Cloud Security Today
38 episodes - English - Latest episode: about 1 month ago - ★★★★★ - 13 ratingsThe Cloud Security Today podcast features expert commentary and personal stories on the “how” side of cloud security. This is not a news program but rather a podcast that focuses on the practical side of how to launch a cloud security program, how to implement DevSecOps as well as understanding the threats most impacting cloud today.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Cybersecurity's secret weapon
March 20, 2024 10:00 - 43 minutes - 29.7 MBEpisode Summary In this episode, Jerich Beason, CISO at WM, joins the show to discuss becoming a CISO. Before joining WM, Jerich served in various roles at Lockheed Martin, RSA, Capital One, AECOM, and Deloitte. Jerich talks about how he tailored his roles throughout his career, learning communication soft skills and his passion for sharing with others. Hear about how AI affects leadership, how Jerich would change the cybersecurity industry, and the true value of vendors (it's positive!)...
Security is a process
February 16, 2024 22:00 - 47 minutes - 32.6 MBEpisode Summary On this episode, Co-Founder and CTO of Gutsy, John Morello, joins Matt to talk about Process Mining in Cybersecurity. Before co-founding Gutsy, John served as the CTO of Twistlock and VP of Product for Prisma Cloud. John holds multiple cybersecurity patents and is an author of NIST SP 800-190, the Container Security Guide. Before Twistlock, he was the CISO of an S&P 500 global chemical company. Before that, he spent 14 years at Microsoft, working on security technologies in...
The Talent Shortage That Doesn’t Exist
January 20, 2024 11:00 - 45 minutes - 31.4 MBEpisode Summary On this episode, Best Selling author of Cyber for Builders and blogger Ross Haleliuk joins the show to talk about his writing on the cybersecurity industry. Ross is active in the cybersecurity ecosystem as a startup advisor and angel investor, currently leading the VIS Angel Syndicate. He often writes about cybersecurity, security investment, growth, and building security startups on TechCrunch, in other leading industry media, and in his blog, Venture in Security, read by t...
30 years in cybersecurity
December 20, 2023 11:00 - 52 minutes - 36 MBEpisode Summary On this episode, InfoSec veteran, Aaron Turner, joins the show to talk about everything from Cloud to AI. Over the past three decades, Aaron has served as Security Strategist at Microsoft, Co-Founder and CEO of RFinity, Co-Founder and CEO of Terreo, VP of Security Products R&D at Verizon, Founder and CEO of Hotshot Technologies, Founder and CEO of Siriux, Faculty Member of IANS, Board Member at HighSide, President and Board Member of IntegriCell, and most recently as CISO at...
The New SEC Rule
November 20, 2023 11:00 - 46 minutes - 31.8 MBEpisode Summary In this episode, Special Advisor for Cyber Risk at the NACD, Christopher Hetner, returns to the show to discuss the new SEC cybersecurity rules. Chris has over 25 years of experience in cybersecurity, helping protect industries, infrastructures, and economies, serving in roles including as SVP of Information Security at Citi, Senior Cybersecurity Advisor to the Chairman of the US SEC, Executive Member of IANS, the National Board Director of the Society of Hispanic Profession...
The AI Episode
October 21, 2023 10:00 - 42 minutes - 28.9 MBEpisode Summary In today’s episode, AI Safety Initiative Chair at Cloud Security Alliance, Caleb Sima, joins Matt to talk about some of the myths surrounding the quickly evolving world of AI. With two decades of experience in the cybersecurity industry, Caleb has held many high-level roles, including VP of Information Security at Databricks, CSO at Robinhood, Managing VP at CapitalOne, and Founder of both SPI Dynamics and Bluebox Security. Today, Caleb talks about his inspiring career afte...
SBOMs: Good but less than a silver bullet
September 21, 2023 10:00 - 50 minutes - 34.7 MBEpisode Summary On today’s episode, Senior Advisor and Strategist at the Cybersecurity and Infrastructure Security Agency, Allan Friedman, joins Matt to discuss SBOMs. As Senior Advisor and Strategist at CISA, Allan coordinates the global cross-sector community efforts around software bill of materials (SBOM). He was previously the Director of Cybersecurity Initiatives at NTIA, leading pioneering work on vulnerability disclosure, SBOM, and other security topics. Before joining the Federal ...
