Cloud Security Podcast by Google

Technology Podcasts

Cloud Security Podcast by Google focuses on security in the cloud, delivering security from the cloud, and all things at the intersection of security and cloud. Of course, we will also cover what we are doing in Google Cloud to help keep our users' data safe and workloads secure. We're going to do our best to avoid security theater, and cut to the heart of real security questions and issues. Expect us to question threat models and ask if something is done for the data subject's benefit or just for organizational benefit. We hope you'll join us if you're interested in where technology overlaps with process and bumps up against organizational design. We're hoping to attract listeners who are happy to hear conventional wisdom questioned, and who are curious about what lessons we can and can't keep as the world moves from on-premises computing to cloud computing.

Location:

United States

Genres:

Technology Podcasts

Description:

Cloud Security Podcast by Google focuses on security in the cloud, delivering security from the cloud, and all things at the intersection of security and cloud. Of course, we will also cover what we are doing in Google Cloud to help keep our users' data safe and workloads secure. We're going to do our best to avoid security theater, and cut to the heart of real security questions and issues. Expect us to question threat models and ask if something is done for the data subject's benefit or just for organizational benefit. We hope you'll join us if you're interested in where technology overlaps with process and bumps up against organizational design. We're hoping to attract listeners who are happy to hear conventional wisdom questioned, and who are curious about what lessons we can and can't keep as the world moves from on-premises computing to cloud computing.

Twitter:

@CloudSecPodcast

Language:

English

Website:

http://cloudsecuritypodcast.libsyn.com/website

Episodes

EP253 The Craft of Cloud Bug Hunting: Writing Winning Reports and Secrets from a VRP Champion

11/24/2025

Guests: Sivanesh Ashok Topics: Resources: EP220 Big Rewards for Cloud Security: Exploring the Google VRP Cloud Vulnerability Reward Program Rules Insights from BugSWAT Google Cloud's Vulnerability Reward ProgramCritical Thinking Podcast

Duration:00:28:09

EP252 The Agentic SOC Reality: Governing AI Agents, Data Fidelity, and Measuring Success

11/17/2025

Guests: Alexander PabstLars Koenig Topics: kept asking for pudding Resources: EP238 Google Lessons for Using AI Agents for Securing Our Enterprise EP242 The AI SOC: Is This The Automation We've Been Waiting For? EP249 Data First: What Really Makes Your SOC 'AI Ready'? EP236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI "Simple to Ask: Is Your SOC AI Ready? Not Simple to Answer!" blog "How Google Does It: Building AI agents for cybersecurity and defense" "How to Win Friends and Influence People" "Will It Make the Boat Go Faster?

Duration:00:35:53

EP251 Beyond Fancy Scripts: Can AI Red Teaming Find Truly Novel Attacks?

11/10/2025

Guest: Ari Herbert-VossRunSybil Topics: Resource: Kim Zetter Zero Day blog EP230 AI Red Teaming: Surprises, Strategies, and Lessons from Google EP217 Red Teaming AI: Uncovering Surprises, Facing New Threats, and the Same Old Mistakes? EP68 How We Attack AI? Learn More at Our RSA Panel! EP71 Attacking Google to Defend Google: How Google Does Red Team

Duration:00:25:15

EP250 The End of "Collect Everything"? Moving from Centralization to Data Access?

11/3/2025

Guest: Balazs ScheidlerAxoflowsyslog-ng Topics: Resources: EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective EP190 Unraveling the Security Data Fabric: Need, Benefits, and Futures EP228 SIEM in 2025: Still Hard? Reimagining Detection at Cloud Scale and with More PipelinesAxoflow podcastAnton on it "Decoupled SIEM: Where I Think We Are Now?" "Decoupled SIEM: Brilliant or Stupid?" "Output-driven SIEM — 13 years later"

Duration:00:29:21

EP249 Data First: What Really Makes Your SOC 'AI Ready'?

10/27/2025

Guest: Monzy MerzaCrogl Topics: Resources: EP242 The AI SOC: Is This The Automation We've Been Waiting For? EP170 Redefining Security Operations: Practical Applications of GenAI in the SOC EP227 AI-Native MDR: Betting on the Future of Security Operations? EP236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI EP238 Google Lessons for Using AI Agents for Securing Our Enterprise "Simple to Ask: Is Your SOC AI Ready? Not Simple to Answer!" Nassim Taleb “Antifragile” book “AI Superpowers” book“Attention Is All You Need”

Duration:00:30:37

EP248 Cloud IR Tabletop Wins: How to Stop Playing Security Theater and Start Practicing

10/20/2025

Guest: Jibran Ilyas Topics: Resources: EP60 Impersonating Service Accounts in GCP and Beyond: Cloud Security Is About IAM? EP179 Teamwork Under Stress: Expedition Behavior in Cybersecurity Incident Response EP222 From Post-IR Lessons to Proactive Security: Deconstructing Mandiant M-Trends EP177 Cloud Incident Confessions: Top 5 Mistakes Leading to Breaches from Mandiant EP158 Ghostbusters for the Cloud: Who You Gonna Call for Cloud Forensics EP98 How to Cloud IR or Why Attackers Become Cloud Native Faster?

