Podcasts about cloud security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

ETH Zurich's deep-dive into the world's top password managers exposes how feature overload and legacy design obscure real security flaws, forcing a rethink of what "zero knowledge" actually means for your vault. Learn why recent fixes matter—and why open source may be your safest bet. CA's warn us to urgently prepare for the inevitable. Three U.S. states attempt to ban 3D printed firearms. Denied ransom, ShinyHunters leaks 967,000 personal details. "Billions" of U.S. social security numbers leaked. Is Apple planning to add cameras to three new gadgets. No more security fixes for Firefox on Windows 7 & 8. Russia blocks the official Linux kernel site they need. Will the U.S."freedom.gov" site post EU blocked content. LLM's will offer secure passwords. Do Not Use Them. As predicted, the "ClickFix" attack strategy takes over. A listener believes his computer is compromised. How could three popular password managers get things wrong. Show Notes - https://www.grc.com/sn/SN-1066-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: guardsquare.com bitwarden.com/twit zscaler.com/security hoxhunt.com/securitynow material.security

Is AI security just "Cloud Security 2.0"? Toni De La Fuente, creator of the open-source tool Prowler, joins Ashish to explain why securing AI workloads requires a fundamentally different approach than traditional cloud infrastructure.We dive deep into the "Shared Responsibility Gap" emerging with managed AI services like AWS Bedrock and OpenAI. Toni spoke about the hidden dangers of default AI architectures, why you should never connect an MCP (Model Context Protocol) directly to a database.We discuss the new AI-driven SDLC, where tools like Claude Code can generate infrastructure but also create massive security blind spots if not monitored.Guest Socials -⁠ ⁠⁠⁠⁠⁠Toni's LinkedinPodcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Security, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠Questions asked:(00:00) Introduction(02:50) Who is Toni De La Fuente? (Creator of Prowler)(03:50) AI Security vs. Cloud Security: What's the Difference? (07:20) The Shared Responsibility Gap in AI Services (Bedrock, OpenAI) (11:30) The "Fifth Party" Risk: Managed AI Access (13:40) AI Architecture Best Practices: Never Connect MCP to DB Directly (16:40) Prowler's AI Pillars: Generating Dashboards & Detections (22:30) The New SDLC: Securing Code from Claude Code & Lovable (25:30) The "Magic" Trap: Why AI Doesn't Know Your Security Context (28:30) Top 3 Priorities for Security Leaders (Infra, LLM, Shadow AI) (30:40) Future Predictions: Why Predicting 12 Months Out is Impossible

The following article of the Cybersecurity industry is: “Cloud Security: The Risks Threatening Mexican Businesses” by Francisco Ramirez de Arellano, Senior Vice President for Latin America and Caribbean, Tenable.

CyberArk founder and executive chairman Udi Mokady returns to Security Matters at a transformational moment—now as part of Palo Alto Networks, following the acquisition's close on February 11. In this far‑reaching conversation, Udi and host David Puner explore why identity has become the attack vector for modern enterprises, driven by an unprecedented surge in human, machine and AI‑powered identities that attackers increasingly exploit.Udi discusses what the combined companies' scale and capabilities mean for customers, why identity security must now operate as frontline defense rather than a management layer, and how AI agents are rapidly reshaping the threat landscape. He also reflects on CyberArk's long‑distance entrepreneurial journey, the cultural foundations that have made the company durable over 26 years, and how productive paranoia, innovation and trust continue to guide the mission forward inside Palo Alto Networks.Note: This episode was recorded in January, prior to the acquisition's close.

In deze aflevering van Techzine Talks bespreken we het complexe vraagstuk van cloud soevereiniteit. De discussie over DigiD, Microsoft 365 en overheidsdiensten die naar Amerikaanse hyperscalers overstappen, roept veel emoties op. Maar wat is er nu echt aan de hand?We brengen nuance aan in het debat over data-soevereiniteit versus business continuity. Kunnen Europese alternatieven zoals Proton, Nextcloud en Mistral AI echt concurreren met Amerikaanse spelers als AWS, Microsoft, Google Cloud, OpenAI en Claude? Wat zijn de praktische gevolgen en kosten van soevereine cloud-oplossingen? En hoe realistisch is volledige onafhankelijkheid van Amerikaanse technologie?Van Duitse soevereine oplossingen zoals Delos en StackIT tot de geopolitieke afhankelijkheid tussen Europa en Amerika, we bespreken wat wel en niet mogelijk is. Met concrete voorbeelden en kritische analyse van de huidige media-aandacht rondom dit onderwerp.Belangrijkste inzichten:• Verschil tussen data-soevereiniteit en business continuity• Waarom 100% soevereiniteit niet realistisch is• Europese alternatieven en hun beperkingen• Kosten van soevereine cloud-oplossingen• Praktische aanbevelingen voor organisaties• Geopolitieke overwegingen en afhankelijkheden• Waarom de discussie te emotioneel en polariserend isChapters:0:10 - Introductie soevereiniteit1:54 - DigiD en Microsoft 365 discussie3:40 - Geopolitieke overwegingen4:49 - Data-soevereiniteit versus business continuity9:26 - Europese alternatieven en investeringen9:49 - Soevereine cloud-oplossingen van hyperscalers23:01 - Praktische gevolgen en kosten van soevereiniteit50:51 - Conclusies en aanbevelingenKeywords: cloud soevereiniteit, data soevereiniteit, Microsoft 365, DigiD, AWS, Azure, Google Cloud, Europese alternatieven, hyperscalers, business continuity, geopolitiek, digital autonomie, Proton, Nextcloud, Mistral AI, Delos, StackIT, Cloud Act, overheidsdiensten

The $250 million Series B was led by Bessemer Venture Partners, with participation from Salesforce Ventures and Picture Capital. Also, Outtake makes an agentic cybersecurity platform to help enterprises detect identity fraud. Its angel investors are a who's who. Learn more about your ad choices. Visit podcastchoices.com/adchoices

A new AI lab called Flapping Airplanes launched yesterday, and a Sequoia partner has an interesting take on why they stand out. Also, Upwind's $250 million Series B was led by Bessemer Venture Partners, with participation from Salesforce Ventures and Picture Capital. Learn more about your ad choices. Visit podcastchoices.com/adchoices

In this MSDW podcast episode, Mariano Gomez Bent, Chief Technology and Product Officer at Mekorma, shares a technology leader's perspective on moving to Business Central. Drawing from Mekorma's own transition from GP to Business Central, Mariano discusses key considerations around cloud security, selecting the right implementation partners, and managing change across teams. The conversation highlights real-world lessons, common pitfalls, and what organizations should prioritize to successfully navigate a move to the cloud. Considering a move to Business Central? Tune in to hear firsthand insights on cloud security, partner selection, and change management. See more Mekorma content on MSDW: https://msdynamicsworld.com/vendor/mekorma

