Podcasts about cloud security

ABOUT JOHN AMARALJohn Amaral, CTO and co-founder of Root.io, is a veteran cybersecurity leader with a proven track record of scaling and exiting successful companies. At Cisco, he led Product for Cloud Security—its fastest-growing Security and SaaS business. Before that, he ran product and engineering at CloudLock through its acquisition by Cisco in 2016. Earlier, as SVP of Product at Trustwave, John led its industry-leading security portfolio, culminating in a strategic acquisition by Singtel. Today, he's building Root.io—a next-gen cybersecurity platform pioneering Agentic Vulnerability Remediation (AVR) to automate and eliminate software vulnerabilities at scale. This episode is brought to you by Side – delivering award-winning QA, localization, player support, and tech services for the world's leading games and technology brands.For over 30 years, Side has helped create unforgettable user experiences—from indies to AAA blockbusters like Silent Hill 2 and Baldur's Gate 3.Learn more about Side's global solutions at side.inc. SHOW NOTES:The evolving role of engineering leaders (2:13)“Shift Left is Dead” - Why it's time to “Shift Out” (5:59)Applying Jobs-To-Be-Done & offloading toil with AI (11:00)Root.io's AI-driven approach to security (15:03)Vision First Leadership (22:36)Empowering developers & shipping daily (27:38)Rethinking product & engineering orgs and building your vision muscle (30:47)Unlocking creativity through hobbies (36:37)Rapid fire questions (41:14)LINKS AND RESOURCESThe All-In Podcast - When the pandemic prevented four friends from convening their weekly poker game, they took to the airwaves to socialize and discuss the news of the day. What started on a whim has quickly become one of the top-ranked podcasts in the world.This episode wouldn't have been possible without the help of our incredible production team:Patrick Gallagher - Producer & Co-HostJerry Li - Co-HostNoah Olberding - Associate Producer, Audio & Video Editor https://www.linkedin.com/in/noah-olberding/Dan Overheim - Audio Engineer, Dan's also an avid 3D printer - https://www.bnd3d.com/Ellie Coggins Angus - Copywriter, Check out her other work at https://elliecoggins.com/about/

Many organizations focus on keeping attackers out, but what happens when one gets in? We spoke to Ramesh Ramani, Staff Security Engineer at Block about the real challenge, which is preventing them from leaving with your data. In this episode, Ramesh details the innovative system his team built to automate egress access control at scale, moving beyond traditional, inefficient methods.Ramesh explains how by establishing "sources of truth" for both internal applications and external partners, they created a centralized governance model. This system uses SPIFFE IDs to understand application identity, validates data-sharing requests against partner approvals, and provides a seamless, self-service experience for developers. Discover how this approach not only enhances security by preventing unauthorized data exfiltration but also improves incident response, allowing them to instantly revoke access to compromised third-party domains.Guest Socials -⁠⁠ ⁠⁠⁠Ramesh's Linkedin Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Cybersecurity PodcastQuestions asked:(00:00) - Introduction(00:55) - Ramesh Ramani's Journey: From Network Engineer to Cloud Security at Block(02:03) - The "Trapped Thief" Analogy: Why Egress Is a Critical, Overlooked Problem(04:07) - The Trigger for Automation: Why Traditional Egress Security Doesn't Scale(07:36) - The Secret Sauce: Using SPIFFE IDs for Application Identity Across Any Cloud(14:42) - How It Works: Requesting Access & Denying Leaks to Partners like ChatGPT(30:39) - The Foundation: Why You Must Start with a "Source of Truth" for Apps & Partners(31:23) - Incident Response: Instantly Cutting Off Access When a Partner is Compromised(33:58) - Rollout Strategy: How to Implement Egress Controls Without Burdening Other Teams(37:35) - The Fun Section: Tech, Family, RPGs, and the Best Vegetarian RamenResources discussed during the episode:BSidesSF 2025 - Centralizing Egress Access Controls Across a Hybrid Environment.

In this episode of Security Matters, host David Puner sits down with Deepak Taneja, co-founder of Zilla Security and General Manager of Identity Governance at CyberArk, to explore why 2025 marks a pivotal moment for identity security. From the explosion of machine identities—now outnumbering human identities 80 to 1—to the convergence of IGA, PAM, and AI-driven automation, Deepak shares insights from his decades-long career at the forefront of identity innovation.Listeners will learn:Why legacy identity governance models are breaking under cloud scaleHow AI agents are reshaping entitlement management and threat detectionWhat organizations must do to secure non-human identities and interlinked dependenciesWhy time-to-value and outcome-driven metrics are essential for modern IGA successWhether you're a CISO, identity architect, or security strategist, this episode delivers actionable guidance for navigating the evolving identity security landscape.

Build secure, compliant AI apps with code-based controls that dynamically respond to user context using Microsoft Purview for AI app developers. With built-in protections, prevent data leaks, block unsafe prompts, and avoid oversharing without rewriting your app. As a developer, focus on innovation while meeting evolving security and compliance requirements. And as a security admin, gain full visibility into AI data interactions, user activity, and policy enforcement across environments. Shilpa Ranganathan, Microsoft Purview Principal GPM, shares how new SDKs and Azure AI Foundry integrations bring enterprise-grade security to custom AI apps. ► QUICK LINKS:  00:00 - Microsoft Purview controls for developers 00:16 - AI app protected by Purview 02:23 - User context aware 03:08 - Prevent data oversharing 04:15 - Behind the app 05:17 - API interactions 06:50 - Data security admin AI app protection 07:26 - Monitor and Govern AI Interactions 08:30 - Wrap up ► Link References Check out https://aka.ms/MicrosoftPurviewSDK Microsoft Purview API Explorer at https://github.com/microsoft/purview-api-samples/ For the Microsoft Purview Chat App go to https://github.com/johnea-chva/purview-chat ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Guest: Arthur Goldstuck, CEO of World Wide Worx and Editor-in-Chief of Gadget.co.za On this week’s episode of What the Hack!, Arthur Goldstuck speaks to John Maytham after attending Amazon Web Services’ re:Inforce Cybersecurity Conference, where the biggest story is the growing arms race in the cloud - providers must keep systems open and accessible for users while locking them down against cybercriminals. For Gadget of the Week, Arthur highlights a powerful anti-poaching system developed by Cisco and the Connected Conservation Foundation, first tested in South Africa and now rolled out globally. While he’s back in SA for now, Arthur will be attending AutoSense USA 2025 virtually next week, where the spotlight will be on innovations in the in-cabin experience of connected vehicles. And in this week’s tech tip, he explains how to avoid over-prompting AI chat platforms like ChatGPT and Gemini - so your queries don’t go sideways. Good Morning Cape Town with Lester Kiewit is a podcast of the CapeTalk breakfast show. This programme is your authentic Cape Town wake-up call. Good Morning Cape Town with Lester Kiewit is informative, enlightening and accessible. The team’s ability to spot & share relevant and unusual stories make the programme inclusive and thought-provoking. Don’t miss the popular World View feature at 7:45am daily. Listen out for #LesterInYourLounge which is an outside broadcast – from the home of a listener in a different part of Cape Town - on the first Wednesday of every month. This show introduces you to interesting Capetonians as well as their favourite communities, habits, local personalities and neighbourhood news. Thank you for listening to a podcast from Good Morning Cape Town with Lester Kiewit. Listen live on Primedia+ weekdays between 06:00 and 09:00 (SA Time) to Good Morning CapeTalk with Lester Kiewit broadcast on CapeTalk https://buff.ly/NnFM3Nk For more from the show go to https://buff.ly/xGkqLbT or find all the catch-up podcasts here https://buff.ly/f9Eeb7i Subscribe to the CapeTalk Daily and Weekly Newsletters https://buff.ly/sbvVZD5 Follow us on social media CapeTalk on Facebook: https://www.facebook.com/CapeTalk CapeTalk on TikTok: https://www.tiktok.com/@capetalk CapeTalk on Instagram: https://www.instagram.com/ CapeTalk on X: https://x.com/CapeTalk CapeTalk on YouTube: https://www.youtube.com/@CapeTalk567 See omnystudio.com/listener for privacy information.

