POPULARITY
En 2012, j'ai perdu 15 pages d'un travail de recherche en un seul clic.Je n'avais pas cliqué sur l'icône
In this conversation, host Nadia Koski chats with Cristina Pitarch, General Manager EMEA, Google Cloud Security. Cristina shares her unconventional career journey from law to tech, emphasizing the importance of embracing opportunities and overcoming challenges. She discusses her experiences in a technical role at Google, the significance of mindset in navigating corporate politics, and the need for resilience in the face of setbacks. She also highlights the importance of allyship and encourages women to pursue careers in tech and cybersecurity, emphasizing that learning and creativity can thrive in these fields. In this engaging conversation, Nadia and Cristina explore the evolving landscape of AI and cybersecurity, emphasizing the importance of integrating security into AI projects. They discuss the challenges and opportunities for women in tech, the significance of empowering the next generation, and the need for role models in the industry. Cristina shares personal insights on parenting and the importance of allowing children to be themselves while navigating societal expectations. The discussion also touches on the necessity of addressing gender dynamics in tech.Links and recs:Connect with Cristina on LinkedInProduced and Hosted by Nadia KoskiEngineered by Phil McDowellProject Lead Dennis KirschnerYou can contact the show at womenleadpodcast@the-digital-distillery.comor go to the website.Find us on LinkedIn, Facebook & Instagram
Stocker ses données dans le Cloud : un pari (vraiment) sécurisé ? ☁️On migre nos données sur le Cloud pour plus de flexibilité, mais qu'est-ce que ça change vraiment en matière de sécurité ? Et surtout, quels risques prend-on lorsqu'on externalise tout ?Dans ce teasing, avec David Grout, CTO Google Cloud Security, on parle des menaces que les entreprises sous-estiment encore trop souvent :➡️ Pourquoi le danger vient souvent plus de l'intérieur (mots de passe, mauvaises pratiques) que du Cloud lui-même➡️ Comment une simple mauvaise configuration ou un mot de passe réutilisé peut ouvrir la porte aux hackers malveillants➡️ Les erreurs fréquentes quand on migre vers le Cloud… et comment les éviterEt surtout : que se passe-t-il si vous perdez l'accès à vos données du jour au lendemain ? L'épisode complet arrive la semaine prochaine.Restez connectés !
Guest: Kimberly Goody, Head of Intel Analysis and Production, Google Cloud Topics: Google's Threat Intelligence Group (GTIG) has a unique position, accessing both underground forum data and incident response information. How does this dual perspective enhance your ability to identify and attribute cybercriminal campaigns? Attributing cyberattacks with high confidence is important. Can you walk us through the process GTIG uses to connect an incident to specific threat actors, given the complexities of the threat landscape and the challenges of linking tools and actors? There is a difficulty of correlating publicly known tool names with the aliases used by threat actors in underground forums. How does GTIG overcome this challenge to track the evolution and usage of malware and other tools? Can you give a specific example of how this "decoding" process works? How does GTIG collaborate with other teams within Google, such as incident response or product security, to share threat intelligence and improve Google's overall security posture? How does this work make Google more secure? What does Google (and specifically GTIG) do differently than other organizations focused on collecting and analyzing threat-intelligence? Is there AI involved? Resources: “Cybercrime: A Multifaceted National Security Threat” report EP112 Threat Horizons - How Google Does Threat Intelligence EP175 Meet Crystal Lister: From Public Sector to Google Cloud Security and Threat Horizons EP178 Meet Brandon Wood: The Human Side of Threat Intelligence: From Bad IP to Trafficking Busts “Wild Swans: Three Daughters of China” book How Google Does It: Making threat detection high-quality, scalable, and modern How Google Does It: Finding, tracking, and fixing vulnerabilities “From Credit Cards to Crypto: The Evolution of Cybercrime” video
Steph Hay (Senior Director for Gemini Product and UX, Google Cloud Security) joins host Luke McNamara to discuss agentic AI and its implications for security disciplines. Steph walks through how generative AI is already impacting the finding of threats, reduction of toil, and the scaling up of workforce talent, before discussing how agents will increasingly play a role in operationalizing security. Steph details how this automation of processes, with humans in the loop, can increase the capabilities of an enterprise in cyber defense.
