Cloud Security Podcast by Google

Guest:

• Brandon Wood, Product Manager for Google Threat Intelligence

Topics:

• Threat intelligence is one of those terms that means different things to everyone–can you tell us what this term has meant in the different contexts of your career? What do you tell people who assume that “TI = lists of bad IPs”?
• We heard while prepping for this show that you were involved in breaking up a human trafficking ring: tell us about that!
• In Anton’s experience, a lot of cyber TI is stuck in “1. Get more TI 2. ??? 3. Profit!” How do you move past that?
• One aspect of threat intelligence that’s always struck me as goofy is the idea that we can “monitor the dark web” and provide something useful. Can you change my mind on this one?
• You told us your story of getting into sales, you recently did a successful rotation into the role of Product Manager,, can you tell us about what motivated you to do this and what the experience was like?
• Are there other parts of your background that inform the work you’re doing and how you see yourself at Google?
• How does that impact our go to market for threat intelligence, and what’re we up to when it comes to keeping the Internet and broader world safe?

Resources:

• Video
• EP175 Meet Crystal Lister: From Public Sector to Google Cloud Security and Threat Horizons
• EP128 Building Enterprise Threat Intelligence: The Who, What, Where, and Why
• EP112 Threat Horizons - How Google Does Threat Intelligence
• Introducing Google Threat Intelligence: Actionable threat intelligence at Google scale
• A Requirements-Driven Approach to Cyber Threat Intelligence

Guest:

• Elie Bursztein, Google DeepMind Cybersecurity Research Lead, Google

Topics:

• Given your experience, how afraid or nervous are you about the use of GenAI by the criminals (PoisonGPT, WormGPT and such)?
• What can a top-tier state-sponsored threat actor do better with LLM? Are there “extra scary” examples, real or hypothetical?
• Do we really have to care about this “dangerous capabilities” stuff (CBRN)? Really really?
• Why do you think that AI favors the defenders? Is this a long term or a short term view?
• What about vulnerability discovery? Some people are freaking out that LLM will discover new zero days, is this a real risk?

Resources:

• “How Large Language Models Are Reshaping the Cybersecurity Landscape” RSA 2024 presentation by Elie (May 6 at 9:40AM)
• “Lessons Learned from Developing Secure AI Workflows” RSA 2024 presentation by Elie (May 8, 2:25PM)
• EP50 The Epic Battle: Machine Learning vs Millions of Malicious Documents
• EP40 2021: Phishing is Solved?
• EP135 AI and Security: The Good, the Bad, and the Magical
• EP170 Redefining Security Operations: Practical Applications of GenAI in the SOC
• EP168 Beyond Regular LLMs: How SecLM Enhances Security and What Teams Can Do With It
• PyRIT LLM red-teaming tool
• Accelerating incident response using generative AI
• Threat Actors are Interested in Generative AI, but Use Remains Limited
• OpenAI’s Approach to Frontier Risk

Guest:

• Henrique Teixeira, Senior VP of Strategy, Saviynt, ex-Gartner analyst

Topics:

• How have you seen IAM evolve over the years, especially with the shift to the cloud, and now AI? What are some of the biggest challenges and opportunities these two shifts present?
• ITDR (Identity Threat Detection and Response) and ISPM (Identity Security Posture Management) are emerging areas in IAM. How do you see these fitting into the overall IAM landscape? Are they truly distinct categories or just extensions of existing IAM practices?
• Shouldn’t ITDR just be part of your Cloud DR or maybe even your SecOps tool of choice? It seems goofy to try to stand ITDR on its own when the impact of an identity compromise is entirely a function of what that identity can access or do, no?
• Regarding workload vs. human identity, could you elaborate on the unique security considerations for each? How does the rise of machine identities and APIs impact IAM approaches?
• We had a whole episode around machine identity that involved turtles–what have you seen in the machine identity space and how have you seen users mess it up?
• The cybersecurity world is full of acronyms. Any tips on how to create a memorable and impactful acronym?