When you can't protect everything at once, how do you decide what matters most? This episode tackles the core challenge of security prioritization. Geet Pradhan, Senior Security Engineer at Lime joins the podcast to share his framework for building a SecOps plan when you're a small team. Learn why his team made AWS logs their number one priority , how to leverage compliance requirements to guide your strategy , and why he advises starting with a small list of 1-5 critical applications instead of 35. Tune in for a conversation about strategic security for the modern cloud environment.Guest Socials -⁠⁠ ⁠⁠Geet's Linkedin Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Cybersecurity PodcastQuestions asked:(00:00) Introduction(00:32) Meet Geet Pradhan: Senior Security Engineer at Lime(01:17) What is Detection & Response in 2025?(04:35) Defining the Cloud Detection & Response Pipeline(09:42) Why SIEM-Only Alerts Don't Work for Remote Teams(12:02) How to Choose Your First Log Sources(17:00) Building Security Culture: How to Not Be "The Police"(22:45) Where to Find Pre-Built Detection Rules & Alerts(28:38) On-Prem vs. Cloud: Why The Threat Model Is Different(36:53) Fun QuestionsResources spoken about during the interview:Geet's BSides SF TalkNate Lee - Power of Persuasion

Join Jim McDonald and Jeff Steadman on the Identity at the Center podcast as they welcome Lalit Choda, founder and CEO of the Non-Human Identity Management Group. Lalit, also known as "Mr. NHI," shares his journey from investment banking to becoming a leading expert in non-human identities. This episode delves into the critical and often overlooked world of NHI, exploring why it's such a hot topic now, the challenges practitioners face in managing these identities, and how to approach the problem from a risk-based perspective. Lalit discusses the limitations of traditional PAM and IGA tools for NHI, the importance of foundational controls, and the alarming implications of AI on non-human identity management. Plus, hear a fun segment about vinyl records and some surprising finds!Chapter Timestamps:00:00:00 - Introduction to Lalit Choda and the NHI Community00:02:31 - Welcome to the Identity at the Center Podcast & IdentiVerse Discussion00:06:18 - Lalit Choda's Identity Origin Story: From Mr. SOX to Mr. NHI00:12:03 - Why Non-Human Identities Are a Big Deal Right Now00:15:37 - Defining NHI and the Practitioner's Framework00:19:13 - The Scale and Challenges of NHI Management00:23:01 - New Types of NHI and Tooling Limitations00:27:12 - The Lack of a Single Source of Truth for NHI00:33:57 - Prioritizing NHI Management and the Role of PAM00:38:58 - A Risk-Based Approach to NHI and Foundational Controls00:48:15 - What Scares Lalit Most About NHI (and AI)00:50:54 - Lalit's Impressive Vinyl Collection00:56:38 - Jim and Jeff's First, Best, and Favorite Albums01:01:15 - The Intersection of Music and Non-Human Identities01:02:00 - Wrapping Up & Where to Find More InformationConnect with Lalit: https://www.linkedin.com/in/lalit-choda-5b924120/Non-Human Identity Management Group: https://www.nhimg.org/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comKeywords:Lalit Choda, Non-Human Identity, NHI, Machine Identity, Workload Identity, Identity Management, Cybersecurity, PAM, IGA, Privilege Access Management, Identity Governance and Administration, Secrets Management, Cloud Security, AI, Artificial Intelligence, DevSecOps, Risk-Based Approach, Identity Security, Service Accounts, Identity at the Center, IDAC, Jeff Steadman, Jim McDonald, IdentiVerse, Vinyl Collection, Podcast, Mr. NHI#idac #nonhumanidentity #machineidentity #cybersecurity #identityaccessmanagement #IAM #infosec #digitalidentity #workloadsecurity #devsecops #cloudsecurity #privilegedaccessmanagement #identitygovernance #zerotrust #nhi #mrnhi

Boost data security and automate prioritization for data alerts with Security Copilot-powered Alert Triage Agents for Microsoft Purview Data Loss Prevention and Insider Risk Management. Surface the highest-risk alerts across your environment, no matter their default severity, and take action. Customize how your agents reason, teach them what matters to your organization, and continuously refine to reduce time-to-resolution. Talhah Mir, Microsoft Purview Principal GPM, shows how to triage, investigate, and contain potential data risks before they escalate. ► QUICK LINKS:  00:00 - Agents in Microsoft Purview 00:58 - Alert Triage Agent for DLP 01:54 - Customize Agents 03:32 - View prioritized alerts 05:17 - Calibrate Agent Behavior with Feedback 06:38 - Track Agent Performance and Usage 07:34 - Wrap up ► Link References Check out https://aka.ms/PurviewTriageAgents ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

In deze diepgaande aflevering van Techzine Talks duiken Coen en Erik in de complexe wereld van sovereign cloud oplossingen. Ze ontleden hoe Microsoft, Google Cloud en AWS vergelijkbare beloftes doen over datasoevereiniteit en onderzoeken de cruciale vraag: kan Europa wel zonder deze Amerikaanse hyperscalers? De podcast biedt een kritische analyse van datacenters, encryptie-oplossingen, key-management, confidential computing, Europese partners en personeel, maar ook de praktische en financiële uitdagingen van een echt Europees cloud-alternatief.Aanleiding voor deze discussie was een Microsoft AI-event waar CEO Satya Nadella sprak over sovereign cloud, wat Coen inspireerde om dit maar eens te duiden in een Techzine Talks aflevering. Terwijl steeds meer Europese organisaties en overheden zorgen uiten over datasoevereiniteit, investeren Amerikaanse cloudgiganten miljarden in Europese datacenters en sovereign cloudoplossingen.Hoofdstukken:00:00 Introductie en aanleiding voor het onderwerp 02:15 Wat is sovereign cloud en waarom is het zo belangrijk geworden?04:20 De Amerikaanse Cloud Act en de implicaties voor Europese data07:30 Key-management en encryptie als beschermingslaag 10:15 Confidential computing uitgelegd 12:40 Disconnected en air-gapped oplossingen voor kritieke omgevingen15:30 Microsoft 365 Local en de beperkingen met Copilot 18:45 De AI-paradox: innovatie versus soevereiniteit 19:20 Transparantie en groeiende Europese zorgen (ICC-case) 23:45 Waarom een volledig Europees alternatief praktisch onhaalbaar is28:15 De enorme investeringen van hyperscalers in Europa 31:50 Is het realistisch om zonder Amerikaanse cloudtechnologie te opereren? 34:00 Conclusie en praktisch toekomstperspectiefDe podcast belicht hoe sovereign cloud oplossingen worden aangeboden door de grote Amerikaanse cloudproviders, maar legt ook bloot waarom een volledig Europees alternatief praktisch en financieel onhaalbaar lijkt. Coen en Erik bespreken de mogelijkheden van key management door Europese partijen, air-gapped oplossingen, en hoe organisaties toch veilig gebruik kunnen maken van Amerikaanse cloudtechnologie zonder hun soevereiniteit volledig op te geven.Een must-listen voor IT-beslissers, beleidsmakers en iedereen die betrokken is bij strategische cloudkeuzes in een steeds complexer geopolitiek landschap.#SovereignCloud #CloudComputing #Microsoft #AWS #GoogleCloud #DataSoevereiniteit #GDPR #CloudAct #Encryptie #AirGapped #TechzineTalks #Cybersecurity #CloudSecurity #EuropeseCloud #Hyperscalers #ConfidentialComputing #ITInfrastructuur #DataPrivacy #TechPodcast #Datacenter #CloudStrategy #DigitaleSoevereiniteit #Microsoft365Local #Copilot #GeneratieveAI #CloudRegulering #GAIA-X #EUCloudInitiative #DataResidentie #KeyManagementAbonneer je op Techzine Talks via Apple Podcasts, Spotify, YouTube of je favoriete podcast-app voor meer diepgaande analyses van enterprise technologie en blijf op de hoogte van de nieuwste ontwikkelingen in de IT-wereld.Bezoek www.techzine.nl voor meer artikelen, analyses en achtergronden over dit en andere enterprise IT-onderwerpen.