Tech Tensions: Intel's Struggle, Google Cloud Security, and AI in Nuclear Command In this episode of Hashtag Trending, host Jim Love discusses key industry updates, including Intel's financial turbulence and potential U.S. intervention amid AMD's rise in the data center market. The episode also covers environmental and regulatory setbacks impacting tech giants like Meta and Amazon as they explore nuclear energy solutions for data centers. Additionally, Google Cloud mandates multi-factor authentication for improved security, and the Pentagon considers AI integration for nuclear command while ensuring human control over nuclear decisions. Stay tuned for these crucial developments in tech. 00:00 Introduction: Too Big to Fail? 00:28 Intel's Struggles and U.S. Intervention 03:06 Environmental and Regulatory Challenges for Data Centers 05:42 Google Cloud's Mandatory Multi-Factor Authentication 07:20 Pentagon's AI Integration in Nuclear Systems 08:29 Conclusion and Sign-Off
At TTLP, we've been fortunate to have numerous tech leaders from Google join us to offer stellar advice. This week's guest, Cristina Pitarch, is no different. As the General Manager EMEA at Google Cloud Security, Cristina leads a team that is responsible for keeping not only one of the biggest technology companies in the world secure, but also their customer list containing some of the largest businesses in the world. From moving across the world to study at the University of California with very little English-speaking ability, Cristina took the plunge to move away from her law school background and enter the innovative world of technology. Joining Salesforce at the early stages meant that Cristina was able to climb the ranks quickly and become a driving force in the company's expansion before moving to the technology powerhouse that is Google. This episode reveals the key aspects of Google's Clouds security strategy, and why GCP should be the number one choice for CTOs from security standpoint. From an unlikely career trajectory to astute advice on how to prioritise security within a business, this episode is value packed! Time stamps:What does good leadership mean to Cristina? (02:42) Cristina's unconventional path into tech (04:21) The biggest cultural differences between studying in USA vs. Spain (06:36) Joining Salesforce in its growth phase (07:33) Harnessing innovation at Google (11:42) The core principles of Google Cloud's Security strategy (21:57) Current cybersecurity trends (24:27) Why should CTO's choose Google Cloud Platform? (31:52) Advice to women in tech in 2024 (32:22) How does Cristina achieve balance in her life? (43:37)
Guest: Brandon Wood, Product Manager for Google Threat Intelligence Topics: Threat intelligence is one of those terms that means different things to everyone–can you tell us what this term has meant in the different contexts of your career? What do you tell people who assume that “TI = lists of bad IPs”? We heard while prepping for this show that you were involved in breaking up a human trafficking ring: tell us about that! In Anton's experience, a lot of cyber TI is stuck in “1. Get more TI 2. ??? 3. Profit!” How do you move past that? One aspect of threat intelligence that's always struck me as goofy is the idea that we can “monitor the dark web” and provide something useful. Can you change my mind on this one? You told us your story of getting into sales, you recently did a successful rotation into the role of Product Manager,, can you tell us about what motivated you to do this and what the experience was like? Are there other parts of your background that inform the work you're doing and how you see yourself at Google? How does that impact our go to market for threat intelligence, and what're we up to when it comes to keeping the Internet and broader world safe? Resources: Video EP175 Meet Crystal Lister: From Public Sector to Google Cloud Security and Threat Horizons EP128 Building Enterprise Threat Intelligence: The Who, What, Where, and Why EP112 Threat Horizons - How Google Does Threat Intelligence Introducing Google Threat Intelligence: Actionable threat intelligence at Google scale A Requirements-Driven Approach to Cyber Threat Intelligence
Guest: Crystal Lister, Technical Program Manager, Google Cloud Security Topics: Your background can be sheepishly called “public sector”, what's your experience been transitioning from public to private? How did you end up here doing what you are doing? We imagine you learned a lot from what you just described – how's that impacted your work at Google? How have you seen risk management practices and outcomes differ? You now lead Google Threat Horizons reports, do you have a vision for this? How does your past work inform it? Given the prevalence of ransomware attacks, many organizations are focused on external threats. In your experience, does the risk of insider threats still hold significant weight? What type of company needs a dedicated and separate insider threat program? Resources: Video on YouTube Google Cybersecurity Action Team Threat Horizons Report #9 Is Out! Google Cybersecurity Action Team site for previous Threat Horizons Reports EP112 Threat Horizons - How Google Does Threat Intelligence Psychology of Intelligence Analysis by Richards J. Heuer The Coming Wave by Mustafa Suleyman Visualizing Google Cloud: 101 Illustrated References for Cloud Engineers and Architects
