Shows
AI Security PodcastVibe Coding for CISOs: Managing Risk & Opportunity in AI DevelopmentWhat happens when your product, sales, and marketing teams can build and deploy their own applications in a matter of hours? This is the new reality of "Vibe Coding," and for CISOs, it represents both a massive opportunity for innovation and a significant governance challenge.In this episode, join Ashish Rajan and Caleb Sima as they move beyond the hype to provide a strategic playbook for security leaders navigating the world of AI-assisted development. Learn how Vibe Coding empowers non-engineers to solve business problems and how you can leverage it to rapidly prototype security solutions yourself. Get...2025-06-271h 00AI Security PodcastVibe Coding, Slopsquatting, and the Future of AI in Software DevelopmentIn this episode, we welcome back Guy Podjarny, founder of Snyk and Tessl, to explore the evolution of AI-assisted coding. We dive deep into the three chapters of AI's impact on software development, from coding assistants to the rise of "vibe coding" and agentic development.Guy explains what "vibe coding" truly is, a term coined by Andrej Karpathy where developers delegate more control to AI, sometimes without even reviewing the code. We discuss how this opens the door for non-coders to create real applications but also introduces significant risks.Caleb, Ashish and Guy discuss:...2025-06-1249 minAI Security PodcastAI in Cybersecurity: Phil Venables (Formerly Google Cloud CISO) on Agentic AI & CISO StrategyDive deep into the evolving landscape of AI in Cybersecurity with Phil Venables, former Chief Information Security Officer at Google Cloud and a cybersecurity veteran with over 30 years of experience. Recorded at RSA, this episode explores the critical shifts and future trends shaping our industry.Caleb, Ashish and Phil speak aboutThe journey from predictive AI to the forefront of Agentic AI in enterprise environments.How organizations are transitioning AI from experimental prototypes to impactful production applications.The three essential pillars of AI control for CISOs: software lifecycle risk, data governance, and operational risk management.Current...2025-06-0644 minAI Security PodcastIs Your Browser the Biggest AI Security Risk?Are you overlooking the most critical piece of real estate in your enterprise security strategy, especially with the rise of AI? With 90% or more of employee work happening inside a browser, it's becoming the new operating system and the primary entry point for AI agents.In this episode, Ashish and Caleb dive deep into the world of Enterprise Browsers. They explore why this often-underestimated technology is set to disrupt how AI agents operate and why it should be top-of-mind for every security leader.Join us as we cover:What are Enterprise Browsers? Understanding these...2025-05-2946 minAI Security PodcastAI Red Teaming & Securing Enterprise AIAs AI systems become more integrated into enterprise operations, understanding how to test their security effectively is paramount.In this episode, we're joined by Leonard Tang, Co-founder and CEO of Haize Labs, to explore how AI red teaming is changing.Leonard discusses the fundamental shifts in red teaming methodologies brought about by AI, common vulnerabilities he's observing in enterprise AI applications, and the emerging risks associated with multimodal AI (like voice and image processing systems). We delve into the intricacies of achieving precise output control for crafting sophisticated AI exploits, the challenges enterprises face in...2025-05-1653 minAI Security PodcastRSA Conference 2025 Recap: Agentic AI Hype, MCP Risks & Cybersecurity's FutureCaleb and Ashish cut through the Agentic AI hype, expose real MCP (Multi-Cloud Platform) risks, and discuss the future of AI in cybersecurity. If you're trying to understand what really happened at RSA and what it means for the industry, you would want to hear this.In this episode, Caleb Sima and Ashish Rajan dissect the biggest themes from RSA, including:Agentic AI Unpacked: What is Agentic AI really, beyond the marketing buzz?MCP & A2A Deployment Dangers: MCPs are exploding, but how do you deploy them safely across an enterprise without slowing down business?AI...2025-05-091h 03AI Security PodcastMCP vs A2A Explained: AI Agent Communication Protocols & Security RisksDive deep into the world of AI agent communication with this episode. Join hosts Caleb Sima and Ashish Rajan as they break down the crucial protocols enabling AI agents to interact and perform tasks: Model Context Protocol (MCP) and Agent-to-Agent (A2A).Discover what MCP and A2A are, why they're essential for unlocking AI's potential beyond simple chatbots, and how they allow AI to gain "hands and feet" to interact with systems like your desktop, browsers, or enterprise tools like Jira. The hosts explore practical use cases, the underlying technical architecture involving clients and servers, and...2025-04-1854 minAI Security PodcastHow to Hack AI Applications: Real-World Bug Bounty InsightsIn this episode, we sit down with Joseph Thacker, a bug bounty hunter and AI security researcher, to uncover the evolving threat landscape of AI-powered applications and agents. Joseph shares battle-tested insights from real-world AI bug bounty programs, breaks down why AI AppSec is different from traditional AppSec, and reveals common vulnerabilities most companies miss, like markdown image exfiltration, XSS from LLM responses, and CSRF in chatbots.He also discusses the rise of AI-driven pentesting agents ("hack bots"), their current limitations, and how augmented human hackers will likely outperform them, at least for now. If you're wondering...2025-04-0550 minAI Security PodcastThe Future of Digital Identity: Fighting AI Deepfakes & Identity FraudCan you prove you’re actually human? In a world of AI deepfakes, synthetic identities, and evolving cybersecurity threats, digital identity is more critical than ever.With AI-generated voices, fake videos, and evolving fraud tactics, the way we authenticate ourselves online is rapidly changing. So, what’s the future of digital identity? And how can you protect yourself in this new era?In this episode, hosts Caleb Sima and Ashish Rajan is joined by Adrian Ludwig, CISO at Tools For Humanity (World ID project), former Chief Trust Officer at Atlassian, and ex-Google security lead for Andr...2025-03-2057 minAI Security PodcastThe Truth Behind AI Agents: Hype vs. RealityAI is evolving fast, and AI agents are the latest buzzword. But what exactly are they? Are they truly intelligent, or just automation in disguise? In this episode, Caleb Sima and Ashish Rajan spoke to Daniel Miessler—a cybersecurity veteran who is now deep into AI security research.🎙️ In this episode, we cover:✅ What AI agents really are (and what they’re NOT)✅ How AI is shifting from searching to making decisions✅ The biggest myths and misconceptions about AI automation✅ Why most companies calling their tools “AI agents” are misleading you...2025-02-281h 19AI Security PodcastHow AI is changing Detection Engineering & SOC Operations?AI is revolutionizing many things, but how does it impact detection engineering and SOC teams? In this episode, we sit down withDylan Williams, a cybersecurity practitioner with nearly a decade of experience in blue team operations and detection engineering. We speak about how AI is reshaping threat detection and response, the future role of detection engineers in an AI-driven world, can AI reduce false positives and speed up investigations, the difference between automation vs. agentic AI in security and practical AI tools you can use right now in detection & responseQuestions asked:(00:00...2025-02-0757 minAI Security PodcastWhat does your AI cybersecurity plan look like for 2025?Welcome to 2025! In this episode our hosts Ashish Rajan and Caleb Sima, tackle the pressing question: What should your AI cybersecurity game plan look like this year?
The rapid evolution of agentic AI—where AI agents can perform tasks autonomously—is set to transform businesses, but it comes with unprecedented security challenges. From the resurgence of Identity and Access Management (IAM) to the urgent need for least privilege strategies, this episode captures actionable insights for CISOs and security leaders.
What is agentic AI and how it may impact businesses?
Top 3 priorities for building an effective AI secu...2025-01-2638 minAI Security PodcastAI Cybersecurity Predictions 2025: Revolution or Reality?In this episode, to kick of 2025, we dive deep into AI and cybersecurity predictions for 2025 exploring the opportunities, challenges, and trends shaping the future of the industry.
Our hosts, Ashish Rajan and Caleb Sima sat down to discuss the evolution of SOC automation and its real-world impact on cybersecurity, the practical use cases for AI-enhanced security tools in organizations, why data security might be the real winner in 2025, the potential of agentic AI and its role in transforming security operations and predictions for AI-powered startups and their production-ready innovations in 2025.
