Cloud Security Podcast
Cloud Security Podcast Team
All episodes
Best episodes
Seasons
Top 10 Cloud Security Podcast Episodes
Goodpods has curated a list of the 10 best Cloud Security Podcast episodes, ranked by the number of listens and likes each episode have garnered from our listeners. If you are listening to Cloud Security Podcast for the first time, there's no better place to start than with one of these standout episodes. If you are a fan of the show, vote for your favorite Cloud Security Podcast episode by adding your comments to the episode page.
Is your CI/CD Pipeline your Biggest Security Risk?
Cloud Security Podcast
09/13/24 • 29 min
How CI/CD Tools can expose your Code to Security Risks? In this episode, we’re joined by Mike Ruth, Senior Staff Security Engineer at Rippling and returning guest, live from BlackHat 2024. Mike dives deep into his research on CI/CD pipeline security, focusing on popular tools like GitHub Actions, Terraform, and Buildkite. He reveals the hidden vulnerabilities within these tools, such as the ability for engineers to bypass code reviews, modify configuration files, and run unauthorized commands in production environments.
Mike explains how the lack of granular access control in repositories and CI/CD configurations opens the door to serious security risks. He shares actionable insights on how to mitigate these issues by using best practices like GitHub Environments and Buildkite Clusters, along with potential solutions like static code analysis and granular push rule sets. This episode provides critical advice on how to better secure your CI/CD pipelines and protect your organization from insider threats and external attacks.
Guest Socials: Mike's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security BootCamp
Questions asked:
(00:00) Introductions
(01:56) A word from episode sponsor - ThreatLocker
(02:31) A bit about Mike Ruth
(03:08) SDLC in 2024
(08:05) Mitigating Challenges in SDLC
(09:10) What is Buildkite?
(10:11) Challenges observed with Buildkite
(12:30) How Terraform works in the SDLC
(15:41) Where to start with these CICD tools?
(18:55) Threat Detection in CICD Pipelines
(21:31) Building defensive libraries
(23:58) Scaling solutions across multiple repositories
(25:46) The Fun Questions
Resources mentioned during the call:
Cloud Security Operations for Modern Threats
Cloud Security Podcast
03/08/24 • 35 min
How is your Cloud Incident Preparedness? Is your CSPM enough? Ashish spoke to Ariel Parnes, Co-Founder and COO at Mitiga about the concept of "Assume Breach" and its importance in developing a proactive cloud security framework. If you are looking to understand the nuances of of cloud incident response and being prepared for them, the effectiveness of current tools, and the future of cloud security operations strategy, then this episode is for you.
Guest Socials: Ariel Parnes
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(02:46) A bit about Ariel Parnes
(04:02) Cybersecurity in the world of Cloud
(06:07) What is Cloud Incident Preparedness?
(08:40) Reality of Cloud Incident Preparedness
(11:16) Does a CSPM help with Incident Preparedness?
(13:54) Should logs be sent to SIEM?
(15:59) Whats a good starting point for Incident Preparedness?
(18:31) Gaining deep visibility in your cloud environment
(19:50) Do you need a Security Data Lake?
(25:56) Demonstrating ROI for Security Operations
(28:28) Importance of Human Factor in Security Operations
(30:51) Low Hanging fruits to strengthen cloud operations
(32:31) The Fun Questions
Container Security in AWS at Scale - Ben Tomhave
Cloud Security Podcast
02/14/21 • 53 min
In this episode of the Virtual Coffee with Ashish edition, we spoke with Ben Tomhave (Linkedin - @btomhave) is the Principal, Falcon’s View Consulting (@FalconsView).
- Host: Ashish Rajan - Twitter @hashishrajan
- Guest: Ben Tomhave (Linkedin - @btomhave)
In this episode, Ben & Ashish spoke about
- What are Containers?
- What is Container Security/ Kubernetes Security for people from traditional security background?
- What should a Container Deployment look like?
- 7 Security Challenges for introducing Containers into an organization, where to get started?
