Avsnitt
-
In this episode from KubeCon Paris 2024, we spoke to Loris Degioanni, Co-Founder and CTO of Sysdig about Open Source Project, Falco that celebrated its graduation this year at KubeconEU, Loris shared with us this proud moment and journey from writing the 1st lines of code to its critical role in protecting Kubernetes environments, and the future roadmap post-graduation. We spoke about the gap between traditional security measures and the dynamic needs of modern infrastructures.
Guest Socials: Loris's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
00:00 Introduction
01:13 A bit about Loris
01:44 What does graduation mean for Falco?
02:58 What is Falco?
04:59 eBPF and Falco
06:01 Why eBPF is secure?
07:11 Runtime Security in Kubernetes
10:32 ROI for leaders for Runtime Security Tools
12:50 Preventative Security vs Runtime Security
14:08 Runtime Security in Modern Environments
16:42 Whats the Future for Falco?
18:31 The Fun Questions
-
What is it like to build a successful business based on risk? In this episode Ashish spoke to Fredrick Lee, CISO at Reddit. FLee shared his deep insights into the essential role of risk in driving business success and innovation. With a career that spans across notable tech giants like Square (now Block), Twilio, and Gusto, Lee brings a wealth of experience in both hardware and software security landscapes. Without embracing risk, businesses risk stagnation in a world where competitors are always ready to innovate. From discussing the cost-effective strategies in cybersecurity to exploring the formation and goals of Reddit's S.P.A.C.E team (Security, Privacy, Automation, Compliance, and Engineering), this episode gets into the challenges and opportunities presented by the modern tech environment
Guest Socials: Fredrick Lee's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(04:42) A bit about Fredrick Lee
(07:42) How cloud changed cybersecurity?
(11:37) Threat Landscape in Software vs Hardware
(15:12) Threat Landscape in B2B vs B2C
(17:27) Navigating the First Steps as a New Company's CISO
(20:26) The role of compliance in Cybersecurity
(24:12) The role of privacy in Cybersecurity
(26:11) The role of AI in cybersecurity
(30:36) A bit about AI Cybersecurity Podcast
(31:09) What it means to be a CISO?
(34:34) Building CISO Roadmaps: Balancing Short-Term and Long-Term Goals
(36:49) Where to start with CISO Roadmap?
(39:02) What keeps Fredrick motivated about his CISO role?
(40:36) Whats next for current CISOs?
(42:50) The Fun Questions
-
Saknas det avsnitt?
-
Lets talk about the Evolution of Email Security. We have been speaking about Email Security for years but why has it not been solved? We spoke to Abhishek Agrawal, Co-founder of Material Security about the fact that despite of decades of advancements, email security remains a critical concern, with sophisticated attacks continually bypassing traditional controls. We explored the fascinating landscape of productivity suites like Microsoft 365 and Google Workspace, underscoring their importance beyond just communication tools. What are the critical aspects of threat management, posture management, and the necessity of a focused approach towards securing this often-overlooked segment of our digital infrastructure management.
Guest Socials: Abhishek's Linkedin Abhishek's Twitter
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions
(00:00) Introduction
(03:57) A bit about Abhishek
(04:49) What is a Productivity Suite?
(05:48) Why Email Security is still a focus in 2024?
(11:43) Where to start with Productivity Suite Security?
(15:03) The role of Cloud Native Tools in Productivity Suite Security
(19:38) Where can security leaders start with Productivity Suite Security
(24:39) Where can people learn more about Productivity Suite Security
(26:44) Fun Questions
-
How do you build a Robust Detection Framework? Ashish spoke to Andrew Tabona, SVP of Cyber Threat Management and Incident Response at a Fortune 500 company about challenging the conventional wisdom of applying on-premise incident response plans to cloud environments. They speak about the critical metrics of mean time to detect, respond, and recover, and why mastering the fundamentals is key to effective cloud security.
