Cloud Security Today
Matthew Chiodi
The Cloud Security Today podcast features expert commentary and personal stories on the “how” side of cybersecurity. This is not a news program but rather a podcast that focuses on the practical side of launching a cloud security program, implementing DevSecOps, cyber leadership, and understanding the threats most impacting organizations today.
All episodes
Best episodes
Seasons
Top 10 Cloud Security Today Episodes
Goodpods has curated a list of the 10 best Cloud Security Today episodes, ranked by the number of listens and likes each episode have garnered from our listeners. If you are listening to Cloud Security Today for the first time, there's no better place to start than with one of these standout episodes. If you are a fan of the show, vote for your favorite Cloud Security Today episode by adding your comments to the episode page.
The Software Factory
Cloud Security Today
08/22/22 • 37 min
S2E8 - The Software Factory with Chris Hughes
Episode Summary
On this episode, CISO and Co-Founder of Aquia, Chris Hughes, joins Matt to talk about building security in the cloud using automation and compliance. Chris’s career spans over 20 years in the IT/Cybersecurity industry, as well as in active service in the US Military.
Chris talks about licensing and certifications, Cloud innovation, and achieving continuous ATO. How are software factories created and operationalized? Hear about the people side of the business, effectively building a community, and get Chris’s formula for personal growth.
Timestamp Segments
· [01:19] Chris’s 28 licenses and certifications.
· [02:44] The value of certifications.
· [05:08] Chris’s Air Force experience.
· [06:25] About Aquia.
· [07:46] DoD vs the federal civilian space.
· [09:01] BatCave.
· [10:04] Federal DoD compliance.
· [12:55] How do agencies achieve Continuous ATO in the cloud?
· [16:04] Software Factories.
· [21:07] How it’s gone wrong.
· [23:12] What it looks like to stand up a Software Factory.
· [25:24] What works on the people side?
· [28:42] What is an effective way to build a community?
· [32:30] Why Chris reads physical books.
· [35:07] Chis’s formula for personal growth.
Notable Quotes
· “The journey is going to be unique to the organization. It’s not going to be the same for everyone.”
· “Just be real.”
Relevant Links
Aquia: https://www.aquia.us
LinkedIn: https://www.linkedin.com/in/chris-h-97680442
GutHub: Federal DoD Software Factory Compliance
The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Keeping Governments Secure in the Cloud
Cloud Security Today
07/13/21 • 40 min
Cloud security is essential for any business but particularly for government agencies. On today’s episode, we speak with an expert in the field, Ravi Raghava, who is Chief Cloud Strategist at General Dynamics Information Technology (GDIT). Ravi speaks about his personal experience with dozens of cloud deployments for civil agencies and shares best practices.
Acronyms
- ATO = Authority to Operate
- POAM = Plan of Action and Milestones
- CDM = Continuous Diagnostics and Mitigation
- OCM = Organizational Change Management
Tweetables:
“Over the next few years, we will see a lot of traction and we will see accelerated workload migration to the cloud. It's not just one cloud but multiple clouds, and multi-cloud is becoming the new norm.” — Ravi Raghava [0:04:55]
“We are very strong advocates of OCM, and we work with our government customers to have a well thought-through strategy, providing the right skills, the right training, right medium of training to people.” — Ravi Raghava [0:25:43]
“Having those security frameworks in place, testing infrastructure, having those security tools in place nicely help you automate the entire thing because automation is key.” — Ravi Raghava [0:31:20]
Links Mentioned in Today’s Episode:
Ravi Raghava on LinkedIn
GDIT
JFrog
Prisma Cloud
Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
How COVID-19 Impacted Cloud Security
Cloud Security Today
06/14/21 • 34 min
In this episode, Nathanial Quist, also known as ‘Q’ returns along with Dr. Jay Chen, both of whom listeners might recognize from our inaugural episode where we discussed how common identity misconfigurations can undermine cloud security. Both Jay and Q are threat researchers with Palo Alto Networks Unit 42. Unit 42 is the global threat intelligence team at Palo Alto Networks and a recognized authority on cyberthreats, frequently sought out by enterprises and government agencies around the world.
In our conversation, they discuss what they found in their latest Cloud Threat Report examining the impact of the COVID-19 pandemic. We explore how the tremendous increase in remote work has affected cloud security and why Jay is more concerned over the number of mistakes that people are making, rather than the type of mistakes. Tuning in you’ll hear what organizations can do to curtail the recent rise in security incidents and some interesting observations that Q and Jay learned from their data, such as the fact that even malicious hackers need a holiday and don’t want to spend all their time in front of a computer cryptojacking :-)
Key Points From This Episode:
- Cloud security incidents grew, on average, 188% pre vs. post COVID-19 discovery.
- Retail organizations saw the greatest increase in security incidents at 402%.
- The cloud is no longer for low-impact data: 69% of data is PII.