- Building Blocks for building Container Security at Scale - the right way.
- Software Composition Analysis for Containers
- Security challenges with Containers & Serverless
- What was NOC and SOC and does Cloud knowledge really matter for that role?
- How to create awareness about container security in traditional computer security team?
- And much more...
ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv
Twitter - @kaizenteq @hashishrajan
If you want to watch videos of this and previous episodes:
Twitch Channel: https://lnkd.in/gxhFrqw
Youtube Channel: https://lnkd.in/gUHqSai
RED TEAM IN CLOUD - Brianna Malcolmson, Atlassian
Cloud Security Podcast
01/24/21 • 47 min
In this episode of the Virtual Coffee with Ashish edition, we spoke with Brianna Malcolmson, Security Engineering Manager, Atlassian
In this episode, Brianna & Ashish spoke about
- What is Cloud Security Testing and Assessment ?
- What is a Cyber Kill Chain in a cloud context?
- How to get started in Cloud Pentesting?
- The need for Cloud Certification and recommendations for Beginners?
- Is there something people are not talking enough about in a Cloud Security context?
- And much more...
ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv
Twitter - @kaizenteq @hashishrajan
If you want to watch videos of this and previous episodes:
Twitch Channel: https://lnkd.in/gxhFrqw
Youtube Channel: https://lnkd.in/gUHqSai
What is GOOD COMPANY CULTURE (WITH EXAMPLE ) during COVID19 with remote employees!
Cloud Security Podcast
05/31/20 • 37 min
In this episode sponsored by Virtual Coffee with Ashish edition, we spoke with Graeme Cantu-Park, CISO of Matilion
- Host: Ashish Rajan - Twitter @hashishrajan
- Guest: Graeme Cantu-Park - Linkedin
- What is culture - why is it important and how does it intersect with security?
- How is culture done right for remote employees, thanks COVID!
- Why is culture in Growth organisations so important?
- Can you tell me some examples from experience of what worked well there?
- Security often isn't included in a growth organisation until a later stage (look at zoom). How do you apply security without disrupting culture?
- Anyone starting in a CISO/Head of Security role with a small team or brought into building the team, what should they focus on in the beginning?
- Is it more a low cost security product or build first approach you prefer to doing security in a growth environment?
ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv
Twitter - @kaizenteq @hashishrajan
If you want to watch the previous episodes:
- Twitch Channel: https://lnkd.in/gxhFrqw
- Youtube Channel: https://lnkd.in/gUHqSai
NIST CyberSecurity Metrics for the Board - Taylor Hersom
Cloud Security Podcast
05/10/20 • 57 min
In this episode of the Virtual Coffee with Ashish edition, we spoke with @Taylor Hersom about
- Why do CyberSecurity Professionals need to think about talking Cyber Security to the board?
- What kind of cybersecurity metrics works best for Board?
- Is Fear, Uncertainty, Doubt (FUD) the right way to approach presenting cybersecurity to the board?
- FAIR methodology to put $ value against each RISK - Risk and Governance is a great space to start for those who want to start in cybersecurity but are not too technical?
- Does being knowledgable in datacenter governance beneficial in world of Cloud?
- Can companies get NIST Certified or is it only NIST Compliance?
- NIST vs ISO vs CMMC and Department of Defence affecting the industry?
ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv
Twitter - @kaizenteq @hashishrajan
Cloud Center of Excellence in AWS | How Atlassian manages Risk and Compliance - Atlassian 2020
Cloud Security Podcast
04/05/20 • 37 min
In this episode, we sit with Michael Fuller, Cloud Centre of Excellence, Atlassian.
Michael & Ashish spoke about
- Importance of being standardisation of security across the cloud footprint?
- Challenges of having standardised security when a M&A bring companies which are lot more mature in cloud?
- What were the challenges of implementing this in a global company like Atlassian?
- How do you classify maturity in cloud? What does the maturity scale look for you?
- How do global teams at Atlassian do effective decision making while working remotely?
