Cloud Security Podcast by Google focuses on security in the cloud, delivering security from the cloud, and all things at the intersection of security and cloud. Of course, we will also cover what we are doing in Google Cloud to help keep our users' data safe and workloads secure. We’re going to do our best to avoid security theater, and cut to the heart of real security questions and issues. Expect us to question threat models and ask if something is done for the data subject’s benefit or ju ...
…
continue reading
Sync Up is your one-stop shop for all things OneDrive. Join hosts, Stephen Rice and Arvind Mishra, as they shed light on how OneDrive connects you to all of your files in Microsoft and enables you to share and work together from anywhere, and any device! Hear from experts behind the design and development of OneDrive, as well as customers and Microsoft MVPs! Each episode will give you news and announcements, tips and best practices for your OneDrive experience, and some fun and humor!
…
continue reading
Cybersecurity weekly podcast series featuring industry thought leaders discussing security solutions, best practices, threat intel, and more. Our primary topics within InfoSec include: Application Security; Artificial Intelligence; Blockchain; Career Development; Cloud Security; Encryption / DLP; Endpoint / Mobile / IoT Security; GRC; Incident Response / SIEM; Identity and Access Management; Network Security; Privacy; Ransomware / Malware; and Security Awareness.
…
continue reading
Security on Cloud explores the ups and downs, and ins and outs of cloud security like no other podcast. Hear interviews with industry heavyweights, analysts, and technologists in the cloud security and compliance space. You can receive the insights you need to navigate security and compliance in this new cloud-driven world. Also, hear about high-level trends that face the cloud security industry that you need to be on top of to stay ahead. How to deal with compliance nightmares, how the whol ...
…
continue reading
1
EP191 Why Aren't More Defenders Winning? Defender’s Advantage and How to Gain it!
23:36
23:36
Play later
Play later
Lists
Like
Liked
23:36
Guest: Dan Nutting, Manager - Cyber Defense, Google Cloud Topics: What is the Defender’s Advantage and why did Mandiant decide to put this out there? This is the second edition. What is different about DA-II? Why do so few defenders actually realize their Defender’s Advantage? The book talks about the importance of being "intelligence-led" in cyber…
…
continue reading
1
EP190 Unraveling the Security Data Fabric: Need, Benefits, and Futures
30:00
30:00
Play later
Play later
Lists
Like
Liked
30:00
Guest: Josh Liburdi, Staff Security Engineer, Brex Topics: What is this “security data fabric”? Can you explain the technology? Is there a market for this? Is this same as security data pipelines? Why is this really needed? Won’t your SIEM vendor do it? Who should adopt it? Or, as Tim says, what gets better once you deploy it? Is reducing cost a bi…
…
continue reading
1
EP189 How Google Does Security Programs at Scale: CISO Insights
30:23
30:23
Play later
Play later
Lists
Like
Liked
30:23
Guest: Royal Hansen, CISO, Alphabet Topics: What were you thinking before you took that “Google CISO” job? Google's infrastructure is vast and complex, yet also modern. How does this influence the design and implementation of your security programs compared to other organizations? Are there any specific challenges or advantages that arise from oper…
…
continue reading
1
EP188 Beyond the Buzzwords: Identity's True Role in Cloud and SaaS Security
29:28
29:28
Play later
Play later
Lists
Like
Liked
29:28
Guest: Dor Fledel, Founder and CEO of Spera Security, now Sr Director of Product Management at Okta Topics: We say “identity is the new perimeter,” but I think there’s a lof of nuance to it. Why and how does it matter specifically in cloud and SaaS security? How do you do IAM right in the cloud? Help us with the acronym soup - ITDR, CIEM also ISPM …
…
continue reading
1
EP187 Conquering SOC Challenges: Leadership, Burnout, and the SIEM Evolution
29:41
29:41
Play later
Play later
Lists
Like
Liked
