Scale to Zero - No Security Questions Left Unanswered

Join us as we delve into privacy engineering with our guest speaker Apoorvaa Deshpande, a seasoned privacy expert. Apoorvaa is currently a Senior Privacy Engineer at Google Cloud, working on privacy design, privacy-enhancing technologies (PETs), and data governance for AI. Prior to that, she was a tech lead at Snap Inc., leading the design and execution of several innovative PETs. Before that, she completed her PhD in Computer Science (cryptography) from Brown University. In this insightful podcast, we explore the fundamental concepts of privacy by design and privacy engineering, the tools and techniques used to implement privacy-enhancing technologies (PETs), and the challenges and opportunities in this field. Discover how to balance user experience with privacy, the risks of building AI-powered features, and the future of privacy engineering. 00:00 Teaser and Introduction 08:10 What is Privacy Engineering? 13:15 Tools and types of libraries used by privacy engineers 15:25 Privacy by design vs. Privacy engineering 20:59 Implementing the concepts of privacy by design 24:00 Privacy Enhancing Technologies (PETs) 29:29 Case studies of PETs 36:42 Does privacy add friction to development teams? 43:00 Keeping balance between user experience and privacy 48:30 Designing privacy to encounter decision fatigue 50:58 Biggest Privacy Vulnerabilities available today 55:08 Risk of building AI-powered features 57:40 Future of Privacy Enhancing Technologies 01:01:30 Open source Proactive Privacy Solutions 01:03:37 Summary 01:04:30 Keeping a balance between Security, Developer productivity, and experience 01:06:45 Tips to handle work burnouts 01:09:00 Learning resources

Join us as we delve into the world of cloud pen-testing with our guest Scott Weston, a seasoned cybersecurity expert. In this insightful podcast, we discuss the development of GCPwn, a powerful tool for identifying vulnerabilities in Google Cloud Platform (GCP) environments. Learn about the tool's capabilities, limitations, and future roadmap. We also explore the broader landscape of cloud security, including the shared responsibility model, common misconfigurations, and the importance of continuous learning. Whether you're a seasoned security professional or just starting your journey, this podcast offers valuable insights and practical advice. Shared Responsibility Model: https://www.cloudanix.com/learn/what-is-shared-responsibility-model 00:00 Teaser and Introduction 04:35 Introducing self-developed tool GCPwn 07:30 Is GCPwn an active or passive pen testing tool? 08:47 Envisioning GCPwn for users 10:15 Areas GCPwn does not suit well 12:16 Future Roadmap of GCPwn 13:41 AWS Pwn landscape after year 2016 15:51 Describing Shared Responsibility Model 19:20 Security considerations of cloud platforms as a cloud pentester 22:25 Are pentesting certifications enough? 28:07 Common cloud misconfiguration to look for 35:26 Tools to get started with pen-testing 38:38 Cloud platforms to focus on as a beginner 41:30 Where to get started as a cloud pentester 44:00 Learning resources 53:29 Summary 54:30 Reading and other recommended resources

Join us as we delve into the world of Zero Trust security with Dr. Natalia Semenova, a seasoned cybersecurity expert. In this insightful podcast, we discuss the key differences between Zero Trust and traditional defense approaches, the challenges organizations face in adopting Zero Trust, and practical strategies for overcoming these hurdles. Learn how to prioritize security areas, gain buy-in from stakeholders, and provide secure data access in remote-first cultures. We also explore the importance of security maturity models, the levels of maturity, and how to map them to your overall security architecture. Discover the latest trends in AI security and how to get started with threat modeling. 00:00 Teaser and Introduction 06:05 Defining Zero Trust 07:40 Zero Trust vs. Traditional Defence Approach 10:25 Challenges of Adopting to Zero Trust Architecture 12:23 Overcoming the Challenges of Zero Trust 15:00 Getting Started with Zero Trust Journey 17:00 Prioritizing Security Areas and Approaching Stakeholders for Buy-In 20:15 Providing Data Access to the Teams Working in Remote-First Culture 23:25 Introducing Security Maturity Models 25:27 Levels of Security Maturity Models 28:17 Mapping the Levels of Security Maturity Models to Overall Security Architecture 31:50 Additional Frameworks that Expert Follows 33:44 How security leaders can transition to the AI Security domain 37:27 Getting Started with Threat Modeling 39:51 Summary 40:51 Learning Recommendations

