Cloud Security Podcast by Google

• EP213 From Promise to Practice: LLMs for Anomaly Detection and Real-World Cloud Security

  Guest: Yigael Berger, Head of AI, Sweet Security Topic: Where do you see a gap between the “promise” of LLMs for security and how they are actually used in the field to solve customer pains? I know you use LLMs for anomaly detection. Explain how that “trick” works? What is it good for? How effective do you think it will be?  Can you compare this to other anomaly detection methods? Also, won’t this be costly - how do you manage to keep inference costs under control at scale?  SOC teams often grapple with the tradeoff between “seeing everything” so that they never miss any attack, and handling too much noise. What are you seeing emerge in cloud D&R to address this challenge? We hear from folks who developed an automated approach to handle a reviews queue previously handled by people. Inevitably even if precision and recall can be shown to be superior, executive or customer backlash comes hard with a false negative (or a flood of false positives). Have you seen this phenomenon, and if so, what have you learned about handling it? What are other barriers that need to be overcome so that LLMs can push the envelope further for improving security? So from your perspective, LLMs are going to tip the scale in whose favor - cybercriminals or defenders?  Resource: EP157 Decoding CDR & CIRA: What Happens When SecOps Meets Cloud EP194 Deep Dive into ADR - Application Detection and Response EP135 AI and Security: The Good, the Bad, and the Magical Andrej Karpathy series on how LLMs work Sweet Security blog  

  --------  

  28:01
• EP212 Securing the Cloud at Scale: Modern Bank CISO on Metrics, Challenges, and SecOps

  Guest: Dave Hannigan, CISO at Nu Bank Topics: Tell us about the challenges you're facing as CISO at NuBank and how are they different from your past life at Spotify? You're a big cloud based operation  - what are the key challenges you're tracking in your cloud environments?  What lessons do you wish you knew back in your previous CISO run [at Spotify]? What metrics do your team report for you to understand the security posture of your cloud environments?  How do you know “your” cloud use is as secure as you want it to be? You're a former Googler, and I'm sure that's not why, so why did you choose to go with Google SecOps for your organization? Resources: “Moving shields into position: How you can organize security to boost digital transformation” blog and the paper. “For a successful cloud transformation, change your culture first” blog “Is your digital transformation secure? How to tell if your team is on the right path”’ blog EP201 Every CTO Should Be a CSTO (Or Else!) - Transformation Lessons from The Hoff EP104 CISO Walks Into the Cloud: And The Magic Starts to Happen! EP141 Cloud Security Coast to Coast: From 2015 to 2023, What's Changed and What's the Same? EP209 vCISO in the Cloud: Navigating the New Security Landscape (and Don’t Forget Resilience!) “Thinking Fast and Slow” book “Turn the Ship Around” book

  --------  

  33:16
• EP211 Decoding the Underground: Google's Dual-Lens Threat Intelligence Magic

  Guest: Kimberly Goody, Head of Intel Analysis and Production, Google Cloud Topics: Google's Threat Intelligence Group (GTIG) has a unique position, accessing both underground forum data and incident response information. How does this dual perspective enhance your ability to identify and attribute cybercriminal campaigns? Attributing cyberattacks with high confidence is important. Can you walk us through the process GTIG uses to connect an incident to specific threat actors, given the complexities of the threat landscape and the challenges of linking tools and actors?  There is a difficulty of correlating publicly known tool names with the aliases used by threat actors in underground forums. How does GTIG overcome this challenge to track the evolution and usage of malware and other tools? Can you give a specific example of how this "decoding" process works? How does GTIG collaborate with other teams within Google, such as incident response or product security, to share threat intelligence and improve Google's overall security posture? How does this work make Google more secure? What does Google (and specifically GTIG) do differently than other organizations focused on collecting and analyzing threat-intelligence? Is there AI involved? Resources: “Cybercrime: A Multifaceted National Security Threat” report EP112 Threat Horizons - How Google Does Threat Intelligence EP175 Meet Crystal Lister: From Public Sector to Google Cloud Security and Threat Horizons EP178 Meet Brandon Wood: The Human Side of Threat Intelligence: From Bad IP to Trafficking Busts “Wild Swans: Three Daughters of China” book How Google Does It: Making threat detection high-quality, scalable, and modern How Google Does It: Finding, tracking, and fixing vulnerabilities “From Credit Cards to Crypto: The Evolution of Cybercrime” video

  --------  

  26:02
• EP210 Cloud Security Surprises: Real Stories, Real Lessons, Real "Oh No!" Moments

  Guest: Or Brokman, Strategic Google Cloud Engineer, Security and Compliance, Google Cloud Topics: Can you tell us about one particular cloud consulting engagement that really sticks out in your memory? Maybe a time when you lifted the hood, so to speak, and were absolutely floored by what you found – good or bad! In your experience, what's that one thing – that common mistake – that just keeps popping up? That thing that makes you say 'Oh no, not this again!' 'Tools over process' mistake is one of the 'oldies.' What do you still think drives people to it, and how to fix it? If you could give just one piece of cloud security advice to every company out there, regardless of their size or industry, what would it be?  Resources: Video (YouTube) “Threat Modeling: Designing for Security” by Adam Shostack EP16 Modern Data Security Approaches: Is Cloud More Secure? EP142 Cloud Security Podcast Ask Me Anything #AMA 2023 “For a successful cloud transformation, change your culture first” (OOT vs TOO blog) https://www.linkedin.com/in/stephrwong/  New Paper: “Autonomic Security Operations — 10X Transformation of the Security Operations Center” (2021)

  --------  

  26:58
• EP209 vCISO in the Cloud: Navigating the New Security Landscape (and Don’t Forget Resilience!)

  Guests:  Beth Cartier, former CISO, vCISO, founder of Initiative Security Guest host of the CISO mini-series: Marina Kaganovich, Executive Trust Lead, Office of the CISO @ Google Cloud Topics: How is that vCISO’ing going? What is special about vCISO and cloud? Is it easier or harder? AI, cyber, resilience - all are hot topics these days.  In the context of cloud security, how are you seeing organizations realistically address these trends? Are they being managed effectively (finally?) or is security always playing catch up? Recent events reminded us that cybersecurity may sometimes interfere with resilience. How have you looked to build resilience into your security program? The topic is perhaps 30+ years old, but security needs to have a seat at the table, and often still doesn’t - why do you think this is the case?  What approaches or tips have you found to work well in elevating security within organizations? Any tips for how cyber professionals can stay up to date to keep up with the current threat landscape vs the threats that are around the corner? Resources: EP208 The Modern CISO: Balancing Risk, Innovation, and Business Strategy (And Where is Cloud?) EP189 How Google Does Security Programs at Scale: CISO Insights EP129 How CISO Cloud Dreams and Realities Collide EP104 CISO Walks Into the Cloud: And The Magic Starts to Happen! EP93 CISO Walks Into the Cloud: Frustrations, Successes, Lessons ... And Is My Data Secure?  

  --------  

  29:06

Meer Technologie podcasts

Trending Technologie -podcasts

Over Cloud Security Podcast by Google