In this episode, Ashish Rajan talks with Harry Wetherald, Co-Founder & CEO of Maze, about the reality of modern vulnerability management. They explore why current tools like CNAPPs can generate up to 90% false positives and how AI agents can provide a real solution by thinking like a security engineer to identify genuine, exploitable threats. Learn about the challenges of building your own AI solutions and how this new approach can eliminate noise and build trust between security and engineering teamGuest Socials -⁠ ⁠Harry's Linkedin Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Cybersecurity PodcastQuestions asked:(00:00) Introduction(02:27) Who is Harry Wetherald?(04:45) The "Wall of Red": Why Security Tools Create 90% False Positives(06:21) The Mission: Solving Vulnerability Overload with AI(10:11) How an AI Agent Investigates a Vulnerability(16:09) The Hard Reality of Building Your Own AI Solution(18:14) Building for a Future of Evolving AI Models(20:00) What is the Role of an MCP (AI Copilot)?(27:31) Building AI Agents for Cloud Security(31:25) "Think Like a Hacker": Asking AI to Red Team Your Cloud(33:04) How AI Will Shape Security Programs in 2025 & Beyond(36:20) Fun Questions with HarryThank you Maze for sponsoring this episode.

Send us a textIn this episode of Relating to DevSecOps, Ken and Mike discuss the challenges faced by CISOs in today's security landscape, particularly the struggle to balance immediate security needs with long-term preventative strategies. They explore the disconnect between security leadership and practitioners, the urgency of addressing security issues, and the importance of understanding the root causes of vulnerabilities. The conversation emphasizes the need for CISOs to engage more deeply with their teams and to focus on effective, context-driven security solutions rather than simply reacting to the latest threats.

Strengthen your security posture in Microsoft Entra by following prioritized Secure Score recommendations. Enforce MFA, block legacy authentication, and apply risk-based Conditional Access policies to reduce exposure from stale accounts and weak authentication methods. Use built-in tools for user, group, and device administration to detect and clean up identity sprawl—like unused credentials, inactive accounts, and expired apps—before they become vulnerabilities. Jeremy Chapman, Microsoft 365 Director, shares steps to clean up your directory, strengthen authentication, and improve overall identity security. ► QUICK LINKS:  00:00 - Microsoft Entra optimization 00:54 - New Recommendations tab 02:11 - Enforce multifactor authentication 03:21 - Block legacy authentication protocols 03:58 - Apply risk-based Conditional Access 04:44 - Identity sprawl 05:46 - Fix account sprawl 08:06 - Microsoft 365 group sprawl 09:36 - Devices 10:33 - Wrap up ► Link References Watch part one of our Microsoft Entra Beginner's Tutorial series at https://aka.ms/EntraBeginnerMechanics Check out https://aka.ms/MicrosoftEntraRecommendations ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics  

For years, security has been treated as a necessary evil - a budget line item that CFOs approve without truly understanding its business impact. But what if cloud security could be a revenue driver, an efficiency enabler, and a cost-saving powerhouse? In this episode, Dani Woolf sat down with Chris Thomas, Chief Revenue Officer at AlgoSec, to break down how CFOs should really evaluate cloud security investments, not just as a defensive measure, but as a business accelerator. They dove into the cost of inaction, the inefficiencies draining budgets, and the financial case for security automation - all from a CFO's perspective. If you're still treating security as an overhead cost, this conversation will change the way you think about it. To get a demo of AlgoSec, visit: https://www.algosec.com/lp/request-a-demo

Dive deep into the world of cloud security with Rocky Giglio and special guest Sean Atkinson, CISO at the Center for Internet Security (CIS), on this episode of Cloud and Clear! We examine the crucial role of CIS benchmarks and hardened images in establishing a robust and secure cloud infrastructure. In this insightful discussion, Sean breaks down: ✅ What CIS is and its mission to create a safer connected world. ✅ The evolution of CIS Controls from 20 to 18 for greater efficiency. ✅ Understanding CIS Benchmarks and how they standardize security configurations. ✅ The power of Hardened Images: Start secure from day zero in your cloud environment. ✅ Shifting security left and proactively integrating security into design. ✅ How CIS simplifies compliance with NIST, PCI, HIPAA, and other frameworks. ✅ The importance of community and partnership in cybersecurity. Whether you're a security professional, cloud engineer, or anyone concerned about keeping data safe in the cloud, this episode is packed with valuable knowledge. Learn how to leverage CIS resources to strengthen your security posture and simplify compliance. Tune in to discover how CIS is making cloud security more accessible and effective! Don't forget to subscribe to Cloud and Clear for more expert insights on cloud transformation. #CloudSecurity #CIS #Cybersecurity #CloudComputing #HardenedImages #SecurityBenchmarks #CloudAndClear #GoogleCloud #Compliance #NIST #PCI #HIPAA #CISO #TechPodcast Join us for more content by liking, sharing, and subscribing!

Advancing Exposure ManagementHear from Jorge Orchilles, Senior Director at Verizon, on the shift from traditional vulnerability management to modern exposure management and the critical role proactive security plays in staying ahead of threats.+ + +Find more episodes on YouTube or wherever you listen to podcasts, as well as at netspi.com/agentofinfluence.

Aviatrix is a cloud network security company that helps you secure connectivity to and among public and private clouds. On today’s Packet Protector, sponsored by Aviatrix, we get details on how Aviatrix works, and dive into a new feature called the Secure Network Supervisor Agent. This tool uses AI to help you monitor and troubleshoot... Read more »

Aviatrix is a cloud network security company that helps you secure connectivity to and among public and private clouds. On today’s Packet Protector, sponsored by Aviatrix, we get details on how Aviatrix works, and dive into a new feature called the Secure Network Supervisor Agent. This tool uses AI to help you monitor and troubleshoot... Read more »

Access management expert Azure IAM is ready to help migrate your cybersecurity operations to a network based on Azure and protected by Okta. To learn how to effectively manage your cloud storage operations, visit https://azureiam.com/ Azure IAM, LLC City: Sterling Address: P. O. Box 650685 Website: https://azureiam.com

Is your browser secure in the age of SaaS? Join SADA's Rocky Giglio and Google's Aaron Hix as they explore the power of Chrome Enterprise Premium on Cloud & Clear! Hear firsthand how Chrome Enterprise Premium has transformed real businesses, and discover how you can simplify IT management and enhance security across your organization. Tune in to find out how Chrome Enterprise Premium can transform your security strategy!  Join us for more content by liking, sharing, and subscribing!

