All Episodes

EP279 Native Cloud Security: Is 'Good Enough' Actually Winning?

EP278 The Agentic SOC: Are We Measuring Time Saved or Risk Reduced?

EP277: CISO as CFO, From Citi to Celery, It's All about the Cabbage

EP276 AI Governance vs. The Hyper-Velocity Agentic Future: A Lawyer's Take

EP275 Google Cloud Next 2026: The AI Earthquake, "SOC-home" Syndrome, and the Ragged Edge of Reality

EP273 From CISA to Cloud: AI Assurance, Concentration Risk, and the New Regulatory Frontier

EP272 More Than Just Packets: Is NDR a "First-Class" Cloud Security Control?

EP271 Can AI-Native MDR Actually Fix Your Broken SOC Workflows or Just Automate the Mess?

EP270 The Convenience Tax: Why We Keep Failing at Supply Chain Security

EP269 Reflections on RSA 2026 - Beyond AI AI AI AI AI AI AI

EP268 Weaponizing the Administrative Fabric: Cloud Identity and SaaS Compromise in M Trends 2026

EP267 AI SOC or AI in a SOC? Cutting Through Hype, Pricing Models, and SIEM Detection Efficacy with Raffy Marty

EP266 Resetting the SOC for Code War: Allie Mellen on Detecting State Actors vs. Doing the Basics

EP265 Beyond Shadow IT: Unsanctioned AI Agents Don't Just Talk, They Act!

EP264 Measuring Your (Agentic) SOC: Two Security Leaders Walk into a Podcast

EP263 SOC Refurbishing: Why New Tools Won't Fix Broken Processes (Even With AI)

EP262 Freedom, Responsibility, and the Federated Guardrails: A New Model for Modern Security

EP261 No More Aspiration: Scaling a Modern SOC with Real AI Agents

EP260 The Agentic IAM Trainwreck: Why Your Bots Need Better Permissions Than Your Admins

EP259 Why DeepMind Built a Security LLM Sec-Gemini and How It Beats the Generalists

EP258 Why Your Security Strategy Needs an Immune System, Not a Fortress with Royal Hansen

EP257 Beyond the 'Kaboom': What Actually Breaks When OT Meets the Cloud?

EP256 Rewiring Democracy & Hacking Trust: Bruce Schneier on the AI Offense-Defense Balance

EP255 Separating Hype from Hazard: The Truth About Autonomous AI Hacking

EP254 Escaping 1990s Vulnerability Management: From Unauthenticated Scans to AI-Driven Mitigation

EP253 The Craft of Cloud Bug Hunting: Writing Winning Reports and Secrets from a VRP Champion

EP252 The Agentic SOC Reality: Governing AI Agents, Data Fidelity, and Measuring Success

EP251 Beyond Fancy Scripts: Can AI Red Teaming Find Truly Novel Attacks?

EP250 The End of "Collect Everything"? Moving from Centralization to Data Access?

EP249 Data First: What Really Makes Your SOC 'AI Ready'?

EP248 Cloud IR Tabletop Wins: How to Stop Playing Security Theater and Start Practicing

EP247 The Evolving CISO: From Security Cop to Cloud & AI Champion

EP246 From Scanners to AI: 25 Years of Vulnerability Management with Qualys CEO Sumedh Thakar

EP245 From Consumer Chatbots to Enterprise Guardrails: Securing Real AI Adoption

EP244 The Future of SOAPA: Jon Oltsik on Platform Consolidation vs. Best-of-Breed in the Age of Agentic AI

EP243 Email Security in the AI Age: An Epic 2025 Arms Race Begins

EP242 The AI SOC: Is This The Automation We've Been Waiting For?

EP241 From Black Box to Building Blocks: More Modern Detection Engineering Lessons from Google

EP240 Cyber Resiliency for the Rest of Us: Making it Happen on a Real-World Budget

EP239 Linux Security: The Detection and Response Disconnect and Where Is My Agentless EDR

EP238 Google Lessons for Using AI Agents for Securing Our Enterprise

EP237 Making Security Personal at the Speed and Scale of TikTok

EP236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI

EP235 The Autonomous Frontier: Governing AI Agents from Code to Courtroom

EP234 The SIEM Paradox: Logs, Lies, and Failing to Detect

EP233 Product Security Engineering at Google: Resilience and Security

EP232 The Human Element of Privacy: Protecting High-Risk Targets and Designing Systems

EP231 Beyond the Buzzword: Practical Detection as Code in the Enterprise

EP230 AI Red Teaming: Surprises, Strategies, and Lessons from Google

EP229 Beyond the Hype: Debunking Cloud Breach Myths (and What DBIR Says Now)

EP228 SIEM in 2025: Still Hard? Reimagining Detection at Cloud Scale and with More Pipelines

EP227 AI-Native MDR: Betting on the Future of Security Operations?