Tweetables:
“We saw a decrease in crypto mining operations during the holiday period between December 24th through January 3rd. It just kind of goes to show that even malicious crypto miners want to take a holiday.” — Nathanial Quist [0:25:26]
“Standardization can help you find the issue but automation can help you to prevent or mitigate [it].” — Jay Chen [0:32:02]
Links Mentioned in Today’s Episode:
The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Zero trust with no FUD
Cloud Security Today
07/21/22 • 46 min
In today’s episode, the Creator of Zero Trust, John Kindervag, joins Matt on the show to discuss implementing Zero Trust in your organization. While at Forrester Research in 2010, John developed Zero Trust, promising adequate and effective protection of an organization’s most valuable assets.
Today, John talks about the driving force behind Zero Trust, the concept of the Protect Surface, and Kipling Method Policies. Why is trust a vulnerability? Hear about Zero Trust, Shadow IT, and get John’s recommended resources.
Timestamp Segments
· [02:20] About John.
· [05:29] How does John define Zero Trust?
· [07:45] Why is trust a vulnerability?
· [09:56] The Protect Surface.
· [12:32] Kipling Method Policies.
· [17:22] The roadmap to Zero Trust at scale.
· [22:56] It’s the inspection that matters.
· [28:26] Zero Trust in the Cloud.
· [31:33] Shadow IT.
· [38:54] Tracking specific metrics.
· [40:58] John’s resource recommendations.
Notable Quote
"We can never stop cyber attacks from happening, but we can stop them from being successful.”
Relevant Links
Recommended Reading:
The Zero Trust Learning Curve.
Antifragile, by Nassim Nicholas Taleb.
On Grand Strategy, by John Gaddis.
Winning in FastTime, by John Warden.
LinkedIn: https://www.linkedin.com/in/john-kindervag-40572b1
ISMG: https://ismg.io
The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Building security natively
Cloud Security Today
05/21/22 • 46 min
Originally recorded in September of 2021...today’s guest is Justin Berman, the Vice President of Infrastructure and IT and the CISO at Thirty Madison. Thirty Madison is aiming to be a platform that everyone can use to deal with their chronic healthcare needs. Justin’s main focus is on building out the teams that enable scaling. With his development background, Justin has some unique ideas when it comes to cloud security, which makes for a fascinating interview. You’ll walk away from this episode with a new perspective on how to build security into products from the start and a better understanding of how to transition smoothly from on-prem to the cloud.
Tweetables
“I see security as an engineering problem. What I mean by that is not that there aren't things that you solve with process, or with policy, or training, but rather that in as many places as possible if you want to have a scaled effect within security, you need to write code to solve a problem.” — @justinmberman [0:06:03]
Justin Berman on LinkedIn
Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Dr. Zero Trust on zero trust
Cloud Security Today
01/20/25 • 36 min
In this conversation, Dr. Chase Cunningham, aka Dr. Zero Trust, shares his unique journey into the cybersecurity field, emphasizing the importance of purpose and self-care in a high-stress industry. He discusses the challenges of implementing zero trust strategies in organizations, the significance of understanding offensive tactics to enhance defensive measures, and the need for systemic change in national cybersecurity. Dr. Zero Trust also provides valuable advice for aspiring cybersecurity professionals, highlighting the supportive community and the importance of continuous learning.
Takeaways
- Zero Trust is a strategy, not a product.
- Self-care is critical in high-stress environments.
- Understanding offensive tactics is essential for defense.
- Start small when implementing Zero Trust.
Matt joins a startup
Cloud Security Today
06/27/22 • 22 min
This episode of the Cloud Security Today podcast is a little different from the others because this time host Matthew Chiodi gives the interviewer’s seat over to Yousuf Khan and they talk about an exciting new development in Matt’s career.
Matt announces a big career move and talks about how he’s hoping to fix some of the biggest problems in SaaS security today. He tells Yousuf about his new role and the fresh approach that his new company is bringing to the field. At the end of the episode, they discuss working in a start-up environment and give advice to anyone considering working in a start-up.
If you enjoyed this episode, subscribe, or follow Cloud Security Today wherever you get your podcasts.
Timestamps
[0:28] Matt introduces the topic for today’s episode
[1:50] Exciting news from Matt about his latest career move
[5:10] Matt explains one of the biggest challenges in app security today
[7:25] How have we managed app security up to now?
[9:20] So how does Cerby work?
[11:32] Matt’s new role at Cerby and an outline of his first few months
[12:50] Why Matt likes working in a start-up environment
[14:05] How Matt became interested in Cerby
[16:20] What’s next for Cerby?
[18:10] The advice that Matt would give to anyone looking to join a start-up
[20:40] Yousuf adds his thoughts about working for a start-up
Episode Links
Ridge Ventures
Yousuf Khan's Linkedin Profile
Cerby's website
Matt's Linkedin Profile
What Is Threat Intelligence?