On this episode of The Six Five – Insider, hosts Daniel Newman and Patrick Moorhead welcome Jeff Reed, VP Product, Cloud Security at Google Cloud for a conversation on how they are using AI to supercharge Google Cloud Security's unique combination of capabilities, including front line intelligence, security operations, and a secure cloud platform. Their discussion covers: How Generative AI tackles critical issues and how Google and Google Cloud Security adopt a strategic approach to this technology Google's unique stance on Cloud security and Generative AI, encompassing a broader perspective on their comprehensive portfolio Google's emphasis on security in the Generative AI domain, ensuring responsible and trustworthy advancement The latest innovations within Google Cloud and gain insights into the platform's exciting trajectory
Guest: Kelli Vanderlee, Senior Manager, Threat Analysis, Mandiant at Google Cloud Topics: Can you really forecast threats? Won't the threat actors ultimately do whatever they want? How can clients use the forecast? Or as Tim would say it, what gets better once you read it? What is the threat forecast for cloud environments? It says “Cyber attacks targeting hybrid and multi-cloud environments will mature and become more impactful“ - what does it mean? Of course AI makes an appearance as well: “LLMs and other gen AI tools will likely be developed and offered as a service to assist attackers with target compromises.” Do we really expect attacker-run LLM SaaS? What models will they use? Will it be good? There are a number of significant elections scheduled for 2024, are there implications for cloud security? Based on the threat information, tell me about something that is going well, what will get better in 2024? Resources: 2024 Google Cloud Security Forecast Report EP112 Threat Horizons - How Google Does Threat Intelligence EP135 AI and Security: The Good, the Bad, and the Magical How to Stop a Ransomware Attack Sophisticated StripedFly Spy Platform Masqueraded for Years as Crypto Miner
In this weeks episode we talk about the situation in Israel and how it pertains to tech, how Seach is getting worse not better, and several other updates to Google Workspace.
Penetration Test of a Web Application hosted on Google Cloud in 2023 is quite different to just a simple/traditional web app pentesting.Cloud Penetration testing is misunderstood to be just config review in Google Cloud. In this video, we have Kat Traxler who is a cloud security researcher, SANS Course author and has worked in the Google Cloud space to even build open source tools that can be used to perform cloud security testing. Episode YouTube: Video Link Host Twitter: Ashish Rajan (@hashishrajan) Guest Socials: Kat Traxler ( Kat Traxler's Linkedin ) Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Newsletter - Cloud Security BootCamp Spotify TimeStamp for Interview Question (00:00) Introduction (04:17) A bit about Kat Traxler (05:56) Pentesting in GCP vs AWS (08:07) Config review vs cloud pentesting (09:24) Cloud pentest vs Traditional Pentest (10:28) Starting to do GCP pentesting (12:35) Common services used in GCP (14:10) Low hanging fruits in GCP (15:25) What are default service accounts? (17:52) You may already have google cloud (20:00) How to persist access in Google Cloud? (21:56) Shared responsibility in GCP (24:01) Common TTPs in GCP (28:05) Is there SSRF in GCP? (30:19) Open source tools for cloud pentest (33:59) Fun questions Resources that Kat shared during the episode The Google Cloud Adoption Framework Google Cloud Org Policy Bot GCAT Threat Horizons Report Pacu Microburst DeRF Stratus See you at the next episode!
AWS Landing zones are well known but not as much in the Google Cloud space. In this episode we have Jimmy Barber shares how controls can be automated in GCP to create landing zone to manage security across a large google environment. Episode YouTube Video Link Host Twitter: Ashish Rajan (@hashishrajan) Guest Socials: Jimmy Barber's Linkedin Jimmy Barber Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Newsletter - Cloud Security BootCamp Spotify TimeStamp for Interview Questions A word from our sponsors - you can visit them on snyk.io/csp (00:00) Introduction (03:10) A bit about Jimmy Barber (05:42) Transitioning from on-prem to cloud (07:26) How are things different in GCP? (09:01) Building blocks of working with GCP (14:15) What is a landing zone in GCP? (17:23) Building landing zone in existing GCP environments (20:04) Using Cloud Native services vs others (22:59) Security gaps in GCP (25:15) Non technical challenges moving to cloud and GCP (28:45) Doing security in GCP (31:18) Where to start learning about GCP (32:37) The Fun Section These are some of the resources Jimmy found helpful when learning GCP Security Google Cloud Training See you at the next episode!