In this episode of the CDW Canada Tech Talks podcast, host KJ Burke discusses the findings of the 2025 CDW Canada Cybersecurity Study with cybersecurity experts Ivo Wiens and Ben Boi-Doku. They explore the evolving landscape of cybersecurity threats, the importance of continuous security testing and the challenges faced by small and medium businesses. The conversation also delves into the role of AI in cybersecurity, the significance of data classification and the practical implementation of zero trust principles. The experts share insights on cloud security challenges, the necessity of tabletop exercises for preparedness and the future trends in cybersecurity as organizations move into 2025.To learn more, visit cdw.ca

The world of cloud security is evolving at breakneck speed. Are traditional tools and strategies enough to combat the sophisticated threats of tomorrow? In this episode, we're joined by Elad Koren, Vice President of Product Management from Palo Alto Networks, to explore the dynamic journey of cloud security.Elad shares his insights on how the landscape has shifted, moving beyond the era of CSPM and CNAPP as standalone solutions. We delve into why a cloud-aware Security Operations Center (SOC) is no longer a luxury but a necessity, and what "runtime security" truly means in today's complex, multi-cloud environments.The conversation also tackles the double-edged sword of Artificial Intelligence, how it's empowering both attackers with new capabilities and defenders with advanced tools. Elad discusses the critical considerations for organizations undergoing digital transformation, the importance of AI governance, and provides actionable advice for companies at all stages of their cloud adoption journey, from securing code from day one to building holistic visibility across their entire infrastructure.Guest Socials - Elad's Linkedin Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Cybersecurity PodcastQuestions asked:(00:00) Introduction(01:38) How has Cloud Security Evolved?(04:21) Why CNAPP is not enough anymore?(07:13) What is runtime security?(07:54) Impact of AI on Cloud Security(11:41) What to include in your cybersecurity program in 2025?(16:47) The Fun SectionThank you to this episode's sponsor - PaloAlto Networks Resources discussed during the episode:PaloAlto Networks RSAC Announcement 1PaloAlto Networks RSAC Announcement 2

Send us a textWhen most people think about cybersecurity careers, they envision ethical hackers or security analysts huddled behind screens of scrolling code. But as our guest Brian Eidelman, VP of Cloud Engineering at Oracle, reveals, the reality is far more diverse and fascinating.Security careers exist in what Brian describes as a three-dimensional landscape. Across one axis, you have different job functions ranging from compliance specialization and policy development to threat research, forensics, and security tool development. Along another dimension are organizational environments—government, financial services, healthcare, technology companies—each with unique security challenges. The third dimension encompasses technical specializations like network security, encryption, identity management, and increasingly, cloud security.Identity management emerges as a critical focal point in our discussion. Having been one of the original developers of SiteMinder (a single sign-on solution), Brian traces how identity has evolved from simple password systems to today's sophisticated multi-factor authentication and passwordless approaches. In cloud environments where traditional network boundaries have dissolved, "identity is your new perimeter." This shift has created entirely new disciplines around non-human identities—managing how applications, workloads, and services authenticate to one another.The podcast explores how cloud security differs from traditional approaches, requiring guardrails that maintain security without sacrificing the agility that makes cloud computing valuable. We dig into how the democratization of resources has created new security challenges as developers gain direct access to infrastructure that would have been tightly controlled in on-premises environments.For those looking to break into the field, Brian offers surprisingly practical advice: unlike networking, where certifications often serve as career milestones, security values demonstrable skills and domain knowledge more highly. His recommendation? When security issues arise in your current technical role, run toward them rather than away. Volunteering for security-related projects and demonstrating curiosity can open doors more effectively than certificates alone.Ready to explore the multidimensional world of cloud security careers? Listen now and discover where you might fit in this dynamic and essential field.Connect with Brian:https://www.linkedin.com/in/brian-eidelman-9b29181/Purchase Chris and Tim's new book on AWS Cloud Networking: https://www.amazon.com/Certified-Advanced-Networking-Certification-certification/dp/1835080839/ Check out the Fortnightly Cloud Networking Newshttps://docs.google.com/document/d/1fkBWCGwXDUX9OfZ9_MvSVup8tJJzJeqrauaE6VPT2b0/Visit our website and subscribe: https://www.cables2clouds.com/Follow us on BlueSky: https://bsky.app/profile/cables2clouds.comFollow us on YouTube: https://www.youtube.com/@cables2clouds/Follow us on TikTok: https://www.tiktok.com/@cables2cloudsMerch Store: https://store.cables2clouds.com/Join the Discord Study group: https://artofneteng.com/iaatj

The FedRAMP program at the General Services Administration has enabled agencies to safely use commercial cloud computing for more than a decade. Last month the GSA launched an update called FedRAMP 20-X. It's designed to make it easier and faster for vendors to get the authorization they need to take on federal customers. For how it looks to industry, we turn to the founder and CEO of RegScale, Travis Howerton.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

In this 30-minute episode, Jon and Lewis delve into the root causes of Europe's recent Spain, France and Portugal blackouts, scrutinising grid-failure reports and probing whether a sophisticated cyber-attack might have been to blame. They then analyse Meta's newly unveiled AI alongside the arrival of Qwen 3 and Google's AgentSpace update, and how Jon progressed with integrating it into Google Drive to streamline internal teams.Next, they unpack NASA's groundbreaking study showing how three massive dams have redistributed Earth's water mass, subtly altering the planet's shape and extending our days. Hosts: https://www.linkedin.com/in/jonathanshanks/https://www.linkedin.com/in/lewismarshall/

In this On Location Brand Story episode, Sean Martin speaks with Hugh Njemanze, Founder and CEO of Anomali, who has been at the center of cybersecurity operations since the early days of SIEM. Known for his prior work at ArcSight and now leading Anomali, Hugh shares what's driving a dramatic shift in how security teams access, analyze, and act on data.Anomali's latest offering—a native cloud-based next-generation SIEM—goes beyond traditional detection. It combines high-performance threat intelligence with agentic AI to deliver answers and take action in ways that legacy platforms simply cannot. Rather than querying data manually or relying on slow pipelines, the system dynamically spins up thousands of cloud resources to answer complex security questions in seconds.Agentic AI Meets Threat IntelligenceHugh walks through how agentic AI, purpose-built for security, breaks new ground. Unlike general-purpose models, Anomali's AI operates within a secure, bounded dataset tailored to the customer's environment. It can ingest a hundred-page threat briefing, extract references to actors and tactics, map those to the MITRE ATT&CK framework, and assess the organization's specific exposure—all in moments. Then it goes a step further: evaluating past events, checking defenses, and recommending mitigations. This isn't just contextual awareness—it's operational intelligence at speed and scale.Making Security More Human-CentricOne clear theme emerges: the democratization of security tools. With Anomali's design, teams no longer need to rely on a few highly trained specialists. Broader teams can engage directly with the platform, reducing burnout and turnover, and increasing organizational resilience. Managers and security leaders now shift focus to prioritization, strategic decision-making, and meaningful business conversations—like aligning defenses to M&A activity or reporting to the board with clarity on risk.Real-World Results and Risk InsightsCustomers are already seeing measurable benefits: an 88% reduction in incidents and an increase in team-wide tool adoption. Anomali's system doesn't just detect—it correlates attack surface data with threat activity to highlight what's both vulnerable and actively targeted. This enables targeted response, cost-effective scaling, and better use of resources.Learn more about Anomali: https://itspm.ag/anomali-bdz393Note: This story contains promotional content. Learn more.Guest: Hugh Njemanze, Founder and President at Anomali | https://www.linkedin.com/in/hugh-njemanze-603721/ResourcesLearn more and catch more stories from Anomali: https://www.itspmagazine.com/directory/anomaliLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, hugh njemanze, siem, cybersecurity, ai, threat intelligence, agentic ai, risk management, soc, cloud security, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