Duration:00:32:42

EP247 The Evolving CISO: From Security Cop to Cloud & AI Champion

10/13/2025

Guest: David Gee Topics: "Aspiring CIO and CISO" Resources: “A Day in the Life of a CISO: Personal Mentorship from 24+ Battle-Tested CISOs — Mentoring We Never Got” “The Aspiring CIO and CISO: A career guide to developing leadership skills, knowledge, experience, and behavior” EP201 Every CTO Should Be a CSTO (Or Else!) - Transformation Lessons from The Hoff EP101 Cloud Threat Detection Lessons from a CISO EP104 CISO Walks Into the Cloud: And The Magic Starts to Happen! EP129 How CISO Cloud Dreams and Realities Collide CISO podcast episodes “Shadow Agents: A New Era of Shadow AI Risk in the Enterprise” “Blocking shadow agents won’t work. Here’s a more secure way forward”

Duration:00:29:00

EP246 From Scanners to AI: 25 Years of Vulnerability Management with Qualys CEO Sumedh Thakar

10/6/2025

Guest: Sumedh ThakarQualys Topics: Resources: 2025 DBIR Report Qualys ROC concept definedQualys ROC-on conference Shaping the Future of Cyber Risk Management Qualys State of Cyber Risk Assessment Report EP109 How Google Does Vulnerability Management: The Not So Secret Secrets!

Duration:00:36:53

EP245 From Consumer Chatbots to Enterprise Guardrails: Securing Real AI Adoption

9/29/2025

Guest: Rick CacciaWitness AI Topics: Resources: EP226 AI Supply Chain Security: Old Lessons, New Poisons, and Agentic Dreams EP173 SAIF in Focus: 5 AI Security Risks and SAIF Mitigations EP84 How to Secure Artificial Intelligence (AI): Threats, Approaches, Lessons So FarWitness AI blog Shadow Agents: A New Era of Shadow AI Risk in the Enterprise Blocking shadow agents won’t work. Here’s a more secure way forward Shadow AI Strikes Back: Enterprise AI Absent Oversight in the Age of Gen AI Cloud CISO Perspectives: How Google secures AI Agents “The Soul of a New Machine”Emoji Attack: A Method for Misleading Judge LLMs in Safety Risk Detection

Duration:00:33:35

EP244 The Future of SOAPA: Jon Oltsik on Platform Consolidation vs. Best-of-Breed in the Age of Agentic AI

9/22/2025

Guest: Jon Oltsik Topics: SOAPAdecoupling Resources: “The Cybersecurity Bridge”Anton on it EP236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI EP242 The AI SOC: Is This The Automation We've Been Waiting For? EP202 Beyond Tiered SOCs: Detection as Code and the Rise of Response Engineering EP180 SOC Crossroads: Optimization vs Transformation - Two Paths for Security Operations Center EP170 Redefining Security Operations: Practical Applications of GenAI in the SOC EP73 Your SOC Is Dead? Evolve to Output-driven Detect and Respond!Daniel Suarez “Daemon”“Delta V”

Duration:00:27:32

EP243 Email Security in the AI Age: An Epic 2025 Arms Race Begins

9/15/2025

Guest: Cy KhormaeeAegisAIRyan LuoAegisAI Topics: Resources: aegisai.ai EP40 2021: Phishing is Solved? EP41 Beyond Phishing: Email Security Isn't Solved EP28 Tales from the Trenches: Using AI for Gmail Security EP50 The Epic Battle: Machine Learning vs Millions of Malicious Documents

Duration:00:29:00

EP242 The AI SOC: Is This The Automation We've Been Waiting For?