Questions asked:2025-01-0856 minAI Security PodcastAI Red Teaming in 2024 and BeyondHost Caleb Sima and Ashish Rajan caught up with experts Daniel Miessler (Unsupervised Learning), Joseph Thacker (Principal AI Engineer, AppOmni) to talk about the true vulnerabilities of AI applications, how prompt injection is evolving, new attack vectors through images, audio, and video and predictions for AI-powered hacking and its implications for enterprise security.
Whether you're a red teamer, a blue teamer, or simply curious about AI's impact on cybersecurity, this episode is packed with expert insights, practical advice, and future forecasts. Don’t miss out on understanding how attackers leverage AI to exploit vulnerabilities—and how defenders can...2024-11-2251 minAI Security PodcastThe Current State of AI and the Future for CyberSecurity in 2024In this jam-packed episode, with our panel we explored the current state and future of AI in the cybersecurity landscape. Hosts Caleb Sima and Ashish Rajan were joined by industry leaders Jason Clinton (CISO, Anthropic), Kristy Hornland (Cybersecurity Director, KPMG) and Vijay Bolina (CISO, Google DeepMind) to dive into the critical questions surrounding AI security.
We’re at an inflection point where AI isn’t just augmenting cybersecurity—it’s fundamentally changing the game. From large language models to the use of AI in automating code writing and SOC operations, this episode examines the most significant challenges and opportunities in AI-dr...2024-11-041h 16AI Security PodcastWhat is AI Native Security?In this episode of the AI Cybersecurity Podcast, Caleb and Ashish sat down with Vijay Bolina, Chief Information Security Officer at Google DeepMind, to explore the evolving world of AI security. Vijay shared his unique perspective on the intersection of machine learning and cybersecurity, explaining how organizations like Google DeepMind are building robust, secure AI systems.
We dive into critical topics such as AI native security, the privacy risks posed by foundation models, and the complex challenges of protecting sensitive user data in the era of generative AI. Vijay also sheds light on the importance of embedding...2024-10-2327 minAI Security PodcastBlackHat USA 2024 AI Cybersecurity HighlightsWhat were the key AI Cybersecurity trends at BlackHat USA? In this episode of the AI Cybersecurity Podcast, hosts Ashish Rajan and Caleb Sima dive into the key insights from Black Hat 2024. From the AI Summit to the CISO Summit, they explore the most critical themes shaping the cybersecurity landscape, including deepfakes, AI in cybersecurity tools, and automation. The episode also features discussions on the rising concerns among CISOs regarding AI platforms and what these mean for security leaders.
Questions asked:
(00:00) Introduction
(02:49) Black Hat, DEF CON and RSA Conference
(07:18) Bl...2024-09-0646 minAI Security PodcastOur insights from Google's AI Misuse ReportIn this episode of the AI Cybersecurity Podcast, we dive deep into the latest findings from Google's DeepMind report on the misuse of generative AI. Hosts Ashish and Caleb explore over 200 real-world cases of AI misuse across critical sectors like healthcare, education, and public services. They discuss how AI tools are being used to create deepfakes, fake content, and more, often with minimal technical expertise. They analyze these threats from a CISO's perspective but also include an intriguing comparison between human analysis and AI-generated insights using tools like ChatGPT and Anthropic's Claude. From the rise of AI-powered impersonation to...2024-08-2133 minAI Security PodcastAI Code Generation - Security Risks and OpportunitiesHow much can we really trust AI-generated code more over Human generated Code today? How does AI-Generated code compare to Human generated code in 2024? Caleb and Ashish spoke to Guy Podjarny, Founder and CEO at Tessl about the evolving world of AI generated code, the current state and future trajectory of AI in software development. They discuss the reliability of AI-generated code compared to human-generated code, the potential security risks, and the necessary precautions organizations must take to safeguard their systems.
Guy has also recently launched his own podcast with Simon Maple called The AI Native Dev...2024-08-021h 10
re:invent securityAshish Rajan (Kaizenteq): "Data Sovereignty Will Define the Future of Cloud Security and Compliance"Join hosts Jeroen Prinse and Irfaan Santoe in this enlightening episode of Reinvent Security as they sit down with cloud security expert Ashish Rajan, founder of Kaizenteq and host of the Cloud Security Podcast. With 250+ cloud security podcasts to his name Ashish shares invaluable insights into the evolving landscape of cloud security, discussing key challenges, best practices, and future trends. Discover the importance of identity and access management, strategies to prevent misconfigurations, and how to balance data sovereignty with cloud service capabilities. Learn why incident response in the cloud needs more focus and how to strategically select the right...2024-07-2550 minAI Security PodcastExploring Top AI Security FrameworksWhich AI Security Framework is right for you? As AI is gaining momentum, we are starting to see quite a few frameworks appearing but the question is, which one should you start with and can AI help you decide! Caleb and Ashish tackle this challenge head-on, comparing three major AI security frameworks: Databricks, NIST, and OWASP Top 10. They break down the key components of each framework, discuss practical implementation strategies, and provide actionable insights for CISOs and security leaders. They may have had some help along the way.
Questions asked:
(00:00) Introduction
2024-07-1144 minAI Security PodcastPractical Applications and Future Predictions for AI Security in 2024What is the current state and future potential of AI Security? This special episode was recorded LIVE at BSidesSF (thats why its a little noisy), as we were amongst all the exciting action. Clint Gibler, Caleb Sima and Ashish Rajan sat down to talk about practical uses of AI today, how AI will transform security operations, if AI can be trusted to manage permissions and the importance of understanding AI's limitations and strengths.
Questions asked:
(00:00) Introduction
(02:24) A bit about Clint Gibler
(03:10) What top of mind with AI Security?2024-06-1744 minAI Security PodcastAI Highlights from RSAC 2024 and BSides SF 2024Key AI Security takeaways from RSA Conference 2024, BSides SF 2024 and all the fringe activities that happen in SF during that week. Caleb and Ashish were speakers, panelists, participating in several events during that week and this episode captures all the highlights from all the conversations they had and they trends they saw during what they dubbed the "Cybersecurity Fringe Festival” in SF.
Questions asked:
(00:00) Introduction
(02:53) Caleb’s Keynote at BSides SF
(05:14) Clint Gibler’s Bsides SF Talk
(06:28) What are BSides Conferences?
(13:55) Cybersecurity Fringe Festival
...2024-05-2243 minAI Security PodcastHow AI can be used in Cybersecurity Operations?How can AI change a Security Analyst's workflow? Ashish and Caleb caught up with Ely Kahn, VP of Product at SentinelOne, to discuss the revolutionary impact of generative AI on cybersecurity. Ely spoke about the challenges and solutions in integrating AI into cybersecurity operations, highlighting how can simplify complex processes and empowering junior to mid-tier analysts.
Questions asked:
(00:00) Introduction
(03:27) A bit about Ely Kahn
(04:29) Current State of AI in Cybersecurity
(06:45) How AI could impact Cybersecurity User Workflow?
(08:37) What are some of the concerns with...2024-04-1244 minAI Security PodcastThe Evolution of Pentesting with AIHow is AI transforming traditional approaches to offensive security, pentesting, security posture management, security assessment, and even code security? Caleb and Ashish spoke to Rob Ragan, Principal Technology Strategist at Bishop Fox about how AI is being implemented in the world of offensive security and what the right way is to threat model an LLM.
Questions asked:
(00:00) Introductions
(02:12) A bit about Rob Ragan
(03:33) AI in Security Assessment and Pentesting
(09:15) How is AI impacting pentesting?
(14:50 )Where to start with AI implementation in offensive Security?