The conversation also covers practical strategies for building a detection framework, the importance of a balanced approach to log ingestion, and the nuanced differences in incident response between cloud and traditional on-premise environments.
Guest Socials: Andrew Tabona
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(03:20) A bit about Andrew Tabona
(04:26) What is Threat Detection and Response?
(06:14) Why incident response is different in Cloud?
(09:18) Benefits of doing Incident Response in Cloud?
(10:29) Is CSPM your incident response tool?
(12:33) Where to start with Detection in Cloud?
(16:35) Getting buy in from other teams for threat detection
(20:15) Should you build or buy a cybersecurity solution?
(22:34) Responding to incidents in a Cloud Context
(26:01) Containing incidents in a Cloud Context
(28:34) What kind of access do IR teams need?
(30:36) Balancing the signal to noise ratio
(32:10) Where to start with Threat Detection and Response
(34:37) Challenges an organisation might face
(35:58) Threat Detection and Response in MultiCloud
(37:52) Showing ROI of Cybersecurity to the business
(38:57) Where to learn about IR and Threat Detection?
(41:09) Fun Section
(44:14) Where you can connect with Andrew
-
What is GitHub Copilot? Its a AI-powered coding assistant that's redefining how developers write code. We spoke to Joseph Katsioloudes, a security specialist from the GitHub Security Lab. We spoke about how GitHub Copilot has been designed to serve not just developers but security professionals and others involved with code, enhancing productivity, satisfaction, and security across the board.
Guest Socials: Joseph Katsioloudes
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) A bit about Joseph
(01:07) What is GitHub Copilot?
(02:42) Use case for GitHubCopilot from a security perspective
(04:16) Cloud Development Kits (CDKs) for GitHub Copilot
(05:48) Business Motivation for GitHub Copilot adoption
(07:41) Should we trust AI generated code ?
(08:31) Using GitHub Copilot
(12:00) Data Privacy with Github Copilot
(13:28) GitHub Copilot for Regulated Industries
(14:51) What is GitHub Copilot X?
(16:02) What is GitHub Workspace?
(18:20) The Fun Section
-
How is your Cloud Incident Preparedness? Is your CSPM enough? Ashish spoke to Ariel Parnes, Co-Founder and COO at Mitiga about the concept of "Assume Breach" and its importance in developing a proactive cloud security framework. If you are looking to understand the nuances of of cloud incident response and being prepared for them, the effectiveness of current tools, and the future of cloud security operations strategy, then this episode is for you.
Guest Socials: Ariel Parnes
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(02:46) A bit about Ariel Parnes
(04:02) Cybersecurity in the world of Cloud
(06:07) What is Cloud Incident Preparedness?
(08:40) Reality of Cloud Incident Preparedness
(11:16) Does a CSPM help with Incident Preparedness?
(13:54) Should logs be sent to SIEM?
(15:59) Whats a good starting point for Incident Preparedness?
(18:31) Gaining deep visibility in your cloud environment
(19:50) Do you need a Security Data Lake?
(25:56) Demonstrating ROI for Security Operations
(28:28) Importance of Human Factor in Security Operations
(30:51) Low Hanging fruits to strengthen cloud operations
(32:31) The Fun Questions
-
Do you need an essential guide for Threat Modeling your Cloud Environment, then this episode is definitely for you. Ashish sat down with Tyson Garrett from TrustOnCloud. We explore why and how organizations should approach threat modeling in cloud to enhance their security posture. Tyson and Ashish go through the practical steps required for effective threat modeling, including identifying and prioritizing threats, and the continuous adaptation required to address the dynamic nature of cloud services.
Guest Socials: Tyson Garrett
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(02:50) A bit about Tyson Garrett
(04:27) What is Threat Modeling in Cloud?
