Explore every episode of the podcast Cloud Security Today
| Title | Pub. Date | Duration | |
|---|---|---|---|
| The future of CISO | 11 Apr 2026 | 00:44:01 | |
In this episode, Michael Piacente shares insights on career transitions in IT and security, the evolving role of CISOs, and the impact of AI on security talent and practices. Discover how community, storytelling, and strategic hiring shape the future of cybersecurity leadership. Resources | |||
| How COVID-19 Impacted Cloud Security | 14 Jun 2021 | 00:34:39 | |
In this episode, Nathanial Quist, also known as ‘Q’ returns along with Dr. Jay Chen, both of whom listeners might recognize from our inaugural episode where we discussed how common identity misconfigurations can undermine cloud security. Both Jay and Q are threat researchers with Palo Alto Networks Unit 42. Unit 42 is the global threat intelligence team at Palo Alto Networks and a recognized authority on cyberthreats, frequently sought out by enterprises and government agencies around the world. In our conversation, they discuss what they found in their latest Cloud Threat Report examining the impact of the COVID-19 pandemic. We explore how the tremendous increase in remote work has affected cloud security and why Jay is more concerned over the number of mistakes that people are making, rather than the type of mistakes. Tuning in you’ll hear what organizations can do to curtail the recent rise in security incidents and some interesting observations that Q and Jay learned from their data, such as the fact that even malicious hackers need a holiday and don’t want to spend all their time in front of a computer cryptojacking :-) Key Points From This Episode:
Tweetables: “We saw a decrease in crypto mining operations during the holiday period between December 24th through January 3rd. It just kind of goes to show that even malicious crypto miners want to take a holiday.” — Nathanial Quist [0:25:26] “Standardization can help you find the issue but automation can help you to prevent or mitigate [it].” — Jay Chen [0:32:02] Links Mentioned in Today’s Episode: The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| Compliant Unicorns | 21 Mar 2022 | 00:37:13 | |
Nearly all companies that have started in the last few years have been cloud-native from the very start. Someone who has experienced this is today’s guest Nate Lee. Nate is the Chief Information Security Officer for Tradeshift, a cloud-based business networking platform for supply chain payments, marketplaces, and applications. In this episode, Nate joins us to talk about the company’s journey, its success, and what he has learned here over the past seven years. Nate explains how Tradeshift’s vision is to digitize and connect everything that happens between a buyer and a seller anywhere in the world, and how being cloud-native from the start has supported this mission. We discuss how you can leverage automation and DevSecOps to scale on some very difficult items like ISO 27000 among other certifications. You will also hear how security has been the key differentiator that led to Tradeshift’s success, how the strategic focus of Tradeshift’s security program has shifted over time and the key metrics that Tradeshift tracks to maintain its certifications and compliance efforts.
Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| 30 years in cybersecurity | 20 Dec 2023 | 00:52:15 | |
Episode Summary On this episode, InfoSec veteran, Aaron Turner, joins the show to talk about everything from Cloud to AI. Over the past three decades, Aaron has served as Security Strategist at Microsoft, Co-Founder and CEO of RFinity, Co-Founder and CEO of Terreo, VP of Security Products R&D at Verizon, Founder and CEO of Hotshot Technologies, Founder and CEO of Siriux, Faculty Member of IANS, Board Member at HighSide, President and Board Member of IntegriCell, and most recently as CISO at a large infrastructure player. Today, Aaron talks about the critical decisions that led to his success, the findings in his IANS research, and the importance of physical vs logical separation in home networks. What are the things that are lacking in current AI services? Hear about the security applications of behavioral AI, Aaron’s approach as he gets back into industry, and what it takes for Aaron to remain sharp.
Timestamp Segments · [02:49] Getting started. · [10:53] Aaron’s keys to success. · [16:40] Aaron’s IANS research. · [20:42] Physical vs logical separation. · [24:19] Top mistakes that customers make. · [26:56] Real-world AI applications. · [32:13] Thinking about AI and risk. · [36:15] What’s missing in the current AI services? · [40:46] Getting back into the industry. · [45:22] How does Aaron stay sharp?
Notable Quotes · “Get deep in something.” · “Make sure you put yourself in situations where people expect you to be sharp.”
Relevant Links LinkedIn: Aaron Turner. Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| Microsoft 365 incident response | 20 Aug 2024 | 00:54:56 | |
Purav Desai is a Microsoft 365 incident responder at a large financial institution (name withheld to protect the innocent). He shares his journey and expertise in the field. He explains how his early exposure to Microsoft security solutions and their constant innovation led him to specialize in 365 security and incident response. He discusses the importance of mentors and influential figures in his career, highlighting the lessons he learned from them. He then dives into his popular project, Deciphering UAL (Unified Audit Logs), which aims to make sense of the complex logs in Microsoft 365. In our conversation, we dive into:
Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| LLMs: risks, rewards, and realities | 20 Nov 2024 | 00:47:26 | |
Nate Lee discusses his transition from a CISO role to fractional CISO work, emphasizing the importance of variety and exposure in his career. He delves into the rise of AI, particularly large language models (LLMs), and the associated security concerns, including prompt injection risks.
Link to Nate's research with the Cloud Security Alliance. Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| Accelerating security maturity | 21 May 2023 | 00:47:00 | |
Episode Summary On this episode, AWS Security Practice Manager, Chad Lorenc, joins Matt to talk about Cloud Security. Chad has spent over 20 years building and implementing security programs for numerous organizations, ranging from global Fortune 500 infrastructure teams to billion-dollar financial institutions. He has previously served as Senior Infrastructure Security Architect at Keysight Technologies, President of Montana Chapter, and Information Security and Risk Management Infrastructure Architect at Agilent Technologies. Today, Chad talks about the roadmap to security maturity, security best practices, and benchmarking assessments. Why doesn’t AWS necessarily hire people with Cloud skills? Hear about The Five Pillars, when Cloud security goes wrong, CISO reporting Cloud security, and Chad’s formula for personal growth.
Timestamp Segments · [01:24] A bit about Chad. · [03:13] Chad’s role at AWS. · [04:03] Transitioning to AWS. · [08:30] AWS doesn’t hire for Cloud skills. · [10:41] Where to start. · [13:54] Assessment benchmarking. · [15:09] Getting to security maturity. · [19:17] The Five Pillars. · [24:21] Cloud security gone wrong. · [32:14] The Cloud Center of Excellence. · [35:15] Reporting Cloud security maturity. · [40:54] Chad’s formula for personal growth. · [44:50] Chad’s words of wisdom.
Notable Quotes · “There’s no algorithm for compressing security experience.” · “Figuring out how to integrate Cloud into your operational processes and technology is key.” · “The key to growing fast is to prioritize ruthlessly.”
