The Role of Cloud Security Research in 2024
Cloud Security Podcast2 Okt 2024

The Role of Cloud Security Research in 2024

Why does Cloud Security Research matter in 2024? At fwd:cloudsec EU in Brussels, we sat down with Scott Piper, a renowned cloud security researcher at Wiz, to discuss the growing importance of cloud security research and its real-world impact. Scott spoke to us about the critical differences between traditional security testing and cloud security research, explaining how his team investigates cloud providers to find out vulnerabilities, improve detection tools, and safeguard data.


Guest Socials: ⁠⁠⁠⁠⁠⁠Scott's Linkedin + Scott's Twitter

Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp


Questions asked:

(00:00) Introduction

(02:07) A bit about Scott Piper

(02:48) What is a Cloud Security Research Team?

(04:30) Difference between traditional and Cloud Security Research

(07:21) Cloud Pentesting vs Cloud Security Research

(08:10) What is request collapsing?

(10:26) GitHub Actions and OIDC Research

(13:47) How has cloud security evolved?

(17:02) Tactical things for Cloud Security Program

(18:41) Impact of Kubernetes and AI on Cloud

(20:37) How to become a Cloud Security Researcher

(22:46) AWS Cloud Security Best Practices

(26:35) Trends in AWS Cloud Security Research

(28:11) Fun Questions

(30:22) A bit about fwd:cloudsec


Resources mentioned during the interview:

Wiz.io - Cloud Security Podcast listeners can also get a free cloud security health scan

PEACH framework

Wiz Research Blog

Avoiding security incidents due to request collapsing

A security community success story of mitigating a misconfiguration

Cloudmapper

flaws.cloud

fwd:cloudsec


CTFs

The Big IAM Challenge

Prompt Airlines , AI Security Challenge

Kubernetes LAN Party

Episoder(345)

OPEN SOURCE AWS SECURITY - MATTHEW FULLER, co-Founder CloudSploit, Aqua

OPEN SOURCE AWS SECURITY - MATTHEW FULLER, co-Founder CloudSploit, Aqua

In this episode of the Virtual Coffee with Ashish edition, we spoke with Matthew Fuller, co-Founder CloudSploit, Aqua Host: Ashish Rajan - Twitter @hashishrajan Guest: Matthew Fuller - Linkedin @ma...

15 Nov 202047min

WHAT THE HECK IS CI/CD | Continuous Integration | Delivery | Deployment - Melissa Benua

WHAT THE HECK IS CI/CD | Continuous Integration | Delivery | Deployment - Melissa Benua

In this episode of the Virtual Coffee with Ashish edition, we spoke with Melissa Benua, Director of Engineering Host: Ashish Rajan - Twitter @hashishrajan Guest: Melissa Benua - Linkedin @mbenua I...

8 Nov 202042min

HOW TO PREPARE FOR GDPR IN AZURE CLOUD ENVIRONMENT- Naomi Buckwalter

HOW TO PREPARE FOR GDPR IN AZURE CLOUD ENVIRONMENT- Naomi Buckwalter

In this episode of the Virtual Coffee with Ashish edition, we spoke with Naomi Buckwalter Host: Ashish Rajan - Twitter @hashishrajan Guest: Naomi Buckwalter - Linkedin @naomi-buckwalter In this ep...

1 Nov 202046min

HOW TO START in BUG BOUNTY IN 2020 with Casey Ellis, BugCrowd

HOW TO START in BUG BOUNTY IN 2020 with Casey Ellis, BugCrowd

In this episode of the Virtual Coffee with Ashish edition, we spoke with Casey Ellis Host: Ashish Rajan - Twitter @hashishrajan Guest: Casey Ellis - Linkedin @caseyjohnellis In this episode, Casey...

25 Okt 20201h 5min

CONTINUOUS MONITORING FOR CONTROLS & VULNERABILITIES - DANIEL MIESSLER

CONTINUOUS MONITORING FOR CONTROLS & VULNERABILITIES - DANIEL MIESSLER

In this episode of the Virtual Coffee with Ashish edition, we spoke with Daniel Miessler Host: Ashish Rajan - Twitter @hashishrajan Guest: Daniel Miessler - Linkedin @danielmiessler In this episod...

18 Okt 202048min

AWS SECURITY IN A LARGE REGULATED ENTERPRISE! - HOUSTON HOPKINS, CAPITAL ONE

AWS SECURITY IN A LARGE REGULATED ENTERPRISE! - HOUSTON HOPKINS, CAPITAL ONE

In this episode of the Virtual Coffee with Ashish edition, we spoke with Houston Hopkins, Director CyberSecurity, Capital One Host: Ashish Rajan - Twitter @hashishrajan Guest: Houston Hopkins - Lin...

11 Okt 20201h 1min

CISO Challenges in Cloud Security - Caleb Sima, VP - Security at Databricks

CISO Challenges in Cloud Security - Caleb Sima, VP - Security at Databricks

In this episode of the Virtual Coffee with Ashish edition, we spoke with Caleb Sima, VP - Security, Databricks Host: Ashish Rajan - Twitter @hashishrajan Guest: Caleb Sima - Linkedin @CalebSima I...

4 Okt 20201h 6min

WHAT IS SECURITY CHAOS ENGINEERING? - JEROME WALTER, SECURITY MODERNISATION

WHAT IS SECURITY CHAOS ENGINEERING? - JEROME WALTER, SECURITY MODERNISATION

In this episode of the Virtual Coffee with Ashish edition, we spoke with Jerome Walter, Security Modernisation, Director, VMWare Host: Ashish Rajan - Twitter @hashishrajan Guest: Jerome Walter - Li...

27 Sep 20201h 2min

Populært innen Teknologi

lydartikler-fra-aftenposten
romkapsel
energi-og-klima
teknisk-sett
tomprat-med-gunnar-tjomlid
elektropodden
nasjonal-sikkerhetsmyndighet-nsm
fornybaren
rss-impressions-2
shifter
teknologi-og-mennesker
rss-polypod
pedagogisk-intelligens
rss-ai-forklart
smart-forklart
rss-ki-praten
i-loopen
rss-digitaliseringspadden
rss-alt-vi-kan
rss-forenklingspodden