AppSec: Engineering, Attackers, and Defense
August 21, 2023 10:00 - 50 minutes - 34.6 MBEpisode Summary In today’s episode, AppSec CTO at Palo Alto Networks, Daniel Krivelevich, joins Matt to talk about AppSec for the modern engineering ecosystem. Daniel is a Cybersecurity expert and problem solver with a proven track record from working with numerous enterprises across several different industries, with a focus on Application and Cloud Security. He has served in the Intelligence Corps of the IDF, 8200, as a Security Specialist at LivePerson, and as the Cloud & Application Sec...
Securing Democracy: DNC's Cyber Cop
July 21, 2023 10:00 - 53 minutes - 36.7 MBOn today’s episode, CSO at the Democratic National Committee, Steve Tran, joins Matt to talk about magic, AI, and cybersecurity. As the CSO for the DNC, Steve leads their IT, physical, and cybersecurity strategy. When not defending against dedicated adversaries, Steve can be found doing “off the cuffs” performances at the World-Famous Magic Castle in Hollywood. Today, Steve talks about how he incorporates magic into cybersecurity, his transition from law enforcement to cybersecurity, and ho...
Open Source Security: A Deep Dive
June 21, 2023 10:00 - 34 minutes - 23.9 MBEpisode Summary On this episode, the Co-Founder and CEO of Endor Labs, Varun Badhwar, joins Matt to talk about software supply chain security. Varun has a proven track record of building and leading enterprise security companies across Product Strategy, Marketing, Technical Sales, and Customer Success functions. He serves as a Member of the Forbes Technology Council, a Board Member of Cowbell, a Board Advisor of ArmorCode, and the former Founder and CEO of RedLock. Today, Varun talks about...
Accelerating security maturity
May 21, 2023 10:00 - 47 minutes - 32.3 MBEpisode Summary On this episode, AWS Security Practice Manager, Chad Lorenc, joins Matt to talk about Cloud Security. Chad has spent over 20 years building and implementing security programs for numerous organizations, ranging from global Fortune 500 infrastructure teams to billion-dollar financial institutions. He has previously served as Senior Infrastructure Security Architect at Keysight Technologies, President of Montana Chapter, and Information Security and Risk Management Infrastruct...
Cloud Native Security: A Year in Review
April 21, 2023 10:00 - 43 minutes - 30.2 MBOn this episode, the Chief Security Officer of Cloud at Palo Alto Networks, Bob West, joins Matt to discuss Palo Alto Network's latest State of Cloud Native Security Report. Bob joined Palo Alto Networks after more than 20 years in leadership roles with banks, product companies, and professional services organizations. Before joining Palo Alto Networks, Bob served as managing partner at West Strategy Group, managing director in Deloitte’s cyber risk services practice, managing director for C...
Book review: CISO Evolution
March 21, 2023 10:00 - 43 minutes - 29.7 MBOn this episode, the Founder of CISO Evolution LLC, Matthew Sharp, joins Matt to talk about his book, CISO Evolution. Prior to founding CISO Evolution LLC, Matt served as a strategic advisor to CISOs of Fortune 500 and global institutions. He holds a Bachelor of Science (BS) in Electrical and Computer Engineering from the University of Colorado and a Master of Business Administration (MBA) from Colorado State University. Matt is a co-author of "The CISO Evolution: Business Knowledge for Cybe...
Unraveling unmanageable apps
February 21, 2023 11:00 - 38 minutes - 26.6 MBOn this episode, co-founder and CEO of Cerby, Belsasar Lepe, joins Matt to talk about unmanageable applications (apps that don't support critical security standards like SSO and SCIM). Belsasar was previously the Head of Product at Impira, where he led the company's product life cycle, helping drive a 4x increase in revenue. Before his role at Impira, Bel was co-founder and CTO at Ooyala, where he led a global product, design, and engineering team of 300+ Ooyalans spanning five countries and...
