Created with Sketch.
Cloud Security Podcast by Google
31 minutes | Oct 18, 2021
EP39 From False Positives to Karl Popper: Rationalizing Cloud Threat Detection
Guest: Jared Atkinson, Adversary Detection Technical Director at SpecterOps Topics: What are bad/good/great detections? Is this all about the Bianco's pyramid? Is high good and low bad? How should we judge the quality of detections? Can there be a quality framework? Is that judgment going to be site specific? What should we do to build more good directions? Is this all about reducing false positives? Can we really measure false negatives? How can we approach this? How can we test for detection goodness in the real world? What are the methods that work? It can’t be just about paper ATT&CK coverage, right? What are your top 3 tips for improving the detection practice at an organization? Resources: “The Pyramid of Pain” post by David Bianco “On Threat Detection Uncertainty” “Detection Coverage and Detection-in-Depth” “Detection in Depth” by SpecterOps “Philosophy of Science: Rationality Without Foundations" by Karl Popper (yes, really) Red Canary “2021 Threat Detection Report” "The Black Swan: The Impact of the Highly Improbable" by Nassim Nicholas Taleb John Piaget's theory of cognitive development
31 minutes | Oct 14, 2021
NEXT Special - 6 Cloud Security PMs (and a Developer Advocate!) Walk into a Studio
Guests: Stephanie Wong Vicente Diaz, Jerome McFarland Scott Ellis Patrick Faucher Il-Sung Lee, Anoosh Saboori Topics: What is your session about? Why would audience care? What is special about your security technology? Resources: Google Cloud Next 2021 SEC212 6 layers of GCP data center security SEC101 Ransomware and cyber resilience SEC204 Take charge of your sensitive data SEC207 Securing the software supply chain SEC300 Trust the cloud more by trusting it less: Ubiquitous data encryption
21 minutes | Oct 13, 2021
NEXT Special - Google Cybersecurity Action Team: What's the Story?
Guest: Phil Venables (@philvenables), Vice President, Chief Information Security Officer (CISO) @ Google Cloud Topics: We are here to talk Google Cybersecurity Action Team, and this is your brainchild, so tell our audience the origin of this idea? How is Cybersecurity Action Team going to help secure GCP enterprise clients? Is there also a “improve the security of the internet” story? Many organizations seem stuck in the pre-cloud thinking and mental models, can Cybersecurity Action Team help them transform their security? How? When we sometimes present our security innovations to clients, they say “but we are not Google”, so how does Cybersecurity Action Team help us bring more of Google Cybersecurity to the world? What else do we plan to do with Cybersecurity Action Team to help customers modernize their security? How should customers engage with Cybersecurity Action Team? Resources: Google Cybersecurity Action Team "Google Announces Cybersecurity Action Team to Support the Security Transformations of Public and Private Sector Organizations” “Site Reliability Engineering” book (free) “Autonomic Security Operations: 10X Transformation of the Security Operations Center” paper
19 minutes | Oct 12, 2021
NEXT Special - Cloud Security and DEI: Being an Ally!
Guest: Aditi Joshi, Manager in Cloud Security Team @ Google Cloud Topics: What is Allyship? How is it defined? What is its main goal? Why is allyship important in Cloud Security, specifically? Are there aspects of security that make allyship particularly important? What specifically has Google Cloud Security deployed and operationalized around Allyship? How does effective allyship look like? More personally, how can I be a better ally? How does it fit into Google Cloud Security’s overarching DEI efforts?
21 minutes | Oct 11, 2021
NEXT Special - Google Cloud NEXT Security: What to Watch?
