Is Artificial Intelligence the ultimate security dragon, we need to slay, or a powerful ally we must train? Recorded LIVE at BSidesSF, this special episode dives headfirst into the most pressing debates around AI security.Join host Ashish Rajan as he navigates the complex landscape of AI threats and opportunities with two leading experts:Jackie Bow (Anthropic): Championing the "How to Train Your Dragon" approach, Jackie reveals how we can leverage AI, and even its 'hallucinations,' for advanced threat detection, response, and creative security solutions.Kane Narraway (Canva): Taking the "Knight/Wizard" stance, Kane illuminates the critical challenges in securing AI systems, understanding the new layers of risk, and the complexities of AI threat modeling.🔥 In this episode, we tackle the tough questions:Is the hype around past 'AI-powered' security justified, or was it "hot garbage"?How can you build effective threat models when AI introduces new, complex failure points?What are the real risks and challenges when implementing AI in production?Can AI tools like 'vibe coding' democratize security, or do they risk deskilling professionals?How can defenders possibly keep pace with AI-driven attacks without fully embracing AI themselves?Exploring the future of AI in both offensive and defensive cybersecurity.Guest Socials - Jackie's Linkedin + Kane's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity PodcastQuestions asked:(00:00) Intro: Slaying or Training the AI Dragon at BSidesSF?(03:15) Meet Jackie Bow (Anthropic): Training AI for Security Defense(03:41) Meet Kane Narraway (Canva): Securing AI Systems & Facing Risks(04:51) Was Traditional Security Ops "Hot Garbage"? Setting the Scene(06:32) The Real Risks: What AI Brings to Your Organisation(07:27) AI in Action: Leveraging AI for Threat Detection & Response(08:37) AI Hallucinations: Bug, Feature, or Security Blind Spot?(09:54) Threat Modeling AI: The Core Challenges & Learnings (13:29) Getting Started: Practical AI Threat Detection First Steps(17:56) AI & Cloud: Integrating AI into Your Existing Environments(25:38) AI vs. Traditional: Is Threat Modeling Different Now?(29:52) Your First Step: Where to Begin with AI Threat Modeling?(33:17) Fun Questions & Final Thoughts on the Future of AI Security
--------
37:32
CYBERSECURITY for AI: The New Threat Landscape & How Do We Secure It?
As Artificial Intelligence reshapes our world, understanding the new threat landscape and how to secure AI-driven systems is more crucial than ever. We spoke to Ankur Shah, Co-Founder and CEO of Straiker about navigating this rapidly evolving frontier.In this episode, we unpack the complexities of securing AI, from the fundamental shifts in application architecture to the emerging attack vectors. Discover why Ankur believes "you can only secure AI with AI" and how organizations can prepare for a future where "your imagination is the new limit," but so too are the potential vulnerabilities.Guest Socials - Ankur's LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity PodcastQuestions asked:(00:00) Introduction(00:30) Meet Ankur Shah (CEO, Straiker)(01:54) Current AI Deployments in Organizations (Copilots & Agents)(04:48) AI vs. Traditional Security: Why Old Methods Fail for AI Apps(07:07) AI Application Types: Native, Immigrant & Explorer Explained(10:49) AI's Impact on the Evolving Cyber Threat Landscape(17:34) Ankur Shah on Core AI Security Principles (Visibility, Governance, Guardrails)(22:26) The AI Security Vendor Landscape (Acquisitions & Startups)(24:20) Current AI Security Practices in Organizations: What's Working?(25:42) AI Security & Hyperscalers (AWS, Azure, Google Cloud): Pros & Cons(26:56) What is AI Inference? Explained for Cybersecurity Pros(33:51) Overlooked AI Attack Surfaces: Hidden Risks in AI Security(35:12) How to Uplift Your Security Program for AI(37:47) Rapid Fire: Fun Questions with Ankur ShahThank you to this episode's sponsor - Straiker.ai
--------
40:43
Cloud Security Evolved: From CNAPP to AI Threats
The world of cloud security is evolving at breakneck speed. Are traditional tools and strategies enough to combat the sophisticated threats of tomorrow? In this episode, we're joined by Elad Koren, Vice President of Product Management from Palo Alto Networks, to explore the dynamic journey of cloud security.Elad shares his insights on how the landscape has shifted, moving beyond the era of CSPM and CNAPP as standalone solutions. We delve into why a cloud-aware Security Operations Center (SOC) is no longer a luxury but a necessity, and what "runtime security" truly means in today's complex, multi-cloud environments.The conversation also tackles the double-edged sword of Artificial Intelligence, how it’s empowering both attackers with new capabilities and defenders with advanced tools. Elad discusses the critical considerations for organizations undergoing digital transformation, the importance of AI governance, and provides actionable advice for companies at all stages of their cloud adoption journey, from securing code from day one to building holistic visibility across their entire infrastructure.Guest Socials - Elad's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity PodcastQuestions asked:(00:00) Introduction(01:38) How has Cloud Security Evolved?(04:21) Why CNAPP is not enough anymore?(07:13) What is runtime security?(07:54) Impact of AI on Cloud Security(11:41) What to include in your cybersecurity program in 2025?(16:47) The Fun SectionThank you to this episode's sponsor - PaloAlto Networks Resources discussed during the episode:PaloAlto Networks RSAC Announcement 1PaloAlto Networks RSAC Announcement 2