Send us a textIn this energizing and uplifting conversation, Joey Pinz sits down with cybersecurity rising star ChiChi Ubah, whose passion for learning, adventure, and personal growth lights up every moment of the dialogue. ChiChi shares her love for adrenaline-filled activities, her ambitions to learn to fly a small aircraft, and the mindset that fuels her ongoing pursuit of new experiences—including her PhD focused on AI-driven cybersecurity curriculum development.A dedicated advocate for women in cybersecurity, ChiChi discusses the life-changing support she's received from WiCyS, where mentorship, training, and certifications helped guide her path into cloud security. She reflects on the role of representation, allies, and community in creating opportunities for women in a male-dominated industry.The conversation also explores breaking old beliefs, embracing intentionality, and the everyday practice of consistency—whether pursuing certifications, maintaining health, or building a TikTok channel from 0 to 5,000 followers. ChiChi also opens up about motivation, legacy, and redefining success through freedom, impact, and personal evolution.This episode is packed with insight, heart, humor, and the fearless drive of someone committed to becoming better every day.

Rob Hughes — CISO at RSA and Champion of a Passwordless FutureNo Password Required Season 7:  Episode 1 - Rob HughesRob Hughes, the CISO at RSA, has more than 25 years of experience leading security and cloud infrastructure teams. In this episode, he reflects on his unconventional career path, from co-founding the original Geek.com and serving as its Chief Technologist during the early days of the internet, to leading security and systems design at Philips Home Monitoring.Jack Clabby of Carlton Fields, P.A. and Kayley Melton welcome Rob for a wide-ranging conversation on identity, leadership, and the realities of modern cybersecurity. Rob currently leads RSA's Security and Risk Office, overseeing cybersecurity, information security governance, and risk across both RSA's products and corporate environment.Rob explains his dream for a passwordless future. He unpacks why passwords remain one of the largest sources of cyber risk, how real-world incidents and password-spraying attacks have accelerated change, and why phishing-resistant technologies like passkeys may finally be reaching a tipping point.  The episode wraps with the Lifestyle Polygraph, where Rob lightens the conversation with stories about gaming with his kids, underrated horror films, and classic cars.Follow Rob on LinkedIn: https://www.linkedin.com/in/robert-hughes-816067a4/Chapters: 00:00 Introduction to No Password Required01:43 Meet Rob Hughes, CISO at RSA02:05 The Role of a CISO in a Security Company05:09 Transitioning to the CISO Role08:00 The Early Days of Geek.com12:14 Launching a Startup During the Dot Com Boom14:30 The Push for a Passwordless Future18:21 Tipping Point for Passwordless Adoption20:20 Ongoing Learning in Cybersecurity26:09 Managing Stress in High-Pressure Environments33:46 The Lifestyle Polygraph Begins34:15 Career Insights in Cybersecurity36:08 Dream Cars and Personal Preferences39:58 Underrated Horror Films41:19 Creating a Cybersecurity Monster

Welcome to Episode 419 of the Microsoft Cloud IT Pro Podcast. In this episode, Ben is once again live from Workplace Ninjas and is joined by John Joyner, an 18-year Microsoft MVP in Cloud Security and Azure Management. They discuss some of the announcements from Microsoft Ignite focused around Microsoft Security as well as diving deep into the new Security Store, AI agents, Security Compute Units (SCUs), and how Microsoft is making enterprise AI security more accessible and affordable than ever. Key topics include the phishing triage agent, conditional access optimization, E5 integration with included SCUs, and the strategic consolidation of security services into the Defender XDR portal. Whether you’re a security professional or IT administrator, this conversation provides valuable insights into Microsoft’s AI-driven security roadmap and how to stay ahead of AI-powered threats. Your support makes this show possible! Please consider becoming a premium member for access to live shows and more. Check out our membership options. Show Notes John Joyner on LinkedIn John Joyner’s Blog John Joyner’s Books Corica Technologies What is Microsoft Security Copilot? Security Store Microsoft Security Copilot agents overview Learn about Security Copilot inclusion in Microsoft 365 E5 subscription Microsoft Security Copilot Phishing Triage Agent in Microsoft Defender John Joyner John Joyner is an inventor, author, speaker, and professor specializing in datacenter and enterprise cloud computing. He serves as Senior Director of Technology at Corsica Technologies (formerly AccountabilIT), where he delivers next-generation technology management services to customers worldwide as a cloud architect helping businesses stay competitive. John is a Microsoft Azure MVP and Security MVP, having been recognized eighteen times (2007-2026) as a Microsoft Most Valuable Professional for his exceptional technical expertise, leadership, speaking experience, online influence, and commitment to solving real-world problems. He holds a Bachelor of Science in Business Administration with an Emphasis in Human Resources Management from the University of Colorado at Boulder. From 2007 to 2024, John served as an Adjunct Professor at the University of Arkansas Little Rock, teaching a pro-bono cloud computing management course open to all Arkansas residents. As an author, John co-wrote the 2021 book “Azure Arc-Enabled Kubernetes and Server” from Apress and contributed to four editions of the industry-standard “System Center Operations Manager: Unleashed” from SAMS Publishing (2005-2013). Between 2012 and 2015, he authored weekly cloud and datacenter columns for CBS Technology publications including TechRepublic and ZDNet. A retired U.S. Navy Lieutenant Commander and computer scientist, John worked for NATO in Europe and aboard an aircraft carrier in the Pacific. He earned the Computer Scientist sub-specialty and served as chief of network operations for NATO during the former Yugoslavia conflict. He is also a veteran of the Persian Gulf War. Outside of technology, John’s personal passions include 4-wheeling in his ‘Black Ops’ Jeep Wrangler and running a visionary art clothing company called Lit Like Luma. About the sponsors Would you like to become the irreplaceable Microsoft 365 resource for your organization? Let us know!

In this special year-end episode of Inside the Network, we're joined by two of the most trusted strategic advisors in cybersecurity - Dino Boukouris, Managing Partner at Altitude Cyber, and Sam Bronstein, Partner at AXOM Partners. Between them, they've worked on billions of dollars in cybersecurity M&A, helped founders navigate exits to the world's largest tech companies, and advised the CEOs behind some of the biggest public and private deals in the industry. In this episode, which also happens to be the 20th episode of Inside the Network, we break down what really happened across the cybersecurity landscape in 2025, from customer buying patterns and budget constraints to the $96B in M&A deal volume. Dino and Sam share insights on what's driving consolidation, how buyers think about valuation and timing, and what defines a hot company in 2026 (hint: it's not just growth). We talk about how mega-deals like Wiz and CyberArk are reshaping competitive dynamics in the industry, why SASE, identity, and security for AI have been the most active M&A themes, and what founders need to understand about building relationships with buyers long before they're ready to exit. Sam and Dino explain that founders who achieve the best outcomes usually build relationships with potential acquirers over many years, and break down why many late-stage founders are likely to choose acquisition over IPO in the coming cycle.We close with tactical advice for founders heading into 2026: how to think about your board and investors, what metrics you'll be judged on, and how to align your capital strategy with your long-term goals. And yes, we also talk about race cars, zero interest rates, outcome-based pricing, and what Palo Alto Networks might buy next.

