Cyber Security & Cloud Podcast-logo

Cyber Security & Cloud Podcast

Technology Podcasts

Welcome to the Cyber Security & Cloud Podcast #CSCP where we will explore the dark secret of cloud and cyber. The podcast focuses on people and their stories and explores the human element that brings so many people together Some episode will be for the well-seasoned cybersecurity veteran but most are about stories of infosec people and how they reach where they are now. The focus and various stream of the podcast is Cybersecurity, Cloud Security, Application Security Social Engineering, and community building

Location:

United Kingdom

Description:

Welcome to the Cyber Security & Cloud Podcast #CSCP where we will explore the dark secret of cloud and cyber. The podcast focuses on people and their stories and explores the human element that brings so many people together Some episode will be for the well-seasoned cybersecurity veteran but most are about stories of infosec people and how they reach where they are now. The focus and various stream of the podcast is Cybersecurity, Cloud Security, Application Security Social Engineering, and community building

Language:

English


Episodes

CSCP S4EP12 - Raj Umadas - Diving Deep into Cybersecurity and Application Security Journey exploring Frontiers with Maestro Raj Umadas

3/24/2024
What does it take to get into application security from pentesting? Will AI replace the role of product security? How do you start an application security program and write a book about it? Join us on the Cybersecurity and Cloud Podcast as we welcome the insightful Raj Umadas, head of InfoSec at Ackblue, for a vibrant discussion on the varied pathways into the field of application security. Listen in as Raj shares his unique journey from networking to the realms of software and hardware design, ultimately leading to his passion for security. We debate whether a background in pentesting is a must for app sec success or if one can climb the ranks from the blue team, all while emphasizing the significance of team diversity over homogeneity. The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence. Venture into the world of risk assessment and pen testing with us, where we unpack the complexities of cybersecurity through the lens of protective controls and real-world testing experiences. Hear about my time at leading companies like Etsy, Squarespace, and Spotify, where I tackled the balancing act of risk, remediation, and resource allocation. This chapter casts a spotlight on the intricate dance between security leaders and CISOs, underlining the necessity of clear communication and the advantage of technical savvy in these pivotal roles. Finally, tune in as we discuss the ever-evolving role of the CISO and the rise of the DevSecOps culture within the tech industry. Reflect with us on the historical context of software development and how it's transformed into an ongoing nurturing process, necessitating a fusion of development, operations, and security expertise. We also navigate the challenges of regulatory frameworks in the wake of monumental security breaches, fostering a conversation on how industry leaders and regulatory bodies can work together towards safer development practices. Don't miss out on these captivating insights with Raj Umadas as we navigate the ever-changing cybersecurity landscape. Tune in to this enlightening episode to equip yourself with the knowledge and insights needed to navigate the evolving landscape of cybersecurity. Raj Umadas https://www.linkedin.com/in/rajumadas/ @FrankSEC42linkedin.com/in/fracipo http://www.cybercloudpodcast.com/https://www.linkedin.com/company/35703565/admin/ https://twitter.com/podcast_cyberhttps://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ #Cybersecurity, #appsec #productsecurity #prodsec #aspm

Duration:00:38:10

CSCP S4EP11 - Derek Fisher - Strengthening Digital Defenses Inside Application Security and the Role of AI in Cybersecurity

3/3/2024
Will AI replace the role of product security? How do you start an application security program and write a book about it? One of the best Application Security mind Derek Fisher is with us today. Join us on a captivating journey as Derek, a mastermind in product security and a prolific author, shares his expertise on setting up a fortified application security program. We start by unraveling the critical first steps, emphasizing the value of understanding your organization's current cybersecurity landscape and the unique risks it faces. Listen in as we discuss the significance of collaboration between security and engineering teams to pinpoint vulnerabilities and fortify our digital defenses. The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence. In our thought-provoking conversation, we tackle the concept of product ownership and the dynamic nature of risk assessment. Derek enlightens us on the challenges of aligning business acumen with technological realities in the context of application security. We also engage in a spirited debate about the various forms of code analysis and the significance of exploitability in the management of risk. It's a discussion that balances the technical intricacies with strategic insights, essential for anyone invested in securing their products. Shifting gears, we explore the innovative realm of 'shifting smart' in application security, moving beyond the traditional 'shift left' paradigm. Discover the benefits and limitations of integrating security tools early in the development cycle and the vital role dynamic environments play in unearthing actionable vulnerabilities. Wrapping up, we delve into the exciting and complex intersection of AI and cybersecurity, pondering the dual-edged sword of advanced technologies like generative AI. Derek offers a nuanced perspective on the future of secure coding and vulnerability management, a must-listen for anyone navigating the evolving cybersecurity landscape. Tune in to this enlightening episode to equip yourself with the knowledge and insights needed to navigate the evolving landscape of cybersecurity. Derek Fisher https://www.linkedin.com/in/derek-fisher-sec-arch/https://www.amazon.co.uk/Application-Security-Program-Handbook-Engineers/dp/163343981X @FrankSEC42linkedin.com/in/fracipo http://www.cybercloudpodcast.com/https://www.linkedin.com/company/35703565/admin/ https://twitter.com/podcast_cyberhttps://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ #Cybersecurity, #appsec #productsecurity #prodsec

