Look for any podcast host, guest or anyone
Showing episodes and shows of

Fwd:cloudsec

Shows

Cloud Security Podcast
Cloud Security PodcastAI is already breaking the Silos Between AppSec & CloudSecThe silos between Application Security and Cloud Security are officially breaking down, and AI is the primary catalyst. In this episode, Tejas Dakve, Senior Manager, Application Security, Bloomberg Industry Group and Aditya Patel, VP of Cybersecurity Architecture discuss how the AI-driven landscape is forcing a fundamental change in how we secure our applications and infrastructure.The conversation explores why traditional security models and gates are "absolutely impossible" to maintain against the sheer speed and volume of AI-generated code . Learn why traditional threat modeling is no longer a one-time event, how the lines between AppSec and...
2025-11-041h 11Between Product and Partnerships
Between Product and PartnershipsWhen AI Meets Security: Managing Risk in Connected SystemsIn this episode of Between Product and Partnerships, Cristina Flaschen, CEO of Pandium, speaks with Nate Lee, Founder of Cloudsec.ai, about the evolving challenges of security in SaaS ecosystems, AI, and integrations. Their conversation explores lessons from real-world incidents, risk management in fast-moving environments, and the emerging landscape of AI agents.Nate’s Background and Security PerspectiveWith over a decade of experience as a Chief Information Security Officer, Nate has helped scale-ups build security programs focused on AI-native startups and cloud environments. His approach is grounded in pragmatism, meaning prevention is im...
2025-10-2239 minModern Cyber with Jeremy Snyder
Modern Cyber with Jeremy SnyderChris Farris of fwd:cloudsecIn this special in-person episode of Modern Cyber, recorded at fwd:cloudsec Europe, Jeremy is joined by cloud security expert and conference organizer Chris Farris. Drawing on his over 30 years in IT, Chris recounts his journey into cloud security, from his early days with Linux to moving video archives to AWS S3. The conversation revisits the foundational mindset shifts that occurred with the rise of the cloud, focusing on the agility it brought and the security gaps it created, such as the transition from rigid, on-premises governance to the chaotic freedom of API calls and ClickOps.The...
2025-10-2150 minDigital Frontline: Daily China Cyber Intel
Digital Frontline: Daily China Cyber IntelNSA vs MSS: Hacking Allegations Fly as AWS Outage Sparks ChaosThis is your Digital Frontline: Daily China Cyber Intel podcast.This is Ting, coming at you straight from the digital foxhole, where every byte matters and paranoia is just good sense. The past 24 hours in China cyber intel? Buckle up—it’s been a wild ride, and I’ve got the lowdown on what’s buzzing across the Great Firewall and into the cloud.First up, the Ministry of State Security over in Beijing—let’s call them the MSS, because even spies appreciate a good acronym—dropped a bombshell on their WeChat channel. According to their latest p...
2025-10-2005 minSilicon Siege: China\'s Tech Offensive
Silicon Siege: China's Tech OffensiveSilicon Shocker: China's Cyber Siege Heats Up as US Tech Titans Play DefenseThis is your Silicon Siege: China's Tech Offensive podcast.Hey everyone, Ting here, back with the latest from Silicon Siege—China’s tech offensive against US infrastructure is hotter than a loaded GPU, and I’ve got the byte-sized scoop from the past two weeks. Let’s cut to the chase… this isn’t your grandma’s phishing scam. What we’re seeing is a coordinated series of deep, persistent, and frankly, pretty impressive cyber strikes—targeting everything from industrial secrets to the very silicon in our supply chains.First up, industrial espionage. According to multiple analysts, suspecte...
2025-10-2004 minLowOpsCast
LowOpsCast#36 Leandro Venancio: AppSec raiz, DevSecOps e hacking na veiaNo episódio dessa semana do LowOpsCast, recebemos Leandro Venâncio https://www.linkedin.com/in/leandro-venancio, um verdadeiro canivete suíço da segurança cibernética brasileira.Com mais de 20 anos de experiência, o Leandro já atuou como dev, sysadmin, arquiteto de segurança, professor, hacker ético, DPO, red teamer, e hoje é uma das referências mais completas do Brasil em AppSec, DevSecOps, CloudSec e cultura de segurança como pilar de negócio.Neste papo você vai ouvir sobre:- Como construir uma carreira sólida e versátil em segurança- A diferença entre fazer DevSecOps de...
2025-10-041h 35The Cybersecurity Defenders Podcast
The Cybersecurity Defenders Podcast#253 - Defender Fridays: Building the Strelka File Scanning System with Josh Liburdi from DoorDashJosh Liburdi, Principal Engineer of Security Operations at DoorDash, joins Maxime Lamothe-Brassard, LimaCharlie CEO / Founder, to talk about building the Strelka file scanning system.As a security engineer who works in security operations (prevention, detection, and response), Josh has more than a decade of industry experience and has worked at several diverse organizations, including Brex, Target, and CrowdStrike.He also presents at information security conferences (BSides NYC & SF, SANS, fwd:cloudsec), is a published author (Bluenomicon from Splunk, Huntpedia from Sqrrl), and is active in the open source security community with contributions to many projects...
2025-10-0330 minModern Cyber with Jeremy Snyder
Modern Cyber with Jeremy SnyderDhruv Ahuja of Chaser SystemsIn this special live episode recorded at fwd:cloudsec 2025 , Jeremy is joined by Dhruv Ahuja of Chaser Systems for a deep dive into the world of financial services, network evolution, and elegant security solutions. Dhruv shares his experiences working in the highly regulated financial sector and explains why many parts of the industry, like market data feeds, still rely on bespoke, low-latency infrastructure outside the cloud. The discussion also covers Dhruv's presentation on using Let's Encrypt with AWS IAM Roles Anywhere to create an interoperable, PKI-based authentication system for machines. The episode concludes with a fascinating conversation on the...
2025-09-0231 minModern Cyber with Jeremy Snyder
Modern Cyber with Jeremy SnyderJason Kao of Fog SecurityRecorded live at fwd:cloudsec 2025, this episode of Modern Cyber features a conversation between Jeremy and Jason Kao, founder of FoxSecurity. Drawing from his experience across enterprises, startups, and cloud security consulting, Jason unpacks the growing complexity of IAM in the cloud—focusing on the “duplicitous” nature of AWS permissions and the challenges in enforcing effective data perimeters.The two explore the shift from traditional network boundaries to identity-based security models, and Jason shares practical takeaways for organizations looking to improve IAM strategy in the face of sprawling permissions and conflicting access controls.Guest Bio – Jason Ka...
2025-08-0729 minModern Cyber with Jeremy Snyder
Modern Cyber with Jeremy SnyderToni de la Fuente of ProwlerRecorded live at fwd:cloudsec 2025, this episode of Modern Cyber features Toni de la Fuente, founder of Prowler, one of the most widely adopted open source cloud security tools. Toni joins Jeremy to reflect on nearly a decade of building in the cloud security space, sharing the origin story of Prowler, lessons from maintaining open source software, challenges in cloud forensics, and the evolving threat landscape. They also explore how AI, platform complexity, and compliance frameworks are shaping the next generation of cloud security. About Toni de la FuenteToni de la Fuente is the...