2024-04-0453 minAI Security PodcastAI's role in Security Operation AutomationWhat is the current reality for AI automation in Cybersecurity? Caleb and Ashish spoke to Edward Wu, founder and CEO of Dropzone AI about the current capabilities and limitations of AI technologies, particularly large language models (LLMs), in the cybersecurity domain. From the challenges of achieving true automation to the nuanced process of training AI systems for cyber defense, Edward, Caleb and Ashish shared their insights into the complexities of implementing AI and the importance of precision in AI prompt engineering, the critical role of reference data in AI performance, and how cybersecurity professionals can leverage AI to amplify...2024-03-1851 minAI Security PodcastWhere is the Balance Between AI Innovation and Security?There is a complex interplay between innovation and security in the age of GenAI. As the digital landscape evolves at an unprecedented pace, Daniel, Caleb and Ashish share their insights on the challenges and opportunities that come with integrating AI into cybersecurity strategies
Caleb challenges the current trajectory of safety mechanisms in technology and how overregulation may inhibit innovation and the advancement of AI's capabilities. Daniel Miessler, on the other hand, emphasizes the necessity of accepting technological inevitabilities and adapting to live in a world shaped by AI. Together, they explore the potential overreach in AI safety...2024-02-2331 minAI Security PodcastBreaking Down AI's Impact on CybersecurityWhat does AI mean for Cybersecurity in 2024? Caleb and Ashish sat down with Daniel Miessler. This episode is a must listen for CISOs and cybersecurity practitioners exploring AI's potential and pitfalls. From the intricacies of Large Language Models (LLM) and API security to the nuances of data protection, Ashish, Caleb and Daniel unpack the most pressing threats and opportunities facing the cybersecurity landscape in 2024.
Questions asked:
(00:00) Introduction
(06:06) A bit about Daniel Miessler
(06:23) Current State of Artificial General Intelligence
(13:57) What going to change in security with AI?2024-02-0946 minAI Security PodcastInnovating Security Practices with AIAI Security using LLM, AI Agents & more can be used to innovate cyber security practices. In this episode Ashish and Caleb sit down to chat about the nuances of creating custom AI agents, the implications of prompt engineering, and the innovative uses of AI in detecting and preventing security threats. From discussing the complexity of Data Loss Prevention (DLP) in today's world to debating the realistic timeline for the advent of Artificial General Intelligence (AGI).
Questions asked:
(00:26) The impact of GenAI on Workforce
(04:11) Understanding Artificial General Intelligence
(05:57) Using...2024-02-0242 minAI Security PodcastHow are LLMs deployed in enterprise | AI ExplainedHow to efficiently secure, scale and deploy LLMs in an Enterprise? Kicking off 2024 with the final instalment of our AI Cybersecurity Primer. In this episode Caleb and Ashish talk about large language models (LLMs), their deployment in enterprise settings, and the nuances of their operation. They explore the challenges and opportunities in ensuring the security of these systems, emphasising the importance of cybersecurity measures in the evolving landscape of AI.
Questions asked:
(00:00) Introduction
(02:23) Deployment of LLM System
(07:13) Deployment in an Enterprise
(12:01) Threats with LLMs
(15:30) Protecting Data
(18:17) LLMs and Compliance
(19:51) LLM Control Plane
(26:36) Whats hot...2024-01-0344 minAI Security PodcastWhat are LLMs? | AI ExplainedYou cant protect what you don't understand. We are continuing Part 2 of our AI Primer on the AI Cybersecurity Podcast to understand what role AI will play in the world of cybersecurity. In this episde, Caleb and Ashish are levelling up the playing field, talking all things LLMs (Large Language Models), GenAI and laying the foundations with AI primers for cybersecurity in the season 1 of AI CyberSecurity Podcast.
Questions asked:
(00:00) Introduction
(02:34) Evolution of LLM and GenAI
(09:20) How does LLM work?
(17:15) Differentiating between LLMs
(22:05) The...2023-11-1744 minAI Security PodcastTypes of Artificial Intelligence | AI ExplainedTo understand what role AI will play in the world of cybersecurity, it important to understand the technology behind it. Caleb and Ashish are levelling up the playing field and laying the foundations with AI primers for cybersecurity in the season 1 of AI CyberSecurity Podcast.
What was discussed:
(00:00) Introduction
(02:36) Learning about AI/ML
(08:00) Acronyms of AI
(10:49) AGI - Artificial General Intelligence
(11:29) Three states of AGI
(13:48) AI/ML in Security Products
(17:03) Different kinds of learning
(21:51) Whats hot in the...2023-11-1630 min
AI Security PodcastAI CyberSecurity Podcast Launch TrailerAshish Rajan and Caleb Sima, who have been Cybersecurity practitioners and CISOs for over a decade, are combining forces to bring to you how CyberSecurity can be applied to AI without FUD.
Each episode discuss a AI Theme and What's Hot in AI. You can expect the episodes on your favorite Podcast Player every two weeks.
This is a Audio & Video podcast so you can find video of each episode on AI CyberSecurity Podcast YouTube Channel
If you have any AI & CyberSecurity queries or topics you would...2023-10-0903 min
Cloud Security PodcastKubernetes Security Explained for those starting today! - Kelsey HightowerIn this episode of the Virtual Coffee with Ashish edition, we spoke with Kelsey Hightower (@kelseyhightower) is the Staff Advocate at Google Cloud (@GoogleCloud) and co-author of “Kubernetes: Up and Running: Dive Into the Future of Infrastructure.”
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Kelsey Hightower (@kelseyhightower)
In this episode, Kelsey & Ashish spoke about
What is Kubernetes and Why is it so popular ?
Should Senior Leadership within organisations consider Kubernetes?
What are the different stages of Kubernetes complexities for organisation as it grows from Startup to an Enterprise?
Kubernetes Security at Application vs Platform Level
Kubern...2021-04-0554 min
Cloud Security PodcastGetting Infrastructure as Code (IaC) Security Culture right! - Yoni LeitersdorfIn this episode of the Virtual Coffee with Ashish edition, we spoke with Yoni Leitersdorf (@yonadavl) who is the CEO & Co-Founder of Indeni
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Yoni Leitersdorf (@yonadavl)
In this episode, Yoni & Ashish spoke about
What is digital transformation and why do we need it?
Infrastructure as Code and Infrastructure as Code Security
What drives digital transformation?
Who owns infrastructure as code in organisations?
Do security folks need to know how to code?
How to do configuration hardening well?
How to sell or drive infrastructure as code security to your organisation?
...2021-03-2843 min
Cloud Security PodcastAzure Security Best Practices for Cloud Architects - John SavillIn this episode of the Virtual Coffee with Ashish edition, we spoke with John Savill (Linkedin_John Savill) is the Principal Cloud Architect, Author and YouTuber.
Host: Ashish Rajan - Twitter @hashishrajan
Guest: John Savill (Linkedin_John Savill)
In this episode, John & Ashish spoke about
How is security different between Cloud Security vs On-Prem Security?
How does one track API/User Activity across Azure implementation?
What are some of the security products in Azure that are good practices for anyone starting today?
So what log must be collected to ensure all API events are collected?
What ar...2021-03-2157 min
Cloud Security PodcastWHAT IS INFRASTRUCTURE AS CODE SECURITY? - Barak SchosterIn this episode of the Virtual Coffee with Ashish edition, we spoke with Barak Schoster Goihman (@barakschoster) is the Co-Founder and CTO of Bridgecrew (@Bridgecrewio).
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Barak Schoster Goihman @barakschoster
In this episode, Barak & Ashish spoke about
What is Infrastructure as Code Security
Application Security vs Infrastructure as Code Security - are they same?
What is DevSecOps?
Where should one start? Ansible? Terraform? Kubernetes? Saltstack?
Configuration and Policy as Code - What are these?
How to get started on Infrastructure Security?
Open source vs Paid product, what should one consider be...2021-03-1438 min
Cloud Security PodcastINCIDENT RESPONSE IN AWS CLOUDIn this episode of the Virtual Coffee with Ashish edition, we spoke with Toni de la Fuente (@toniblyx) is the Senior Security Consultant at AWS (@AWSCloud) and author of Prowler - AWS Security Tool.
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Toni de la Fuente @toniblyx
In this episode, Toni & Ashish spoke about
What is Cloud Security Assessment?
The story behind the creation of Prowler and what Prowler does?
How is Prowler different to CIS benchmark?
How to set up an effective incident response plan?
How to respond to forensic collection evidence?
And much more…
ShowN...2021-03-0745 min
Cloud Security PodcastHow to become a CLOUD SECURITY ENGINEER IN 2021?In this episode of the Virtual Coffee with Ashish edition, we spoke with Nicholas McLaren (Linkedin - nmclarencys) is the Cloud Security Engineer, ByteChek(@Bytechek).