Duration:00:32:33

CSCP S4EP10 - David Matousek - Will Ai replace Product Security? automation vs experteese

2/18/2024
Will AI replace the role of product security? This is an enlightening conversation with David Matousek exploring the intersection between automation and product security in application security. Join us on this enlightening journey with David Matousek, as we explore the intriguing world of product security within the cybersecurity realm. Listen in as David, with his wealth of experience transitioning from a technical developer to a product director, unveils the significance of perceiving application security as an enterprise-level product. The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence. Discover how this approach not only streamlines the development process but also cultivates a customer-centric mindset towards developers, leading to a more cohesive and less cumbersome compliance environment. David's insights provide a fascinating perspective on the symbiotic relationship between security and platform teams, paving the way for a more secure and efficient path to application production. Venture further into the cybersecurity landscape as we tackle the complexities of vulnerability prioritization and the evolution of network security. Our discussion with David delves into the nuanced balance of automated and manual processes in identifying and managing security risks, highlighting the irreplaceable value of human expertise amidst the rise of machine learning and AI. Emphasizing the importance of multi-faceted developer skills, including communication and collaboration, we shed light on how these abilities can significantly enhance an organization's security posture. So, gear up for a session that not only broadens your understanding of cybersecurity but also inspires professional growth in this dynamic field. Tune in to this enlightening episode to equip yourself with the knowledge and insights needed to navigate the evolving landscape of cybersecurity. David Matousek https://www.linkedin.com/in/davidmatousek/ @FrankSEC42linkedin.com/in/fracipo http://www.cybercloudpodcast.com/https://www.linkedin.com/company/35703565/admin/ https://twitter.com/podcast_cyberhttps://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ #Cybersecurity, #appsec #productsecurity #prodsec

Duration:00:23:53

CSCP S4EP09 - Micheal Smith - Code to Network Reachability how to use WAF to prioritize vulnerabilities

2/4/2024
This is an enlightening conversation with Michael Smith exploring the intersection between vulnerabilities, DDoS and WAF technologies. Join us as we reconvene with cybersecurity virtuoso Michael Smith, Field CTO at Verkara, for a rerecording further to explore the fascinating intersection of cybersecurity and cloud technology. Listen in as Michael brings his wealth of experience from military intelligence to web application development to the table, shedding light on how engineering and integration teams navigate regulations and government sector compliance. The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence. Our conversation ventures into the complexities of application security and the strategic utilization of vulnerabilities. Venture into the murky waters of cyberattacks with us as we discuss how vulnerabilities can be harnessed for DDoS attacks, causing chaos at both the network and application layers. Hear about Phoenix Security Limited's role in software security and how unvalidated pagination can be exploited to strain databases and servers. We wrap up this segment by contrasting the precision of these attacks with broader network-level DDoS strategies, offering insight into crafting robust cybersecurity defenses. Cap off this episode with a crucial discussion on the ethical dimensions of technology. Discover the challenges of differentiating between benign and malicious bot activity, and how technologies like domain fronting have dual purposes. We stress the importance of vigilance and responsibility in the tech sphere, where the same tools can secure or compromise systems. Remember to stay engaged with the content by checking your logs for anomalies and sharing your thoughts for a chance to win an Amazon gift card. Michael's insights are a reminder of the persistent evolution and nuanced nature of cybersecurity in our interconnected world. Tune in to this enlightening episode to equip yourself with the knowledge and insights needed to navigate the evolving landscape of cybersecurity. https://www.linkedin.com/in/rybolov/ @FrankSEC42linkedin.com/in/fracipo http://www.cybercloudpodcast.com/https://www.linkedin.com/company/35703565/admin/ https://twitter.com/podcast_cyberhttps://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ #Cybersecurity, #appsec #waf

Duration:00:39:00

CSCP S4EP08 - Jay Jacobs - A Conversation with Jay Jacobs: Exploring the Future of Vulnerability Management and Data Science