2025-07-2535 minModern Cyber with Jeremy Snyder
Modern Cyber with Jeremy SnyderKyler Middleton & Sai GunaranjanIn this special episode recorded at fwd:cloudsec 2025 in Denver, Jeremy sits down with two cloud leaders from Veradigm: Kyler Middleton and Sai Gunaranjan. The duo shares insights from their joint talk on securing AI usage in enterprise platforms, highlighting real-world challenges around governance, model usage, data sovereignty, and developer enablement.With the health tech industry as a backdrop, they reflect on balancing innovation with control, managing AI risks, and fostering collaboration between platform engineering and governance teams. This episode is a timely and practical look at the realities of secure AI adoption in modern organizations.
2025-07-1124 minfwd:cloudsec
fwd:cloudsecDefenders hate it! Compromise vulnerable SaaS applications with this one weird trick (Eric Woodruff)https://youtu.be/rQxc9N4gBqASpeaker: Eric WoodruffThroughout his 25-year career in the IT field, Eric has sought out and held a diverse range of roles. Currently the Chief Identity Architect for Semperis; Eric previously was a member of the Security Research and Product teams. Prior to Semperis, Eric worked as a Security and Identity Architect at Microsoft partners, spent time working at Microsoft as a Sr. Premier Field Engineer, and spent almost 15 years in the public sector, with 10 of them as a technical manager.Eric is a Microsoft MVP for security, recognized...
2025-07-0249 minfwd:cloudsec
fwd:cloudsecPutting Workload Identity to Work: Taking SPIFFE past day 0 (Dave Sudia)https://youtu.be/oHlPGzpFT_cSpeaker: Dave SudiaDave Sudia went from Platform Engineering to Product Engineering; in both roles he has had to stand up infrastructure in repeatable but constantly evolving architectures, taking into account usability, security, and scalability. He is the world's biggest fan of Infrastructure-as-Code. By day you'll find him enabling developers to do their best work and by night you'll find him hanging with his kid, whose hobbies are now Dave's hobbies.Talk:With the rise in popularity of open-source standards and tools like SPIFFE and SPIRE, it’s never been ea...
2025-07-0225 minfwd:cloudsec
fwd:cloudsecHappy Little Clouds: Painting Pictures with Microsoft Cloud and Identity Data (Matt Graeber)https://youtu.be/nwYzVTL8Y4YSpeaker: Matt GraeberMatt is a threat researcher focused on detecting Microsoft cloud and identity threats. Coining the term and establishing the strategy of "living off the land" in 2013 along with Chris Campbell, he has an extensive history of identifying ways to abuse native functionality in Microsoft products. Matt is dedicated to helping make defense accessible to all.Talk: You're tasked with detecting an Entra ID, Azure or Microsoft 365 attack technique. Where do you start? How do you identify what data sources are available to observe the technique? Of...
2025-07-0244 minfwd:cloudsec
fwd:cloudsecIntroducing GRC Engineering: A New Era of AWS Compliance (AJ Yawn)https://youtu.be/nEM7z266D6oSpeaker: AJ YawnAJ Yawn is an experienced cybersecurity leader specializing in cloud compliance, governance, risk, and compliance (GRC) engineering, with nearly 15 years of experience. AJ currently serves as Director of GRC Engineering at Aquia, leading innovative approaches to compliance automation and cloud security. He previously founded ByteChek, a compliance automation startup focused on SOC 2 and HIPAA, achieving over $1M in annual recurring revenue. AJ also served as a partner at Armanino LLP, a top 20 CPA Firm, spearheading product innovation in compliance and audit automation.As a dedicated...
2025-07-0227 minfwd:cloudsec
fwd:cloudsecStaying Sneaky in the Office (365) (Christian Philipov)https://youtu.be/l5lpIF_QZCESpeaker: Christian PhilipovChris is a principal security consultant and leads the specialist services within Reversec. As part of his day to day he leads the global team that deals with various different types of engagements of both a transactional and more bespoke nature. Chris specialises in Microsoft Azure predominantly with GCP and AWS as an additional background.Talk:Microsoft are getting better at closing out security gaps in well-known APIs and components of their platform. However, as shown across the different cloud service providers, these interconnected systems almost...
2025-07-0225 minfwd:cloudsec
fwd:cloudsecNot So Secret: The Hidden Risks of GitHub Actions Secrets (Amiran Alavidze)https://youtu.be/k3DBur7iEHMSpeaker: Amiran AlavidzeAmiran is a passionate product security professional with over 20 years of experience spanning systems engineering, security operations, GRC, and product and application security. As a security engineering leader, he champions a pragmatic, scalable approach to security - where collaboration between security, developer, and platform teams turns security into a business enabler rather than a bottleneck.With a deep understanding of evolving cloud architectures and modern development practices, Amiran focuses on helping organizations align security with velocity, ensuring defenses scale effectively in dynamic environments.An avid supporter...
2025-07-0221 minfwd:cloudsec
fwd:cloudsecTrust Issues: What Do All these JSON files actually mean? (David Kerber)Speaker: David KerberDave is an engineer and longtime AWS practitioner with a focus on IAM and AWS security tooling. He’s led product and engineering teams at startups and billion-dollar companies, raised millions from VCs, built two CSPMs, and now consults on AWS security for Fortune 500 companies. He maintains open-source projects in the AWS IAM space and is currently obsessed with perfecting his focaccia.Talk: As cloud security practitioners, we spend our days wrangling IAM policies—but for all the JSON we manage, it’s still surprisingly hard to answer basic questions like: “Who can access this S3 bucket?” or “What c...
2025-07-0224 minfwd:cloudsec
fwd:cloudsecInviter Threat: Managing Security in a new Cloud Deployment Model (Meg Ashby)https://youtu.be/ilnOvSV0QtYSpeaker: Meg AshbyMeg does cloud security for Alloy, a fintech in NYC. Previous to Alloy she worked at Marcus by Goldman Sachs, but that was way less fun. At Alloy, Meg does IAM, networking, data, and kubernetes security (and everything else related or tangentially-related to AWS & security). When detached from her computer, Meg dances and is part of a ballet performance group.Talk:Vendors are looking for ways to differentiate themselves in a crowded market and organizations are looking for solutions that are cheaper, faster, and easier for their...
2025-07-0125 minfwd:cloudsec
fwd:cloudsecI Didn’t Register for This: What’s Really in Google’s Artifact Registry? (Moshe Bernstein)https://youtu.be/hHe9cKfSfqISpeaker: Moshe BernsteinMoshe is a Senior Security Researcher specializing in cloud vulnerability research at Tenable Cloud Security. With nearly a decade of experience in cybersecurity, Moshe has developed a strong focus on network and operational security, web vulnerability research, and cloud infrastructure security.Talk:We scanned all of the Google-owned container images you might be using on the Artifact Registry for vulnerabilities and secrets. You probably won't like what we found.
2025-07-0124 minfwd:cloudsec
fwd:cloudsecNo IP, No Problem: Exfiltrating Data Behind IAP (Ariel Kalman)https://youtu.be/g-XCNobgvaMSpeaker: Ariel KalmanAriel Kalman is a cloud security researcher based in Israel, actively engaged in cloud-related security research at Mitiga. With a specialization in application security, Ariel excels in discovering new attack vectors associated to cloud environmentTalk:Google Cloud’s Identity-Aware Proxy (IAP) is often seen as the final gatekeeper for internal GCP services - but what happens when that gate quietly swings open? This session uncovers how subtle misconfigurations in IAP can lead to serious data exposure, even in environments with no public IPs, strict VPC Service Controls, and ha...