In this Risky Business News sponsored interview the CEO and founder of Prowler, Toni de la Fuente, explains how implementing AI systems brings new security challenges that differ for traditional cloud workloads. Toni also talks about ‘attack paths' in the context of cloud infrastructure and using them to minimise risk. Show notes

professorjrod@gmail.comIn this episode of Technology Tap: CompTIA Study Guide, we dive deep into cloud security fundamentals, perfect for those preparing for the CompTIA Security+ exam. Join our study group as we explore the shifting security landscape from locked server rooms to identity-based perimeters and data distributed across regions. This practical, Security+-ready guide connects architecture choices to real risks and concrete defenses, offering valuable IT certification tips and tech exam prep strategies. Whether you're focused on your CompTIA exam or looking to enhance your IT skills development, this episode provides essential insights to help you succeed in technology education and advance your career.We start by grounding the why: elasticity, pay-per-use costs, and resilience pushed organizations toward public, private, community, and hybrid clouds. From there, we map service models—SaaS, PaaS, IaaS, and XaaS—and the responsibilities each one assigns. You'll hear how thin clients reduce device risk, why a transit gateway can become a blast radius, and where serverless trims surface area while complicating visibility. Misunderstanding the shared responsibility model remains the leading cause of breaches, so we spell out exactly what providers secure and what you must own.Identity becomes the new perimeter, so we detail IAM guardrails: least privilege, no shared admins, MFA on every privileged account, short-lived credentials, and continuous auditing. We cover encryption in all three states with AES-256, TLS 1.3, HSMs, and customer-managed keys, then add CASB for SaaS control and SASE to bring ZTNA, FWaaS, and DLP to the edge where users actually work. Virtualization and containers deliver speed and density but expand the attack surface: VM escapes, snapshot theft, and poisoned images require hardened hypervisors, signed artifacts, private registries, secret management, and runtime policy. Hybrid and multi-cloud introduce inconsistent IAM and fragmented logging—centralized identity, unified SIEM, CSPM, and infrastructure-as-code guardrails bring discipline back.We wrap with the patterns attackers exploit—public storage exposure, stolen API keys, unencrypted backups, and supply chain compromises—and the operating principles that stop them: zero trust, verification over assumption, and automation that responds at machine speed. Stick around for four rapid Security+ practice questions to test your skills and cement the concepts.If this helped you study or sharpen your cloud strategy, follow and subscribe, share it with a teammate, and leave a quick review telling us which control you'll deploy first.Support the showArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod

Danny Jenkins — Founder of ThreatLocker and the Zero-Trust RevolutionDanny Jenkins is the CEO of ThreatLocker, the leading cybersecurity company that he built alongside his wife. Hosts Jack Clabby of Carlton Fields, P.A., and Kayley Melton of the Cognitive Security Institute follow Danny's journey from a scrappy IT consultant to leading one of the fastest-growing cybersecurity companies in the world.Danny shares the moment everything changed: watching a small business nearly collapse after a catastrophic ransomware attack. That experience reshaped his mission and ultimately sparked the creation of ThreatLocker. He also reflects on the gritty early days—cold-calling from his living room, coding through the night, and taking on debt before finally landing their first $5,000 customer.Danny explains the origins of Zero Trust World, his passion for educating IT teams, and why adopting a hacker mindset is essential for modern defenders.In the Lifestyle Polygraph, Danny relates his early “revenge tech” against school bullies, the place he escapes to when celebrating big wins, and the movie franchise he insists is absolutely a Christmas classic.Follow Danny on LinkedIn: https://www.linkedin.com/in/dannyjenkins/ 00:00 Introduction to Cybersecurity and ThreatLocker02:26 The Birth of ThreatLocker: A Personal Journey05:42 The Evolution of Zero Trust Security08:35 Real-World Impact of Cyber Attacks11:25 The Importance of a Hacker Mindset14:46 The Role of SOC Teams in Cybersecurity17:34 Building a Culture of Security20:23 Hiring for Passion and Skill in Cybersecurity23:44 Understanding Zero Trust: Trust No One26:32 Lifestyle Polygraph: Personal Insights and Fun29:41 Conclusion and Future of ThreatLocker

Send us a textIn this episode, Joe sits down with Vishnu Varma to explore the evolving landscape of cybersecurity and data management. Vishnu shares his journey from India to the US, detailing his experiences at Cisco and the rise of cloud security. They delve into the challenges of managing vast amounts of data in the age of AI, discussing how BonFi AI is innovating in data security. Tune in to learn about the importance of context in data protection and the future of cybersecurity in a rapidly changing digital world.00:00:19 Introduction to Vishnu's Journey00:00:30 Entering the US and Cisco00:02:18 Cloud Security and AI00:02:48 Data Governance and Challenges00:08:47 The Expansiveness of Cloud00:11:00 AI's Appetite for Data00:12:11 Data Security in the JNI Era00:14:29 The Importance of Context00:16:13 Data Used by Enterprises00:22:24 Conclusion and Future Trendshttps://www.bonfy.ai/Bonfy.aiBonfy ACS is a next-gen DLP platform built for the AI era. Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.Support the showFollow the Podcast on Social Media! Tesla Referral Code: https://ts.la/joseph675128 YouTube: https://www.youtube.com/@securityunfilteredpodcast Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcast Affiliates➡️ OffGrid Faraday Bags: https://offgrid.co/?ref=gabzvajh➡️ OffGrid Coupon Code: JOE➡️ Unplugged Phone: https://unplugged.com/Unplugged's UP Phone - The performance you expect, with the privacy you deserve. Meet the alternative. Use Code UNFILTERED at checkout*See terms and conditions at affiliated webpages. Offers are subject to change. These are affiliated/paid promotions.

