Cloud Security Podcast21 Aug 2022

HOW TO Threat Model Digital Applications in Cloud

In this episode of the Virtual Coffee with Ashish edition, we spoke with Jeevan Singh (Jeevan's Linkedin) about Threat Modelling STRIDE Threat Modelling can be used for self service Application running in Cloud and allowing Security Teams to go on holiday without worrying about Digital Supply Chain.

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Twitter: Jeevan Singh (Jeevan's Linkedin)

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News

- Cloud Security Academy

Spotify TimeStamp for Interview Questions

(00:00) Ashish's Intro to the Episode

(02:15) https://snyk.io/csp

(02:40) Jeevan's Professional Background

(04:23) What is threat modelling

(05:35) Flicking the Threat Modelling switch

(06:47) Common AppSec Mistake

(09:58) What is Threat Modelling Important?

(11:46) Tainted Flow Analysis and Threat Modelling

(13:00) Where does this fit in CI/CD?

(14:25) Security Teams going on vacation made possible

(15:34) Impact of teaching developers how to run Threat Model

(16:33) First time running Observe Phase of Threat Modelling with Developers

(17:13) Developers are better at Threat Model than Security

(19:09) Level of programming expertise for Threat Modelling

(21:32) Fixing Threats vs Finding relevant controls for the threat

(22:00) Bad example of role of Threat Modelling in Business

(23:41) Should Threat Model be done in Dev?

(24:54) Example of Threat Model for an App hosted in Cloud?

(27:27) Threat Model Skeleton for Cloud Native Apps

(30:12) Does complexity increase with multi-cloud/hybrid environments?

(32:27) What’s involved in rolling a Threat model program in an organisation?

(36:26) Who is the minimum representation in Threat modelling session?

(38:30) Advice for folks who are starting threat modelling today in their organization

(41:59) Cultural Change required for Threat Modelling

(43:19) Example of getting Management agreement

(44:58) Jeevan's 4 Stage of Threat model talk - https://www.youtube.com/watch?v=DtvjJL8xcPY

(45:28) Time-boxing Threat Model Sessions

(48:21) Maintaining Quality of Risk identified during threat modeling

(50:21) Keeping developers updated on latest security vulnerabilities

(54:07) Jeevan’s Favourite Threat Model Type

(55:09) Where can people learn threat modelling?

(56:12) Fun Section

Oppdag Premium

Prøv 14 dager gratis

Kjøp Premium

Episoder(344)

AI Vulnerability Management: Why You Can't Patch a Neural Network

Traditional vulnerability management is simple: find the flaw, patch it, and verify the fix. But what happens when the "asset" is a neural network that has learned something ethically wrong? In this e...

13 Jan 41min

Why Backups Aren't Enough & Identity Recovery is Key against Ransomware

Think your cloud backups will save you from a ransomware attack? Think again. In this episode, Matt Castriotta (Field CTO at Rubrik) explains why the traditional "I have backups" mindset is dangerous....

16 Des 202537min

How to secure your AI Agents: A CISOs Journey

Transitioning a mature organization from an API-first model to an AI-first model is no small feat. In this episode, Yash Kosaraju, CISO of Sendbird, shares the story of how they pivoted from a traditi...

9 Des 202554min

AI-First Vulnerability Management: Should CISOs Build or Buy?

Thinking of building your own AI security tool? In this episode, Santiago Castiñeira, CTO of Maze, breaks down the realities of the "Build vs. Buy" debate for AI-first vulnerability management.While b...

4 Des 20251h 1min

SIEM vs. Data Lake: Why We Ditched Traditional Logging?

In this episode, Cliff Crosland, CEO & co-founder of Scanner.dev, shares his candid journey of trying (and initially failing) to build an in-house security data lake to replace an expensive traditiona...

2 Des 202546min

How to Build Trust in an AI SOC for Regulated Environments

How do you establish trust in an AI SOC, especially in a regulated environment? Grant Oviatt, Head of SOC at Prophet Security and a former SOC leader at Mandiant and Red Canary, tackles this head-on a...

18 Nov 202542min

Threat Modeling the AI Agent: Architecture, Threats & Monitoring

Are we underestimating how the agentic world is impacting cybersecurity? We spoke to Mohan Kumar, who did production security at Box for a deep dive into the threats of true autonomous AI agents.The c...

11 Nov 202547min

AI is already breaking the Silos Between AppSec & CloudSec

The silos between Application Security and Cloud Security are officially breaking down, and AI is the primary catalyst. In this episode, Tejas Dakve, Senior Manager, Application Security, Bloomberg In...

4 Nov 20251h 11min

Reklamefrie Premium-podkaster

Hør populære podkaster som Storefri med Mikkel og Herman, Ida med hjertet i hånden, Krimpodden og mye mye mer

Skap din egen podkastboble

I appen skaper du ditt eget bibliotek med favoritter, og vi gir deg også anbefalinger til podkaster du ikke kan gå glipp av.

Prøv 14 dager gratis

Dersom du er ny Podme-bruker får du 14 dager gratis prøveperiode når du oppretter abonnement

Premium

99 kr/ måned

Tilgang til alle våre Premium-podkaster
Alle podkaster fra VG, Aftenposten, BT og SA
Reklamefritt Premium-innhold
Ingen bindingstid. Avslutt når du ønsker

Prøv 14 dager gratis

Premium

129 kr/ måned

Tilgang til alle Premium-podkaster
Alle podkaster fra VG, Aftenposten, BT og SA
Reklamefritt Premium-innhold
Ingen bindingstid. Avslutt når du ønsker
En Ekstra bruker

Prøv 14 dager gratis

Populært innen Teknologi

rss-teknologioptimistene-energibransjens-it-podcast

Historiene og stemmene du vil høre

Ubegrenset tilgang til alle dine favorittpodkaster og lydbøker

Les mer