2025-07-0121 minfwd:cloudsec
fwd:cloudsecRebuilding ROADRecon for the Modern Entra Environment (Thomas Byrne)https://youtu.be/dTUeAhzmIu8Speaker: Thomas ByrneThomas is a security consultant at Reversec. He has experience in a range of areas including application, network and cloud security. He focuses his time mainly on Azure, DevOps and researching cloud specific vulnerabilities outside of work.Talk:In the ever-evolving landscape of cybersecurity, tools that help security professionals enumerate and understand their environments are invaluable. ROADRecon, an open-source tool designed to enumerate Azure AD (now Entra) environments, has been a staple for many. However, with the impending deprecation of the Azure AD Graph API, ROADRecon faces a...
2025-07-0124 minfwd:cloudsec
fwd:cloudsecInside Microsoft's Battle Against Cloud-Enabled Deepfake Threats (Alessandro Brucato)Speaker: Alessandro BrucatoAlessandro is a senior Threat Research Engineer at Sysdig, working on cloud security. His research mainly focuses on cloud threats and supply chain attacks. In addition to research, he’s keen on bug bounty programs and has received rewards from several large companies. Alessandro is also a contributor to Stratus Red Team, a tool to emulate offensive attack techniques in the cloud, and Falco, a graduated CNCF project.Talk:In December 2024, Microsoft’s Digital Crimes Unit (DCU) took legal action against LLMjacking threat actors, who developed tools designed to bypass the guardrails of generative AI services to crea...
2025-07-0122 minfwd:cloudsec
fwd:cloudsecPatience brings prey: lessons learned from a year of threat hunting in the cloud (Greg Foss)Speaker: Greg FossGreg Foss is a seasoned cybersecurity leader with over 15 years of experience spanning threat research, security operations, and offensive security. As the Engineering Manager of Threat Detection Engineering at Datadog, he leads a team of elite threat hunters and detection engineers, developing cutting-edge defenses against sophisticated cloud-native intrusions by nation-state and criminally motivated adversaries. His team transforms deep research and intelligence into actionable security insights, strengthening Datadog’s security platform.Speaker: Anthony RandazzoAnthony Randazzo leads the detection engineering function at Datadog on their cloud security platform. He has nearly 20 years of experience in security operations roles across Se...
2025-07-0125 minfwd:cloudsec
fwd:cloudsecECS-cape – Hijacking IAM Privileges in Amazon ECS (Naor Haziz)https://youtu.be/WXdB-9pTqAUSpeaker: Naor HazizNaor Haziz is a security researcher and low-level developer at Sweet Security with over seven years of experience in vulnerability research, exploit development, and system internals. He holds a degree in Computer Science and previously served as an officer in the IDF Intelligence Corps, leading a team focused on Windows and Linux security. At Sweet Security, he develops the company’s security sensor, designing and implementing high-performance detection capabilities for cloud environments. His work combines low-level development and cloud security research to improve monitoring, threat detection, and de...
2025-07-0137 minfwd:cloudsec
fwd:cloudsecThe Good, The Bad, and The Vulnerable: Breaking Down GCP Tenant Projects (Ofir Balassiano)https://youtu.be/WUO_-AgpcxsSpeaker: Ofir BalassianoOfir Balassiano leads AI and Cloud security posture research at Palo Alto Networks, uncovering critical vulnerabilities in GCP and Azure. With over a decade of experience in security, he has a proven track record of impactful research and innovative solutions. Prior to Palo Alto Networks, Ofir served as head of security at Dig Security, driving key security initiatives, and as a senior researcher at XM Cyber, where he specialized in Windows internals and EDR strategies. His career began in the IDF, where he led a team focused...
2025-07-0120 minfwd:cloudsec
fwd:cloudsecData Perimeter Implementation Strategies: It is one thing to know how to configure SCPs/RCPs, and another for your organization to implement them (Agnel Amodia)https://youtu.be/Pd6rbBjiXaASpeaker: Agnel AmodiaI’m Agnel Amodia, a Senior Technical Lead at Vanguard Group, specializing in Identity and Access Management. With over 15 years of experience, including 7 years in cloud security, I design enterprise-grade security systems for AWS cloud databases. Previously, I worked as a system programmer and researcher in India, building Neural Network Machine Learning-based software for the National Crime Records Bureau. I’m also a passionate security researcher who loves finding loopholes and crafting solutions. For me, security isn’t just work — it’s a passion I truly enjoy.Talk: Data...
2025-07-0123 minfwd:cloudsec
fwd:cloudsecIAM Roles Anywhere – now for everyone with Let's Encrypt (Dhruv AHUJA)https://youtu.be/M1hXUcBMf1QSpeaker: Dhruv AHUJADhruv is a former SRE and founded Chaser Systems in 2020. He's mostly Wiresharking, tinkering with PKI or tuning stacks as he once did in the low-latency world of financial data, only this time for network security. He is also a Rust programmer, cares deeply about developer experience, dabbles in cryptography and holds a master's degree in Advanced Software Engineering from King's College London. He's always 5 years of practice away from being able to play Chopin on the piano – an accomplishment that will surely coincide with IPv6 ov...
2025-07-0119 minfwd:cloudsec
fwd:cloudsecBeyond the Big Three: Mastering Oracle Cloud Security in a Multi-Cloud World (Dani Kaganovitch)Speaker: Dani KaganovitchDani Kaganovitch is a Product Manager at RockSteady, a stealth cloud security startup. Before that, Dani worked at Google Cloud and Oracle Cloud, helping customers navigate various cloud use cases at scale in areas of core infrastructure workloads, FinOps, and observability. Through working with hundreds of organizations of different sizes, Dani organized and presented technical workshops at conferences, which led to becoming an advocate for effectively and efficiently solving real-world multi-cloud security challenges. Now, Dani focuses on ensuring customers’ environments are secure by design through the application of security policies that are practical, enforceable, and don’t brea...
2025-07-0121 minfwd:cloudsec
fwd:cloudsecSecuring Remote MCP Servers (Jake Berkowsky)https://youtu.be/9-e4VVPlWB8Speaker: Jake BerkowskyJake is a Principal Architect heading Snowflake's Cybersecurity Data Cloud. At Snowflake, Jake's mission is to evangelize and enable the implementation of modern security analytics and engineering. Prior to joining Snowflake, Jake has had a diverse background of technical and leadership roles having most recently served as Co-Founder and CTO of a Cloud Consulting and Data Intelligence company. He regularly maintains his experience and interests in the areas of cloud, devops and development and is an active outdoorsman and nature enthusiast.Talk:Once again...
2025-07-0124 minfwd:cloudsec
fwd:cloudsecwhoAMI: Discovering and exploiting a large-scale AMI name confusion attack (Seth Art)Speaker: Seth ArtSeth Art is currently a Security Researcher & Advocate at Datadog. Prior to joining Datadog, Seth created and led the Cloud Penetration Testing practice at Bishop Fox. He is the author of many open source tools including BadPods, IAMVulnerable, and CloudFoxable, and the co-creator of the popular cloud penetration testing tool, CloudFox.Talk:It’s not every day you stumble upon a technique that enables remote code execution (RCE) in thousands of AWS accounts at once—but that’s exactly what happened with the whoAMI attack. By researching a known misconfiguration through a new lens, we discovered how to gai...
