution of education with AI
(27:30) Strategic Approach for CISOs implementing AI Pair Programmers
(30:08) Bridging the gap between Security and Engineering
(34:37) The Fun Questions
Resources spoken about during the episode:
https://resources.github.com/copilot-trust-center/
https://www.github.careers/careers-home -
In this episode from KubeCon Paris 2024, we spoke to Loris Degioanni, Co-Founder and CTO of Sysdig about Open Source Project, Falco that celebrated its graduation this year at KubeconEU, Loris shared with us this proud moment and journey from writing the 1st lines of code to its critical role in protecting Kubernetes environments, and the future roadmap post-graduation. We spoke about the gap between traditional security measures and the dynamic needs of modern infrastructures.
Guest Socials: Loris's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
00:00 Introduction
01:13 A bit about Loris
01:44 What does graduation mean for Falco?
02:58 What is Falco?
04:59 eBPF and Falco
06:01 Why eBPF is secure?
07:11 Runtime Security in Kubernetes
10:32 ROI for leaders for Runtime Security Tools
12:50 Preventative Security vs Runtime Security
14:08 Runtime Security in Modern Environments
16:42 Whats the Future for Falco?
18:31 The Fun Questions
-
What is it like to build a successful business based on risk? In this episode Ashish spoke to Fredrick Lee, CISO at Reddit. FLee shared his deep insights into the essential role of risk in driving business success and innovation. With a career that spans across notable tech giants like Square (now Block), Twilio, and Gusto, Lee brings a wealth of experience in both hardware and software security landscapes. Without embracing risk, businesses risk stagnation in a world where competitors are always ready to innovate. From discussing the cost-effective strategies in cybersecurity to exploring the formation and goals of Reddit's S.P.A.C.E team (Security, Privacy, Automation, Compliance, and Engineering), this episode gets into the challenges and opportunities presented by the modern tech environment
Guest Socials: Fredrick Lee's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(04:42) A bit about Fredrick Lee
(07:42) How cloud changed cybersecurity?
(11:37) Threat Landscape in Software vs Hardware
(15:12) Threat Landscape in B2B vs B2C
(17:27) Navigating the First Steps as a New Company's CISO
(20:26) The role of compliance in Cybersecurity
(24:12) The role of privacy in Cybersecurity
(26:11) The role of AI in cybersecurity
(30:36) A bit about AI Cybersecurity Podcast
(31:09) What it means to be a CISO?
(34:34) Building CISO Roadmaps: Balancing Short-Term and Long-Term Goals
(36:49) Where to start with CISO Roadmap?
(39:02) What keeps Fredrick motivated about his CISO role?
(40:36) Whats next for current CISOs?
(42:50) The Fun Questions
-
Lets talk about the Evolution of Email Security. We have been speaking about Email Security for years but why has it not been solved? We spoke to Abhishek Agrawal, Co-founder of Material Security about the fact that despite of decades of advancements, email security remains a critical concern, with sophisticated attacks continually bypassing traditional controls. We explored the fascinating landscape of productivity suites like Microsoft 365 and Google Workspace, underscoring their importance beyond just communication tools. What are the critical aspects of threat management, posture management, and the necessity of a focused approach towards securing this often-overlooked segment of our digital infrastructure management.
Guest Socials: Abhishek's Linkedin Abhishek's Twitter
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions
(00:00) Introduction
(03:57) A bit about Abhishek
(04:49) What is a Productivity Suite?
(05:48) Why Email Security is still a focus in 2024?
(11:43) Where to start with Productivity Suite Security?
(15:03) The role of Cloud Native Tools in Productivity Suite Security
(19:38) Where can security leaders start with Productivity Suite Security
(24:39) Where can people learn more about Productivity Suite Security
(26:44) Fun Questions
- Daha fazla göster