Stay in control with Microsoft Defender. You can identify which AI apps and cloud services are in use across your environment, evaluate their risk levels, and allow or block them as needed—all from one place. Whether it's a sanctioned tool or a shadow AI app, you're equipped to set the right policies and respond fast to emerging threats. Defender XDR gives you the visibility to track complex attack paths—linking signals across endpoints, identities, and cloud apps. Investigate real-time alerts, protect sensitive data from misuse in AI tools like Copilot, and enforce controls even for in-house developed apps using system prompts and Azure AI Foundry. Rob Lefferts, Microsoft Security CVP, joins Jeremy Chapman to share how you can safeguard your AI-powered environment with a unified security approach. ► QUICK LINKS: 00:00 - Stay in control with Microsoft Defender 00:39 - Identify and protect AI apps 02:04 - View cloud apps and website in use 04:14 - Allow or block cloud apps 07:14 - Address security risks of internally developed apps 08:44 - Example in-house developed app 09:40 - System prompt 10:39 - Controls in Azure AI Foundry 12:28 - Defender XDR 14:19 - Wrap up ► Link References Get started at https://aka.ms/ProtectAIapps ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics   

In this fact-busting 30-minute episode, Jon and Lewis explore Google's AI AgentSpace technology and how it could let business teams run complete workflows without ever leaving the agent environment. They then test the marketing claims behind Openai's latest model features, before dissecting Oracle's cloud data breach. Finally, they map out the potential impact of the proposed Clean Cloud Act on the energy footprint. Hosts:https://www.linkedin.com/in/jonathanshanks/https://www.linkedin.com/in/lewismarshall/

Send us a text In this episode, Joe sits down with John Carse, Field CISO at SquareX, to dive into the often-overlooked world of browser security and the evolving landscape of cybersecurity. Recorded despite a 12-hour time difference (Singapore to the US!), John shares:The Browser Security Gap: Why 85% of user time in browsers is a growing risk for SaaS and cloud environments .SquareX's Solution: How SquareX acts as an EDR for browsers, detecting and responding to threats like polymorphic extensions .Career Journey: From early IT days to field CISO, John reveals how foundational IT skills (help desk, field services) make better cyber professionals .Real-World Insights: Lessons from working with the US Navy and the importance of understanding IT systems for effective cybersecurity . Check Your Browser Security: Visit SquareX Browser Security to assess your controls. Learn More About SquareX: Explore their solution at sqrx.com. Connect with John: Find him on X @JohnCarseChapters00:00 Introduction and Time Zone Challenges02:54 John Carse's Journey into IT06:05 Transitioning to Cybersecurity08:46 The Importance of Customer Service in IT11:36 Formative Experiences in Help Desk and Field Services14:35 Understanding IT Systems for Cybersecurity23:51 The Interplay Between IT Skills and Cybersecurity24:41 The Role of Security Engineers in IT28:43 Understanding the Complexity of Cybersecurity29:33 Exploring the Field CISO Role32:55 The Browser as a Security Frontier42:07 Challenges in SaaS Security46:20 The Importance of Browser Security AwarenessSubscribe for more cybersecurity insights and career tips! Share your thoughts in the comments—how are you securing your browser? Digital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods.Listen on: Apple Podcasts SpotifySupport the showFollow the Podcast on Social Media! Tesla Referral Code: https://ts.la/joseph675128 YouTube: https://www.youtube.com/@securityunfilteredpodcast Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcast

Guests: No guests [Tim in Vegas and Anton remote] Topics: So, another Next is done. Beyond the usual Vegas chaos, what was the overarching security theme or vibe you [Tim] felt dominated the conference this year? Thinking back to Next '24, what felt genuinely different this year versus just the next iteration of last year's trends? Last year, we pondered the 'Cloud Island' vs. 'Cloud Peninsula'. Based on Next 2025, is cloud security becoming more integrated with general cyber security, or is it still its own distinct domain? What wider trends did you observe, perhaps from the expo floor buzz or partner announcements, that security folks should be aware of? What was the biggest surprise for you at Next 2025? Something you absolutely didn't see coming? Putting on your prediction hats (however reluctantly): based on Next 2025, what do you foresee as the major cloud security focus or challenge for the industry in the next 12 months? If a busy podcast listener listening could only take one key message or action item away from everything announced and discussed at Next 2025, what should it be? Resources: EP169 Google Cloud Next 2024 Recap: Is Cloud an Island, So Much AI, Bots in SecOps  

Guests: Michael Cote, Cloud VRP Lead, Google Cloud Aadarsh Karumathil, Security Engineer, Google Cloud Topics: Vulnerability response at cloud-scale sounds very hard! How do you triage vulnerability reports and make sure we're addressing the right ones in the underlying cloud infrastructure? How do you determine how much to pay for each vulnerability? What is the largest reward we paid? What was it for? What products get the most submissions? Is this driven by the actual product security or by trends and fashions like AI? What are the most likely rejection reasons?  What makes for a very good - and exceptional? - vulnerability report? We hear we pay more for “exceptional” reports, what does it mean? In college Tim had a roommate who would take us out drinking on his Google web app vulnerability rewards. Do we have something similar for people reporting vulnerabilities in our cloud infrastructure? Are people making real money off this?  How do we actually uniquely identify vulnerabilities in the cloud? CVE does not work well, right? What are the expected risk reduction benefits from Cloud VRP? Resources: Cloud VRP site Cloud VPR launch blog CVR: The Mines of Kakadûm

Protect your organization's data with Microsoft Purview. Gain complete visibility into potential data leaks, from AI applications to unmanaged cloud services, and take immediate action to prevent unwanted data sharing. Microsoft Purview unifies data security controls across Microsoft 365 apps, the Edge browser, Windows and macOS endpoints, and even network communications over HTTPS —all in one place. Take control of your data security with automated risk insights, real-time policy enforcement, and seamless management across apps and devices. Strengthen compliance, block unauthorized transfers, and streamline policy creation to stay ahead of evolving threats. Roberto Yglesias, Microsoft Purview Principal GPM, goes beyond Data Loss Prevention (DLP) and shows how to ensure your data stays protected no matter where it goes. ► QUICK LINKS: 00:00 - Data Loss Prevention in Microsoft Purview 01:33 - Assess DLP Policies with DSPM 03:10 - DLP across apps and endpoints 04:13 - Unmanaged cloud apps in Edge browser 04:39 - Block file transfers across endpoints 05:27 - Network capabilities 06:41 - Updates for policy creation 08:58 - New options 09:36 - Wrap up ► Link References Get started at https://aka.ms/PurviewDLPUpdates ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics 

On this special episode Dr. Nick recorded live at HIMSS25 with 2 guests. Bevey Miner, EVP Healthcare Strategy and Policy at Consensus Cloud Solutions and Neal Quinn, Head of Cloud Security, North America at Radware. To stream our Station live 24/7 visit www.HealthcareNOWRadio.com or ask your Smart Device to “….Play Healthcare NOW Radio”. Find all of our network podcasts on your favorite podcast platforms and be sure to subscribe and like us. Learn more at www.healthcarenowradio.com/listen

Multi-cloud security isn't just a technology challenge—it's an organizational mindset problem. Security teams are juggling AWS, Azure, and GCP, each with different security models, policies, and rules. The result? Silos, misconfigurations, and security gaps big enough to drive an exploit through. In this episode, I sat down with Gal Yosef from AlgoSec to break down: Why multi-cloud security is so complex (and what security teams are getting wrong) How to bridge the gap between network security and cloud security teams How large enterprises manage cloud security policy enforcement across business units The shift from one-size-fits-all security policies to flexible, risk-based guardrails Why automation and visibility are critical for securing multi-cloud environments If you want to secure application connectivity across your hybrid environment, visit algosec.com.