Relevant Links Website: aws.amazon.com
Resources: The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| Book review: CISO Evolution | 21 Mar 2023 | 00:43:12 | |
On this episode, the Founder of CISO Evolution LLC, Matthew Sharp, joins Matt to talk about his book, CISO Evolution. Prior to founding CISO Evolution LLC, Matt served as a strategic advisor to CISOs of Fortune 500 and global institutions. He holds a Bachelor of Science (BS) in Electrical and Computer Engineering from the University of Colorado and a Master of Business Administration (MBA) from Colorado State University. Matt is a co-author of "The CISO Evolution: Business Knowledge for Cybersecurity Executives." Today, Matthew talks about his 2012 sabbatical, walking the Camino de Santiago, and the CISO Evolution book. Why does process matter more than analysis? Hear about value creation, business negotiations, and Matthew’s formula for personal growth. Timestamp Segments · [02:06] A bit about Matthew. · [04:30] Matthew’s sabbatical & the Camino de Santiago. · [09:21] What prompted the book? · [12:23] Why does process matter more than analysis? · [19:08] Did Matthew’s MBA lead him down this path? · [24:22] Value creation. · [27:40] Standard metrics. · [31:23] Why is it important for a CISO to know terms? · [33:32] Negotiations and decision-making. · [37:19] What’s Matthew’s formula for personal growth? · [41:12] Matthew’s words of wisdom.
Notable Quotes · “If you want to be in the room where it happens, then you have to be equipped to participate in the conversation.” · “Ask the questions that go unasked.” · “Don’t be afraid to go and look like an idiot in front of another business stakeholder.” The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| Supply Chain Security | 15 Dec 2021 | 00:31:54 | |
Despite the media coverage afforded to the SolarWinds and Kaseya breaches, Palo Alto Networks, Unit 42 threat research indicates supply chain security in the cloud continues its growth as an emerging threat. Much remains misunderstood about both the nature of these attacks and the most effective means of defending against them. To better understand how supply chain attacks occur in the cloud, Unit 42 researchers analyzed data from a variety of public data sources around the world and, at the request of a large SaaS provider, executed a red team exercise against their software development environment. As you'll hear in the podcast, overall, the findings indicate that many organizations may still be lulled into a false sense of supply chain security in the cloud. Case in point: Even with limited access to the customer’s development environment, it took a single Unit 42 researcher only three days to discover several critical software development flaws that could have exposed the customer to an attack similar to that of SolarWinds and Kaseya. In the podcast, Unit 42 researchers Nathaniel "Q" Quist and Dr. Jay Chen, draw on Unit 42’s analysis of past supply chain attacks. The Cloud Threat Report explains the full scope of supply chain attacks, discusses poorly understood details about how they occur, and recommends actionable best practices that organizations can adopt today to help protect their supply chains in the cloud. The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| What Serverless Can Do For You | 21 Oct 2022 | 00:32:17 | |
What Serverless Can Do For You? With Mark Gould Episode Summary On this episode, Cloud Security Engineer at Manhattan Associates, Mark Gould, joins Matt to talk about serverless computing. Mark is a Cybersecurity specialist, with a focus on the Google Cloud Platform, and is a Certified Google Architect. Today, Mark talks about serverless computing, the security risk to consider, and working with DevOps teams. What are the top three metrics to start with for automation and security? Hear about cloud automation, Mark’s NSG alerting system, and his greatest accomplishments in recent years.
Timestamp Segments · [01:22] About Mark. · [02:49] About Manhattan Associates. · [04:46] How does cloud fit in? · [06:16] Automation in the cloud. · [09:03] Modernization at Manhattan Associates. · [10:18] Serverless computing. · [14:39] Security risks with using serverless functions. · [17:58] Mark’s NSG alerting system. · [21:27] Three metrics for automation and security. · [23:33] What should security teams be doing differently when working with DevOps? · [25:43] What is Mark most proud of? · [27:45] How does Mark continue to learn? · [30:31] Is Manhattan Associates hiring?
Notable Quotes · “You definitely have to pick what kind of processes you want to automate and make sure that you’re willing to put in the work to maintain them.” · “Sometimes serverless isn’t always the cheapest option.” · “Leaders are learners.”
Relevant Links Manhattan Associates: https://www.manh.com LinkedIn: https://www.linkedin.com/in/mark-gould-15a7a3149 The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| Attracting and retaining cyber talent | 22 Sep 2024 | 00:43:07 | |
Meg Anderson, the CISO at Principal Financial Group, discusses her 17-year tenure as a CISO and the factors contributing to her long-term success. She attributes her longevity to her passion for the job and the opportunities for growth and development at Principal. Meg emphasizes the importance of understanding the business impact of cybersecurity and holding people accountable. She also highlights the significance of focusing on the basics of cybersecurity and not getting caught up in the latest trends. Meg shares her experience with mentorship and its role in her career. She also discusses the programs implemented at Principal to attract and retain cyber talent, such as a formal mentorship program and a robust internship program.
Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| The Talent Shortage That Doesn’t Exist | 20 Jan 2024 | 00:45:39 | |
Episode Summary On this episode, Best Selling author of Cyber for Builders and blogger Ross Haleliuk joins the show to talk about his writing on the cybersecurity industry. Ross is active in the cybersecurity ecosystem as a startup advisor and angel investor, currently leading the VIS Angel Syndicate. He often writes about cybersecurity, security investment, growth, and building security startups on TechCrunch, in other leading industry media, and in his blog, Venture in Security, read by tens of thousands of security leaders every month.
Timestamp Segments · [02:23] Pivoting into cybersecurity. · [08:20] The role of project manager. · [11:24] The BISO role. · [13:41] The talent shortage as a qualitative issue. · [23:58] Apprenticeship programs. · [30:51] Qualitative vs quantitative talent shortage. · [33:15] The impact of AI. · [39:06] AI in cybersecurity. · [41:54] What is Ross writing about next? · [43:12] How Ross stays sharp.
Notable Quotes · “A lot of problems in cybersecurity are not unique to the space.” · “It is difficult to find an entry-level job in the technology space, period.” · “There is a shortage of senior talent, but there is also an oversupply of junior talent.”
