Cloud Security Podcast by Google

09/05/2022

Episode 64 "Security Operations Center: The People Side and How to Do it Right" of Cloud Security Podcast where hosts Anton Chuvakin and Timothy Peacock interview Dave Herrald about people
https://lnkd.in/gb28i-kS

The Cloud Security Podcast from Google is a weekly news and interview show with insights from the cloud security community.

02/05/2022

Episode 63 "State of Autonomic Security Operations: Are There Sharks in Your SOC with Robert Herjavec" of Cloud Security Podcast where hosts Anton Chuvakin and Timothy Peacock talk to Robert Herjavec, Eric Foster and Iman Ghanizada about SOC evolution

https://cloud.withgoogle.com/cloudsecurity/podcast/ep63-state-of-autonomic-security-operations-are-there-sharks-in-your-soc-with-robert-herjavec/

Based on the panel from Google Cloud Security Talks Q1 2022

*O

25/04/2022

Episode 62 "Protect Modern Applications in the Cloud: Union of API and Application Security" of Cloud Security Podcast where hosts Anton Chuvakin and Timothy Peacock interview Etienne De Burgh from Google Cloud Office of the CISO about API security

https://cloud.withgoogle.com/cloudsecurity/podcast/ep62-protect-modern-applications-in-the-cloud-union-of-apis-and-application-security/

See more at our Google Cloud Security Summit on May 17, 2022 https://cloudonair.withgoogle.com/events/summit-security-2022

Register for this digital summit to learn how you can apply the best of Google to your security in the cloud, on-premises, or in hybrid deployments.

18/04/2022

Episode 61 "Anniversary Episode - What Did We Learn So Far on Our Cloud Security Podcast?" of Cloud Security Podcast where hosts Anton Chuvakin and Timothy Peacock celebrate their podcasting anniversary (sort of) and discuss cloud security lessons

https://cloud.withgoogle.com/cloudsecurity/podcast/ep61-anniversary-episode-what-did-we-learn-so-far-on-cloud-security-podcast/

The Cloud Security Podcast from Google is a weekly news and interview show with insights from the cloud security community.

11/04/2022

Episode 60 "Impersonating Service Accounts in GCP and Beyond: Cloud Security Is About IAM?" of Cloud Security Podcast where hosts and interview Dylan Ayrey () of Truffle Security about account impersonation in the cloud

https://cloud.withgoogle.com/cloudsecurity/podcast/ep60-impersonating-service-accounts-in-gcp-and-beyond-cloud-security-is-about-iam/

04/04/2022

Episode 59 "Zero Trust: So Easy Even a Government Can Do It?" of Cloud Security Podcast where hosts Anton Chuvakin and Timothy Peacock interview Sharon Goldberg of BastionZero about in the government

https://lnkd.in/gpmjm_NR

The Cloud Security Podcast from Google is a weekly news and interview show with insights from the cloud security community.

28/03/2022

Episode 58 " is Not Dead: How to Grow and Develop Your SOC for Cloud and Beyond" of Cloud Security Podcast where hosts Anton Chuvakin and Timothy Peacock interview Alexi Wiemer, CISSP and Dan Lauritzen from Deloitte about Security Operations Centers

https://cloud.withgoogle.com/cloudsecurity/podcast/ep58-soc-is-not-dead-how-to-grow-and-develop-your-soc-for-cloud-and-beyond/

The Cloud Security Podcast from Google is a weekly news and interview show with insights from the cloud security community.

21/03/2022

Episode 57 "Stop Zero Days, Save the World: Project Zero's Maddie Stone Speaks" of Cloud Security Podcast where hosts Anton Chuvakin and Timothy Peacock interview Maddie Stone from Google's Project Zero about zero day vulnerabilities (including some in the cloud) https://cloud.withgoogle.com/cloudsecurity/podcast/ep57-stop-zero-days-save-the-world-project-zeros-maddie-stone-speaks/

The Cloud Security Podcast from Google is a weekly news and interview show with insights from the cloud security community.

14/03/2022

Episode 56 "Rebuilding vs Forklifting and How to Secure a Data Warehouse in the Cloud" of Cloud Security Podcast where hosts Anton Chuvakin and Timothy Peacock interview Erlander Lo at Google Cloud about securing a data warehouse moved to or created in the cloud

https://cloud.withgoogle.com/cloudsecurity/podcast/ep56-rebuilding-vs-forklifting-and-how-to-secure-a-data-warehouse-in-the-cloud/

The Cloud Security Podcast from Google is a weekly news and interview show with insights from the cloud security community.