Set up and access your Cloud PCs from anywhere with a full Windows experience on any device using Windows 365. Whether you're working from a browser, the Windows app, or Windows 365 Link, your desktop, apps, and settings are always available—just like a traditional PC. As an admin, you can quickly provision and manage Cloud PCs for multiple users with Microsoft Intune. Scott Manchester, Windows Cloud Vice President, shows how easy it is to set up secure, scalable environments, ensure business continuity with built-in restore, and optimize performance with AI-powered insights. ► QUICK LINKS: 00:00 - Windows 365 Cloud PC 00:51 - Benefits to Cloud PCs 02:32 - How to set it up 04:58 - Provisioning process 06:16 - Options to connect to Cloud PC 07:40 - Restore Cloud PC 08:52 - Backups for PC forensics 09:44 - Failover options 11:36 - Change Cloud PC specs 12:51 - Connect from personal devices 14:28 - Wrap up ► Link References Check out https://aka.ms/W365Docs ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics  

In this Cloud and Clear episode, explore Equifax's approach to building a secure cloud-native infrastructure with Google Cloud. JK Krug, VP of Digital Employee Experience at Equifax, shares how Equifax is leveraging Gemini AI to enhance collaboration and productivity while maintaining top-tier security. Hosted by John Veltri, Managing Director, Acquisition Sales at SADA, this episode offers valuable lessons for any organization considering AI solutions. Join us for more content by liking, sharing, and subscribing!

BONUS: AI and Cybersecurity - An Introduction to The Hidden Threats in Our Connected World with Dr. Eric Cole In this BONUS episode, we explore the evolving landscape of cybersecurity in the age of artificial intelligence. Dr. Eric Cole, a renowned cybersecurity expert and author of Cyber Crisis: Protecting Your Business from Real Threats in the Virtual World, shares critical insights about how AI is transforming security strategies. From the privacy concerns of our always-connected devices to practical tips for protecting your business and personal information, this conversation offers essential knowledge for navigating our increasingly digital world. The Double-Edged Sword of AI in Cybersecurity "We are giving away our IP, our data, and our privacy. The data set is what gives value to AI." The rise of artificial intelligence presents both opportunities and serious risks in the cybersecurity landscape. Dr. Cole emphasizes that while many focus solely on AI's benefits, we often overlook the fact that we're surrendering vast amounts of our sensitive information, intellectual property, and private data to AI providers. This data becomes the foundation of AI's value and capabilities, creating a significant privacy concern that many organizations fail to properly address. As we embrace these new technologies, we must carefully consider what information we're willing to share and what safeguards should be in place. Modern Attack Vectors: The Human Element "Attacks today are mostly social engineering. We end up having to retrain people to not trust their email." Today's cybersecurity threats have evolved beyond traditional technical exploits to focus primarily on social engineering—manipulating people into compromising their own security. Dr. Cole explains that modern attackers increasingly target the human element, requiring organizations to fundamentally retrain employees to approach communications with healthy skepticism. Particularly concerning are mobile threats, as our phones constantly record audio and other personal data. Dr. Cole warns that "free" apps often come with a hidden price: your privacy and security. Understanding these attack vectors is essential for developing effective defense strategies in both personal and professional contexts. Cybersecurity as a Business Enabler "Security is not a barrier, not an obstacle. Cybersecurity is a business enabler." Dr. Cole challenges the common perception that security measures primarily restrict functionality and impede business operations. Instead, he reframes cybersecurity as a critical business enabler that should be integrated into strategic decision-making. Organizations need to make deliberate decisions about the tradeoffs between security and functionality, understanding that proper security measures protect business continuity and reputation. Dr. Cole particularly warns about supply chain attacks, which have become increasingly prevalent, and emphasizes that awareness is the foundation of any effective protection strategy. He recommends centralizing data for easier security management and advises that client devices should minimize storing sensitive data. Mobile Phones: The Ultimate Tracking Device "You don't go anywhere without your cell phone. Your cell phone is never more than a foot from you it's with you wherever you go... which means if somebody wants to track and monitor you they can." We often worry about theoretical tracking technologies while overlooking the sophisticated tracking device we voluntarily carry everywhere—our mobile phones. Dr. Cole points out the irony that people who would never accept being "chipped" for tracking purposes willingly keep their phones within arm's reach at all times. These devices record our locations, conversations, messages, and activities, creating a comprehensive digital trail of our lives. With access to someone's phone, anyone can trace their movements for months and access an alarming amount of personal information. This risk is compounded when we back up this data to cloud services, effectively giving third parties access to our most sensitive information. Understanding these vulnerabilities is the first step toward more mindful mobile security practices. Business Opportunities in the Security Space "We have too much information, too much data. How can we use that data effectively?" The cybersecurity landscape presents significant business opportunities, particularly in making sense of the overwhelming amount of security data organizations collect. Dr. Cole identifies data correlation and effective data utilization as key investment areas. Modern security systems generate vast quantities of logs and alerts, but transforming this raw information into actionable intelligence remains a challenge. Companies that can develop solutions to effectively analyze, correlate, and extract meaningful insights from security data will find substantial opportunities in the market, helping organizations strengthen their security posture while managing the complexity of modern threats. Essential Training for Security-Conscious Developers "Go for secure coding courses. This helps us understand how software can be exploited." For software developers looking to build more secure applications, Dr. Cole recommends focusing on penetration testing skills and secure coding practices. Understanding how software can be exploited from an attacker's perspective provides invaluable insights for designing more robust systems. By learning the methodologies and techniques used by malicious actors, developers can anticipate potential vulnerabilities and incorporate appropriate safeguards from the beginning of the development process. This proactive approach to security helps create applications that are inherently more resistant to attacks rather than requiring extensive security patches and updates after deployment. About Dr. Eric Cole Dr. Eric Cole is the author of "Cyber Crisis, Protecting Your Business from Real Threats in the Virtual World." He is a renowned cybersecurity expert with over 20 years of experience helping organizations identify vulnerabilities and build robust defense solutions against advanced threats. He has trained over 65,000 professionals worldwide through his best-selling cybersecurity courses and is dedicated to making cyberspace a safe place for all. You can link with Dr. Eric Cole on LinkedIn, or visit his company's website Secure-Anchor.com. 