Marina Moore, a security researcher and the co-chair of the security and compliance TAG of CNCF, shares her concerns about the security vulnerabilities of containers. She explains where the issues originate, providing solutions and discussing alternative routes to using micro-VMs rather than containers. Additionally, she highlights the risks associated with AI inference. Read a transcript of this interview: https://bit.ly/4qUCcyi Subscribe to the Software Architects' Newsletter for your monthly guide to the essential news and experience from industry peers on emerging patterns and technologies: https://www.infoq.com/software-architects-newsletter Upcoming Events: QCon San Francisco 2025 (November 17-21, 2025) Get practical inspiration and best practices on emerging software trends directly from senior software developers at early adopter companies. https://qconsf.com/ QCon AI New York 2025 (December 16-17, 2025) https://ai.qconferences.com/ QCon London 2026 (March 16-19, 2026) https://qconlondon.com/ The InfoQ Podcasts: Weekly inspiration to drive innovation and build great teams from senior software leaders. Listen to all our podcasts and read interview transcripts: - The InfoQ Podcast https://www.infoq.com/podcasts/ - Engineering Culture Podcast by InfoQ https://www.infoq.com/podcasts/#engineering_culture - Generally AI: https://www.infoq.com/generally-ai-podcast/ Follow InfoQ: - Mastodon: https://techhub.social/@infoq - X: https://x.com/InfoQ?from=@ - LinkedIn: https://www.linkedin.com/company/infoq/ - Facebook: https://www.facebook.com/InfoQdotcom# - Instagram: https://www.instagram.com/infoqdotcom/?hl=en - Youtube: https://www.youtube.com/infoq - Bluesky: https://bsky.app/profile/infoq.com Write for InfoQ: Learn and share the changes and innovations in professional software development. - Join a community of experts. - Increase your visibility. - Grow your career. https://www.infoq.com/write-for-infoq

The journey from aerospace engineering at NASA to serial entrepreneur isn't a well-trodden path but it's one that's worked for Adam Markowitz. In this episode of The SaaS Revolution Show, Alex Theuma talks with the Drata Co-founder and CEO about the journey from NASA, to edtech, to Drata and how lessons at each stage led him to the next. From finding product-market fit and executing at speed, to building a culture of trust and timing the market just right, Adam shares the learnings behind Drata's rapid rise from $0-100M ARR in four years. Listen to learn: - How NASA inspired Adam's founder mindset and approach to problem-solving - The “lightning in a bottle” moment that catapulted Drata's product-market fit - How strategy, execution, and timing team became Drata's competitive advantage - Why a partner-led GTM strategy helped Drata scale faster - How AI is transforming compliance and customer expectations in SaaS Guest links: LinkedIn - https://www.linkedin.com/in/markowitzadam/ Website - https://drata.com/       Check out the other ways SaaStock is helping SaaS founders move their business forward: 

Today, we're joined by Chris McHenry, Chief Product Officer at Aviatrix, a cloud native network security company. We talk about:Prerequisites to driving operational efficiency with agentic AIBridging the gap between security & engineering so organizations can go fast & be secure What's required in order for agentic AI to create a magical momentWith cloud powering so much of our society, the need to get security right The security challenges introduced by agentic AI apps, including new attack vectors

When Amazon AWS and Microsoft Azure crashed, half a billion dollars vanished overnight. In this episode, David Mauro, Dr. Sergio Sanchez, and Zack Moscow uncover the ethics surrounding AI and the need for tech awareness, highlighting the importance of digital detox in maintaining a healthy balance.We break down: 

In this insightful episode, join hosts Richard and Oyku as they welcome cybersecurity expert Gabriele Fiata from SAP to discuss how supply chains are evolving in the face of increasing cyber threats. As supply chains grow faster and more complex, security can no longer be an afterthought - it must be built into systems like ERP from the ground up. Gabriele highlights the shift towards a shared responsibility model in cloud security, emphasizing collaboration between businesses, vendors, and partners. With threats escalating, AI-powered detection and automated defenses are becoming critical tools to spot breaches before they happen. The conversation also reveals how companies are embracing new mindsets and training people to be the first line of defense, turning a potential weak point into a strength. Tune in to hear how smart planning and resilience can protect your business and keep supply chains moving smoothly. Don't miss this chance to learn from real-world insights and a recent IDC study that quantifies the high value of these new security approaches. Listen now and discover how securing the supply chain can secure your future.

The silos between Application Security and Cloud Security are officially breaking down, and AI is the primary catalyst. In this episode, Tejas Dakve, Senior Manager, Application Security, Bloomberg Industry Group and Aditya Patel, VP of Cybersecurity Architecture discuss how the AI-driven landscape is forcing a fundamental change in how we secure our applications and infrastructure.The conversation explores why traditional security models and gates are "absolutely impossible" to maintain against the sheer speed and volume of AI-generated code . Learn why traditional threat modeling is no longer a one-time event, how the lines between AppSec and CloudSec are merging, and why the future of the industry belongs to "T-shaped engineers" with a multidisciplinary range of skills.Guest Socials -⁠ ⁠⁠⁠⁠⁠⁠⁠Tejas's Linkedin + Aditya's Linkedin Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠Questions asked:(00:00) Introduction(02:30) Who is Tejas Dakve? (AppSec)(03:40) Who is Aditya Patel? (CloudSec)(04:30) Common Use Cases for AI in Cloud & Applications(08:00) How AI Changed the Landscape for AppSec Teams(09:00) Why Traditional Security Models Don't Work for AI(11:00) AI is Breaking Down Security Silos (CloudSec & AppSec)(12:15) The "Hallucination" Problem: AI Knows Everything Until You're the Expert(12:45) The Speed & Volume of AI-Generated Code is the Real Challenge(14:30) How to Handle the AI Code Explosion? "Paved Roads"(15:45) From "Department of No" to "Department of Safe Yes"(16:30) Baking Security into the AI Lifecycle (Like DevSecOps)(18:25) Securing Agentic AI: Why IAM is More Important than the Chat(24:00) The Silo: AppSec Doesn't Have Visibility into Cloud IAM(25:00) Merging Threat Models: AppSec + CloudSec(26:20) Using New Frameworks: MITRE ATLAS & OWASP LLM Top 10(27:30) Threat Modeling Must Be a "Living & Breathing Process"(28:30) Using AI for Automated Threat Modeling(31:00) Building vs. Buying AI Security Tools(34:10) Prioritizing Vulnerabilities: Quality Over Quantity(37:20) The Rise of the "T-Shaped" Security Engineer(39:20) Building AI Governance with Cross-Functional Teams(40:10) Secure by Design for AI-Native Applications(44:10) AI Adoption Maturity: The 5 Stages of Grief(50:00) How the Security Role is Evolving with AI(55:20) Career Advice for Evolving in the Age of AI(01:00:00) Career Advice for Newcomers: Get an IT Help Desk Job(01:03:00) Fun Questions: Cats, Philanthropy, and Thai FoodResources discussed during the interview:Amazon Rufus: (Amazon's AI review summarizer) OWASP Top 10 for LLMsSTRIDE Threat Model: (Microsoft methodology) MITRE ATLASCloud Security Alliance (CSA) Maestro Framework CISA KEV (Known Exploited Vulnerabilities)Book: Range: Why Generalists Triumph in a Specialized World by David Epstein Anjali Charitable TrustAditya Patel's Blog