Once small government advocates concede that war is a euphemism for theft funded mass murder, taxation is theft, and economic regulation turns productive people into "criminals", they will frequently say, "We at least need a government to protect us from other governments!". Set aside the fact that death by government from wars, starvation blockades, and genocides yield a result no private organization could ever come close to, since no one imagines private groups have an arbitrary right to initiate violence against peaceful people. This mentality ignores the economic reality that one group having a judicial monopoly on an entire geographical area, means that other governments only have to occupy a country's capital buildings in order to "take it over". The excellent WWII movie, Downfall (2004), focuses on the National Socialist government of Germany losing control of Berlin (the capital of Germany) to the Soviet's. The reason Berlin of all cities was the downfall of the Third Reich, was because that was the central point of the government's control over the people of Germany. Once that area is taken over, and the masses of people have been trained to answer to the people who occupy those buildings, the country has effectively been conquered. Even today, the War in Ukraine is frequently referred to as the "Battle for Kyiv", knowing the implications of how powerful it is to occupy a country's capital. Under governments, nations essentially put all their eggs in one basket so to speak. Under a free market, no group would have a recognized judicial monopoly in the form of a capital, making it far more costly for other gangs or governments to take control of millions of peoples lives through military intervention. Progressives and Conservatives alike, always warn us about the potential dangers of free market monopoles, while advocating the state monopolize law and order, compulsory schooling, taxation, the money supply, and a host of other vitally important aspects of society. It's true that monopolies give us higher prices and poorer quality than we would otherwise have under competition. It's also true, that this economic concept applies to government monopolies as well. Far from being a Utopian fantasy, private security is already all around us. Recently I witnessed a company experience a Ransomware attack. Every file that made their company what it is, was in danger. At no point did anyone say, "Let's call 911 and the FBI and the NSA they can protect our property!" They immediately called a private IT company in Arizona, got a hold of SentinelOne private Cyber Security, used Google Cloud Security to back up protected files, and PayPal private security to keep their financial assets safe. When push came to shove and they needed their most valuable assets protected, they went to private security and ignored the state completely knowing it would be a waste of time. At shopping malls, baseball games, banks, bars, hotels, amusement parks, and concerts we see private security voluntarily providing what the state claims only they can give us. It's time we stop having double standards. If government employees can't voluntarily compete for our hard earned money, they should go bankrupt and cease to exist. I'll end with a quote by author, Michael Malice: If the government didn't have a monopoly on security, only rich people would be able to have security just like when the government got out of other businesses, the only cars produced were limousines, the only clothes produced were tuxedos and the only food produced was foie gras. - Michael Malice, July 26th, 2022 (Twitter)
The endless battle of threat actors versus cybersecurity professionals may come down to who deploys AI better. In this interview from RSA, John Hultquist, Senior Manager, Mandiant Intelligence, surmises how the bad guys may use AI in the near future to scale attacks, while Vijay Ganti, Head of Product Management, Threat Intelligence, Detection & Analytics for Google Cloud Security, walks through the AI use cases that will help organizations better defend against those attacks. Hosted by Dan Lamorena, Head of Mandiant Product Marketing.
Guest: Jeff Reed, VP of Product, Cloud Security @ Google Cloud Topics: You've had a long career in software and security, what brought you to Google Cloud Security for this role? How do you balance the needs of huge global financials that often ask for esoteric controls (say EKM with KAJ) vs the needs of SMBs that want easy yet effective, invisibility security? We've got an interesting split within our security business: some of our focus is on making Google Cloud more secure, while some of our focus is on selling security products. How are you thinking about the strategy and allocation between these functions for business growth? What aspects of Cloud security have you seen cloud customers struggle with the most? What's been the most surprising or unexpected security challenge you've seen with our users? “Google named a Leader in Forrester Wave™ IaaS Platform Native Security” - can you share a little bit about how this came to be and what was involved in this? Is cloud migration a risk reduction move? Resources: “Google named a Leader in Forrester Wave™ IaaS Platform Native Security” “Sunil Potti on Building Cloud Security at Google” (ep102) Books by Haruki Murakami We are hiring product managers!
Adam Gavish is the CEO & Founder at DoControl, a SaaS security platform based in NYC. Before founding DoControl, Adam was a Product Manager at Google Cloud Security.