EP226 AI Supply Chain Security: Old Lessons, New Poisons, and Agentic Dreams

EP225 Cross-promotion: The Cyber-Savvy Boardroom Podcast: EP2 Christian Karam on the Use of AI

EP224 Protecting the Learning Machines: From AI Agents to Provenance in MLSecOps

EP223 AI Addressable, Not AI Solvable: Reflections from RSA 2025

EP222 From Post-IR Lessons to Proactive Security: Deconstructing Mandiant M-Trends

EP221 Special - Semi-Live from Google Cloud Next 2025: AI, Agents, Security ... Cloud?

EP220 Big Rewards for Cloud Security: Exploring the Google VRP

EP219 Beyond the Buzzwords: Decoding Cyber Risk and Threat Actors in Asia Pacific

EP218 IAM in the Cloud & AI Era: Navigating Evolution, Challenges, and the Rise of ITDR/ISPM

EP217 Red Teaming AI: Uncovering Surprises, Facing New Threats, and the Same Old Mistakes?

EP216 Ephemeral Clouds, Lasting Security: CIRA, CDR, and the Future of Cloud Investigations

EP215 Threat Modeling at Google: From Basics to AI-powered Magic

EP214 Reconciling the Impossible: Engineering Cloud Systems for Diverging Regulations

EP213 From Promise to Practice: LLMs for Anomaly Detection and Real-World Cloud Security

EP212 Securing the Cloud at Scale: Modern Bank CISO on Metrics, Challenges, and SecOps

EP211 Decoding the Underground: Google's Dual-Lens Threat Intelligence Magic

EP210 Cloud Security Surprises: Real Stories, Real Lessons, Real "Oh No!" Moments

EP209 vCISO in the Cloud: Navigating the New Security Landscape (and Don't Forget Resilience!)

EP208 The Modern CISO: Balancing Risk, Innovation, and Business Strategy (And Where is Cloud?)

EP207 Slaying the Ransomware Dragon: Can a Startup Succeed?

EP206 Paying the Price: Ransomware's Rising Stakes in the Cloud

EP205 Cybersecurity Forecast 2025: Beyond the Hype and into the Reality

EP204 Beyond PCAST: Phil Venables on the Future of Resilience and Leading Indicators

EP203 Cloud Shared Responsibility: Beyond the Blame Game with Rich Mogull

EP202 Beyond Tiered SOCs: Detection as Code and the Rise of Response Engineering

EP201 Every CTO Should Be a CSTO (Or Else!) - Transformation Lessons from The Hoff

EP200 Zero Touch Prod, Security Rings, and Foundational Services: How Google Does Workload Security

EP199 Your Cloud IAM Top Pet Peeves (and How to Fix Them)

EP198 GenAI Security: Unseen Attack Surfaces & AI Pentesting Lessons

EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective

EP196 AI+TI: What Happens When Two Intelligences Meet?

EP195 Containers vs. VMs: The Security Showdown!

EP194 Deep Dive into ADR - Application Detection and Response

EP193 Inherited a Cloud? Now What? How Do I Secure It?

EP192 Confidential + AI: Can AI Keep a Secret?

EP191 Why Aren't More Defenders Winning? Defender's Advantage and How to Gain it!

EP190 Unraveling the Security Data Fabric: Need, Benefits, and Futures

EP189 How Google Does Security Programs at Scale: CISO Insights

EP188 Beyond the Buzzwords: Identity's True Role in Cloud and SaaS Security

EP187 Conquering SOC Challenges: Leadership, Burnout, and the SIEM Evolution

EP186 Cloud Security Tools: Trust the Cloud Provider or Go Third-Party? An Epic Debate, Anton vs Tim

EP185 SAIF-powered Collaboration to Secure AI: CoSAI and Why It Matters to You

EP184 One Week SIEM Migration: Fact or Fiction?

EP183 Cloud Security Journeys: Improve, Evolve, Transform with Cloud Customers

EP182 ITDR: The Missing Piece in Your Security Puzzle or Yet Another Tool to Buy?

