Cloud Security Today – Details, episodes & analysis

In this episode, Michael Piacente shares insights on career transitions in IT and security, the evolving role of CISOs, and the impact of AI on security talent and practices. Discover how community, storytelling, and strategic hiring shape the future of cybersecurity leadership.

Resources

The 2026 Global CISO Leadership Report

Hitch Partners

NIST AI Framework

Send a text

In this episode, Nathanial Quist, also known as ‘Q’ returns along with Dr. Jay Chen, both of whom listeners might recognize from our inaugural episode where we discussed how common identity misconfigurations can undermine cloud security. Both Jay and Q are threat researchers with Palo Alto Networks Unit 42. Unit 42 is the global threat intelligence team at Palo Alto Networks and a recognized authority on cyberthreats, frequently sought out by enterprises and government agencies around the world.

In our conversation, they discuss what they found in their latest Cloud Threat Report examining the impact of the COVID-19 pandemic. We explore how the tremendous increase in remote work has affected cloud security and why Jay is more concerned over the number of mistakes that people are making, rather than the type of mistakes. Tuning in you’ll hear what organizations can do to curtail the recent rise in security incidents and some interesting observations that Q and Jay learned from their data, such as the fact that even malicious hackers need a holiday and don’t want to spend all their time in front of a computer cryptojacking :-) 

Key Points From This Episode:

• Cloud security incidents grew, on average, 188% pre vs. post COVID-19 discovery.
• Retail organizations saw the greatest increase in security incidents at 402%.
• The cloud is no longer for low-impact data: 69% of data is PII.

Tweetables:

“We saw a decrease in crypto mining operations during the holiday period between December 24th through January 3rd. It just kind of goes to show that even malicious crypto miners want to take a holiday.” — Nathanial Quist [0:25:26]

“Standardization can help you find the issue but automation can help you to prevent or mitigate [it].” — Jay Chen [0:32:02]

Links Mentioned in Today’s Episode:

Cloud Threat Report

Clip from Tommy Boy

Nathaniel Quist on LinkedIn

Jay Chen on LinkedIn

Cloud Security Today

Send a text

Nearly all companies that have started in the last few years have been cloud-native from the very start. Someone who has experienced this is today’s guest Nate Lee. Nate is the Chief Information Security Officer for Tradeshift, a cloud-based business networking platform for supply chain payments, marketplaces, and applications. In this episode, Nate joins us to talk about the company’s journey, its success, and what he has learned here over the past seven years. Nate explains how Tradeshift’s vision is to digitize and connect everything that happens between a buyer and a seller anywhere in the world, and how being cloud-native from the start has supported this mission. We discuss how you can leverage automation and DevSecOps to scale on some very difficult items like ISO 27000 among other certifications. You will also hear how security has been the key differentiator that led to Tradeshift’s success, how the strategic focus of Tradeshift’s security program has shifted over time and the key metrics that Tradeshift tracks to maintain its certifications and compliance efforts.

Tweetables
“[The vision] is connecting every company in the world. You can't do that with a bunch of islands running in individual data centers. It was an easy choice to be cloud-native back then, as well as a smart choice in general for any company starting these days.” — @JustAnotherNate [0:08:56]

"In security and software development these days, if you're not constantly learning, you're falling behind just as quickly.” — @JustAnotherNate [0:32:48]

Links Mentioned in Today’s Episode

• Nate's LinkedIn profile
• Tradeshift's website
• Nate's blog on Transforming Technical Debt from Burden to Tool
• The Unicorn Project

Send a text

Episode Summary

On this episode, InfoSec veteran, Aaron Turner, joins the show to talk about everything from Cloud to AI. Over the past three decades, Aaron has served as Security Strategist at Microsoft, Co-Founder and CEO of RFinity, Co-Founder and CEO of Terreo, VP of Security Products R&D at Verizon, Founder and CEO of Hotshot Technologies, Founder and CEO of Siriux, Faculty Member of IANS, Board Member at HighSide, President and Board Member of IntegriCell, and most recently as CISO at a large infrastructure player.

Today, Aaron talks about the critical decisions that led to his success, the findings in his IANS research, and the importance of physical vs logical separation in home networks. What are the things that are lacking in current AI services? Hear about the security applications of behavioral AI, Aaron’s approach as he gets back into industry, and what it takes for Aaron to remain sharp.

Timestamp Segments

·       [02:49] Getting started.