Are you struggling to navigate the complex landscape of cloud security? Our latest podcast episode features Richard Stiennon, a seasoned cybersecurity expert who shares invaluable insights and practical advice. From vendor selection to multi-cloud strategies and beyond, this podcast covers it all. YouTube: https://youtu.be/XVcXBZVgfeA 00:00 Teaser and Introduction 05:58 Key factors to evaluate cloud security needs - vendor selection. 14:29 Key considerations in case of multi-cloud environments. 16:34 Common mistakes organizations make while evaluating cloud security platforms. 18:18 Showing security tool values to business leaderships. 20:57 How to avoid mistakes and get better at tool selection process. 22:53 Do Gartner Leader Reports add value to CISOs? 26:44 Are partnerships between security vendors and insurance companies worth it? 30:38 What to look for in vendor support and training resources? 32:02 Impact of Agile methodologies on vendors as well as customers. 35:42 Right time to invest in Zero Trust Security. 39:35 Observations of sophisticated attack on Solarwinds. 43:50 Preparing for emerging threats in security space. 46:25 Burnout and stress in CISO's life and How to handle. 50:10 End of IDS (Intrusion detection system). 57:24 Summary 58:19 Learning recommendations from Richard. 59:54 Thank you and Closure

In this episode of the ScaletoZero podcast, we have discussed how to build a resilient cloud security posture with cybersecurity expert Hilal. We have also covered some of the important areas of incident response like incident response teams, planning, tools, vulnerabilities, the role of AI, and more. Discover expert insights and best practices. Watch complete episode on YouTube: https://youtu.be/ydA82eUXmA0 00:00 Teaser and Introduction 07:17 Structuring incident response teams to effectively handle cloud-based incidents. 09:57 Developing and maintaining a comprehensive incident response plan. 12:35 Tooling or processes should be in-house or outside of the organization? 15:51 Top 3 areas to define security controls around vulnerabilities or incidents. 19:01 Practical example of handling an incident response. 24:24 Lessons Learned from a security incident. 26:35 Scrutinizing an open-source library. 30:09 Continuous monitoring for AWS and multi-cloud organizations, and effectiveness of OSS in it. 35:35 Use of Generative AI to generate incident response playbooks and other security challenges. 42:28 Staying updated in the threat landscape and using generative AI in it. 45:46 Skills and expertise required in high-performing detection engineering teams. 48:41 Handling stress and burnouts. 52:44 Summary 53:26 Learning recommendations from Hilal for security leaders.

In this episode of ScaletoZero podcast, join us for an insightful exploration of the role of generative AI in cybersecurity. Discover the challenges it presents for practitioners, the importance of explainability and privacy, and the limitations of traditional cybersecurity frameworks. Learn how to harness the power of AI while mitigating inherent risks and ensuring a robust security posture. 00:00 Teaser and Introduction 05:38 Role of generative AI in cybersecurity. 10:54 Generative AI - A challenge for cybersecurity practitioners. 12:32 Concept of Explainability and its importance when it comes to generative AI. 17:02 Designing AI-powered security solutions to respect user privacy. 21:07 What is Differential Privacy and its role in generative AI. 30:15 Cybersecurity frameworks fall short when it comes to inherent cybersecurity risks. 34:53 Consequences of organizations solely relying on cybersecurity frameworks. 39:11 Key considerations to prioritize when addressing inherent cybersecurity risks. 44:50 Cybersecurity vs. Risk Management vs. Privacy. 46:50 Summary 47:47 Rating Security Practices Section

