In this episode of the Cloud Security Podcast, we bring together an incredible panel of experts to explore the evolving landscape of cloud security in 2024. Hosted by Ashish Rajan, the discussion dives deep into the challenges and realities of today’s multi-cloud environments. With perspectives ranging from seasoned veterans to emerging voices this episode offers a broad spectrum of insights from cloud security practitioners who are living and breathing cloud security everyday. We are very grateful to our panelist who took part in 1st of its kind edition for the State of Cloud Security - Meg Ashby, Damien Burks, Chris Farris, Rich Mogull, Patrick Sanders, Ammar Alim and Abdie Mohamed.

The conversation covers essential topics such as the pitfalls of multi-cloud adoption, the persistent security issues that remain even as cloud technologies advance, and the importance of specializing in one cloud platform while maintaining surface-level knowledge of others. The panelists also share their thoughts on the future of cloud security, including the increasing relevance of Kubernetes and edge security.

Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp

Questions asked:

(00:00) Introduction

(02:22) How much has Cloud Security Changed?

(07:05) Is the expectation to be MultiCloud?

(19:07) What’s top of mind in Cloud Security in 2024?

(27:17) The current Cloud Service Provider Landscape

(39:26) Where to start in Cloud Security ?

(52:10) The Fun Section

Resources discussed during the episode:

fwd:cloudsec conference

Cloud Security Bootcamp

DevSecBlueprint YouTube Channel - Damien Burks

Rich Mogull’s Cloud Security Lab of the Week

What were the main themes at BlackHat USA 2024? With respect to Cloud Security, maybe with a sprinkle of AI Security. Our team was on the ground at BlackHat and DefCon32 this year, we heard many talks and panels, spoke to many practitioner, leaders and CISOs and had the pleasure of recording some great interviews (coming soon!). This conversation is a distillation of everything we heard and the themes we saw.

Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp

Questions asked:

(00:00) Introduction

(01:15) A word from our episode sponsor, ThreatLocker

(04:35) Resiliency in Cybersecurity

(07:00) Commentary on upcoming US elections

(09:42) Identity Centric Security

(15:55) Cloud Security is getting more Complex

(23:47) Growing importance of Data Security

(25:42) Use Cases for AI Security

(31:25) Shared Responsibility and Shared Fate

(33:21) Is CSPM Dead?

(37:32) The Conclusion

Resources from the episode:

BlackHat USA Keynote - Democracy's Biggest Year: The Fight for Secure Elections Around the World

Generative AI Misuse: A Taxonomy of Tactics and Insights from Real-World Data

RSAC 2024 Innovation Sandbox Finalist

BlackHat USA 2024 Startup Spotlight

How can AI impact Cloud Security Operations? Ashish sat down with Ely Kahn, VP of Cloud Security and AI at SentinelOne to talk about the evolving landscape of cloud security and the future of Security Operations Centers (SOC). Ely spoke about the shift from centralized to decentralized SOC operations, the increasing complexity in cloud security and its benefits.

Guest Socials:⁠ Ely's Linkedin

Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp

Questions asked:

(00:00) Introduction

(02:10) A bit about Ely

(02:47) Has Cloud Security become simpler or more complex?

(05:09) How has the threat landscape for cloud evolved?

(08:00) Who is managing all the alerts?

(09:53) What will happen to SOAR?

(11:03) How AI will impact Cloud Security in 2024?

(18:36) Is there a skillset change coming?

(20:06) The Fun Section

In this episode of the Virtual Coffee with Ashish edition, we spoke with Jeevan Singh (Jeevan's Linkedin) about Threat Modelling STRIDE Threat Modelling can be used for self service Application running in Cloud and allowing Security Teams to go on holiday without worrying about Digital Supply Chain.

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Twitter: Jeevan Singh (Jeevan's Linkedin)

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

Spotify TimeStamp for Interview Questions

(00:00) Ashish's Intro to the Episode

(02:15) https://snyk.io/csp

(02:40) Jeevan's Professional Background

(04:23) What is threat modelling

(05:35) Flicking the Threat Modelling switch

(06:47) Common AppSec Mistake

(09:58) What is Threat Modelling Important?