·       [10:53] Aaron’s keys to success.

·       [16:40] Aaron’s IANS research.

·       [20:42] Physical vs logical separation.

·       [24:19] Top mistakes that customers make.

·       [26:56] Real-world AI applications.

·       [32:13] Thinking about AI and risk.

·       [36:15] What’s missing in the current AI services?

·       [40:46] Getting back into the industry.

·       [45:22] How does Aaron stay sharp?

Notable Quotes

·       “Get deep in something.”

·       “Make sure you put yourself in situations where people expect you to be sharp.”

Relevant Links

LinkedIn:  Aaron Turner.

 
Resources:

www.iansresearch.com

Send a text

Purav Desai is a Microsoft 365 incident responder at a large financial institution (name withheld to protect the innocent). He shares his journey and expertise in the field. He explains how his early exposure to Microsoft security solutions and their constant innovation led him to specialize in 365 security and incident response. He discusses the importance of mentors and influential figures in his career, highlighting the lessons he learned from them. He then dives into his popular project, Deciphering UAL (Unified Audit Logs), which aims to make sense of the complex logs in Microsoft 365. 

Purav shares an incident response scenario involving a banking Trojan and how he used telemetry and logging to investigate and remediate the issue. He concludes by discussing effective threat detection methods in Microsoft 365, including threat hunting with KQL and leveraging Zero-Hour Auto-Purge (ZAP) to prevent the spread of attacks. 

In our conversation, we dive into:

• How specializing in Microsoft 365 security and incident response can be a wise choice due to the constant innovation and market demand for Microsoft solutions.
• How having mentors and influential figures in your career can provide valuable guidance and inspire you to push yourself and try new things.
• His personal project, Deciphering UAL (Unified Audit Logs), aims to make sense of the complex logs in Microsoft 365, providing insights for digital forensics and incident response.
• How proper licensing and logging configuration are crucial for effective incident response.
• How native tools like Purview Audit and eDiscovery provide valuable insights for forensic analysis.

Send a text

Nate Lee discusses his transition from a CISO role to fractional CISO work, emphasizing the importance of variety and exposure in his career. He delves into the rise of AI, particularly large language models (LLMs), and the associated security concerns, including prompt injection risks.

Nate highlights the critical role of orchestrators in managing AI interactions and the need for security practitioners to adapt to the evolving landscape. He shares insights from his 20 years in cybersecurity and offers recommendations for practitioners to engage with AI responsibly and effectively.

Takeaways

• Nate transitioned to fractional CISO work for variety and exposure.
• Prompt injection is a major vulnerability in LLM systems.
• Orchestrators are essential for managing AI interactions securely.
• Security practitioners must understand how LLMs work to mitigate risks.
• Nate emphasizes the importance of human oversight in AI systems.

Link to Nate's research with the Cloud Security Alliance.

Send a text

Episode Summary

On this episode, AWS Security Practice Manager, Chad Lorenc, joins Matt to talk about Cloud Security. Chad has spent over 20 years building and implementing security programs for numerous organizations, ranging from global Fortune 500 infrastructure teams to billion-dollar financial institutions. He has previously served as Senior Infrastructure Security Architect at Keysight Technologies, President of Montana Chapter, and Information Security and Risk Management Infrastructure Architect at Agilent Technologies.

Today, Chad talks about the roadmap to security maturity, security best practices, and benchmarking assessments. Why doesn’t AWS necessarily hire people with Cloud skills? Hear about The Five Pillars, when Cloud security goes wrong, CISO reporting Cloud security, and Chad’s formula for personal growth.

Timestamp Segments

·       [01:24] A bit about Chad.

·       [03:13] Chad’s role at AWS.

·       [04:03] Transitioning to AWS.

·       [08:30] AWS doesn’t hire for Cloud skills.

·       [10:41] Where to start.

·       [13:54] Assessment benchmarking.

·       [15:09] Getting to security maturity.

·       [19:17] The Five Pillars.

·       [24:21] Cloud security gone wrong.

·       [32:14] The Cloud Center of Excellence.

·       [35:15] Reporting Cloud security maturity.

·       [40:54] Chad’s formula for personal growth.

·       [44:50] Chad’s words of wisdom.

Notable Quotes

·       “There’s no algorithm for compressing security experience.”

·       “Figuring out how to integrate Cloud into your operational processes and technology is key.”