07/03/2022

Episode 55 "The Magic of Cloud Migration: Learn Security Lessons from the Field" of Cloud Security Podcast where hosts Anton Chuvakin and Timothy Peacock interview Brandie J. Anderson, PhD and Renzo Cuadros at Google Cloud about cloud migration security lessons

https://cloud.withgoogle.com/cloudsecurity/podcast/ep55-the-magic-of-cloud-migration-learn-security-lessons-from-the-field/

The Cloud Security Podcast from Google is a weekly news and interview show with insights from the cloud security community.

03/03/2022

Episode 54 "Container Security: The Past or The Future?" of Cloud Security Podcast where hosts Anton Chuvakin and Timothy Peacocki interview Anna Belak from about container usage and security

https://cloud.withgoogle.com/cloudsecurity/podcast/ep54-container-security-the-past-or-the-future/

22/02/2022

Episode 53 "Seven Years of SOAR: What's Next?" of Cloud Security Podcast where hosts Anton Chuvakin and Timothy Peacock interview Amos Stern, CEO at Siemplify (Now Part of Google Cloud) about

https://cloud.withgoogle.com/cloudsecurity/podcast/ep53-seven-years-of-soar-whats-next/

15/02/2022

Episode 52 "Securing AI with DeepMind CISO" of Cloud Security Podcast where hosts Anton Chuvakin and Timothy Peacock interview Vijay Bolina, CISO at DeepMind about approaches for security

https://cloud.withgoogle.com/cloudsecurity/podcast/ep51-policy-intelligence-more-fun-and-useful-than-it-sounds/

07/02/2022

Episode 51 "Policy Intelligence: More Fun and Useful than it Sounds!" of Cloud Security Podcast where hosts Anton Chuvakin and Timothy Peacock interview Vandhana Ramadurai about policy intelligence at Google Cloud

https://cloud.withgoogle.com/cloudsecurity/podcast/ep51-policy-intelligence-more-fun-and-useful-than-it-sounds/

The Cloud Security Podcast from Google is a weekly news and interview show with insights from the cloud security community.

02/02/2022

Episode 50 "The Epic Battle: Machine Learning vs Millions of Malicious Documents" of Cloud Security Podcast where hosts Anton Chuvakin and Tim Peacock interview Elie Bursztein about using machine learning for security at Google https://cloud.withgoogle.com/cloudsecurity/podcast/the-epic-battle-machine-learning-vs-millions-of-malicious-documents/

24/01/2022

Episode 49 "Lifesaving Tradeoffs: CISO Considerations in Moving Healthcare to Cloud" of Cloud Security Podcast where hosts Anton Chuvakin and Timothy Peacock interview Taylor Lehmann of Google Cloud about cloud security in healthcare

https://cloud.withgoogle.com/cloudsecurity/podcast/ep49-lifesaving-tradeoffs-ciso-considerations-in-moving-healthcare-to-cloud/

The Cloud Security Podcast from Google is a weekly news and interview show with insights from the cloud security community.

18/01/2022

Episode 48 "Confidentially Speaking 2: Cloudful of Secrets" of Cloud Security Podcast where hosts Anton Chuvakin and Timothy Peacock interview Nelly Porter about Confidential Computing at Google Cloud

https://cloud.withgoogle.com/cloudsecurity/podcast/ep48-confidentially-speaking-2-cloudful-of-secrets/

The Cloud Security Podcast from Google is a weekly news and interview show with insights from the cloud security community.

11/01/2022

Episode 47 "Megatrends, Macro-changes, Microservices, Oh My! Changes in 2022 and Beyond in Cloud Security" of Cloud Security Podcast where hosts Anton Chuvakin and Timothy Peacock (with GCP Podcast) interview Phil Venables about Cloud Security Megatrends

https://cloud.withgoogle.com/cloudsecurity/podcast/ep47-megatrends-macro-changes-microservices-oh-my-changes-in-2022-and-beyond-in-cloud-security/

The Cloud Security Podcast from Google is a weekly news and interview show with insights from the cloud security community.

06/01/2022

New episode coming on Monday, January 10!

22/12/2021

We are on a holiday break - new episodes to come in January!