EP181 Detection Engineering Deep Dive: From Career Paths to Scaling SOC Teams

EP180 SOC Crossroads: Optimization vs Transformation - Two Paths for Security Operations Center

EP179 Teamwork Under Stress: Expedition Behavior in Cybersecurity Incident Response

EP178 Meet Brandon Wood: The Human Side of Threat Intelligence: From Bad IP to Trafficking Busts

EP177 Cloud Incident Confessions: Top 5 Mistakes Leading to Breaches from Mandiant

EP176 Google on Google Cloud: How Google Secures Its Own Cloud Use

EP175 Meet Crystal Lister: From Public Sector to Google Cloud Security and Threat Horizons

EP174 How to Measure and Improve Your Cloud Incident Response Readiness: A New Framework

EP173 SAIF in Focus: 5 AI Security Risks and SAIF Mitigations

EP172 RSA 2024: Separating AI Signal from Noise, SecOps Evolves, XDR Declines?

EP171 GenAI in the Wrong Hands: Unmasking the Threat of Malicious AI and Defending Against the Dark Side

EP170 Redefining Security Operations: Practical Applications of GenAI in the SOC

EP169 Google Cloud Next 2024 Recap: Is Cloud an Island, So Much AI, Bots in SecOps

EP168 Beyond Regular LLMs: How SecLM Enhances Security and What Teams Can Do With It

EP167 Stolen Cards and Fake Accounts: Defending Google Cloud Against Abuse

EP166 Workload Identity, Zero Trust and SPIFFE (Also Turtles!)

EP165 Your Cloud Is Not a Pet - Decoding 'Shifting Left' for Cloud Security

EP164 Quantum Computing: Understanding the (very serious) Threat and Post-Quantum Cryptography

EP163 Cloud Security Megatrends: Myths, Realities, Contentious Debates and Of Course AI

EP162 IAM in the Cloud: What it Means to Do It 'Right' with Kat Traxler

EP161 Cloud Compliance: A Lawyer - Turned Technologist! - Perspective on Navigating the Cloud

EP160 Don't Cloud Your Judgement: Security and Cloud Migration, Again!

EP159 Workspace Security: Built for the Modern Threat. But How?

EP158 Ghostbusters for the Cloud: Who You Gonna Call for Cloud Forensics

EP157 Decoding CDR & CIRA: What Happens When SecOps Meets Cloud

EP156 Living Off the Land and Attacking Critical Infrastructure: Mandiant Incident Deep Dive

EP155 Cyber, Geopolitics, AI, Cloud - All in One Book?

EP154 Mike Schiffman: from Blueboxing to LLMs via Network Security at Google

EP153 Kevin Mandia on Cloud Breaches: New Threat Actors, Old Mistakes, and Lessons for All

EP152 Trust, Security and Google's Annual Transparency Report

EP151 Cyber Insurance in the Cloud Era: Balancing Protection, Data and Risks

EP150 Taming the AI Beast: Threat Modeling for Modern AI Systems with Gary McGraw

EP149 Canned Detections: From Educational Samples to Production-Ready Code

EP148 Decoding SaaS Security: Demystifying Breaches, Vulnerabilities, and Vendor Responsibilities

EP147 Special: 2024 Google Cloud Security Forecast Report

EP146 AI Security: Solving the Problems of the AI Era: A VC's Insights

EP145 Cloud Security: Shared Responsibility, Shared Fate, Shared Faith?

EP144 LLMs: A Double-Edged Sword for Cloud Security? Weighing the Benefits and Risks of Large Language Models

EP143 Cloud Security Remediation: The Biggest Headache?

EP142 Cloud Security Podcast Ask Me Anything #AMA 2023

EP141 Cloud Security Coast to Coast: From 2015 to 2023, What's Changed and What's the Same?

EP140 System Hardening at Google Scale: New Challenges, New Solutions

EP139 What is Chronicle? Beyond XDR and into the Next Generation of Security Operations

EP138 Terraform for Security Teams: How to Use IaC to Secure the Cloud

EP137 Next 2023 Special: Conference Recap - AI, Cloud, Security, Magical Hallway Conversations

EP136 Next 2023 Special: Building AI-powered Security Tools - How We Do It?

EP135 AI and Security: The Good, the Bad, and the Magical

EP134 How to Prioritize UX and Security in the Cloud: UX as a Security Capability

EP133 The Shared Problem of Alerting: More SRE Lessons for Security

EP132 Chaos Engineering for Security: How to Improve Software Resilience with Kelly Shortridge

EP131 A Deep Dive into Google's Assured OSS: How Google Secures the Software You Use

EP130 Cloud is Secure: Are you Using It Securely - True or False?