(11:46) Tainted Flow Analysis and Threat Modelling

(13:00) Where does this fit in CI/CD?

(14:25) Security Teams going on vacation made possible

(15:34) Impact of teaching developers how to run Threat Model

(16:33) First time running Observe Phase of Threat Modelling with Developers

(17:13) Developers are better at Threat Model than Security

(19:09) Level of programming expertise for Threat Modelling

(21:32) Fixing Threats vs Finding relevant controls for the threat

(22:00) Bad example of role of Threat Modelling in Business

(23:41) Should Threat Model be done in Dev?

(24:54) Example of Threat Model for an App hosted in Cloud?

(27:27) Threat Model Skeleton for Cloud Native Apps

(30:12) Does complexity increase with multi-cloud/hybrid environments?

(32:27) What’s involved in rolling a Threat model program in an organisation?

(36:26) Who is the minimum representation in Threat modelling session?

(38:30) Advice for folks who are starting threat modelling today in their organization

(41:59) Cultural Change required for Threat Modelling

(43:19) Example of getting Management agreement

(44:58) Jeevan's 4 Stage of Threat model talk - https://www.youtube.com/watch?v=DtvjJL8xcPY

(45:28) Time-boxing Threat Model Sessions

(48:21) Maintaining Quality of Risk identified during threat modeling

(50:21) Keeping developers updated on latest security vulnerabilities

(54:07) Jeevan’s Favourite Threat Model Type

(55:09) Where can people learn threat modelling?

(56:12) Fun Section

In this episode of the Virtual Coffee with Ashish edition, we spoke with Karthik Ramamoorthy (Karthik's Linkedin) about Container security with NIST Framework for financial services organizations.

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Twitter: Karthik Ramamoorthy (Karthik's Linkedin)

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

Special Episode by Shilpi and Ashish sharing their recap, highlights, big takeaways, meh moments and in person experience from AWS ReInforce 2022.

Twitter Space with Cloud Security Community about the AWS Re:Inforce 2022 Recap & Highlights

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

In this episode of the Virtual Coffee with Ashish edition, we spoke with Cassandra Young (@muteki_rtw)

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Twitter: Cassandra Young (@muteki_rtw)

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

Special Episode by Shilpi and Ashish announcing the 1 year partnership with Snyk and what does this mean for the podcast community - you and also for Ashish and Shilpi. The new Architecture series we are announcing in the coming weeks and a lot more. We hope you continue to enjoy the vendor neutral content from Cloud Security Practitioners we bring to you. 

Here is an Interview with Guy Podjarny (Founder of Snyk) that we did as part of the announcement!

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest : Snyk

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

In this episode of the Virtual Coffee with Ashish edition, we spoke with Kyler Middleton (Kyler's Linkedin)

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Twitter: Kyler Middleton (Kyler's Linkedin)

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

Zero Trust is top of mind but is it achievable? In this "What to LookOut for in 2022" series - we interviewed experts at RSA and BSidesSF about what Zero Trust is important today and the paradoxes in achieving it.

Watch the video for this episode on You Tube - ZERO TRUST AND THE TRIPLE PARADOX

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guests Linkedin: Thank you to Anudeep Parhar, Daniel Tranner, Dylan Owen & Bill Malik for participating in this episode.

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

In this episode of the Virtual Coffee with Ashish edition, we spoke with Kinnaird McQuade (Kinnaird's Twitter)

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Twitter: Kinnaird McQuade (Kinnaird's Twitter)

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

The Digital Supply Chain is broken and getting challenging to fix. In this "What to LookOut for in 2022" series - we interviewed experts at RSA and BSidesSF on the Broken Digital Supply Chain and ways in which we can fix it.

Watch the video for this episode on You Tube - Fix the Broken Digital Supply Chain

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter + Linkedin: Ashish Rajan (@hashishrajan) + Shilpi Bhattacharjee (@shilpibhattacharjee)

Guests Linkedin: Thank you to Mikko Hypponen, Shamla Naidoo, Clint Gibler, Ryan F, Mike Ruth, Paul Calatayud, Shay Levi, Dylan Ayrey, Aaron Brown, Mackenzie Jackson & Dan Gordon for participating in this episode.