Guest: Rob Sadowski, Trust and Security Lead @ Google Cloud Topics: What are the big security themes at NEXT? Is security still visible? What about invisible security vs autonomic security? Is that just “invisible security” with a neat name? This has got to be your fourth or fifth Next, right? What’s new this year compared to last years, aside from being virtual? Anything particularly uniquely Google we’re talking about? What to watch at NEXT, if you are a CISO? We secure not just GCP with our tools and approaches, so what to watch if not yet a GCP client? If you have only time for 3 security sessions, which 3 to watch? Resources: Google Cloud NEXT
25 minutes | Oct 4, 2021
EP34 Instrumenting Modern Application Stack for Detection and Response
Guest: Matt Svensson, Senior Security Engineer @ BetterCloud Topics: What are the approaches for monitoring serverless and other modern application architectures? What are the challenges with these new environments? What approaches don’t work? What can go wrong with modern stack security monitoring? What should we watch for in a modern application stack? Most new architecture setups are predicated on identities so is identity the center of threat detection here or not?
26 minutes | Sep 27, 2021
EP33 Cloud Migrations: Security Perspectives from The Field
Guest: Elliott Abraham, Security and Compliance Specialist @ Google Cloud Topics: We talk about lift and shift vs cloud native, what are these and are they fair characterizations? Is lift and shift always negative? Does it always harm security? Are security planning needs different between them? What are the fundamentals with security during cloud migration that you have to get right regardless? What’s your advice to a security team to help make a migration work well? How do you account for threat model differences in the cloud? Are cloud threats being more different or more the same to the classic ones? Resources: “Google Cloud security foundations guide” "The Phoenix Project" book "Threat Models and Cloud Security" (ep12) "Preparing for Cloud Migrations from a CISO Perspective" Part 1 (ep5) and Part2 (ep11)
24 minutes | Sep 20, 2021
EP32 Can You Ever Know Thyself: Cloud Attack Surface Management
Guest: Derek Abdine, CTO @ Censys.io Topics: Attack Surface Management (ASM). Why do we need a new toolset and a new category? Isn’t this just 1980s asset management or CMDB? How do we find those assets that may have been misplaced by the organizations? How can any technology do this reliably? ASM seems to often rely on network layer 3 and 4. Can’t bad guys just hit the app endpoints and all your network is irrelevant then? When you think about the threats organizations face due to unknown assets, is data theft at the top of the stack? What should organizations keep in mind as a priority here? Who at an organization is best set up to receive, triage, investigate, and respond to the alerts about the attack surface? Are there proactive steps organizations can take to prevent shadow IT, or are we stuck responding to each new signal? Isn’t preventing new assets the same as preventing business? Resources: “Cloud Misconfiguration Mayhem An Analysis of Service Exposure Across Cloud Providers“ “Attack Surface Management Buyer’s Guide”
22 minutes | Sep 13, 2021
EP31 Cloud Certifications, and Cloud Security with TheCertsGuy
Guest: Iman Ghanizada, Solutions Manager for Security Operations & Analytics @ Google Cloud Topics: What is your book “Google Cloud Certified Professional Cloud Architect All-in-One Exam Guide” about? What was your journey into writing this book, how long did it take? The book seems to be targeted towards Cloud Architects, but you come from a predominantly security background, how has that influenced your writing of this book? What does this have to do with The Certs Guy (14 certs!?) and what's his mission? What’s the intersectional thinking on certificates and making our industry more accessible and inclusive? Do certs help or hurt this? So what’s your advice on certs for various career stages? What are some of the biggest architectural challenges you’ve seen in the field of Cloud Security? Resources: Book "Google Cloud Certified Professional Cloud Architect All-in-One Exam Guide" TheCertsGuy site
26 minutes | Sep 7, 2021
EP30 Malware Hunting with VirusTotal
Guest: Vicente Diaz, Threat Intelligence Strategist @ VirusTotal Topics: How would you describe modern threat hunting process? Share some of the more interesting examples of attacker activities or artifacts you've seen? Do we even hunt for malware? What gets you more concerned, malware or human attackers? How do you handle the risk of attackers knowing how you perform hunting? What is the role of threat research role for hunting? Do you need research to hunt well? Does threat research power attribution? How do you tell a good YARA rule from a bad one, and a great one? What’s the evolutionary journey for a YARA rule? What is your view on the future of hunting? Resources: YARA documentation "Deep Thinking: Where Machine Intelligence Ends and Human Creativity Begins" by Gary Kasparov
28 minutes | Aug 30, 2021
Future of EDR: Is It Reason-able to Suggest XDR?
