
Guest: John Doyle, Principle Intelligence Enablement Consultant at Mandiant / Google Cloud Topics: You have created a new intelligence class focused on building enterprise threat intelligence capability, so what is the profile of an organization and profile for a person that benefits the most from the class? There are many places to learn threat intel (TI), what is special about your new class? You talk about country cyber operations in the class, so what is the defender - relevant difference between, say, DPRK and Iran cyber doctrines? More generally, how do defenders benefit from such per country intel? Can you really predict what the state-affiliated attackers would do to your organization based on the country doctrine? In many minds, TI is connected to attribution. What is your best advice on attribution to CISOs of well-resourced organizations? What about mainstream organizations? Overall we see a lot of organizations still failing to operationalize TI, especially strategic TI, how does this help them? Resources: The new class “Inside the Mind of APT” “Navigating Tradeoffs of Attribution” paper Sands Casino hack 2014 "Threat Horizons - How Google Does Threat Intelligence" (ep112)
Jul 3, 2023
27 min

Guest: Ian Glazer, founder at Weave Identity, ex-Gartner, ex-SVP of Products at Salesforce, co-founder of IDPro Topics: OK, tell us why Identity and Access Management (IAM) is exciting (is it exciting?) Could you also explain why IAM is even more exciting in the cloud? Are you really “one IAM mistake away from a breach” in the cloud? What advice would you give to someone new to IAM? How to not just “learn IAM in the cloud” but to keep learning IAM? Is what I know about IAM in AWS the same as knowing IAM for GCP? What advice do you have for teams operating in a multi-cloud world? What are the top cloud IAM mistakes? How to avoid them? Resources: Video (LinkedIn, YouTube) IDPro association and BoK SCIM v2 standard EP60 Impersonating Service Accounts in GCP and Beyond: Cloud Security Is About IAM? EP76 Powering Secure SaaS … But Not with CASB? Cloud Detection and Response? EP94 Meet Cloud Security Acronyms with Anna Belak
Jun 26, 2023
30 min

Guests: Dominik Richter, the founder and head of product at Mondoo Cooked questions: What is a policy, is that the same as a control, or is there a difference? And what’s the gap between a policy and a guardrail? We have IaC, so what is this Policy as Code? Is this about security policy or all policies for cloud? Who do I hire to write and update my policy as code? Do I need to be a coder to create policy now? Who should own the implementation of Policy as Code? Is Policy as Code something that security needs to be driving? Is it the DevOps or Platform Engineering teams? How do organizations grow into safely rolling out new policy as code code? You [Mondoo] say that "cnspec assesses your entire infrastructure's security and compliance" and this problem has been unsolved for as long as the cloud existed. Will your toolset change this? There are other frameworks that exist for security testing like HashiCorp’s sentinel, Open Policy Agent, etc and you are proposing a new one with MQL. Why do we need another security framework? What are some of the success metrics when adopting Policy as Code? Resources: Live video (LinkedIn, YouTube) “Why Infrastructure as Code Is Setting You up to Make Bad Things Faster” blog
Jun 19, 2023
31 min

Guest: David Swift, Security Strategist at Netenrich Topics: Which old Security Information and Event Management (SIEM) lessons apply today? Which old SIEM lessons absolutely do not apply today and will harm you? What are the benefits and costs of SIEM in 2023? What are the top cloud security use cases for SIEM in 2023? What are your favorite challenges with SIEM in 2023 special in the cloud? Are they different from, say, 2013 or perhaps 2003? Do you think SIEM can ever die? Resources: Live video (LinkedIn, YouTube) “Debating SIEM in 2023, Part 1” and “Debating SIEM in 2023, Part 2” blogs “Detection as Code? No, Detection as COOKING!” blog “A Process for Continuous Security Improvement Using Log Analysis” (old but good) “UEBA, It's Just a Use Case” blog “Situational Awareness Is Key to Faster, Better Threat Detection” blog and other SIEM reading MITRE 15 detection techniques paper
Jun 12, 2023
29 min

Guest: Panos Mavrommatis, Senior Engineering Director at Google Cloud Topics: Could you give us the 30 second overview of our favorite “billion user security product” - SafeBrowsing - and, since you were there, how did it get started? SafeBrowsing is a consumer and business product – are you mitigating the same threats and threat models on each side? Making this work at scale can’t be easy, anytime we’re talking about billion device protection, there are massive scale questions. How did we make it work at such a scale? Talk to us about the engineering and scaling magic behind the low false positive rate for blocking? Resources: “Foundryside” book
Jun 5, 2023
25 min