EP129 How CISO Cloud Dreams and Realities Collide

EP128 Building Enterprise Threat Intelligence: The Who, What, Where, and Why

EP127 Is IAM Really Fun and How to Stay Ahead of the Curve in Cloud IAM?

EP126 What is Policy as Code and How Can It Help You Secure Your Cloud Environment?

EP125 Will SIEM Ever Die: SIEM Lessons from the Past for the Future

EP124 Safe Browsing: Lessons from How Google Secures Five Billion Devices at Low False Positive Rates

EP123 The Good, the Bad, and the Epic of Threat Detection at Scale with Panther

EP122 Firewalls in the Cloud: How to Implement Trust Boundaries for Access Control

EP121 What Happens Here Stays Here: Confidential City (and Space)

EP120 Building Secure Cloud and Building Security Products: Finding the Balance

EP119 RSA 2023 - What We Saw, What We Learned, and What We're Excited About

EP118 RSA 2023 - How to Protect Your Organization from Cyberattacks in a Time of Political Turmoil

EP117 Can a Small Team Adopt an Engineering-Centric Approach to Cybersecurity?

EP116 SBOMs: A Step Towards a More Secure Software Supply Chain

EP115 How to Approach Cloud in a Cloudy Way, not As Somebody Else's Computer?

EP114 Minimal Viable Secure Product (MVSP) - Is That a Thing?

EP113 Love it or Hate it, Network Security is Coming to the Cloud

EP112 Threat Horizons - How Google Does Threat Intelligence

EP111 How to Solve the Mystery of Application Security in the Cloud?

EP110 Detection and Response in a High Velocity and High Complexity Environment

EP109 How Google Does Vulnerability Management: The Not So Secret Secrets!

EP108 How to Hunt the Cloud: Lessons and Experiences from Years of Threat Hunting

EP 107 How Google Secures It's Google Cloud Usage at Massive Scale

EP106 Beyond BeyondProd - How Do You Zero Trust Your Workloads?

EP105 Security Architect View: Cloud Migration Successes, Failures and Lessons

EP104 CISO Walks Into the Cloud: And The Magic Starts to Happen!

EP103 Security Incident Response and Public Cloud - Exploring with Mandiant

EP102 Sunil Potti on Building Cloud Security at Google

EP101 Cloud Threat Detection Lessons from a CISO

EP100 2022 Accelerate State of DevOps Report and Software Supply Chain Security

EP99 Google Workspace Security: from Threats to Zero Trust

EP98 How to Cloud IR or Why Attackers Become Cloud Native Faster?

Special: Coordinated Release of Detection Rules for CobaltStike Abuse

EP96 Cloud Security Observability for Detection and Response

EP95 Cloud Security Talks Panel: Cloud Threats and Incidents

EP94 Meet Cloud Security Acronyms with Anna Belak

EP93 CISO Walks Into the Cloud: Frustrations, Successes, Lessons ... And Is My Data Secure?

Special: Sharing The Mic In Cyber with STMIC Hosts Lauren and Christina: Representation, Psychological Safety, Security

EP91 "Hacking Google", Op Aurora and Insider Threat at Google

Next 2022 Google Cybersecurity Action Team: One Year Later!

Next 2022 Can We Escape Ransomware by Migrating to the Cloud?

Next 2022 Improving Browser Security in the New Era of Work

Next 2022 Log4j Reflections, Software Dependencies and Open Source Security

EP86 How to Apply Lessons from Virtualization Transition to Make Cloud Transformation Better

EP85 Deploy Security Capabilities at Scale: SRE Explains How

EP84 How to Secure Artificial Intelligence (AI): Threats, Approaches, Lessons So Far

EP83 What Does reCAPTCHA Actually Do and How Does It Do it? Product Manager Explains

EP82 Mega-confused by XDR? You Are Not Alone! This XDR Skeptic Clarifies!

EP81 Demystify Data Sovereignty and Sovereign Cloud Secrets at Google Cloud

EP80 CISO Walks Into the Cloud: Frustrations, Successes, Lessons ... And Does the Risk Change?

EP79 Modernize Data Security with Autonomic Data Security Approach

EP78 Classic SOC Meets Cloud: What Changes? What Stays the Same?

EP77 Operational Realities of SOAR: Automate and/or Enrich, Playbooks, Magic

EP76 Powering Secure SaaS … But Not with CASB? Cloud Detection and Response?

EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil

EP74 Who Will Solve Cloud Security: A View from Google Investment Side

EP73 Your SOC Is Dead? Evolve to Output-driven Detect and Respond!