(06:29) Threat Modeling the right way in the Cloud
(08:23) Threat Modeling in Cloud vs On Prem
(11:05) Examples of Threat Modeling
(13:41) Threat Modeling AI Services from Cloud Providers
(21:58) Including Threat Modeling in Security Programs
(25:09) Threat Modeling Cloud at Scale
(28:08) Different Approaches for Threat Modeling
(30:21) Challenges with Threat Modeling in Cloud
(33:42) Best Practices for Threat Modeling in Cloud
(39:59) Showing ROI on Threat Modeling
(42:57) Maturity Levels of Threat Modeling
(45:21) Starting point for learning about Threat Models
(46:12) The Fun Questions
(48:41) Where can you connect with Tyson
Resources spoken about during the episode
TrustOnCloud has kindly offered a Free ThreatModel of your choice to our listeners - you can register here to pick yours
-
What is the role of AI in Legal Research and Data Security? We spoke to Matt McKeever, CISO and Head of Cloud Engineering at LexisNexis, a company that uses GenAI and Custom LLM models to help its customers with legal research, guidance and drafting. Matt spoke to us about intersection of cloud engineering, cybersecurity and the revolutionary impact of Generative AI (GenAI) in the legal sector. He shared how LexisNexis leverages GenAI to enhance legal research, draft legal documents and summarize cases efficiently. We learn about the importance of data security in AI applications, especially in the legal industry and the role of custom Large Language Models (LLMs) in securing and processing legal data.
Guest Socials: Matt McKeever
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCampQuestions asked:(00:00) Introduction (00:26) LexisNexis use case for GenAI(02:37) Amazon's Generative AI services(03:24) Cybersecurity Threats when using GenAI(05:14) Where to get started with Security in GenAI?(06:53) Balancing Security and Innovation(08:20) Business reason for GenAI(09:13) Lessons from working with GenAI(11:14) Having Custom Large Language Model(13:42) Impact of AI on Cloud Security Roles (14:50) Get Started with Custom Large Language Model(15:48) Fun Questions (17:49) Where to connect with Matt McKeever?
-
Are you familiar with Sidecars in Kubernetes? We spoke to Magno Logan about the complex world of Kubernetes security and the silent but deadly vulnerabilities associated with sidecar containers. Magno shares his extensive research and insights on how attackers can exploit these vulnerabilities to stay hidden within a Kubernetes environment, posing significant threats beyond the commonly discussed crypto mining attacks. Magno spoke about common attack paths targeting Kubernetes clusters, from exploiting application vulnerabilities to leveraging exposed Kubernetes services and compromised valid accounts.
Guest Socials: Magno Logan
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(01:26) A bit about Magno Logan
(01:49) Kubernetes Common Threats Explained
(02:23) Kubernetes Cluster Attack Entry Points
(04:28) How attackers maintain persistent access in Kubernetes?
(05:30) Container Escape Explained
(07:03) Maintaining Persistence in Kubernetes Clusters
(08:18) What are Sidecars?
(10:43) How to secure your sidecars?
(12:33) Where can people learn more about this
(13:57) The Fun Section
Resources spoken about on the podcast
Mitre Att&ck Containers Matrix
Microsoft Threat Matrix
-
Navigating modern application security in a world of Cloud, DevSecOps and now AI is getting rather complex. We spoke to Idan Plotnik, who has 24 years of cybersecurity experience under his belt and is the Co-Founder of Apiiro about world of Application Security Posture Management (ASPM) and their relevance in both large and small organizations. Idan speaks about the challenges faced in managing vast quantities of repositories and tackles common misconceptions about ASPM, confirming that it's not intended to replace existing security pipelines.
Guest Socials: Idan Plotnik
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:(00:00) Introduction (04:58) A bit about Idan Plotnik(05:56) Application Security tools explained (08:09) Why Application Security Orchestration Correlation (ASOC) didn't work?(09:14) Difference between Cloud Security and Application Security Tools(14:51) Why is there a growing need for Application Security Tools today?(19:07) Do Small to Medium size businesses need Application Security Tools?(21:46) Managing Cybersecurity Tools(26:08) API Security for Applications (30:29) Dealing with Regulatory Requirements in Cybersecurity(34:16) Evolving Goals in Application Security(35:49) Deciphering MTTR in Cybersecurity(37:54) The Fun Questions(39:37) Where you can connect with Idan?