2025-07-0138 minfwd:cloudsec
fwd:cloudsecDetecting the Undetectable: Threat Hunting in Appliance Environments (Shahar Dorfman & Sagi Tzadik)https://www.youtube.com/watch?v=1rfB0Pb0t2oSpeaker: Shahar DorfmanShahar is a threat hunting researcher at Wiz, where she focuses on identifying and analyzing emerging cyber threats to enhance security defenses.Speaker: Sagi TzadikSagi Tzadik is a security researcher on the Wiz Research team. His expertise lies in identifying and exploiting vulnerabilities in web applications, as well as in network security and protocols. He has been recognized for his work and was featured on the MSRC Top Security Researcher Leaderboard.
2025-07-0121 minfwd:cloudsec
fwd:cloudsecWelcome Talk by Aaron Zollmanhttps://www.youtube.com/watch?v=p8PZiqXoVTcAn introduction to fwd:cloudsec North America 2025 by Aaron Zollman
2025-07-0108 minCloud Security Podcast
Cloud Security PodcastHow Attackers Stay Hidden Inside Your Azure CloudIn this episode, Ashish sits down with Christian Philipov, Principal Security Consultant at WithSecure, to explore the stealth tactics threat actors are using in Azure and why many of these go undetected.Christian breaks down the lesser-known APIs like Ibiza and PIM, how Microsoft Graph differs from legacy APIs, and what this means for defenders.The 3 common ways attackers stay stealthy in AzureWhy read-only enumeration activity often isn’t loggedWhat detection is possible and how to improve itHow conditional access and logging configuration can help defendersWhy understanding Microsoft Graph matters for security ops...
2025-04-1035 minSecurity Weekly Podcast Network (Audio)
Security Weekly Podcast Network (Audio)Soft skills for engineers - Evgeniy Kharam, Paul Nguyen - ESW #401When we use the phrase "talent gap" in cybersecurity, we're usually talking about adding headcount. For this interview, however, we're focusing on a gap that is evident within existing teams and practitioners - the often misunderstood soft skills gap. Side note: I really hate the term "soft skills". How about we call them "fundamental business skills", or "invaluable career advancement skills"? Hmm, doesn't quite roll off the tongue the same. Soft skills can impact everything, as they impose the limits of how we interact with our world. That goes for co-worker interactions, career advancements, and...
2025-04-072h 03Enterprise Security Weekly (Video)
Enterprise Security Weekly (Video)How attackers exploit identity gaps to get into your cloud and SaaS - Paul Nguyen - ESW #401You might know them from their excellent research work on groups like Scattered Spider, or their refreshing branding/marketing style, but Permiso is laying some impressive groundwork for understanding and defending against identity and cloud-based attacks. In this interview, we talk with co-founder and co-CEO Paul Nguyen about understanding the threats against some of cybercriminals' favorite attack surface, insider threats, and non-human identity compromise. Segment Resources: This blog post from our threat research team on Scattered Spider shows how threat actors move laterally in an environment across identity providers, Iaas, PaaS and SaaS environments, and how...
2025-04-0743 minSecurity Weekly Podcast Network (Video)
Security Weekly Podcast Network (Video)How attackers exploit identity gaps to get into your cloud and SaaS - Paul Nguyen - ESW #401You might know them from their excellent research work on groups like Scattered Spider, or their refreshing branding/marketing style, but Permiso is laying some impressive groundwork for understanding and defending against identity and cloud-based attacks. In this interview, we talk with co-founder and co-CEO Paul Nguyen about understanding the threats against some of cybercriminals' favorite attack surface, insider threats, and non-human identity compromise. Segment Resources: This blog post from our threat research team on Scattered Spider shows how threat actors move laterally in an environment across identity providers, Iaas, PaaS and SaaS environments, and how...
2025-04-0743 minEnterprise Security Weekly (Audio)
Enterprise Security Weekly (Audio)Soft skills for engineers - Evgeniy Kharam, Paul Nguyen - ESW #401When we use the phrase "talent gap" in cybersecurity, we're usually talking about adding headcount. For this interview, however, we're focusing on a gap that is evident within existing teams and practitioners - the often misunderstood soft skills gap. Side note: I really hate the term "soft skills". How about we call them "fundamental business skills", or "invaluable career advancement skills"? Hmm, doesn't quite roll off the tongue the same. Soft skills can impact everything, as they impose the limits of how we interact with our world. That goes for co-worker interactions, career advancements, and...
2025-04-072h 03Tech Talk
Tech TalkNavigating The Complexities Of AI. How To Embrace It?As organisations begin to rely more on AI-driven solutions and cloud infrastructure, they also face challenges in implementation, security, and regulation. How can businesses navigate these complexities while staying ahead of technological advancements? Joining us today is Adriana Kamelia, Co-Founder of CloudSec LLC, and an experienced AI and emerging technologies professional. Having worked with Fortune 500 companies and trained thousands of professionals in AI and automation, Adriana brings insights into digital transformation, cloud security, and the future of AI adoption. In this episode of Tech Talk, we discuss the evolving role of...
2025-03-1936 minScreaming in the Cloud
Screaming in the CloudReplay - Hacking AWS in Good Faith with Nick FrichetteOn this Screaming in the Cloud Replay, we’re taking you back to our chat with Nick Frichette. He’s the maintainer of hackingthe.cloud, and holds security and solutions architect AWS certifications, and in his spare time, he conducts vulnerability research at Hacking the Cloud. Join Corey and Nick as they talk about the various kinds of cloud security researchers and touch upon offensive security, why Nick decided to create Hacking the Cloud, how AWS lets security researchers conduct penetration testing in good faith, some of the more interesting AWS exploits Nick has discovered, how it’s fun to pla...
2024-12-2632 minTech Talks by Lawrence Harvey
Tech Talks by Lawrence HarveyCracking the Code: DevSecOps in ActionIn this episode, we dive into the practicality of DevSecOps, uncovering this buzzword to understand how it transforms securing the software development process. We also explore the nuances that differentiate CloudSec from DevSecOps, shedding light on their distinct roles in safeguarding digital assets. Additionally, we discuss how to structure an organization that embraces security culture, gaining buy-in from both technical and non-technical stakeholders. Tune in to discover the essential principles and practices that can help your organization prioritize security while maintaining efficiency and innovation. Guest: Larry Lidz, CISO, Cisco CX Cloud
2024-12-0340 mincloudonaut
cloudonaut#092 The Cloud Control API came a long wayAndreas and Michael discuss how to leverage the Cloud Control API to overcome missing resources in Terraform. Andreas and Michael Wittig are building on AWS since 2009. Follow their journey of developing products like bucketAV, marbot, and HyperEnv and learn from practice. Links Review: Amazon GuardDuty Malware Protection for S3 Are you missing an AWS resource in Terraform? Try awscc provider! Vector - A lightweight, ultra-fast tool for building observability pipelines fwd:cloudsec Europe - Cloud-Conscious Tactics, Techniques, and Procedures (TTPs) fwd:cloudsec Europe - Who Watches the...