Relevant Links LinkedIn: Ross Haleliuk
Resources: The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| Did You Know You Have a SaaS Problem? | 12 Apr 2021 | 00:43:18 | |
While most companies have significantly increased their investments in SaaS, they have not updated their security controls and processes to ward off threats posed by this medium. Leaving SaaS security to Cloud Access Security Brokers (CASB) is not sufficient. The security controls need to be placed around the data, APIs, and applications that are running inside a cloud environment, not outside its perimeter. This is the kind of security that AppOmni provides and today we have its CEO, Brendan O'Connor on the show to dive deeper into the subject of SaaS security. Key Areas From This Episode:
Tweetables: “Companies have significantly expanded their SaaS investment and footprint and the SaaS applications themselves have really grown in complexity. Most companies haven't updated their security controls to support SaaS, or invested in new technology to manage this problem. That's where AppOmni comes in.” — @AppOmniSecurity [0:01:54] “I love solving puzzles. Enterprise security at scale is a hard problem. It's a puzzle. There is not a one-size-fits-all solution.” — @AppOmniSecurity [0:05:29] “SaaS applications are becoming closer to operating systems in the cloud than a single simple web app. You can't watch what every individual is doing. You have got to put guardrails in place.” — @AppOmniSecurity [0:20:30] “SaaS is a fundamentally different architecture than hosting things on-premise. You need to rethink, what is the value that you get from your security tools? How can you get that value today in an automated fashion in these new systems that support that new architecture?” — @AppOmniSecurity [0:24:44]
Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| The art of security transformation | 22 Apr 2024 | 00:50:57 | |
Episode Summary On this episode, CISO at Palo Alto Networks, Niall Browne, joins the show to talk about Security, Cloud, and AI. Before joining Palo Alto Networks, he served as the CSO of Cloud platforms for the past sixteen years, including as the CSO and CTO at Workday. Today, Niall talks about his journey starting in the early days of the Internet, his work during Palo Alto’s shift to Cloud and now AI, and how to keep track of risk with automation. How can teams do more with less? Hear about how to communicate risk to company board members, the usefulness of Gen AI, and the cyber skills shortage.
Timestamp Segments · [01:39] Niall’s Bank of Ireland experience. · [05:07] How did the early internet catch Niall’s attention? · [08:56] What is Niall most proud of? · [11:34] Palo Alto’s shift to Cloud. · [16:43] Overcoming resistance to the shift. · [22:53] Keeping a pulse on risk. · [28:07] Communicating risk to boards. · [33:46] Doing More With Less. · [38:00] How does Gen AI make processes better? · [41:27] The cyber skills shortage. · [47:04] Niall’s personal growth formula.
Notable Quotes · “More with less is key.” · “Hiring the right skill set is very difficult.”
Relevant Links Website: www.paloaltonetworks.com LinkedIn: Niall Browne
Resources: Doing More with Less: The Case for SOC Consolidation. The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| Cybersecurity compensation 2025 | 20 Dec 2024 | 00:45:36 | |
In this conversation, Steve Martano discusses his journey from writing about baseball analytics to becoming a key player in cybersecurity executive search and strategy. He emphasizes the evolving role of CISOs, the importance of aligning with business objectives, and the need for strong leadership skills. The discussion also covers trends in CISO compensation, the mental health challenges faced by security leaders, and the significance of organizational culture in driving satisfaction and effectiveness in cybersecurity roles.
Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| Bonus: AI and data security | 06 May 2024 | 00:38:59 | |
Episode Summary On this episode, Global Head of InfoSec and GRC Strategy at VMWare, Ashish Suri, joins the show to discuss data security and AI. Ashish has over 20 years of experience in business transformation, cybersecurity, data privacy, and enterprise risk management. He has served in numerous roles, including Head for Data Risk, Privacy, and Cybersecurity at Apple, Head of Technology Process and Controls at PayPal, and Senior Director of Finance Internal Controls at Visa. Today, Ashish talks about the distinction between data secrecy and data security, data security in the Cloud, and the business benefits of investing in data security. How does AI fit into security? Hear about cost-effective risk mitigation strategies and the evolving DSPM space, and get Ashish’s formula for personal growth.
Timestamp Segments · [01:33] Ashish’s role at Apple. · [04:27] Data secrecy vs data security. · [07:20] Data security in the Cloud. · [09:30] Ashish’s approach to data security. · [13:53] What does a business get out of data security? · [17:34] The CIA Triad. · [21:39] AI and Cloud security. · [24:24] AI in cybersecurity products. · [27:59] Cost-effective risk mitigation strategies. · [30:49] Wading through the DSPM space. · [35:15] Ashish’s growth formula. · [37:06] Being humble. · [38:00] Ashish’s parting words.
Notable Quotes · “The more we are out there in the Cloud, the larger our footprint becomes, and the risk continues multiplying in different directions.” · “Speed, accuracy, and automation will also get complimented with people, process, and technology.” · “Keep learning and keep listening.”
Relevant Links Website: Bedrock Security | |||
| The Software Factory | 22 Aug 2022 | 00:37:44 | |
S2E8 - The Software Factory with Chris Hughes Episode Summary On this episode, CISO and Co-Founder of Aquia, Chris Hughes, joins Matt to talk about building security in the cloud using automation and compliance. Chris’s career spans over 20 years in the IT/Cybersecurity industry, as well as in active service in the US Military. Chris talks about licensing and certifications, Cloud innovation, and achieving continuous ATO. How are software factories created and operationalized? Hear about the people side of the business, effectively building a community, and get Chris’s formula for personal growth.
Timestamp Segments · [01:19] Chris’s 28 licenses and certifications. · [02:44] The value of certifications. · [05:08] Chris’s Air Force experience. · [06:25] About Aquia. · [07:46] DoD vs the federal civilian space. · [09:01] BatCave. · [10:04] Federal DoD compliance. · [12:55] How do agencies achieve Continuous ATO in the cloud? · [16:04] Software Factories. · [21:07] How it’s gone wrong. · [23:12] What it looks like to stand up a Software Factory. · [25:24] What works on the people side? · [28:42] What is an effective way to build a community? · [32:30] Why Chris reads physical books. · [35:07] Chis’s formula for personal growth.
Notable Quotes · “The journey is going to be unique to the organization. It’s not going to be the same for everyone.” · “Just be real.”