Se você acha que segurança em nuvem é só ligar um CSPM e ser feliz, neste episódio a gente mostra que a história é bem mais cabeluda e divertida. Recebemos o Leandro Venâncio para destrinchar desde responsabilidade compartilhada e Zero Trust até o que realmente funciona no dia a dia de clusters Kubernetes sob fogo cruzado. Falamos de cultura, automação e das ciladas que a gente só aprende depois de tomar uns tombos.Partimos do básico bem-feito (identidade, redes e criptografia) e avançamos para governança com políticas (Kyverno/Gatekeeper), esteira com SAST/DAST/SCA, SBOM decente e segredos administrados em KMS/External Secrets. Amarramos com observabilidade, resposta a incidentes e como priorizar risco sem virar refém de dashboards. Spoiler: custo, compliance e performance entram no mesmo bolo e não dá pra fingir que não existem.Entre as pautas, destacamos: como aplicar Zero Trust em workloads efêmeros; por que "shift left" sem operações maduras mais atrapalha que ajuda; e onde CNAPP, CSPM e admission controllers se encontram. E claro, casos reais — porque a teoria é linda, mas a produção é quem manda.#Links Importantes:- Leandro Venâncio - https://www.linkedin.com/in/leandro-venancio/- LowOps cast com Rafael Ferreira - https://www.youtube.com/live/SC6a11HClX4- João Brito - https://www.linkedin.com/in/juniorjbn/- Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflMO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

In this episode, I sit down with Mitchel Herckis, Global Head of Government Affairs at cloud security leader Wiz. We will be discussing all things public sector and cybersecurity, including the evolution of the FedRAMP program, modernizing vulnerability management, and the future of Continuous ATO (cATO).We covered a lot of ground, including:Mitch's background, both at Wiz and inside Government at roles such as OMBHow Wiz is working with Federal agencies and Defense Industrial Base (DIB) partners on Cloud Security, including the long-needed overhaul of FedRAMP with FedRAMP 20x's efforts.The move towards real Continuous Monitoring (ConMon) with real-time visibility of cloud environments, as well as the need for machine-readable artifacts, automations, and streamlined security control assessments.The modernization of vulnerability management, including factors such as attack paths, reachability, exploitability, known exploitation, and the importance of focusing on real risks versus noise.Moving away from paper-based compliance exercises and bridging the gap between security and compliance.Wiz's role as a CVE Numbering Authority (CNA) and the broader CVE program, including its importance for both the Government and industry when it comes to vulnerability management.To evolving usage of SBOMs and broader supply chain security.Disjointed efforts around the Government at both the Federal at State levels when it comes to Continuous ATO (cATO) and how we can move towards a more cohesive approach to modern system assessment and authorization.The importance of Government Affairs and bridging the divide between industry and Government, including bringing in tech leaders into Government, influencing policy, and improving outcomes for citizens and warfighters alike.The dual-edged sword that is AI adoption in the public sector.

In this episode of Security Matters, Chris Schueler, CEO of Cyderes, joins host David Puner for a dive into the evolving challenges of enterprise security. The conversation explores the dangers of privilege creep, the explosion of machine identities, and why accountability at every point of interaction is essential for building resilient teams and systems. Chris shares insights on the risks of unmanaged access, the impact of AI and automation on both defense and attack strategies, and practical advice for CISOs and boards on managing identity risk while enabling business transformation. Whether you're a security leader, practitioner, or simply interested in the future of cybersecurity, this episode delivers actionable guidance and fresh perspectives on safeguarding your organization's reputation, continuity, and trust.

דן בנימין יודע בדיוק מה שוק הסייבר מחפש, הוא מכר את חברת Dig Security לפאלו אלטו בכ־315 מיליון דולר בתוך פחות משנתיים מאז שהקים אותה ב 2021. בפרק הזה הוא מספר איך הכול התחיל, מה השלב שבו הבין שיש Product-Market Fit אמיתי, ואיך משלמים מחיר אישי בדרך לצמרת.שוחחנו על הדרך הנכונה להקים סטארטאפ: איך יודעים שיש שוק, איך מגייסים כסף, למה חשוב שהיזם יישאר הכי קרוב למוצר, מה בכלל עושים ביום שאחרי. דיברנו גם על אבטחת ענן, התחום שצומח הכי מהר בתוך עולם הסייבר, ואיך מתקפות כמו זו על Change Healthcare, שהשביתה תעשייה שלמה, שינו את כללי המשחק. דן מסביר למה Cloud Security הפך לצוואר בקבוק עסקי, איך משקיעים יכולים להבדיל בין "בועה" להזדמנות אמיתית, ואיזה מדד אחד הכי חשוב כדי לזהות חברה חזקה באמת.שוחחנו גם על הקשר בין סייבר ל־AI, למה החברות הגדולות דווקא קונות ולא בונות, ומה הדבר הבא שהשוק עדיין לא מעריך מספיק. פרק חובה ליזמים, אנליסטים, משקיעים – ולכל מי שרוצה להבין איך נראה קצה גבול החדשנות בתחום הכי רותח בשוק, כזה שאני אישית משקיע בו (וישקיע) עוד שנים ארוכות קדימה.לפתיחת חשבון מסחר במיטב:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://landing.meitav.co.il/he-IL/landing/trade/tradeleads?utm_source=%D7%92%D7%99%D7%90+%D7%A0%D7%AA%D7%9F&utm_medium=%D7%92%D7%99%D7%90+%D7%A0%D7%AA%D7%9F⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠לאינסטגרם שלי:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.instagram.com/guynatan9/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠לאתר שלי:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://guynatan.com00:00:00 - פתיחה00:01:23 - הצגת האורח: דן בנימין (בנג'מין)02:26 - מה זה Dig Security ואיך הכל התחיל?03:56 - איך מגייסים 8.5 מיליון דולר ביום הראשון של החברה?05:04 - איך מנהלים 8.5 מיליון דולר ולא "משתגעים"?10:04 - המחיר האישי של צמיחה אגרסיבית18:39 - למה ישראל היא מעצמת סייבר עולמית?22:38 - עצות ליזם המתחיל: האם להקים סטארט-אפ ישר אחרי הצבא?26:03 - מאחורי הקלעים של אקזיט: כך מתנהל תהליך מכירה48:50 - האם סייבר באמת חסין למשברים כלכליים?56:57 - המסר למאזינים: בואו נהיה מאוחדים

Strengthen your security posture by moving groups and users from Active Directory to Microsoft Entra. This gives you seamless access for your teams, stronger authentication with MFA and passwordless options, and centralized visibility into risks across your environment. Simplify hybrid identity management by reducing dual overhead, prioritizing key groups, migrating users without disruption, and automating policies with Graph or PowerShell. Jeremy Chapman, Microsoft 365 Director, shows how to start minimizing your local directory and make Microsoft Entra your source of authority to protect access everywhere. ► QUICK LINKS: 00:00 - Minimize Active Directory with Microsoft Entra 00:34 - Build a Strong Identity Foundation 01:28 - Reduce Dual Management Overhead 02:06 - Begin with Groups 03:04 - Automate with Graph & Policy Controls 03:50 - Access packages 06:00 - Move user objects to be cloud-managed 07:03 - Automate using scripts or code 09:17 - Wrap up ► Link References Get started at https://aka.ms/CloudManagedIdentity Use SOA scenarios at https://aka.ms/usersoadocs Group SOA scenarios at https://aka.ms/groupsoadocs Guidance for IT Architects on benefits of SOA at https://aka.ms/SOAITArchitectsGuidance ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