1/21/2024
This is an enlighting conversation with Jay Jacobs - Exploring the Future of Vulnerability Management and Data Science Unlock the secrets of cybersecurity's intricate dance with data science as I, Francesco Cipollone, sit down with tech wizard J Jacobs, co-founder of Cyanthia. Prepare to be captivated by J's inspiring tech odyssey, from his youthful fascination with computing to his trailblazing efforts in quantifying cyber risk. We navigate his professional voyage, spanning IT, pen testing and cryptography, revealing how his deep dive into data science has revolutionized our approach to cyber threats. J also imparts his wisdom on the crucial role of statistics and key management in cryptography, offering priceless insights for anyone invested in fortifying their digital defenses. The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence. The journey of vulnerability assessment tools takes center stage as I recount the sophisticated evolution of the Exploit Prediction Scoring System (EPSS). From its humble beginnings as a logistic regression to becoming a powerful API, EPSS serves as a beacon for security professionals looking to quantify the once nebulous concept of risk. The discussion illuminates the delicate dance between utility and data privacy, the quest for a universal risk score, and the aspirational future of EPSS, incorporating additional variables to refine its predictive precision. Finally, J and I tackle the real-world implications of vulnerability management through the lens of EPSS. We dissect the interplay between EPSS scores and CVSS ratings, using the Log4Shell incident to emphasize the critical need for broader threat intelligence. By acknowledging the system's limitations and the nuances within open-source vulnerability analysis, we champion the importance of narrative in data interpretation. With a call to action, we invite the cybersecurity community to join forces, enhancing our collective defense through dialogue and open-source innovation. Tune in to this enlightening episode to equip yourself with the knowledge and insights needed to navigate the evolving landscape of cybersecurity. (03:41 - 04:47) Exploring Cryptography and Managing Key Security (66 Seconds) (07:41 - 08:52) Epss (71 Seconds) (11:46 - 12:56) The Beauty of EPSS and Application Security Angle (70 Seconds) (18:02 - 19:16) Exploring EPSS Scores and Vulnerabilities (74 Seconds) (25:27 - 27:09) EPSS and Its Challenges in AppSec (102 Seconds) (31:03 - 32:04) Improving Scanning Tools and Analyzing Vulnerabilities (62 Seconds) https://www.linkedin.com/in/jayjacobs1/https://twitter.com/jayjacobshttps://twitter.com/cyentiainsthttps://www.first.org/epss/#:~:text=The%20Exploit%20Prediction%20Scoring%20System,be%20exploited%20in%20the%20wildhttps://www.ylventures.com/people/caleb-sima/ @FrankSEC42linkedin.com/in/fracipo http://www.cybercloudpodcast.com/https://www.linkedin.com/company/35703565/admin/ https://twitter.com/podcast_cyberhttps://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ #Cybersecurity, #ai, #cloud, #appsec

Duration:00:43:09

CSCP S4EP07 - Caleb Sima - A Conversation with Caleb Sima - Bridging Offense and Defense in Cybersecurity and AI Promise for the Future

1/7/2024
This is an enlighting conversation with Caleb Sima a returning guest on the podcast - Bridging Offense and Defense in Cybersecurity and AI Promise for the Future. Join us for the return of an esteemed guest, Caleb, for an engaging conversation with cybersecurity veteran Caleb Sima on our latest podcast episode. Caleb, known for his significant contributions to application security and executive roles in leading tech companies, shares his profound insights into the ever-changing world of cybersecurity. He highlights the importance of mastering offensive skills for effective defence, drawing on his vast experience to advocate for a mindset that aligns with understanding and countering attackers. The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence. This episode also delves into the critical foundations of cybersecurity, emphasizing the need for a broad spectrum of knowledge, including networking, engineering, and programming. We explore building securely, drawing insightful parallels between everyday safety mechanisms and the integrated security required in organizational infrastructures. Through this discussion, we uncover how intuitive security measures, akin to those in vehicles or smartphones like iPhones, can be mirrored in the seamless security systems within companies. We further discuss the transformational challenges facing security professionals, evolving from defenders to builders, and the vital role of education in this paradigm shift. It's a thought-provoking exploration of proactive and resilient security approaches to enhance user experience without compromising on protection. Tune in to this enlightening episode to equip yourself with the knowledge and insights needed to navigate the evolving landscape of cybersecurity. 01:40 - Caleb Sima: Caleb shares his extensive background in cybersecurity, beginning in the 90s and spanning various roles and accomplishments. 03:34 - Francesco Cipollone: Discussion on the evolving landscape of cybersecurity and its implications for newcomers to the field. 04:19 - Caleb Sima: Caleb's advice to newcomers in cybersecurity emphasises the importance of understanding offensive security and mastering foundational knowledge. 07:44 - Francesco Cipollone: Francesco reflects on Caleb's approach, discussing the potential biases and the importance of a foundational understanding. 08:12 - Caleb Sima: Caleb underscores the necessity of understanding attacks to identify fundamental security problems and prioritize risks. 10:50 - Caleb Sima: Insight into the relationship between effective security foundations, risk management, and compliance. 11:27 - Francesco Cipollone: A discussion on the concepts of security and safety and their interchangeability. 11:39 - Caleb Sima: Caleb's perspective on transitioning from a focus on security to a broader concept of safety. 16:21 - Caleb Sima: The importance of minimizing damage in security incidents and the need for balanced approaches in threat identification, detection, and response. 17:15 - Caleb Sima: The role of security in organizational decision-making and the importance of integrating security from project inception. 21:11 - Francesco Cipollone: Highlighting the shift in security perspectives and the importance of proactive approaches to cybersecurity. 23:04 - Caleb Sima: Caleb discusses the gaps in awareness and knowledge within security teams and the importance of prioritizing security measures. 24:15 - Caleb Sima: Exploring the role of technology in building security foundations and the potential of AI and ML in addressing security challenges. 27:59 - Francesco Cipollone: Reflections on the cultural shift and the growing emphasis on collective...