Relevant Links Aquia: https://www.aquia.us LinkedIn: https://www.linkedin.com/in/chris-h-97680442 GutHub: Federal DoD Software Factory Compliance The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| What Is Threat Intelligence? | 18 Apr 2022 | 00:37:23 | |
In this episode (originally recorded in November of 2021) we speak with Palo Alto Networks, VP of Threat Intel, Ryan Olson. Ryan helps define what threat intelligence actually is and how to get started building a program. He aptly reminds us that producing threat intel for the sake of threat intel is a waste of time. More importantly you first have to ask yourself, “Who’s going to be using this information?”. Tweetables “Producing threat intel for the sake of threat intel is a waste of time. What you should be doing is thinking ‘Who’s going to take the information that I have produced and use that to make a better decision?’ Because that's the goal of threat intelligence, to help a system, or a person, or a team, or a company make better decisions that will help secure them better.” — Ryan Olson [0:04:24] “If I could give people one recommendation, if you can get access to your SSL traffic so that you can decrypt it and you can inspect it, you will have a much better chance at detecting bad stuff in your network than you would without it.” — Ryan Olson [0:29:58] Links Mentioned in Today’s Episode: Unit 42 Palo Alto Networks Careers Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| Innovating at the Speed of Relevance | 18 Oct 2021 | 00:35:04 | |
When thinking of innovation, the first things that usually come to mind are tech startups. It’s not often you think of examples from the US Government or, more specifically, the Department of Defense. Our guest today has unprecedented insight, not only into what it takes to build a startup but how to create a startup-like culture in massive organizations like the US Department of Defense. | |||
| Cloud Native Pharma | 17 Jan 2022 | 00:38:16 | |
The pharmaceutical industry has a reputation for being cautious when it comes to adopting new technologies. However, in this episode, you’ll hear from the CISO at Takeda Pharmaceuticals, Mike Towers, that for Takeda cloud has been a game-changer (albeit not without some challenges). As we like to do, we’ll start by diving into Mike’s background and then pivot to understand where Takeda is today in their cloud journey and where they are going over the next 24 months. Get your pen ready because Mike is going to drop a massive amount of knowledge in a short period of time. Tweetables: “One of the things that's the toughest in the biopharmaceutical industry is focus because it's really easy to get tempted to try to solve a lot of different problems.” — @MichaelATowers [0:02:47] “We’ll be exclusively cloud, within probably, I would say, 15 months from now.” — @MichaelATowers [0:17:51] Links Mentioned in Today’s Episode: Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| Unraveling unmanageable apps | 21 Feb 2023 | 00:38:39 | |
On this episode, co-founder and CEO of Cerby, Belsasar Lepe, joins Matt to talk about unmanageable applications (apps that don't support critical security standards like SSO and SCIM). Belsasar was previously the Head of Product at Impira, where he led the company's product life cycle, helping drive a 4x increase in revenue. Before his role at Impira, Bel was co-founder and CTO at Ooyala, where he led a global product, design, and engineering team of 300+ Ooyalans spanning five countries and seven offices. Ooyala achieved two successful exits totaling over $440M. Belsasar talks about unmanageable applications, Shadow IT, and why password managers should be considered legacy tech.
Timestamp Segments · [02:14] A bit about Belsasar. · [04:57] Unmanageable Applications. · [07:07] Shadow IT. · [11:04] Quantifying the risk. · [14:50] How to identify Unmanageable Apps. · [17:46] Using different tools. · [21:03] Where do password managers fall in? · [22:53] Is passwordless the future? · [25:29] How Cerby solves the problem. · [27:11] A Cerby success story. · [30:48] The future of the market. · [32:35] Migration to Cloud. · [35:03] How Belsasar stays fresh.
Notable Quotes · “The first task is understanding the size of the problem.” · “The initial point of entry is often an unmanageable application.” · “More businesses will rely on end users for their security.” Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| The human side of cyber | 22 Apr 2025 | 00:46:10 | |
In this conversation, Tammy Klotz discusses her journey as a leader and author, focusing on her book 'Leading with Empathy and Grace.' She shares insights on the importance of empathy, vulnerability, and authenticity in leadership and the challenges and rewards of writing a book. The discussion highlights the significance of acknowledging personal lives in the workplace and the foundational role of trust in professional relationships. If you are an aspiring leader in Cyber, this episode is for you. Tammy shares her secrets to successful leadership. | |||
| Rethinking security awareness | 23 Feb 2025 | 00:45:45 | |
In this conversation, Lance Spitzner shares his unique journey from a military tank officer to a pioneer in cybersecurity, detailing the evolution of his career and the inception of the Honeynet Project. He emphasizes the importance of understanding the human element in security, advocating for a shift from mere security awareness to fostering a robust security culture within organizations. Spitzner discusses practical steps for security teams to enhance their approach, including leveraging AI to improve communication and engagement. He concludes by reflecting on the impact of his work and the growing recognition of the human side of cybersecurity. Takeaways
Chapters | |||
| How to Operationalize Cloud Security | 10 May 2021 | 00:36:26 | |
Keeping it simple is Brett’s mantra, and it has led to a great amount of success for him and the company he works for. As a security leader at Zoetis, the world’s largest animal healthcare company, Brett has managed to get ahead of the business in terms of adopting cloud securely. Although it may sound boring, standardizing security processes was a key element in the journey to automation for the Zoetis SOC. Key Points From This Episode:
Tweetables: “Standardization...I just live and die by our process. We're very process-oriented. You can do that in the cloud but you have to take time to do that, and that's how it should be done.” — Brett Tode [0:10:38] “Your standardized processes are the things that really are going to keep you in control and keep you effective over time. Automation is really cool and great because it's going to save us time. But without that standardized process, you can never get to automation.” — Brett Tode [0:13:04] “In almost everything I do, I try to keep things simple. Don't try to make something so complex from the get-go because it’s just never going to work.” — Brett Tode [0:24:49] “We’re always going to strive to be better. I think everyone should do that because making yourself better is just providing more value for the company. At the end of the day, that's what we're all supposed to be doing.” — Brett Tode [0:25:52] Links Mentioned in Today’s Episode: The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| Dr. Zero Trust on zero trust | 20 Jan 2025 | 00:36:10 | |
In this conversation, Dr. Chase Cunningham, aka Dr. Zero Trust, shares his unique journey into the cybersecurity field, emphasizing the importance of purpose and self-care in a high-stress industry. He discusses the challenges of implementing zero trust strategies in organizations, the significance of understanding offensive tactics to enhance defensive measures, and the need for systemic change in national cybersecurity. Dr. Zero Trust also provides valuable advice for aspiring cybersecurity professionals, highlighting the supportive community and the importance of continuous learning.
| |||
| Securing Democracy: DNC's Cyber Cop | 21 Jul 2023 | 00:53:21 | |
On today’s episode, CSO at the Democratic National Committee, Steve Tran, joins Matt to talk about magic, AI, and cybersecurity. As the CSO for the DNC, Steve leads their IT, physical, and cybersecurity strategy. When not defending against dedicated adversaries, Steve can be found doing “off the cuffs” performances at the World-Famous Magic Castle in Hollywood. Today, Steve talks about how he incorporates magic into cybersecurity, his transition from law enforcement to cybersecurity, and how to mitigate risk in a fast-moving environment. What are the potential risks of using generative AI? Hear about our susceptibility to mental malware, thinking strategically versus tactically to solve problems, and how Steve manages to stay sharp day-to-day.
Timestamp Segments · [01:21] Steve, the magician. · [05:14] Parallels between magic and cybersecurity. · [07:21] Transitioning from law enforcement to cybersecurity. · [16:26] Using magic to manage mental health. · [21:25] The DNC. · [22:19] Decentralization and security. · [24:59] Getting buy-in. · [27:42] Thinking strategically. · [29:09] Mitigating risk in a fast-moving environment. · [36:00] AI and cyberattacks. · [43:25] Potential issues with AI. · [50:46] How Steve stays sharp.