-
We caught up with Troy Hunt and Scott Helme at NDC Security Oslo 2024 to talk about best practices when it come to decoding TLS, password security and data breaches in cloud and AI.
Troy Hunt, known for his work with haveibeenpwned.com, spoke to us about the complexities of cloud deployment and paradox of data input versus privacy risk in Large Language Models (LLMs), Cloud. Scott Helme, a security researcher and founder of securityheaders.com, spoke about the importance of early security training in the development lifecycle for applications built in 2024. We dissected the critical yet often overlooked aspects of cybersecurity in cloud and ai.
Guest Socials: Troy Hunt + Scott Helme
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(01:37) Evolving Landscape of Password Management
(04:17) Analyzing Data Breach Trends:
(05:48) Latest Security Protocols with TLS and Encryption
(08:24) Debating Encryption Key Management
(10:59) AI's Role in Data Breaches:
(13:59) Best Practices for Enterprise Password Management
(16:01) Best Practices for Password Management in Small to Medium Sized Businesses
(18:04) Top 5 security best practices
(19:58) Understanding Security Headers
(27:14) The Fun Section
-
What is a good multicloud strategy in 2024? We spoke to Vivek Menon, CISO for Digital Turbine about the maturity and security capabilities of major cloud service providers, AWS and GCP.
Vivek spoke about the journey from on-premise to multi-cloud landscapes, the strategic approaches to cloud security in 2024, and the unique challenges that teams face across different cloud platforms. Vivek shared his insights into IAM, misconfigurations, and the value of dedicated cloud-specific teams provide a roadmap for organizations aiming to enhance their cloud security posture.
Guest Socials: Vivek's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(01:58) A bit about Vivek Menon
(02:53) Transitioning from On-Premise to Multi-Cloud
(05:35) What is mobile ad tech?
(06:44) Why AWS and GCP?
(08:09) Challenges in Multi-Cloud Environments - The people piece
(09:37) Challenges in Multi-Cloud Environments - The process piece
(10:42) Managing identities in a MultiCloud Environment
(12:52) Managing Misconfigurations in a MultiCloud Environment
(13:58) Multi-Cloud Security- Build In-House or Buy Tools
(17:44) Starting Point for MultiCloud Policy
(18:54) AWS vs. Google Cloud: Comparing Cloud Security Maturity
(20:28) What makes security in Google Cloud stand out
(21:18) CISO Guide: Initiating a Cloud Security Strategy in 2024
(25:01) The Fun Section
(27:03) Where can you connect with Vivek
-
Dive into the world of AI and Kubernetes with Shopify's Shane Lawrence in this episode of the Cloud Security Podcast. Shane, shares his experience in the security team at Shopify and working on the intersection of AI, Large Language Models (LLMs), and Kubernetes security. Shopify is looking to pioneer the use of AI to streamline developer operations, enhance productivity, and bolster security measures in multi-tenant Kubernetes environments.
This episode will be valuable for you if you work in Kubernetes, Security and looking for how AI can build efficiency in your team.
Guest Socials: Shane's Linkedin (Shane's Linkedin)
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction to AI and Kubernetes
(01:32) Shane Lawrence and Shopify's AI Journey
(02:21) AI and Developer Efficiency in Kubernetes
(04:39) AI-Driven Automation for Security
(06:34) Challenges of AI in Kubernetes Environment
(11:22) Case Studies for AI in Kubernetes
(13:43) The Future of Kubernetes and AI
(15:59) Learning and Experimenting with AI in Kubernetes
(17:49) Closing Thoughts and Fun Q&A
-
How can you build a robust cloud security program in AWS, particularly as a startup and small to medium-sized businesses navigating AWS in 2024? We spoke to Chris Farris, who is the event chair for fwd:cloudsec, a known cloud security expert and one of the first AWS Heroes for security.