Duration:00:40:08

CSCP S4EP06 - Jitender Arora - Overcoming the Cybersecurity Talent Shortage: Innovation, Culture, and Self-Care with Jitendra Arora

12/12/2023
Overcoming the Cybersecurity Talent Shortage: Innovation, Culture, and Self-Care with Jitendra Arora Join us for a transformative discussion with Jitendra Arora, the non-South Europe CISO at Deloitte, as we unravel the narrative around the talent shortage in cybersecurity. Jitendra brings a fresh perspective that emphasizes the need for creativity and open-mindedness in talent sourcing. We dissect the "buy versus build" model, where he advocates for nurturing and developing skills in individuals from diverse backgrounds, not just hiring seasoned professionals. The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence. Our second chapter addresses the art of fostering a positive organizational culture. We share experiences and insights about the daily efforts required to build a values-based culture, especially during challenging times like the pandemic. Our conversation evolved to discuss the role of a supportive work environment in attracting and retaining talent. Lastly, we explore the essence of self-care and personal development in the high-stress world of cybersecurity. Our discourse underscores the need for balance and provides useful tips on handling stress, offering a refreshing look at life in the cybersecurity field. Tune in for a meaningful conversation that goes beyond the usual. Jitender Arora Linkedin: https://www.linkedin.com/in/jarora/ Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 Linkedin: linkedin.com/in/fracipo #CSCP #cybermentoringmonday cybercloudpodcast.com Social Media Links Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463 Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ Linkedin: https://www.linkedin.com/company/35703565/admin/ Twitter: https://twitter.com/podcast_cyber Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/ #Cybersecurity, #TalentShortage, #TalentSourcing, #Organizational Culture, #Pandemic, #Self-Care, #Personal Development, #Leadership, Creativity, #Open-mindedness, #Buy vs Build, #Diversity, #Skills, #Dialogue, #Profession, Virtual Hallway, Feedback, #Strategic Objectives, #Purpose, Belonging, #Stress, #Emotions, Life Skills, #Mentorship, #Speaking Opportunities, #Support Structure, #Personal Balance

Duration:00:31:34

CSCP S4EP05 - Christian Ghigliotty - Product security and effective application security programs

11/26/2023
Get ready to embark on a captivating journey into application security with our guest, Chris Ghigliotty, Director of Security Engineering at JustWorks. A man of many talents, Chris hails from a background in teaching and writing, which lends him a unique perspective on the importance of communication within the cybersecurity industry. We promise you this isn't your regular security conversation. We are tearing down the walls of complexity, transforming intricate risk language into digestible business matters. The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence. As we navigate through the intricacies of building an application security program, we assure you, no stone will be left unturned. Learn how to control the narrative, comprehend your company's current state and engage with your customers in a meaningful manner. This isn't just another industry podcast; we're here to show you how to demonstrate the program's inherent value, approach investment strategically, and champion ROI as the lifeline of your security program. We've got a powerhouse of insights lined up, especially on program effectiveness, measured in terms of training developers to make security decisions. Drawing the curtains on this episode, we shift gears to focus on the impact of developer training on security. We'll help you identify training outcomes and integrate them into your development process. Our discourse deep-dives into the value of security in products, with special attention to user experience and security features as product differentiators. Remember, folks, curiosity is the key that unlocks the door to the security industry for new generations. So, join us, and let's make security not just a necessity, but a narrative that everyone can understand and appreciate. 00:59 - Christian Ghigliotty's Introduction: Francesco introduces Christian Ghigliotty, spotlighting his expertise in application security and transformation. 01:55 - Background in Cybersecurity: Christian shares his journey into cybersecurity, culminating in his current role at JustWorks, where he oversees application security and posture management. 02:22 - Entry into Cybersecurity: Christian's unconventional path into cybersecurity highlights the diverse skill sets valuable in application security. 03:56 - Communication in Application Security: The importance of effective communication in application security, essential for explaining complex security concepts and gaining organizational buy-in. 04:55 - Overcoming Communication Challenges: Addressing the challenge of making technical application security topics accessible and understandable to non-technical stakeholders. 06:14 - Storytelling in Security: The critical role of narrative in application security to justify security measures, investments, and posture management strategies. 08:00 - Establishing an Application Security Program: Key considerations in starting an application security program, including understanding organizational needs and aligning with business strategies. 09:45 - Investment in Application Security: Long-term investment perspective in application security and posture management, emphasizing the need for measurable returns and strategic alignment with business goals. 11:22 - Measuring Program Effectiveness: The challenge of quantifying the effectiveness of application security programs and the role of developer training in enhancing security posture. 14:45 - Sponsor Message: Phoenix Security, focusing on software security and supply chain visibility. 15:27 - Developer Empowerment in Security: Strategies for empowering developers to prioritize application security in their work, highlighting the importance of business...