Cloud Security Today
04/18/22 • 37 min
In this episode (originally recorded in November of 2021) we speak with Palo Alto Networks, VP of Threat Intel, Ryan Olson. Ryan helps define what threat intelligence actually is and how to get started building a program. He aptly reminds us that producing threat intel for the sake of threat intel is a waste of time. More importantly you first have to ask yourself, “Who’s going to be using this information?”.
Tweetables
“Producing threat intel for the sake of threat intel is a waste of time. What you should be doing is thinking ‘Who’s going to take the information that I have produced and use that to make a better decision?’ Because that's the goal of threat intelligence, to help a system, or a person, or a team, or a company make better decisions that will help secure them better.” — Ryan Olson [0:04:24]
“If I could give people one recommendation, if you can get access to your SSL traffic so that you can decrypt it and you can inspect it, you will have a much better chance at detecting bad stuff in your network than you would without it.” — Ryan Olson [0:29:58]
Links Mentioned in Today’s Episode:
Unit 42 Palo Alto Networks Careers
The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Fed Clouds
Cloud Security Today
02/14/22 • 34 min
In a world where cyber-attacks are ever-changing, cybersecurity has to adapt accordingly. Joining us today to delve into the world of cloud security for federal agencies is Sandeep Shilawat, Vice President of Cloud and Edge Computing at ManTech. Sandeep has extensive experience in both Commercial and Federal technology markets. We’ll get to hear his predictions on where the cloud world is heading, as well as what the Federal Authority to Operate (ATO) process will look like in the future. We learn the benefits of cloud compliance standards, as well as how FedRAMP is leveling the playing field in federal cloud computing. We also touch on the role of 5G in cloud computing, and why its presence will disrupt going forward. Join us as we pick Sandeep’s brain for some insights into the present and future of federal cybersecurity.
Tweetables
“Visibility has become [the] single biggest challenge and nobody's dealing with cloud management in a multi-cloud perspective from cradle to grave.” — @Shilawat [0:09:03]
“I think that having a managed cloud service is probably the first approach that should be considered by an agency head. I do think that that's where the market is heading. Sooner or later, it will probably become a de facto way of doing cloud security.” — @Shilawat [0:19:43]
Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
The New SEC Rule
Cloud Security Today
11/20/23 • 46 min
Episode Summary
In this episode, Special Advisor for Cyber Risk at the NACD, Christopher Hetner, returns to the show to discuss the new SEC cybersecurity rules. Chris has over 25 years of experience in cybersecurity, helping protect industries, infrastructures, and economies, serving in roles including as SVP of Information Security at Citi, Senior Cybersecurity Advisor to the Chairman of the US SEC, Executive Member of IANS, the National Board Director of the Society of Hispanic Professional Engineers, Senior Advisor for the Chertoff Group, Senior Advisor to the CEO of Stuart Levine & Associates, and Co-Chair of Nasdaq Cybersecurity and Privacy.
Today, Chris talks about the developments since January 2023, the timeframe requirements in practice, and normalizing cybersecurity incidents as business-as-usual. What is Inline XBRL? Learn how startups could prepare themselves for these changes, the scope of disclosure, and how risk management strategies might evolve to address Cloud-specific threats.
Timestamp Segments
· [02:36] What has changed since January?
· [06:49] Why things changed.
· [08:51] Was it a good move?
· [12:27] Determining the materiality of cybersecurity incidents “without unreasonable delay.”
· [17:49] Is 4 days enough?
· [22:19] The scope of disclosure.
· [24:09] Normalizing cybersecurity incidents.
· [26:24] Moving toward real-time monitoring.
· [28:52] Is insurance becoming a forcing function?
· [32:18] Evolving risk management strategies.
· [36:05] Third-party disclosure requirements
· [39:51] How do startups prepare?
· [41:52] What is Inline XBRL?
· [42:54] Inline XBRL to 8-k.
· [43:30] How the tagging requirement impact the disclosure process.
Notable Quotes
· “The magnitude of these events is the percentage of the event relative to revenue.”
· “We’re going to see market forces drive these safety standards within our enterprises.”
Relevant Links
LinkedIn: Christopher Hetner
Resources:
https://www.sec.gov/news/press-release/2023-139.
The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Show more best episodes
Show more best episodes
FAQ
How many episodes does Cloud Security Today have?
Cloud Security Today currently has 52 episodes available.
What topics does Cloud Security Today cover?
The podcast is about Cloud, Aws, Supply Chain, Podcasts, Google, Technology, Business and Careers.
What is the most popular episode on Cloud Security Today?
The episode title 'The Software Factory' is the most popular.
What is the average episode length on Cloud Security Today?
The average episode length on Cloud Security Today is 42 minutes.
How often are episodes of Cloud Security Today released?
Episodes of Cloud Security Today are typically released every 30 days.
When was the first episode of Cloud Security Today?
The first episode of Cloud Security Today was released on Mar 10, 2021.
Show more FAQ
Show more FAQ