SEC-retly Telling All: The New Cyber-Disclosure Rules
January 21, 2023 11:00 - 47 minutes - 32.5 MBEpisode Summary On this episode, Matt speaks with Senior Executive, Board Director, and leader in Cybersecurity, risk management, and regulatory compliance, Chris Hetner about cybersecurity and the newly-proposed SEC cybersecurity rules. With over 25 years of experience in the cybersecurity space, Chris has served in roles including as Senior Cybersecurity Advisor to the Chairman at the SEC, Managing Director of Information Security Operations at GE Capital, and SVP Information Security at ...
Cloud Threat Report Vol 6
December 21, 2022 11:00 - 44 minutes - 30.8 MBThis episode of the Cloud Security Today podcast welcomes back favorite special guests Jay Chen and Nathaniel “Q” Quist to unpack the latest Cloud Threat Report. Join host Matt Chiodi as he shares insights from the report and analyzes the current state of cloud security. Beginning with an in-depth look at Identity and Access Management (IAM) in cloud security, the guests talk about the latest changes in cloud security. They discuss the report’s findings on permissions and what cloud systems...
Pockets of Innovation
November 21, 2022 11:00 - 38 minutes - 26.6 MBPockets of Innovation with John Chavanne Episode Summary On this episode, Solutions Architect at Palo Alto Networks, John Chavanne, joins Matt to talk about his career of innovation. John’s career spans over 20 years at HSBC before transitioning into DevOps and Cloud Solutions at Palo Alto Networks. Today, John talks about his career arc, transitioning to cloud, and the value of communities of practice groups. Where should organizations start with deploying a CNAP? Hear about the challeng...
What Serverless Can Do For You
October 21, 2022 10:00 - 32 minutes - 22.2 MBWhat Serverless Can Do For You? With Mark Gould Episode Summary On this episode, Cloud Security Engineer at Manhattan Associates, Mark Gould, joins Matt to talk about serverless computing. Mark is a Cybersecurity specialist, with a focus on the Google Cloud Platform, and is a Certified Google Architect. Today, Mark talks about serverless computing, the security risk to consider, and working with DevOps teams. What are the top three metrics to start with for automation and security? Hear a...
Book Review: Startup Secure
September 21, 2022 10:00 - 40 minutes - 28.2 MBBook Review: Startup Secure with Chris Castaldo Episode Summary On this episode, CISO at Crossbeam and Author of Startup Secure: Baking Cybersecurity into your Company from Founding to Exit, Chris Castaldo, joins Matt to talk about startups and security. Chris is an industry-wide recognized CISO, having over 20 years of experience in cybersecurity. Today, Chris talks about his book, Startup Secure, his move to startups from the public sector, and the different startup development phases. ...
The Software Factory
August 22, 2022 10:00 - 37 minutes - 26 MBS2E8 - The Software Factory with Chris Hughes Episode Summary On this episode, CISO and Co-Founder of Aquia, Chris Hughes, joins Matt to talk about building security in the cloud using automation and compliance. Chris’s career spans over 20 years in the IT/Cybersecurity industry, as well as in active service in the US Military. Chris talks about licensing and certifications, Cloud innovation, and achieving continuous ATO. How are software factories created and operationalized? Hear about ...
Zero trust with no FUD
July 21, 2022 10:00 - 46 minutes - 31.9 MBIn today’s episode, the Creator of Zero Trust, John Kindervag, joins Matt on the show to discuss implementing Zero Trust in your organization. While at Forrester Research in 2010, John developed Zero Trust, promising adequate and effective protection of an organization’s most valuable assets. Today, John talks about the driving force behind Zero Trust, the concept of the Protect Surface, and Kipling Method Policies. Why is trust a vulnerability? Hear about Zero Trust, Shadow IT, and get Joh...
Matt joins a startup
June 27, 2022 13:00 - 22 minutes - 15.5 MBThis episode of the Cloud Security Today podcast is a little different from the others because this time host Matthew Chiodi gives the interviewer’s seat over to Yousuf Khan and they talk about an exciting new development in Matt’s career. Matt announces a big career move and talks about how he’s hoping to fix some of the biggest problems in SaaS security today. He tells Yousuf about his new role and the fresh approach that his new company is bringing to the field. At the end of the episode...