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

The Digital Supply Chain is broken and getting challenging to fix. In this "What to LookOut for in 2022" series - we interviewed experts at RSA and BSidesSF on the Broken Digital Supply Chain and why it has become a challenge. 

Watch the video for this episode on You Tube - 3 THINGS THAT BROKE THE DIGITAL SUPPLY CHAIN

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guests Linkedin: Thank you to Keatron Evans, Clint Gibler, Ryan F, Mike Ruth, Paul Calatayud, Shay Levi, Dylan Ayrey, Aaron Brown & Dan Gordon for participating in this episode.

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

Is having a CSPM enough for Cloud Security? At RSA Conference 2024, Ashish sat down with returning guest Jimmy Mesta, Co-Founder and CTO of RAD Security, to talk about the complexities of Kubernetes security and why sometimes traditional Cloud Security Posture Management (CSPM) falls short in a Kubernetes-centric world.

We speak about the significance of behavioural baselining, the limitations of signature-based detection, the role of tools like eBPF in enhancing real-time security measures and the importance of proactive security measures and the need for a paradigm shift from reactive alert-based systems to a more silent and efficient operational model.

Guest Socials:⁠ Jimmy's Linkedin

Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp

Questions asked:

(00:00) Introduction

(03:12) A bit about Jimmy Mesta

(03:48) What is Cloud Native Security?

(05:15) How is Cloud Native different to traditional approach?

(07:37) What is eBPF?

(09:12) Why should we care about eBPF?

(11:51) Separating the signal from the noise

(13:48) Challenges on moving to Cloud Native

(15:58) Proactive Security in 2024

(17:02) Whose monitoring Cloud Native alerts?

(23:10) Getting visibility into the complexities of Kubernetes

(24:24) Skillsets and Resources for Kubernetes Security

(27:54) The Fun Section

Resources spoke about the during the interview:

OWASP Kubernetes Top Ten

In this episode of the Virtual Coffee with Ashish edition, we spoke with Heather Ceylan (@heatherceylon) & Ariel Chavan (@ariel-c-ab445a50) from Zoom.

Watch the video for this episode on You Tube - Digital Transformation in 2022

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guests Linkedin: Heather Ceylan (@heatherceylon) & Ariel Chavan (@ariel-c-ab445a50) 

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

In this episode of the Virtual Coffee with Ashish edition, we spoke with Sean Catlett (Sean's Linkedin)

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Twitter: Sean Catlett (Sean's Linkedin)

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

In this episode of the Virtual Coffee with Ashish edition, we spoke with Akash Ganapathi (Akash's Linkedin)

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Twitter: Akash Ganapathi (Akash's Linkedin)

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

In this episode of the Virtual Coffee with Ashish edition, we spoke with Tanya Janca (Tanya's Twitter)

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Twitter: Tanya Janca (@shehackspurple)

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

In this episode of the Virtual Coffee with Ashish edition, we spoke with Steve Orrin (Steve's Linkedin)

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Twitter: Steve Orrin (Steve's Linkedin)

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

In this episode of the Virtual Coffee with Ashish edition, we spoke with Sai Gunaranjan (Sai's Linkedin)

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Twitter: Sai Gunaranjan (Sai's Linkedin)

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

In this episode of the Virtual Coffee with Ashish edition, we spoke with Andrew Brown, ExamPro

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Twitter: Andrew Brown (@andrewbrown)

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

In this episode of the Virtual Coffee with Ashish edition, we spoke with Yoav Alon, CTO, Orca Security

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Twitter: Yoav Alon (@yoavalon)

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

In this episode of the Virtual Coffee with Ashish edition, we spoke with Jimmy Mesta, Co-Founder, KSOC

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Linkedin: Jimmy Mesta

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

In this episode of the Virtual Coffee with Ashish edition, we spoke with Paul Schwarzenberger, Cloud Security Engineer, Celidor

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Linkedin: Paul Schwarzenberger (@paulschwarzen)

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

What are the practical steps for orienting yourself in a new cloud environment? Ashish sat down with Rich Mogull and Chris Farris to explore the intricacies of effective cloud security strategies. Drawing on their extensive experience, Rich and Chris speak about critical importance of moving beyond just addressing vulnerabilities and embracing a more comprehensive approach to cloud security.Rich and Chris share their professional experiences and practical advice for anyone who finds themselves "airdropped" into an organization's cloud environment. They also discuss the development of the Universal Threat Actor Model and how it can help prioritize security efforts in a chaotic landscape of constant alerts and threats.

