Scale to Zero - No Security Questions Left Unanswered

In this episode of the ScaletoZero podcast, we had an enlightening discussion with cloud security expert Rich Mogull. We delve into the Cloud Security Maturity Model (CSMM) and its profound impact on modern cybersecurity practices. Rich takes us on a journey through the evolution of CSMM, from its inception to its current significance in cloud security strategies. 00:00 Teaser 01:02 Introduction 07:35 What is the Cloud Security Maturity Model? 09:30 Importance of CSMM and Life before Cloud Security Maturity model 13:10 How does CSPM align with the existing cloud framework 17:22 Challenges security leaders face when implementing CSMM 21:50 Recent updates to the Cloud Security Maturity Model 26:50 Impact of updates to organizations following existing CSMM 30:14 How can organizations use CSMM v2 32:32 Cloud Security Lab A Week 35:00 Journey of Cloud security lab a week 37:50 Wisdom for folks thinking of starting a project around cloud security 40:00 Summary 41:00 Rating Security Practices section

Join us with our expert, Joe, as we delve into the evolution, complexities, and solutions for safeguarding data and systems in the cloud. From discussing emerging threats to sharing expert insights on best practices, Joe will unravel the mysteries and empower you with actionable knowledge. Watch the complete episode now! 00:00 Teaser 00:40 Introduction 01:00 Evolution of cloud complexities and it's security 04:00 Securing your own infrastructure based on cloud complexities 05:50 Review and keep the attack surface clean 08:00 Prioritizing risks and what area to focus 10:45 Resources to implement cloud security 12:10 How to remediate security findings 14:40 Evolution of cloud security landscape in the last decade 17:40 Emerging trends and technologies 19:10 Using GenAI for security 23:00 Summary 23:55 Rating Security Practices

In this engaging ScaletoZero podcast episode, cybersecurity expert Htet Aung delves into the complexities of software supply chain security, emphasizing the importance of practices like software bill of materials (SBOM) and container image signing. He also rates key security practices and recommends valuable resources for further exploration. Don't miss out! 00:00 Start and Podcast teaser 01:20 Guest Introduction 04:45 What is Software Supply Chain Security? 05:38 Importance of software supply chain security for organizations 08:10 Tackling supply chain security challenges 11:10 Prioritizing software composition based on SBOMs 14:00 Analyzing SBOMs to improve security and compliance 15:15 What is Container Image Signing? 17:07 Different methods of Container image signing 19:00 Best practices when incorporating container image signing 20:50 Prioritizing container image signing 24:55 Summary 25:55 Rating security practices section

Justice to Identity and Access Management 00:00 Teaser 01:00 Show Introduction 01:45 Guest Introduction 08:20 Why does IAM still need attention? 10:15 Why has IAM been getting more attention recently? 12:34 The ability to create users and roles at will is the advantage of the cloud & downfall of cloud IAM 14:55 How do organizations deal with these double-edged scenarios? 16:30 Prioritizing security configurations for IAM 20:10 Things organizations should keep in mind when working with IAM 23:00 Keeping balance between implementing best practices and SDLC 25:55 Why security is not given enough attention? 31:24 Top 5 IAM considerations for matured organizations 33:38 Summary 34:26 End of Part 1

Join us as we dive deep into the world of IAM and cloud security with the brilliant Andre Rall. 🌟 He's sharing his expert and practical strategies to protect your data, ensuring your digital fortress is impenetrable! 00:00 Teaser 01:18 Introduction 04:40 Day in our guest life 07:20 Why IAM needs attention? 10:55 From network to IAM, what changed? 13:45 Evolution of complexity of cloud security. 17:18 Keeping a balance between multi-cloud and security. 19:45 Top 5 security practices to incorporate in a multi-cloud environment. 22: 30 Mindset shift required in deploying workloads in data centers and in the cloud. 26:00 Mitigating the gap between security professional jobs and required proficiency. 29:00 How can security professionals upskill? 32:22 Building trust with your partners 34:20 Summary 35:20 Rating security practices