MITRE + Cloud
June 21, 2022 10:00 - 40 minutes - 28 MBAs the world of cloud security continues to progress at high speed, new challenges and threats arise and morph on a constant basis. The MITRE Corporation is a body tasked by the US government with solving some of the largest threats in cybersecurity and beyond, and we are very lucky to welcome Tracy Bannon to the podcast today, who is the Senior Principal and Software Architect & DevOps Advisor at MITRE. Tracy opens up about her career journey leading up to her current position, what drew he...
Building security natively
May 21, 2022 14:00 - 46 minutes - 32.2 MBOriginally recorded in September of 2021...today’s guest is Justin Berman, the Vice President of Infrastructure and IT and the CISO at Thirty Madison. Thirty Madison is aiming to be a platform that everyone can use to deal with their chronic healthcare needs. Justin’s main focus is on building out the teams that enable scaling. With his development background, Justin has some unique ideas when it comes to cloud security, which makes for a fascinating interview. You’ll walk away from this epi...
What Is Threat Intelligence?
April 18, 2022 14:00 - 37 minutes - 25.8 MBIn this episode (originally recorded in November of 2021) we speak with Palo Alto Networks, VP of Threat Intel, Ryan Olson. Ryan helps define what threat intelligence actually is and how to get started building a program. He aptly reminds us that producing threat intel for the sake of threat intel is a waste of time. More importantly you first have to ask yourself, “Who’s going to be using this information?”. Tweetables “Producing threat intel for the sake of threat intel is a waste of tim...
Compliant Unicorns
March 21, 2022 16:00 - 37 minutes - 25.7 MBNearly all companies that have started in the last few years have been cloud-native from the very start. Someone who has experienced this is today’s guest Nate Lee. Nate is the Chief Information Security Officer for Tradeshift, a cloud-based business networking platform for supply chain payments, marketplaces, and applications. In this episode, Nate joins us to talk about the company’s journey, its success, and what he has learned here over the past seven years. Nate explains how Tradeshift’...
Fed Clouds
February 14, 2022 15:00 - 34 minutes - 23.6 MBIn a world where cyber-attacks are ever-changing, cybersecurity has to adapt accordingly. Joining us today to delve into the world of cloud security for federal agencies is Sandeep Shilawat, Vice President of Cloud and Edge Computing at ManTech. Sandeep has extensive experience in both Commercial and Federal technology markets. We’ll get to hear his predictions on where the cloud world is heading, as well as what the Federal Authority to Operate (ATO) process will look like in the future. We...
Cloud Native Pharma
January 17, 2022 19:00 - 38 minutes - 26.4 MBThe pharmaceutical industry has a reputation for being cautious when it comes to adopting new technologies. However, in this episode, you’ll hear from the CISO at Takeda Pharmaceuticals, Mike Towers, that for Takeda cloud has been a game-changer (albeit not without some challenges). As we like to do, we’ll start by diving into Mike’s background and then pivot to understand where Takeda is today in their cloud journey and where they are going over the next 24 months. Get your pen ready beca...
Supply Chain Security
December 15, 2021 16:00 - 31 minutes - 22 MBDespite the media coverage afforded to the SolarWinds and Kaseya breaches, Palo Alto Networks, Unit 42 threat research indicates supply chain security in the cloud continues its growth as an emerging threat. Much remains misunderstood about both the nature of these attacks and the most effective means of defending against them. To better understand how supply chain attacks occur in the cloud, Unit 42 researchers analyzed data from a variety of public data sources around the world and, at the...
Cloud Immigration
November 10, 2021 15:00 - 34 minutes - 23.9 MBThe journey toward the cloud is filled with challenges, but the benefits it brings make the struggle worthwhile. Today we talk about all things cloud adoption with Rob Brown, CTO at the US Citizenship and Immigration Services Group. We jump in with some introductory comments about who the USCIS are and what they do, with Rob giving listeners an idea of his role within the organization. We hear about the massive move toward digitization at USCIS and some of the biggest challenges the organiza...