Hosts Max Saltonstall and Daryl Ducharme are joined by Bryce Buffaloe and Seth Denney to chat about Assured Workloads and the sovereignty control Key Access Justifications so customers can see how their data is used and control who can see what. Assured Workloads with Google is a security and compliance engine that allows users to control their data with the help of Google. With the expansion of data use around the globe, data sovereignty has become more important as well, and Google Cloud products offer myriad tools to maintain control, privacy, and compliance no matter the location. Seth talks more about sovereignty and how it's changing data storage and management. Our guests talk about how Google has tackled the sovereignty issues, difficult decisions that had to be made, and the process of working with clients to optimize tools for different security and sovereignty scenarios. With Key Access Justifications, Google has bolstered its offerings to provide clients with trustworthy controls to keep data secure and sovereign, from Compute Engine VMs to BigQuery. We learn what Key Access Justifications look like for users and how the encryption keys work in different Google Cloud services. Customer managed key material is stored outside of Google and the key manager must give permission for access for an added layer of trust and security. Seth and Bryce explain why this is important and describe how KAJ are used with some examples. These features may also be used to improve security in the future by preventing data from being decrypted and stolen should someone ever get access to your system. We hear more about the future of data security and sovereignty, including simplifying the process with managed services and easier onboarding. Strategic European partnerships are helping Google tackle these important issues overseas so clients can focus on their businesses and worry less about data security. The catalyst for KAJ was a large German bank that recognized the sovereignty changes coming, and we hear more about the origins of KAJ and the path to where it is today. When paired with Assured Workloads, clients get maximum sovereignty coverage. Seth talks a little about the Sovereignty Access Controls done internally as well. Bryce walks us through using these Google services with a European example. Bryce Buffaloe Bryce is Product manager for Google Cloud Security managing the portfolio of the Assured Workload's solution suite. Seth Denney Seth is KAJ Tech Lead, responsible for ensuring the integrity and usefulness of KAJs to support customer data sovereignty Cool things of the week DevFests site Best Kept Security Secrets: Tap into the power of Organization Policy Service podcast Interview Assured Workloads site Assured Workloads Playlist videos Key Access Justifications docs Compute Engine site BigQuery site GCP Podcast Episode 325: Digital Sovereignty with Archana Ramamoorthy and Julien Blanchez podcast T Systems site What's something cool you're working on? Daryl just released a video about using Workflows' new parallel step. Max is working on crossover episodes across our various podcast streams, so we can have SRE guests on to the GCP podcast to talk reliability, for example, or bring some of the Kubernetes hosts to the Cloud Security podcast to discuss securing Kubernetes workloads. Hosts Max Saltonstall and Daryl Ducharme
In this episode of the Virtual Coffee with Ashish edition, we spoke with Sunil Potti @sunilpotti VP/GM, Google Cloud Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Linkedin: Sunil Potti @sunilpotti Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security News - Cloud Security Academy
In this episode of the Virtual Coffee with Ashish edition, we spoke with Jonathan Brodie Senior Cloud Security Engineer, ITV Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Jonathan Brodie Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security News - Cloud Security Academy
Sales can be for everyone. Today's guest Scott Howland, of Google Cloud Security, can certainly attest to that. He recounts his journey from studying music at college, working with homeless young people, to landing a sales job and flourishing in the industry. A fellow podcast host from his time at Zephr, he tells Matt Milligan all about his lessons learnt, innovative ways to build connections and his latest role at Google.
In this episode of the Virtual Coffee with Ashish edition, we spoke with Antoni Tzavelas (@antoniscloud) Google Cloud Certification Trainer, Antoni Training Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Antoni Tzavelas (@antoniscloud) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security News - Cloud Security Academy
NOW PLAYING #CloudNClear! Miles Ward, CTO, SADA, interviews the brilliant Dr. Anton Chuvakin, #Security Solutions Strategy, #GoogleCloud, and unpack what's new in #cloudsecurity and #threatdetection. They discuss how #GoogleCloud is leaning on the #strategicpartnership with SADA to deliver streamlined, scalable #securitysolutions, and why organizations need a #GoogleCloudPartner like SADA to help build #secure #applications on #GCP. Listen on-demand to hear SADA unpack Google Cloud's approach to #securitytechnology and how #automation is the future for enterprise #securityoperations. #GoogleCloudPlatform #cloud #containerization #containersecurity Host: Miles Ward Guests: Dr. Anton Chuvakin Connect on Twitter: https://twitter.com/cloudnclear https://twitter.com/SADA https://twitter.com/milesward https://twitter.com/anton_chuvakin Connect on LinkedIn: https://www.linkedin.com/company/sada/ https://www.linkedin.com/in/milesward/ https://www.linkedin.com/in/chuvakin/
Guest: Aditi Joshi, Manager in Cloud Security Team @ Google Cloud Topics: What is Allyship? How is it defined? What is its main goal? Why is allyship important in Cloud Security, specifically? Are there aspects of security that make allyship particularly important? What specifically has Google Cloud Security deployed and operationalized around Allyship? How does effective allyship look like? More personally, how can I be a better ally? How does it fit into Google Cloud Security's overarching DEI efforts?