Guest Socials: Rich's Linkedin + Chris's Linkedin

Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp

Questions asked:

(00:00) Introduction

(02:26) A bit about Chris Farris

(03:10) A bit about Rich Mogull

(03:45) First Cloud Service they worked on!

(06:27) Where to start in an AWS environment?

(10:50) Cloud Security Threat Landscape

(15:25) Navigating through the CSPM findings

(18:14) Using the Universal Cloud Threat Model

(23:16) How is Cloud Ransomware different?

(25:44) Surprising attacks or compromises in Cloud

(29:43) Where are the CSPM Alerts going?

(36:30) Cloud Security Landscape in 2024

(45:37) The need for Cloud Security training in 2024

(46:58) Good starting point to learn Cloud Security

(52:13) The Fun Section

Resources spoken about during the episode:

The Universal Cloud Threat Model

AWS Customer Security Incidents by Rami McCarthy

Breaches.cloud

CloudSLAW

In this episode of the Virtual Coffee with Ashish edition, we spoke with Or Azarzar from LightSpin

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Twitter: Or Azarzar

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

In this episode of the Virtual Coffee with Ashish edition, we spoke with Ian Lewis from Google Cloud

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Twitter: Ian Lewis

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

In this episode of the Virtual Coffee with Ashish edition, we spoke with Sakshyam Shah from Teleport

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Twitter: Sakshyam Shah

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

In this episode of the Virtual Coffee with Ashish edition, we spoke with Pushkar Joglekar, Sr. Security Engineer, VMWare Tanzu

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Twitter:  Pushkar Joglekar @PuDiJoglekar

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

In this episode of the Virtual Coffee with Ashish edition, we spoke with William Morgan, ex Twitter, CEO Buoyant 

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Twitter:  William Morgan, ex Twitter, CEO Buoyant 

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

In this episode of the Virtual Coffee with Ashish edition, we spoke with Jasmine Henry & George Tang from JupiterOne

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Linkedin:  Jasmine Henry & George Tang

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

n this episode of the Virtual Coffee with Ashish edition, we spoke with Eliav Livneh , Lead Security Researcher at Hunters

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Linkedin:  Eliav Livneh (@eliav-livneh)

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

In this episode of the Virtual Coffee with Ashish edition, we spoke with Barak Schoster Goihman, Senior Director, Chief Architect at Palo Alto Networks (BridgeCrew)

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Linkedin:  Barak Schoster (@barakschoster)

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

In this episode of the Virtual Coffee with Ashish edition, we spoke with Mike Chambers @mikechambers, AWS Hero AI/ML 

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Linkedin:  Mike Chambers @mikechambers

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

In this episode of the Virtual Coffee with Ashish edition, we spoke with Sunil Potti @sunilpotti VP/GM, Google Cloud

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Linkedin:  Sunil Potti @sunilpotti 

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

What's the best way to navigate least privilege complexities in a multi cloud environment? And how is the role of identity management evolving? We spoke to Jeff Moncrief from Sonrai Security on why identity is the new network in the cloud-driven world. We speak about the challenges of implementing least privilege in cloud environments, the misconceptions surrounding identity roles, and the critical importance of segmenting access across public clouds just as rigorously as we did on-premises.

Guest Socials: Jeff's Linkedin

Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp

Questions asked:

(00:00) Introduction

(01:59) A bit about Jeff

(03:01) How is identity different in the Cloud?

