Cloud Security Detection & Response Strategies That Actually Work
Cloud Security Podcast4 Helmi 2025

Cloud Security Detection & Response Strategies That Actually Work

We spoke to Will Bengtson (VP of Security Operations at HashiCorp) bout the realities of cloud incident response and detection. From root credentials to event-based threats, this conversation dives deep into:

  • Why cloud security is NOT like on-prem – and how that affects incident response
  • How attackers exploit APIs in seconds (yes, seconds—not hours!)
  • The secret to building a cloud detection program that actually works
  • The biggest detection blind spots in AWS, Azure, and multi-cloud environments
  • What most SOC teams get WRONG about cloud security


Guest Socials: ⁠⁠⁠⁠⁠⁠⁠Will's Linkedin

Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠

If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠ AI Cybersecurity Podcast


Questions asked:

(00:00) Introduction

(00:38) A bit about Will Bengtson

(05:41) Is there more awareness of Incident Response in Cloud

(07:05) Native Solutions for Incident Response in Cloud

(08:40) Incident Response and Threat Detection in the Cloud

(11:53) Getting started with Incident Response in Cloud

(20:45) Maturity in Incident Response in Cloud

(24:38) When to start doing Threat Hunting?

(27:44) Threat hunting and detection in MultiCloud

(31:09) Will talk about his BlackHat training with Rich Mogull

(39:19) Secret Detection for Detection Capability

(43:13) Building a career in Cloud Detection and Response

(51:27) The Fun Section

Jaksot(345)

Security and Compliance in AWS Cloud

Security and Compliance in AWS Cloud

In this episode of the Virtual Coffee with Ashish edition for Cloud Security Podcast, we spoke with Alexander J Yawn - ISC2 Miami Board Member | NABCRMP Founding Board Member Host: Ashish Rajan - Tw...

20 Syys 20201h 1min

Identity & Cross Account Access Management in AWS | CLOUD SECURITY - Alexandre Sieira

Identity & Cross Account Access Management in AWS | CLOUD SECURITY - Alexandre Sieira

In this episode of the Virtual Coffee with Ashish edition, we spoke with Alexandre Sieira - Founder @ Tenchi Security Host: Ashish Rajan - Twitter @hashishrajan Guest: Alexandre Sieira - Twitter @A...

13 Syys 20201h 17min

WHAT IS AZURE IDENTITY MANAGEMENT | CLOUD SECURITY

WHAT IS AZURE IDENTITY MANAGEMENT | CLOUD SECURITY

In this episode of the Virtual Coffee with Ashish edition, we spoke with David O’Brien, MVP Azure , Argos Founder Host: Ashish Rajan - Twitter @hashishrajan Guest: David O'Brien - Twitter @david_ob...

6 Syys 202049min

CLOUD SECURITY POSTURE MANAGEMENT - CSPM - GAURAV KUMAR

CLOUD SECURITY POSTURE MANAGEMENT - CSPM - GAURAV KUMAR

In this episode of the Virtual Coffee with Ashish edition, we spoke with Gaurav Kumar, co-founder of RedLock (now part of Palo Alto Prisma Cloud). Host: Ashish Rajan - Twitter @hashishrajan Guest: ...

30 Elo 202055min

HOW TO BUILD SECURE ENVIRONMENTS IN Google Cloud - DARPAN SHAH

HOW TO BUILD SECURE ENVIRONMENTS IN Google Cloud - DARPAN SHAH

In this episode of the Virtual Coffee with Ashish edition, we spoke with Darpan Shah, Cloud Security Engineer. Darpan has 8 AWS Certificates, 6 GCP certificates and at his work, he works on both Googl...

23 Elo 202057min

HOW TO BUILD SECURE ENVIRONMENTS IN MICROSOFT AZURE - NICHOLAS HUGHES

HOW TO BUILD SECURE ENVIRONMENTS IN MICROSOFT AZURE - NICHOLAS HUGHES

In this episode of the Virtual Coffee with Ashish edition, we spoke with Nicholas Hughes, CEO of EITR Technologies. Host: Ashish Rajan - Twitter @hashishrajan Guest: Nicholas Hughes - Linkedin In...

16 Elo 202053min

HOW TO CREATE AN EFFECTIVE CYBER SECURITY TEAM - CLINT GIBLER

HOW TO CREATE AN EFFECTIVE CYBER SECURITY TEAM - CLINT GIBLER

In this episode of the Virtual Coffee with Ashish edition, we spoke with Clint Gibler Host: Ashish Rajan - Twitter @hashishrajan Guest: Clint Gibler - Linkedin In this episode, Clint & Ashish spok...

9 Elo 202049min

Application Security AppSec 101 - Tanya Janca

Application Security AppSec 101 - Tanya Janca

In this episode of the Virtual Coffee with Ashish edition, we spoke with Tanya Janca, Founder, SheHacksPurple & WeHackPurple. Host: Ashish Rajan - Twitter @hashishrajan Guest: Tanya Janca - Linkedi...

2 Elo 20201h 6min