Notable Quotes · “Mental health can really affect cybersecurity professionals.” · “Business isn’t meant to be just transactional.” · “One of the biggest barriers to why people don’t buy into it at first is because they don’t understand it.” · “Security issues don’t care if you don’t have a budget or don’t have a team.” · “Once you get people to feel a certain way, you can’t undo that.” · “There’s no better way to learn than to have to teach material yourself.” The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| Zombie identities: the hidden threat in your cloud | 03 Jun 2024 | 00:39:37 | |
Episode Summary On this episode, Sandy Bird, CTO and Co-Founder of Sonrai Security, joins the show to discuss identity security in the Cloud. Prior to Sonrai Security, Sandy co-founded Q1 Labs, which was acquired by IBM. He then became the CTO and helped IBM Security grow to $2B in revenue. Today, Sandy talks about his journey in cybersecurity and how to manage and eliminate dormant identities. Why should listeners be concerned about zombie identities? Hear about the permissions attack surface and where to start implementing zero trust policies. Timestamp Segments · [01:41] Getting into cybersecurity. · [03:48] Key lessons from IBM. · [08:40] Zombie identities. · [12:53] Is it possible to manage and eliminate dormant identities? · [16:17] Tying the process into a CI/CD pipeline. · [21:01] The Dirty Dozen of Cloud Identity. · [24:13] The permissions attack surface. · [27:00] Zero Trust best practices. · [30:08] Creating nett new machine identities. · [33:17] Prioritizing identity misconfigurations. · [35:15] Sandy’s mentors and inspirations. · [37:37] How does Sandy stay sharp?
Sound Bites
Relevant Links Website: sonraisecurity.com LinkedIn: Sandy Bird Quantifying Cloud Access: Overprivileged Identities and Zombie Identities | |||
| What (actually) Works In Cloud Security | 21 Sep 2021 | 00:37:27 | |
Some of the most pertinent issues in cloud security are also very foundational. Questions like where to start, what works, and also what doesn’t work, can leave teams feeling frustrated and at a loss over how to proceed. Here to help us unpack these important questions is Jonathan Villa, the Cloud Security Practice director at GuidePoint Security. Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| How Common Identity Misconfigurations Can Undermine Cloud Security | 10 Mar 2021 | 00:46:04 | |
Welcome to a brand new cloud security podcast, Cloud Security Today. Instead of focusing on the latest news, we’re exploring a different take on cloud security where we dig deeper into its eclectic “how-to” side. On Cloud Security Today, we are going to talk with experts from all over the community so you can do cloud security better. Today’s experts are Nathaniel Quist (Q) and Jay Chen, and they will be talking about Unit 42’s latest cloud threat research. First up Q and J, as we call them, introduce listeners to their professional histories before telling us how they choose their research projects. We then talk to Q and Jay about findings from their latest report on identity and access management. Together, they explain some of the common vulnerabilities that come with identity and access management, like misconfigured roles. Toward the end of the episode, we talk to Q about cryptojacking, as he explains the nuances to mining coins maliciously, the various teams behind the act, and how they use code against each other. Key Points From This Episode: ● How to become a threat researcher. Q and Jay share a little bit about their background. ● Watch your roles and look out for wildcards in configurations! ● APIs don’t always behave as expected – test them! Tweetables: “My biggest surprise is that even in a multi-million-dollar enterprise environment with thousands of workloads, thousands of EC2 instances and databases, they still make very fundamental mistakes.” — Jay Chen [0:09:55] “The cloud has the potential to be so much more granularly controlled than just a normal on-prem environment. From the outside looking in, it's very complex. Complexity can bring some obscurity within the cloud environment.” — Nathaniel Quist [0:17:00] Links Mentioned in Today’s Episode:
Matt Chiodi on Twitter Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| Book Review: Startup Secure | 21 Sep 2022 | 00:40:54 | |
Book Review: Startup Secure with Chris Castaldo Episode Summary On this episode, CISO at Crossbeam and Author of Startup Secure: Baking Cybersecurity into your Company from Founding to Exit, Chris Castaldo, joins Matt to talk about startups and security. Chris is an industry-wide recognized CISO, having over 20 years of experience in cybersecurity. Today, Chris talks about his book, Startup Secure, his move to startups from the public sector, and the different startup development phases. What should startups focus on during the different development phases? Hear about security trust centers, the top startup security sins, and get Chris’s formula for personal growth.
Timestamp Segments · [02:03] What prompted Chris to write Startup Secure? · [04:57] What has changed during the writing process? · [06:47] Critical decisions throughout Chris’s career. · [11:17] Moving from public sector to startups. · [15:39] Startup development phases. · [20:16] When certifications don’t make sense. · [26:09] Mistakes in communicating to customers. · [30:16] Security trust centers. · [32:45] Startup security sins. · [35:38] Chris’s formula for personal growth. · [39:06] Chris’s parting words.
Notable Quotes · “You’re not the target. You’re just the jumping point to that target.” · “I don’t need to review the security of a company we’re buying desks from.” · “You just can’t expect everyone to be a cybersecurity expert.”
Relevant Links Buy the Book: https://www.amazon.com/Start-Up-Secure-Cybersecurity-Company-Founding/dp/1119700736 LinkedIn: https://www.linkedin.com/in/chriscastaldo The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| Keeping Governments Secure in the Cloud | 13 Jul 2021 | 00:40:03 | |
Cloud security is essential for any business but particularly for government agencies. On today’s episode, we speak with an expert in the field, Ravi Raghava, who is Chief Cloud Strategist at General Dynamics Information Technology (GDIT). Ravi speaks about his personal experience with dozens of cloud deployments for civil agencies and shares best practices. Acronyms
Tweetables: “Over the next few years, we will see a lot of traction and we will see accelerated workload migration to the cloud. It's not just one cloud but multiple clouds, and multi-cloud is becoming the new norm.” — Ravi Raghava [0:04:55] Links Mentioned in Today’s Episode: Ravi Raghava on LinkedIn Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| CISO burnout and boardroom truths | 01 Sep 2025 | 00:40:22 | |
In this conversation, Rinki Sethi, a seasoned cybersecurity leader, shares her journey from being a CISO at major companies to her current role at Upwind Security. She discusses the evolving landscape of cybersecurity, the impact of AI, and the importance of community in the industry. Rinki emphasizes the need for strong communication skills for CISOs, the significance of evaluating company culture before taking on new roles, and the necessity of leveraging AI to enhance cybersecurity programs. She also highlights the importance of personal growth and building supportive networks within the cybersecurity community. | |||
| AppSec: Engineering, Attackers, and Defense | 21 Aug 2023 | 00:50:20 | |
Episode Summary In today’s episode, AppSec CTO at Palo Alto Networks, Daniel Krivelevich, joins Matt to talk about AppSec for the modern engineering ecosystem. Daniel is a Cybersecurity expert and problem solver with a proven track record from working with numerous enterprises across several different industries, with a focus on Application and Cloud Security. He has served in the Intelligence Corps of the IDF, 8200, as a Security Specialist at LivePerson, and as the Cloud & Application Security Lead at Sygnia. He is also the Co-Founder of Cider Security, which was acquired by Palo Alto Networks in December 2022. Today, Daniel talks about how his views have been shaped by his experience on both sides of the equation, the rapid pace of software development, and the role of codification. Why is visibility such a vital part of mitigating threats? Hear about the changing role of security, the struggle with maintaining cybersecurity 101, and Daniel’s recommended sources to stay up to date.