Guest: Jack Naglieri, Founder and CEO at Panther Topics: What is good detection, defined at micro-level for a rule or a piece of detection content? What is good detection, defined at macro-level for a program at a company? How to reliably produce good detection content at scale? What is a detection content lifecycle that reliably produces good detections at scale? What is the purpose of a SIEM today? Where do you stand on a classic debate on vendor-written vs customer-created detection content? Resources: “Essentialism” book “The 5 AM Club” book “Good to Great” book “Why Is Threat Detection Hard” blog “Think Like a Detection Engineer, Pt. 2: Rule Writing” blog “Detection as Code? No, Detection as COOKING!” blog Open Cybersecurity Schema Framework (OCSF)
May 29, 2023
39 min

Guest: Michele Chubirka, Senior Cloud Security Advocate, Google Cloud Topics: So, if somebody wakes you up at 3AM (“Anton’s 3AM test”) and asks “Do we need firewalls in the cloud?” what would you say? Firewalls (=virtual appliances in the cloud or routing cloud traffic through physical firewalls) vs firewalling (=controlling network access) in the cloud, do they match the cloud-native realities? How do you implement trust boundaries for access control with cloud-native options? Can you imagine a modern cloud native security architecture that includes a firewall? Can you imagine a modern cloud native security architecture that excludes any firewalling? Firewall, NIDS, NIPS, NGFW …. How do these other concepts map to the cloud? How do you build a "traditional-like" network visibility layer in the cloud (and do we need to)? Resources: Video version of this episode: LinkedIn or YouTube “Security Architect View: Cloud Migration Successes, Failures and Lessons” (ep105) “Love it or Hate it, Network Security is Coming to the Cloud” with Martin Roesch (ep113) Gartner Bimodal IT definition Ross Anderson “Security Engineering” book The New Stack blog Trireme tool CNCF site security landscape Google Cloud Firewall
May 22, 2023
34 min

Guests: Nelly Porter, Group Product Manager, Google Cloud Rene Kolga, Senior Product Manager, Google Cloud Topics: Could you remind our listeners what confidential computing is? What threats does this stop? Are these common at our clients? Are there other use cases for this technology like compliance or sovereignty? We have a new addition to our Confidential Computing family - Confidential Space. Could you tell us how it came about? What new use cases does this bring for clients? Resources: “Confidentially Speaking” (ep1) “Confidentially Speaking 2: Cloudful of Secrets” (ep48) “Introducing Confidential Space to help unlock the value of secure data collaboration” Confidential Space security overview “The Is How They Tell Me The World Ends” by Nicole Perlroth NIST 800-233 “High-Performance Computing (HPC) Security: Architecture, Threat Analysis, and Security Posture”
May 15, 2023
31 min

Guest: Jeff Reed, VP of Product, Cloud Security @ Google Cloud Topics: You’ve had a long career in software and security, what brought you to Google Cloud Security for this role? How do you balance the needs of huge global financials that often ask for esoteric controls (say EKM with KAJ) vs the needs of SMBs that want easy yet effective, invisibility security? We’ve got an interesting split within our security business: some of our focus is on making Google Cloud more secure, while some of our focus is on selling security products. How are you thinking about the strategy and allocation between these functions for business growth? What aspects of Cloud security have you seen cloud customers struggle with the most? What’s been the most surprising or unexpected security challenge you’ve seen with our users? “Google named a Leader in Forrester Wave™ IaaS Platform Native Security” - can you share a little bit about how this came to be and what was involved in this? Is cloud migration a risk reduction move? Resources: “Google named a Leader in Forrester Wave™ IaaS Platform Native Security” “Sunil Potti on Building Cloud Security at Google” (ep102) Books by Haruki Murakami We are hiring product managers!
May 8, 2023
26 min

Guest: Connie Fan, Senior Product and Business Strategy Lead, Google Cloud Topics: We were at RSA 2023, what did we see that was notable and surprising? Cloud security showed up with three startups with big booths, and one big player with a small demo station. What have we learned here? What visitors might have seen at the Google Cloud booth that we're really excited about? Could you share why we chose these two AI cases - generation of code and summarization of complex content - out of all the possibilities and the sometimes zany things we saw elsewhere on the floor? Could you share a story or two that highlights how we came to this AI launch and what it looked like under the surface? Resources: “RSA 2023 - How to Protect Your Organization from Cyberattacks in Time of Political Turmoil” (ep118) “RSA 2022 Reflections - Securing the Past vs Securing the Future” (ep70) “How We Attack AI? Learn More at Our RSA Panel!” (ep68) “Security Operations, Reliability, and Securing Google with Heather Adkins” (ep20)
May 1, 2023
24 min
Load more