29:41
Guest: Nicole Beckwith, Sr. Security Engineering Manager, Threat Operations @ Kroger Topics: What are the most important qualities of a successful SOC leader today? What is your approach to building and maintaining a high-functioning SOC team? How do you approach burnout in a SOC team? What are some of the biggest challenges facing SOC teams today?…
…
continue reading
1
EP186 Cloud Security Tools: Trust the Cloud Provider or Go Third-Party? An Epic Debate, Anton vs Tim
27:18
27:18
Play later
Play later
Lists
Like
Liked
27:18
Guests: A debate between Tim and Anton, no guests Debate positions: You must buy the majority of cloud security tools from a cloud provider, here is why. You must buy the majority of cloud security tools from a 3rd party security vendor, here is why. Resources: EP74 Who Will Solve Cloud Security: A View from Google Investment Side EP22 Securing Mul…
…
continue reading
1
EP185 SAIF-powered Collaboration to Secure AI: CoSAI and Why It Matters to You
24:27
24:27
Play later
Play later
Lists
Like
Liked
24:27
Guest: David LaBianca, Senior Engineering Director, Google Topics: The universe of AI risks is broad and deep. We’ve made a lot of headway with our SAIF framework: can you give us a) a 90 second tour of SAIF and b) share how it’s gotten so much traction and c) talk about where we go next with it? The Coalition for Secure AI (CoSAI) is a collaborati…
…
continue reading
1
EP184 One Week SIEM Migration: Fact or Fiction?
24:45
24:45
Play later
Play later
Lists
Like
Liked
24:45
Guest: Manan Doshi, Senior Security Engineer @ Etsy Questions: In your experience, what are the biggest challenges organizations face when migrating to a new SIEM platform? How did you solve them? Many SIEM projects have problems, but a decent chunk of these problems are not about the tool being broken. How did you decide to migrate? When is it tim…
…
continue reading
1
EP183 Cloud Security Journeys: Improve, Evolve, Transform with Cloud Customers
30:15
30:15
Play later
Play later
Lists
Like
Liked
30:15
Guests: Jaffa Edwards, Senior Security Manager @ Google Cloud Lyka Segura, Cloud Security Engineer @ Google Cloud Topics: Security transformation is hard, do you have any secret tricks or methods that actually make it happen? Can you share a story about a time when you helped a customer transform their cloud security posture? Not just improve, but …
…
continue reading
Curious about how user research shapes OneDrive? In this episode of Sync Up, Stephen Rice, Arvind Mishra, and Rachel Hungerford dive into the world of UX research! Discover how the team gathers insights to improve your OneDrive experience, from Home to Sharing to much more! Research is key to how we learn and evolve the product to meet our users' n…
…
continue reading
1
EP182 ITDR: The Missing Piece in Your Security Puzzle or Yet Another Tool to Buy?
28:20
28:20
Play later
Play later
Lists
Like
Liked
28:20
Guest: Adam Bateman, Co-founder and CEO, Push Security Topics: What is Identity Threat Detection and Response (ITDR)? How do you define it? What gets better at a client organization once ITDR is deployed? Do we also need “ISPM” (parallel to CDR/CSPM), and what about CIEM? Workload identity ITDR vs human identity ITDR? Do we need both? Are these the…
…
continue reading
1
EP181 Detection Engineering Deep Dive: From Career Paths to Scaling SOC Teams
30:32
30:32
Play later
Play later
Lists
Like
Liked
30:32
Guest: Zack Allen, Senior Director of Detection & Research @ Datadog, creator of Detection Engineering Weekly Topics: What are the biggest challenges facing detection engineers today? What do you tell people who want to consume detections and not engineer them? What advice would you give to someone who is interested in becoming a detection engineer…
…
continue reading
1
EP180 SOC Crossroads: Optimization vs Transformation - Two Paths for Security Operations Center
28:09
28:09
Play later
Play later
Lists
Like
Liked
28:09
Guests: Mitchell Rudoll, Specialist Master, Deloitte Alex Glowacki, Senior Consultant, Deloitte Topics: The paper outlines two paths for SOCs: optimization or transformation. Can you elaborate on the key differences between these two approaches and the factors that should influence an organization's decision on which path to pursue? The paper also …