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Nicholas McLaren (Linkedin - nmclarencys
In this episode, Nick & Ashish spoke about
What qualifications do you need to become a cloud security engineer? Degrees, certifications etc
How to network effective to secure your 1st cloud security role?
Network in the world of Covid-19.
A day in the life of a Cloud Security Engineer
Soft skills required by Cloud Security Engineers
How to get re...2021-02-2847 min
Cloud Security PodcastKubernetes Security at Scale in A CI/CD Pipeline - Michael FraserIn this episode of the Virtual Coffee with Ashish edition, we spoke with Michael Fraser (@itascode) is the Chief Architect, Co-Founder at refactr (@RefactrIT).
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Michael Fraser - @itascode
In this episode, Michael & Ashish spoke about
What is DevSecOps?
What is Kubernetes?
Why would you use Kubernetes?
What should a Kubernetes Deployment look like when done right from a security perspective?
The building blocks of making Kubernetes part of your CICD pipeline.
Benchmarks to use to measure maturity of organisations
And much more…
ShowNotes and Episode Transcript on www.clo...2021-02-2156 min
Cloud Security PodcastContainer Security in AWS at Scale - Ben TomhaveIn this episode of the Virtual Coffee with Ashish edition, we spoke with Ben Tomhave (Linkedin - @btomhave) is the Principal, Falcon’s View Consulting (@FalconsView).
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Ben Tomhave (Linkedin - @btomhave)
In this episode, Ben & Ashish spoke about
What are Containers?
What is Container Security/ Kubernetes Security for people from traditional security background?
What should a Container Deployment look like?
7 Security Challenges for introducing Containers into an organization, where to get started?
Building Blocks for building Container Security at Scale - the right way.
Software Composition Analysis for Containers
Sec...2021-02-1453 min
Cloud Security PodcastCISO Challenges in 2021 - Zane Lackey Signal Sciences, FastlyIn this episode of the Virtual Coffee with Ashish edition, we spoke with Zane Lackey, CISO & Co-Founder Signal Sciences, which is now owned by Fastly.
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Zane Lackey - Linkedin
In this episode, Zane & Ashish spoke about
What was your path to your current CyberSecurity Role?
DevOps movement between East Coast and West Coast in 2010 - Etsy (Biggie) & Netflix (2Pac)
Was the change to 30 production deployments a day, good thing for security?
What was action plan as a CISO to tackle 30 deployments a day?
Has the viewpoint on Security a...2021-02-1051 min
Cloud Security PodcastCloud Security in $25 Billion dollar Company - Siemens USAIn this episode of the Virtual Coffee with Ashish edition, we spoke with Kurt John, Chief CyberSecurity Officer CISO at Siemens USA
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Kurt John - Linkedin
In this episode, Kurt & Ashish spoke about
Cloud Security in a Large Organisation and the challenges that come with it.
Cloud and Cloud Security in the Operation Technology World
How Product Security and Enterprise Security is approached?
The impact of Covid-19 on cloud transformation.
Impact of Edge Technology and 5G.
How beginners can expose themselves to OT security?
What happens in the world...2021-02-0754 min
Cloud Security PodcastSecurity Chaos Engineering Experiments for BeginnersIn this episode of the Virtual Coffee with Ashish edition, we spoke with David Lavezzo, Director of Security Chaos Engineering at Capital One
Host: Ashish Rajan - Twitter @hashishrajan
Guest: David Lavezzo - Linkedin
In this episode, David & Ashish spoke about
What is security chaos experiments and how does it compare to chaos engineering?
The Golden Age of Offence?
Tools for Chaos Experiments
How to get started in Security Chaos Experiments?
Is Security Chaos Experiments only for large companies?
Security Chaos Experiments in Production
How to get organisation buy in for Security Chaos Experiments?
What is...2021-01-3135 min
Cloud Security PodcastRED TEAM IN CLOUD - Brianna Malcolmson, AtlassianIn this episode of the Virtual Coffee with Ashish edition, we spoke with Brianna Malcolmson, Security Engineering Manager, Atlassian
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Brianna Malcolmson - Linkedin @briannajoy
In this episode, Brianna & Ashish spoke about
What is Cloud Security Testing and Assessment ?
What is a Cyber Kill Chain in a cloud context?
How to get started in Cloud Pentesting?
The need for Cloud Certification and recommendations for Beginners?
Is there something people are not talking enough about in a Cloud Security context?
And much more…
ShowNotes and Episode Transcript on www...2021-01-2447 min
Cloud Security PodcastINFRASTRUCTURE AS CODE SECURITYIn this episode of the Virtual Coffee with Ashish edition, we spoke with Matt Johnson, Developer Advocate Lead, Bridgecrew.
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Matt Johnson - Twitter @metahertz
In this episode, Matt & Ashish spoke about
What was Matt’s path into Developer Advocate role?
What does Cloud Security mean to Matt?
What is Infrastructure as Code and Infrastructure Code Security ?
Are developers or security teams doing more infrastructure as a code security?
What is develop first cloud security?
Thoughts on static code and run time analysis?
It is a requirements to know Ya...2021-01-1750 min
Cloud Security PodcastCloud Security Testing in AWSIn this episode of the Virtual Coffee with Ashish edition, we spoke with Pawel Rzepa, Snr Security Consultant, SecuRing.
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Pawel Rzepa - Twitter @rzepsky
In this episode, Pawel & Ashish spoke about
What was Pawel’s path into Cybersecurity?
What does Cloud Security mean to Pawel?
What is Cloud Security Testing and Assessment ?
What is a Cyber Kill Chain in a cloud context?
What is threat hunting in cloud security assessments?
What permissions are required for pentesting in AWS?
How does on-premise pentesting translate into cloud?
Different tools that ca...2021-01-1052 min
Cloud Security PodcastHOW TO BECOME A CLOUD SECURITY ARCHITECT in 2021 ? - Sriya PothamIn this episode of the Virtual Coffee with Ashish edition, we spoke with Sriya Potham, Principal Cloud Security Architect
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Sriya Potham - Linkedin @sriya
In this episode, Sriya & Ashish spoke about
What was your path into Cybersecurity?
Whats your definition of Cloud Security?
What is the shared responsibility model?
Whats a day in the life of a Cloud Security Architect ?
Are cloud architecture reviews different in different industries?
As a Cloud Security Architect do you need to focus on the GRC side?
Are CCM controls used quite often?
What...2021-01-0344 min
Cloud Security PodcastSTARTING A SUCCESSFUL CYBERSECURITY PODCAST IN 2021In this Christmas special episode of the Virtual Coffee with Ashish edition, we had a panel of successful CyberSecurity Podcast Hosts that answered questions about starting and running a successful CyberSecurity Podcast.
Panel Participants:
Host: Ashish Rajan - Twitter @hashishrajan, Host of Cloud Security Podcast
Guest 1: Chris Cochran - Linkedin chriscochrancyber ,Podcast co-Host, Hacker Valley Studio
Guest 2: James J Azar - Linkedin James-j-azar, Podcast host, The CyberHub Podcast
In this episode, Ashish & Panelist spoke about
The Journey - A bit about your podcast, how you got started?
Thoughts on finding podcast niche?
How do...2020-12-201h 03
Cloud Security PodcastRISK MANAGEMENT IN CLOUD SECURITY - MONICA VERMAIn this episode of the Virtual Coffee with Ashish edition, we spoke with Monica Verma, CISO
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Monica Verma - Linkedin @monicaverma
In this episode, Monica & Ashish spoke about
What was your path into Cybersecurity?
What does Cloud Security mean for you?
How do you explain risk management to people?
Can an organisation be risk free?
Are there any obvious risk management considerations and challenges people should consider?
What are some of the building blocks of risk management that people can start with?
Which risk assessment strategy would you suggest...2020-11-2948 min
Cloud Security PodcastWHAT IS DIGITAL RISK PROTECTION & WHY IS IT IMPORTANT? - Sam Small, ZerofoxIn this episode of the Virtual Coffee with Ashish edition, we spoke with Sam Small, Chief Security Officer, Zerofox
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Sam Small - Linkedin @samsmallphd
In this episode, Sam & Ashish spoke about
What was your path into your current role?