Timestamp Segments · [02:43] How Daniel’s experiences have shaped his AppSec views. · [09:27] The software engineering paradigm shift. · [12:24] The role of security. · [16:42] Is it realistic for security to keep up with software development? · [20:27] How the engineers’ freedom of choice impacts security. · [26:14] The role of codification to reduce the attack surface. · [30:21] Tools as targets. · [34:47] How to mitigate threats of the increasingly complex ecosystems. · [39:21] What’s next? · [44:40] The struggle with cybersecurity 101. · [47:03] How Daniel stays sharp.
Notable Quotes · “The attacks that abuse the engineering ecosystem, they’re not theory anymore.” · “The challenge is helping defenders focus on what matters.” · “Attackers always choose the path of least resistance.” · “Once you have that visibility, you are usually capable of significantly reducing your attack surface.” · “It’s not the zero days that are what’s leading.”
Relevant Links Website: www.paloaltonetworks.com. LinkedIn: Daniel Krivelevich.
Resources: AppSec for the Modern Engineering Ecosystem. The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| Navigating identity security | 29 May 2025 | 00:34:08 | |
In this episode, Matt interviews Bel Lepe, CEO and co-founder of Cerby, discussing the challenges and opportunities in identity security. They explore the significance of disconnected applications, the impact of shadow IT, and the importance of automation and AI in enhancing security practices. Bel shares insights from his previous experience at Ooyala and the lessons learned in building Cerby, including the recent Series B funding and future plans for the company. Takeaways
| |||
| Matt joins a startup | 27 Jun 2022 | 00:22:31 | |
This episode of the Cloud Security Today podcast is a little different from the others because this time host Matthew Chiodi gives the interviewer’s seat over to Yousuf Khan and they talk about an exciting new development in Matt’s career. Timestamps [0:28] Matt introduces the topic for today’s episode [1:50] Exciting news from Matt about his latest career move [5:10] Matt explains one of the biggest challenges in app security today [7:25] How have we managed app security up to now? [9:20] So how does Cerby work? [11:32] Matt’s new role at Cerby and an outline of his first few months [12:50] Why Matt likes working in a start-up environment [14:05] How Matt became interested in Cerby [16:20] What’s next for Cerby? [18:10] The advice that Matt would give to anyone looking to join a start-up [20:40] Yousuf adds his thoughts about working for a start-up | |||
| Cloud Native Security: A Year in Review | 21 Apr 2023 | 00:43:57 | |
On this episode, the Chief Security Officer of Cloud at Palo Alto Networks, Bob West, joins Matt to discuss Palo Alto Network's latest State of Cloud Native Security Report. Bob joined Palo Alto Networks after more than 20 years in leadership roles with banks, product companies, and professional services organizations. Before joining Palo Alto Networks, Bob served as managing partner at West Strategy Group, managing director in Deloitte’s cyber risk services practice, managing director for CISO for York Risk Services, Chief Trust Officer at CipherCloud, CEO at Echelon One, Chief Information Security Officer (CISO) at Fifth Third Bank, and Information Security Officer at Bank One. Today, Bob talks about the latest installment of the State of Cloud Native Security Report, the severe shortcomings in Cloud Security, and the elevated cost of Cloud Security. Why is it essential to think about security upfront? Hear about the daily mindset shift required to deploy quality code, minimizing complexity to maximize efficiency, and the significant delay in threat management. Timestamp Segments · [01:46] Bob’s career-changing experiences. · [04:17] Bob’s advice. · [11:10] The 10,000-ft view. · [16:23] The elevated costs of Cloud security. · [22:36] Increased deployment frequency. · [24:54] How do security teams keep up? · [30:44] Security tooling in the Cloud. · [35:46] Holistic Cloud security. · [41:18] There will always be issues.
Notable Quotes · “Be nice to your vendors.” - Bob · “You never know who’s going to be able to help you out at any point.” - Bob · “You’ve got to build bridges before you need them.” - Matt · “Common sense isn’t necessarily common practice.” - Bob Relevant Links Website: www.paloaltonetworks.com LinkedIn: Bob West Resources: The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| Security is a process | 16 Feb 2024 | 00:47:21 | |
Episode Summary On this episode, Co-Founder and CTO of Gutsy, John Morello, joins Matt to talk about Process Mining in Cybersecurity. Before co-founding Gutsy, John served as the CTO of Twistlock and VP of Product for Prisma Cloud. John holds multiple cybersecurity patents and is an author of NIST SP 800-190, the Container Security Guide. Before Twistlock, he was the CISO of an S&P 500 global chemical company. Before that, he spent 14 years at Microsoft, working on security technologies in Windows and Azure and consulting on security projects across the DoD, intelligence community, and at the White House. John graduated summa cum laude from LSU and lives in Baton Rouge with his wife and two sons. A lifelong outdoorsman and NAUI Master Diver and Rescue Diver, he's the former board chair of the Coalition to Restore Coastal Louisiana and a current Coastal Conservation Association board member. Today, John talks about governance challenges in cybersecurity, the importance of security as a process, and how to apply process mining. How is process mining useful in cybersecurity? Hear about process mining human actions and unstructured sources, and how John manages to stay sharp.
Timestamp Segments · [02:20] John’s cybersecurity journey. · [07:43] Pivotal moments in John’s career. · [10:23] The most pressing governance challenges. · [14:07] What is process mining? · [19:03] How process mining can benefit certain functions. · [21:09] Security as a process, not a product. · [25:37] Why there’s not more focus on process. · [32:03] Applying process mining. · [38:07] Filling in the gaps. · [42:03] How John stays sharp.
Notable Quotes · “Security is a process, not a product.” · “In security, inefficiency and inconsistency are highly correlated with risk.” · “Almost everything in security is about process.”
Relevant Links Website: gutsy.com. LinkedIn: www.linkedin.com/in/john-morello. The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| The AI Episode | 21 Oct 2023 | 00:42:00 | |
Episode Summary In today’s episode, AI Safety Initiative Chair at Cloud Security Alliance, Caleb Sima, joins Matt to talk about some of the myths surrounding the quickly evolving world of AI. With two decades of experience in the cybersecurity industry, Caleb has held many high-level roles, including VP of Information Security at Databricks, CSO at Robinhood, Managing VP at CapitalOne, and Founder of both SPI Dynamics and Bluebox Security. Today, Caleb talks about his inspiring career after dropping out of high school, dealing with imposter syndrome, and becoming the Chair of the CSA’s AI Safety Initiative. Is AI and Machine Learning the threat that we think it is? Hear about the different kinds of LLMs, the poisoning of LLMs, and how AI can be used to improve security.