In the world of cybersecurity, there are big lies that have been perpetuated about compliance, fixability and communication--and it's time to burn it all down and start over.  Many experts see one main cybersecurity truth, especially about AI, SIEM, EDR and related business technology. By examining the intersection of AI, cybersecurity, and compliance, we can gain a deeper understanding of the lies that have been told about the state of cybersecurity and work towards a more secure future. Tune in to this thought-provoking Send us a textGrowth without Interruption. Get peace of mind. Stay Competitive-Get NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com Support the show

Take control of security operations and act fast on high priority threats with Microsoft Security Copilot agents. Automate phishing triage, prioritize alerts, streamline access reviews, and close policy gaps while keeping full control through natural language feedback and recommendations. Reduce repetitive work, cut through alert noise, and focus on the most critical risks facing your organization. Stay ahead of vulnerabilities and evolving threats by proactively identifying at-risk devices, deploying patches, and optimizing access policies as your environment changes. Build custom agents tailored to your workflows, connecting tools and data to automate your most time-consuming security tasks. Dilip Radhakrishnan, Microsoft Security Copilot Partner Director, shares how to keep your organization protected with Security Copilot agents. ► QUICK LINKS:  00:00 - Security Copilot agents 01:02 - Phishing Triage Agent 02:17 - Alert Triage Agents 03:24 - Access governance 04:41 - Conditional Access Optimization Agent 05:57 - Vulnerability Remediation Agent 06:57 - Build your own specialized agents 07:54 - Wrap up ► Link References Get started at https://aka.ms/securitycopilotadoptionhub ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics  

Security leaders from CyberArk, Fortra, and Sysdig share actionable strategies for securely implementing generative AI and reveal real-world insights on data protection and agent management.Topics Include:Panel explores practical security approaches for GenAI from prototype to productionThree-phase framework discussed: planning, pre-production, and production security considerationsSecurity must be built-in from start - data foundation is criticalUnderstanding data location, usage, transformation, and regulatory requirements is essentialFortra's security conglomerate approach integrates with AWS native tools and partnersMachine data initially easier for compliance - no PII or HIPAA concernsIdentity paradigm shift: agents can dynamically take human and non-human roles97% of organizations using AI tools lack identity and access policiesSecurity responsibility increases as you move up the customization stackOWASP Top 10 for GenAI addresses prompt injection and data poisoningRigorous model testing including adversarial attacks before deployment is crucialSysdig spent 6-9 months stress testing their agent before production releaseTension exists between moving fast and implementing proper security controlsDifferent security approaches needed based on data sensitivity and model usageZero-standing privilege and intent-based policies critical for agent managementMulti-agent systems create "Internet of Agents" with exponentially multiplying risksDiscovery challenge: finding where GenAI is running across enterprise environmentsAPI security and gateway protection becoming critical with acceptable latencyTop customer need: translating written AI policies into actionable controlsThreat modeling should focus on impact rather than just vulnerability severityParticipants:Prashant Tyagi - Go-To-Market Identity Security Technology Strategy Lead, CyberArkMike Reed – Field CISO, Cloud Security & AI, FortraZaher Hulays – Vice President Strategic Partnerships, SysdigMatthew Girdharry - WW Leader for Observability & Security Partnerships, Amazon Web ServicesFurther Links:CyberArk: Website – LinkedIn – AWS MarketplaceFortra: Website – LinkedIn – AWS MarketplaceSysdig: Website – LinkedIn – AWS MarketplaceSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

In this episode of the Unsecurity Podcast, hosts Brad Nigh and Megan Larkins are joined by special guest Jim Nelson from FRSecure to dive deep into the world of cloud security. Whether you're using AWS, Azure, or GCP, understanding the right security protocols is crucial. Jim, a subject matter expert in cloud assessments, CIS benchmarks, and cloud infrastructure, shares valuable insights on common security pitfalls and best practices to enhance your cloud security posture.Topics Covered:- Introduction to cloud security challenges and opportunities.- Key areas often overlooked in cloud infrastructure security.- The importance of proper configuration and ongoing monitoring.- Best practices in identity and access management.- Effective data protection and governance strategies.- The significance of continuous vulnerability management.- Real-world experiences and lessons from security assessments.- Tips for leveraging CIS benchmarks and security frameworks.- Insights into collaboration security and conditional access policies.Join us for a comprehensive discussion that offers actionable advice to elevate your security efforts in the cloud. Perfect for InfoSec professionals and organizations looking to bolster their cloud security strategies.Here are some resources to help get you started:FRSecure's Cloud Security Checklist: https://frsecure.com/cloud-infrastructure-security-checklist/The CIS Benchmarks: https://www.cisecurity.org/cis-benchmarksDon't forget to like, subscribe, and share with your network to stay informed about the latest in cybersecurity!-- Looking to get in touch? Reach out at unsecurity@frsecure.com and follow us for more!LinkedIn: https://www.linkedin.com/company/frsecure/Instagram: https://www.instagram.com/frsecureofficial/Facebook: https://www.facebook.com/frsecure/BlueSky: https://bsky.app/profile/frsecure.bsky.socialAbout FRSecure:https://frsecure.com/ FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can't do it alone. Whether you're wondering where to start or looking for a team of experts to collaborate with you, we are ready to serve.

Ask Me Anything: vCISO Strategy, IR, and Cyber Leadership | DailyCyber 275 ~ Watch Now ~ In this AMA edition of DailyCyber, I break down some of the most pressing issues in cybersecurity today. No guest—just me sharing unfiltered insights from the frontlines of vCISO advisory and leadership. 

