The Role of Cloud Security Research in 2024
Cloud Security Podcast2 Okt 2024

The Role of Cloud Security Research in 2024

Why does Cloud Security Research matter in 2024? At fwd:cloudsec EU in Brussels, we sat down with Scott Piper, a renowned cloud security researcher at Wiz, to discuss the growing importance of cloud security research and its real-world impact. Scott spoke to us about the critical differences between traditional security testing and cloud security research, explaining how his team investigates cloud providers to find out vulnerabilities, improve detection tools, and safeguard data.


Guest Socials: ⁠⁠⁠⁠⁠⁠Scott's Linkedin + Scott's Twitter

Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp


Questions asked:

(00:00) Introduction

(02:07) A bit about Scott Piper

(02:48) What is a Cloud Security Research Team?

(04:30) Difference between traditional and Cloud Security Research

(07:21) Cloud Pentesting vs Cloud Security Research

(08:10) What is request collapsing?

(10:26) GitHub Actions and OIDC Research

(13:47) How has cloud security evolved?

(17:02) Tactical things for Cloud Security Program

(18:41) Impact of Kubernetes and AI on Cloud

(20:37) How to become a Cloud Security Researcher

(22:46) AWS Cloud Security Best Practices

(26:35) Trends in AWS Cloud Security Research

(28:11) Fun Questions

(30:22) A bit about fwd:cloudsec


Resources mentioned during the interview:

Wiz.io - Cloud Security Podcast listeners can also get a free cloud security health scan

PEACH framework

Wiz Research Blog

Avoiding security incidents due to request collapsing

A security community success story of mitigating a misconfiguration

Cloudmapper

flaws.cloud

fwd:cloudsec


CTFs

The Big IAM Challenge

Prompt Airlines , AI Security Challenge

Kubernetes LAN Party

Episoder(344)

API SECURITY BEST PRACTICES 2022

API SECURITY BEST PRACTICES 2022

In this episode of the Virtual Coffee with Ashish edition, we spoke with Corey Ball (Corey's Twitter) about what does API in a modern software stack looks like and how these can be attacked and protec...

5 Sep 202239min

BlackHat Defcon 2022 - The Cloud Security Edition

BlackHat Defcon 2022 - The Cloud Security Edition

Special Episode by Shilpi and Ashish sharing their recap, highlights, big takeaways, Cloud Talks and Training from Hacker Summer Camp - Blackhat Defcon Diana Initiative BSides Vegas 2022. Blog with li...

28 Aug 20221h 2min

HOW TO Threat Model Digital Applications in Cloud

HOW TO Threat Model Digital Applications in Cloud

In this episode of the Virtual Coffee with Ashish edition, we spoke with Jeevan Singh (Jeevan's Linkedin) about Threat Modelling STRIDE Threat Modelling can be used for self service Application runnin...

21 Aug 202259min

HOW TO SECURE CONTAINER ENVIRONMENT FOR FINANCIAL SERVICES

HOW TO SECURE CONTAINER ENVIRONMENT FOR FINANCIAL SERVICES

In this episode of the Virtual Coffee with Ashish edition, we spoke with Karthik Ramamoorthy (Karthik's Linkedin) about Container security with NIST Framework for financial services organizations. Epi...

7 Aug 202255min

AWS ReInforce 2022 Recap & Highlights

AWS ReInforce 2022 Recap & Highlights

Special Episode by Shilpi and Ashish sharing their recap, highlights, big takeaways, meh moments and in person experience from AWS ReInforce 2022. Twitter Space with Cloud Security Community about the...

2 Aug 202253min

Fundamentals of AWS Cloud Security Assessment

Fundamentals of AWS Cloud Security Assessment

In this episode of the Virtual Coffee with Ashish edition, we spoke with Cassandra Young (@muteki_rtw) Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Ho...

30 Jul 202249min

So Now You Know!

So Now You Know!

Special Episode by Shilpi and Ashish announcing the 1 year partnership with Snyk and what does this mean for the podcast community - you and also for Ashish and Shilpi. The new Architecture series we ...

28 Jul 202218min

HOW TO SECURE AWS CLOUD ENVIRONMENT FOR HEALTHCARE

HOW TO SECURE AWS CLOUD ENVIRONMENT FOR HEALTHCARE

In this episode of the Virtual Coffee with Ashish edition, we spoke with Kyler Middleton (Kyler's Linkedin) Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast....

20 Jul 202255min

Populært innen Teknologi

lydartikler-fra-aftenposten
romkapsel
teknisk-sett
tomprat-med-gunnar-tjomlid
rss-impressions-2
shifter
teknologi-og-mennesker
fornybaren
nasjonal-sikkerhetsmyndighet-nsm
rss-ki-praten
smart-forklart
elektropodden
pedagogisk-intelligens
rss-alt-vi-kan
rss-ai-forklart
hans-petter-og-co
rss-for-alarmen-gar
rss-heis
energi-og-klima
rss-polypod