…
continue reading
1
EP179 Teamwork Under Stress: Expedition Behavior in Cybersecurity Incident Response
23:28
23:28
Play later
Play later
Lists
Like
Liked
23:28
Guests: Robin Shostack, Security Program Manager, Google Jibran Ilyas, Managing Director Incident Response, Mandiant, Google Cloud Topics: You talk about “teamwork under adverse conditions” to describe expedition behavior (EB). Could you tell us what it means? You have been involved in response to many high profile incidents, one of the ones we can…
…
continue reading
1
EP178 Meet Brandon Wood: The Human Side of Threat Intelligence: From Bad IP to Trafficking Busts
32:09
32:09
Play later
Play later
Lists
Like
Liked
32:09
Guest: Brandon Wood, Product Manager for Google Threat Intelligence Topics: Threat intelligence is one of those terms that means different things to everyone–can you tell us what this term has meant in the different contexts of your career? What do you tell people who assume that “TI = lists of bad IPs”? We heard while prepping for this show that y…
…
continue reading
We're back! Stephen was on the ground at the Microsoft 365 Community Conference in Orlando, and this week he's catching Arvind up on all the amazing announcements from the conference! From Copilot to Colored Folders to Sync Health Report Exports, the conference was overfull with great features that will help you get the most out of OneDrive! Stephe…
…
continue reading
1
EP177 Cloud Incident Confessions: Top 5 Mistakes Leading to Breaches from Mandiant
30:07
30:07
Play later
Play later
Lists
Like
Liked
30:07
Guests: Omar ElAhdan, Principal Consultant, Mandiant, Google Cloud Will Silverstone, Senior Consultant, Mandiant, Google Cloud Topics: Most organizations you see use both cloud and on-premise environments. What are the most common challenges organizations face in securing their hybrid cloud environments? You do IR so in your experience, what are to…
…
continue reading
1
EP176 Google on Google Cloud: How Google Secures Its Own Cloud Use
27:00
27:00
Play later
Play later
Lists
Like
Liked
27:00
Guest: Seth Vargo, Principal Software Engineer responsible for Google's use of the public cloud, Google Topics: Google uses the public cloud, no way, right? Which one? Oh, yeah, I guess this is obvious: GCP, right? Where are we like other clients of GCP? Where are we not like other cloud users? Do we have any unique cloud security technology that w…
…
continue reading
1
EP175 Meet Crystal Lister: From Public Sector to Google Cloud Security and Threat Horizons
26:43
26:43
Play later
Play later
Lists
Like
Liked
26:43
Guest: Crystal Lister, Technical Program Manager, Google Cloud Security Topics: Your background can be sheepishly called “public sector”, what’s your experience been transitioning from public to private? How did you end up here doing what you are doing? We imagine you learned a lot from what you just described – how’s that impacted your work at Goo…
…
continue reading
1
EP174 How to Measure and Improve Your Cloud Incident Response Readiness: A New Framework
21:33
21:33
Play later
Play later
Lists
Like
Liked
21:33
Guest: Angelika Rohrer, Sr. Technical Program Manager , Cyber Security Response at Alphabet Topics: Incident response (IR) is by definition “reactive”, but ultimately incident prep determines your IR success. What are the broad areas where one needs to prepare? You have created a new framework for measuring how ready you are for an incident, what i…
…
continue reading
1
EP173 SAIF in Focus: 5 AI Security Risks and SAIF Mitigations
33:16
33:16
Play later
Play later
Lists
Like
Liked
33:16
Guest: Shan Rao, Group Product Manager, Google Topics: What are the unique challenges when securing AI for cloud environments, compared to traditional IT systems? Your talk covers 5 risks, why did you pick these five? What are the five, and are these the worst? Some of the mitigation seems the same for all risks. What are the popular SAIF mitigatio…
…
continue reading
1
EP172 RSA 2024: Separating AI Signal from Noise, SecOps Evolves, XDR Declines?