Guest: Sam Curry, Chief Security Officer @ Cybereason and Visiting Fellow @ National Security Institute Topics: EDR was “invented” in 2013 and we are now in 2021. What do you consider to be modern EDR components and capabilities? Where has EDR fallen short on its initial hype? How focused are the attackers on bypassing EDR? How do you think EDR works in the cloud? In your view, how would future EDR work for containers, microservices, etc? Why aren’t we winning the war against ransomware? XDR is an interesting concept, so how do you define XDR? Is XDR just EDR++ or is XDR SIEM 4.0? Resources: “The Pyramid of Pain” blog by David Bianco “Named: Endpoint Threat Detection & Response” “Dune” book “The Bomber Mafia“ book
19 minutes | Aug 23, 2021
Tales from the Trenches: Using AI for Gmail Security
Guest: Andy Wen, Product Lead for Abuse & Security @ Google Cloud Topics: What are you doing with AI for security? What kinds of security problems are addressable with AI, and which ones are harder to address with ML techniques? Tell us where you’ve been surprised by AI’s success? Do you expect a) AI use by adversaries and b) attacks focused on disrupting the AI use by defenders? What advice would you give a PM or technical lead starting out on thinking they want to use AI to solve a problem? Resources: Andy Wen presentation from Cloud Security Talks 2021 “The Future of Machine Learning and Cybersecurity”
30 minutes | Aug 16, 2021
The Mysteries of Detection Engineering: Revealed!
Guest: Keith McCammon, Co-founder and Chief Security Officer, Red Canary Topics: What is Detection Engineering? How it differs from just building rules/analytics? How to convert threat intelligence into detections? How to tell good detections from bad? And perhaps also good from great? How to test detections in the real world? Anything special about building detections for cloud environments? What do you think is the role of “rule-less” (such as ML) detections? Is “ML unicorn cavalry” coming? Resources: The Red Canary Blog 2021 Threat Detection Report Alerting and Detection Strategy Framework Atomic Red Team toolset
20 minutes | Aug 9, 2021
SOC in a Large, Complex and Evolving Organization
Guest: Johnathan Keith, Director of Information Security (CISO) @ ViacomCBS Streaming / Digital (at the time of the recording) Topics: What is the mission for your SOC? Has it evolved in recent years? How do you rate your state of maturity in security operations? I hear that your organization is complex and decentralized, how do you run a SOC in such a case? How do you approach the balance of people, process and technology in your SOC? What is the role of outsourcing in your SOC? Is cloud included in your SOC mission scope? What are the immediate things you plan to improve? Resources: Security Summit Talk that this podcast episode is based on (all Google Cloud Security Summit 2021 talks)
27 minutes | Aug 2, 2021
Beyond Compliance: Cloud Security in Europe
Guest: John Stone, Chaos Coordinator at the Office of the CISO @ Google Cloud Topics: What are the top European-specific cloud migration security challenges? Are there interesting cloud adoption barriers related to security in Europe? Are some of these challenges more compliance than security related? Do you think compliance still drives security in the cloud for European companies? Do you think Europe can ever "make their own cloud"? So, what do you make of this entire movement about “data sovereignty”?