Timestamp Segments · [01:31] Why Caleb dropped out high school · [06:16] Dealing with imposter syndrome. · [11:43] The hype around AI and Machine Learning. · [14:55] AI 101 terminology. · [17:42] Open source LLMs. · [20:31] Where to start as a security practitioner. · [24:46] What risks should people be thinking about? · [28:24] Taking advantage of AI in cybersecurity. · [32:32] How AI will affect different SOC functions. · [35:00] Is it too late to get involved? · [36:29] CSA’s AI Safety Initiative. · [38:52] What’s next?
Notable Quotes · “There is no way this thing is not going to change the world.” · “The benefit that you're going to get out of LLMs internally is going to be phenomenal.” · “It doesn't matter whether you get in now or in six months.”
Relevant Links LinkedIn: Caleb Sima
Resources: Skipping College Pays Off For Few Teen Techies The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| MITRE + Cloud | 21 Jun 2022 | 00:40:35 | |
As the world of cloud security continues to progress at high speed, new challenges and threats arise and morph on a constant basis. The MITRE Corporation is a body tasked by the US government with solving some of the largest threats in cybersecurity and beyond, and we are very lucky to welcome Tracy Bannon to the podcast today, who is the Senior Principal and Software Architect & DevOps Advisor at MITRE. Tracy opens up about her career journey leading up to her current position, what drew her into the work at MITRE, and how the simplicity of the solutions-focused mission has embedded her loyalty and passion within the organization. The conversation also goes some way into exploring the potential and limitations of zero trust, and what it actually means to make progress towards safer environments. Along the way, our guest makes some interesting and quite unique arguments for why words matter, and why change is healthier through a philosophy centered on building. So to catch it all in this fascinating conversation, make sure to join us on Cloud Security Today! Key Points From This Episode:
Tweetables: “It’s not a recipe. It's not five things you have to do. It's understanding the principles and then applying them, being able to audit them, and validate consistently that they're happening. MITRE does both sides of that.” — @TracyBannon [0:07:44] “Our job is not to land and expand. It’s impact. At all costs, it's to make impact. If it's one person, or a half of that person, it's really defined by the ability to keep the US safe.” — @TracyBannon [0:09:39] Links Mentioned in Today’s Episode: The Software Architect Elevator The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| The New SEC Rule | 20 Nov 2023 | 00:46:16 | |
Episode Summary In this episode, Special Advisor for Cyber Risk at the NACD, Christopher Hetner, returns to the show to discuss the new SEC cybersecurity rules. Chris has over 25 years of experience in cybersecurity, helping protect industries, infrastructures, and economies, serving in roles including as SVP of Information Security at Citi, Senior Cybersecurity Advisor to the Chairman of the US SEC, Executive Member of IANS, the National Board Director of the Society of Hispanic Professional Engineers, Senior Advisor for the Chertoff Group, Senior Advisor to the CEO of Stuart Levine & Associates, and Co-Chair of Nasdaq Cybersecurity and Privacy. Today, Chris talks about the developments since January 2023, the timeframe requirements in practice, and normalizing cybersecurity incidents as business-as-usual. What is Inline XBRL? Learn how startups could prepare themselves for these changes, the scope of disclosure, and how risk management strategies might evolve to address Cloud-specific threats. Timestamp Segments · [02:36] What has changed since January? · [06:49] Why things changed. · [08:51] Was it a good move? · [12:27] Determining the materiality of cybersecurity incidents “without unreasonable delay.” · [17:49] Is 4 days enough? · [22:19] The scope of disclosure. · [24:09] Normalizing cybersecurity incidents. · [26:24] Moving toward real-time monitoring. · [28:52] Is insurance becoming a forcing function? · [32:18] Evolving risk management strategies. · [36:05] Third-party disclosure requirements · [39:51] How do startups prepare? · [41:52] What is Inline XBRL? · [42:54] Inline XBRL to 8-k. · [43:30] How the tagging requirement impact the disclosure process.
Notable Quotes · “The magnitude of these events is the percentage of the event relative to revenue.” · “We’re going to see market forces drive these safety standards within our enterprises.”
Relevant Links LinkedIn: Christopher Hetner
Resources: https://www.sec.gov/news/press-release/2023-139. The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| Zero trust with no FUD | 21 Jul 2022 | 00:46:25 | |
In today’s episode, the Creator of Zero Trust, John Kindervag, joins Matt on the show to discuss implementing Zero Trust in your organization. While at Forrester Research in 2010, John developed Zero Trust, promising adequate and effective protection of an organization’s most valuable assets. Today, John talks about the driving force behind Zero Trust, the concept of the Protect Surface, and Kipling Method Policies. Why is trust a vulnerability? Hear about Zero Trust, Shadow IT, and get John’s recommended resources.
Timestamp Segments · [02:20] About John. · [05:29] How does John define Zero Trust? · [07:45] Why is trust a vulnerability? · [09:56] The Protect Surface. · [12:32] Kipling Method Policies. · [17:22] The roadmap to Zero Trust at scale. · [22:56] It’s the inspection that matters. · [28:26] Zero Trust in the Cloud. · [31:33] Shadow IT. · [38:54] Tracking specific metrics. · [40:58] John’s resource recommendations.
Notable Quote "We can never stop cyber attacks from happening, but we can stop them from being successful.” Recommended Reading: LinkedIn: https://www.linkedin.com/in/john-kindervag-40572b1 ISMG: https://ismg.io The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| From GTA to MFA | 08 Nov 2025 | 00:45:03 | |
In this conversation, Nicole Dove shares her unique journey into the cybersecurity field, highlighting her transition from a finance and audit background to becoming a leader in information security at Riot Games. She discusses the importance of continuous learning, the challenges of writing a book on cybersecurity, and the evolving role of Business Information Security Officers (BISOs) in aligning security with business goals. Nicole emphasizes the need for innovative problem-solving and relationship management in cybersecurity, while also reflecting on her personal routines for maintaining sharpness in her role. | |||
| Open Source Security: A Deep Dive | 21 Jun 2023 | 00:34:38 | |
Episode Summary On this episode, the Co-Founder and CEO of Endor Labs, Varun Badhwar, joins Matt to talk about software supply chain security. Varun has a proven track record of building and leading enterprise security companies across Product Strategy, Marketing, Technical Sales, and Customer Success functions. He serves as a Member of the Forbes Technology Council, a Board Member of Cowbell, a Board Advisor of ArmorCode, and the former Founder and CEO of RedLock. Today, Varun talks about open source risks, how to identify and mitigate risks, and how to incentivize the use of security tools. Where can organizations start? Hear about SBOMs, security in the Cloud, and software security best practices.
Timestamp Segments · [01:42] A bit about Varun. · [04:48] Identifying and mitigating risk. · [10:32] Where should organizations start? · [14:42] The SBOM. · [19:51] Industry standards and best practices. · [22:26] Cloud security. · [25:50] Endor Labs. · [29:52] Incentivizing using security tools.