2024-10-1135 minCloud Security Podcast
Cloud Security PodcastThe Role of Cloud Security Research in 2024Why does Cloud Security Research matter in 2024? At fwd:cloudsec EU in Brussels, we sat down with Scott Piper, a renowned cloud security researcher at Wiz, to discuss the growing importance of cloud security research and its real-world impact. Scott spoke to us about the critical differences between traditional security testing and cloud security research, explaining how his team investigates cloud providers to find out vulnerabilities, improve detection tools, and safeguard data. Guest Socials:⁠ ⁠⁠⁠⁠⁠⁠Scott's Linkedin + Scott's Twitter Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp
2024-10-0235 minModern Cyber with Jeremy Snyder
Modern Cyber with Jeremy SnyderRojan Rijal of Ophion & Jonathan Walker of SecurityRunnersIn this episode of Modern Cyber, Jeremy sits down with two cybersecurity experts—Jonathan Walker, founder of Security Runners, and Rojan Rijal, founder of Ophion Security—live from fwd:cloudsec 2024. The trio discusses the importance of scanning in red teaming, managing attack surfaces, and how to handle large-scale cloud environments. They dive into the challenges of asset inventory, scaling security efforts, and the need for empathy when working with development teams on vulnerability remediation. Jonathan and Rojan also share insights from their latest projects, including open-source tools and live security exercises. This episode is packed with practical advice for orga...
2024-09-1225 minCloud Security Podcast
Cloud Security PodcastState of Cloud Security - Practitioner EditionIn this episode of the Cloud Security Podcast, we bring together an incredible panel of experts to explore the evolving landscape of cloud security in 2024. Hosted by Ashish Rajan, the discussion dives deep into the challenges and realities of today’s multi-cloud environments. With perspectives ranging from seasoned veterans to emerging voices this episode offers a broad spectrum of insights from cloud security practitioners who are living and breathing cloud security everyday. We are very grateful to our panelist who took part in 1st of its kind edition for the State of Cloud Security - Meg Ashby, Damien Burks, Ch...
2024-09-0456 minModern Cyber with Jeremy Snyder
Modern Cyber with Jeremy SnyderZack Glick of Zatik SecurityIn this episode of Modern Cyber, Jeremy Snyder speaks with Zack Glick, founder of Zatik Security, live from fwd:cloudsec 2024. Zack shares insights from his extensive experience in cloud incident response, including his time at AWS, where he handled major incidents like Heartbleed and Log4j. He discusses the importance of maintaining calm during high-pressure situations and the unique challenges of managing cloud-based incidents, emphasizing the role of the incident commander over the technical responder. The conversation also touches on Zack's transition to founding Zatik Security, a company offering fractional application security services tailored for small businesses, and the...
2024-08-2922 minModern Cyber with Jeremy Snyder
Modern Cyber with Jeremy SnyderMarina Segal of TamnoonIn this episode of Modern Cyber, Jeremy catches up with Marina Segal of Tamnoon at fwd:cloudsec 2024. Across the course of the conversation, the pair discuss Marina's long career in cloud security, the evolution of the threat landscape and the increasingly complex alphabet soup of security solutions in the market. Covering the challenges of managing misconfigurations, the importance of prioritizing risks, and the debate around automated remediation, Marina also offers valuable insights into striking the right balance between technology and human intervention in cloud security operations. This episode is packed with practical advice for security professionals aiming to navigate...
2024-08-0823 minCloud Security Podcast
Cloud Security PodcastState of Cloud Security 2024 - Leadership EditionLeadership Insights on Cloud Security in 2024. Ashish sat down with return guest Srinath Kuruvadi, a seasoned cloud security leader with over two decades of experience in the field. Together, they explored the current state and future of cloud security, discussing the importance of detection & incident response teams, building and maintaining a robust cloud security program, understanding the importance of stakeholder management, and the role of data security in mitigating risks. Srinath shared his perspective on the evolution of cloud security, the critical need for a prevention-first mindset while tackling the challenges of managing security in a multi-cloud environment
2024-08-0625 minModern Cyber with Jeremy Snyder
Modern Cyber with Jeremy SnyderNoah McDonald of Google CloudIn this episode of Modern Cyber, Jeremy meets with Noah McDonald from Google Cloud to talk about the intricacies and best practices of incident response in cloud environments. Noah shares valuable insights into identifying and mitigating cyber threats, the importance of understanding your environment's architecture, and the critical role of logging and threat modeling. The discussion covers the challenges of responding to breaches, the process of forensic analysis, and the importance of timely and transparent communication with clients. Filmed live at fwd:cloudsec 2024 in Arlington, Virginia, this is an episode you don't want to miss. About Noah...
2024-07-3032 minTux Flash
Tux FlashAch hier die mit dem Totalausfall. Nein, nein wir sind Cloudsec.Hauke und Micha kommen mal wieder über einige Umwege auf Spammails, den Crowdstrike Vorfall und Linux Mint 22 zu sprechen.
2024-07-261h 34Absolute AppSec
Absolute AppSecEpisode 252 w/ Rami McCarthy - Security Startups, JobsProduct Security and Cloud security guru Rami McCarthy (@ramimacisabird on X) comes on the Absolute AppSec podcast with Ken and Seth (@cktricky and @sethlaw)! To get to know Rami, you should first check out his website here to get acquainted with some of his latest prodigious activities: https://ramimac.me/. He’s recently delivered a talk regarding zero-touch prod at Fwd:CloudSec and finished a stint as a Security Engineer at Figma. For folks interested in questions of security consulting, management, AWS and cloud security as well as many of the other large questions in infosec, Rami is always a gr...
2024-07-1600 minCyberBytes: The Podcast
CyberBytes: The PodcastCyberBytes: RSA 2024 Edition: Upwind with Amiram ShacharToday’s guest is Amiram Shachar, Co-Founder & CEO @ Upwind a Cloud Security Platform focused on Runtime Security.Before founding Upwind around 18 months ago, Amiram successfully built and sold Spot.io despite investor concern.In this episode, Amiram and I cover: Amiram’s background starting in the Israeli military Learnings from the success of his first saleThe problem Upwind is trying to solve What is Runtime Security The future for Upwind Future trends in the CloudSec space#Cyberbytes #Upwind #CloudSecAmiram’...
2024-06-2114 minIdentity at the Center
Identity at the Center#276 - CloudSec with Kat Traxler of TrustOnCloudIn this thought-provoking episode of Identity at the Center, hosts Jim McDonald and Jeff Steadman engage in a candid conversation with security researcher Kat Traxler from TrustOnCloud. They delve into the intricacies of cloud identity management, discussing the unique challenges and strategies for securing assets in cloud environments like GCP and AWS. Kat sheds light on the importance of understanding the resource hierarchy in GCP and the nuances that differentiate it from AWS. The trio also explores the evolution of IAM tools and their applicability in the cloud, the debate between least privilege and zero standing privilege, and the...
2024-04-221h 02Cyber Sutra
Cyber Sutra#17 Roadmap for learning CloudSec for IaaS, PaaS and SaaSBasics for learning CloudSec for IaaS, PaaS and SaaS.
2024-02-1922 minCyber Sit-down
Cyber Sit-downS2 Ep3: Cracking the Code: DevSecOps in ActionIn this episode, we dive into the practicality of DevSecOps, uncovering this buzzword to understand how it transforms securing the software development process. We also explore the nuances that differentiate CloudSec from DevSecOps, shedding light on their distinct roles in safeguarding digital assets. Additionally, we discuss how to structure an organization that embraces security culture, gaining buy-in from both technical and non-technical stakeholders. Tune in to discover the essential principles and practices that can help your organization prioritize security while maintaining efficiency and innovation. Guest: Larry Lidz, CISO, Cisco CX Cloud To speak to Jason, please email...