23 minutes | Jul 26, 2021
Linking Up The Pieces: Software Supply Chain Security at Google and Beyond
Guests: Eric Brewer, VP of Infrastructure, and Google Fellow @ Google Aparna Sinha, Director of Product Management @ Google Cloud Topics: What is software supply chain security and how is it different from other kinds of supply chain security? What types of organizations need to care about it? Is supply chain security a concern for large, elite enterprises only? What’s the relationship between what we’re doing here, and what SBOM is? Can you talk us through a quick threat assessment of a supply chain security issue? What are the realistic threats here and who are the threat actors involved? How does Google try to solve these problems internally? Have we succeeded? How does this translate into our products? By the way, what’s SLSA? Resources: “Container Security: Building trust in your software supply chain” (live event on July 29, 2021) “Tracking The Trail Of Software: The Key To Boosting Security” “Introducing SLSA, an End-to-End Framework for Supply Chain Integrity” DORA study
21 minutes | Jul 19, 2021
Threat Detection at Google Cloud Security Summit
No guests. We interviewed each other! Topics: What would you say are the most things that Chronicle is trying to address today? What are the good ways to use threat intel to detect threats that do not ruin your SOC? What does “autonomic” security mean, anyway? Is this a fancy way of saying “automatic” or something more? For sure, “the Cloud is not JUST someone else’s computer“ - but how does this apply to threat detection? What makes threat detection “cloud-native”? What kinds of ML magic does your mini UEBA inside SCC use? Can you really do automated remediation in the cloud? Resources: Google Cloud Security Summit “Making Invisible Security a Reality with Google” keynote “Security Analytics at Google Speed and Scale” presentation by Anton “Managing Your Security Posture on Google Cloud” presentation by Tim “Stop Trying to Take Humans Out of SOC … Except … Wait… Wait… Wait…” blog Chronicle main site Threat Detection in Logs in Google Cloud SCC video “Modern Threat Detection at Google” (episode 17) “Automate and/or Die?” (episode 3)
24 minutes | Jul 12, 2021
Securing Multi-Cloud from a CISO Perspective, Part 3
Guests: Phil Venables (@philvenables), Vice President, Chief Information Security Officer (CISO) @ Google Cloud Dave Hannigan, Director, Financial Services Security & Compliance @ Google Cloud Topics: As a CISO, would you ever decide to use multiple clouds, if it were in your hands? How is security typically considered when companies go multi-cloud in their approach? Practically, or operationally, how does one think through securing multiple public cloud environments? What are the top challenges here? Different controls? Lack of tools? Confusing process? Skills on the team? Would you always buy security tools from a 3rd party (not a CSP) if you have to cover more than one cloud provider? Anything to add about compliance across multiple clouds? What is the best approach for securing multiple SaaS services that your company uses? Resources: “IDC: A multicloud strategy can mitigate regulatory, business risks” “Anthos security” SANS papers on securing multiple clouds (example)
24 minutes | Jul 6, 2021
Security Marketing? Every Product Needs a Story!
Guest: Kelly Anderson, Head of Product Marketing, User Protection Services @ Google Cloud Topics: What is marketing, really? Why is it sometimes reviled by the technologists? What makes a great marketer in cloud security? What’s different about cloud security marketing, as opposed to regular old on-premise security marketing? Is there still FUD in the cloud? Which things are the easiest or hardest to do in Google Cloud Security marketing? How do you talk about products so they stand out from the noise? How’s Google Cloud marketing helping our users stay ahead of the adversaries? Resources: Security insights that help customers stay up to date Customer case studies on our security products Quarterly Google Cloud Security Talks Cloud security webinars on BrightTALK and Cloud OnAir Identity and security blogs on the Google Cloud blog
28 minutes | Jun 28, 2021
Security Operations, Reliability, and Securing Google with Heather Adkins
Guest: Heather Adkins, Sr Director, Information Security @ Google Topics: Your RSA presentation has 3 pillars: zero trust, microservices, automation/zero prod, is this all you need to be secure & reliable in the modern world? Let’s drill down again into the “secure and reliable” concept, are you sure that they are interrelated? Is there a risk that microservices could actually increase attack surface? What are the practical security upsides of “no touch production”? SRE and DevOps revolutionized IT, can we expect a similar revolution for security? Where would it come from? Resources: “Building Secure and Reliable Systems” RSA 2021 presentation by Heather Adkins “Building Secure and Reliable Systems” book (free) “Modern Threat Detection at Google” (ep 17) Google BeyondCorp Google BeyondProd NIST 800-27 “Zero Trust Architecture”
Terms of Service
Do Not Sell My Personal Information
© Stitcher 2021