The Role of Cloud Security Research in 2024
Cloud Security Podcast2 Loka 2024

The Role of Cloud Security Research in 2024

Why does Cloud Security Research matter in 2024? At fwd:cloudsec EU in Brussels, we sat down with Scott Piper, a renowned cloud security researcher at Wiz, to discuss the growing importance of cloud security research and its real-world impact. Scott spoke to us about the critical differences between traditional security testing and cloud security research, explaining how his team investigates cloud providers to find out vulnerabilities, improve detection tools, and safeguard data.


Guest Socials: ⁠⁠⁠⁠⁠⁠Scott's Linkedin + Scott's Twitter

Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp


Questions asked:

(00:00) Introduction

(02:07) A bit about Scott Piper

(02:48) What is a Cloud Security Research Team?

(04:30) Difference between traditional and Cloud Security Research

(07:21) Cloud Pentesting vs Cloud Security Research

(08:10) What is request collapsing?

(10:26) GitHub Actions and OIDC Research

(13:47) How has cloud security evolved?

(17:02) Tactical things for Cloud Security Program

(18:41) Impact of Kubernetes and AI on Cloud

(20:37) How to become a Cloud Security Researcher

(22:46) AWS Cloud Security Best Practices

(26:35) Trends in AWS Cloud Security Research

(28:11) Fun Questions

(30:22) A bit about fwd:cloudsec


Resources mentioned during the interview:

Wiz.io - Cloud Security Podcast listeners can also get a free cloud security health scan

PEACH framework

Wiz Research Blog

Avoiding security incidents due to request collapsing

A security community success story of mitigating a misconfiguration

Cloudmapper

flaws.cloud

fwd:cloudsec


CTFs

The Big IAM Challenge

Prompt Airlines , AI Security Challenge

Kubernetes LAN Party

Jaksot(344)

Finding and Fixing SECURITY BUGS IN GOOGLE CLOUD - Dylan Ayrey

Finding and Fixing SECURITY BUGS IN GOOGLE CLOUD - Dylan Ayrey

In this episode of the Virtual Coffee with Ashish edition, we spoke with Dylan Ayrey (@insecurenature) is a Professional Hacker and Co-Founder of Truffle Security (@TruffleSecurity-Linkedin) Episode S...

6 Kesä 20211h 1min

Attacking and Defending Managed Kubernetes Clusters - Brad Geesaman

Attacking and Defending Managed Kubernetes Clusters - Brad Geesaman

In this episode of the Virtual Coffee with Ashish edition, we spoke with Brad Geesaman (@bradgeesaman) is a Senior Cloud Native and Kubernetes Security Professional and the Co- Founder of Darkbit (@Da...

30 Touko 202159min

Kubernetes Runtime Threat Detection and Response - Falco, Sysdig

Kubernetes Runtime Threat Detection and Response - Falco, Sysdig

In this episode of the Virtual Coffee with Ashish edition, we spoke with Dan “POP“ Papandrea (@danpopnyc) is the CNCF Ambassador, Director of Open Source Community and Ecosystem (@sysdig) and Podcast ...

23 Touko 202152min

Study Hall - Attacking K8S Cluster Defaults!

Study Hall - Attacking K8S Cluster Defaults!

In this Study Hall - Ashish goes through Kubernetes Components to start understanding the Kubernetes Architecture READ the Multi-part Medium Article here - Ultimate Guide to Kubernetes Security For...

20 Touko 202125min

Start here for Kubernetes Security - Magno Logan

Start here for Kubernetes Security - Magno Logan

In this episode of the Virtual Coffee with Ashish edition, we spoke with Magno Logan (@MagnoLogan) is the Security Researcher, Trend Micro(@TrendMicro) Episode ShowNotes, Links and Transcript on Cloud...

16 Touko 202158min

Study Hall - Kubernetes Concepts and Architecture Explained!

Study Hall - Kubernetes Concepts and Architecture Explained!

In this Study Hall - Ashish goes through Kubernetes Components to start understanding the Kubernetes Architecture READ the Multi-part Medium Article here - Ultimate Guide to Kubernetes Security For ...

12 Touko 202119min

Risk Analysis of Kubernetes Security - Mark Manning, Snowflake

Risk Analysis of Kubernetes Security - Mark Manning, Snowflake

In this episode of the Virtual Coffee with Ashish edition, we spoke with Mark Manning (@antitree) is the Principal Security Architect at Snowflake(@SnowflakeDB). Before this he used to run Kubernetes ...

9 Touko 202149min

Study Hall - What is Kubernetes & Why do you NEED TO know about it?

Study Hall - What is Kubernetes & Why do you NEED TO know about it?

In this Study Hall - Ashish goes through WHAT IS Kubernetes? What Kubernetes is NOT? & Should you start refactoring or building infrastructure in Kubernetes today? For Similar Topics covered in ot...

5 Touko 202110min