What are Digital Risk and Digital Threats?
How do you identify Digital Risk? what are the broad categories?
How is Digital Risk different at an organisation level?
Is Digital Risk Protection the same as Cyber Threat intelligence?
What risks does Digital Risk Protection (DRP) protect organisations against?
What can organisations...2020-11-2254 min
Cloud Security PodcastOPEN SOURCE AWS SECURITY - MATTHEW FULLER, co-Founder CloudSploit, AquaIn this episode of the Virtual Coffee with Ashish edition, we spoke with Matthew Fuller, co-Founder CloudSploit, Aqua
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Matthew Fuller - Linkedin @mattdfuller
In this episode, Matthew & Ashish spoke about
What was your path into your current role? What was the inspiration behind CloudSpoilt?
What does Cloud Security mean for you?
What are your thoughts for organisations navigating the dilemma of buy first vs build first?
What is Open Source?
Open Source, what is the community driven model here?
What is a role of a cloud security engineer?
What...2020-11-1547 min
Cloud Security PodcastWHAT THE HECK IS CI/CD | Continuous Integration | Delivery | Deployment - Melissa BenuaIn this episode of the Virtual Coffee with Ashish edition, we spoke with Melissa Benua, Director of Engineering
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Melissa Benua - Linkedin @mbenua
In this episode, Melissa & Ashish spoke about
What was your path into the Engineering Manager role?
What does Cloud Security mean for you?
For those people listening what are some of the foundational Modern Delivery methods - CI/CD, Trunkline deployments etc
What roles does security can play in such environments?
What does a super mature model of CI/CD look like?
What are some of...2020-11-0842 min
Cloud Security PodcastHOW TO PREPARE FOR GDPR IN AZURE CLOUD ENVIRONMENT- Naomi BuckwalterIn this episode of the Virtual Coffee with Ashish edition, we spoke with Naomi Buckwalter
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Naomi Buckwalter - Linkedin @naomi-buckwalter
In this episode, Naomi & Ashish spoke about
What was your path into CyberSecurity?
What does Cloud Security mean for you?
What is GDPR? Privacy vs Security?
How do we define processing data for purposes of GDPR?
At what point GDPR become a legal thing vs a security thing?
Does an AU company with data is in the EU need to comply with GDPR?
Is GDPR in Cloud different?
What...2020-11-0146 min
Cloud Security PodcastHOW TO START in BUG BOUNTY IN 2020 with Casey Ellis, BugCrowdIn this episode of the Virtual Coffee with Ashish edition, we spoke with Casey Ellis
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Casey Ellis - Linkedin @caseyjohnellis
In this episode, Casey & Ashish spoke about
What was your path into CyberSecurity
.What does Cloud Security mean for you?
CrowdSource security as a service model & Bug Bounty, can you tell the audience about this space?
How do you make people feel comfortable with the concept of crowdsource security?
Is bug bounty only for big companies?
How do you make sure you are not painting a big bulls eye...2020-10-251h 05
Cloud Security PodcastCONTINUOUS MONITORING FOR CONTROLS & VULNERABILITIES - DANIEL MIESSLERIn this episode of the Virtual Coffee with Ashish edition, we spoke with Daniel Miessler
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Daniel Miessler - Linkedin @danielmiessler
In this episode, Daniel & Ashish spoke about
What was your path into CyberSecurity
Continuous Monitoring(CM) or Continuous Auditing - is that the same thing for you?
CI/CD, one would assume CM is obvious, or is CM more of a mature organisation thing?
At what point, should an organisation consider Continuous Monitoring? Do smaller organisations need to think about it as well?
What is BugBounty?
How do we...2020-10-1848 min
InfoSec JourneysInfoSec Journeys #10 - Ashish RajanWe had an enormous amount of fun talking with Ashish about his journey in #InfoSec, the focus he has around #Cloud Security and how he became a specialist in that area. We really loved how passionate Ashish is both about developing knowledge and also sharing that knowledge with the wider InfoSec #community. Ashish oozes passion for the industry and also hosts his own Cloud Security Podcast and YouTube Channel - both of which you should definitely check out as they're packed full of fantastic content.
Want to get started in the industry? Want to re-train, upskill and transform an organisation...2020-10-1700 min
Cloud Security PodcastAWS SECURITY IN A LARGE REGULATED ENTERPRISE! - HOUSTON HOPKINS, CAPITAL ONEIn this episode of the Virtual Coffee with Ashish edition, we spoke with Houston Hopkins, Director CyberSecurity, Capital One
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Houston Hopkins - Linkedin @houstonhopkins
In this episode, Houston & Ashish spoke about
What was your path into CyberSecurity?
How Capital one pioneered as bank moving into AWS Cloud?
What immediate security challenges does Cloud Security in a Hybrid world look like, without going into tools.
Do you prefer to use AWS native tools for security observability or a vendor product?
What are some of the Security challenges to solve when...2020-10-111h 01
Cloud Security PodcastCISO Challenges in Cloud Security - Caleb Sima, VP - Security at DatabricksIn this episode of the Virtual Coffee with Ashish edition, we spoke with Caleb Sima, VP - Security, Databricks
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Caleb Sima - Linkedin @CalebSima
In this episode, Caleb & Ashish spoke about
What was your path into CyberSecurity?
Bulletin Board vs IRC
What is Cloud Security?
Are security challenges harder or difficult between Enterprise vs Cloud built companies?
What are the challenges for migrating from on-premise to cloud?
What are your thoughts on IAM, Roles & VPCs?
How many different tools did you need for visibility of vulnerabilities when moving...2020-10-041h 06
Cloud Security PodcastWHAT IS SECURITY CHAOS ENGINEERING? - JEROME WALTER, SECURITY MODERNISATIONIn this episode of the Virtual Coffee with Ashish edition, we spoke with Jerome Walter, Security Modernisation, Director, VMWare
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Jerome Walter - Linkedin @JWalter
In this episode, Jerome & Ashish spoke about
What is with the title - Security Modernisation?
What is Security Chaos Engineering?
What is Chaos Engineering Experiments?
Example of a Chaos Engineering Experiment
Are the experiments running continuously or point in time?
How do we balance between putting security controls vs developer convenience?
Is there an element of Pentesting in Security Chaos Engineering?
Does the Chaos Experiments...2020-09-271h 02
Cloud Security PodcastSecurity and Compliance in AWS CloudIn this episode of the Virtual Coffee with Ashish edition for Cloud Security Podcast, we spoke with Alexander J Yawn - ISC2 Miami Board Member | NABCRMP Founding Board Member
Host: Ashish Rajan - Twitter @hashishraja
Guest: Alexander J Yawn - Linkedin @AJYawn
In this episode, AJ & Ashish spoke about
What was your path into CyberSecurity?
What does Compliance in Cloud mean for you?
What is Shared Responsibility?
How is Compliance different in a Hybrid world?
For anyone who used to audit on-premise, is it difficult to audit cloud environments?
There are so many AWS services...2020-09-201h 01
Cloud Security PodcastIdentity & Cross Account Access Management in AWS | CLOUD SECURITY - Alexandre SieiraIn this episode of the Virtual Coffee with Ashish edition, we spoke with Alexandre Sieira - Founder @ Tenchi Security
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Alexandre Sieira - Twitter @AlexandreSieira
In this episode, Alex & Ashish spoke about
What was your path into CyberSecurity?
What does Cloud Security mean for you?
How is Security different in a cloud world?
What are the kind of Identities in AWS?
What are the challenges with IT?
Identity in AWS vs Identity in Azure?
Best practices for Privilege and non-Privilege users in AWS?
AWS SSO
How important are Domain Accounts...2020-09-131h 17
Cloud Security PodcastWHAT IS AZURE IDENTITY MANAGEMENT | CLOUD SECURITYIn this episode of the Virtual Coffee with Ashish edition, we spoke with David O’Brien, MVP Azure , Argos Founder
Host: Ashish Rajan - Twitter @hashishrajan
Guest: David O'Brien - Twitter @david_obrien
In this episode, David & Ashish spoke about
What does Cloud Security in Azure mean for you?
