Public Cloud Security Series #3: How to catch up, survive multi-cloud & when to tap out with Rich Mogull

Our conversation with Rich Mogull was intended to provide an analyst view point on public cloud security. While Rich certainly delivered on this promise, the episode turned into something more important: therapy. If you find yourself wondering if you’re burnt out from cyber security and life in general, this is for you. Our conversation with Rich starts with the work he does in disaster response, focusing on his recent time responding to the COVID-19 pandemic as a paramedic.  He explains how key concepts of anti-fragility from responder culture such as “trench foot” and “changing your socks” also apply to the rough and tumble world of cyber security— especially in assessing yourself for burnout.If you find yourself drowning in work and straining to catch up to the rest of the organization's push to the public cloud, this is for you.  We discuss how this happens quite naturally in most places, resulting in a dysfunctional norm of security teams inadvertently being left behind but still responsible for protecting the public cloud. Rich lays out a recipe for getting back on track, starting with making sure it simply isn’t time to throw in the towel and find a better gig.If multi-cloud seems impossible to defend with the skills and resources you have, you’re probably right. Rich takes us through the mind-boggling complexity of what it takes to stay on top of a single public cloud environment, let alone several. He doesn’t mince words in his unflattering assessment of the challenges with all 3 major cloud service providers: Amazon, Google & Microsoft.We wrap up with a hopeful look at what lies ahead for protecting the public cloud. Rich and Dave share examples of how long standing problems such as re-architecting are now solvable and operational challenges can truly be simplified when mantras like “shift left” move from buzzword bingo to new reality.