EP72 What Does Good Detection and Response Look Like in the Cloud? Insights from Expel MDR

EP71 Attacking Google to Defend Google: How Google Does Red Team

EP70 Special - RSA 2022 Reflections - Securing the Past vs Securing the Future

EP69 Cloud Threats and How to Observe Them

EP68 How We Attack AI? Learn More at Our RSA Panel!

EP67 Cyber Defense Matrix and Does Cloud Security Have to DIE to Win?

EP66 Is This Binary Legit? How Google Uses Binary Authorization and Code Provenance

EP65 Is Your Healthcare Security Healthy? Mandiant Incident Response Insights

EP64 Security Operations Center: The People Side and How to Do it Right

EP63 State of Autonomic Security Operations: Are There Sharks in Your SOC?

EP62 Protect Modern Applications in the Cloud: Union of APIs and Application Security

EP61 Anniversary Episode - What Did We Learn So Far on Cloud Security Podcast?

EP60 Impersonating Service Accounts in GCP and Beyond: Cloud Security Is About IAM?

EP59 Zero Trust: So Easy Even a Government Can Do It?

EP0 New Audio Trailer: Cloud Security Podcast by Google

EP58 SOC is Not Dead: How to Grow and Develop Your SOC for Cloud and Beyond

EP57 Stop Zero Days, Save the World: Project Zero's Maddie Stone Speaks

EP56 Rebuilding vs Forklifting and How to Secure a Data Warehouse in the Cloud

EP55 The Magic of Cloud Migration: Learn Security Lessons from the Field

EP54 Container Security: The Past or The Future?

EP53 Seven Years of SOAR: What's Next?

EP52 Securing AI with DeepMind CISO

EP51 Policy Intelligence: More Fun and Useful than it Sounds!

EP50 The Epic Battle: Machine Learning vs Millions of Malicious Documents

EP49 Lifesaving Tradeoffs: CISO Considerations in moving Healthcare to Cloud

EP48 Confidentially Speaking 2: Cloudful of Secrets

EP47 Megatrends, Macro-changes, Microservices, Oh My! Changes in 2022 and Beyond in Cloud Security

EP46 Products and Solutions: Helping Our Customers Precipitate Change

EP45 VirusTotal Insights on Ransomware Business and Technology

EP44 Evolving a SIEM for the Future While Learning from the Past

EP43 Automation as Paved Roads in Cloud Enablement

EP42 Missing Diversity Hurts Your Security

EP41 Beyond Phishing: Email Security Isn't Solved

EP40 2021: Phishing is Solved?

EP39 From False Positives to Karl Popper: Rationalizing Cloud Threat Detection

NEXT Special - 6 Cloud Security PMs (and a Developer Advocate!) Walk into a Studio

NEXT Special - Google Cybersecurity Action Team: What's the Story?

NEXT Special - Cloud Security and DEI: Being an Ally!

NEXT Special - Google Cloud NEXT Security: What to Watch?

EP34 Instrumenting Modern Application Stack for Detection and Response

EP33 Cloud Migrations: Security Perspectives from The Field

EP32 Can You Ever Know Thyself: Cloud Attack Surface Management

EP31 Cloud Certifications, and Cloud Security with TheCertsGuy

EP30 Malware Hunting with VirusTotal

Future of EDR: Is It Reason-able to Suggest XDR?

Tales from the Trenches: Using AI for Gmail Security

The Mysteries of Detection Engineering: Revealed!

SOC in a Large, Complex and Evolving Organization

Beyond Compliance: Cloud Security in Europe

Linking Up The Pieces: Software Supply Chain Security at Google and Beyond

Threat Detection at Google Cloud Security Summit

Securing Multi-Cloud from a CISO Perspective, Part 3

Security Marketing? Every Product Needs a Story!

Security Operations, Reliability, and Securing Google with Heather Adkins

Double-clicking, but not on fire hydrants, with bot fighters

More Cloud Migration Security Lessons

Modern Threat Detection at Google

Modern Data Security Approaches: Is Cloud More Secure?

Scaling Google Kubernetes Engine Security

Making Compliance Cloud-native

Application Security in the Cloud

Threat Models and Cloud Security

Preparing for Cloud Migrations from a CISO Perspective, Part 2

SIEM Modernization? Is That a Thing?

Building a Third Party Platform for Cloud Security

Zero Trust: Fast Forward from 2010 to 2021

No One Expects the Malware Inquisition

Cloud Security Talks Summarized: A Recap Episode

Preparing for Cloud Migrations from a CISO Perspective, Part 1

Gathering Data for Zero Trust

Automate and/or Die?

Data Security in the Cloud

Confidentially Speaking