What is Identity & Access Management?
What is IAM from Hybrid vs in Cloud?
How does this compare to identity in AWS IAM/Organisations?
What kind of Human Users exist in Azure?
What kind of Robot Users exist in Azure?
How does Identity differ for Third Party in...2020-09-0649 min
Cloud Security PodcastCLOUD SECURITY POSTURE MANAGEMENT - CSPM - GAURAV KUMARIn this episode of the Virtual Coffee with Ashish edition, we spoke with Gaurav Kumar, co-founder of RedLock (now part of Palo Alto Prisma Cloud).
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Gaurav Kumar - Linkedin
In this episode, Gaurav & Ashish spoke about
What was your path into CyberSecurity
What does Cloud Security mean for you?
If I am starting in Cloud today, do I need a CSPM?
Do I need a CSPM if I am in multi-cloud with a small foot print?
Story behind Gartner not recognising CSPM as a legit space?
What are...2020-08-3055 min
Cloud Security PodcastHOW TO BUILD SECURE ENVIRONMENTS IN Google Cloud - DARPAN SHAHIn this episode of the Virtual Coffee with Ashish edition, we spoke with Darpan Shah, Cloud Security Engineer. Darpan has 8 AWS Certificates, 6 GCP certificates and at his work, he works on both Google Cloud and AWS.
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Darpan Shah - Website
In this episode, Darpan & Ashish spoke about
What was your path into CyberSecurity or your current role?
What does Cloud Security mean for you?
Where does a Startup starting in Google Cloud start for Security Foundation?
What is Project?
What is an Organisation?
How does Identity and Access...2020-08-2357 min
Cloud Security PodcastHOW TO BUILD SECURE ENVIRONMENTS IN MICROSOFT AZURE - NICHOLAS HUGHESIn this episode of the Virtual Coffee with Ashish edition, we spoke with Nicholas Hughes, CEO of EITR Technologies.
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Nicholas Hughes - Linkedin
In this episode, Nicholas & Ashish spoke about
Your path into CyberSecurity
What does Cloud Security mean for you?
Where does one start when it comes to starting today in Azure?
What’s the highest level of segregation that one can have in Azure?
What does an Azure AD Tenant & Azure Subscription look like?
What is a Resource Group in Azure and how is it different to...2020-08-1653 min
Cloud Security PodcastHOW TO CREATE AN EFFECTIVE CYBER SECURITY TEAM - CLINT GIBLERIn this episode of the Virtual Coffee with Ashish edition, we spoke with Clint Gibler
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Clint Gibler - Linkedin
In this episode, Clint & Ashish spoke about
Your path into CyberSecurity
What does Cloud Security mean for you?
What does application security mean for you?
What makes a good metrics for an effective security team?
Principles, mindsets, and methodologies of highly effective security teams
What is SAST, DAST
Any open source tools that can be integrated into CI/CD pipeline?
Is there pentesting knowledge required to move to use DAST...2020-08-0949 min
Cloud Security PodcastApplication Security AppSec 101 - Tanya JancaIn this episode of the Virtual Coffee with Ashish edition, we spoke with Tanya Janca, Founder, SheHacksPurple & WeHackPurple.
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Tanya Janca - Linkedin
Tanya & Ashish spoke about
Who is Tanya Janca? :)
What was your path into CyberSecurity or your current role?
What has professional life been after leaving Microsoft?
What does Cloud Security mean for you?
What is Application Security or AppSec?
Tanya Janca’s Book - “Alice and Bob learn Application Security”
How can someone start in Application Security, specially if they are trying to move laterally?
What is Stati...2020-08-021h 06
Cloud Security PodcastGetting Started with Chaos Engineering - What is it and how can it be used to build Application resiliency? - Aaron Rinehart, VericaIn this episode of the Virtual Coffee with Ashish edition, we spoke with Aaron Rinehart, CTO Co-Founder Verica.
This is episode not to miss.
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Aaron Rinehart - Linkedin
Aaron & Ashish spoke about
Who is A-aran? :)
What was your path into CyberSecurity or your current role?
What is Chaos Engineering?
Is Fuzzing part of Chaos Engineering?
Is Chaos Engineering for SREs?
Is there an example of application fault injection from a cloud perspective?
What concepts of Chaos Engineering are people not talking about?
Does Chaos Engineering need...2020-08-021h 00
Cloud Security PodcastCloud Security in Operational Technology vs Information Technology world - Parul Kharub, CISSPIn this episode of the Virtual Coffee with Ashish edition, we spoke with Parul Kharub, CISSP, HMM. Parul has spent number of years in the Operational Technology (OT) space building cybersecurity strategy and if you in the OT space or want to do cybersecurity in this space.
This is episode not to miss.
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Parul Kharub - Linkedin
Parul & Ashish spoke about
What was your path into CyberSecurity or your current role?
What does Cloud Security mean for you?
Do you work in any particular cloud provider or...2020-07-1954 min
Cloud Security PodcastHOW TO BECOME A SUCCESSFUL CISO IN 2020 - Abbas Kudrati, MicrosoftIn this episode of the Virtual Coffee with Ashish edition, we spoke with Abbas Kudrati, CyberSecurity Advisor for Microsoft Asia Pacific Region. Abbas has previously worked in various large companies as a CISO and continues to share and support Microsoft Azure customers understand security in a world of cloud. This is episode not to miss.
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Abbas Kudrati - Linkedin
Abbas & Ashish spoke about
What was your path into CyberSecurity or your current role?
Information Security Vs Cyber Security, what’s the difference?
What does Cloud Security mean for you?
Wha...2020-07-121h 03
Cloud Security PodcastHow to do Google Cloud Security Well - The 2020 Edition - Darpan ShahIn this episode of the Virtual Coffee with Ashish edition, we spoke with Darpan Shah, Cloud Security Engineer. Darpan has 8 AWS Certificates, 6 GCP certificates and at his work, he works on both Google Cloud and AWS. This is episode not to miss.
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Darpan Shah - Website
Darpan & Ashish spoke about
What was your path into CyberSecurity or your current role?
What does Cloud Security mean for you?
What public cloud provider do you focus on?
What makes you like Google Cloud over AWS? Vice versa?
Where does Kubernetes/Containers f...2020-07-0555 min
Cloud Security PodcastHOW TO BECOME A CLOUD SECURITY ENGINEER in 2020 | Including Top CertificationsIn this episode of the Virtual Coffee with Ashish edition, we spoke with Christopher Hughes, CISSP, Cloud Security Engineer.
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Chris Hughes - Linkedin
Chris & Ashish spoke about
What was Chris’s path into CyberSecurity & Cloud Security?
What is a Cloud Security Engineer?
What does Cloud Security mean in AWS or Azure or GCP context?
For any Students/SysAdmins/developers listening, who want to get into the field (certification etc)
Have doing the certifications been helpful?.
Any recommendations for those who want to pass the AWS Security Speciality Ex...2020-06-2845 min
Cloud Security PodcastBuilding an Engineering Security Culture - Failure stories included - Edwin Kwan, Tyro PaymentsIn this episode of the Virtual Coffee with Ashish edition, we spoke with Edwin Kwan, Head of Application and Software Security at Tyro payments.
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Edwin Kwan - Twitter @edkwan
Edwin & Ashish spoke about
What was Edwin’s path into CyberSecurity?
What is AppSec for people who don't know?
What is the difference between Application Security and Software Security?
Is being a developer an advantage going into Application Security?
Is AppSec any different between cloud compared so an application deployed on-premise?
Enabling an engineering security culture - What does th...2020-06-2144 min
Cloud Security PodcastTIPS FOR WOMEN IN INFORMATION SECURITY TO GET A JOB IN CYBER SECURITY - Alannah Goh, 0xCCIn this episode of the Virtual Coffee with Ashish edition, we spoke with Alannah Guo, Founder of 0xCC & Pentester.
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Alannah Guo - Twitter @AlannahGuo
Alannah & Ashish spoke about
What was your path into CyberSecurity?
