Cloud Security Podcast

Is Offensive Security part of your 2024 Security Roadmap? We caught up with Sam Kirkman, Director at NetSPI EMEA at BlackHat Europe 2023 about what an Offensive Security Roadmap going into 2024 should look like. Offensive security is much more than pentesting. We spoke about how to build a capable team, different maturity stages of building such a program and resources you can lean on while you are on this journey across different industries. Guest Socials: Sam's Linkedin ⁠(⁠⁠@sam-kirkman-cybersecurity) Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠Cloud Security Podcast- Youtube⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp Questions asked: (00:00) Introduction (02:53)A bit about Sam Kirkman (03:53) What is offensive security? (04:52) The attack landscape (07:34) Offensive Security Roadmap (09:43) Components of Offensive Security Roadmap (11:04) Whats a good starting point? (12:55) Skillsets required in the team (16:57) Different stages of maturity (19:09) Where can people learn more about this? (22:03) Where you can connect with Sam You can learn more about NetSPI and offensive security here

Cloud Security environments looks very complex in 2023, and it will continue to evolve in 2024 now with AI. At AWS re:Invent 2023 this year, we sat down with Alex Jauch, Senior Director of Product Management at Outshift to talk about the complexities in Cloud Security, the role of GenAI and what can be items to consider for your 2024 Cloud Security Program. Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠Cloud Security Podcast- Youtube⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠ Questions Asked: (00:00) Introduction (01:34) A bit about Alex (02:02) Current Cloud Security Landscape (04:43) The cloud security acronyms (08:44) Dealing with complex infrastructure (12:31) Impact of GenAI on Security (15:26) Do you have GenAi in Production? (16:55) We are all one team! (19:04) 2024 Security Program (20:39) Whats not being spoken about? (22:11) The fun section (26:00) Where you can connect with Alex!

Emily Fox, Red Hat security lead and CNCF TOC chair, discusses Kubernetes security trends. She covers software supply chain visibility, Zero Trust practices like mTLS and SPIFFE, the security challenges of edge deployments, and how AI workloads change provenance and detection needs. Short, focused takes on managed vs self-hosted responsibilities and the evolving specialization in cloud-native security.

Cailyn Edwards, Senior Security Engineer at Shopify, discusses the complexities of Kubernetes Network Security in a multi-tenant environment, including tools and tactics for securing Kubernetes environments. She also shares insights from her journey at Shopify and tips for advancing the security maturity of Kubernetes networks.

Cloud Security Podcast just got back from AWS re:invent 2023, there was a lot of chat around, you guessed it - GenAI but along with that there were plenty of security updates and announcement. Shilpi and Ashish broke them all down for you and what it all actually means for all security practitioners. Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠ Questions asked: (00:00) Introduction (04:49) GenAI at AWS re:Invent (06:01) No new security service announced (06:48) Updates from CEO and CTO Keynotes (11:29) What is Amazon Inspector? (12:10) Amazon Inspector Security Updates (15:09) What is AWS Security Hub? (15:52) AWS Security Hub Security Updates (18:52) What is Amazon GuardDuty? (20:10) Amazon GuardDuty Security Updates (22:49) What is Amazon Detective? (23:45) Amazon Detective Security Updates (26:22) What is IAM Access Analyser? (28:06) IAM Access Analyser Security Updates (30:33) What is AWS Config? (31:25) AWS Config Security Updates (32:35) Other Security Updates (33:46) 3 Layers of AI (35:21) What is Amazon CodeWhisperer? (36:36) Amazon Application Composer (37:34) Guardrails for Bedrock (38:13) Amazon Q (41:17) Zero Trust (41:45) Ransomware (44:29) Security Talks (45:54) Input filtering and validation for WAF (50:31) Enterprise IAM and data perimeter (53:00) Conclusion and find out more! You can check out the Top announcements of AWS re:Invent 2023 + AWS re:Invent 2023 - Security Compliance & Identity

The podcast explores the challenges of network security in managed Kubernetes environments and the benefits of using tools like eBPF and Cilium. It discusses the initial approach to networking in Kubernetes and the need for the next generation of networking tools. The chapter also explores how eBPF revolutionized the kernel field and the network security capabilities of Cilium. It discusses the process of graduating a project within the CNCF and the importance of having a company backing an open source project. The speakers engage in a light-hearted conversation, sharing their personal interests and aspirations.

In this podcast, Tim Miller, a Kubernetes security expert, discusses CNAPP and the approach to Kubernetes security. They cover topics such as traditional Kubernetes security, attack path analysis, and the team needed for effective security. They also provide resources to learn more about these topics.

Max Feldman, Director of Security Engineering at AppOmni and former product security lead at Salesforce and Slack, talks SaaS security. He explains SaaS Security Posture Management, when teams should adopt SSPM, and differences between SSPM, CASB, CSPM and CNAPP. They cover SaaS attack surfaces, SSO/offboarding gaps, ChatGPT risks, and practical steps to start a SaaS security program.

Threat detection for not so common cloud services features Suresh Vasudevan, CEO of Sysdig, discussing challenges in threat detection for uncommon cloud services. They explore traditional threat detection methods, uncommon service attack vectors, and problems with threat detection in the cloud. The podcast also covers prioritization approaches and bridging cloud and applications.

Not Escaping Containers but escaping Clusters - Managed Kubernetes distributions such as Amazon EKS, Google Kubernetes Engine (GKE) and Azure Kubernetes Service (AKS) attack vectors can allow you to reach the underlying AWS Account etc. In conversation with Christophe Tafani-Dereeper & Nick Frichette, from Datadog on how this is possible in Amazon EKS and achieving potentially the same in GKE & AKS too. Thank you to our episode sponsor Sagetap Guest Socials: Nick's and Christophe's Linkedin (⁠⁠⁠⁠⁠⁠⁠⁠⁠Nick Frichette + Christophe Tafani-Dereeper) Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp Questions asked: (00:00) Introduction (04:11) A bit about Christophe (04:37) A bit about Nick (05:03) What is managed Kubernetes? (06:26) Security of managed Kubernetes (09:02) Comparison between different managed Kubernetes (10:41) Service accounts and managed Kubernetes (14:22) What is container escape? (18:20) IMDSv2 for EKS (19:51) IMDSv2 in EKS vs AKES and GKE (22:01) Benchmark compliance for Kubernetes architecture (24:49) Low hanging fruits for container escape (27:17) Shared responsibility for managed Kubernetes (29:34) Fargate for Managed Kubernetes (32:00) Different ways to run containers (33:37) Escaping Managed Kubernetes cluster (38:39) Find more about this attack path (42:38) Escalation priviledge in EKS cluster (44:19) Reducing the Kubernetes attack service (44:58) MKAT for Kubernetes Security (48:23) Preventing AWS AuthConfig (50:11) Propagation Security (54:55) The fun section (57:47) Resources for latest Kubernetes updates Resources spoken about during the episode Nick Frichette's Blog - Hacking the Cloud Christophe Tafani-Dereeper' Blog Corey Quinn's - 17 ways to run containers on AWS MKAT cloudseclist newsletter