Cloud Security Podcast by Google-logo

Cloud Security Podcast by Google

Technology Podcasts

Cloud Security Podcast by Google focuses on security in the cloud, delivering security from the cloud, and all things at the intersection of security and cloud. Of course, we will also cover what we are doing in Google Cloud to help keep our users' data safe and workloads secure. We’re going to do our best to avoid security theater, and cut to the heart of real security questions and issues. Expect us to question threat models and ask if something is done for the data subject’s benefit or just for organizational benefit. We hope you’ll join us if you’re interested in where technology overlaps with process and bumps up against organizational design. We’re hoping to attract listeners who are happy to hear conventional wisdom questioned, and who are curious about what lessons we can and can’t keep as the world moves from on-premises computing to cloud computing.

Cloud Security Podcast by Google focuses on security in the cloud, delivering security from the cloud, and all things at the intersection of security and cloud. Of course, we will also cover what we are doing in Google Cloud to help keep our users' data safe and workloads secure. We’re going to do our best to avoid security theater, and cut to the heart of real security questions and issues. Expect us to question threat models and ask if something is done for the data subject’s benefit or just for organizational benefit. We hope you’ll join us if you’re interested in where technology overlaps with process and bumps up against organizational design. We’re hoping to attract listeners who are happy to hear conventional wisdom questioned, and who are curious about what lessons we can and can’t keep as the world moves from on-premises computing to cloud computing.

Location:

United States

Description:

Cloud Security Podcast by Google focuses on security in the cloud, delivering security from the cloud, and all things at the intersection of security and cloud. Of course, we will also cover what we are doing in Google Cloud to help keep our users' data safe and workloads secure. We’re going to do our best to avoid security theater, and cut to the heart of real security questions and issues. Expect us to question threat models and ask if something is done for the data subject’s benefit or just for organizational benefit. We hope you’ll join us if you’re interested in where technology overlaps with process and bumps up against organizational design. We’re hoping to attract listeners who are happy to hear conventional wisdom questioned, and who are curious about what lessons we can and can’t keep as the world moves from on-premises computing to cloud computing.

Language:

English


Episodes

EP31 Cloud Certifications, and Cloud Security with TheCertsGuy

9/13/2021
Guest: Iman Ghanizada, Solutions Manager for Security Operations & Analytics @ Google Cloud Topics: What is your book “Google Cloud Certified Professional Cloud Architect All-in-One Exam Guide” about? What was your journey into writing this book, how long did it take?The book seems to be targeted towards Cloud Architects, but you come from a predominantly security background, how has that influenced your writing of this book?What does this have to do with The Certs Guy (14 certs!?) and...

Duration:00:22:08

EP30 Malware Hunting with VirusTotal

9/7/2021
Guest: Vicente Diaz, Threat Intelligence Strategist @ VirusTotal Topics: How would you describe modern threat hunting process?Share some of the more interesting examples of attacker activities or artifacts you've seen?Do we even hunt for malware? What gets you more concerned, malware or human attackers?How do you handle the risk of attackers knowing how you perform hunting?What is the role of threat research role for hunting? Do you need research to hunt well?Does threat research power...

Duration:00:26:18

Future of EDR: Is It Reason-able to Suggest XDR?

8/30/2021
Guest: Sam Curry, Chief Security Officer @ Cybereason and Visiting Fellow @ National Security Institute Topics: EDR was “invented” in 2013 and we are now in 2021. What do you consider to be modern EDR components and capabilities?Where has EDR fallen short on its initial hype?How focused are the attackers on bypassing EDR?How do you think EDR works in the cloud?In your view, how would future EDR work for containers, microservices, etc?Why aren’t we winning the war against ransomware?XDR is...

Duration:00:27:53

Tales from the Trenches: Using AI for Gmail Security

8/23/2021
Guest: Andy Wen, Product Lead for Abuse & Security @ Google Cloud Topics: What are you doing with AI for security?What kinds of security problems are addressable with AI, and which ones are harder to address with ML techniques?Tell us where you’ve been surprised by AI’s success?Do you expect a) AI use by adversaries and b) attacks focused on disrupting the AI use by defenders?What advice would you give a PM or technical lead starting out on thinking they want to use AI to solve a...

Duration:00:19:13

The Mysteries of Detection Engineering: Revealed!

8/16/2021
Guest: Keith McCammon, Co-founder and Chief Security Officer, Red Canary Topics: What is Detection Engineering? How it differs from just building rules/analytics?How to convert threat intelligence into detections? How to tell good detections from bad? And perhaps also good from great?How to test detections in the real world?Anything special about building detections for cloud environments?What do you think is the role of “rule-less” (such as ML) detections? Is “ML unicorn cavalry” coming?...