9/8/2025

Guest: Augusto Barros, Principal Product Manager, Prophet Security, ex-Gartner analyst Topics: Resources: LinkedIn SOAR vs AI SOC argument post Are AI SOC Solutions the Real Deal or Just Hype? EP236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI EP238 Google Lessons for Using AI Agents for Securing Our Enterprise EP223 AI Addressable, Not AI Solvable: Reflections from RSA 2025 RSA 2025: AI’s Promise vs. Security’s Past — A Reality Check “Noise: A flaw in human judgement” “Security Chaos Engineering” Kelly episode A Brief Guide for Dealing with ‘Humanless SOC’ Idiots

Duration:00:34:01

EP241 From Black Box to Building Blocks: More Modern Detection Engineering Lessons from Google

9/1/2025

Guest: Rick Correa Topics: SecOps Curated Detection confusion matrix Resources EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective EP231 Beyond the Buzzword: Practical Detection as Code in the Enterprise EP181 Detection Engineering Deep Dive: From Career Paths to Scaling SOC Teams EP139 What is Chronicle? Beyond XDR and into the Next Generation of Security Operations EP123 The Good, the Bad, and the Epic of Threat Detection at Scale with Panther “Back to Cooking: Detection Engineer vs Detection Consumer, Again?” “On Trust and Transparency in Detection” “Detection Engineering Weekly” “Practical Threat Detection Engineering”

Duration:00:31:33

EP240 Cyber Resiliency for the Rest of Us: Making it Happen on a Real-World Budget

8/25/2025

Guest: Errol Weiss Topics: Resources: ISAC history (1998 PDD 63)CISA Known Exploited Vulnerabilities CatalogBrian Krebs blog Health-ISAC Annual Threat Report Health-ISAC HomeHealth Sector Coordinating Council Publications Health Industry Cybersecurity Practices 2023HHS Cyber Performance Goals (CPGs) 10 ways to make cyber-physical systems more resilient EP193 Inherited a Cloud? Now What? How Do I Secure It? EP65 Is Your Healthcare Security Healthy? Mandiant Incident Response Insights EP49 Lifesaving Tradeoffs: CISO Considerations in Moving Healthcare to Cloud EP233 Product Security Engineering at Google: Resilience and Security EP204 Beyond PCAST: Phil Venables on the Future of Resilience and Leading Indicators

Duration:00:29:25

EP239 Linux Security: The Detection and Response Disconnect and Where Is My Agentless EDR

8/18/2025

Guest: Craig H. RowlandSandfly Security Topics: Resources: EP194 Deep Dive into ADR - Application Detection and Response EP228 SIEM in 2025: Still Hard? Reimagining Detection at Cloud Scale and with More Pipelines

Duration:00:25:29

EP238 Google Lessons for Using AI Agents for Securing Our Enterprise

8/11/2025

Guest: Dominik SwieradSec-Gemini Topics: Resources: EP235 The Autonomous Frontier: Governing AI Agents from Code to Courtroom EP236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI EP224 Protecting the Learning Machines: From AI Agents to Provenance in MLSecOps EP227 AI-Native MDR: Betting on the Future of Security Operations? EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil

Duration:00:31:40

EP237 Making Security Personal at the Speed and Scale of TikTok

8/4/2025

Guest: Kim Albarella Questions: Resources: Kim on TikTok @securisheTikTopTips EP214 Reconciling the Impossible: Engineering Cloud Systems for Diverging Regulations EP161 Cloud Compliance: A Lawyer - Turned Technologist! - Perspective on Navigating the Cloud EP14 Making Compliance Cloud-native

Duration:00:28:40

EP236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI

7/28/2025

Guest: Manija Poulatova Topics: SIEM migration composite alerting techniques Resources: EP234 The SIEM Paradox: Logs, Lies, and Failing to Detect EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective EP231 Beyond the Buzzword: Practical Detection as Code in the Enterprise EP184 One Week SIEM Migration: Fact or Fiction? EP125 Will SIEM Ever Die: SIEM Lessons from the Past for the Future EP223 AI Addressable, Not AI Solvable: Reflections from RSA 2025 “Maverick” — Scorched Earth SIEM Migration FTW!“Hack the box”

Duration:00:27:15

EP235 The Autonomous Frontier: Governing AI Agents from Code to Courtroom

7/21/2025

Guest: Anna GresselPaul, Weiss Episode co-host: Marina Kaganovich Questions: Resources: Paul, Weiss Waking Up With AIAppleSpotify Cloud CISO Perspectives: How Google secures AI Agents Securing the Future of Agentic AI: Governance, Cybersecurity, and Privacy Considerations

Duration:00:34:06

EP234 The SIEM Paradox: Logs, Lies, and Failing to Detect

7/14/2025

Guest: Svetla Yankova Topics: Resources: EP223 AI Addressable, Not AI Solvable: Reflections from RSA 2025 EP231 Beyond the Buzzword: Practical Detection as Code in the Enterprise EP228 SIEM in 2025: Still Hard? Reimagining Detection at Cloud Scale and with More Pipelines EP202 Beyond Tiered SOCs: Detection as Code and the Rise of Response Engineering “RSA 2025: AI’s Promise vs. Security’s Past — A Reality Check”Citreno, The Backstory “Parenting Teens With Love And Logic” “Security Correlation Then and Now: A Sad Truth About SIEM”

Duration:00:37:59