2024-02-1540 minKBKAST
KBKASTEpisode 239 Deep Dive: James Campbell | Cloud Security Complexity and the Role of Automation in Digital ForensicsIn this episode, we are joined by James Campbell (CEO and Co-Founder of Cado Security) as we explore modern digital forensics and the complexity of the cloud. They discuss the transition from on-premise to cloud operations, the unique risks associated with ephemeral cloud infrastructure, and the growing need for automation in digital forensics to streamline routine tasks and enable security professionals to focus on advanced problem-solving. Join us as we unravel the intricacies of cloud security, automation in digital forensics, and the continuous learning and adaptation necessary to stay ahead in the rapidly evolving industry. With over 15...
2024-01-3136 minCloud Security Podcast
Cloud Security PodcastBuild an Effective AWS Cloud Security Program in 2024How can you build a robust cloud security program in AWS, particularly as a startup and small to medium-sized businesses navigating AWS in 2024? We spoke to Chris Farris, who is the event chair for fwd:cloudsec, a known cloud security expert and one of the first AWS Heroes for security. Chris shared his insights on how to build a security strategy that is both practical and effective in today's dynamic cloud environment. From discussing the importance of AWS organizations and Identity Centre to breaking down the complexities of cloud security posture management. You will hear actionable advice...
2024-01-0548 minResilient Cyber
Resilient CyberS5E7: Darwin Salazar - Data, Detections & the Cybersecurity MarketNikki -  Can you tell us a little bit about what interested you in cloud security in the first place? I know you have a particular interest in misconfigurations - was there a singular event that spurred your interest? Chris - What are your thoughts around Guardrails in the cloud and using things such as event based detections?Chris - You interestingly took a Product role, but have a Detection and CloudSec background. How has the Product role been and do you think having the practitioner background helps you be a more effective Product Manager an...
2023-11-1429 minCrying Out Cloud
Crying Out Cloud#10 - fwd:cloudsec With Special Guest Scott Piperfwd:cloudsec event highlights podcast special - Featuring our special wizard guest Scott Piper, who is also the co-founder of fwd:cloudsec! A non-profit conference on cloud security that discusses all the major cloud platforms, both attack and defense research, limitations of security features, the pros and cons of different security strategies, and more! fwd:cloudsec 2023 videos: https://www.youtube.com/playlist?list=PLCPCP1pNWD7MR1SwekwbZls9TGzqo_LHx
2023-09-1929 minResilient Cyber
Resilient CyberS5E2: Scott Piper - Modern Cloud Security and ResilienceChris: First off, you've been knee deep in CloudSec for several years now, watching trends, incidents and the industry evolve. Where do you think we've made the most headway, and where do you think we still have the largest gaps to close?Nikki: I'm really interested in multi-cloud environments and security - because of the connectivity potential between separate cloud providers. What do you think organizations should be most concerned with when looking at using multiple cloud providers? Chris: You recently contributed to a report with the Atlantic Council about the systemic risks of Cloud a...
2023-09-0841 minPODCAFÉ TECH
PODCAFÉ TECHIrmãos a obra: reformando sua cibersegurançaSend us a textHora de treinar a segurança cibernética e conquistar o pódio da proteção de dados! 🏅Você já pensou que os funcionários são a principal fonte de vazamentos de dados dentro de uma empresa? É hora de fortalecer a conscientização e a segurança cibernética. Batemos um papo com Moisés Margotto e Rodrigo Pace para saber mais sobre como tornar o ambiente interno da empresa ainda mais seguro.Descubra como você pode começar a se prevenir dessa dor de cabeça. Pegue seu café e dê o play...
2023-07-111h 02Screaming in the Cloud
Screaming in the CloudNavigating Continuous Change in Cloud Security with Brandon ShermanBrandon Sherman, Cloud Security Engineer at Temporal Technologies Inc., joins Corey on Screaming in the Cloud to discuss his experiences at recent cloud conferences and the ongoing changes in cloud computing. Brandon shares why he enjoyed fwd:cloudsec more than this year’s re:Inforce, and how he’s seen AWS events evolve over the years. Brandon and Corey also discuss how the cloud has matured and why Brandon feels ongoing change can be expected to be the continuing state of cloud. Brandon also shares insights on how his perspective on Google Cloud has changed, and why he’s excite...
2023-07-1134 minCloud Security Podcast
Cloud Security PodcastSo You WANT TO DO Google Cloud Threat Detection - Start here!Cloud Security Podcast - Cybersecurity Threat hunting explained for Google Cloud. Day Johnson is a threat detection engineer and in this episode of Cloud security for Google Cloud security we spoke about how to start doing threat detection in Google Cloud, the common threats and attack vectors in GCP Episode YouTube Video - https://youtu.be/FCVG7-lFu0Q Host Twitter: Ashish Rajan (⁠⁠⁠⁠@hashishrajan⁠⁠⁠⁠) Guest Socials: Day Johnson's Linkedin (Day - Linkedin⁠) Podcast Twitter - ⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠ ⁠⁠⁠⁠@CloudSecureNews⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check...
2023-07-1139 minSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)ISC StormCast for Monday, July 10th, 2023DSSuite Didier Toolbox Cokcer Image Update https://isc.sans.edu/diary/DSSuite%20%28Didier%27s%20Toolbox%29%20Docker%20Image%20Update/30008 More MoveIT Flaws and new Service Pack https://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023 Cisco Nexus 9000 Flaw https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX
2023-07-1004 minSANS Stormcast: Daily Cyber Security News
SANS Stormcast: Daily Cyber Security NewsISC StormCast for Monday, July 10th, 2023DSSuite Didier Toolbox Cokcer Image Updatehttps://isc.sans.edu/diary/DSSuite%20%28Didier%27s%20Toolbox%29%20Docker%20Image%20Update/30008 More MoveIT Flaws and new Service Packhttps://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023 Cisco Nexus 9000 Flawhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX
2023-07-1004 minSANS Stormcast: Daily Cyber Security News
SANS Stormcast: Daily Cyber Security NewsISC StormCast for Monday, July 10th, 2023DSSuite Didier Toolbox Cokcer Image Updatehttps://isc.sans.edu/diary/DSSuite%20%28Didier%27s%20Toolbox%29%20Docker%20Image%20Update/30008 More MoveIT Flaws and new Service Packhttps://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023 Cisco Nexus 9000 Flawhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX
2023-07-1004 minSANS Internet Storm Center\'s Daily Network Security News Podcast
SANS Internet Storm Center's Daily Network Security News PodcastNetwork Security News Summary for Monday July 10th, 2023DSSuite Update; New MoveIT Flaw; Nexus 9000 Flaw; DSSuite Didier Toolbox Cokcer Image Update https://isc.sans.edu/diary/DSSuite%20%28Didier%27s%20Toolbox%29%20Docker%20Image%20Update/30008 More MoveIT Flaws and new Service Pack https://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023 Cisco Nexus 9000 Flaw https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX keywords: nexus; 9000; encryption; moveit; sql injection; sqli; dssuite
2023-07-1004 minCyber Morning Call
Cyber Morning CallCyber Morning Call - #349 - 07/07/2023[Referências do Episódio] - Boletim de segurança do Android - julho de 2023 - https://source.android.com/docs/security/bulletin/2023-07-01?hl=pt-br - Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX - Threat Alert: Anatomy of Silentbob’s Cloud Attack - https://blog.aquasec.com/threat-alert-anatomy-of-silentbobs-cloud-attack - The five-day job: A BlackByte ransomware intrusion case study - https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/ - Increased Truebot Activity Infects U.S. an...