More info and show notes on www.cloudsecuritypodcast.tv
Twitter - @kaizenteq @hashishrajan Michael Fuller
How HASHICORP works with 90 percent Staff works Remotely | Incident Response | AWS Cloud Native! - Will Bengtson
Cloud Security Podcast
03/22/20 • 57 min
In this episode, we sit with Will Bengtson, Director for Threat Detection and Response, Hashicorp.
Will & Ashish spoke about
- What is Cloud Native & Cloud Security?
- How do you start with Threat Detection and Incident Response in AWS?
- Measuring Maturity for response to threats in Cloud?
- How can people work from home, Hashicorp has been 90% remote since the beginning
More info and show notes on www.cloudsecuritypodcast.tv
Twitter - @kaizenteq @hashishrajan @WillBengtson(__muscles)
Docker Security Best practice | Container Security 101 in AWS - Michael Hausenblas, Product Developer Advocate, AWS
Cloud Security Podcast
03/01/20 • 42 min
Michael Hausenblas is a Product Developer Advocate, Amazon Web Services (AWS) Container Service team.
Michael & Ashish spoke about
- Basics of Container Security Keeping Containers stateless vs building data stores in container cluster
- Container Security for someone starting on Container security today
- Misconceptions around Container Security?
- What a mature container security looks like?
- Incident Response in Container cluster environments?
More details in the podcast. More info and show notes on www.cloudsecuritypodcast.tv
Twitter - @kaizenteq @hashishrajan Michael Hausenblaus - Twitter @mhausenblas
Essential Strategies to master Incident Response in Cloud
Cloud Security Podcast
04/02/24 • 45 min
How do you build a Robust Detection Framework? Ashish spoke to Andrew Tabona, SVP of Cyber Threat Management and Incident Response at a Fortune 500 company about challenging the conventional wisdom of applying on-premise incident response plans to cloud environments. They speak about the critical metrics of mean time to detect, respond, and recover, and why mastering the fundamentals is key to effective cloud security.
The conversation also covers practical strategies for building a detection framework, the importance of a balanced approach to log ingestion, and the nuanced differences in incident response between cloud and traditional on-premise environments.
Guest Socials: Andrew Tabona
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(03:20) A bit about Andrew Tabona
(04:26) What is Threat Detection and Response?
(06:14) Why incident response is different in Cloud?
(09:18) Benefits of doing Incident Response in Cloud?
(10:29) Is CSPM your incident response tool?
(12:33) Where to start with Detection in Cloud?
(16:35) Getting buy in from other teams for threat detection
(20:15) Should you build or buy a cybersecurity solution?
(22:34) Responding to incidents in a Cloud Context
(26:01) Containing incidents in a Cloud Context
(28:34) What kind of access do IR teams need?
(30:36) Balancing the signal to noise ratio
(32:10) Where to start with Threat Detection and Response
(34:37) Challenges an organisation might face
(35:58) Threat Detection and Response in MultiCloud
(37:52) Showing ROI of Cybersecurity to the business
(38:57) Where to learn about IR and Threat Detection?
(41:09) Fun Section
(44:14) Where you can connect with Andrew
Show more best episodes
Show more best episodes
FAQ
How many episodes does Cloud Security Podcast have?
Cloud Security Podcast currently has 313 episodes available.
What topics does Cloud Security Podcast cover?
The podcast is about Podcasts and Technology.
What is the most popular episode on Cloud Security Podcast?
The episode title 'Getting Infrastructure as Code (IaC) Security Culture right! - Yoni Leitersdorf' is the most popular.
What is the average episode length on Cloud Security Podcast?
The average episode length on Cloud Security Podcast is 39 minutes.
How often are episodes of Cloud Security Podcast released?
Episodes of Cloud Security Podcast are typically released every 6 days, 21 hours.
When was the first episode of Cloud Security Podcast?
The first episode of Cloud Security Podcast was released on Nov 28, 2019.
Show more FAQ
Show more FAQ