Duration:00:30:08

SOC in a Large, Complex and Evolving Organization

8/9/2021
Guest: Johnathan Keith, Director of Information Security (CISO) @ ViacomCBS Streaming / Digital (at the time of the recording) Topics: What is the mission for your SOC? Has it evolved in recent years?How do you rate your state of maturity in security operations?I hear that your organization is complex and decentralized, how do you run a SOC in such a case?How do you approach the balance of people, process and technology in your SOC?What is the role of outsourcing in your SOC? Is cloud...

Duration:00:20:23

Beyond Compliance: Cloud Security in Europe

8/2/2021
Guest: John Stone, Chaos Coordinator at the Office of the CISO @ Google Cloud Topics:

Duration:00:27:02

Linking Up The Pieces: Software Supply Chain Security at Google and Beyond

7/26/2021
Guests: Eric BrewerAparna Sinha Topics: What issoftwaresupply chain security and how is it different from other kinds of supply chain security? What types of organizations need to care about it? Is supply chain security a concern for large, elite enterprises only? What’s the relationship between what we’re doing here, and what SBOM is?Can you talk us through a quick threat assessment of a supply chain security issue? What are the realistic threats here and who are the threat actors...

Duration:00:23:02

Threat Detection at Google Cloud Security Summit

7/19/2021
No guests. We interviewed each other! Topics: What would you say are the most things that Chronicle is trying to address today?What are the good ways to use threat intel to detect threats that do not ruin your SOC?What does “autonomic” security mean, anyway? Is this afancy way of saying “automatic” or something more?For sure, “the Cloud is not JUST someone else’s computer“ - but how does this apply to threat detection?What makes threat detection “cloud-native”?What kinds of ML magic does...

Duration:00:21:11

Securing Multi-Cloud from a CISO Perspective, Part 3

7/12/2021
Guests: Phil Venables (@philvenables), Vice President, Chief Information Security Officer (CISO) @ Google Cloud Dave Hannigan, Director, Financial Services Security & Compliance @ Google Cloud Topics: As a CISO, would you ever decide to use multiple clouds, if it were in your hands? How is security typically considered when companies go multi-cloud in their approach?Practically, or operationally, how does one think through securing multiple public cloud environments?What are the top...

Duration:00:24:12

Security Marketing? Every Product Needs a Story!

7/6/2021
Guest: Kelly Anderson Topics: Resources: Security insightsthat help customers stay up to dateCustomer case studieson our security products Google Cloud Security Talks Cloud security webinarsBrightTALKandCloud OnAir Identity and security blogs on theGoogle Cloud blog

Duration:00:23:44

Security Operations, Reliability, and Securing Google with Heather Adkins

6/28/2021
Guest: Heather Adkins, Sr Director, Information Security @ Google Topics: Your RSA presentation has 3 pillars: zero trust, microservices, automation/zero prod, is this all you need to be secure & reliable in the modern world?Let’s drill down again into the “secure and reliable” concept, are you sure that they are interrelated?Is there a risk that microservices could actually increase attack surface?What are the practical security upsides of “no touch production”? SRE and DevOps...

Duration:00:28:26

Double-clicking, but not on fire hydrants, with bot fighters

6/21/2021
Guest 1: Topics 1: Guests 2: Topics 2:

Duration:00:34:02

More Cloud Migration Security Lessons

6/14/2021
Guests: Topics: Resources: Use “Move and Improve” Instead of “Lift an Shift” “Data Security in the Cloud” (Episode 2) “The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age”book CSA CCM v4

Duration:00:32:03

Modern Threat Detection at Google

6/7/2021
Guest: Julien Vehent Topics: Resources: “Site Reliability Engineering" book (free)“Building Secure & Reliable Systems”book (free) “Securing DevOps“by our very guest Julien Vehent

Duration:00:24:12

Modern Data Security Approaches: Is Cloud More Secure?

6/1/2021
Guests: Topics: Resources: Forrester report “The Forrester Wave™: Unstructured Data Security Platforms, Q2 2021” “New whitepaper: Designing and deploying a data security strategy with Google Cloud” “Hold your own key with Google Cloud External Key Manager”“Building Secure and Resilient Systems” book (free)

Duration:00:28:14

Scaling Google Kubernetes Engine Security

5/24/2021
Guest: Topics:

Duration:00:20:10

Making Compliance Cloud-native

5/19/2021
Guest: Topics: Resources: “Risk governance of digital transformation: guide for risk, compliance & audit teams”

Duration:00:20:10

Application Security in the Cloud

5/10/2021
Guest: Alyssa Miller Topics: Resources: Cloud security trainingsDevOps.com

Duration:00:24:54

Threat Models and Cloud Security

5/3/2021
Guest: Seth Vargo Topics:

Duration:00:19:40