2023-07-0707 minCrying Out Cloud
Crying Out Cloud#5 - MOVEit Transfer 0day vulnerabilities (Special Guest: Scott Piper)Join your favorite hosts, @Eden and @Amitai, on the latest "Crying Out Cloud" rollercoaster 🎢 Spoiler Alert: We've got @Scott Piper, the cloud security guru, joining the conversation too! His insights are amazing, so we've reserved a special upcoming episode just for him 😎 On today's journey, we are: 1️⃣ Peeling back the layers of MOVEit Transfer 0day vulnerabilities 🕵️ 2️⃣ Breaking down CVSSv4💥 3️⃣ Sharing insider takeaways from fwd:cloudsec 2023 (FOMO, anyone?).🔮 4️⃣ Getting real about the Barracuda ESG 0day vulnerability (we're not fishing around! 🐠). Important Links: https://www.first.org/cvss/v4-0/https://thehackernews.com/2023/06/third-flaw-uncovered-in-moveit-transfer.htmlhttps://www.mandiant.com/resources/bl...
2023-06-2633 minAWS Morning Brief
AWS Morning Briefre:Inforce and fwd:cloudsec with Scott PiperLast week in security news: Videos from fwd:cloudsec are now available on YouTube, AWS announces AWS Payment Cryptography, Amazon CodeGuru Security is now available in preview, and more!Links:There was lots of great content presented at fwd:cloudsec.  The day-long videos are up on YouTube. You can use the schedule to help find the talks you're interested in.In contrast to AWS's "Shared Responsibility Model", I appreciate GCP's "Shared Fate Model" where they put their own skin in the game in ensuring their customers are protected.  In their New Cryptomining Protection Program, they offer $1M...
2023-06-2207 minISTS - i sh0t the sheriff
ISTS - i sh0t the sheriffEdição 140 15.06.2023Roteiro: Luiz Eduardo, Nelson Murilo, Willian Caprino Produção: Halfmouth Podcasts Some Music from: https://www.bensound.com Eventos: Teve: THOTCON, YSTS, re:inforce e fwd:cloudsec BSidesSP CFPs: Sector.ca até 22 de junho. Notícias: https://www.bleepingcomputer.com/news/security/barracuda-says-hacked-esg-appliances-must-be-replaced-immediately/ https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally https://labs.watchtowr.com/xortigate-or-cve-2023-27997/ https://www.bleepingcomputer.com/news/security/chinese-hackers-use-dns-over-https-for-linux-malware-communication/ Música Mais Notícias: https...
2023-06-1957 minScreaming in the Cloud
Screaming in the CloudCentralizing Cloud Security Breach Information with Chris FarrisChris Farris, Cloud Security Nerd at PrimeHarbor Technologies, LLC, joins Corey on Screaming in the Cloud to discuss his new project, breaches.cloud, and why he feels having a centralized location for cloud security breach information is so important. Corey and Chris also discuss what it means to dive into entrepreneurship, including both the benefits of not having to work within a corporate structure and the challenges that come with running your own business. Chris also reveals what led him to start breaches.cloud, and what he’s learned about some of the biggest cloud security breaches so far. ...
2023-06-0835 minScreaming in the Cloud
Screaming in the CloudExciting Times in Cloud Security with Chris FarrisChris Farris, Cloud Security Nerd at Turbot, joins Corey on Screaming in the Cloud to discuss the latest events in cloud security, which leads to an interesting analysis from Chris on how legal departments obscure valuable information that could lead to fewer security failures in the name of protecting company liability, and what the future of accountability for security failures looks like. Chris and Corey also discuss the newest dangers in cloud security and billing practices, and Chris describes his upcoming cloud security conference, fwd:cloudsec. About ChrisChris Farris has been in...
2023-03-2132 minScreaming in the Cloud
Screaming in the CloudSolving for Cloud Security at Scale with Chris FarrisAbout Chris Chris Farris has been in the IT field since 1994 primarily focused on Linux, networking, and security. For the last 8 years, he has focused on public-cloud and public-cloud security. He has built and evolved multiple cloud security programs for major media companies, focusing on enabling the broader security team’s objectives of secure design, incident response and vulnerability management. He has developed cloud security standards and baselines to provide risk-based guidance to development and operations teams. As a practitioner, he’s architected and implemented multiple serverless and traditional cloud applications focused on deployment, security, operations, and fina...
2023-01-2435 minCloud Out Loud Podcast
Cloud Out Loud PodcastEpisode 21 - Encouraging Women in Tech and InfoSec specificallySend us a textWomen in IT, Cloud Security, and InfoSec with Marsha WilsonEpisode 21: Show NotesWelcome back to another episode of Cloud Out Loud! Today we are joined, once again, by Marsha Wilson to discuss the presence of women in IT, cloud security, and InfoSec. Marsha is the CEO of ScaleSec and has had a fascinating career that spans the military and the private sector. Tuning in you’ll hear Marsha’s thoughts on how the field has evolved since she first started out, along with the chan...
2022-10-1735 minAWS Morning Brief
AWS Morning BriefThe Spiritual Alignment of Cloud EconomicsLinks:Last week LastPass reported (yet another) security issue, wherein their source code was stolen. Finally: an honest recap of fwd:cloudsec and re:Inforce 2022 from someone who had the stomach to sit through the entirety of the latter.The Register reports on a growing trend of using AWS resources to hide phishing attacks.Expanded eligibility for the free MFA security key program How to centralize findings and automate deletion for unused IAM rolesIdentifying publicly accessible resources with Amazon VPC Network Access Analyzer The tool of the week: popeye is a Kubernetes cluster resource sanitizer.
2022-09-0104 minApplication Security Weekly (Audio)
Application Security Weekly (Audio)ASW #207 - Chen Gour ArieIn today's high-tech industries, security is struggling to keep up with rapidly changing production systems and the chaos that agile development introduces into workflows. Application security (AppSec) teams are fighting an uphill battle to gain visibility and control over their environments. Rather than invest their time in critical activities, teams are overwhelmed by gaps in visibility and tools to govern the process. As a result, many digital services remain improperly protected. In this episode, we plan to address and discuss the current state of AppSec, and point out a few common failure points. Afterwards we plan to discuss what...
2022-08-101h 18Application Security Weekly (Video)
Application Security Weekly (Video)Auth Problems from Parsing, Slack's Password Hashes, Twitter's Info Breach - ASW #207Nextauth.js account takeover due to parsing flaw, URL parsing flaw in Go's net/url, another path traversal, Slack exposes password hashes (whaaat!?), Twitter exposes 5.4 million accounts, ransomware and research against PyPI and GitHub, videos from fwd:cloudsec 2022.   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw207
2022-08-0941 minDetection at Scale
Detection at ScaleCedar’s CISO Aaron Zollman: Lessons From Building a Modern Security TeamAaron Zollman is the CISO at Cedar — a patient payment and engagement platform for hospitals, health systems, and medical groups that elevates the patient experience. Prior to Cedar, Aaron spent time in security at companies like Bridgewater, Palantir, and MUFG Bank, Japan’s largest bank.  In today’s episode, Aaron and Jack discuss lessons and tips to help organizations build a modern security team that’s capable of detection and response at scale.  Topics discussed: What Aaron learned as he transitioned from the public sector to the private sector.  How security tools have evolved over the tim...