No guests. We interviewed each other! Topics: What would you say are the most things that Chronicle is trying to address today? What are the good ways to use threat intel to detect threats that do not ruin your SOC? What does “autonomic” security mean, anyway? Is this a fancy way of saying “automatic” or something more? For sure, “the Cloud is not JUST someone else's computer“ - but how does this apply to threat detection? What makes threat detection “cloud-native”? What kinds of ML magic does your mini UEBA inside SCC use? Can you really do automated remediation in the cloud? Resources: Google Cloud Security Summit “Making Invisible Security a Reality with Google” keynote “Security Analytics at Google Speed and Scale” presentation by Anton “Managing Your Security Posture on Google Cloud” presentation by Tim “Stop Trying to Take Humans Out of SOC … Except … Wait… Wait… Wait…” blog Chronicle main site Threat Detection in Logs in Google Cloud SCC video “Modern Threat Detection at Google” (episode 17) “Automate and/or Die?” (episode 3)
Guest: Kelly Anderson, Head of Product Marketing, User Protection Services @ Google Cloud Topics: What is marketing, really? Why is it sometimes reviled by the technologists? What makes a great marketer in cloud security? What's different about cloud security marketing, as opposed to regular old on-premise security marketing? Is there still FUD in the cloud? Which things are the easiest or hardest to do in Google Cloud Security marketing? How do you talk about products so they stand out from the noise? How's Google Cloud marketing helping our users stay ahead of the adversaries? Resources: Security insights that help customers stay up to date Customer case studies on our security products Quarterly Google Cloud Security Talks Cloud security webinars on BrightTALK and Cloud OnAir Identity and security blogs on the Google Cloud blog
As regular listeners would know, Snake OIlers is a wholly sponsored podcast series we do here at Risky Biz HQ where vendors give us money so they can come on and pitch their products to you, our dear, dear listeners. And we have three vendors along today to pitch you: Google Cloud Security is in the top slot pitching their Zero Trust product suite BeyondCorp Zero Trust for Enterprise. Devicie, an Australian startup, that developed a solution that makes Microsoft Intune useable. Trend Micro joins the show to talk about its latest XDR features Show notes BeyondCorp Zero Trust Enterprise Security | Google Cloud Device Management for mobile, desktop, every device - Devicie Trend Micro Vision One™ with Managed XDR | Trend Micro
Jian from Google's (BeyondCorp) joins us to discuss the #SASE #ZTNA offering. Jian is a Product Manager for Google Cloud Security’s BeyondCorp Enterprise solution. In Season 2 Kick-off episode we introduced the topic with Dr. Chase Cunningham. Episode #11 For slides and please refer to our website and watch the video episode The question we ask the vendors: What's the name of the offering/product addressing the remote access. Describe your overall architecture at a high level (ideally with a picture) - POPs, HA, bandwidth requirements, or restrictions. How do you license your product? (seats, devices, concurrent connections, bandwidth). How do you tie back to the User Identity and MFA? Describe end user access options, clientless/client (People relying these days on their browser for performing their day to day job activities, what are the options you provide to such users). What kind of protocols your remote solution supports; VOIP, FileShare, Printing, SCCM, Password changes. How would your solution work on slow networks or when the user is roaming between networks? Educate us more about your product’s reporting and alerting options (including UBA). White paper https://services.google.com/fh/files/misc/secure_access_to_saas_apps_with_bce.pdf Demo https://zipline.appspot.com/serve/beyond-corp-clickable-demo/beyond-corp-clickable-demo BeyondCorp is Google's implementation of the zero trust model. It builds upon a decade of experience at Google, combined with ideas and best practices from the community. By shifting access controls from the network perimeter to individual users, BeyondCorp enables secure work from virtually any location without the need for a traditional VPN. Jian Jian Zhen is a Product Manager for Google Cloud Security’s BeyondCorp Enterprise solution. He has 20 years of experience in the security industry and has worked in various areas including cloud security, EDR, and SIEM. Most recently, Jian was a co-founder of TrustPath that delivered a real-time threat prevention solution. Prior to that, Jian was the SVP of Products at Endgame, an endpoint detection and response company. Jian was also the Director of Cloud Solutions at VMware that delivered vCloud solutions for telcos and data center operators.