Duration:00:31:14

CSCP S4EP04 - Christopher Russell - Veteran Resiliency mesh security and blockchain

11/6/2023
Christopher Russell is the CISO at tZERO Group, a Mesh Security advisor, and a NightDragon Advisor. He is currently getting a PhD in Cybersecurity with a focus on Blockchain Security at DSU. His military intel background helps him keep cool under even the most stressful work situations. In this episodes, Francesco and Chris discuss identity and security in relation to blockchain and digital currency. With decades of experience, Chris has an acute sense of risk and threat The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence. 0:00 Introduction 1:20 Chris’ background in military 7:40 Military VS cooperate mentality 10:08 Risk management 15:05 MFA and identity 21:00 Zero day 22:00 Social engineering and ransomeware 26:50 Mesh Security 28:48 Identity in blockchain and digital currency 31:50 Public wallets 34:00 Positive message 35:48 Connect with Chris 38:28 Outro Christopher Russell https://www.linkedin.com/in/christopher-russell-5a9b20a7/ Twitter @cr00ster Github : https://github.com/cr00ster Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 Linkedin: linkedin.com/in/fracipo #CSCP #cybermentoringmonday cybercloudpodcast.com Social Media Links Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463 Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ Linkedin: https://www.linkedin.com/company/35703565/admin/ Twitter: https://twitter.com/podcast_cyber Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/

Duration:00:38:28

CSCP S4EP03 - Steve Springett - To BOM or to SBOM this is the question

10/15/2023
Steve Springett is the Director of Product Security at ServiceNow, helping 4,000+ developers build secure and resilient software. He’s a leader of multiple OWASP projects including Dependency Track, SCVS, and Cyclone DX. In this conversation, Steve and Francesco discuss the term SBOM (software bill of materials), the importance of regulations, and the state of the industry. The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence. 0:00 Introduction 1:35 Steve’s background 2:35 State of the industry 7:00 Breach fatigue 10:00 Shift left, shift smart 13:45 How to make asset management sexy again 17:10 Threat modeling 20:00 Regulation 26:00 Security metrics 28:15 OWASP projects—SBOM platform 34:14 Final positive message 36:09 Get connected 37:20 Outro Steve Springett https://www.linkedin.com/in/stevespringett/ https://infosec.exchange/@stevespringett Twitter @stevespringett https://dependencytrack.org/ https://scvs.owasp.org/ https://cyclonedx.org/ Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 Linkedin: linkedin.com/in/fracipo #CSCP #cybermentoringmonday cybercloudpodcast.com Social Media Links Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463 Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ Linkedin: https://www.linkedin.com/company/35703565/admin/ Twitter: https://twitter.com/podcast_cyber Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/

Duration:00:37:20

CSCP S4EP02 - Christophe Parisel - Vulnerabilities in the cloud Azure AWS and the road to prioritization

10/1/2023
Christophe Parisel is a Senior Cloud security architect at Société Générale. He has extensively researched risk vulnerability and native cloud security. He specializes in IaaS, PaaS, and devSecOps. Two of his major contributions to the Cloud are Azure Firewall and Azure Policy. When asked, he says he’s is optimistic about the future of Cloud security and is proud of the progress made within the last five years. The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence. 0:00 Introduction 1:40 Christophe’s background 5:10 Cloud security research 8:40 Adoption VS security 10:07 Cloud shared responsibility model 14:52 CVSS (Common Vulnerability Scoring System) 19:00 Vulnerabilities 20:20 Environmental score 21:30 Measuring vulnerability of cloud provider 25:55 Odds of a cloud breach 29:50 Final positive message 32:10 Get connected 33:00 Outro Christophe Parisel https://www.linkedin.com/in/parisel/ Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 Linkedin: linkedin.com/in/fracipo #CSCP #cybermentoringmonday cybercloudpodcast.com Social Media Links Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463 Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ Linkedin: https://www.linkedin.com/company/35703565/admin/ Twitter: https://twitter.com/podcast_cyber Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/

Duration:00:33:00

CSCP S4EP01 - Travis McPeak - Paved Road from Netflix to modern startups

9/18/2023
Travis McPeak is a security generalist with over a decade of experience working at several companies including Databricks, Netflix, IBM, HP, and Symantec. He’s the Co-Founder and CEO of Resourcely, whose goal is to create a paved road to secure, efficient, and easy to manage cloud infrastructure. In this conversation, Travis shares his biggest takeaway from working at Netflix, the problem with overusing JIRA, and the importance of making security a shared responsibility between developers and security ops. The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence. 0:00 Introduction 1:26 Travis’ background 2:10 View of industry 4:00 Netflix “paved road” 5:20 Lemur 8:00 Security at small orgs 11:36 Reactive security with JIRA 14:35 Measuring security 18:16 Inflection point 20:48 Demystifying the paved road 24:30 DevSecOps 30:40 Unifying the objective, shared responsibility 33:40 Resourcely— Cloud infrastructure 36:20 Get connected 37:00 Positive Message 38:27 Outro Travis McPeak https://www.linkedin.com/in/travismcpeak/ https://www.resourcely.io/ https://www.resourcely.io/post/guardrails-and-paved-roads Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 Linkedin: linkedin.com/in/fracipo #CSCP #cybermentoringmonday cybercloudpodcast.com Social Media Links Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463 Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ Linkedin: https://www.linkedin.com/company/35703565/admin/ Twitter: https://twitter.com/podcast_cyber Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/

