The Role of Cloud Security Research in 2024
Cloud Security Podcast2 Okt 2024

The Role of Cloud Security Research in 2024

Why does Cloud Security Research matter in 2024? At fwd:cloudsec EU in Brussels, we sat down with Scott Piper, a renowned cloud security researcher at Wiz, to discuss the growing importance of cloud security research and its real-world impact. Scott spoke to us about the critical differences between traditional security testing and cloud security research, explaining how his team investigates cloud providers to find out vulnerabilities, improve detection tools, and safeguard data.


Guest Socials: ⁠⁠⁠⁠⁠⁠Scott's Linkedin + Scott's Twitter

Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp


Questions asked:

(00:00) Introduction

(02:07) A bit about Scott Piper

(02:48) What is a Cloud Security Research Team?

(04:30) Difference between traditional and Cloud Security Research

(07:21) Cloud Pentesting vs Cloud Security Research

(08:10) What is request collapsing?

(10:26) GitHub Actions and OIDC Research

(13:47) How has cloud security evolved?

(17:02) Tactical things for Cloud Security Program

(18:41) Impact of Kubernetes and AI on Cloud

(20:37) How to become a Cloud Security Researcher

(22:46) AWS Cloud Security Best Practices

(26:35) Trends in AWS Cloud Security Research

(28:11) Fun Questions

(30:22) A bit about fwd:cloudsec


Resources mentioned during the interview:

Wiz.io - Cloud Security Podcast listeners can also get a free cloud security health scan

PEACH framework

Wiz Research Blog

Avoiding security incidents due to request collapsing

A security community success story of mitigating a misconfiguration

Cloudmapper

flaws.cloud

fwd:cloudsec


CTFs

The Big IAM Challenge

Prompt Airlines , AI Security Challenge

Kubernetes LAN Party

Episoder(345)

Kubernetes Network Security for Multi Tenancy

Kubernetes Network Security for Multi Tenancy

Kubernetes security explained : We spoke to Cailyn Edwards, CNCF Ambassador and Senior Security Engineer at Shopify. Interview was recorded at Kubecon NA 2023. We asked her about the complexities of K...

12 Des 202326min

AWS reInvent 2023 - Security highlights and announcements

AWS reInvent 2023 - Security highlights and announcements

Cloud Security Podcast just got back from AWS re:invent 2023, there was a lot of chat around, you guessed it - GenAI but along with that there were plenty of security updates and announcement. Shilpi ...

5 Des 202356min

eBPF - Kubernetes Network Security without the Blind Sides!

eBPF - Kubernetes Network Security without the Blind Sides!

eBPF is recent graduate in the CNCF family and this means that the world of Cloud and Kubernetes, networking looks very different with more security capabilities. Cilium the project from Isovalent has...

30 Nov 202323min

Attack Path Analysis for Better Kubernetes Security

Attack Path Analysis for Better Kubernetes Security

Kubernetes security cannot just be Kubernetes but it is like security of a datacenter within another datacenter. In this episode with Tim Miller we spoke about CNAPP, how to approach kubernetes securi...

22 Nov 202321min

Secure your SaaS applications like this!

Secure your SaaS applications like this!

SaaS Applications support large companies, small startups. We inevitably accumulate SAAS applications to manage our employees, payroll, communication with things like Workday, Slack, Salesforce and no...

21 Nov 202342min

Threat Detection for not so Common Cloud Services

Threat Detection for not so Common Cloud Services

Threat detection is often limited to popular cloud services, so whats happening to all the "not so popular or commonly known" cloud services in your environment? We are speaking to Suresh Vasudevan, C...

11 Nov 202334min

How to Escape Clusters in a Managed Kubernetes Cluster?

How to Escape Clusters in a Managed Kubernetes Cluster?

Not Escaping Containers but escaping Clusters - Managed Kubernetes distributions such as Amazon EKS, Google Kubernetes Engine (GKE) and Azure Kubernetes Service (AKS) attack vectors can allow you to r...

7 Nov 202359min

Have I lost my Secrets?

Have I lost my Secrets?

You know that feeling when you are unsure if you AWS secret that leaked is still available for use. There is no easy way to check this apart from looking in AWS to see if anyone used it. Turns out the...

6 Nov 202329min

Populært innen Teknologi

lydartikler-fra-aftenposten
romkapsel
energi-og-klima
teknisk-sett
tomprat-med-gunnar-tjomlid
elektropodden
nasjonal-sikkerhetsmyndighet-nsm
fornybaren
rss-impressions-2
shifter
teknologi-og-mennesker
rss-polypod
rss-ai-forklart
pedagogisk-intelligens
rss-ki-praten
smart-forklart
rss-alt-vi-kan
rss-alt-som-gar-pa-strom
blaskjerm-brodrene
rss-forenklingspodden