Cloud Security Podcast by Google

An excellent blend of passion and expertise in the session on 'Beyond PCAST: Phil Venables on the Future of Resilience and Leading Indicators' by Anton Chuvakin Timothy Peacock at the Google Cloud Security Podcast by Google. Truly impressive! Topics • Why is our industry suddenly obsessed with resilience? Is this ransomware’s doing? • How did the PCAST report (https://lnkd.in/gFB8QmHN...) come to be?  Can you share the backstory and how it was created? • The PCAST report emphasizes the importance of leading indicators for security and resilience. How can organizations effectively shift their focus from lagging indicators to these leading indicators? • The report also emphasizes the importance of "Cyber-Physical Modularity" - this sounds mysterious to us, and probably our listeners! What is it and how does this concept contribute to enhancing the resilience of critical infrastructure? • The report advocates for regular and rigorous stress testing. How can organizations effectively implement such stress testing to identify vulnerabilities and improve their resilience?  • In your opinion, what are the most critical takeaways from our PCAST-related paper (https://lnkd.in/gWdDzqVA...) for organizations looking to improve their security and resilience posture today? • What are some of the challenges organizations might face when implementing the PCAST recommendations, and how can they overcome these challenges?  • Do organizations get resilience benefits “for free” by using Google Cloud? Podcast link: https://lnkd.in/gqzfXZF4

Thrilled by the excellent session on 'Cloud Shared Responsibility: Beyond the Blame Game' by Dr Anton Chuvakin Timothy Peacock Rich Mogull FireMon Securosis at the Google Cloud Security Podcast by Google! The balance of enthusiasm and professionalism made it highly engaging Topics: • Let’s talk about cloud security shared responsibility.  How to separate the blame? Is there a good framework for apportioning blame? • You've introduced the Cloud Shared Irresponsibilities Model (https://lnkd.in/gBbk8863...) , stating cloud providers will be considered partially responsible for breaches even if due to customer misconfigurations. How do you see this impacting the relationship between cloud providers and their customers? Will it lead to more collaboration or more friction? • We both know the Jay Heiser (https://lnkd.in/gPUPyRPA) 2015 classic “cloud is secure, but you not using it securely.” In your view, what does “use cloud securely” mean for various organizations today? • Here is a very painful question: how to decide what cloud security should be free with cloud and what security can be paid?  • You dealt with cloud security for a long time, what is your #1 lesson so far on how to make the cloud more secure or use the cloud more securely? • What is the best way to learn how to cloud? What is this CloudSLAW (https://lnkd.in/gBwjE5Qp) thing? Podcast link: https://lnkd.in/gVhcrmCa

Tune into this insightful episode of the Cloud Security Podcast by Google, featuring LastPass Chief Secure Technology Officer, Christofer Hoff.  

Listening to the Cloud Security Podcast by Google this morning and came across an interesting one. Right now we’re witnessing a fundamental shift in how SOAR platforms are handled and deployed. We’re moving away from the “SOAR in a box” mentality with something more intentional, less about code and more about enablement. As that barrier comes down and the “new” kids on the block start closing bigger deals, I do think we’re going to start to see a dynamic blend of Response Engineering & Detection Engineering. The detection engineers will become playbook builders without the need for code, enabled by AI and backed by Detections as Code (DaC). https://lnkd.in/eWVKZ6fC

🚨New Episode Alert! Google Cloud’s CISO, Phil Venables, joined the @CloudSecurityPodcast this week to discuss the fascinating world of cybersecurity resilience! We explore the challenges organizations face when implementing the 2024 PCAST report recommendations and how to overcome them. 🎧 Listen here: https://lnkd.in/gMcqpPfJ

If you want to know more (in less than 30 mins of entertaining discussion) about: 1. Cyber-physical resilience. 2. Why leading indicators like software reproducibility and cold-restart time are more effective than just focusing on lagging indicators. 3. Why operational resilience techniques like stress testing are also vital for cyber. 4. What cyber modularity and Internet denial testing does for you. 5. And, why understanding your organization's minimum viable delivery objectives are crucial to fight through attacks and disasters. Then take a listen to a great discussion between me, Anton Chuvakin and Timothy Peacock on the 2024 season finale of the cloud security podcast. https://lnkd.in/ePpbQF4N

Episode 204 "Beyond PCAST: Phil Venables on the Future of Resilience and Leading Indicators" of Cloud Security Podcast where hosts Anton Chuvakin and Timothy Peacock interview Phil Venables (Vice President, Chief Information Security Officer (CISO) at Google Cloud) about how to win at the game of resilience https://lnkd.in/gMcqpPfJ #CloudSecurityPodcast #CloudSecPodcast #GoogleCloud #CloudSecurity #Cloud #Security #Cybersecurity

Transforming a company’s security culture takes more than just technology—it takes vision. In this latest episode of the Cloud Security Podcast by Google, Christofer Hoff, Chief Secure Technology Officer at LastPass, shares how he’s reshaping LastPass into a resilient security company. Join Anton Chuvakin as they discuss the cultural and technological shifts that drove this transformation, as well as the lessons learned along the way. Listen to the full episode → https://bit.ly/4gKC1zw #Cybersecurity #CloudSecurity #CISO #TechLeadership

What are your favorite ugly mistakes organizations made with cloud adoption back in the 2010s that they are now repeating with gen AI / AI adoption? #question Not to say there will be an episode about it, but hey ... it depends on you!