06/12/2021

Episode 46 "Products and Solutions: Helping Our Customers Precipitate Change" of Cloud Security Podcast where hosts Anton Chuvakin and Timothy Peacock interview Iman Ghanizada and Alison Andrews Reyes at Cloud about Google Cybersecurity Action Team solutions https://cloud.withgoogle.com/cloudsecurity/podcast/ep46-products-and-solutions-helping-our-customers-precipitate-change/

Topics:

- What is our thinking on solutions vs products for security? Sure, “security is a process, not a product,” but where do solutions fit in?

Security as an industry has too many vendors with little understanding of how users secure things, can solutions approach fix that?

- Google is sometimes known for writing code and just throwing it out there, do solutions change that dynamic for Google Cloud clients who come to us for security?

- Who are the target users for our security solutions? Why did we choose those solutions and not others?

- To me, solutions is how our products actually live in the real world. But can we really hope to transform customer operations with solutions?

- One of the solutions dear to my heart is Autonomic Security Operations that seeks to “10X the SOC”, how was the experience so far? Is 10X real and what does it mean?

- How do we know if we succeeded, what are metrics for solutions?

- How do solutions fit with Google Cybersecurity Action Team launch? Do we need more action figures now?

The Cloud Security Podcast from Google is a weekly news and interview show with insights from the cloud security community.

29/11/2021

Episode 45 "VirusTotal Insights on Ransomware Business and Technology" of Cloud Security Podcast where hosts Anton Chuvakin and Peacock interview Vicente Diaz @ VirusTotal and Vlad Stolyarov @ Google TAG about the latest research https://cloud.withgoogle.com/cloudsecurity/podcast/ep45-virustotal-insights-on-ransomware-business-and-technology/

Topics:

- Why GandCrab / REvil was the most popular ransomware family in 2020?

- What is ransomware as a service?

- Is every scary article about ransomware essentially marketing for the criminals?

- Some ransomware payoffs are huge, how do you think they spend the money?

- How else do they profit off stolen data apart from double extortion schemes? Are there triple extortion schemes?

- What is the concept of a “trusted brand in ransomware”, is it better for clients because they will return the data?

- Why did non-Windows ransomware fail as a business?

- Do we expect 0day exploits to become more popular in ransomware?

- Based on this research, what is the key reason for ransomware’s wild success?

The Cloud Security Podcast from Google is a weekly news and interview show with insights from the cloud security community.

22/11/2021

Episode 44 "Evolving a SIEM for the Future While Learning from the Past" of Cloud Security Podcast where hosts Anton Chuvakin and Timothy Peacock interview Mike Orosz, a CISO at Vertiv, about his journey and the lessons learned

https://cloud.withgoogle.com/cloudsecurity/podcast/ep44-evolving-a-siem-for-the-future-while-learning-from-the-past/

Topics:

- What are your views on modern SIEM? What should it do and what should it be? Should it even be called SIEM?

- Is SaaS/cloud-native SIEM the only way to go?

- Can anybody build a SIEM in the cloud by installing the regular SIEM on IaaS?

- What are the top challenges for organizations deploying and operationalizing SIEM today?

- What are some hidden or commonly forgotten costs for a SIEM deployment?

- Is open source the answer to SIEM?

- SIEM today should deliver on detection, hunting and investigation use cases, so what does it mean in terms of practical data retention?

The Cloud Security Podcast from Google is a weekly news and interview show with insights from the cloud security community.

15/11/2021

Episode 43 "Automation as Paved Roads in Cloud Enablement" of Cloud Security Podcast where hosts Anton Chuvakin and Timothy Peacock interview Amber Shafi, Svetlin Zamfirov, and Ivan Angelov from GSK about their automation approach in the cloud

https://cloud.withgoogle.com/cloudsecurity/podcast/ep43-automation-as-paved-roads-in-cloud-enablement/

Topics:

- Tell us about your team, what are you responsible for and how is the team setup to make that happen? What components of cloud security do you cover?

- Tell us about cloud misconfigurations and why these are different from on- premise misconfiguration?

- How are you discovering these misconfigurations?

- You've automated responses to misconfiguration. Beyond the obvious upsides of reducing team toil and time to response, what are the other benefits? Are there risk in this approach and how are they handled?

- How did this idea to automate come about, and what lessons did you learn along the way?

- How have you integrated with the cloud provider security tooling?

The Cloud Security Podcast from Google is a weekly news and interview show with insights from the cloud security community.