The cloud security landscape may have just shifted — and we're here to break it down.In this special panel episode, host Ashish Rajan is joined by an all-star group of cloud and cybersecurity experts to discuss one of the most important conversations in cloud security today: the changing nature of security architecture, SOC readiness, and how teams must evolve in a multi-cloud world.Guests include:Chris Hughes – CEO at Acqui & host of Resilient CyberJames Berthoty – Cloud and AppSec engineer, known for sharp vendor analysis and engineering-first content and Latio TechMike Privette – Founder of Return on Security, expert in cybersecurity economicsFrancis Odum – Founder of Software Analyst Cyber ResearchWe Cover:Why cloud security is now beyond CSPM and CNAPPThe impact of major market moves on enterprise cloud strategyWhat vendor lock-in really means in a multi-cloud eraHow runtime and real-time security are taking center stageThe rise of AI-SPM and AI-powered SOCsWhat CISOs and practitioners should actually be doing nowGuest Socials: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠David's Linkedin⁠Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Cybersecurity PodcastQuestions asked:(00:00) Introduction(02:05) A bit about our panelists(04:24) Current Cloud Security Landscape(09:36) Challenges with Multi-Cloud Security(18:06) Runtime Security for Cloud(23:34) Can SOC deal with CNAPP Alerts(26:23) CISO planning their cybersecurity program(32:38) Regulatory requirements in public sector(36:27) Success Metrics for Modern Cloud Security Program

Take a Network Break! This week we cover Google’s $32 billion acquisition of CNAPP provider Wiz, Cloudflare offerings for AI security and support for post-quantum encryption, and NVIDIA’s pledge to open a quantum research center in Boston. NVIDIA has also announced new switch platforms with co-packaged optics for greater efficiency, Cisco shares details on its... Read more »

Take a Network Break! This week we cover Google’s $32 billion acquisition of CNAPP provider Wiz, Cloudflare offerings for AI security and support for post-quantum encryption, and NVIDIA’s pledge to open a quantum research center in Boston. NVIDIA has also announced new switch platforms with co-packaged optics for greater efficiency, Cisco shares details on its... Read more »

Take a Network Break! This week we cover Google’s $32 billion acquisition of CNAPP provider Wiz, Cloudflare offerings for AI security and support for post-quantum encryption, and NVIDIA’s pledge to open a quantum research center in Boston. NVIDIA has also announced new switch platforms with co-packaged optics for greater efficiency, Cisco shares details on its... Read more »

Send us a textIn this episode of Relating to DevSecOps, Ken Toler and Mike McCabe dive deep into Google's blockbuster acquisition of Wiz.io for a reported $32 billion. They explore the implications for cloud security, the consolidation of the DevSecOps tooling landscape, and how this move compares to Google's previous acquisitions like Mandiant and Chronicle. The duo debates the future of multi-cloud strategies, platform fatigue, and whether Wiz will remain the darling of the security community—or get lost in the labyrinth of Google Cloud products. With sharp insights and a dash of hot takes, they paint a picture of a cloud security ecosystem at a pivotal turning point

In this episode, we sit with security leader and venture investor Sergej Epp to discuss the Cloud-native Security Landscape. Sergej currently serves as the Global CISO and Executive at Cloud Security leader Sysdig and is a Venture Partner at Picus Capital. We will dive into some insights from Sysdig's recent "2025 Cloud-native Security and Usage Report."Big shout out to our episode sponsor, Yubico!Passwords aren't enough. Cyber threats are evolving, and attackers bypass weak authentication every day. YubiKeys provides phishing-resistant security for individuals and businesses—fast, frictionless, and passwordless.Upgrade your security:https://yubico.comSergj and I dove into a lot of great topics related to Cloud-native Security, including:Some of the key trends in the latest Sysdig 2025 Cloud-native Security Report and trends that have stayed consistent YoY. Sergj points out that while attackers have stayed consistent, organizations have and continue to make improvements to their securitySergj elaborated on his current role as Sysdig's internal CISO and his prior role as a field CISO and the differences between the two roles in terms of how you interact with your organization, customers, and the community.We unpacked the need for automated Incident Response, touching on how modern cloud-native attacks can happen in as little as 10 minutes and how organizations can and do struggle without sufficient visibility and the ability to automate their incident response.The report points out that machine identities, or Non-Human Identities (NHI), are 7.5 times riskier than human identities and that there are 40,000 times more of them to manage. This is a massive problem and gap for the industry, and Sergj and I walked through why this is a challenge and its potential risks.Vulnerability prioritization continues to be crucial, with the latest Sysdig report showing that just 6% of vulnerabilities are “in-use”, or reachable. Still, container bloat has ballooned, quintupling in the last year alone. This presents real problems as organizations continue to expand their attack surface with expanded open-source usage but struggle to determine what vulnerabilities truly present risks and need to be addressed.We covered the challenges with compliance, as organizations wrestle with multiple disparate compliance frameworks, and how compliance can drive better security but also can have inverse impacts when written poorly or not keeping pace with technologies and threats.We rounded out the conversation with discussing AI/ML packages and the fact they have grown by 500% when it comes to usage, but organizations have decreased public exposure of AI/ML workloads by 38% since the year prior, showing some improvements are being made to safeguarding AI workloads from risks as well.

In this episode of Sync Up, hosts Stephen Rice and Arvind Mishra sit down with David Johnson, one of Microsoft IT's key architects, to uncover how the company manages OneDrive and SharePoint at scale. From security and automation to self-service with guardrails, they explore the strategies that keep Microsoft's data secure while enabling seamless collaboration!   Click here for full transcript of this episode   Stephen Rice | LinkedIn | co-host Arvind Mishra | LinkedIn | co-host David Johnson| LinkedIn | guest OneDrive | Twitter | Blog | Newsletter Microsoft Inside Track: aka.ms/insidetrack Microsoft OneDrive Blog home page: Microsoft OneDrive Blog - Microsoft Community Hub OneDrive Office Hours Sign Up: https://techcommunity.microsoft.com/t5/microsoft-onedrive-blog/introducing-onedrive-customer-office-hours/ba-p/3741494 Microsoft Podcasts – Stay connected, informed, and entertained with original podcasts from Microsoft Microsoft Adoption Podcast + Video page: Podcasts & Shows – Microsoft Adoption Microsoft 365 Community Learning: Microsoft Community Learning - YouTube

Tom ordered the newly announced Core Devices wearable running PebbleOS, and Dr. Niki discusses Colossal's pathway to resurrecting the mammoth.Starring Jason Howell and Tom Merritt.Links for the stories covered in this episode can be found here.

Sysdig's 2025 Cloud-Native and Security Usage Report is hot off the presses, and Corey has questions. On this episode, he's joined by Crystal Morin, a Cybersecurity Strategist at Sysdig, to break down the trends of the past year. They discuss Sysdig's approach to detecting and responding to security and the success the company has seen with the rollout of Sysdig Sage (an AI product that Corey thinks is actually useful). They also chat about what's driving a spike in machine identities, practical hygiene in cloud environments, and the crucial importance of automated responses to maintain robust security in the face of increasingly sophisticated cyber threats.Show Highlights(0:00) Intro(0:39) Sysdig sponsor read(2:22) Explaining Sysdig's 5/5/5 Benchmark(4:06) What does Sysdig's work entail?(10:03) Cloud security trends that have changed over the last year(14:30) Sysdig sponsor read(15:16) How Sysdig is using AI in its security products(19:09) How many users are adopting AI tools like Sysdig Sage(25:51) The reality behind the recent spike of machine identities in security(29:24) Handling the scaling of machine identities(35:37) Where you can find Sysdig's 2025 Cloud-Native and Security Usage ReportAbout Crystal MorinCrystal Morin is a Cybersecurity Strategist with more than 10 years of experience in threat analysis and research. Crystal started her career as both a Cryptologic Language Analyst and Intelligence Analyst in the United States Air Force and as a contractor for Booz Allen Hamilton, where she helped develop and evolve their cyber threat intelligence community and threat-hunting capabilities. In 2022, Crystal joined Sysdig as a Threat Research Engineer on the Sysdig Threat Research Team, where she worked to discover and analyze cyber threat actors taking advantage of the cloud. Today, Crystal bridges the gap between business and security through cloud-focused content for leaders and practitioners alike. Crystal's thought leadership has been foundational for pieces such as the “2024 Cloud-Native Security and Usage Report” and “Cloud vs. On-Premises: Unraveling the Mystery of the Dwell Time Disparity,” among others.LinksSysdig's 2025 Cloud-Native and Security Usage Report: https://sysdig.com/2025-cloud-native-security-and-usage-report/Sysdig on LinkedIn: https://www.linkedin.com/company/sysdig/Crystal's LinkedIn: https://www.linkedin.com/in/crystal-morin/SponsorSysdig: https://sysdig.com/