In this episode of the Virtual Coffee with Ashish edition, we spoke with Darpan Shah, Cloud Security Engineer. Darpan has 8 AWS Certificates, 6 GCP certificates and at his work, he works on both Google Cloud and AWS. This is episode not to miss. Host: Ashish Rajan - Twitter @hashishrajan Guest: Darpan Shah - Website Darpan & Ashish spoke about What was your path into CyberSecurity or your current role? What does Cloud Security mean for you? What public cloud provider do you focus on? What makes you like Google Cloud over AWS? Vice versa? Where does Kubernetes/Containers fit into maturity stages of Google Cloud? Is multi-cloud in the same organisation a reality? What does security in Google Cloud look like compared to AWS? - Basic security 101s differences, Auditing, threat management, EC2 vs project security examples How is security managed and operationalising across multi-cloud AWS & GCP Where can one start today with security on Google Cloud, if they already are on AWS? Security controls across EC2 vs serverless vs containers in a multi-cloud world Maintaining visibility of assets and secure configurations in a multi-cloud environment? What tools can you use to get a single view for multi-cloud? How do you monitor for threats? Orchestration or detection? What are people not talking about cloud security in multi-cloud? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch this and previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai
In this episode sponsored by Virtual Coffee with Ashish edition, we spoke with Francesco Cipollone, Chapter Chair (UK), Cloud Security Alliance Host: Ashish Rajan - Twitter @hashishrajan Guest: Francesco Cipollone - Twitter @Frances07789950 Francesco & Ashish spoke about Why would someone choose Google Cloud over AWS or Azure? What does Security in Google Cloud look like for those using other cloud? Is making Terraform a universal script for multi-cloud environment, great idea? Is multi-cloud a good idea? How mature is Security in Google compared to AWS/Azure? For any Security Architect listening to this episode, what should they consider for Google Cloud? EKS vs GKE? ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv Twitter - @kaizenteq @hashishrajan If you want to watch the previous episodes: - Twitch Channel: https://lnkd.in/gxhFrqw - Youtube Channel: https://lnkd.in/gUHqSai
Mike is the Director of Product Management for Google Cloud Security.The concept of shared responsibility between provider and customer is core to managing security and risk as organizations move to the cloud. With the rise of hybrid and multi-cloud deployments, how do responsibilities change? Segment will cover how you can evolve your risk models and how cloud providers might help maintain and improve your security posture in a hybrid world. Full Show Notes: https://wiki.securityweekly.com/Episode613 Visit https://www.securityweekly.com/esw for all the latest episodes!
This week, Matt and Paul discuss how Synopsys and Ixia announce a collaboration to enable scalable networking SoC validation, Digital Shadows announces significant updates to its SearchLight platform, Check Point introduces high-performance security gateways, and nine steps to lock down corporate browsers! In our second segment, we welcome Luis Giraldo, VP of Strategy at Kaseya, to talk about Unified IT and the capabilities of Kaseya's IT Complete Platform! In our final segment, we welcome Michael Aiello, Director of Product Management of Google Cloud Security, to talk about Security Responsibility in the Hybrid and Multi-Cloud! To learn more about Kaseya, visit: https://securityweekly.com/kaseya Full Show Notes: https://wiki.securityweekly.com/ES_Episode146 Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week, Matt and Paul discuss how Synopsys and Ixia announce a collaboration to enable scalable networking SoC validation, Digital Shadows announces significant updates to its SearchLight platform, Check Point introduces high-performance security gateways, and nine steps to lock down corporate browsers! In our second segment, we welcome Luis Giraldo, VP of Strategy at Kaseya, to talk about Unified IT and the capabilities of Kaseya's IT Complete Platform! In our final segment, we welcome Michael Aiello, Director of Product Management of Google Cloud Security, to talk about Security Responsibility in the Hybrid and Multi-Cloud! To learn more about Kaseya, visit: https://securityweekly.com/kaseya Full Show Notes: https://wiki.securityweekly.com/ES_Episode146 Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Mike is the Director of Product Management for Google Cloud Security.The concept of shared responsibility between provider and customer is core to managing security and risk as organizations move to the cloud. With the rise of hybrid and multi-cloud deployments, how do responsibilities change? Segment will cover how you can evolve your risk models and how cloud providers might help maintain and improve your security posture in a hybrid world. Full Show Notes: https://wiki.securityweekly.com/Episode613 Visit https://www.securityweekly.com/esw for all the latest episodes!
All modern web browsers provide the capability to use "private browsing," a way of maintaining your privacy when using the web. We discuss how to use this feature, as well as some browser extensions that will also mask some of your personal information. HTTPS Everywhere (https://www.eff.org/https-everywhere) uBlock Origin: for Chrome (https://chrome.google.com/webstore/detail/ublock-origin/), Safari (https://safari-extensions.apple.com/details/?id=com.el1t.uBlock-3NU33NW2M3), Firefox (https://addons.mozilla.org/en-GB/firefox/addon/ublock-origin/) Ghostery (https://www.ghostery.com) Use Private Browsing to Maintain Your Privacy on the Web Brave web browser (https://brave.com) ProtonMail (https://protonmail.com/) Google Cloud Security and Compliance Whitepaper (https://static.googleusercontent.com/media/gsuite.google.com/en//files/google-apps-security-and-compliance-whitepaper.pdf) The Advantages of Using a VPN, with CyberGhost Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com.
