Learn Cloud Security in Public Cloud the unbiased way from CyberSecurity Experts solving challenges at Cloud Scale. We can be honest because we are not owned by...
What does it take to secure AI-based applications in the cloud? In this episode, host Ashish Rajan sits down with Bar-el Tayouri, Head of Mend AI at Mend.io, to dive deep into the evolving world of AI security. From uncovering the hidden dangers of shadow AI to understanding the layers of an AI Bill of Materials (AIBOM), Bar-el breaks down the complexities of securing AI-driven systems. Learn about the risks of malicious models, the importance of red teaming, and how to balance innovation with security in a dynamic AI landscape.What is an AIBOM and why it mattersThe stages of AI adoption: experimentation to optimizationShadow AI: A factor of 10 more than you thinkPractical strategies for pre- and post-deployment securityThe future of AI security with agent swarms and beyondGuest Socials: Bar-El's LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity PodcastQuestions asked:(00:00) Introduction(02:24) A bit about Bar-el(03:32) What is AIBOM?(12:58) What is an embedding model?(16:12) What should Leaders have in their AI Security Strategy?(19:00) Whats different about the AI Security Landscape?(23:50) Challenges with integrating security into AI based Applications(25:33) Has AI solved the disconnect between Security and Developers(28:39) Risk framework for AI Security(32:26) Dealing with threats for current AI Applications in production(36:51) Future of AI Security(41:24) The Fun Section
--------
45:27
Realities of Cloud Networking in AWS
AWS networking isn’t as simple as it seems and when you’re dealing with regulated industries like healthcare, the stakes are even higher.In this episode we sit down with Kyler Middleton and Jack W. Harter from Veradigm — who have navigated complex AWS networking challenges while migrating from on-prem data centers to the cloud.We speak about: The real struggles of moving from data centers to AWS Why networking can feel like a black box The anti-pattern that surprisingly worked best How to build secure cloud networks—without losing your sanity The hidden security & compliance challenges in healthcare cloud migrationGuest Socials: Kyler's Linkedin + Jack's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity PodcastQuestions asked:(00:00) Introduction(01:55) A bit about Kyler and Jack(03:18) Security Challenges in Medical Industry(06:01) Where to start when migrating from data centres to AWS?(07:42) Networking Challenges for Regulated Industries(11:26) Networking in On-Prem vs Cloud(19:24) Security by Design considerations(29:31) The Terraform pieces(34:34) Network Firewall in Cloud(39:46) Lessons learnt from the project(46:21) The Fun SectionResources:Let's Do DevOps - Kyler's Website Jack's WebsiteDay Two DevOps - Podcast Co-Hosted by Kyler
--------
53:05
Cloud Incident Response in Microsoft Azure
In this episode, we dive deep into Azure security, incident response, and the evolving cloud threat landscape with Katie Knowles, Security Researcher and former Azure Incident Responder. We spoke about common Azure incident response scenarios you need to prepare for, how identity and privilege escalation work in Azure, how Active Directory and Entra ID expose new risks and what security teams need to know about Azure networking and logging.Guest Socials: Katie's LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity PodcastQuestions asked:(00:00) Introduction(02:27) A bit about Katie(03:17) Domain Admin in Azure(07:03) Common causes of incidents in Azure(08:53) Identities in Azure(11:44) Third Party Identities in Azure(17:34) Azure Networking and Incident Response(22:35) Common Incidents in Azure(26:53) AI specific incidents in Azure(28:45) Privilege escalation in Azure(39:37) Where to start with Azure Research?(48:20) The Fun Questions
--------
54:15
AWS Multi-Account Security: What Netflix Learned
🚀 How do you secure thousands of AWS accounts without slowing down developers? Netflix’s cloud security experts Patrick Sanders & Joseph Kjar join us to break down their identity-first security model and share lessons from scaling security across a massive AWS multi-account environment.In this episode, we cover:Why identity, not network, is the best security boundaryThe challenges of least privilege and right-sized accessHow Netflix migrates IAM roles while minimizing disruptionsThe impact of multi-account AWS security strategiesGuest Socials: Patrick's Linkedin +Joseph's LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity PodcastQuestions asked:(00:00) Introduction(02:05) A bit about Joseph(02:32) A bit about Patrick(02:38) Scaling security across multiple accounts(03:29) Least Privilege is hard(06:44) Why go down the identity path?(08:49) Identity based approach for least privilege(15:43) Security at scale for Multi Account in AWS(23:54) Lessons from the project(27:02) What would be classified as an easy migration?(30:55) How the project has progressed?(35:01) Automation Pieces that enabled the project(37:54) Where to start with scaling security across Multi Accounts?(39:21) Resource Access Manager and how it fits into migrationResources discussed in this interview:Accelerate insights using AWS SDK instrumentation TalkPatrick and Joseph’s Talk - Netflix's massive multi-account journey: Year twoJoseph and Patrick's previous interview on Cloud Security Podcast
--------
50:33
Cloud Security Detection & Response Strategies That Actually Work
We spoke to Will Bengtson (VP of Security Operations at HashiCorp) bout the realities of cloud incident response and detection. From root credentials to event-based threats, this conversation dives deep into:
Why cloud security is NOT like on-prem – and how that affects incident response
How attackers exploit APIs in seconds (yes, seconds—not hours!)
The secret to building a cloud detection program that actually works
The biggest detection blind spots in AWS, Azure, and multi-cloud environments
What most SOC teams get WRONG about cloud security
Guest Socials: Will's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast
Questions asked:
(00:00) Introduction
(00:38) A bit about Will Bengtson
(05:41) Is there more awareness of Incident Response in Cloud
(07:05) Native Solutions for Incident Response in Cloud
(08:40) Incident Response and Threat Detection in the Cloud
(11:53) Getting started with Incident Response in Cloud
(20:45) Maturity in Incident Response in Cloud
(24:38) When to start doing Threat Hunting?
(27:44) Threat hunting and detection in MultiCloud
(31:09) Will talk about his BlackHat training with Rich Mogull
(39:19) Secret Detection for Detection Capability
(43:13) Building a career in Cloud Detection and Response
(51:27) The Fun Section
Learn Cloud Security in Public Cloud the unbiased way from CyberSecurity Experts solving challenges at Cloud Scale. We can be honest because we are not owned by Cloud Service Provider like AWS, Azure or Google Cloud.
We aim to make the community learn Cloud Security through community stories from small - Large organisations solving multi-cloud challenges to diving into specific topics of Cloud Security.
We LIVE STREAM interviews on Cloud Security Topics every weekend on Linkedin, YouTube, Facebook and Twitter with over 150 people watching and asking questions and interacting with the Guest.
Australia