Duration:00:00:38

CSCP S03EP26 - Nathan - From music to cybersecurity - the appsec symphony

6/11/2023
Nathan is the manager of the application security team at Intuit Mailchimp. He has over 7 years of experience in application security working at both startups and Fortune 500 companies. In that time, Nathan has been both an engineer and a leader. His primary focus has been on building out application security programs by implementing scalable processes and efficient methodologies. Nathan holds a Master’s in Digital Forensics and CyberSecurity from John Jay College of Criminal Justice and a Bachelor’s in Music Composition from University of the Arts. In this show, Nathan and Francesco discuss the start in application security, how to mentor new interns and bridge the skillgap and how to measure application security progress when deploying shift left methodologies in devsecops The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://www.phoenix.security for a free 14-day licence. 2:00 - Nathan's Intro 7:30 – from music to cybersecurity and new generation 11:00 – State of application security 14:00 – Vulnerability – What is a vulnerability in software 18:00 – How do you bring in the business in appsec – Product security 12:00 - Cybersecurity technicalities - Pen-tests and regulation 16:00 - Cybersecurity and regulation in USA 19:00 - SBOM, Digital Software supply chain 20:00 – Risk for application security and business perspective 22:00 – Business categories of risk for application security 24:00 – Business criticality vs low criticality – how to talk about risk 26:00 – Prioritize work based on risk in application security 27:00 – Avoiding burnout and preventing risk – Mailchimp program of work – SPIDER 31:00 – Doing more with less in application security 33:00 – Measuring shift left effectiveness – Dentist story 37:00 – Positive message and conclusion Nathan Blog: https://nathancooke.com/ Linkedin: https://www.linkedin.com/in/nathancooke7/ Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 Linkedin: linkedin.com/in/fracipo #CSCP #cybermentoringmonday cybercloudpodcast.com Social Media Links Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463 Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ Linkedin: https://www.linkedin.com/company/35703565/admin/ Twitter: https://twitter.com/podcast_cyber Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/

Duration:00:39:36

CSCP S03EP25 - Kevin Davis - Cloud Security Migrations Pitfalls and gotchas

6/11/2023
Kevin Davis, Global CTO of AWS at Atos. Kevin has extensive experience in cloud technology, security and solutions and has a proven track record in senior roles at Cloudreach and Atos. In this show, Kevin and Francesco discuss the move to the cloud, challenges in the cloud security pivot and how to leverage the power of the cloud for security controls. The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://www.phoenix.security for a free 14-day licence. 1.40 - Kevin Intro 3.00 - Baby Steps into the cloud 6.00 - Shared Responsibility Model 9.00 - Operational Security in the Cloud 11.00 - Traditional Security to Cloud Security 16.00 - Security Governance in Cloud 18.00 - Paradigm Shift - Segmenting units 20.00 - Cloud native Tooling and migrating from traditional to modern 23.00 - Changes in the cloud as software gotcha and pitfalls 26.00 - Consolidated technology stack & Clod environment guardrails 27.30 - Devops and job demands - what is devops in the cloud 28.00 - Security in Devops for cloud - Devsecops 29.00 - People and security - the impact of cloud transformation in cloud 33.00 - Biggest threat in the cloud, cloud security misconfiguration 35.00 - Cloud security observability, logs, AI and investigation 36.00 - Positive message 38:00 - Closing Kevin https://www.linkedin.com/in/relevantsoft/ Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 Linkedin: linkedin.com/in/fracipo #CSCP #cybermentoringmonday cybercloudpodcast.com Social Media Links Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463 Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ Linkedin: https://www.linkedin.com/company/35703565/admin/ Twitter: https://twitter.com/podcast_cyber Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/

Duration:00:38:44

CSCP S03EP24 - Ollie Whitehouse - Vulnerabilities - SBOM and the evolution of the Cyber ned