You have the visibility, you see the alerts, but your security backlog is still growing faster than your team can fix it. So, are you actually getting more secure? In this episode, Snir Ben Shimol, CEO of Zest Security, argues that "knowing about an open door or an open window don't make you more secure... just make you more aware" .We spoke about the traditional "whack-a-mole" approach to vulnerability management. Snir shared an analogy: when planning a trip, the most important question isn't who goes first, but "what is the vehicle?" . He explains how AI's ability to perform recursive analysis can find the "vehicle" for your remediation efforts, that one base image upgrade or single code change that can reduce 20-30% of your entire vulnerability backlog in one action .Guest Socials - ⁠Snir's LinkedinPodcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Cybersecurity PodcastQuestions:(00:00) Introduction(02:30) Who is Snir Ben Shimol?(03:20) What is Cloud Security in 2025? Moving from Visibility to Action(07:25) Why Visibility Isn't Making You More Secure(10:20) The Slow, Manual Process of Remediation Today: Losing the Battle(16:00) The "Vehicle vs. Priority" Analogy for Vulnerability Management(17:45) How AI Enables Recursive Analysis to Find the Most Impactful Fix(20:00) The Three Pillars of AI-Driven Cloud Security Resolution(22:30) Why Your CNAPP/CSPM Can't Solve the Remediation Problem(25:20) Why Traditional Prioritization (EPSS, KEV) is a Waterfall Approach(28:10) The "Buy vs. Build" Dilemma for AI Security Solutions(30:15) The Complexity of Building a Multi-Agent AI System for Security(41:45) How CISOs Can Separate Real AI Products from Marketing Fluff(44:50) Final Questions: Surfing, Communication, and Thai Food

In this compelling episode of SADA's Cloud and Clear podcast, we go "Beyond the Benchmark" with Joseph Menti, Senior Director of DevOps, Security, and IT Operations at DroneDeploy. Join host John Giglio, SADA's Director of Cloud Security, as we explore DroneDeploy's sophisticated and proactive approach to cloud security. DroneDeploy is a leader in reality capture, providing "superpowers" to industries like construction, agriculture, and solar with accurate mapping and analysis. Discover the unique security challenges of handling vast amounts of sensitive imagery and 3D model data. Joseph shares how DroneDeploy navigated their transition from co-located data centers to a predominantly Google Cloud Platform (GCP) environment, highlighting the immense capabilities of cloud tools for physical data security, access management, anomaly detection, and more. Learn about DroneDeploy's philosophy of "punching above their weight" – maximizing a small team's effectiveness through strategic technology adoption, like Security Command Center for asset inventory, and implementing Infrastructure as Code. The discussion also emphasizes the critical value of third-party security assessments, which provide unbiased validation, identify "unknown unknowns," and help prioritize the security roadmap. Joseph explains how a strong security program acts as a powerful business enabler, building customer trust and helping to secure deals. Finally, get insights into emerging threats, including the impact of AI on cyberattacks, and why user awareness training remains the highest ROI security measure. Key Takeaways: Cloud-Native Security Strategies: Harnessing GCP tools for automated security and efficient operations. Maximizing Resources: How to achieve robust security with a lean team through smart automation and strategic tools. The Power of External Validation: Why third-party security assessments are crucial for a world-class security framework. Security as a Business Enabler: Transforming security from a cost center into a competitive advantage. Battling Emerging Threats: Understanding AI's role in cyberattacks and the paramount importance of continuous security awareness training. Tune in to gain practical advice and inspiration for your cloud transformation journey! Connect with SADA & DroneDeploy: Learn more about SADA: https://sada.com/cloud-and-clear/  Explore DroneDeploy: https://www.dronedeploy.com/  Check out the DroneDeploy Horizons event in October: https://www.dronedeploy.com/horizons Read our DroneDeploy case study: https://sada.com/customer-story/dronedeploy-goes-the-extra-mile-for-enterprise-grade-security-with-google-cloud-and-sada  Subscribe to Cloud and Clear:

In this episode of the Identity at the Center Podcast, hosts Jeff and Jim dive into the critical intersection of cloud security and identity and access management (IAM). They are joined by experts from RSM Justin Devine, Cloud Transformation Director, and Vaishnavi Vaidyanathan, Digital Identity Director, to discuss the challenges and strategies involved in explaining complex identity topics in business terms to executives. The conversation covers the integration of IAM with cloud initiatives, the importance of automation and governance, and actionable steps for improving cloud security and identity management. The episode also touches on the evolving role of identity in cybersecurity and offers practical advice for organizations undergoing cloud migrations.Connect with Justin: https://www.linkedin.com/in/justindevine/Connect with Vaishnavi: https://www.linkedin.com/in/vaishnavi-vaidyanathan-6913072b/Learn more about RSM:Digital Identity consulting: https://rsmus.com/services/risk-fraud-cybersecurity/cybersecurity-business-vulnerability/identity-and-access.htmlSecure Cloud: https://rsmus.com/services/risk-fraud-cybersecurity/cybersecurity-business-vulnerability/secure-cloud.htmlCheck out more RSM & IDAC episodes: https://rsmus.com/insights/services/risk-fraud-cybersecurity/IDAC-podcast-featuring-RSMs-digital-identity-team.htmlChapters00:00 Introduction and Banter00:37 Explaining Identity in Business Speak04:03 Conference Season and Upcoming Events06:19 Intersection of Cloud Security and IAM07:05 Guest Introductions: Justin and Vaishnavi07:37 Vaishnav's Journey in Identity12:20 Justin's Background and Cloud Security14:32 Cloud and IAM Strategies29:28 Challenges in Identity Management30:09 Identity Orchestration and Cloud Transformation31:07 Modernizing Identity for Cloud Adoption33:03 Importance of Identity in Advanced Cloud Implementations37:28 Identity Security and Monitoring in the Cloud41:34 Practical Advice for Cloud and Identity Management53:23 Music Preferences and Final ThoughtsConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.com

The conversation around cloud security is maturing beyond simple threat detection. As the industry grapples with alert fatigue, we explore the necessary shift from a reactive to a proactive security posture, questioning if a traditional SecOps model is sufficient for modern cloud environments.We spoke with Gil Geron, CEO of Orca Security, to examine the limitations of a SecOps-centric defense. SecOps teams are inherently reactive, they cannot be the sole guardians of cloud infrastructure. Instead, the conversation centers on a new blueprint: viewing cloud security as an end-to-end workflow that integrates development, deployment, and production runtime with a continuous feedback loop into policy.The role of AI is also explored, not just as a threat, but as an opportunity to empower security teams and make knowledge more accessible. We spoke about the power of context in reducing alert volume, citing a case where millions of vulnerabilities were prioritized down to a handful of actionable fixes.Guest Socials - Gil's LinkedinPodcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Cybersecurity PodcastQuestions asked:(00:00) Introduction(02:12) Who is Gil Geron? From Check Point to CEO of Orca Security(02:54) What is Cloud Security in 2025? The Evolution to a Modern Workflow(05:50) How AI is Impacting the Cloud Security Landscape: A Salvation, Not a Risk(08:40) The Limits of a Reactive Approach: Why SecOps Can't Be Your Only Defense(12:15) The Surprising Truth: 95% of Cloud Malware is Introduced, Not Hacked(13:40) The Role of Identity in Cloud Security: The New Networking(18:00) The Current Cloud Security Landscape: From "Thumb Mistakes" to Neglected Assets(22:20) How CISOs are Modernizing Security by Modernizing Engineering Workflows(23:50) Reducing SOC Fatigue: How Context Turns Millions of Alerts into a Handful of Fixes(26:20) Is Auto-Remediation Safe? Why It's an Orchestration Challenge, Not a Technical One(35:20) Shifting Left with Production Context: The Future of AppSec & Cloud Sec(38:00) How to Choose a Security Vendor: Finding Hope, Not Fear(42:01) Final Questions: Hiking, Team Pride, and French FriesThank you to our episode sponsor - Orca Security