08/11/2021

Episode 42 "Missing Diversity Hurts Your Security" of Cloud Security Podcast where hosts Anton Chuvakin and Timothy Peacock interview M. K. Palmore, CISM, CISSP from Google Cloud about diversity in cloud security

https://cloud.withgoogle.com/cloudsecurity/podcast/ep42-missing-diversity-hurts-your-security/

Topics:

- Why is there such a huge gap in security professionals who are women and people of color?

- How does the lack of women and people of color in tech impact the industry, cybersecurity & tech overall? Are diverse teams better performing, better morale, happier people?

- Are there kinds of threats that we miss in threat modeling exercises for lack of diverse team members?

- We’ve seen countless examples where AI/ML systems have had problems with laundering biases and having frankly appalling issues due to biased training data. What are security implications here?

- Are there organizations helping to close the representation gap in the security workforce and the cloud workforce?

- Why do the big tech companies and even the smaller ones have trouble identifying diverse talent? Why is this hard even for people and organizations who clearly want to improve it?

- Why do companies have a hard time retaining diverse talent?

The Cloud Security Podcast from Google is a weekly news and interview show with insights from the cloud security community.

01/11/2021

Episode 40 "Beyond Phishing: Email Security Isn't Solved" of Cloud Security Podcast where hosts Anton Chuvakin and Timothy Peacocki interview Ryan Noon from Material Security about email security beyond anti-spam and anti-phishing https://cloud.withgoogle.com/cloudsecurity/podcast/ep41-beyond-phishing-email-security-isnt-solved/

Topics:

- When we think about traditional email security, we think anti-spam/phishing. Your company is doing other things, so what are they? In other words, isn’t email security solved with legacy appliance vendors (SEG) and cloud email providers?

- What was the combination of technology and security opportunities that really resonated with you and your investors that led to your focus on email security?

- Security has almost 2000 vendors and they are noisy, how do you get to clients without screaming too loud? How do you build a better security vendor?

- Related to being better vendors, but more broadly, what can we do as an industry to make it easier to buy and get value out of our investments in new security tooling and technology?

- How can we build security tooling that requires less of our precious security team’s time?

The Cloud Security Podcast from Google is a weekly news and interview show with insights from the cloud security community.

25/10/2021

Episode 40 "2021: Phishing is Solved?" of Cloud Security Podcast where hosts Anton Chuvakin and Timothy Peacock interview Elie Bursztein and Kurt Thomas from Google about their MFA and anti-phishing research https://cloud.withgoogle.com/cloudsecurity/podcast/ep40-2021-phishing-is-solved/

Topics:

- Can we say that “Multi-Factor Authentication (MFA) - if done well - fixes phishing for good” or is this too much to promise?

- What are the realistic and seen-in-the-wild bypasses for MFA as a protection?

- How do you think these controls fare vs top tier attackers (clearly, they work vs commodity threats)?

- What do we know about burden vs value of MFA today?

- What can we realistically do to increase MFA/2FA adoption to the 90%s?

- Can we share anything about what we’re seeing as industry benchmarks on MFA adoption so far?

- We’ve seen a lot of ugly debates over the value of SMS as MFA, what is your research-based take on this?

The Cloud Security Podcast from Google is a weekly news and interview show with insights from the cloud security community.

18/10/2021

Cloud Security Podcast by Google OFFICIAL Trailer Video 2021 by Anton Chuvakin and Tim Peacock

18/10/2021

Episode 39 "From False Positives to Karl Popper: Rationalizing Cloud Threat Detection" of Cloud Security Podcast where hosts Anton Chuvakin and Timothy Peacock interview Jared Atkinson from SpecterOps about detection philosophy

https://cloud.withgoogle.com/cloudsecurity/podcast/ep39-from-false-positives-to-karl-popper-rationalizing-cloud-threat-detection/

Topics:

- What are bad/good/great detections? Is this all about the Bianco's pyramid? Is high good and low bad?

- How should we judge the quality of detections? Can there be a quality framework? Is that judgment going to be site specific?

- What should we do to build more good directions? Is this all about reducing false positives?

- Can we really measure false negatives? How can we approach this?

- How can we test for detection goodness in the real world? What are the methods that work? It can’t be just about paper ATT&CK coverage, right?

- What are your top 3 tips for improving the detection practice at an organization?

The Cloud Security Podcast from Google is a weekly news and interview show with insights from the cloud security community.