3/6/2023
Ollie Whitehouse is the founder BinaryFirefly a boutique British cyber advisory firm with a career spanning over 25 years in applied cyber attack and defence. Ollie's portfolio of advisory positions today includes science advisory positions for UK Government as a member of the Science Advisory Councils for the Home Office and Police, Industry 100 within the National Cyber Security Centre and various Non-Executive Directorships. His operational tenures include over ten and half years at NCC Group where he was Group CTO until the end of 2022, BlackBerry and Symantec. Ollie has given oral evidence to the UK Parliament Joint Committee on the National Security Strategy twice in 2017 and 2022 on matters related to cyber security. The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the vulnerabilities that matter most and reduce your exposure to modern attacks. See it for yourself. Go to https://www.phoenix.security for a free 14-day licence. 2:00 - Career and dot com 3:00 - Pen-testing and philosophy 5:00 - Business and Cybersecurity and role of the cyber NED 9:00 - CISO 10:00 - Executive understanding 12:00 - Cybersecurity technicalities - Pen tests and regulation 16:00 - Cybersecurity and regulation in the USA 19:00 - SBOM, Digital Software supply chain 22:00 - Regulators, Board and how they think 26:00 - Assets, different opinions based on generation 30:00 - Non exec hands-on startups vs later stage 35:00 - policy and frameworks, and assessing, quantifying the net value of a control 40:00 - Software vs infrastructure breach why more on software 42:00 - scaling attacks with automation 46:00 - the business perspective 47:00 - Positive message Ollie Whitehouse https://www.linkedin.com/in/olliewhitehouse/ https://twitter.com/ollieatnowhere https://bluepurple.binaryfirefly.com/archive https://bluepurple.binaryfirefly.com/ Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 Linkedin: linkedin.com/in/fracipo #CSCP #cybermentoringmonday cybercloudpodcast.com Social Media Links Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463 Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ Linkedin: https://www.linkedin.com/company/35703565/admin/ Twitter: https://twitter.com/podcast_cyber Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/

Duration:00:46:00

CSCP S03EP23 - Chris Hughes - Demystifying Application Security Programs

2/19/2023
Chris Hughes is a Proven Cloud/Cybersecurity leader with nearly 20 years of experience in the Federal and commercial industries. Chris is an active blogger, passionate about all things cyber and a published author of books like Software Transparency. The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the vulnerabilities that matter most and reduce your exposure to modern attacks. See it for yourself. Go to https://www.phoenix.security for a free 14-day licence. 1:12 Introductions 4:45 regulation and federal space 6:40 Software supply chain attacks 8:40 SSDF and SBOM 11:06 Software is complex 15:00 Vulnerability to attacks, attacker mindset 17:00 Common supply chain attacks 20:00 Cloud critiques, is cloud secure? 23:00 Business Risk, Quantifications, How to measure everything, 24:00 FAIR and Quantification at scale 25:00 Method to evaluate vulnerability, CISA KEV, EPSS, How to triage 28:00 Why does the software supply chain get attention 30:00 Get connected Chris Huges https://www.linkedin.com/in/resilientcyber/ https://podcasts.apple.com/us/podcast/resilient-cyber/id1555928024 https://resilientcyber.substack.com/ FAIR: https://www.opengroup.org/certifications/openfair Hot to measure anything in cyber risk: https://amzn.eu/d/hBWxJGO Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 Linkedin: linkedin.com/in/fracipo #CSCP #cybermentoringmonday cybercloudpodcast.com Social Media Links Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463 Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ Linkedin: https://www.linkedin.com/company/35703565/admin/ Twitter: https://twitter.com/podcast_cyber Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/ Summary Transcript (auto-generated might have some typos) Hello everyone and welcome back to the cybersecurity and cloud podcast, this is your host Francesco and this is probably the last last episode that we do in 2022 is 29 of December 2022 we're almost on the end of the years but we managed to squeeze in a last episode with chris Hughes and it's an absolute pleasure because we chris we've been interacting a lot of linking teasing each other over a number of topics and we said you know it's the time to come on the show and do a proper episode. So chris, thank you very much for coming on the show. Chris is uh is a consultant to direct robot via and it's been in Air force previously, so it's very heavily involved with a lot of us regulation around storm and around cybersecurity and the U. S. Has faced a lot of change in late and today in the episode we're gonna dig in and explore this. But before digging into the exciting topic of storm and software supply chain chris tell us a little bit more about you, how did you start? How did you get us to the point where you are today? Yeah definitely. I'm happy to give you some background. I start off active duty Air Force you know prior to that I always had an interest in computers and technology but got joined the Air Force and got put in cybersecurity and at the time I didn't really realize the opportunity. You know you're just a young kid you know. Uh And and then like I started really taking an interest in it because it was a fascinating career field and like I've never stopped you know I did four years in the Air Force and then I've been a federal employee with the U. S. Government twice once with the Navy doing cloud and deficit cops. And you know cyber security for them. And then also with an organization known as G. S. A. The General Services Administration which probably isn't too familiar for many. But like if you've heard of Fed ramp,...