What's the best way to get into pentesting?
Do you have to be a fan of gaming/star wars/mr robot to be connect with fellow cybersecurity people?
Is it important to technical as a women to be respected by male colleagues in cybersecurity
What are the advantages of working as a pentester, if a...2020-06-1458 min
Cloud Security PodcastGoogle Cloud Security - How does Google Cloud work?In this episode sponsored by Virtual Coffee with Ashish edition, we spoke with Francesco Cipollone, Chapter Chair (UK), Cloud Security Alliance
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Francesco Cipollone - Twitter @Frances07789950
Francesco & Ashish spoke about
Why would someone choose Google Cloud over AWS or Azure?
What does Security in Google Cloud look like for those using other cloud?
Is making Terraform a universal script for multi-cloud environment, great idea?
Is multi-cloud a good idea?
How mature is Security in Google compared to AWS/Azure?
For any Security Architect listening to this episode, what should...2020-06-0754 min
Cloud Security PodcastWhat is GOOD COMPANY CULTURE (WITH EXAMPLE ) during COVID19 with remote employees!In this episode sponsored by Virtual Coffee with Ashish edition, we spoke with Graeme Cantu-Park, CISO of Matilion
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Graeme Cantu-Park - Linkedin
What is culture - why is it important and how does it intersect with security?
How is culture done right for remote employees, thanks COVID!
Why is culture in Growth organisations so important?
Can you tell me some examples from experience of what worked well there?
Security often isn't included in a growth organisation until a later stage (look at zoom). How do you apply security without disrupting culture?
A...2020-05-3137 min
Cloud Security PodcastWhat is a Connected Car | How to secure api in connected cars? - Virtual Coffee with Ashish - Alissa KnightIn this episode of the Virtual Coffee with Ashish edition, we spoke with Alissa Knight, Car Hacker, Author, Cybersecurity Influencer and Entrepreneur
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Alissa Knight - Twitter @alissaknight
What is a Connected Car?
What is API?
How do I secure APIs?
How can someone secure API for Connected Cars?
What should you do to monitor API?
Can I buy a Tesla?
Apple has API to record body contact, which cannot be turned OFF
COVID Safe apps and the future of how freely information is collected by internet aware smart devices?
Who do...2020-05-241h 03
Cloud Security PodcastWhat is SRE? When should i have SRE? - Virtual Coffee with Ashish - Tim HeckmanIn this episode of the Virtual Coffee with Ashish edition, we spoke with Tim Heckman, Sr. SRE Netflix.
Host: Ashish Rajan - Twitter @hashishrajan
Guest: Tim Heckman
What is SRE?
Is it helpful to have SRE team when you already have a Security team?
What does Security in Netflix look like?
How can people scale maturity in security when dealing with cloud and multi-cloud?
ShowNotes and Episode Transcript on www.cloudsecuritypodcast.tv
Twitter - @kaizenteq @hashishrajan @theckman2020-05-1740 min
Cloud Security PodcastNIST CyberSecurity Metrics for the Board - Taylor HersomIn this episode of the Virtual Coffee with Ashish edition, we spoke with @Taylor Hersom about
Why do CyberSecurity Professionals need to think about talking Cyber Security to the board?
What kind of cybersecurity metrics works best for Board?
Is Fear, Uncertainty, Doubt (FUD) the right way to approach presenting cybersecurity to the board?
FAIR methodology to put $ value against each RISK - Risk and Governance is a great space to start for those who want to start in cybersecurity but are not too technical?
Does being knowledgable in datacenter governance beneficial in world of Cloud?
Can companies g...2020-05-1057 min
Cloud Security PodcastVirtual Coffee with Ashish - Cloud Security Podcast & Hacker Valley StudioIn this episode, we sit with Chris Cochran & Ronald Eddings from Hacker Valley Studio.
Chris Cochran & Ronald Eddings from Hacker Valley Studio & Ashish spoke about
How did you get into CyberSecurity?
What is Cloud Security?
Is multi-cloud a thing?
What is a good maturity in the Cloud Security space?
How does Security change in a world of COVID19?
What are people not talking enough about cloud security ?
Mentorship and CyberSecurity Podcast
More info and show notes transcript on www.cloudsecuritypodcast.tv
Twitter - @kaizenteq @hashishrajan @theHackerValley @chriscochrcyber @ronaldeddings2020-05-031h 00
Cloud Security PodcastScaling a DevSecOps model | SERVERLESS SECURITY BEST PRACTICES with Abhay Bhargav , CTO , we45In this episode, we sit with Abhay Bhargav, CTO, we45.
Abhay & Ashish spoke about
What is Cloud Security?
Is multi-cloud a thing?
What is DevSecOps?
What is a good maturity in the DevSecOps space?
What’s a free tool to get started today for developers?
What about starting with Threat Modelling as a beginner?
Doing Application Security (AppSec) at scale, what does that look like?
How does Security change in a world of serverless?
Can there be too many functions?
Lack of servers in serverless, mean that St...2020-04-2641 minCloud Security PodcastCORONAVIRUS & CYBERSECURITY | ISOLATION LIFEIn this episode, we are covering a trending topic CORONAVIRUS OR COVID19 and how it is affecting businesses around me and my friends & colleagues. I also talk about my personal challenge with starting a new job in this COVID world with a remote team.
I hope you are reaching out to your friends and family to check on them and staying indoors to keep the community safe too.
You can reach me on ashish@kaizenteq.com
Ashish's Website: www.ashishrajan.com
Previous episodes videos are available on www.cloudsecuritypodcast.tv2020-04-1910 min
Cloud Security PodcastHow to secure and improve cloud environment - Merritt Baer, Principal Security Architect, AWSIn this episode, we sit with Merritt Baer, Principal Security Architect, AWS.
Merritt & Ashish spoke about
What is Cloud Security?
What does security look like in a mature organisation?
How can security integrate into the business? How does AWS do it?
What is the AWS Rapid Prototyping team?
What are the signs of an organisation with mature security?
Importance of being technical as a women in cybersecurity?
What is Tech and Roses Group?
More info and show notes on www.cloudsecuritypodcast.tv
Twitter - @kaizenteq @hashishrajan...2020-04-1152 min
Cloud Security PodcastCloud Center of Excellence in AWS | How Atlassian manages Risk and Compliance - Atlassian 2020In this episode, we sit with Michael Fuller, Cloud Centre of Excellence, Atlassian.
Michael & Ashish spoke about
Importance of being standardisation of security across the cloud footprint?
Challenges of having standardised security when a M&A bring companies which are lot more mature in cloud?
What were the challenges of implementing this in a global company like Atlassian?
How do you classify maturity in cloud? What does the maturity scale look for you?
How do global teams at Atlassian do effective decision making while working remotely?
More info and show...2020-04-0537 min
Cloud Security PodcastA TECHNICAL WOMEN DELIVERING NON-TECHNICAL TRAINING IN CYBERSECURITY | HOW TO BUILD CYBERSECURITY TRAINING PROGRAM- Fareedah Shaheed, Online Safety and Security Strategist, SekuvaIn this episode, we sit with Fareedah Shaheed, Online Safety and Security Strategist @Sekuva.
Fareedah & Ashish spoke about
Importance of being technical for women in cybersecurity?
Challenges of training cybersecurity to a non-technical audience?
How to work safely from home during COVID Season?
Example of SCAMs for elderly during this time?
How to start building a cybersecurity online course?
More info and show notes on www.cloudsecuritypodcast.tv
Twitter - @kaizenteq @hashishrajan @cyberfareedah2020-03-2931 min
Cloud Security PodcastHow HASHICORP works with 90 percent Staff works Remotely | Incident Response | AWS Cloud Native! - Will BengtsonIn this episode, we sit with Will Bengtson, Director for Threat Detection and Response, Hashicorp.
Will & Ashish spoke about
What is Cloud Native & Cloud Security?
How do you start with Threat Detection and Incident Response in AWS?
Measuring Maturity for response to threats in Cloud?