(05:40) Misconceptions about least priviledge in the cloud

(08:50) Cloud Native solutions for Permission Attack Surface Management

(15:36) Common themes when addressing privilege in Cloud

(17:22) Starting point when dealing with identities

(20:03) Frameworks when working through least privilege

(23:21) Showing ROI on doing least privilege

In this episode of the Virtual Coffee with Ashish edition, we spoke with Jonathan Brodie Senior Cloud Security Engineer, ITV

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Twitter:  Jonathan Brodie 

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

In this episode of the Virtual Coffee with Ashish edition, we spoke with Antoni Tzavelas (@antoniscloud) Google Cloud Certification Trainer, Antoni Training

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Twitter: Antoni Tzavelas (@antoniscloud) 

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

In this episode of the Virtual Coffee with Ashish edition, we spoke with Brad Richardson (@Richarjb) Red Team and Vulnerability Management

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Twitter: Brad Richardson (@Richarjb)

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News 

- Cloud Security Academy

In this episode of the Virtual Coffee with Ashish edition, we spoke with Jason Dyke (@jasonadyke) a Staff Security Engineer at Blocks (@Blocks).

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Twitter: Jason Dyke (@jasonadyke) 

Podcast Twitter - Cloud Security Podcast (@CloudSecPod)

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our YouTube Channel:

- Cloud Security News 

- Cloud Security Academy

In this episode of the Virtual Coffee with Ashish edition, we spoke with Gal Helemski (@Linkedin-Gal Helemski) CoFounder, CTO & CPO at PlainID (@plainID_authZ).

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Twitter: Gal Helemski (@Linkedin-Gal Helemski)

Podcast Twitter - Cloud Security Podcast (@CloudSecPod)

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our YouTube Channel:

- Cloud Security News 

- Cloud Security Academy

Cloud Security News this week 26 Jan 2022

• Early December on Cloud Security News, we shared that Symphony Technology Group had acquired McAfee for 4 Billion along with FireEye for 1.2 Billion. The merger of these two companies has now form Trellix, which aims to be a leader in extended detection and response (XDR). In their blog post Trellix shared that  “Customers can expect Trellix’s living security platform to deliver bold innovation across the XDR market.”  - “with automation, machine learning, extensible architecture, and threat intelligence.”  You can find out more about Trellix and read their blog post here and let us know if you are excited about this merger?
• Orca Security is back in the news this week, not for their funding round or their vulnerability findings in AWS. They have made their 1st acquisition: RapidSec, an Israeli cybersecurity startup that protects web applications from client-side attacks. RapidSec’s software allows for detection of  web-application misconfigurations and deviations from best practices. Orca has indicated that it  plans to integrate these web services and API security technologies into its agentless cloud security platform. You can read more about this acquisition here.
• Cloud Security Firm Polar Security that has emerged from Stealth With $8.5 Million Seed Funding. They are a Tel Aviv, Israel-based cloud security company that aims to provide visibility into companies’ cloud data storage to allow security teams to secure the data and avoid compliance problems. You can find out more about them here
• Hunters.ai announced that  it has raised a $68 million Series C round bringing their total funding to date to $118 million. Hunters share in their blog that  “Never before has it been more lucrative to be a cyber criminal” and “On the defenders’ side, we see organizations struggling to keep pace. As technology advances and more tools are being used, the attack surface grows and the number of security products used by these organizations increases.” This is where Hunter.ai believes they can help with their Extended Detection and Response (XDR) platform used by Security Operations Center (SOC) teams to detect, investigate and stop threats. You can find out more about them here

Podcast Twitter - Cloud Security Podcast (@CloudSecPod)

Instagram - Cloud Security News 

If you want to watch videos of this LIVE STREAMED episode and past episodes, check out:

- Cloud Security Podcast:

- Cloud Security Academy:

In this episode of the Virtual Coffee with Ashish edition, we spoke with Ian Mckay (@iann0036), a AWS Community Hero, AWS APN Ambassador who has a lot of popular open sources projects in the AWS security space.

