BlueDragon Podcast

Shinesa Cambric discusses the critical aspects of cloud auditing, emphasizing the importance of collaboration between developers, risk management, and compliance teams.She explores the basics of cloud auditing, the significance of governance and documentation, and the impact of identity management on cloud security.The discussion also highlights the integration of financial operations (FinOps) with cloud auditing and the future trends in cloud auditing, particularly concerning AI.CHAPTERS(00:00:00) INTRO (00:00:37) Introduction to Shinesa Cambric and Her Journey (00:03:43) The Importance of Cloud Auditing (00:06:35) Understanding Cloud Auditing (00:09:36) The Role of Cloud Providers in Auditing (00:12:44) Automation in Cloud Auditing (00:15:26) Training and Awareness in Cloud Security (00:16:11) The Importance of Collaboration in Cloud Auditing (00:19:21) Understanding Cloud Auditing Basics (00:23:18) Marker 1 (00:23:31) Navigating Cloud Security and Compliance (00:26:26) The Role of Governance in Cloud Auditing (00:29:20) The Significance of Documentation and Policies (00:32:29) The Impact of Identity on Cloud Security (00:35:28) Integrating FinOps with Cloud Auditing (00:38:47) Future Trends in Cloud Auditing and AI

Joshua Garverink, co-author of the Azure Integration Guide for Business, discusses journey into the tech industry, his experiences with Azure, and the importance of cloud integration for IT leaders.The conversation covers various themes including the benefits of moving to Azure, the cultural shifts required for cloud adoption, architectural considerations for cloud migration, the significance of network design, and the financial implications of cloud services through FinOps.In this conversation, Jetro and Josh discuss the critical aspects of cloud operations, focusing on Cloud FinOps, automation, cybersecurity, and the Azure ecosystem.They emphasize the importance of investing in skills for IT operations, the role of automation in enhancing security, and best practices for OLTP systems in Azure.The discussion also covers the significance of governance and security in cloud operations, the reality of serverless computing, and the future of Azure with technological innovations.CHAPTERS(00:00:00) INTRO (00:00:42) Introduction to Azure Integration and Author Background (00:05:33) Unlocking Opportunities with Azure for IT Leaders (00:10:09) Cultural Shifts in Cloud Adoption (00:12:04) Architectural Considerations for Cloud Migration (00:16:39) The Importance of Network Design in Azure (00:21:50) Understanding Cloud Costs and FinOps (00:25:12) Understanding Cloud FinOps and Cost Management (00:25:45) The Importance of Automation in Cloud Operations (00:30:33) Investing in Skills for IT Operations (00:31:38) The Role of Automation in Cybersecurity (00:32:09) Best Practices for OLTP Systems in Azure (00:35:07) Exploring the Azure Ecosystem for Data Analytics (00:37:33) Serverless Computing: Hype or Reality? (00:43:28) Governance and Security in Cloud Operations (00:45:47) The Future of Azure and Technological Innovations

SUMMARYGraham Gold, co-author of the Microsoft Cybersecurity Architect Exam, discusses extensive background in IT, the relevance of cybersecurity architecture in cloud environments, and the evolving landscape of cybersecurity practices.Key topics include the importance of identity management, the challenges of hybrid cloud environments, and strategies for assessing and improving security in cloud applications.The conversation emphasizes the need for visibility, risk management, and a proactive approach to cybersecurity. Moreover Graham Gold discusses critical aspects of modern security architecture, emphasizing the importance of least privilege, segregation of duties, and the roles of SIEM and SOAR in enhancing security operations.He highlights the necessity of automation in security processes to keep pace with the rapid changes in cloud environments.The discussion also covers the state of security awareness in financial services, navigating compliance in the cloud, budgeting for security investments, and the shared responsibility model in cloud security.Finally, Graham provides insights on preparing for the SC-100 exam and his future endeavors in the field of security.CHAPTERS(00:00:00) INTRO (00:00:40) Introduction to Cybersecurity Architecture (00:03:57) Understanding Microsoft Certification Levels (00:05:52) The Relevance of Cybersecurity in Cloud (00:08:03) Shifts in Cybersecurity Architecture with Cloud (00:11:11) Identity as the New Perimeter (00:15:59) Challenges in Hybrid Cloud Environments (00:20:05) Making Sense of Data in the Cloud (00:24:57) Assessing Security in Cloud Environments (00:31:36) Implementing Defense in Depth Strategies (00:33:10) Understanding Least Privilege and Segregation of Duties (00:33:38) The Role of SIEM and SOAR in Security Architecture (00:36:01) Automation in Security Operations (00:38:36) The State of Security Awareness in Financial Services (00:40:39) Navigating Compliance in the Cloud (00:43:22) Budgeting for Security: Prioritizing Investments (00:50:38) The Shared Responsibility Model in Cloud Security (00:53:35) Preparing for the SC-100 Exam and Future Insights