27:20
27:20
Play later
Play later
Lists
Like
Liked
27:20
Guests: None Topics: What have we seen at RSA 2024? Which buzzwords are rising (AI! AI! AI!) and which ones are falling (hi XDR)? Is this really all about AI? Is this all marketing? Security platforms or focused tools, who is winning at RSA? Anything fun going on with SecOps? Is cloud security still largely about CSPM? Any interesting presentations…
…
continue reading
1
EP171 GenAI in the Wrong Hands: Unmasking the Threat of Malicious AI and Defending Against the Dark Side
27:03
27:03
Play later
Play later
Lists
Like
Liked
27:03
Guest: Elie Bursztein, Google DeepMind Cybersecurity Research Lead, Google Topics: Given your experience, how afraid or nervous are you about the use of GenAI by the criminals (PoisonGPT, WormGPT and such)? What can a top-tier state-sponsored threat actor do better with LLM? Are there “extra scary” examples, real or hypothetical? Do we really have …
…
continue reading
1
EP170 Redefining Security Operations: Practical Applications of GenAI in the SOC
27:48
27:48
Play later
Play later
Lists
Like
Liked
27:48
Guest: Payal Chakravarty, Director of Product Management, Google SecOps, Google Cloud Topics: What are the different use cases for GenAI in security operations and how can organizations prioritize them for maximum impact to their organization? We’ve heard a lot of worries from people that GenAI will replace junior team members–how do you see GenAI …
…
continue reading
Hold onto your hats, it's time for another episode of the Sync Up podcast! This week, hosts Stephen and Arvind are talking to migration and customer experts Vishal Lodha and Yogesh Ratnaparkhi about how to effectively migrate your content to OneDrive, whether you're starting on-prem or with another cloud provider. The team busts common migration my…
…
continue reading
1
EP169 Google Cloud Next 2024 Recap: Is Cloud an Island, So Much AI, Bots in SecOps
27:36
27:36
Play later
Play later
Lists
Like
Liked
27:36
Guests: no guests (just us!) Topics: What are some of the fun security-related launches from Next 2024 (sorry for our brief “marketing hat” moment!)? Any fun security vendors we spotted “in the clouds”? OK, what are our favorite sessions? Our own, right? Anything else we had time to go to? What are the new security ideas inspired by the event (you …
…
continue reading
1
EP168 Beyond Regular LLMs: How SecLM Enhances Security and What Teams Can Do With It
33:18
33:18
Play later
Play later
Lists
Like
Liked
33:18
Guests: Umesh Shankar, Distinguished Engineer, Chief Technologist for Google Cloud Security Scott Coull, Head of Data Science Research, Google Cloud Security Topics: What does it mean to “teach AI security”? How did we make SecLM? And also: why did we make SecLM? What can “security trained LLM” do better vs regular LLM? Does making it better at sec…
…
continue reading
1
EP167 Stolen Cards and Fake Accounts: Defending Google Cloud Against Abuse
25:24
25:24
Play later
Play later
Lists
Like
Liked
25:24
Speakers: Maria Riaz, Cloud Counter-Abuse, Engineering Lead, Google Cloud Topics: What is “counter abuse”? Is this the same as security? What does counter-abuse look like for GCP? What are the popular abuse types we face? Do people use stolen cards to get accounts to then violate the terms with? How do we deal with this, generally? Beyond core tech…
…
continue reading
1
EP166 Workload Identity, Zero Trust and SPIFFE (Also Turtles!)