Guest: Errol Weiss, Chief Security Officer (CSO) at Health-ISAC Topics: How adding digital resilience is crucial for enterprises? How to make the leaders shift from “just cybersecurity“  to “digital resilience”? How to be the most resilient you can be given the resources? How to be the most resilient with the least amount of money? How to make yourself a smaller target? Smaller target measures fit into what some call “basics.”  But “Basic” hygiene is actually very hard for many. What are your top 3 hygiene tips for making it happen that actually work? We are talking about under-resources orgs, but some are much more under-resourced, what is your advice for those with extreme shortage of security resources? Assessing vendor security - what is most important to consider today in 2025?  How not to be hacked via your vendor? Resources: ISAC history (1998 PDD 63) CISA Known Exploited Vulnerabilities Catalog Brian Krebs blog Health-ISAC Annual Threat Report  Health-ISAC Home  Health Sector Coordinating Council Publications Health Industry Cybersecurity Practices 2023 HHS Cyber Performance Goals (CPGs)  10 ways to make cyber-physical systems more resilient EP193 Inherited a Cloud? Now What? How Do I Secure It? EP65 Is Your Healthcare Security Healthy? Mandiant Incident Response Insights EP49 Lifesaving Tradeoffs: CISO Considerations in Moving Healthcare to Cloud EP233 Product Security Engineering at Google: Resilience and Security EP204 Beyond PCAST: Phil Venables on the Future of Resilience and Leading Indicators

In episode 149 of Cybersecurity Where You Are, Sean Atkinson is joined by Chris McCullar, Director of Sales, Cloud Security, at the Center for Internet Security® (CIS®); and Mishal Makshood, Sr. Cloud Security Account Executive at CIS. Together, they discuss how to navigate human error, artificial intelligence (AI) missteps, and other landmarks in a new frontier of virtual machine (VM) risks. Here are some highlights from our episode:00:50. Introductions with Chris and Mishal02:20. The ongoing need to address the risk of human error when configuring VMs04:55. The value of building trusted security into a VM image by design07:28. A reality check of what the shared responsibility model means to an organization13:06. How the integration of AI into DevOps accelerates both automation and mistakes15:21. The importance of a secure foundation in the cloud on which you can build with AI18:19. Automated enforcement and AI's role in complementing human judgment21:03. Two examples how CIS resources can drive governance and policy integration28:05. Cybersecurity as a community-driven team sport30:33. Lifecycle management as a way of addressing organizations' security needsResourcesKeep the Cloud Secure with CIS after Migrating to the CloudAutomated Compliance: The Byproduct of Holistic HardeningMeet the Shared Responsibility Model with New CIS ResourcesEpisode 135: Five Lightning Chats at RSAC Conference 20252025 Data Breach Investigations ReportIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

At Black Hat 2025, Sean Martin sits down with Ofir Stein, CTO and Co-Founder of Apono, to discuss the pressing challenges of identity and access management in today's hybrid, AI-driven environments. Stein's background in technology infrastructure and DevOps, paired with his co-founder's deep cybersecurity expertise, positions the company to address one of the most common yet critical problems in enterprise security: how to secure permissions without slowing the pace of business.Organizations often face a tug-of-war between security teams seeking to minimize risk and engineering or business units pushing for rapid access to systems. Stein explains that traditional approaches to access control — where permissions are either always on or granted through manual processes — create friction and risk. Over-provisioned accounts become prime targets for attackers, while delayed access slows innovation.Apono addresses this through a Zero Standing Privilege approach, where no user — human or non-human — retains permanent permissions. Instead, access is dynamically granted based on business context and automatically revoked when no longer needed. This ensures engineers and systems get the right access at the right time, without exposing unnecessary attack surfaces.The platform integrates seamlessly with existing identity providers, governance systems, and IT workflows, allowing organizations to centralize visibility and control without replacing existing tools. Dynamic, context-based policies replace static rules, enabling access that adapts to changing conditions, including the unpredictable needs of AI agents and automated workflows.Stein also highlights continuous discovery and anomaly detection capabilities, enabling organizations to see and act on changes in privilege usage in real time. By coupling visibility with automated policy enforcement, organizations can not only identify over-privileged accounts but also remediate them immediately — avoiding the cycle of one-off audits followed by privilege creep.The result is a solution that scales with modern enterprise needs, reduces risk, and empowers both security teams and end users. As Stein notes, giving engineers control over their own access — including the ability to revoke it — fosters a culture of shared responsibility for security, rather than one of gatekeeping.Learn more about Apono: https://itspm.ag/apono-1034Note: This story contains promotional content. Learn more.Guest:Ofir Stein, CTO and Co-Founder of Apono | On LinkedIn: https://www.linkedin.com/in/ofir-stein/ResourcesLearn more and catch more stories from Apono: https://www.itspmagazine.com/directory/aponoLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-storyKeywords: sean martin, ofir stein, apono, zero standing privilege, access management, identity security, privilege creep, just in time access, ai security, governance, cloud security, black hat, black hat usa 2025, cybersecurity, permissions

Join Automox cybersecurity experts Ryan Braunstein and Mat Lee for August 2025's Patch [FIX] Tuesday, covering a Hyper-V privilege escalation, an Azure Virtual Machines spoofing flaw, and four serious SQL Server vulnerabilities. Learn how attackers could chain virtualization and cloud exploits, why crafted VHDX files and spoofed certificates are dangerous, and the ongoing threat of SQL injection. Includes recommendations for hardening databases, improving certificate management, and reducing lateral movement risks in virtualized environments.

What does "secure by default" really mean—and is it enough? In this episode of CyberArk's Security Matters, host David Puner sits down with Scott Barronton, Chief Information Security Officer (CISO) at Diebold Nixdorf, to explore the often-overlooked risks of cloud default settings and how assumptions can lead to vulnerabilities.Drawing on over 25 years in cybersecurity, Scott shares how he balances product and corporate security, leads a global team, and chairs his company's AI steering committee. He discusses the importance of machine identity management, certificate automation, and building security programs that support both innovation and accountability.Plus, Scott reflects on how his passion for travel—including a group trip to Antarctica—informs his leadership style and security mindset.

In this sponsored Soap Box edition of the Risky Business podcast Patrick Gray chats with Toni de la Fuente, founder of open source multi-cloud security product Prowler. Toni explains how Prowler came to be, and how its journey followed his own learning about the cloud. The pair also discuss Prowler's successful transition from an open-source project into a community, and now a growing business with an as-a-service platform. This episode is also available on Youtube. Show notes