Unlock the power of secure coding with Jim Manico! 💡 Dive into the world of application security and learn from an expert like never before. 🤩 Get ready to have your mind blown as Jim Manico shares his deep knowledge on application security using generative AI. 🌟 Discover groundbreaking insights, practical tips, and game-changing strategies that will elevate your coding skills to a whole new level. 00:00 Teaser 00:44 Introduction 04:48 Confidence score on open source and AI-generated code recommendations 06:50 How to keep a balance between generating an AI code and keeping business-critical information safe 09:15 Data security when using Generative AI 13:13 Recommendations for folks using open-source technology 15:32 How does OWASP or CWE apply to GenAI security 17:40 Using Generative AI for secure software architectures 21:55 Secure coding practices 23:20 Mistakes developers often do during storing sensitive data 24:35 How to take care of web application security 28:00 Critical factors to keep in mind when building security applications 29:28 Summary 30:30 Rating security practices 37:00 Thank you

This episode of the Scale to Zero Podcast is an absolute game-changer! We have the brilliant Jeffrey Wheatman, who is dropping some serious knowledge bombs on third-party risk management. Protecting your organization has never been more crucial, but it doesn't have to be complicated. Jeffrey will guide you through the ins and outs, providing valuable insights on mitigating risks and maximizing value. 💼 Get ready to explore the world of risk and discover how it can impact your business. 01:08 Introduction 08:30 What is a third-party risk? 12:09 Do fintech startups need to pay attention to third-party risk management. 14:00 A security questionnaire is not enough? 18:50 Prioritising things to onboard third-party vendors. 24:40 Stack ranking vendors for their onboarding. 29:30 Cultural alignment between business and security teams. 33:50 Measuring the ROI on practices used for third-party risk management. 36:30 How has third-party risk management has evolved and what's the future. 40:30 Summary 41:39 Rating Security Practices section

Understanding and managing emotions effectively shape a harmonious workplace where collaboration thrives and trust grows bringing the right security awareness. 🌱⁣ In this episode of ScaletoZero, Shivani shares how EI is just as essential as IQ in creating an empowering company culture. Let's delve into this topic together and discover how emotional intelligence can transform your organization! 00:00 Teaser 01:08 Welcome to ScaletoZero and Guest Introduction 09:05 Introducing Emotional Intelligence 13:40 Why emotional intelligence is important for security leaders 16:22 Creating psychological safety within Team Members 22:22 How security leaders can develop a security-centric culture in their teams 28:10 Third-party risk management and focus areas 29:06 Right time to invest in a third-party risk management program 31:00 Are security certifications and SDLC processes not enough for onboarding third-party vendors 37:40 Vendor checklist to safeguard your own business-critical applications 40:40 Summary 41:20 Rating security practices

Brace yourself for a mind-blowing session with Chad Lorenc, a true guru in the field. Join us as we embark on an incredible journey to discover the secrets behind effective IAM strategies. Chad will be sharing his invaluable insights, unraveling the complexities, and shedding light on best practices. 00:00 Teaser 00:53 Introduction 04:50 Why IAM needs attention 12:00 Recent evolution of IAM 14:10 Communicating security goals with stakeholders 19:25 ROI after buying a security tool 21:10 Access to production cloud accounts 28:30 IAM Checklist for growing fintech industries 31:40 Ensuring decent cloud security hygiene 37:35 Recommended resources to manage cloud security complexity 39:10 Next complex areas of cloud security that need attention 41:40 Summary 42:30 Rating security practices section

We can't wait to uncover groundbreaking strategies that will revolutionize how we approach security in a cloud-native environment and DevSecOps. Let's empower our teams to build safer, faster, and more resilient applications together! 00:00 Trailer 01:05 Introduction to guest 05:00 Transition from DevOps to DevSecOps 07:40 Challenges of DevSecOps 10:40 Finding the right balance between shift left and SDLC 14:55 Keeping the right culture for an organization 17:40 Frictionless collaboration between security teams and DevOps teams 21:10 Security for organizations that are just starting on the cloud 23:40 Role of automation in the security of a cloud-native environment 27:20 Is using open source a good practice? 31:50 Evolution of DevOps and DevSecOps 35:00 Emerging trends in Cloud-native environment 36:00 Summary 37:47 Rating Security practices