Showing 4 episodes for Voices
#175
June 3, 2024
EP175 Meet Crystal Lister: From Public Sector to Google Cloud Security and Threat Horizons
Topics covered:
- Your background can be sheepishly called “public sector”, what’s your experience been transitioning from public to private? How did you end up here doing what you are doing?
- We imagine you learned a lot from what you just described – how’s that impacted your work at Google?
- How have you seen risk management practices and outcomes differ?
- You now lead Google Threat Horizons reports, do you have a vision for this? How does your past work inform it?
- Given the prevalence of ransomware attacks, many organizations are focused on external threats. In your experience, does the risk of insider threats still hold significant weight? What type of company needs a dedicated and separate insider threat program?
#167
April 8, 2024
EP167 Stolen Cards and Fake Accounts: Defending Google Cloud Against Abuse
Guest:
- Maria Riaz, Cloud Counter-Abuse, Engineering Lead, Google Cloud
Topics covered:
- What is “counter abuse”? Is this the same as security?
- What does counter-abuse look like for GCP?
- What are the popular abuse types we face?
- Do people use stolen cards to get accounts to then violate the terms with?
- How do we deal with this, generally?
- Beyond core technical skills, what are some of the relevant competencies for working in this space that would appeal to a diverse set of audience?
- You have worked in academia and industry. What similarities or differences have you observed?
#165
March 25, 2024
EP165 Your Cloud Is Not a Pet - Decoding 'Shifting Left' for Cloud Security
Guest:
- Ahmad Robinson, Cloud Security Architect, Google Cloud
Topics covered:
- You’ve done a BlackHat webinar where you discuss a Pets vs Cattle mentality when it comes to cloud operations. Can you explain this mentality and how it applies to security?
- What in your past led you to these insights? Tell us more about your background and your journey to Google. How did that background contribute to your team?
- One term that often comes up on the show and with our customers is 'shifting left.' Could you explain what 'shifting left' means in the context of cloud security? What’s hard about shift left, and where do orgs get stuck too far right?
- A lot of “cloud people” talk about IaC and PaC but the terms and the concepts are occasionally confusing to those new to cloud. Can you briefly explain Policy as Code and its security implications? Does PaC help or hurt security?
#161
February 26, 2024
EP161 Cloud Compliance: A Lawyer - Turned Technologist! - Perspective on Navigating the Cloud
Topics covered:
- You work with technical folks at the intersection of compliance, security, and cloud. So what do you do, and where do you find the biggest challenges in communicating across those boundaries?
- How does cloud make compliance easier? Does it ever make compliance harder?
- What is your best advice to organizations that approach cloud compliance as they did for the 1990s data centers and classic IT?
- What has been the most surprising compliance challenge you’ve helped teams debug in your time here?
- You also work on standards development –can you tell us about how you got into that and what’s been surprising in that for you?
- We often say on this show that an organization’s ability to threat model is only as good as their team’s perspectives are diverse: how has your background shaped your work here?