30:06
30:06
Play later
Play later
Lists
Like
Liked
30:06
Guests: Evan Gilman, co-founder CEO of Spirl Eli Nesterov, co-founder CTO of Spril Topics: Today we have IAM, zero trust and security made easy. With that intro, could you give us the 30 second version of what a workload identity is and why people need them? What’s so spiffy about SPIFFE anyway? What’s different between this and micro segmentation …
…
continue reading
1
EP165 Your Cloud Is Not a Pet - Decoding 'Shifting Left' for Cloud Security
24:34
24:34
Play later
Play later
Lists
Like
Liked
24:34
Guest: Ahmad Robinson, Cloud Security Architect, Google Cloud Topics: You’ve done a BlackHat webinar where you discuss a Pets vs Cattle mentality when it comes to cloud operations. Can you explain this mentality and how it applies to security? What in your past led you to these insights? Tell us more about your background and your journey to Google…
…
continue reading
1
EP164 Quantum Computing: Understanding the (very serious) Threat and Post-Quantum Cryptography
31:23
31:23
Play later
Play later
Lists
Like
Liked
31:23
Guest: Jennifer Fernick, Senor Staff Security Engineer and UTL, Google Topics: Since one of us (!) doesn't have a PhD in quantum mechanics, could you explain what a quantum computer is and how do we know they are on a credible path towards being real threats to cryptography? How soon do we need to worry about this one? We’ve heard that quantum comp…
…
continue reading
1
EP163 Cloud Security Megatrends: Myths, Realities, Contentious Debates and Of Course AI
25:54
25:54
Play later
Play later
Lists
Like
Liked
25:54
Guest: Phil Venables, Vice President, Chief Information Security Officer (CISO) @ Google Cloud Topics: You had this epic 8 megatrends idea in 2021, where are we now with them? We now have 9 of them, what made you add this particular one (AI)? A lot of CISOs fear runaway AI. Hence good governance is key! What is your secret of success for AI governa…
…
continue reading
This week on Sync Up, hosts Stephen Rice and Arvind Mishra sit down with Liz Scoble and Libby McCormick to talk about how we're creating new creation experiences in OneDrive, and across Microsoft 365! After discussing our favorite underrated snacks, the team talks about Create.Microsoft.Com and the power of intent, then the new Create New experienc…
…
continue reading
1
EP162 IAM in the Cloud: What it Means to Do It 'Right' with Kat Traxler
28:09
28:09
Play later
Play later
Lists
Like
Liked
28:09
Guest: Kat Traxler, Security Researcher, TrustOnCloud Topics: What is your reaction to “in the cloud you are one IAM mistake away from a breach”? Do you like it or do you hate it? A lot of people say “in the cloud, you must do IAM ‘right’”. What do you think that means? What is the first or the main idea that comes to your mind when you hear it? Ho…
…
continue reading
1
EP161 Cloud Compliance: A Lawyer - Turned Technologist! - Perspective on Navigating the Cloud
27:38
27:38
Play later
Play later
Lists
Like
Liked
27:38
Guest: Victoria Geronimo, Cloud Security Architect, Google Cloud Topics: You work with technical folks at the intersection of compliance, security, and cloud. So what do you do, and where do you find the biggest challenges in communicating across those boundaries? How does cloud make compliance easier? Does it ever make compliance harder? What is y…
…
continue reading
1
EP160 Don't Cloud Your Judgement: Security and Cloud Migration, Again!
27:32
27:32
Play later
Play later
Lists
Like
Liked
27:32
Guest: Merritt Baer, Field CTO, Lacework, ex-AWS, ex-USG Topics: How can organizations ensure that their security posture is maintained or improved during a cloud migration? Is cloud migration a risk reduction move? What are some of the common security challenges that organizations face during a cloud migration? Are there different gotchas between …
…
continue reading
1
EP159 Workspace Security: Built for the Modern Threat. But How?