How can people work from home, Hashicorp has been 90% remote since the beginning
More info and show notes on www.cloudsecuritypodcast.tv
Twitter - @kaizenteq @hashishrajan @WillBengtson(__muscles) 2020-03-2257 min
Cloud Security PodcastMulti Cloud Strategy | Multi Cloud Management for companies of all size - David Linthicum , Chief Cloud Strategy Officer for DelloiteIn this episode, we sit with David Linthicum, Chief Cloud Strategy Officer for Delloite.
David & Ashish spoke about
What is Cloud Security?
How is security of data different/same in cloud from on-premise?
How is Cloud Security Maturity between startups and enterprise different?
Is multi-cloud good?
Is there Shadow IT/Shadow Cloud present?
Lack of Planning and architecture for cloud
Lack of awareness of how to effectively do cloud security?
More info and show notes on www.cloudsecuritypodcast.tv
Twitter - @kaizenteq @hashishrajan @DavidLinthicum 2020-03-1544 min
Cloud Security PodcastCCPA COMPLIANCE | CALIFORNIA CONSUMER PRIVACY ACT | DATA GOVERNANCE BEST PRACTICES - TAYLOR HERSOM, VCISO, AUSTIN,TEXASIn this episode, we sit with Taylor Hersom, vCISO, Austin,Texas.
Taylor & Ashish spoke about
Data privacy and Cloud Security
California Consumer Privacy Act and how it affects all organisations around the world
Where can SMC companies can start with Data privacy/Data Governance/Data Security?
Is a Startup too small to be breached?
More info and show notes on www.cloudsecuritypodcast.tv
Twitter - @kaizenteq @hashishrajan @taylorhersom2020-03-0835 min
Cloud Security PodcastDocker Security Best practice | Container Security 101 in AWS - Michael Hausenblas, Product Developer Advocate, AWSMichael Hausenblas is a Product Developer Advocate, Amazon Web Services (AWS) Container Service team.
Michael & Ashish spoke about
Basics of Container Security Keeping Containers stateless vs building data stores in container cluster
Container Security for someone starting on Container security today
Misconceptions around Container Security?
What a mature container security looks like?
Incident Response in Container cluster environments?
More details in the podcast. More info and show notes on www.cloudsecuritypodcast.tv
Twitter - @kaizenteq @hashishrajan Michael Hausenblaus - Twitter @mhausenblas2020-03-0142 min
Cloud Security PodcastThreat Intelligence platform for cyber security in Azure | Incident Response in Azure - Ashwin Patil, Threat Intelligence Center, MicrosoftAshwin Patel is a Senior Program Manager, Threat Intelligence Microsoft.
Ashwin & Ashish in this episode spoke about
Capital One Data breach and how Azure Sentinel could have helped
Setting up Security Operation for Cloud environments
Incidence Response and Forensics in Microsoft Azure
Building Threat Intelligence for cybersecurity in cloud
Threat Detection in Cloud vs On-premise
How can a threat pivot between multi-cloud environments is essential for monitoring security events and incidents.
More info and show notes on www.cloudsecuritypodcast.tv
Twitter - @kaizenteq @hashishrajan @ashwinpatil2020-03-0135 min
Cloud Security PodcastMICROSOFT IGNITE 2020 SYDNEY | Getting started with securing Microsoft Azure Workload- David O'Brien, Microsoft MVP for AzureDavid & Ashish spoke about
What is Microsoft Ignite vs Microsoft Ignite Tour and why should cloud security people care about the event?
Microsoft Ignite 2020 Sydney and Johannesburg
What were the common questions asked in the Microsoft Hub, expert hub for Azure?
Azure Bastion - No need for tunneling for bastion
Is public cloud secure?
How does one measure maturity of Azure DevOps?
More info and show notes on www.cloudsecuritypodcast.tv
Twitter - @kaizenteq @hashishrajan @david_obrien2020-02-1646 min
Cloud Security PodcastIs public cloud secure? - Francesco Cipollone, Cloud Security AllianceIn this episode we speak to Francesco Cipollone, Head of Cloud Security Alliance for UK
Francesco and Ashish speak about is public cloud secure and if multi-cloud is a good thing, especially if you are starting out.
ShowNotes for the episode can be found on www.cloudsecuritypodcast.tv
Twitter - @kaizenteq @hashishrajan @Frances077899502020-02-0934 min
Cloud Security PodcastJust Eat UK security - cloud security across Scotland uk canada in a world of multi public cloudIn this episode we speak to Stu Hirst, Principal Cloud Security @Just Eat.
Stu and Ashish speak about keeping up security in a world of multi cloud, the challenges of recruiting for cloud security, what should people who are starting today in cloud security focus on .
ShowNotes for the episode can be found on www.cloudsecuritypodcast.tv
Twitter - @kaizenteq @hashishrajan @stuhirstinfosec
2020-02-021h 04Cloud Security PodcastCloud Security in Japan - Cloud Security Podcast the Tokyo editionThis episode is a non-sponsored episode which is recording from Ashish's recent visit to Tokyo, Japan. During the trip Ashish caught up with mixed group of cybersecurity professionals who have been working in the public cloud space for some time in Tokyo with some of big companies in Tokyo.
ShowNotes for the episode can be found on www.cloudsecuritypodcast.tv
Twitter - @kaizenteq @hashishrajan
2020-01-2606 minCloud Security PodcastAZURE vs AWS , Azure Security and Can AZURE be DevOps friendly? - Tanya JancaIn this episode, we sit with Tanya Janca, previously Senior Cloud Advocate at Microsoft.
Tanya & I spoke about the right way to do move workloads to Azure with DevOps. We compared notes on AWS and Azure and Google Cloud. Tanya also busted some myths when it comes to migrating any workload in any cloud.
ShowNotes for the episode can be found on www.cloudsecuritypodcast.tv
Twitter - @kaizenteq @hashishrajan @shehackspurple2020-01-191h 02Cloud Security PodcastCLOUD SECURITY JOURNEY OF DOW JONES POST THE AWS CLOUD BREACH , WITH JAY KELATH, PRODUCT SECURITYIn this episode, we sit with Jay Kelath, Director for Product Security at Dow Jones.
Jay & I spoke about the Dow Jones breach and how things changed from top down in Dow Jones for the better. We spoke about security lost trust of engineering by trusting security vendors and then How security won the trust of engineering back. The teams together were able to build lot of devops friendly security tools which was open sourced for others to reap benefits from it too.
ShowNotes for the episode can be found on www.cloudsecuritypodcast.tv
2020-01-1248 minCloud Security PodcastNetworking , recruiting and retaining female engineers, cyber security influencer, personal branding, mentoring for introvert men and women in cyber Security with Jane FranklandIn this episode, we sit with Jane Frankland, an award-winning entrepreneur, best-selling author and international speaker. Jane is a CISO advisor and has a diverse background, from being nominated as a Young British Designer after graduating to building my own global hacking firm and becoming a board advisor, awards judge, awards winner, LinkedInTop Voices and a top 20 cybersecurity global influencer. Jane has been a champion in enabling organisation to attract female talent in cybersecurity roles. Jane also is a huge advocate of mentoring women to get into a cyber security role.
ShowNotes for the episode can be f...2020-01-0556 minCloud Security PodcastCloud Security and Infosec girls with Vandana VermaIn this Blue team episode, we sit with Vandana Verma, a Board member of OWASP and was recently awarded “Top influencers in Security and Fire” and “Cybersecurity Women of the year award by Women Cyberjutsu Society in the Category “Secure Coder”. We talk about Cloud Security in public cloud, the myths in cloud security incidents and mistakes she sees people do.
ShowNotes for the episode can be found on www.cloudsecuritypodcast.tv
Twitter - @kaizenteq @hashishrajan @InfosecVandana2019-12-2335 minCloud Security PodcastAWS Re-invent 2019 Security Announcements - The DevSecOps in AWS editionIn this DevSecOps in AWS episode, we sit with Arjen Schwarz the host of Ambassador Lounge Podcast and review the security releases from AWS Re:invent 2019 and what it means for DevOps teams and security teams who are currently working together or planning to work together.
ShowNotes for the episode can be found on www.cloudsecuritypodcast.tv
Twitter - @kaizenteq @hashishrajan @ArjenSchwarz2019-12-2239 min