SUMMARYEyal Estrin discusses his background in cloud security and the importance of adapting to new security challenges in cloud environments.He emphasizes the shared responsibility model, the critical nature of identity and access management, and the risks associated with neglecting cloud security.Also he shares insights on budgeting for security investments, balancing agility with security, and common pitfalls organizations face in cloud security.In this conversation, Eyal Estrin discusses various aspects of cloud security, focusing on identity and access management, data protection strategies, and the importance of knowledge in cybersecurity.We emphasize the need for organizations to adopt best practices in managing identities, implementing encryption, and preparing for future threats in the cloud landscape.The discussion also highlights the significance of privileged identity management and the role of training in bridging knowledge gaps among IT professionals.CHAPTERS(00:00:00) INTRO (00:00:36) Introduction to Cloud Security and Eyal's Background (00:02:46) Understanding Cloud Security Challenges (00:04:25) The Importance of Cloud Security Today (00:06:15) Shared Responsibility Model in Cloud Security (00:08:18) Key Risks of Neglecting Cloud Security (00:10:49) Changing Mindsets in Cloud Security (00:13:04) Layered Security Approach in Cloud (00:15:23) Budgeting for Cloud Security Investments (00:18:31) Balancing Agility and Security in Cloud Deployments (00:26:26) The Cornerstone of Identity and Access Management (00:28:37) Common Pitfalls in Identity and Access Management (00:29:57) Enhancing Identity and Access Management (00:31:00) Break-Glass Scenarios in Production Environments (00:32:48) Privileged Identity Management (PIM) Insights (00:34:46) Data Protection and Encryption Strategies (00:39:10) Future Threat Landscape in Cloud Security (00:43:09) Bridging the Knowledge Gap in Cybersecurity (00:45:29) Final Thoughts on Cloud Security Best Practices

➡️ Link to Krishna Kathala's book: https://dub.sh/YengVh6In this episode of the Blue Dragon podcast, Krishna Chaitanya Rao Kathala, author of 'Privacy in the Age of Innovation' discusses the importance of privacy in the context of AI, the role of Privacy Enhancing Technologies (PETs), and how organizations can implement these technologies to ensure compliance with regulations like GDPR.Krishna explains various techniques such as differential privacy, federated learning, and homomorphic encryption, and emphasizes the need for a structured approach to data governance and security in AI applications.CHAPTERS(06:11) The Rise of AI and Privacy Concerns(09:00) Key Techniques of Privacy Enhancing Technologies(12:00) Implementing PETs in AI Lifecycle(18:01) Choosing the Right PET for Your Organization(24:50) Building Secure AI Solutions(29:49) Best Practices for Cloud Security in AI(34:50) Measuring Effectiveness of PETs(45:02) Conclusion and Future Directions

In this season's finale, we dive into cybersecurity with Dwayne Natwick, a seasoned expert with over 30 years of IT experience. Dwayne shares his journey from running Token Ring cables as a teenager to becoming a global cloud security lead. Discover the evolution of cloud security, the importance of risk awareness, and the critical role of identity in modern cybersecurity. Learn about the latest trends in cloud security architecture, the significance of data classification, and the future of cybersecurity in the age of AI. Dwayne also discusses the challenges of keeping up with rapid technological changes and offers insights into building a risk-aware organization. This episode is packed with valuable insights for IT and business decision-makers looking to enhance their security posture and stay ahead in the ever-evolving tech landscape. Enjoy! CHAPTERS (00:00) Introduction and Background (06:47) The Evolution of Cloud Security (10:40) Data Classification and User Awareness (13:44) Privacy Regulations: Europe vs. US (23:59) Assessing Risk Culture and Tolerance (26:24) The Importance of Planning and Preparedness (30:11) Building a Risk-Aware Organization (34:16) Allocating Budget for Security Initiatives (38:54) The Critique of 'DevSecOps' (44:15) The Future Outlook: Expanding Training Services and Mentoring Initiatives