Dive deep into the key takeaways from RSA Conference 2025 with our expert panel! Join Ashish Rajan, James Berthoty, Chris Hughes, Tanya Janca, and Francis Odum as they dissect the biggest trends, surprises, and "hot takes" from one of the world's largest cybersecurity events.In this episode, we cover:Initial reactions and the sheer scale of RSA Conference 2025.Major themes: AI's impact on cybersecurity, especially AppSec, vendor consolidation, the evolution of runtime security, and more.The rise of AI-native applications and how they're reshaping the landscape.Deep dives into Application Security (AppSec), secure coding with AI, and the future of vulnerability management.Understanding runtime security beyond DAST and its critical role.Unexpected insights and surprising takeaways from the conference floor.Guests include:Chris Hughes – CEO at Aquia & host of Resilient CyberJames Berthoty – Cloud and AppSec engineer, known for sharp vendor analysis and engineering-first content and Latio TechTanya Janca – Founder of She Hacks PurpleFrancis Odum – Founder of Software Analyst Cyber ResearchPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity PodcastQuestions asked:(00:00) Introduction: Unpacking the RSA Conference 2025(02:20) Meet the Experts: Panelist Introductions(03:39) RSAC First Impressions: Scale, Excitement & Attendee Numbers(07:52) Top Themes from RSA Conference 2025(16:01) AI's Evolution: Native Applications & AppSec's Transformation(33:30) Demystifying Runtime Security (Beyond DAST)(40:23) RSA Surprises & Unexpected Takeaways
--------
53:52
Mindset: Modern SOC Strategies for Cloud & Kubernetes (Ft Sergej Epp. Ex-Deutsche Bank)
Join Ashish Rajan in this episodeas he dives deep into the evolving world of cloud security with Sergej Epp, formerly of Deutsche Bank and Palo Alto Networks, now with Sysdig.Discover why traditional security approaches fall short in today's dynamic cloud-native environments, where workloads resemble swarms of drones rather than predictable trains. Sergej explains the critical shift from basic posture management (CSPM/CNAPP) towards runtime security, emphasizing the need for an "assume breach" mindset.Learn about the staggering reality that over 60% of containers now live for less than a minute and the immense challenges this poses for detection, incident response, and forensics.This episode covers:The evolution from traditional security to cloud-native and runtime security.Why CNAPP/CSPM is like a map, but runtime security is the essential radar.The complexities of modern incident response with ephemeral workloads.Key strategies for Security Operations Centers (SOC) adapting to the cloud.The importance of visibility, data collection, and tools for hybrid and even air-gapped environments.How AI is starting to aid security operations and forensics.Guest Socials: Sergej LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity PodcastQuestions asked:(00:00) Introduction: Cloud Security & The One-Minute Container Problem(01:31) Meet Sergej Epp: 20+ Years in Cybersecurity (Deutsche Bank, Palo Alto, Sysdig)(02:44) What is Cloud Native Today? From Train Stations to Airports with Drones(05:34) Runtime Security Explained: Why It's Crucial Now(11:05) The Evolution of Cloud Security: Beyond Basic Posture Management(13:49) Incident Response Evolution: Tackling One-Minute Containers(18:34) Who Needs Runtime Security? Platform Engineers, SOC Teams & More(21:01) Runtime Security as a Platform: Beyond Detection to Prevention & Insights(24:45) Cloud Security Program Maturity: From On-Prem to Cloud Native SOC(29:20) AI in SOC Operations: Speeding Up Forensics & Context
Learn Cloud Security in Public Cloud the unbiased way from CyberSecurity Experts solving challenges at Cloud Scale. We can be honest because we are not owned by Cloud Service Provider like AWS, Azure or Google Cloud.
We aim to make the community learn Cloud Security through community stories from small - Large organisations solving multi-cloud challenges to diving into specific topics of Cloud Security.
We LIVE STREAM interviews on Cloud Security Topics every weekend on Linkedin, YouTube, Facebook and Twitter with over 150 people watching and asking questions and interacting with the Guest.
Netherlands