Send us a text In this episode, we dive into the critical world of security data strategy with experts Aqsa Taylor and Justin Borland, authors of the upcoming book Applied Security Data Strategy: A Leader's Guide. Justin, a veteran of the Equifax breach, shares firsthand lessons from one of the biggest security incidents in history, while Aqsa explores her journey from electrical engineering to cloud security and the role of governance in data management. Together, they unpack the challenges of handling massive security data, the power of real-time analytics, and how Abstract Security's platform transforms data strategy with deduplication, normalization, and tiered storage. Perfect for CIOs, CSOs, and security pros looking to future-proof their organizations. Subscribe for more cybersecurity insights!Key Points Covered:Introduction to Aqsa Taylor and Justin Borland, emphasizing their expertise and new book.Justin's Equifax experience as a compelling narrative hook.Aqsa's background and insights on governance and cloud security.Abstract Security's innovative approach to data strategy (deduplication, real-time analytics, etc.).Target audience callout (CIOs, CSOs, security professionals) and a subscription prompt.Why this description? It's concise, highlights the episode's value, and uses action-oriented language to engage viewers. It balances technical appeal with accessibility for a broad cybersecurity audience. Support the showFollow the Podcast on Social Media! Tesla Referral Code: https://ts.la/joseph675128 YouTube: https://www.youtube.com/@securityunfilteredpodcast Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcast

In this episode we speak to Nick Jones, an expert in offensive cloud security and Head of Research at WithSecure to expose the biggest security gaps in cloud environments and why CNAPPs and CSPMs alone are not enough often.How cloud pentesting differs from traditional pentestingWhy CSPMs & CNAPPs don't tell the full cloud security storyThe biggest cloud attack paths—identity, IAM users, and CI/CDWhy “misconfigurations vs vulnerabilities” is the wrong debateHow organizations should prepare for a cloud pentestWith real-world examples from red team engagements and cloud security research, Nick shares insider knowledge on how attackers target AWS, Azure, and Kubernetes environments—and what security teams can do to stop them.Guest Socials: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Nick's LinkedinPodcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Cybersecurity PodcastQuestions asked:(00:00) Introduction(02:40) A bit about Nick Jones(03:56) How has Cloud Security Evolved?(05:52) Why do we need pentesting in Cloud Security?(08:09) Misconfiguration vs Vulnerabilities(11:04) Cloud Pentesting in Different Environments(17:05) Impact of Kubernetes Adoption on Offensive Cloud Security(20:19) Planning for a Cloud Pentest(29:04) Common Attacks Paths in Cloud(33:05) Mitigating Common Risk in Cloud(35:14) What is Detection as Code?(41:17) Skills for Cloud Pentesting(45:28) Fun Sections

Guest: Archana Ramamoorthy, Senior Director of Product Management, Google Cloud Topics: You are responsible for building systems that need to comply with laws that are often mutually contradictory. It seems technically impossible to do, how do you do this? Google is not alone in being a global company with local customers and local requirements. How are we building systems that provide local compliance with global consistency in their use for customers who are similar in scale to us?  Originally, Google had global systems synchronized around the entire planet–planet scale supercompute–with atomic clocks. How did we get to regionalized approach from there?  Engineering takes a long time. How do we bring enough agility to product definition and engineering design to give our users robust foundations in our systems that also let us keep up with changing and diverging regulatory goals? What are some of the biggest challenges you face working in the trusted cloud space? Is there something you would like to share about being a woman leader in technology?  How did you overcome the related challenges? Resources: Video “Compliance Without Compromise” by Jeanette Manfra (2020, still very relevant!) “Good to Great” book “Appreciative Leadership” book

The intersection of cybersecurity and healthcare is more critical than ever, as technology continues to shape the way patient care is delivered. At HIMSS 2025 in Las Vegas, we sat down with Lee Kim, Senior Principal of Cybersecurity and Privacy at HIMSS, to discuss the pressing security challenges facing healthcare organizations, the role of artificial intelligence, and the balance between innovation and risk.AI in Healthcare: Promise and PerilArtificial intelligence is rapidly being adopted across the healthcare sector, yet many organizations still lack structured governance around its use. Kim highlights the “wild west” nature of AI adoption, where policies are either non-existent or underdeveloped, creating risks related to privacy, data security, and patient outcomes. While AI-powered diagnostic tools, like those used in radiology, have the potential to improve patient care by identifying critical conditions early, blind trust in AI-generated results presents serious risks. Without proper oversight, reliance on AI could lead to incorrect medical decisions, putting patient safety in jeopardy.Cybersecurity Gaps in Healthcare OrganizationsOne of the biggest concerns in healthcare cybersecurity is the over-reliance on security tools without a clear strategy. Many organizations invest in the latest technology but neglect foundational security practices, such as governance, policy development, and staff training. Kim points out that less than half of cybersecurity budgets are allocated to governance, leading to disorganized security programs.Another persistent challenge is the human factor. Social engineering and phishing attacks remain the top attack vectors, exploiting the inherent culture of healthcare professionals who are trained to help and trust others. Organizations must focus on proactive security measures, such as regular training and simulated attacks, to reduce human error and strengthen defenses.The Financial and Operational RealityBudget constraints continue to be a challenge, particularly for smaller hospitals and community healthcare providers. While larger organizations may have more resources, cybersecurity spending often focuses on acquiring new tools rather than optimizing existing defenses. Kim stresses the importance of a balanced approach—investing in both technology and governance to ensure long-term resilience.Another concern is the increasing dependence on third-party services and cloud-based AI tools. If these services become too expensive or go offline, healthcare organizations may face operational disruptions. The lack of contingency planning, such as backup vendors or alternative systems, leaves many institutions vulnerable to supply chain risks.Building a More Resilient Healthcare Security ModelAs technology continues to drive innovation in healthcare, organizations must adopt a proactive cybersecurity stance. Business impact analyses, vendor risk assessments, and tabletop exercises should be standard practice to prepare for disruptions. Kim also raises the idea of cyber mutual aid—a model similar to emergency medical mutual aid, where healthcare organizations collaborate to support each other in times of crisis.HIMSS 2025 provides a forum for these critical conversations, bringing together global healthcare leaders to share insights, challenges, and solutions. For those interested in diving deeper, the HIMSS Cybersecurity Survey is available online, offering a comprehensive look at the current state of healthcare security.To hear the full discussion on these topics and more, listen to the episode featuring Lee Kim, Sean Martin, and Marco Ciappelli from HIMSS 2025 On Location.Guest: Lee Kim, Senior Principal of Cybersecurity and Privacy at HIMSS | On LinkedIn: https://www.linkedin.com/in/leekim/Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine:  https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsHITRUST: https://itspm.ag/itsphitweb____________________________ResourcesLearn more and catch more stories from HIMSS 2025 coverage: https://www.itspmagazine.com/himss-2025-health-technology-and-cybersecurity-event-coverage-las-vegasHIMSS 2024 Cybersecurity Report: https://www.himss.org/resources/himss-healthcare-cybersecurity-survey/____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More