Real-World Cloud Security Challenges and Solutions Explained for 2024
Cloud Security Podcast21 Touko 2024

Real-World Cloud Security Challenges and Solutions Explained for 2024

What are the practical steps for orienting yourself in a new cloud environment? Ashish sat down with Rich Mogull and Chris Farris to explore the intricacies of effective cloud security strategies. Drawing on their extensive experience, Rich and Chris speak about critical importance of moving beyond just addressing vulnerabilities and embracing a more comprehensive approach to cloud security.Rich and Chris share their professional experiences and practical advice for anyone who finds themselves "airdropped" into an organization's cloud environment. They also discuss the development of the Universal Threat Actor Model and how it can help prioritize security efforts in a chaotic landscape of constant alerts and threats.


Guest Socials: Rich's Linkedin + Chris's Linkedin

Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp


Questions asked:

(00:00) Introduction

(02:26) A bit about Chris Farris

(03:10) A bit about Rich Mogull

(03:45) First Cloud Service they worked on!

(06:27) Where to start in an AWS environment?

(10:50) Cloud Security Threat Landscape

(15:25) Navigating through the CSPM findings

(18:14) Using the Universal Cloud Threat Model

(23:16) How is Cloud Ransomware different?

(25:44) Surprising attacks or compromises in Cloud

(29:43) Where are the CSPM Alerts going?

(36:30) Cloud Security Landscape in 2024

(45:37) The need for Cloud Security training in 2024

(46:58) Good starting point to learn Cloud Security

(52:13) The Fun Section


Resources spoken about during the episode:

The Universal Cloud Threat Model

AWS Customer Security Incidents by Rami McCarthy

Breaches.cloud

CloudSLAW


Jaksot(345)

Is public cloud secure? - Francesco Cipollone, Cloud Security Alliance

Is public cloud secure? - Francesco Cipollone, Cloud Security Alliance

In this episode we speak to Francesco Cipollone, Head of Cloud Security Alliance for UK Francesco and Ashish speak about is public cloud secure and if multi-cloud is a good thing, especially if you a...

9 Helmi 202034min

Just Eat UK security - cloud security across Scotland uk canada in a world of multi public cloud

Just Eat UK security - cloud security across Scotland uk canada in a world of multi public cloud

In this episode we speak to Stu Hirst, Principal Cloud Security @Just Eat. Stu and Ashish speak about keeping up security in a world of multi cloud, the challenges of recruiting for cloud security, w...

2 Helmi 20201h 4min

Cloud Security in Japan - Cloud Security Podcast the Tokyo edition

Cloud Security in Japan - Cloud Security Podcast the Tokyo edition

This episode is a non-sponsored episode which is recording from Ashish's recent visit to Tokyo, Japan. During the trip Ashish caught up with mixed group of cybersecurity professionals who have been wo...

26 Tammi 20206min

AZURE vs AWS , Azure Security and Can AZURE be DevOps friendly? - Tanya Janca

AZURE vs AWS , Azure Security and Can AZURE be DevOps friendly? - Tanya Janca

In this episode, we sit with Tanya Janca, previously Senior Cloud Advocate at Microsoft. Tanya & I spoke about the right way to do move workloads to Azure with DevOps. We compared notes on AWS and Azu...

19 Tammi 20201h 2min

CLOUD SECURITY JOURNEY OF DOW JONES POST THE AWS CLOUD BREACH , WITH JAY KELATH, PRODUCT SECURITY

CLOUD SECURITY JOURNEY OF DOW JONES POST THE AWS CLOUD BREACH , WITH JAY KELATH, PRODUCT SECURITY

In this episode, we sit with Jay Kelath, Director for Product Security at Dow Jones. Jay & I spoke about the Dow Jones breach and how things changed from top down in Dow Jones for the better. We spoke...

12 Tammi 202048min

Networking , recruiting and retaining female engineers, cyber security influencer, personal branding, mentoring for introvert men and women in cyber Security with Jane Frankland

Networking , recruiting and retaining female engineers, cyber security influencer, personal branding, mentoring for introvert men and women in cyber Security with Jane Frankland

In this episode, we sit with Jane Frankland, an award-winning entrepreneur, best-selling author and international speaker. Jane is a CISO advisor and has a diverse background, from being nominated as ...

5 Tammi 202056min

Cloud Security and Infosec girls with Vandana Verma

Cloud Security and Infosec girls with Vandana Verma

In this Blue team episode, we sit with Vandana Verma, a Board member of OWASP and was recently awarded “Top influencers in Security and Fire” and “Cybersecurity Women of the year award by Women Cyberj...

23 Joulu 201935min

AWS Re-invent 2019 Security Announcements - The DevSecOps in AWS edition

AWS Re-invent 2019 Security Announcements - The DevSecOps in AWS edition

In this DevSecOps in AWS episode, we sit with Arjen Schwarz the host of Ambassador Lounge Podcast and review the security releases from AWS Re:invent 2019 and what it means for DevOps teams and securi...

22 Joulu 201939min