·       “The key to growing fast is to prioritize ruthlessly.”

Relevant Links

Website: aws.amazon.com

Resources:

awsfundamentals.com

Send a text

On this episode, the Founder of CISO Evolution LLC, Matthew Sharp, joins Matt to talk about his book, CISO Evolution. Prior to founding CISO Evolution LLC, Matt served as a strategic advisor to CISOs of Fortune 500 and global institutions. He holds a Bachelor of Science (BS) in Electrical and Computer Engineering from the University of Colorado and a Master of Business Administration (MBA) from Colorado State University. Matt is a co-author of "The CISO Evolution: Business Knowledge for Cybersecurity Executives."

Today, Matthew talks about his 2012 sabbatical, walking the Camino de Santiago, and the CISO Evolution book. Why does process matter more than analysis? Hear about value creation, business negotiations, and Matthew’s formula for personal growth.

Timestamp Segments

·       [02:06] A bit about Matthew.

·       [04:30] Matthew’s sabbatical & the Camino de Santiago.

·       [09:21] What prompted the book?

·       [12:23] Why does process matter more than analysis?

·       [19:08] Did Matthew’s MBA lead him down this path?

·       [24:22] Value creation.

·       [27:40] Standard metrics.

·       [31:23] Why is it important for a CISO to know terms?

·       [33:32] Negotiations and decision-making.

·       [37:19] What’s Matthew’s formula for personal growth?

·       [41:12] Matthew’s words of wisdom.

Notable Quotes

·       “If you want to be in the room where it happens, then you have to be equipped to participate in the conversation.”

·       “Ask the questions that go unasked.”

·       “Don’t be afraid to go and look like an idiot in front of another business stakeholder.”

Send a text

Despite the media coverage afforded to the SolarWinds and Kaseya breaches, Palo Alto Networks, Unit 42 threat research indicates supply chain security in the cloud continues its growth as an emerging threat. Much remains misunderstood about both the nature of these attacks and the most effective means of defending against them. To better understand how supply chain attacks occur in the cloud, Unit 42 researchers analyzed data from a variety of public data sources around the world and, at the request of a large SaaS provider, executed a red team exercise against their software development environment. As you'll hear in the podcast, overall, the findings indicate that many organizations may still be lulled into a false sense of supply chain security in the cloud. Case in point: Even with limited access to the customer’s development environment, it took a single Unit 42 researcher only three days to discover several critical software development flaws that could have exposed the customer to an attack similar to that of SolarWinds and Kaseya. 

In the podcast, Unit 42 researchers Nathaniel "Q" Quist and Dr. Jay Chen, draw on Unit 42’s analysis of past supply chain attacks. The Cloud Threat Report explains the full scope of supply chain attacks, discusses poorly understood details about how they occur, and recommends actionable best practices that organizations can adopt today to help protect their supply chains in the cloud. 

Send a text

What Serverless Can Do For You? With Mark Gould

Episode Summary

On this episode, Cloud Security Engineer at Manhattan Associates, Mark Gould, joins Matt to talk about serverless computing. Mark is a Cybersecurity specialist, with a focus on the Google Cloud Platform, and is a Certified Google Architect.

Today, Mark talks about serverless computing, the security risk to consider, and working with DevOps teams. What are the top three metrics to start with for automation and security? Hear about cloud automation, Mark’s NSG alerting system, and his greatest accomplishments in recent years.

Timestamp Segments

·       [01:22] About Mark.

·       [02:49] About Manhattan Associates.

·       [04:46] How does cloud fit in?

·       [06:16] Automation in the cloud.

·       [09:03] Modernization at Manhattan Associates.

·       [10:18] Serverless computing.

·       [14:39] Security risks with using serverless functions.

·       [17:58] Mark’s NSG alerting system.

·       [21:27] Three metrics for automation and security.

·       [23:33] What should security teams be doing differently when working with DevOps?

·       [25:43] What is Mark most proud of?

·       [27:45] How does Mark continue to learn?

·       [30:31] Is Manhattan Associates hiring?

Notable Quotes

·       “You definitely have to pick what kind of processes you want to automate and make sure that you’re willing to put in the work to maintain them.”

·       “Sometimes serverless isn’t always the cheapest option.”

·       “Leaders are learners.”

Relevant Links

Manhattan Associates:           https://www.manh.com

LinkedIn:         https://www.linkedin.com/in/mark-gould-15a7a3149