Resources:

• EP166 Workload Identity, Zero Trust and SPIFFE (Also Turtles!)
• EP182 ITDR: The Missing Piece in Your Security Puzzle or Yet Another Tool to Buy?
• EP127 Is IAM Really Fun and How to Stay Ahead of the Curve in Cloud IAM?
• EP94 Meet Cloud Security Acronyms with Anna Belak
• EP162 IAM in the Cloud: What it Means to Do It 'Right' with Kat Traxler
• EP199 Your Cloud IAM Top Pet Peeves (and How to Fix Them)
• EP188 Beyond the Buzzwords: Identity's True Role in Cloud and SaaS Security
• “Playing to Win: How Strategy Really Works” book
• “Open” book

Cross-over hosts:

• Kaslin Fields, co-host at Kubernetes Podcast
• Abdel Sghiouar, co-host at Kubernetes Podcast

Guest:

• Michele Chubirka, Cloud Security Advocate, Google Cloud

Topics:

• How would you approach answering the question ”what is more secure, container or a virtual machine (VM)?”
• Could you elaborate on the real-world implications of this for security, and perhaps provide some examples of when one might be a more suitable choice than the other?
• While containers boast a smaller attack surface (what about the orchestrator though?), VMs present a full operating system. How should organizations weigh these factors against each other?
• The speed of patching and updates is a clear advantage of containers. How significant is this in the context of today's rapidly evolving threat landscape? Are there any strategies organizations can employ to mitigate the slower update cycles associated with VMs?
• Both containers and VMs can be susceptible to misconfigurations, but container orchestration systems introduce another layer of complexity. How can organizations address this complexity and minimize the risk of misconfigurations leading to security vulnerabilities?
• What about combining containers and VMs. Can you provide some concrete examples of how this might be implemented? What benefits can organizations expect from such an approach, and what challenges might they face?
• How do you envision the security landscape for containers and VMs evolving in the coming years? Are there any emerging trends or technologies that could significantly impact the way we approach security for these two technologies?

Resources:

• Container Security, with Michele Chubrika (the same episode - with extras! - at our peer podcast, “Kubernetes Podcast from Google”)
• EP105 Security Architect View: Cloud Migration Successes, Failures and Lessons
• EP54 Container Security: The Past or The Future?
• DORA 2024 report
• Container Security: It’s All About the Supply Chain - Michele Chubirka
• Software composition analysis (SCA)
• DevSecOps Decisioning Principles
• Kubernetes CIS Benchmark
• Cloud-Native Consumption Principles
• State of WebAssembly outside the Browser - Abdel Sghiouar
• Why Perfect Compliance Is the Enemy of Good Kubernetes Security - Michele Chubirka - KubeCon NA 2024

Guest:

• Nicole Beckwith, Sr. Security Engineering Manager, Threat Operations @ Kroger

Topics:

• What are the most important qualities of a successful SOC leader today?
• What is your approach to building and maintaining a high-functioning SOC team?
• How do you approach burnout in a SOC team?
• What are some of the biggest challenges facing SOC teams today?
• Can you share some specific examples of how you have built and - probably more importantly! - maintained a high-functioning SOC team?
• What are your thoughts on the current state of SIEM technology? Still a core of SOC or not?
• What advice would you give to someone who inherited a SOC? What should his/her 7/30/90 day plan include?

Resources:

• EP180 SOC Crossroads: Optimization vs Transformation - Two Paths for Security Operations Center
• EP181 Detection Engineering Deep Dive: From Career Paths to Scaling SOC Teams
• EP58 SOC is Not Dead: How to Grow and Develop Your SOC for Cloud and Beyond
• EP64 Security Operations Center: The People Side and How to Do it Right
• EP73 Your SOC Is Dead? Evolve to Output-driven Detect and Respond!
• EP26 SOC in a Large, Complex and Evolving Organization
• “The first 90 days” book