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Twitter: Ian Mckay (@iann0036)

Podcast Twitter - Cloud Security Podcast (@CloudSecPod)

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our YouTube Channel:

- Cloud Security News 

- Cloud Security Academy

Cloud Security News this week 19 Jan 2022

• Cisco Talos Researchers have shared in a blog last week that  a trio of remote access Trojans (RATs)—Nanocore, Netwire and AsyncRAT—are being spread in a campaign that taps public cloud infrastructure and is primarily aimed at victims in the U.S., Italy and Singapore. According to the blog “Threat actors are increasingly using cloud technologies to achieve their objectives without having to resort to hosting their own infrastructure,” and “cloud services like Azure and AWS allow attackers to set up their infrastructure and connect to the internet with minimal time or monetary commitments. It also makes it more difficult for defenders to track down the attackers’ operations.”  Read more about this here.
• Netskope also released a blog last week about Malwares. Interestingly their research which surveyed millions of users worldwide from January 1, 2020 to November 30, 2021 found that Cloud-delivered malware is now more prevalent than web-delivered malware, accounting for 66%, up from 46% last year. They also found that Google Drive is the top app for most malware downloads and Cloud-delivered malware via Microsoft Office nearly doubled from 2020 to 2021. Read the report here
• Vulnerability in AWS’s cloudformation service that was discovered and shared by Orca Security. Orca Security confirmed that  AWS completely mitigated within 6 days of their submission.If you want to know more about their discovery, you can read it here
• The US government is reportedly reviewing the cloud computing arm of Chinese ecommerce giant Alibaba to determine whether or not it poses a risk to national security.” As reported by Reuters, the Biden administration launched the probe to find out more about how Alibaba Cloud stores the data of US clients including personal information and intellectual property and to see if the Chinese government could gain access to it. You can read Reuters report here
• Sysdig’s platform who were recently valued at 2.5 Billion have expanded their cloud security offering to Azure Cloud aswell. . You can find out more about them here 

Podcast Twitter - Cloud Security Podcast (@CloudSecPod)

Instagram - Cloud Security News 

If you want to watch videos of this LIVE STREAMED episode and past episodes, check out:

- Cloud Security Podcast:

- Cloud Security Academy:

In this episode of the Virtual Coffee with Ashish edition, we spoke with Dylan Ayrey (@insecurenature) is a Professional Hacker and Co-Founder of Truffle Security (@trufflesec)

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Twitter: Dylan Ayrey (@insecurenature)

Podcast Twitter - Cloud Security Podcast (@CloudSecPod)

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our YouTube Channel:

- Cloud Security News 

- Cloud Security Academy

In this episode of the Virtual Coffee with Ashish edition, we spoke with Stu Hirst (Linkedin-Stu Hirst) is the Chief Information Security Officer (CISO) of Trustpilot (@Trustpilot).

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Twitter: Stu Hirst (Linkedin-Stu Hirst)

Podcast Twitter - Cloud Security Podcast (@CloudSecPod)

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our YouTube Channel:

- Cloud Security News 

- Cloud Security Academy

How is eBPF impacting Kubernetes Network Security? In this episode, recorded LIVE at Kubecon EU Paris 2024, Liz Rice, Chief Open Source Officer at Isovalent took us through the technical nuances of eBPF and its role in enabling dynamic, efficient network policies that go beyond traditional security measures. She also discusses Tetragon, the new subproject under Cilium, designed to enhance runtime security with deeper forensic capabilities. A great conversation for anyone involved in Kubernetes workload management, offering a peek into the future of cloud-native technologies and the evolving landscape of network security.

Guest Socials: ⁠Liz's Linkedin⁠

Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp

Questions asked:

(00:00) Introduction

(01:46) A bit about Liz Rice

(02:11) What is eBPF and Cilium?

(03:24) SC Linux vs eBPF

(04:11) Business use case for Cilium

(06:37) Cilium vs Cloud Managed Services

(08:51) Why was there a need for Tetragon?

(11:20) Business use case for Tetragon

(11:32) Projects related to Multi-Cluster Deployment

(12:45) Where can you learn more about eBPF and Tetragon

(13:50) Hot Topics from Kubecon EU 2024

(15:07) The Fun Section

(15:35) How has Kubecon changed over the years?