In this episode, I sit down with Ahilan Ponnusamy, co-author of the book “Technology Operating Models for Cloud and Edge.” Ahilan shares his journey from being a Java developer to becoming a thought leader in cloud-native development and technology operating models. We delve into the evolution of IT operating models, the impact of cloud and edge technologies, and the future of AI in enterprise environments. Tune in to explore the complexities of hybrid cloud ecosystems, the pitfalls of bimodal IT, and best practices when creating a technology operating model. Enjoy! CHAPTERS (00:00) Understanding Operating Models (08:02) The Impact of Cloud and Edge Technologies (12:58) The Failure of Bimodal IT (23:44) Building a Foundation for Future-Proof IT

In this episode of the BlueDragon Podcast, I talk with Benny Lauwers, author of ‘The Good, The Bad and the Practical: AI for Doeners'! We explore his journey into practical AI, tackling real-world challenges in manufacturing, and a cool case study on predicting tile quality. Tune in for insights on AI's impact on quality, safety, and organizational culture. Enjoy!

In this episode of the BlueDragon Podcast, I interview Qamar Nomani about the fascinating world of Cloud Security Posture Management (CSPM). Qamar shares his journey into cloud security and what led him to write a book on the topic. We dive into what CSPM is, its benefits, and how it integrates into the broader cloud security landscape. We also tackle the myth that cloud is less secure than on-premises and discuss the shared responsibility model. Plus, we touch on compliance management and governance, especially in light of European directives. Enjoy!

In this episode, I talk with technology executive and author Marcelo Leite. We discuss the concepts of a database, data warehouse, data lake, and data lake house. He explains how these concepts have evolved and are used in modern data management. We also discuss the importance of data classification and data loss prevention (DLP) in ensuring data security. We introduce the concept of data mesh and its relevance for CTOs and CIOs. We cover two main themes: data mesh and the impact of cloud-based data platforms on security. We end with the Kusto Query Language (KQL) and the trend of SaaS solutions for data platforms. Enjoy!

In this episode, I interview Vincent van Dijk, an information security specialist and founder of Security Scientist. We discuss the importance of writing in cybersecurity, the need for data-driven decision-making in cybersecurity, and the impact of cloud computing on information security. We also talk about the rise of managed security service providers and the challenges small and medium enterprises face in securing their systems. Enjoy, and let us know what you think in the comments!

In this episode, I interview Stephane Eyskens, author of the Azure Cloud Native Architecture Map book. We discuss the drivers for organizations to move to the cloud. We also talk about the evolution of Azure in the last five years, the importance of cloud security, and the need for collaboration between cloud architects and security professionals. We also discuss the role of DevSecOps in integrating security into the development process, the difficulty of retraining existing professionals, and the comparison between Azure and other cloud providers. Finally, we have a very interesting talk about the future of AI and data platforms and Microsoft's open-minded approach to multi-cloud and open source. Enjoy!

In this episode, Mike Bursell discusses the concept of trust in computer systems and the cloud. We also explore the topics of trust in the cloud and the emerging trend of zero-trust. Mike highlights the importance of a trusted computing base and the role of hardware-based protection in confidential computing. We discuss the benefits of confidential computing, including data and application protection, and its potential future in various industries. We also touch on the relationship between open-source software and trust, as well as the role of blockchain in enhancing trust. Enjoy!

In this episode, I talk to Walter Rocchi, an ISO 27001 Lead Implementer and Lead Auditor, to discuss the importance of cybersecurity and privacy in European organizations. We talk about continuous improvement and training to ensure effective security measures. We compare the European mindset toward privacy and data protection with other continents. We discuss the challenges of balancing European innovation and regulation. We investigate the importance of frameworks like ISO 27001 and NIST in ensuring cybersecurity and data protection. We also touch on the relevance of cloud security and the role of information security officers in understanding cloud security and AI security. We conclude with a discussion on the current legal framework for exchanging personal data of European citizens with the US and the importance of technical controls in data protection. Enjoy!

This first episode of the BlueDragon Podcast delves into the transformative world of cloud computing, featuring insights from industry expert Jonah Andersson. We discuss the evolution of Azure, cloud adoption trends, and the foundational knowledge necessary for leveraging cloud technologies effectively.