In this episode of the ScaletoZero podcast, discover the transformative potential of auto-remediation in cloud environments. Learn how to prioritize remediation activities, measure their impact, and choose between IaC and auto-remediation. Explore the challenges and benefits of implementing auto-remediation, and gain valuable insights from a seasoned expert Lily Chau. 00:00 Introduction and teaser 04:27 Role of auto-remediation in cloud security program 07:21 Benefits of auto-remediation 08:37 Factors to consider in prioritizing auto-remediation 13:09 How to measure the impact and ROI of remediation activities 15:22 IaC or Auto-remediations - where to focus? 19:24 How to avoid security mishaps? 21:10 Better alternatives to auto-remediation 22:45 Challenges of designing and implementing auto-remediation 25:35 Stakeholders involved in implementing auto-remediation 27:06 Recommendation for organizations implementing auto-remediation 29:30 How to stay updated on new security vulnerabilities 31:10 Future of auto-remediations 33:25 Challenges of AI in security space 35:50 Cybersecurity framework that has helped Lily 37:18 Summary 38:15 Rating Security Practices Section

In this episode of ScaletoZero, Join us for an in-depth exploration of IAM, a critical component of cloud security. Discover key considerations for setting up IAM, common vulnerabilities, and best practices for securing remote access and sensitive data. Learn how to balance compliance with effective security, evaluate the right solutions, and promote a security-conscious culture within your organization. Transcript: https://www.scaletozero.com/episodes/demistifying-identity-and-access-management-with-john-giglio/ What is IAM: https://www.cloudanix.com/learn/what-is-iam 00:00 Teaser and Introduction 05:00 Defining Identity and Access Management. 07:31 Key things to consider before setting your IAM. 09:30 Different ways access permissions may get compromised. 13:30 Other recommendations where security can be enforced. 15:20 Providing access in a remote-first environment. 19:10 Ensuring data security in a remote-first environment. 21:27 Approaching the secure management of secrets and keys in the cloud, considering the shared responsibility model. 25:52 Right time to use custom keys and cloud provider-provided keys. 27:36 Balancing between checkbox compliance and deep security program. 30:35 Evaluating the right security solution. 32:32 Using security baselines to promote security culture within the organization. 35:58 Using threat intelligence to improve the security baselines. 37:56 How can security leaders handle burnout and stress? 45:00 Summary 45:55 Rating Security Practices

Join us for a thought-provoking discussion on the intersection of security and human behavior. In this episode of the ScaletoZero podcast, we have discovered how psychological factors contribute to cybersecurity risks, and learn effective strategies to mitigate them. From understanding security fatigue to leveraging user behavioral analytics, this episode offers valuable insights for building a more resilient security posture. 00:00 Teaser, Introduction, and more. 07:20 Biggest human behavioral factors contributing to cybersecurity risks. 09:35 Leveraging human psychology to understand employee behavior for security incidents. 12:45 Understanding the concept of security fatigue. 15:40 Spreading awareness of the shared responsibility model in other business units. 19:00 Tactics to develop effective security awareness programs. 24:40 Developing security architecture keeping human behavior in mind. 27:15 Leveraging User Behavioral Analytics to identify potential security incidents. 30:15 Concept of user-friendly security, its importance, and more. 36:40 Getting prepared for phishing attacks or social engineering attacks. 39:19 How to react in case of attacks? 43:05 How can security professionals handle burnout? 46:05 Future plans of our guest (Cassie Clark) 48:05 Summary 48:57 Rating Security Practices section

In this episode of ScaletoZero, join us as our host delves deep into the world of cloud security with a senior security engineer - Kushagra Sharma from Booking.com. Discover how to define security boundaries, leverage threat intelligence, and foster a security-conscious culture. Learn practical strategies for implementing permissions boundaries and balancing security with business agility. Tune in to build a rock-solid cloud security foundation! Watch on YouTube: https://youtu.be/-01jHIMRR2I 00:00 Teaser, Introduction, and Setting the stage 05:20 Defining security boundaries and baselines in a cloud environment. 08:15 Utilising concepts of security boundaries for creating a strong security foundation. 10:45 Leveraging threat intelligence for building and improving security baselines. 14:55 Promoting security culture beyond technical boundaries. 17:50 Balancing between security baselines and updated cloud service or feature. 23:19 Security teams unblocking core business areas. 27:00 Strategies to implement permissions boundaries when migrating from on-prem to cloud. 31:25 Is building one-size-fits-all security boundaries possible? 35:25 Keeping the right balance between security requirements and standardization 37:45 Designing common and specific security architecture across a multi-cloud setup 41:30 Summary 42:32 Rating Security Practices Section