Chris shared his insights on how to build a security strategy that is both practical and effective in today's dynamic cloud environment. From discussing the importance of AWS organizations and Identity Centre to breaking down the complexities of cloud security posture management. You will hear actionable advice and best practices.
Guest Socials: Chris's Linkedin (@chrisfarris)
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions Asked:
(00:00) Introduction
(02:59) A bit about Chris Farris
(03:30) fwd:cloudsec Conference
(04:19) AWS Hero program for Cloud Security
(05:23) Building Effective Cloud Security Programs
(11:39) Top Recommendations for AWS Cloud Security
(13:34) What is AWS IAM Identity Center?
(18:02) How to Set Up AWS IAM Identity Center?
(20:13) Cloud Security in different industries
(29:31) The role of a Cloud Security Engineer
(34:30) Cloud Security Breaches
(38:02) Educational Resources in Cloud Security
(42:41) The Fun Section
Resources spoken about in this episode:fwd:cloudsecAWS IAM Identity CenterLeveraging AWS SSO (aka Identity Center) with Google Workspaces breaches.cloud
-
Is Offensive Security part of your 2024 Security Roadmap? We caught up with Sam Kirkman, Director at NetSPI EMEA at BlackHat Europe 2023 about what an Offensive Security Roadmap going into 2024 should look like. Offensive security is much more than pentesting. We spoke about how to build a capable team, different maturity stages of building such a program and resources you can lean on while you are on this journey across different industries.
Guest Socials: Sam's Linkedin (@sam-kirkman-cybersecurity)
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(02:53)A bit about Sam Kirkman
(03:53) What is offensive security?
(04:52) The attack landscape
(07:34) Offensive Security Roadmap
(09:43) Components of Offensive Security Roadmap
(11:04) Whats a good starting point?
(12:55) Skillsets required in the team
(16:57) Different stages of maturity
(19:09) Where can people learn more about this?
(22:03) Where you can connect with Sam
You can learn more about NetSPI and offensive security here
-
Cloud Security environments looks very complex in 2023, and it will continue to evolve in 2024 now with AI. At AWS re:Invent 2023 this year, we sat down with Alex Jauch, Senior Director of Product Management at Outshift to talk about the complexities in Cloud Security, the role of GenAI and what can be items to consider for your 2024 Cloud Security Program.
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions Asked:(00:00) Introduction (01:34) A bit about Alex(02:02) Current Cloud Security Landscape(04:43) The cloud security acronyms(08:44) Dealing with complex infrastructure (12:31) Impact of GenAI on Security (15:26) Do you have GenAi in Production?(16:55) We are all one team! (19:04) 2024 Security Program(20:39) Whats not being spoken about?(22:11) The fun section(26:00) Where you can connect with Alex!
-
Kubernetes is shaping the future of cloud native technology with interest from security folks, businesses and developers - what does the future of Kubernetes Security look like? At Kubecon NA 2023, we spoke to Emily Fox who is the chair of CNCF's Technical Oversight Committee and Software Engineering Lead at RedHat about how Zero Trust plays out in the Kubernetes environment, challenges and solutions in securing the software supply chain within Kubernetes, the impact of AI workloads on Kubernetes and future of Edge Computing and Kubernetes.