25:31
25:31
Play later
Play later
Lists
Like
Liked
25:31
Guests: Emre Kanlikilicer, Senior Engineering Manager @ Google Sophia Gu, Engineering Manager at Google Topics Workspace makes the claim that unlike other productivity suites available today, it’s architectured for the modern threat landscape. That’s a big claim! What gives Google the ability to make this claim? Workspace environments would have ma…
…
continue reading
1
From Waterfalls to Weekly Releases—Engineering Excellence with Steven Bailey and John Selbie
46:29
46:29
Play later
Play later
Lists
Like
Liked
46:29
On this episode of Sync Up, hosts Stephen Rice and Arvind Mishra sit down with two never-before-heard guests! First up, hear directly from the Corporate Vice President of OneDrive Engineering, Steven Bailey, as he talks through the joys and challenges of managing one of Microsoft's largest services. Then, go deep with John Selbie, one of OneDrive's…
…
continue reading
1
EP158 Ghostbusters for the Cloud: Who You Gonna Call for Cloud Forensics
21:33
21:33
Play later
Play later
Lists
Like
Liked
21:33
Guest: Jason Solomon, Security Engineer, Google Topics: Could you share a bit about when you get pulled into incidents and what are your goals when you are? How does that change in the cloud? How do you establish a chain of custody and prove it for law enforcement, if needed? What tooling do you rely on for cloud forensics and is that tooling avail…
…
continue reading
1
EP157 Decoding CDR & CIRA: What Happens When SecOps Meets Cloud
25:27
25:27
Play later
Play later
Lists
Like
Liked
25:27
Guest: Arie Zilberstein, CEO and Co-Founder at Gem Security Topics: How does Cloud Detection and Response (CDR) differ from traditional, on-premises detection and response? What are the key challenges of cloud detection and response? Often we lift and shift our teams to Cloud, and not always for bad reasons, so what’s your advice on how to teach th…
…
continue reading
1
EP156 Living Off the Land and Attacking Critical Infrastructure: Mandiant Incident Deep Dive
25:12
25:12
Play later
Play later
Lists
Like
Liked
25:12
Guest: Sandra Joyce, VP at Mandiant Intelligence Topics: Could you give us a brief overview of what this power disruption incident was about? This incident involved both Living Off the Land and attacks on operational technology (OT). Could you explain to our audience what these mean and what the attacker did here? We also saw a wiper used to hide f…
…
continue reading
1
EP155 Cyber, Geopolitics, AI, Cloud - All in One Book?
38:36
38:36
Play later
Play later
Lists
Like
Liked
38:36
Guests: Derek Reveron, Professor and Chair of National Security at the US Naval War College John Savage, An Wang Professor Emeritus of Computer Science of Brown University Topics: You wrote a book on cyber and war, how did this come about and what did you most enjoy learning from the other during the writing process? Is generative AI going to be a …
…
continue reading
1
EP154 Mike Schiffman: from Blueboxing to LLMs via Network Security at Google
35:41
35:41
Play later
Play later
Lists
Like
Liked
35:41
Guest: Mike Schiffman, Network Security “UTL” Topics: Given your impressive and interesting history, tell us a few things about yourself? What are the biggest challenges facing network security today based on your experience? You came to Google to work on Network Security challenges. What are some of the surprising ones you’ve uncovered here? What …
…
continue reading
1
EP153 Kevin Mandia on Cloud Breaches: New Threat Actors, Old Mistakes, and Lessons for All
28:41
28:41
Play later
Play later
Lists
Like
Liked
28:41
Guest: Kevin Mandia, CEO at Mandiant, part of Google Cloud Topics: When you look back, what were the most surprising cloud breaches in 2023, and what can we learn from them? How were they different from the “old world” of on-prem breaches? For a long time it’s felt like incident response has been an on-prem specialization, and that adversaries are …
…
continue reading
1
EP152 Trust, Security and Google's Annual Transparency Report
26:03
26:03
Play later
Play later
Lists
Like
Liked
26:03
Guest: Michee Smith, Director, Product Management for Global Affairs Works, Google Topics: What is Google Annual Transparency Report and how did we get started doing this? Surely the challenge of a transparency report is that there are things we can’t be transparent about, how do we balance this? What are those? Is it a safe question? What Access T…
…
continue reading