Notable Quotes · “Select, secure, maintain, comply.” · “The first thing that drives a lot of security shifts is compliance.”
Relevant Links Website: www.endorlabs.com LinkedIn: Varun Badhwar The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| The world of purple teaming | 21 Jul 2024 | 00:46:27 | |
This month, we welcome Eric Gagnon, Team Lead of Adversary Simulation, Purple Teaming, and Tradecraft Development at Desjardins. The conversation covers a wide range of topics related to cybersecurity, including purple teaming, red teaming, blue teaming, and Eric's journey in cybersecurity. Eric shares insights on certifications, threat hunting, cloud security, and the importance of knowledge exchange between red and blue teams. He also discusses the use of AI in cybersecurity and the need to stay sharp in the field. Takeaways
Chapters 00:00 08:09 15:08 35:02 39:57 Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| Building a SaaS security program | 23 Jun 2024 | 00:50:33 | |
This month, we welcome Swathi Joshi, VP of SaaS Cloud Security at Oracle, to discuss key moments and decisions that shaped her career path, including rejections from Google and Twitter. She emphasizes the importance of learning from rejection and seeking feedback to improve. Swathi also shares insights on the role of mentors and advises on finding and working with mentors. In the second part of the conversation, she discusses building a SaaS security program as an enterprise consumer of SaaS. She highlights the importance of addressing misconfigurations, ensuring visibility and access control, and meeting compliance needs.
Links Chapters Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| Principles in cyber leadership | 23 Mar 2025 | 00:42:58 | |
In this conversation, MK Palmore shares insights from his diverse leadership journey, spanning the Marine Corps, FBI, and cybersecurity. He emphasizes the importance of a people-centered leadership approach, the balance between technical and leadership skills, and the significance of effective communication. MK reflects on his experiences, the impact of mentorship, and the lessons learned from both successes and failures in leadership roles. MK highlights the challenges in attracting diverse talent to cybersecurity and the necessity of nurturing new professionals. He concludes with insights on continuous learning and the importance of maintaining a beginner's mindset. Takeaways
Chapters 00:00 02:57 06:05 09:05 11:49 14:53 18:01 20:44 25:06 30:22 32:53 38:31 | |||
| The future of cybersecurity in healthcare | 20 May 2024 | 00:43:55 | |
Episode Summary Corey Elinburg, a cybersecurity leader, discusses the importance of approaching cybersecurity as a transformational force and empowering the business. He emphasizes the need to avoid draconian controls and adopt a mentality of finding solutions rather than saying no. Corey also shares insights on hiring security leaders and building relationships with vendors. He highlights the value of cloud-based security services in rapidly aligning IT with the business and shares examples from his experience. Corey emphasizes the importance of digital trust in healthcare and the need to prioritize patient safety. He also discusses personal growth and staying up to date in cybersecurity.
Chapters · [02:10] Kind words about Corey. · [03:13] Transforming business through IT. · [05:20] Where security programs go wrong. · [06:35] Corey’s hiring persona. · [07:50] Embracing innovation. · [14:26] Principles to accomplish your vision. · [17:20] Cloud-based security models. · [23:55] Bringing value to businesses. · [28:09] From practitioner to leader. · [33:41] Unifying security and developers in purpose and practice. · [38:15] Implementing digital trust. · [41:28] Corey’s growth formula. · [42:53] Corey’s parting words.
Notable Quotes · “It’s not just controls. It’s empowering the business to operate in a resilient way.” · “Too often in cyber, we forget that we’re selling in every interaction.” · “When you engage trying to solve a problem rather than engage trying to sell a product, you’re immediately on a better footing.”
Relevant Links Website: www.commonspirit.org LinkedIn: Corey Elinburg The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| Iron Maiden and cloud security | 14 Jul 2025 | 00:45:36 | |
In this month's installment, Toni De La Fuente shares his journey into cybersecurity, detailing his early experiences with computers and his passion for hacking. He discusses the creation of Prowler, an open-source cloud security tool, and its differences from commercial solutions. The conversation explores cloud security challenges, the importance of open-source solutions, and the dynamics of scaling a startup. Toni also emphasizes the significance of passion in one's career and offers advice for aspiring tech professionals. | |||
| Cybersecurity's secret weapon | 20 Mar 2024 | 00:43:05 | |
Episode Summary In this episode, Jerich Beason, CISO at WM, joins the show to discuss becoming a CISO. Before joining WM, Jerich served in various roles at Lockheed Martin, RSA, Capital One, AECOM, and Deloitte. Jerich talks about how he tailored his roles throughout his career, learning communication soft skills and his passion for sharing with others. Timestamp Segments · [02:51] When Jerich knew he wanted to be a CISO. · [04:52] Tailoring the roles. · [06:02] What is Jerich most proud of? · [07:17] Jerich’s best advice. · [13:22] Transitioning away from geek-speak. · [17:29] When Jerich developed the passion. · [20:28] The PRIME framework. · [25:20] What should be talked about with AI? · [29:09] What would Jerich change about the cybersecurity industry? · [30:33] Hiring the right people. · [33:37] How Jerich stays sharp. · [35:06] The value of vendors.
Notable Quotes · “Not every issue warrants a ‘sky is falling’ alert.” · “When it comes time to leave, leave a legend.” · “We don’t exist without vendors.”
Relevant Links Website: www.wm.com LinkedIn: Jerich Beason The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||
| Pockets of Innovation | 21 Nov 2022 | 00:38:38 | |
Pockets of Innovation with John Chavanne
On this episode, Solutions Architect at Palo Alto Networks, John Chavanne, joins Matt to talk about his career of innovation. John’s career spans over 20 years at HSBC before transitioning into DevOps and Cloud Solutions at Palo Alto Networks. Today, John talks about his career arc, transitioning to cloud, and the value of communities of practice groups. Where should organizations start with deploying a CNAP? Hear about the challenges with deploying cloud platforms, and John’s greatest accomplishments.
Timestamp Segments · [01:30] About John. · [02:54] John’s career. · [05:47] What is something that cloud makes easier? · [07:09] Transitioning from network to DevOps and Cloud. · [10:15] Starting the move to cloud at HSBC. · [13:15] Cloud communities of practice. · [18:47] Sharing code. · [21:27] John’s biggest accomplishment. · [23:23] Prisma Cloud. · [26:25] Organizational challenges with deploying cloud platforms. · [29:41] Where to start with deploying a CNAP. · [33:54] How does John stay fresh?
Notable Quotes · “You can test things out in the cloud and the price of failure is almost zero.” · “Innovation happens in pockets.” · “Reduce waste and build habits that reduce waste.”
Relevant Links Recommended reading: The Toyota Way. Kubernetes - An Enterprise Guide. KodeKloud: https://kodekloud.com Twitter: https://twitter.com/jjchavanne The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you. | |||