Innovating at the Speed of Relevance
October 18, 2021 15:00 - 35 minutes - 24.2 MBWhen thinking of innovation, the first things that usually come to mind are tech startups. It’s not often you think of examples from the US Government or, more specifically, the Department of Defense. Our guest today has unprecedented insight, not only into what it takes to build a startup but how to create a startup-like culture in massive organizations like the US Department of Defense. Nic Chaillan, has had tremendous success as an entrepreneur and, in 2016, decided to pursue public ser...
What (actually) Works In Cloud Security
September 21, 2021 16:00 - 37 minutes - 25.8 MBSome of the most pertinent issues in cloud security are also very foundational. Questions like where to start, what works, and also what doesn’t work, can leave teams feeling frustrated and at a loss over how to proceed. Here to help us unpack these important questions is Jonathan Villa, the Cloud Security Practice director at GuidePoint Security. Jonathan’s career wasn’t always in security, he has spent time as an application developer, and as a pentester. All of this led him to build sol...
Putting the Sec in DevOps
August 10, 2021 13:00 - 39 minutes - 27.3 MBToday’s guest is Guy Eisenkot and he joins us to talk about how culture is a critical aspect of shift-left security and DevOps. Guy is the Co-Founder of Bridgecrew, a tool that solves the talent shortage gap for building secure infrastructure in the public cloud. Our conversation begins with Guy giving some insight about his path into development and security, and he details his training in the Israeli military and subsequent experience building security tools for the civil market. In today’...
Keeping Governments Secure in the Cloud
July 13, 2021 20:00 - 40 minutes - 27.7 MBCloud security is essential for any business but particularly for government agencies. On today’s episode, we speak with an expert in the field, Ravi Raghava, who is Chief Cloud Strategist at General Dynamics Information Technology (GDIT). Ravi speaks about his personal experience with dozens of cloud deployments for civil agencies and shares best practices. Acronyms ATO = Authority to Operate POAM = Plan of Action and Milestones CDM = Continuous Diagnostics and Mitigation OCM = Organiz...
How COVID-19 Impacted Cloud Security
June 14, 2021 10:00 - 34 minutes - 23.9 MBIn this episode, Nathanial Quist, also known as ‘Q’ returns along with Dr. Jay Chen, both of whom listeners might recognize from our inaugural episode where we discussed how common identity misconfigurations can undermine cloud security. Both Jay and Q are threat researchers with Palo Alto Networks Unit 42. Unit 42 is the global threat intelligence team at Palo Alto Networks and a recognized authority on cyberthreats, frequently sought out by enterprises and government agencies around the wo...
How to Operationalize Cloud Security
May 10, 2021 10:00 - 36 minutes - 25.1 MBKeeping it simple is Brett’s mantra, and it has led to a great amount of success for him and the company he works for. As a security leader at Zoetis, the world’s largest animal healthcare company, Brett has managed to get ahead of the business in terms of adopting cloud securely. Although it may sound boring, standardizing security processes was a key element in the journey to automation for the Zoetis SOC. In today’s episode, Brett also talks about how he ended up in the world of cyberse...
Did You Know You Have a SaaS Problem?
April 12, 2021 12:00 - 43 minutes - 29.8 MBWhile most companies have significantly increased their investments in SaaS, they have not updated their security controls and processes to ward off threats posed by this medium. Leaving SaaS security to Cloud Access Security Brokers (CASB) is not sufficient. The security controls need to be placed around the data, APIs, and applications that are running inside a cloud environment, not outside its perimeter. This is the kind of security that AppOmni provides and today we have its CEO, Brenda...
How Common Identity Misconfigurations Can Undermine Cloud Security
March 10, 2021 23:00 - 46 minutes - 31.7 MBWelcome to a brand new cloud security podcast, Cloud Security Today. Instead of focusing on the latest news, we’re exploring a different take on cloud security where we dig deeper into its eclectic “how-to” side. On Cloud Security Today, we are going to talk with experts from all over the community so you can do cloud security better. Today’s experts are Nathaniel Quist (Q) and Jay Chen, and they will be talking about Unit 42’s latest cloud threat research. First up Q and J, as we call them,...