2022-06-1332 minPODCAFÉ TECH
PODCAFÉ TECHCybersegurança: Controle e prevenção de fraudesSend us a textControle de fraudes é um universo em Cybersegurança, neste episódio do Podcafé da TI batemos um papo com o Moisés Margotto (CyberSec, CloudSec and InfoSec Leader) que generosamente compartilhou um pouco de sua vasta experiência atuando internacionalmente. Um episódio imperdível aguardando pelo seu clique! Não entre em roubada e dá logo o play!Participantes:Moisés Margotto:  CyberSec, CloudSec and InfoSec LeadeDyogo Junqueira: Co-Host do PodCafé TechGuilherme Gomes: Co-Host do PodCafé TechAnderson Fonseca: Co-Host do PodCafé Tec...
2022-05-241h 14Screaming in the Cloud
Screaming in the CloudThe Independent AWS Security Researcher with Scott PiperAbout ScottCloud security historian.Developed flaws.cloud, CloudMapper, and Parliament.Founding team for fwd:cloudsecLinks:Block: https://block.xyz/Twitter: https://twitter.com/0xdabbad00
2022-04-1938 minRelating to DevSecOps
Relating to DevSecOpsEpisode #041: Holistic Cloud Medicine in the Face of the Modularization of Cloud Components Affects ApplicationsSend us a textA continuing trend in cloud and application security has been the modularization of application functions that offloads the developer responsibility for security and even some development! We cover how these cloud legos affect secure architectures, how the assessment paradigm shifts to configuration, how traditional silos such as #cloudsec, #netsec, and #appsec change. Mike brings a real world scenario and provoking thoughts around how we can possibly call something secure if we don't understand all the cards and players. In this episode Mike coins the phrase of holistic medicine in cloud. As l...
2022-03-1731 minAbsolute AppSec
Absolute AppSecEpisode 162 - Mike McCabe (@mccabe615) - Cloud SecurityAfter a week's hiatus, the Absolute AppSec-ers return with guest Mike McCabe (@mccabe615) to talk about all things Cloud Security. Discussions on cloud security tools, various differences between AWS and Azure, infrastructure as code (IaC), and predictions on cloudsec merging with appsec in the future.
2022-02-2200 minМимокрокодил
МимокрокодилВыпуск #12 - Денис Якимов. Про devsecops в большом банке и медийность с автором DevSecOps Wine канала.В этот раз у нас в гостях Денис Якимов занимающий позицию Head of DevSecOps в одном из крупнейших банков России, в широких кругах известен как автор нескольких популярных телеграмм каналов, таких как DevSecOps Wine CloudSec Wine и AppSec & DevSecOps Jobs. Денис рассказал чем занимается человек на такой уникальной для СНГ позиции как Head of DevSecOps, что в ходит в круг его задач и поделится опытом их решения. Вторая часть подкаста освещает тему медийности в ИБ и её влияние на карьеру. Кажется, вышло интересно! Внутри - Как Денис пришел к текущей позиции - Мнение Дениса о роли devsecops практик в ландшафте защиты компании - Какие стоит покупать, а где лучший друг open source - История развития DevSecOps wine канала - Рассуждения не тему роли медийности в карьере ИБ специалиста
2021-12-0853 minCloud Security Podcast
Cloud Security Podcastfwd:cloudsec conference this week, Vulnerabilities discovered in AWS - Cloud Security NewsCloud Security News this week - 15 September 2021 Oracle Chief Technology Officer and co-founder Larry Ellison told  their investors this week that Oracle Cloud is superior to AWS when it comes to security and cost. He shared that they don't think  an application should talk to five or six separate databases referencing AWS’ database offerings and calling it a  very, very risky security architecture. If you are keen to learn more about how the cloud providers rank, Gartner released a report in July 2021 noting that over 90% of the worldwide cloud market was concentrated in just four cloud providers. Amazon Web S...
2021-09-1503 minCloud Security News
Cloud Security News15 Sep, 2021 - Oracle superior to AWS? AWS Vulnerabilities Discovered and fwd:cloudsec conference held this weekCloud Security News this week - 15 September 2021 Oracle Chief Technology Officer and co-founder Larry Ellison told  their investors this week that Oracle Cloud is superior to AWS when it comes to security and cost. He shared that they don't think  an application should talk to five or six separate databases referencing AWS’ database offerings and calling it a  very, very risky security architecture. If you are keen to learn more about how the cloud providers rank, Gartner released a report in July 2021 noting that over 90% of the worldwide cloud market was concentrated in just four cloud providers. Amazon Web S...
2021-09-1503 minעושים תוכנה Osim Tochna
עושים תוכנה Osim Tochna[עושים תוכנה] למה לענן יש שם רע בעולם הsecurity?פיתוח וdeployment על גבי הענן הופך לנפוץ יותר ויותר ומביא איתו הרבה חידושים שמשפרים את היכולות שלנו לפתח מהר יותר אפליקציות גדולות ומורכבות יותר.אחד מההיבטים המעניינים שמשתנה עם המעבר לענן הוא נושא הsecurity וההתמודדות איתו.הזמנו לאולפן את משה פרבר, יועץ ואושייה בתחום הCloud Security ופרשנו את המונחים החשובים ביותר בענן, דיברנו על מודל חלוקת האחריות וענינו גם על השאלה משם הפרק וכמו כן על אחרות.האזנה נעימה, עמית.https://www.ads.ranlevi.com/2021/02/28/overwolf-osimtochna-cloudsec/
2021-02-2844 minScreaming in the Cloud
Screaming in the CloudDefining Your Consultancy Niche Part 2 with Scott PiperLinks Referenced: Company website: http://summitroute.comflaws.cloud: http://flaws.cloudfwd:cloudsec: https://fwdcloudsec.org/Twitter: https://twitter.com/0xdabbad00 
2021-01-2142 minScreaming in the Cloud
Screaming in the CloudBest Practices for AWS Security - Part 1 with Scott PiperAbout Scott PiperScott is an independent consultant helping companies secure their AWS environments through private trainings.  He created the free training sites flaws.cloud and flaws2.cloud, along with the open-source projects CloudMapper, Parliament, and more.Links Referenced: Connect with Scott Piper on... LinkedInTwitter: @0xdabbad00 Company website: Summit Routeflaws.cloudflaws2.cloudfwd:cloudsec
2021-01-1442 minDay[0]
Day[0]iOS 0days are worthless, PrintDemon, and a takeover of hackeroneAre iOS 0days now worthless? Can you hack a satellite...or hackerone? Are WAFs worthwhile? And more on a fairly discussion heavy episode of DAY[0]. [00:00:52] [UPDATE] Huawei HKSP Introduces Trivially Exploitable Vulnerability https://github.com/cloudsec/aksp/blob/master/hksp.patch [00:11:59] iOS one-click chains prices likely to drop https://www.hackasat.com/ [00:33:30] Defcon Quals 2020 https://hxp.io/blog/72/DEFCON-CTF-Quals-2020-notbefoooled/ [00:46:33] vBulletin 5.6.1 SQL Injection [00:52:52] Subdomain takeover of resources.hackerone.com [01:01:11] MyLittleAdmin PreAuth RCE [01:06:13] DOM-Based XSS at accounts.google.com by Google Voice Extension. [01:16:47] Playing with GZIP: RCE in GLPI...
2020-05-202h 32