Duration:00:31:10

CSCP S03EP22 - Anshuman Bhartiya - Demystifying Application Security Programs

2/5/2023
Anshuman Bhartiya has been in application security for 14 years and is currently the Principal Security Engineer at Thirty Madison. Today with Francesco, they discuss bug bounty, how security approaches differ at big companies and startups, and the state of the industry. The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the vulnerabilities that matter most and reduce your exposure to modern attacks. See it for yourself. Go to https://www.phoenix.security for a free 14-day licence. 0:00 Introductions 2:37 State of industry 6:40 Big companies VS start ups 9:36 Anshuman’s blog 16:39 Mindset 17:34 Approach to security testing 24:30 Success story, bug bounty 36:00 Get connected 37:05 Outro Anshuman Bhartiya https://www.anshumanbhartiya.com/ https://www.linkedin.com/in/anshumanbhartiya/ Twitter @Anshuman_BH Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 Linkedin: linkedin.com/in/fracipo #CSCP #cybermentoringmonday cybercloudpodcast.com Social Media Links Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463 Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ Linkedin: https://www.linkedin.com/company/35703565/admin/ Twitter: https://twitter.com/podcast_cyber Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/

Duration:00:37:05

CSCP S03EP21- Alex Sidorenko - Demystifying Cyber Risk Quantification

1/21/2023
Alex Sidorenko is an experienced risk manager, the host of Risk Awareness Week, and runs a popular blog and Youtube channel called “Risk Academy.” In 2021, Alex was named the Risk Manager of the Year by FERMA for helping save 13 million dollars in insurance premiums. Today, he breaks down the three layers of risk management— basic, standardized, and advanced. He explains that cybersecurity is still at the basic level because industry professionals haven't figured out how to quantify uncertainty to calculate risk and save money. The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the vulnerabilities that matter most and reduce your exposure to modern attacks. See it for yourself. Go to https://www.phoenix.security for a free 14-day licence. 0:00 Introductions 3:50 View on risk 6:36 Science of risk management 12:44 NASA study 14:18 three layers risk management—basic, standardized, advanced 18:15 Generators VS users 22:40 Cybersecurity insurance 30:10 Risk Awareness Week 35:30 Environmental risk 38:41 How to Measure Anything in Cybersecurity 43:20 Capture data 45:56 Final positive message 51:00 Outro Alex Sidorenko https://2022.riskawarenessweek.com/ https://linkedin.com/in/alexsidorenko https://risk-academy.ru https://riskacademy.blog/ https://www.youtube.com/channel/UCWE0eYucrQBo1SwKOjbkkSQ Twitter @alexei_sid Books Mentioned Superforecasting: The Art and Science of Prediction by Philip E. Tetlock How to Measure Anything in Cybersecurity by Douglas Hubbard Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 Linkedin: linkedin.com/in/fracipo #CSCP #cybermentoringmonday cybercloudpodcast.com Social Media Links Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463 Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ Linkedin: https://www.linkedin.com/company/35703565/admin/ Twitter: https://twitter.com/podcast_cyber Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/

Duration:00:52:30

CSCP S03EP20- Lester Chng - Table Top Excercises for Cyber Resilience

1/8/2023
Lester Chng is a Veteran who transferred his war gaming military skills to the cooperate world. After being a Naval Combat Officer with the Singapore Navy for twelve years, he runs security exercise programs for a North American financial institution. Lester prepares high-level executives for worst-case scenario security crises. He explains that exercises help buy time, space, and brain processing power during a crisis. The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the vulnerabilities that matters most and reduce your exposure to modern attacks. See it for yourself go to https://www.phoenix.security for a free 14 day licence 0:00 Introductions 0:28 Military background and current role 2:48 Simulation exercises 6:32 Involving leaders in security 9:04 Ransom 9:50 Advantages of military skills 14:15 A-ha moments 17:08 Damage control 19:00 Structuring exercise 23:30 Internal investments 26:55 Final positive message 31:00 Outro Lester Chng https://www.linkedin.com/in/lesterchng/ Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 Linkedin: linkedin.com/in/fracipo #CSCP #cybermentoringmonday cybercloudpodcast.com Social Media Links Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463 Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ Linkedin: https://www.linkedin.com/company/35703565/admin/ Twitter: https://twitter.com/podcast_cyber Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/

Duration:00:32:12

CSCP S03EP19- Amanda Alvarez - Cloud Dev and SecOps the metrics that matters

12/11/2022
Amanda Alvarez is the Senior DevSecOps Engineer at Trace3. Francesco and Amanda met online in a Meetup group called “Let’s Talk Software Security!” Today they discuss building an application security program, managing technical debt, and Amanda’s advice for avoiding burnout as a security professional. The episode is brought to you by Phoenix Security Cloud; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the vulnerabilities that matters most and reduce your exposure to modern attacks https://www.appsecphoenix.com to get a free 30-day licence quoting CSCP https://landing.appsecphoenix.com/register 0:00 Introductions 3:24 State of Industry 4:00 Cloud adoption 6:57 Vulnerability mangement 9:44 AppSec, CloudSec, patch management 12:17 Asset and vulnerability management 19:52 Feedback loop 23:15 Company polities 28:40 Support from leadership 30:30 Positive message 33:30 Get connected 34:40 Outro Amanda Alvarez linkedin.com/in/amanda-alvarez-88759ba1 Let’s Talk Software Security! https://www.meetup.com/lets-talk-software-security/ Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 Linkedin: linkedin.com/in/fracipo #CSCP #cybermentoringmonday cybercloudpodcast.com Social Media Links Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463 Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ Linkedin: https://www.linkedin.com/company/35703565/admin/ Twitter: https://twitter.com/podcast_cyber Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/

Duration:00:35:00