Inspelat på Sec-T 2017 kommer denna intervju med Carly Schneider som arbetar med säkerhet på Spotify om ämnet Google Cloud Security.
My guest this week is David Cross and it is my second discussion with him. I loved talking to David when he was on the Microsoft side of the fence. Two years later, he is on the Google side of the fence as a Cloud Security Engineering Director, and I decided to bring him back on for another fun conversation. We discuss Google's on-premises Solutions, Data Custodian Model (SAP), the story behind BeyondCorp, Google's beta product called Identity-Aware Proxy and much more. Our conversation is a deep dive into IT Security and highly technical... Regardless of your title within IT Security realm, you will benefit from this conversation. Major Take-Aways From This Episode: Google’s beta product - Identity-Aware Proxy, BeyondCorp Model at Google and Anti-Phishing, Importance of two-factor authentication; U2F Security Keys, FIDO U2F Protocol, OAuth, YubiKeys – security keys for two-factor authentication, Gsuites - Gmail, Docs, Drive and Calendar for business, everything in one package, Building trust in cloud service provider, Data Custodian Model at Google access transparency, identity and protection Google Cloud Blog article about Google’s custom chip Titan. About David Cross David is the Cloud Security Engineering Director in the Google Security and Privacy organization. David is a long time innovator of security technology stemming back to US Navy service with the aviation electronic warfare community and his previous 18 years spent with Microsoft in numerous security product and engineering leadership roles. In addition, David has been a contributing author on a number of whitepapers and Microsoft Press books regarding security and PKI. David holds a B.S. in Computer Information Systems as well as an MBA in MIS. Read full transcript here. How to get in touch with David Cross: LinkedIn Twitter Key Resources: An Insider’s Look at Security at Microsoft Azure – Assume the Breach! – #1 Interview with David for RedZone Podcast RSA conference Speaker Profile What Is Needed in the Next Generation Cloud Based Platform? – Presentation at RSA 2017 Google Cloud Platform Podcast This episode is sponsored by the CIO Innovation Insider Offense and Defense Community, dedicated to Business Digital Leaders who want to be a part of 20% of the planet and help their businesses win with innovation and transformation. Credits: * Outro music provided by Ben’s Sound Other Ways To Listen to the Podcast iTunes | Libsyn | Soundcloud | RSS | LinkedIn Leave a Review If you enjoyed this episode, then please consider leaving an iTunes review here Click here for instructions on how to leave an iTunes review if you're doing this for the first time. About Bill Murphy Bill Murphy is a world renowned Innovation and Transformation (Offense and Defense) Expert dedicated to your success as an IT business leader. Follow Bill on LinkedIn and Twitter.
Ines Envid, a Product Manager for Cloud Networking, joins the podcast today to tell us how mind blowing Google's network is and how you can make the best of it! Let Francesc and Mark ask all the questions about VPCs, Load Balancers, and Routers you always wanted to know the answer to. About Ines Ines is a product manager in Cloud Networking. She has dedicated her career to in product, and development roles for carrier and enterprise networking infrastructure and applications, from access, edge and backbone cores. Ines is currently leading the Google cloud networking VPC topology and policy product areas. Cool things of the week New undersea cable expands capacity for Google APAC customers and users blog Managing containerized ASP.NET Core apps with Kubernetes blog We're Hiring join us! New undersea cable expands capacity for Google APAC customers and users Interview Google Cloud Networking docs Google Cloud Security docs Google Security Whitepaper research Using Networks and Firewalls docs Google Cloud Load Balancer docs VPCs: Virtual Private Clouds aka Cloud Virtual Networks docs IP addresses, ranges, and subnetworks docs Google Cloud VPN docs Jupiter Rising: A Decade of Clos Topologies and Centralized Control in Google's Datacenter Network research Want to learn the more? Using Google's cloud networking products: a guide to all the guides Question of the week How do I use the Proxy protocol with a network load balancer? How can I know the IP address of the original sender in a TCP connection over Load Balancers? SSL proxy for Google Cloud Load Balancing docs Were will we be? You can find Mark at Connect.Tech in Atlanta from October 20th to the 22nd, and the week after that GAMEACON in Atlantic City. Francesc is working on more episodes of justforfunc before he goes to Brazil next month for GopherCon Brasil and GCPNext Brazil.