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions Asked:(00:00) Introduction (02:23) A bit about Emily (02:51) What is Supply Chain Security?(03:51) What triggered this conversation?(05:10) Supply Chain Security in Managed Kubernetes(06:07) What is Zero Trust?(07:24) Implementing Zero Trust (09:29) The role of Security and Compliance(11:13) Compliance as code in Kubernetes(13:22) What is Edge?(17:41) The impact of AI on Security (20:39) Detection for AI and Kubernetes(22:29) How are the skillsets changing?(25:00) Security for Open Source Projects(28:01) The fun section
-
Kubernetes security explained : We spoke to Cailyn Edwards, CNCF Ambassador and Senior Security Engineer at Shopify. Interview was recorded at Kubecon NA 2023. We asked her about the complexities of Kubernetes Network Security in a multi-tenant environment. During the interview, she shared the nuances of Kubernetes network security in multi-tenant setups, tools and tactics for securing Kubernetes environments, insights from her journey at Shopify and tips for advancing the security maturity of Kubernetes networks.
Thank you to our episode sponsor Vanta - You can check them out at vanta.com/cloud
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction (02:25) A bit about Cailyn (03:08) How is Kubernetes Networking different?(04:20) Foundational pieces of Kubernetes Networking(06:21) Whats missing in Kubernetes Networking?(07:47) What is Multi Tenancy?(10:20) What are some of the common threat models?(13:16) How are people responding to threats? (14:41) Where to start learning about this?(16:26) Best practices for Kubernetes Networking(18:16) What becomes more important with maturity?(21:14) Resources to learn more about Kubernetes Security (22:30) The Fun Section
Resources shared during the episode:
Kubernetes Security Checklist - https://kubernetes.io/docs/concepts/security/security-checklist/
Pentesting your own cluster with Liz Rice - https://www.youtube.com/watch?v=fVqCAUJiIn0
-
Cloud Security Podcast just got back from AWS re:invent 2023, there was a lot of chat around, you guessed it - GenAI but along with that there were plenty of security updates and announcement. Shilpi and Ashish broke them all down for you and what it all actually means for all security practitioners.
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(04:49) GenAI at AWS re:Invent
(06:01) No new security service announced
(06:48) Updates from CEO and CTO Keynotes
(11:29) What is Amazon Inspector?
(12:10) Amazon Inspector Security Updates
(15:09) What is AWS Security Hub?
(15:52) AWS Security Hub Security Updates
(18:52) What is Amazon GuardDuty?
(20:10) Amazon GuardDuty Security Updates
(22:49) What is Amazon Detective?
(23:45) Amazon Detective Security Updates
(26:22) What is IAM Access Analyser?
(28:06) IAM Access Analyser Security Updates
(30:33) What is AWS Config?
(31:25) AWS Config Security Updates
(32:35) Other Security Updates
(33:46) 3 Layers of AI
(35:21) What is Amazon CodeWhisperer?
(36:36) Amazon Application Composer
(37:34) Guardrails for Bedrock
(38:13) Amazon Q
(41:17) Zero Trust
(41:45) Ransomware
(44:29) Security Talks
(45:54) Input filtering and validation for WAF
(50:31) Enterprise IAM and data perimeter
(53:00) Conclusion and find out more!
You can check out the Top announcements of AWS re:Invent 2023 + AWS re:Invent 2023 - Security Compliance & Identity
-
eBPF is recent graduate in the CNCF family and this means that the world of Cloud and Kubernetes, networking looks very different with more security capabilities. Cilium the project from Isovalent has been gaining traction for network security for kubernetes as blindsides have been called out in the managed kubernetes deployments. This episode was recorded at KubeCon NA with Thomas Graf from Isovalent to share what the blindsides are and why eBPF provides better network security capability for kubernetes deployments of any scale.
Guest Socials: Thomas's Linkedin (@ThomasGraf)
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(03:42) A bit about Thomas
(04:11) Traditional Networking in Kubernetes
(06:52) What is Cilium?
(07:52) What is eBPF?
(08:46) What do people use Cilium for?
(11:31) Starting with network security in Kubernetes
(13:02) Complexities with Scale
(16:02) How do projects graduate?
(17:02) The eBPF documentary
(17:27) Opensource to Company
(18:52) Practitioner to Founder
(19:57) Building an open source project
(21:13) The Fun Questions!
You can check out the The eBPF Documentary here
- Visa fler
