Cloud Security Podcast by Google

Anton Chuvakin

Cloud Security Podcast by Google focuses on security in the cloud, delivering security from the cloud, and all things at the intersection of security and cloud. Of course, we will also cover what we are doing in Google Cloud to help keep our users' data safe and workloads secure.

We're going to do our best to avoid security theater, and cut to the heart of real security questions and issues. Expect us to question threat models and ask if something is done for the data subject's benefit or just for organizational benefit.

We hope you'll join us if you're interested in where technology overlaps with process and bumps up against organizational design. We're hoping to attract listeners who are happy to hear conventional wisdom questioned, and who are curious about what lessons we can and can't keep as the world moves from on-premises computing to cloud computing.

Episodes

Mentioned books

May 13, 2026 • 25min

EP277: CISO as CFO, From Citi to Celery, It's All about the Cabbage

Arvin Bansal, CISO at C&S Wholesale Grocers with a financial services background, secures retail and supply chains while applying AI/ML to business and security. He explains grocery threat models and resilience priorities. He describes using AI to optimize inventory, logistics, and SOC work. He covers AI trust, agent accountability, third‑party risk, and balancing cyber with physical operational risk.

May 11, 2026 • 36min

EP276 AI Governance vs. The Hyper-Velocity Agentic Future: A Lawyer's Take

James Sherer, partner co-leading BakerHostetler’s emerging tech team and AI lawyer. He discusses why AI demands new governance beyond classic IT, how humans project intent onto systems, mapping and monitoring AI use, assigning responsibility as systems become agentic, and practical non-negotiables like policy, documentation, and using AI to help govern AI.

May 4, 2026 • 20min

EP275 Google Cloud Next 2026: The AI Earthquake, "SOC-home" Syndrome, and the Ragged Edge of Reality

A brisk recap of big announcements from Google Cloud Next 2026 and what they mean for security. They explore AI as a shock that touches every security domain and the uneven, ragged edge of adoption across organizations. There is a lively take on SOC demand for agents, agent-driven malware analysis, and whether faster discovery will actually speed up patching. Resilience and measurable security ROI round out the conversation.

Apr 27, 2026 • 30min

EP274 AI, Zero Trust and Secure by Design Walk into a Bar...

Grant Dasher, Distinguished Engineer and former CISA leader, explains secure-by-design, why bolted-on security fails, and how identity becomes the new perimeter for AI and agents. He explores agent identities, delegation, and practical steps for fast AI adoption. Short, clear takes on Zero Trust and architecting systems for agentic futures.

Apr 20, 2026 • 29min

EP273 From CISA to Cloud: AI Assurance, Concentration Risk, and the New Regulatory Frontier

Jeanette Manfra, VP and Head of Risk and Compliance at Google Cloud and former CISA leader, reflects on cloud security, privacy, and regulation. She explores how cloud reshapes security vs privacy, concentration and systemic risks, the fate of shared responsibility, AI helping map rules to controls, and balancing logging with privacy.

Apr 13, 2026 • 34min

EP272 More Than Just Packets: Is NDR a "First-Class" Cloud Security Control?

Raja Mukerji, co-founder and chief scientist at ExtraHop, an expert in network and SSL acceleration, makes the case for network detection and response as a vital visibility control. He discusses NDR’s comeback, how it works with TLS‑1.3 and cloud environments, where it outperforms agent-based telemetry, detection of shadow AI/services, and practical scaling and cost considerations.

Apr 9, 2026 • 27min

EP271 Can AI-Native MDR Actually Fix Your Broken SOC Workflows or Just Automate the Mess?

Bashar Abouseido, President of Tenex.AI and former CISO focused on metrics and AI-enabled ops, and Eric Foster, CEO of Tenex.AI and veteran practitioner pushing AI-native MDR, debate whether AI-native MDR can modernize SOCs stuck on legacy SIEM. They discuss data quality, agentic remediation, new metrics beyond MTTD, trust for autonomous containment, and hybrid platform-plus-edge AI strategies.

Apr 6, 2026 • 27min

EP270 The Convenience Tax: Why We Keep Failing at Supply Chain Security

Dan Lorenc, founder and CEO of Chainguard focused on software supply chain security. He discusses security tools becoming attack surfaces. He tackles tag mutability and failed version pinning. He covers long-game social engineering, auto-update trade-offs, SBOM limitations, and hardening CI/CD to reduce credential exposure.

Mar 30, 2026 • 33min

EP269 Reflections on RSA 2026 - Beyond AI AI AI AI AI AI AI

A lively RSA 2026 recap exploring how vendors label and market AI, from honest use to outright AI washing. A practical framework helps separate tasteful AI touches from exaggerated claims. They debate whether big AI labs will displace security vendors and whether LLMs can replace analyst firms. The conversation also highlights securing AI, agent identity, and what buyers should demand from vendors.

Mar 23, 2026 • 34min

EP268 Weaponizing the Administrative Fabric: Cloud Identity and SaaS Compromise in M Trends 2026

Scott Runnels, Mandiant incident responder with hands-on IR experience, and Kelli Vanderlee, senior threat analyst at Mandiant, discuss identity as the new perimeter and how attackers weaponize admin fabrics. They cover rapid attacker collaboration, identity and SaaS compromise trends, voice phishing in the GenAI era, malicious open-source packages, malware using local AI, and practical detection and response strategies.

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!

App store banner

Play store banner