Resources spoken about during the interview:

Cilium

Tetragon

eBPF

Cloud Security News this week 12 Jan 2022

• UK’s financial regulators - The Prudential Regulation Authority is looking to increase it’s monitoring of Cloud providers like AWS, Azure and Google Cloud. According to Financial times, they are looking to gain more access to data from these cloud providers because the impact outages and cyberattacks have on British Banks. They are looking at implementing more robust outages and disaster recovery tests given the increasing reliance UK banks have on a handful of cloud providers. A lot of major British banks have partnerships with cloud providers “AWS has announced deals with Barclays and HSBC, while Lloyd Banking Group holds partnerships with Google Cloud and Microsoft Azure.”. There is an increasing concerns about the impacts on the banks should these cloud providers experience outages. You can view the financial times article here
• Speaking of regulators and how they are dealing with cloud providers, a few weeks ago in December Chinese regulators have “suspended an information-sharing partnership with Alibaba Cloud Computing” over concerns that it failed to promptly report and address a cybersecurity vulnerability. According to 21st Century Business Herald, citing a recent notice by the Ministry of Industry and Information Technology “Alibaba Cloud did not immediately report vulnerabilities in the popular, open-source logging framework Apache Log4j2 to China's telecommunications regulator”.This comes after, according to Reuters “The Chinese government has asked state-owned companies to migrate their data from private operators such as Alibaba and Tencent to a state-backed cloud system by next year.” From what we understand, there is no statement from Alibaba Cloud on this yet. You can read more about this here.
• Gartner's Report can be found here.
• Redhat's Report can be found here.

Podcast Twitter - Cloud Security Podcast (@CloudSecPod)

Instagram - Cloud Security News 

If you want to watch videos of this LIVE STREAMED episode and past episodes, check out:

- Cloud Security Podcast:

- Cloud Security Academy:

In this episode of the Virtual Coffee with Ashish edition, we spoke with Fred Wilmot (@fewdisc) is an ex-Veteran and Chief Information Security Officer (CISO) of JumpCloud (@JumpCloud).

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Twitter: Fred Wilmot (@fewdisc)

Podcast Twitter - Cloud Security Podcast (@CloudSecPod)

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our YouTube Channel:

- Cloud Security News 

- Cloud Security Academy

Cloud Security News this week 5 Jan 2022

•  Google has acquired security orchestration, automation and response (SOAR) provider, Siemplify. Neither company has disclosed any amounts however sources including Reuters report Google paid $500 million for Siemplify. Google has shared that Siemplify “will join Google Cloud’s security team to help companies better manage their threat response”. They shared in their announcement that “Providing a proven SOAR capability unified with Chronicle’s innovative approach to security analytics is an important step forward in their vision”. You can find more about this here
• Microsoft in their updated Blog this week on this issue have noted “Exploitation attempts and testing have remained high during the last weeks of December”.  They also stated that they had “observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks”. Microsoft mentions that “customers should assume broad availability of exploit code and scanning capabilities to be a real and present danger to their environments. And “this is expected to have a long tail for remediation, requiring ongoing, sustainable vigilance” . Microsoft have reported that the bulk of attacks have been related to mass scanning by attackers attempting to thumbprint vulnerable systems, as well as scanning by security companies and researchers. You can read their updated blog here.
• Back in 2019 you probably heard about Autom Attack which targeted misconfigured docker APIs to gain network entry to  set up a backdoor on the compromised host to do cryptomining.  This cryptomining campaign has evolved in the last 3 years to improve on their defense evasion tactics to fly under the radar and avoid detection. You can see the blog and their findings here.
• SEGA Europe have disclosed that they were storing sensitive data in an unsecured Amazon Web Services (AWS) S3 bucket. This was discovered during a cloud-security audit. Security Researcher Aaron Phillips with VPN Overview worked with SEGA Europe to secure the exposed data. You can view the full report here
• Positive Security researchers have stumbled upon four vulnerabilities in Microsoft Teams. You can read more about the findings here and threatpost report here

Podcast Twitter - Cloud Security Podcast (@CloudSecPod)

Instagram - Cloud Security News 

If you want to watch videos of this LIVE STREAMED episode and past episodes, check out:

- Cloud Security Podcast:

- Cloud Security Academy: