Scale to Zero - No Security Questions Left Unanswered

Cloud infrastructure is moving faster than ever, but is your security keeping up? We sit down with a Senior Site Reliability Engineer to discuss the evolution of Infrastructure Security and Compliance in 2026. Whether you're an SRE, Security Engineer, or DevOps Lead, this episode will challenge how you think about "secure" infrastructure.Transcript: https://www.scaletozero.com/episodes/iam-in-2026-from-anti-patterns-to-autonomous-ai-agents-with-advait-patel/Advait Patel: https://www.linkedin.com/in/advaitpatel93/Powered by: https://cloudanix.comAlso Available on our YouTube Channel: https://youtu.be/1dchqWnt1hAKey Discussion Points are as Follows:00:00 Introduction07:40 Real-world Challenges of Infrastructure Security and Compliance11:20 Automating Security Checks and Avoiding Bottlenecks13:25 Security Impact of IAM Implementation17:28 Architecting an IAM Program in 202619:38 KPIs to Measure the Effectiveness of Security Implementations22:48 Measuring the Decision Quality25:12 Most Common IAM Anti-Patterns29:40 AI Agents for Automated Root Cause Analysis of IAM Failures33:27 Will AI Agents go Fully Autonomous?35:40 Using AI to Bypass IAM Security39:14 Cloud Security Trend From 2012 Should Die42:33 Future of AI Cloud Security44:14 Summary45:24 Learning Recommendations

Is the security impact of AI being underrated, or are we worrying about the wrong risks? In this episode, we sit down with a Security Analyst to bridge the gap between high-level security consulting and the deep-trench reality of day-to-day defense.#Cybersecurity #SecurityAnalyst #CISO #AISecurity #SecurityResearch #Infosec #CareerRoadmap #SecurityLeadership #TechPodcast #ScaleToZeroPowered by Cloudanix: https://www.cloudanix.comYouTube: https://www.youtube.com/@cloudanix00:00 Introduction04:55 AI Security Risks Organizations are Worried09:00 Security Impact of AI - Underrated?11:33 Challenges of Security Leaders18:00 Cybersecurity Perspective of a Consultant vs. Analyst22:10 Beliefs vs. Reality in Security Practices23:53 Development of a Security Research Document31:40 Challenges of Leaders Implementing Security Research Notes36:22 Roadmap for Aspiring CISOs and Security Leaders42:22 Learning Recommendations

In this episode of ScaleToZero Podcast, we sit down with a Product Security Engineer to discuss the delicate balance between robust security, user experience, and developer velocity.From identifying red flags in security reviews to using AI for point-in-time vulnerability assessments, we cover the tactical moves that early security teams need to make today.The landscape is shifting from "Security vs. Engineering" to "Security + Engineering." If you're an early security team looking to leverage AI to punch above your weight class, this episode is a must-listen.YouTube: https://youtu.be/wv_1NZkv9bsCloudanix: https://www.cloudanix.com00:00 Introduction03:40 Developer-friendly Security in Practice07:22 Minimizing Friction between Security and Engineering09:15 Navigating the Trade-offs between Security and User Experience11:32 Red Flags in Third-Party Security Reviews and Internal Security Reviews19:00 Point-in-Time Vulnerability Assessments using AI21:35 Managing Malicious Updates without Manual Reviews24:55 Communicating Third-Party Security Risks to a Product Manager28:50 Improving Product Security using AI for Early Security Teams33:20 AI Performing Critical Security Job Functions35:27 Patching AI Prompt Injection Attacks41:05 AI Integration and Reshaping Security Landscape46:04 Summary#ProductSecurity #DevSecOps #AppSec #Cybersecurity #AISecurity #ProductManagement #DeveloperVelocity #TechLeadership #ScaleToZero

In this episode, we sit down with a veteran Security and Cloud Infra Leader to deconstruct the architecture of modern workload monitoring and the emerging risks of AI-driven connectivity. We dive deep into eBPF—the technology providing "invisible" observability—and the security implications of MCP (Model Context Protocol) servers in the enterprise.Whether you're an infra lead or a security engineer, this episode provides the technical depth to help you stay ahead of the curve.Also available on YouTube: https://youtu.be/iCfEJlgXFBU00:00 Teaser and Introduction04:12 Architectural differences between Agentless and Agent-based scanning07:50 Losing security signals in case of Agentless scanning09:23 Challenges of Agent-based scanning10:45 Vendor checklist for production release11:45 Noisy neighbour challenge and customer application14:52 Securing large agent-based vendor machines16:40 Use of eBPF for invisible workload monitoring19:17 Securing the eBPF21:00 Does eBPF solve the stability and performance risks?23:25 Security risks when LLMs use MCP servers27:16 Detect and Avoid MCP in an organizational environment32:32 Why use eBPF for security MCP?35:10 Using eBPF to run local servers in a secure way37:00 Can eBPF secure data leaks to AI models?41:19 Justifying stakeholders for using kernel-level security43:25 Evangelizing a security-first mindset44:50 Starting point for developer-led security using eBPF46:30 Learning recommendations47:10 Summary#eBPF #CloudSecurity #AISecurity #MCPServer #DevSecOps #AgentlessScanning #CloudInfrastructure #InfoSec #CybersecurityPodcast #LLMSecurity #KernelSecurity

What does it take to build a company that redefines how we look at engineering reliability? In this episode, we sit down with the Founder of Last9 to peel back the curtain on the journey from a single "Aha!" moment to a scaling enterprise.We move beyond the pitch deck to discuss the raw reality of building a startup, the mental models for engineering leadership, and what Vision 2026 looks like in the age of GenAI.Transcript: https://www.scaletozero.com/episodes/the-last9-story-scaling-engineering-gtm-strategy-and-the-reality-of-overnight-success/Cloudanix: https://cloudanix.com/YouTube: https://youtu.be/a955CYXLRdg00:00 Introduction of Nishant Modak03:00 Birth of Last906:40 The "Aha" moment13:00 How is Last9 different?19:10 Building blocks of Last924:20 The Moments of Overnight Success33:05 Go To Market Strategy41:40 Mental Model to Separate Administration and Engineering46:00 Engineering vs Selling49:40 Hard things of hard things, which gave results over time55:00 Vision 2026 with GenAI58:04 KPIs that helped in scaling01:01:25 Personal learnings and life#StartupStory #FounderJourney #EngineeringLeadership #Last9 #GTMStrategy #Entrepreneurship #SRE #Reliability #GenAI2026 #ScalingStartups #techpodcast

This episode is a masterclass in modern cloud architecture and the fast-evolving world of AI security. In episode 103, we sat down with a Senior Security Engineer (CISSP) to break down the architectural nuances of AWS vs. GCP IAM and how security roles are evolving in 2026. From mastering cross-account access to defining data perimeters for AI training models, this episode is a deep dive into the technical and strategic layers of cloud-native security.YouTube: https://youtu.be/Y_OCpI8LJb4Transcript: https://www.scaletozero.com/episodes/aws-vs-gcp-iam-architecture-the-future-of-security-in-2026-with-sneha-malshetti-cissp/Sneha Malshetti: https://www.linkedin.com/in/sneha-malshetti/Fearless Organization: https://www.amazon.in/Fearless-Organization-Psychological-Workplace-Innovation/dp/1119477247TLSHandshake Deep Dive and decryption with Wireshark: https://www.youtube.com/watch?v=25_ftpJ-2MECloudanix: https://cloudanix.com/00:00 Introduction04:30 Architectural differences between AWS and GCP IAM08:40 Best practices to approach IAM in AWS and GCP11:00 Achieving centralized identity federation for a consistent user experience13:45 Manage cross-account access securely in AWS vs GCP14:40 Balancing RBAC for large organizations18:00 Automation and Auditing recommendations for IAM21:42 Managing access for large organizations23:55 Monitoring Privileged Access27:20 Balancing Security and Speed30:19 Data Perimeter boundaries and their importance34:20 How have security functions transformed in the AI world?36:55 Will AI replace Humans?38:15 Managing sensitive data used to train AI models42:42 Security Trends in 202645:48 Summary46:48 Learning Recommendation

What are the security weaknesses that everyone overlooks, and how is the rise of AI changing the risk calculus? We sat down with a Senior Director of Security and Compliance to discuss strategic defense, from securing human capital to implementing Zero Trust for AI systems.This episode is essential for CISOs, security leaders, and compliance officers navigating the volatile landscape of modern risk.How does AI work: https://blog.hubspot.com/marketing/how-does-ai-workYouTube: https://youtu.be/feudnGhDZ78Transcript:https://www.scaletozero.com/episodes/zero-trust-ai-human-risk-a-guide-to-future-proofing-security-with-james-cash/00:00 Introduction05:08 Significant security weaknesses often overlooked10:25 AI SBOMs and Security14:10 Biggest risks in security from AI systems16:31 Ensuring AI systems are secure and responsible20:55 Zero Trust AI Systems for Internal and Third-Party Teams24:20 Evolution of Risks with Rise in AI27:15 Evaluating between Traditional vs. AI SaaS provider33:50 Keeping Stakeholders' interests in Security39:21 Responding to Insider Threats45:45 KPIs for Human Risk Management49:41 Summary50:51 Learning recommendations

In modern, fast-moving organizations, security is a shared responsibility, not a silo. We sat down with a Staff Security Engineer who operates at the intersection of development speed and security integrity to explore what truly defines a strong security program.This episode offers essential advice for leadership, engineers, and recruiters, covering everything from core culture to the risks of new AI models.Also available on YouTube: https://youtu.be/2ut2GQPWA4I00:00 Introduction05:41 CyberArk Acquisition07:40 Top 3 Elements of Building a Strong Security Culture10:50 Good Engineering is Security Engineering13:20 Why do organizations face challenges in achieving a security culture?16:54 Moving Fast - Startups vs. Large Enterprises19:08 Addressing challenges - Startups vs. Large Scale Companies23:00 KPIs to Show Security Progress26:16 Security Teams as Enablers32:57 Right Mindset for Security Engineering36:36 Hiring the Right Security Talent38:31 Addressing Non-Deterministic Nature of LLMs43:13 Trade-Offs of Implementing Bias in Alert Triaging Systems46:11 Training an Agent for Catching Malicious Attacks48:35 Summary49:35 Learning Recommendations

The shift from static data centers to dynamic Kubernetes workloads changes everything about security. In this essential episode, we sit down with an industry leader—an ex-vCISO, OWASP contributor, and founder of a new firm—to break down the new rules of cloud-native defense.If you are dealing with short workload lifecycles, balancing security with velocity, or figuring out the true impact of AI on your role, this is a must-watch.YouTube: https://youtu.be/J0asVeOCAggDinis Cruz: https://www.linkedin.com/in/diniscruz/Host: https://www.linkedin.com/in/mpurusottamc/Cloudanix: https://www.cloudanix.com/00:00 Introduction and Teaser03:00 Minset Shift - From Static Servers to Kubernetes Workloads06:05 Challenges of Shifting From Traditional Data Centers to Serverless08:35 Balancing Security and Other Business Priorities14:20 Varying Cloud Costs and Managing Security Compliance19:19 Logging and Monitoring - How to prioritize effectively?23:34 Identity and Access Management for Short Workload Lifecycles28:49 Leveraging Generative AI for better Security Engineering38:12 Anticipating Attacker Mindset and Defending Your Cloud Environments45:36 How will AI evolve security roles in general?52:17 Summary53:03 Learning Recommendations from the guest

Have you ever wondered what it takes to drive successful partnerships in the AWS ecosystem? In this episode, we sit down with Lalit Khatter, a Senior AWS Partner Solution Architect, who gives us a deep dive into his dynamic role and the strategies that help AWS Partners thrive.Lalit shares his journey from Software Engineer to PSA and reveals the essential traits of a successful AWS Partner.Whether you're an aspiring PSA, a business leader at an AWS Partner, or simply curious about the engine that drives cloud adoption, this podcast offers unparalleled insights!00:00 Teaser and Introduction03:57 Role of a Partner Solution Architect and their day-to-day08:15 Why Partner Solution Architect as a job role?19:52 Transition from software engineer to AWS PSA23:22 How would a SI company work with Lalit for partnering with AWS?31:04 Trait of a successful partner38:40 AWS programs that help partners get visibility to prospective customers41:58 Aha moment after getting started with the AWS partner environment48:08 Scaling with AWS Marketplace01:03:05 Amazon Pace and Ambassador Program: Hand-in-Hand01:06:23 AWS Ambassador Program and how to invest in it01:10:20 Business Outcome Accelerator (AWS BOX)01:22:53 Weekends of Lalit Khatter01:28:40 Next 5 years of AWS Partner programs01:33:01 Stuff about Lalit

How do you keep pace with AI adoption without compromising your security standards? We sat down with a Security and Privacy Engineering Manager to tackle the toughest challenges facing modern DevSecOps teams and C-Suite leaders today.This episode is packed with practical strategies on integrating security early and effectively. We dive deep into:00:00 Teaser and Introduction05:35 The real Challenges of Integrating Security into SDLC08:35 Embedding Security Into Developer Workflows12:09 Balancing Security & Velocity: Advice for the C-Suite16:11 Aligned Autonomy: How Enterprises Balance Security & Freedom20:46 AI Adoption is Fast- Security is Playing Catch-Up24:46 The Biggest Misconception About AI Security27:26 Defense-in-Depth for Securing AI Workloads31:27 Evolving Defenses Against Sophisticated AI-Driven Attacks35:04 AI-Driven Transformation in Security Operations and Testing38:15 Human-in-the-Loop: Why SOC Analysts Remain Essential in the AI Era41:25 Summary42:20 Learning RecommendationImportant LinksAshish Bhadouria: https://www.linkedin.com/in/ashishbhadouria/ScaleToZero: https://scaletozero.com/Cloudanix: https://scaletozero.com/Purusottam: https://www.linkedin.com/in/mpurusottamc/Art of War: https://www.amazon.in/Art-War-Sun-Tzu/dp/8184950888TLDR Sec: https://tldrsec.com/Pragmatic Engineer Blog: https://blog.pragmaticengineer.com/

What does it really take to build a security program that stands up to modern threats? In this episode, we sit down with Ashish Garg, Founder of RIGA Cyber, to move beyond the frameworks and discuss what matters most: people.You can also watch on YouTube: https://youtu.be/99AzjI-RKTYWe cover the essential strategies for any security leader looking to build a resilient, proactive security culture. We dive into:00:00 Teaser and Introduction06:12 Making Security Everyone's Responsibility11:23 Tailoring the Story: Communicating Security Across Audiences15:38 Building a Proactive Security Program: Beyond Frameworks19:38 Overcoming Stakeholder Hurdles: Building Trust Through Alignment23:26 Bridging the Gap Between Security and Engineering28:06 Measuring Trust and Providing Security Value37:34 From Engineering to Security Leadership: The Power of Mentorship & Alignment42:03 Avoiding Burnout as a Security Leader: Prioritize & delegate44:45 AI in Security: Hype, Risk & Real Use Cases51:25 Summary52:10 Learning Recommendation#Cybersecurity #SecurityLeadership #ProactiveSecurity #InfoSec #CybersecurityPodcast #SecurityCulture #AIinSecurity #CISO #SecurityEngineering #CorporateSecurity

Ever wonder about the security risks lurking behind your favorite AI tools? In this episode, we sit down with Shweta Thapa, Security Specialist Solutions Architect from AWS, to demystify the complex world of GenAI and traditional application security.Transcript: https://www.scaletozero.com/episodes/designing-security-for-genai-with-security-specialist-solutions-architect-shweta-thapa/Guest: https://www.linkedin.com/in/shwetast/Host: https://www.linkedin.com/in/mpurusottamc/Cloudanix: https://cloudanix.com/We'll cover 9 critical topics that every tech professional, business leader, and security enthusiast needs to know. Get ready to learn about:00:00 Teaser and Introduction05:01 Fundamentals of Designing Security for GenAI and Traditional Applications09:00 Control of Shared Responsibility Model: LLM Provider vs. Consumer12:25 Top Five Security Checks for GenAI System 17:39 Securing GenAI Outputs: Trustworthy vs. Toxic Content22:03 Synthetic Data: Helpful or Harmful24:16 Validating AI Output: Monitoring, Context & Human Judgment28:07 Strategic Advisory Questions to Ask Stakeholders When Investing in GenAI Application31:22 Misconceptions of Security Leaders about GenAI Security35:56 Getting Started with GenAI: Startups vs. Enterprises43:50 Summary45:00 Learning Recommendation

What does it truly take to lead security and GRC in today's complex, high-stakes environments? It's about much more than just technology—it's about building trust, creating champions, and acting as an enabler, not a blocker.In this powerful episode, we sit down with [Guest Name], a seasoned Fractional CISO and Cybersecurity Advisor. With their extensive experience, we'll dive into the real-world lessons learned from bridging the gap between security teams and the rest of the business, and how to turn GRC from a requirement into a strategic advantage.00:00 Teaser and Introduction07:24 Security and Compliance Debate09:55 How are Security and Compliance not different from each other?11:17 Security challenges evolved over the years - from data centers to AI14:10 Challenges of aligning security strategies within enterprises16:53 Tips to build trust and create security champions21:00 How do you support and educate others around you?23:05 How have security engineering and leadership roles helped you evolve?25:35 Security teams working closely with other business teams28:45 Security leaders being open to security teams31:40 GRC maturity levels in organizations today34:50 Implementing GRCs more efficiently38:32 Reducing friction between security and other business teams42:48 Security teams as enablers and not blockers47:49 Scenario where your leadership was tested53:23 Summary54:16 Learning recommendations

The role of a CISO is evolving at an unprecedented pace. It's no longer just about technical defenses; it's about leading multidisciplinary teams, understanding business strategy, and navigating the profound impacts of emerging technologies like AI and Quantum Computing.In this episode, we sit down with Patricia Titus, a seasoned Field CISO, to break down what it takes for today’s security leaders to become the multidisciplinary strategists of tomorrow. We explore how to move beyond traditional security models and embrace a future where security is a core business enabler.Watch the episode on YouTube: https://youtu.be/s6475pSgSxc00:00 Introduction04:45 From Learning AI to Secure Deployment08:25 Cross-Disciplinary Teams & the CISO's Co-Leadership Role10:05 Will AI impact only GRC or a broader area?13:29 Governance frameworks for CISOs before deploying workloads17:35 Establishing & Measuring AI Governance Frameworks20:50 Behavioral AI: Cultural shifts required to build a security mindset25:20 Measuring the effectiveness of Behavioral AI30:57 How security leaders can stay ahead in the AI native security world?33:27 Non-technical Skills for Future CISOs in the AI world35:52 Areas of expertise today's CISOs must actively cultivate39:48 Explaining the importance of AI and Quantum to stakeholders44:57 Summary45:45 Learning recommendations from Patricia

Join us for an inspiring and incredibly practical conversation with Faraz Khan, a seasoned AWS Marketplace Leader who shares invaluable insights from a career dedicated to sales, relationships, and driving business growth. This isn't just about tech; it's about the human element of sales, the power of partnerships, and navigating massive commercial opportunities.Faraz Khan: https://www.linkedin.com/in/m-faraz-k-4842883/Sujay Maheshwari: https://www.linkedin.com/in/sujaymaheshwari/0:00 Teaser and Introduction6:50 Sales and Relationship Learnings at Oracle Middle East11:20 Getting into Sales Life14:50 Cracking a $3 Million Deal18:08 Identifying Sales Personality Within People and Coaching Them22:10 Leaving Middle East and Shifting to India26:35 Understanding AWS Marketplace32:30 Getting Successful at AWS Marketplace40:50 Helping Understand AWS Marketplace Co-Sell to Early Adopters47:50 Wisdom for AWS Marketplace Skeptics52:55 Maneuvering AWS Marketplace and Its Different Areas59:30 Faraz Dislikes Some Aspects of His Job01:04:19 Problems Solved with AWS Marketplace India Launch01:07:35 Faraz's Life And A Day in His Life01:11:55 Faraz as a "Shayar" ("Poet") and Life Recently

Embark with us on a crucial journey into the world of Zero Trust with our guest Uttej Badwane, a seasoned Senior Security Engineer. In this episode, we'll demystify Zero Trust for organizations just getting started, dive into practical implementation steps, and explore the cutting-edge intersection of Zero Trust and Artificial Intelligence.This episode is indispensable for security leaders, engineers, architects, and anyone keen on building resilient, future-ready security postures. Don't forget to Like, Share, and Subscribe for more expert insights!Cloudanix: https://www.cloudanix.com/Zero Trust Security: https://www.cloudanix.com/learn/what-is-zero-trust-securityUttej: https://www.linkedin.com/in/uttej-badwane/00:00 Teaser and Guest Introduction03:55 Defining Zero to Zero Trust for organizations getting started08:48 Steps to evaluate and implement a zero-trust model12:34 Multi-factor Authentication, or Micro-segmentation, or Zero Trust17:38 Challenges of implementing a zero-trust framework25:58 Is Zero Trust a right fit for you?30:24 Balancing organizational complexities and zero-trust implementation35:17 IAM recommendations for a robust zero-trust implementation42:05 Staying on top of operational complexities with practical governance steps48:52 Role of AI in Zero Trust Architecture54:54 How will zero trust models change if servers are running AI agents?58:29 Learning recommendations from Uttej

Join us for a deep dive into the evolving landscape of cybersecurity with Stephen Kuenzli, an accomplished former Senior Security Architect and now the founder of a leading cybersecurity/cloud security company. In this episode, we cut through the noise to discuss practical, real-world strategies for Identity and Access Management (IAM) and confront the revolutionary impact of AI on our security programs.This episode is a must-watch for CISOs, Security Architects, Cloud Security Engineers, and anyone looking to navigate the complexities of modern IAM and the AI-driven future of cybersecurity.Watch on YouTube: https://youtu.be/96sztTdlN0000:00 Teaser and Guest Introduction06:40 IAM misconceptions blocking organizations from scaling09:10 How to fix IAM misconceptions?14:12 Practical example of self-serve security policy20:25 Getting started with IAM security in real-time24:47 Practical guide for building a better least privilege policy29:00 Your CSP tools to leverage for scaling Cloud IAM Security38:08 Emerging trends in security with the rise in AI41:10 Possible implications of AI in the world of security46:22 Challenges solved by a custom-built MCP server built by Stephen49:22 Impact on traditional security programs due to AI-based MCP servers55:05 Challenges of AI that security leaders should be aware of01:01:12 Summary01:02:08 Learning recommendations

Join us for a deep dive into the world of Cybersecurity Risk Management with seasoned expert Joseph Haske. Risk Manager, who brings a fresh perspective to navigating complex cyber challenges. In this episode, we unpack crucial topics that every security professional, leader, and stakeholder needs to understand.Transcript:Cloudanix: https://www.cloudanix.com/00:00 Teaser and Introduction03:54 Does non-tech experience help you in the field of security?07:39 Different perspective on the field of risk management with vast experience09:36 Qualitative vs. Quantitative Risk Management, who outgrows whom, and how12:29 Strengths and Weaknesses of the Qualitative and Quantitative Risk Framework14:00 Educating your teams to follow the right risk framework15:36 Fundamental differences between underlying philosophies and the FAIR framework18:00 Selecting the right framework for small and growing organizations19:47 Balancing the usage of Qualitative vs Quantitative risk approach23:00 Importance of the peer review process25:03 Challenges to implementing the FAIR approach27:27 Mitigating the challenges of implementing the FAIR approach29:37 Biggest misconception before starting a risk management program31:31 Future of risk management32:55 Preparing for the future of risk management34:31 Approaching the security challenges raised by new technologies like AI or quantum computing36:40 Building the right culture to drive a successful risk management program39:49 Summary41:00 Learning Recommendations

In this groundbreaking episode of the ScaleToZero podcast, we sit down with Brad Geesaman, a Principal Security Engineer, to explore the revolutionary impact of Agentic AI on Application Security. From the inspiration behind this cutting-edge field to the practicalities of building AI-powered solutions, we cover it all.This episode is a must-listen for CISOs, Security Engineers, CTOs, and anyone looking to understand how AI is redefining the future of AppSec.Transcript: https://www.scaletozero.com/episodes/ai-in-appsec-the-paradigm-shift-with-brad-geesaman/Brad: https://www.linkedin.com/in/bradgeesaman/00:00 Teaser and Introduction04:00 Inspiration to focus on Application Security using AgenticAI05:56 Understanding AgenticAI08:52 Agentic AI versus Traditional AI12:44 Paradigm shift of secure coding with the change of AI15:28 Importance of tool integration and standardization of AgenticAI for AppSec18:00 Standardization of Agent SDKs or NCPs20:22 Using AI to secure AI23:12 Are AI systems reliable considering their nondeterminism25:15 Considerations for adopting AI for AppSec29:54 Impact of AI on organizational structure for security32:27 Elements of AppSec with the least AI benefits36:10 What is Reaperbot42:42 Advantages and disadvantages of testing methods of Reaperbot45:00 Vision for Reaperbot in the near future48:00 Building trust within teams with the rise in these decision-making agents52:12 Recommendations for operations teams to avoid vulnerabilities or misconfiguration54:58 Considerations for the operations team when using AI systems for security purposes01:00:02 Summary01:01:05 Learning recommendations

In this insightful episode of the podcast, we speak with a seasoned Senior Cloud Security Consultant and Architect about a unique approach to security: minimalism. We explore how the principles of minimalist living can be applied to build leaner, more effective security strategies in the cloud and beyond.Whether you're a security leader, architect, or cloud enthusiast, this episode offers a fresh perspective on building robust and efficient security strategies.YouTube: https://youtu.be/plqzCwd1rUM00:00 Teaser and Introduction06:45 Minimalist living09:30 Applying the minimalist living approach to security16:30 Do organizations practice the basics of security?24:45 Investing early in security29:40 Balancing local and global security frameworks37:17 Best ways for startups to work with AWS and vice versa42:55 Educating global leaders to work with Indian customers48:50 Maximizing AWS Benefits for Startups56:19 How can India win in cyberspace?01:08:31 Learning recommendations

In this episode of the Scale To Zero podcast, we dive deep into the world of Security Champions with our guest speaker Bonnie Viteri, a seasoned cybersecurity expert. We explore how to build, scale, and maintain a thriving Security Champions program that truly makes a difference.Watch on YouTube: https://youtu.be/3bpNxeKmWugBonnie: https://www.linkedin.com/in/bonniebyer-viteri/ScaleToZero: https://www.scaletozero.com/Cloudanix: https://www.cloudanix.com/Here's what we covered:00:00 Teaser and Introduction03:15 Defining the role of a security champion04:45 Signals to identify a security champion when working with development teams06:00 Real life example of someone turning into an excelent security champion07:50 Why security teams at Yahoo are called paranoids?09:16 How does a security champion evolve over time?11:20 Principles of successful security champions program13:55 Scaling security champions program along with organization's growth16:28 North star for scaling security champions program19:14 Differences in building champions program at startup vr large orgs22:30 Aligning security champions program with business outcomes26:00 Metrics to show alignment and progress of security program28:55 Data driven security champions program for non-believers31:46 Keeping security champions program fresh and relevant34:28 Keeping individual security champions engaged and happy37:50 Tips to prevent burnout39:34 Examples of recognition and appreciation of security champions42:39 Bridging gaps between security teams and other business teams45:45 Challenges of fostering collaboration between security and other business teams48:28 Summary49:27 Learning recommendations

In this episode of the ScaleToZero podcast, we had an insightful conversation with Rowan Udell, an AWS IAM leader and security consultant, about the future of cloud security. We delved into critical topics like prohibiting human access to production accounts, maximizing ROI in IAM and policy management, and the role of Just-In-Time access. We also explored the impact of LLMs on IAM engineering and discussed practical strategies for minimizing attack surfaces in the healthcare industry. This episode is a must-listen for anyone responsible for AWS security and identity management.Watch on YouTube: https://youtu.be/r0eupMDCqB8#cybersecurity AWS #IAM #CloudSecurity #DevSecOps #JustInTimeAccess #LLM #SecurityBestPractices00:00 Teaser and Introduction05:45 Prohibiting human access to production cloud accounts12:00 Recommendations to prohibit human access to production accounts15:30 Strategy to maximize ROI in IAM and Policy Management19:00 Thoughts on the ability to create users and roles at will in the cloud23:19 What is Just-In-Time and its role in the cloud?30:14 Providing secure access to teams in the healthcare industry via IAM38:05 How organizations can keep the attack surface minimum41:51 Common misconfigurations seen with minimal fix44:22 Less-known features of AWS IAM with great impact48:30 Are LLMs a blessing or curse to IAM engineers?51:20 Shift of LLMs that IAM engineers should expect in 202555:35 Summary56:38 Learning recommendations

In our latest episode of the ScaleToZero podcast, we had a fascinating conversation with Anshuman Bhartiya, an AppSec Tech Lead and cybersecurity expert. We explored the intricacies of product security, including the challenges of implementation, building a strong security culture, and leveraging AI models for application security.Anshuman shared with us practical tips for balancing user experience with robust security measures and offered valuable recommendations for integrating AI into development processes. A must-listen for anyone invested in application security and the future of secure product development.Transcript: Website: https://scaletozero.com/Cloudanix: https://www.cloudanix.com/#podcast AppSec #ProductSecurity #SDLC #Cybersecurity #GenAI #SecurityCulture00:00 Teaser and Introduction04:19 Defining Product Security07:42 Challenges of implementing security10:28 Balancing the workflow with engineering and security teams with use-case15:38 Tools and processes to build secure SDLC processes19:47 Practical ways to build the right security culture22:45 Balancing user experience and security of a product with an example28:52 Catering to the third-party security ecosystem33:00 Key metrics to measure the effectiveness of the product security program39:11 Use of AI models to secure the application43:12 How GenAI has changed the world of product security46:30 Recommendations to appsec team for integrating AI into dev processes49:39 Summary50:49 Learning recommendations

Join us for an in-depth conversation with Jason Jordaan, a seasoned Principal Digital Forensics Analyst, as we unravel the complexities of modern digital forensics. In this episode, we have covered topics such as the most common digital evidence, cloud and mobile impact, essential skills, and the DFIR intersection. Whether you're a seasoned professional or just starting, this episode offers valuable insights into the dynamic world of digital forensics.YouTube: https://youtu.be/JPzgCTFm_j000:00 Teaser and Introduction08:55 Most common types of digital evidence encountered in investigations11:30 Impact of cloud computing and mobile devices in the field of digital forensics15:30 Key skills required in digital forensics19:01 Tackling most challenging aspects of digital forensics investigation24:03 Ensuring the chain of custody and authenticity of digital evidence29:05 Is the Digital Forensics job overwhelming33:50 Intersection of Digital Forensics and Incident Response39:45 Practical ways for organizations to investigate threats via digital forensics45:52 Challenges of investigating deepfakes and other forms of AI-generated content51:02 Advice for beginners interested in Digital Forensics57:00 Summary58:03 Learning recommendations on Digital Forensics

Join us as we delve into the world of threat detection with our expert guest Reanna Shultz, a renowned security leader and community builder.In this insightful podcast, we explore the critical challenges facing security teams today, including the need for real-time threat detection, the constant evolution of the threat landscape, and the importance of stakeholder buy-in. We also discuss strategies for breaking the detection-reaction cycle, leveraging AI/ML for enhanced detection, and the skills needed to thrive as a future detection engineer. This podcast is a must-watch for anyone interested in cybersecurity, threat intelligence, and the future of security operations.00:00 Teaser and guest introduction06:08 Importance of real-time threat detection in consumer electronics industry11:50 How to detect bad actors?16:07 Challenges faced by security teams to convince stakeholders about security21:14 Creating playbooks for threat detection27:45 Balancing threat detection with false positives in high-volume settings.31:13 Staying current with the fast-paced threat landscape.33:15 How to automate keeping up with the threat landscape?37:21 Breaking the detection-reaction cycle in cybersecurity40:32 Rubrik for SOC analysts to manage their stress levels46:55 Scaling programs to prioritize threat detection50:54 Detection-reaction to insider threats54:27 Tips to involve other business areas in security programs56:41 Impact of ML/AI on threat detection59:30 What does a future detection engineer look like?01:02:50 Is the industry moving to build its own SIEM systems?01:05:05 Summary01:06:55 Reading and learning recommendations from Reanna

In this insightful podcast, we explore the transformative impact of AI on the cybersecurity landscape. Join us as we discuss how AI can be leveraged to enhance threat detection, improve incident response, and augment human analysts. We also delve into the emerging risks and threats posed by AI, such as deepfakes and AI-powered attacks. Learn about the evolving role of human factors in cybersecurity and the essential skills security professionals need to thrive in an AI-driven world. Threat Modeling: https://www.cloudanix.com/learn/what-is-threat-modeling ScaleToZero website: https://www.scaletozero.com Cloudanix: https://www.cloudanix.com 00:00 Teaser and Introduction 06:40 How can AI be powerful for enhancing security? 11:22 Emerging risks and threats that AI can introduce 14:22 Role of human factors in deepfakes 20:20 How can AI augment human analysts? 26:50 Leveraging AI for prevention and prediction of cyber attacks 28:31 New skills security professionals require in an AI-driven world 30:52 How do cybercriminals exploit humans? 34:00 How should organizations face insider threat attacks? 40:55 Evolving teams from awareness to taking a proactive security approach 44:00 KPIs to measure implemented security practices 48:42 Protecting data from generative AI tools and maintaining data confidentiality 53:58 Summary 54:49 Learning recommendations

Join us as we delve into the critical role of security awareness programs in building a strong security posture.In this insightful podcast episode with Mauricio Duarte, our host Purusottam has discussed the challenges faced by security awareness program managers, the importance of tailored training, and effective methods for delivering engaging and impactful training. We also explore incident response best practices, including measuring effectiveness and leveraging incident data for continuous improvement. Finally, we offer valuable advice for managing stress and burnout within security leadership roles. 00:00 Introduction of Mauricio Durate 08:55 Role of security awareness program manager in an organization 10:00 Challenges faced by the security awareness program manager 11:50 Challenges faced in maintaining security awareness program 14:35 Phishing simulation training programs 21:46 Tailoring security programs to different business stakeholders 24:40 Effective methods of delivering security awareness program 27:27 Ensuring the effective of security awareness training programs 30:57 Determining the severity of the Incident 34:24 Ensuring the least threats to organizational assets during an incident 36:14 Leveraging incident response information for deeper analysis 38:24 Measuring the effectiveness of incident response plan 41:55 How can security culture teams and incident response teams go hand-in-hand 45:54 Tips for burnout and stress caused within security leadership roles 51:45 Summary of episode learnings 52:52 Learning recommendations from Mauricio

Join us as we delve into the world of incident response with our guest expert Giorgio Peticone, a seasoned incident detection and response consultant.In this insightful podcast, we explore real-life incident scenarios, key components of a robust incident response plan, and the critical importance of team collaboration and effective communication. Learn valuable lessons from past incidents, discover how to navigate the challenges of shifting from detection to containment, and gain insights into managing stress and burnout within the incident response team. 00:00 Teaser and Introduction 06:30 Real-life experience of a security incident 09:36 Lessons learned from security incidents 12:47 Key components for building an incident response plan 16:51 Testing and validating an incident response plan 23:46 Team collaboration challenges faced during an incident 27:47 Team collaboration challenges before and after an incident has occurred 31:55 Shift from detection to containment 37:35 Challenges faced when shifting focus from detection to containment 42:00 The Most challenging phase of an incident response 44:50 Approaching a client who recently faced an incident 49:35 Role of automation in improving the efficiency of incident response 52:30 Ensuring automation does not compromise security 55:00 Role of Human Analysts in Incident Response 58:08 Managing stress and burnout after an incident response 01:02:14 Advice for upcoming incident response leaders 01:07:07 How not build a detection engineering capability in an organization? 01:09:55 Summary 01:10:50 Learning recommendation from Giorgio ScaleToZero: https://scaletozero.com/ Cloudanix: https://www.cloudanix.com/

Join us as we delve into the complex world of cybersecurity with our guest Ross Young, a seasoned CISO. In this insightful podcast, we discuss the challenges faced by CISOs, including burnout, leadership, and communication. Learn how to navigate the complexities of cloud security, prioritize vulnerabilities, and stay ahead of emerging threats. We also explore the impact of generative AI on security and the importance of a strong security culture. 00:00 Teaser and Introduction 06:00 73% of CISOs in the world feel burnout 08:03 How to handle burnout 10:27 Where do next-generation CISOs lack? 12:43 Must have leadership skills for CISOs 16:00 Communicating complex problems with different teams 19:40 Implementing cloud security in an organization for the first time CISO 26:27 Major pain points for CISO and Security Leaders 27:55 Generative AI and its Impact on Security 31:22 Vulnerability management program for supply chain security 39:52 Are you prioritizing the right vulnerability? 42:48 Staying on top of emerging vulnerabilities 45:00 Security at government org vs private sectors 47:37 Keeping the right balance between compliance and real risks 50:28 Summary of the podcast 51:45 Learning recommendation from Ross

Join us as we delve into privacy engineering with our guest speaker Apoorvaa Deshpande, a seasoned privacy expert. Apoorvaa is currently a Senior Privacy Engineer at Google Cloud, working on privacy design, privacy-enhancing technologies (PETs), and data governance for AI. Prior to that, she was a tech lead at Snap Inc., leading the design and execution of several innovative PETs. Before that, she completed her PhD in Computer Science (cryptography) from Brown University. In this insightful podcast, we explore the fundamental concepts of privacy by design and privacy engineering, the tools and techniques used to implement privacy-enhancing technologies (PETs), and the challenges and opportunities in this field. Discover how to balance user experience with privacy, the risks of building AI-powered features, and the future of privacy engineering. 00:00 Teaser and Introduction 08:10 What is Privacy Engineering? 13:15 Tools and types of libraries used by privacy engineers 15:25 Privacy by design vs. Privacy engineering 20:59 Implementing the concepts of privacy by design 24:00 Privacy Enhancing Technologies (PETs) 29:29 Case studies of PETs 36:42 Does privacy add friction to development teams? 43:00 Keeping balance between user experience and privacy 48:30 Designing privacy to encounter decision fatigue 50:58 Biggest Privacy Vulnerabilities available today 55:08 Risk of building AI-powered features 57:40 Future of Privacy Enhancing Technologies 01:01:30 Open source Proactive Privacy Solutions 01:03:37 Summary 01:04:30 Keeping a balance between Security, Developer productivity, and experience 01:06:45 Tips to handle work burnouts 01:09:00 Learning resources

Join us as we delve into the world of cloud pen-testing with our guest Scott Weston, a seasoned cybersecurity expert. In this insightful podcast, we discuss the development of GCPwn, a powerful tool for identifying vulnerabilities in Google Cloud Platform (GCP) environments. Learn about the tool's capabilities, limitations, and future roadmap. We also explore the broader landscape of cloud security, including the shared responsibility model, common misconfigurations, and the importance of continuous learning. Whether you're a seasoned security professional or just starting your journey, this podcast offers valuable insights and practical advice. Shared Responsibility Model: https://www.cloudanix.com/learn/what-is-shared-responsibility-model 00:00 Teaser and Introduction 04:35 Introducing self-developed tool GCPwn 07:30 Is GCPwn an active or passive pen testing tool? 08:47 Envisioning GCPwn for users 10:15 Areas GCPwn does not suit well 12:16 Future Roadmap of GCPwn 13:41 AWS Pwn landscape after year 2016 15:51 Describing Shared Responsibility Model 19:20 Security considerations of cloud platforms as a cloud pentester 22:25 Are pentesting certifications enough? 28:07 Common cloud misconfiguration to look for 35:26 Tools to get started with pen-testing 38:38 Cloud platforms to focus on as a beginner 41:30 Where to get started as a cloud pentester 44:00 Learning resources 53:29 Summary 54:30 Reading and other recommended resources

Join us as we delve into the world of Zero Trust security with Dr. Natalia Semenova, a seasoned cybersecurity expert. In this insightful podcast, we discuss the key differences between Zero Trust and traditional defense approaches, the challenges organizations face in adopting Zero Trust, and practical strategies for overcoming these hurdles. Learn how to prioritize security areas, gain buy-in from stakeholders, and provide secure data access in remote-first cultures. We also explore the importance of security maturity models, the levels of maturity, and how to map them to your overall security architecture. Discover the latest trends in AI security and how to get started with threat modeling. 00:00 Teaser and Introduction 06:05 Defining Zero Trust 07:40 Zero Trust vs. Traditional Defence Approach 10:25 Challenges of Adopting to Zero Trust Architecture 12:23 Overcoming the Challenges of Zero Trust 15:00 Getting Started with Zero Trust Journey 17:00 Prioritizing Security Areas and Approaching Stakeholders for Buy-In 20:15 Providing Data Access to the Teams Working in Remote-First Culture 23:25 Introducing Security Maturity Models 25:27 Levels of Security Maturity Models 28:17 Mapping the Levels of Security Maturity Models to Overall Security Architecture 31:50 Additional Frameworks that Expert Follows 33:44 How security leaders can transition to the AI Security domain 37:27 Getting Started with Threat Modeling 39:51 Summary 40:51 Learning Recommendations

Are you struggling to navigate the complex landscape of cloud security? Our latest podcast episode features Richard Stiennon, a seasoned cybersecurity expert who shares invaluable insights and practical advice. From vendor selection to multi-cloud strategies and beyond, this podcast covers it all. YouTube: https://youtu.be/XVcXBZVgfeA 00:00 Teaser and Introduction 05:58 Key factors to evaluate cloud security needs - vendor selection. 14:29 Key considerations in case of multi-cloud environments. 16:34 Common mistakes organizations make while evaluating cloud security platforms. 18:18 Showing security tool values to business leaderships. 20:57 How to avoid mistakes and get better at tool selection process. 22:53 Do Gartner Leader Reports add value to CISOs? 26:44 Are partnerships between security vendors and insurance companies worth it? 30:38 What to look for in vendor support and training resources? 32:02 Impact of Agile methodologies on vendors as well as customers. 35:42 Right time to invest in Zero Trust Security. 39:35 Observations of sophisticated attack on Solarwinds. 43:50 Preparing for emerging threats in security space. 46:25 Burnout and stress in CISO's life and How to handle. 50:10 End of IDS (Intrusion detection system). 57:24 Summary 58:19 Learning recommendations from Richard. 59:54 Thank you and Closure

In this episode of the ScaletoZero podcast, we have discussed how to build a resilient cloud security posture with cybersecurity expert Hilal. We have also covered some of the important areas of incident response like incident response teams, planning, tools, vulnerabilities, the role of AI, and more. Discover expert insights and best practices. Watch complete episode on YouTube: https://youtu.be/ydA82eUXmA0 00:00 Teaser and Introduction 07:17 Structuring incident response teams to effectively handle cloud-based incidents. 09:57 Developing and maintaining a comprehensive incident response plan. 12:35 Tooling or processes should be in-house or outside of the organization? 15:51 Top 3 areas to define security controls around vulnerabilities or incidents. 19:01 Practical example of handling an incident response. 24:24 Lessons Learned from a security incident. 26:35 Scrutinizing an open-source library. 30:09 Continuous monitoring for AWS and multi-cloud organizations, and effectiveness of OSS in it. 35:35 Use of Generative AI to generate incident response playbooks and other security challenges. 42:28 Staying updated in the threat landscape and using generative AI in it. 45:46 Skills and expertise required in high-performing detection engineering teams. 48:41 Handling stress and burnouts. 52:44 Summary 53:26 Learning recommendations from Hilal for security leaders.

In this episode of ScaletoZero podcast, join us for an insightful exploration of the role of generative AI in cybersecurity. Discover the challenges it presents for practitioners, the importance of explainability and privacy, and the limitations of traditional cybersecurity frameworks. Learn how to harness the power of AI while mitigating inherent risks and ensuring a robust security posture. 00:00 Teaser and Introduction 05:38 Role of generative AI in cybersecurity. 10:54 Generative AI - A challenge for cybersecurity practitioners. 12:32 Concept of Explainability and its importance when it comes to generative AI. 17:02 Designing AI-powered security solutions to respect user privacy. 21:07 What is Differential Privacy and its role in generative AI. 30:15 Cybersecurity frameworks fall short when it comes to inherent cybersecurity risks. 34:53 Consequences of organizations solely relying on cybersecurity frameworks. 39:11 Key considerations to prioritize when addressing inherent cybersecurity risks. 44:50 Cybersecurity vs. Risk Management vs. Privacy. 46:50 Summary 47:47 Rating Security Practices Section

In this episode of the ScaletoZero podcast, discover the transformative potential of auto-remediation in cloud environments. Learn how to prioritize remediation activities, measure their impact, and choose between IaC and auto-remediation. Explore the challenges and benefits of implementing auto-remediation, and gain valuable insights from a seasoned expert Lily Chau. 00:00 Introduction and teaser 04:27 Role of auto-remediation in cloud security program 07:21 Benefits of auto-remediation 08:37 Factors to consider in prioritizing auto-remediation 13:09 How to measure the impact and ROI of remediation activities 15:22 IaC or Auto-remediations - where to focus? 19:24 How to avoid security mishaps? 21:10 Better alternatives to auto-remediation 22:45 Challenges of designing and implementing auto-remediation 25:35 Stakeholders involved in implementing auto-remediation 27:06 Recommendation for organizations implementing auto-remediation 29:30 How to stay updated on new security vulnerabilities 31:10 Future of auto-remediations 33:25 Challenges of AI in security space 35:50 Cybersecurity framework that has helped Lily 37:18 Summary 38:15 Rating Security Practices Section

In this episode of ScaletoZero, Join us for an in-depth exploration of IAM, a critical component of cloud security. Discover key considerations for setting up IAM, common vulnerabilities, and best practices for securing remote access and sensitive data. Learn how to balance compliance with effective security, evaluate the right solutions, and promote a security-conscious culture within your organization. Transcript: https://www.scaletozero.com/episodes/demistifying-identity-and-access-management-with-john-giglio/ What is IAM: https://www.cloudanix.com/learn/what-is-iam 00:00 Teaser and Introduction 05:00 Defining Identity and Access Management. 07:31 Key things to consider before setting your IAM. 09:30 Different ways access permissions may get compromised. 13:30 Other recommendations where security can be enforced. 15:20 Providing access in a remote-first environment. 19:10 Ensuring data security in a remote-first environment. 21:27 Approaching the secure management of secrets and keys in the cloud, considering the shared responsibility model. 25:52 Right time to use custom keys and cloud provider-provided keys. 27:36 Balancing between checkbox compliance and deep security program. 30:35 Evaluating the right security solution. 32:32 Using security baselines to promote security culture within the organization. 35:58 Using threat intelligence to improve the security baselines. 37:56 How can security leaders handle burnout and stress? 45:00 Summary 45:55 Rating Security Practices

Join us for a thought-provoking discussion on the intersection of security and human behavior. In this episode of the ScaletoZero podcast, we have discovered how psychological factors contribute to cybersecurity risks, and learn effective strategies to mitigate them. From understanding security fatigue to leveraging user behavioral analytics, this episode offers valuable insights for building a more resilient security posture. 00:00 Teaser, Introduction, and more. 07:20 Biggest human behavioral factors contributing to cybersecurity risks. 09:35 Leveraging human psychology to understand employee behavior for security incidents. 12:45 Understanding the concept of security fatigue. 15:40 Spreading awareness of the shared responsibility model in other business units. 19:00 Tactics to develop effective security awareness programs. 24:40 Developing security architecture keeping human behavior in mind. 27:15 Leveraging User Behavioral Analytics to identify potential security incidents. 30:15 Concept of user-friendly security, its importance, and more. 36:40 Getting prepared for phishing attacks or social engineering attacks. 39:19 How to react in case of attacks? 43:05 How can security professionals handle burnout? 46:05 Future plans of our guest (Cassie Clark) 48:05 Summary 48:57 Rating Security Practices section

In this episode of ScaletoZero, join us as our host delves deep into the world of cloud security with a senior security engineer - Kushagra Sharma from Booking.com. Discover how to define security boundaries, leverage threat intelligence, and foster a security-conscious culture. Learn practical strategies for implementing permissions boundaries and balancing security with business agility. Tune in to build a rock-solid cloud security foundation! Watch on YouTube: https://youtu.be/-01jHIMRR2I 00:00 Teaser, Introduction, and Setting the stage 05:20 Defining security boundaries and baselines in a cloud environment. 08:15 Utilising concepts of security boundaries for creating a strong security foundation. 10:45 Leveraging threat intelligence for building and improving security baselines. 14:55 Promoting security culture beyond technical boundaries. 17:50 Balancing between security baselines and updated cloud service or feature. 23:19 Security teams unblocking core business areas. 27:00 Strategies to implement permissions boundaries when migrating from on-prem to cloud. 31:25 Is building one-size-fits-all security boundaries possible? 35:25 Keeping the right balance between security requirements and standardization 37:45 Designing common and specific security architecture across a multi-cloud setup 41:30 Summary 42:32 Rating Security Practices Section

In this episode of the ScaletoZero podcast, join us for an insightful conversation with cloud security and compliance expert Sandeep Agarwal as we explore the critical role of trust in building a secure environment. Discover practical tips to enhance security awareness, define security boundaries, and balance automation and manual controls. 00:00 Teaser, Introduction, and more 09:36 Importance of trust between organization 13:30 Challenges of organizations to build trust within teams 17:00 Tactics to improve trust within teams20:25 Effective ways to build security awareness 25:35 Tips to promote security awareness within the organization 29:50 Strategies to define security boundaries 33:20 Challenges of keeping the balance between security automation and auditing the enforcement of security baselines 36:00 Right time to invest in security 38:30 Are certifications helpful? 42:20 Summary 43:13 Rating Security Practices Section 48:30 Sandeep's recommendations for learning more about security

Join us as we dive deep into the world of cloud security with a seasoned AWS expert - Jan Hertsens, Senior Security Consultant at AWS. Discover how to strike the perfect balance between continuous security and compliance, leverage GenAI for enhanced protection, and build a robust incident response plan for the age of AI. Don't miss this insightful episode! 00:00 Teaser and Introduction 06:30 Continuous security and security compliance requirements 10:25 How to find the right balance between continuous security and compliance 14:20 Compliance Requirements vs Practical Security Implementations 20:55 Balancing the growth of GenAI and security compliance 25:00 How do organizations leverage GenAI for cloud security? 30:22 Defining Incident Response 39:20 Types of new age GenAI attacks that need an incident response plan 48:52 Summary 49:30 Rating Security Practices 53:30 Recommendation by Jan

Network Security Fortress: Master Network Segmentation! This episode dives deep into network segmentation - your secret weapon for building a secure and scalable network. We'll discuss best practices, tackle implementation challenges, and explore how to integrate segmentation with Zero Trust. Learn how to segment for containers, cloud environments, and more! Tune in and fortify your network defenses! 00:00 Teaser + Introduction 08:00 What is Network Segmentation? 10:10 At what stage of company should I think about Network Segmentation? 11:30 Benefits of Network Segmentation? 17:00 Best practices for implementing Network Segmentation 19:10 Ensuring proper enforcement and zero misconfiguration 21:50 Key factors when designing a Network Segmentation strategy 26:30 Deciding segmentation methods based on a specific scenario 35:20 Network segmentation in case users are using ECS or Kubernetes containers 38:15 Integrating Network Segmentation principles with Zero Trust architectures 42:10 Examples of common security appliances came across45:30 Factors to decide between cloud-native or third-party security appliances 48:30 Types of remote access solutions used today 52:50 Summary 53:45 Rating Security Practices

Struggling to keep your cloud environment secure? This episode with Kailash Havildar dives deep into logging and monitoring, your secret weapons for prevention, detection, and remediation. We'll uncover best practices, tackle common challenges, and show you how organizations can leverage threat intelligence and user behavior to stay ahead of cyberattacks. Tune in and learn how to measure your security investments and ensure your cloud fortress is impenetrable! 00:00 Teaser and Introduction 08:30 Tools and tricks for prevention, detection, and remediation in cloud environments 14:30 Role of logging and monitoring while implementing detective controls 16:50 Types of data or events to prioritize while logging and monitoring for security purposes 19:00 Challenges faced while implementing logging and monitoring, and how to tackle them 25:05 Capabilities to look for in sim solutions while creating detecting or monitoring 28:50 Use of automation for better log analysis and incident response process 31:00 How can startups secure their logging and monitoring systems 33:35 Factors that startups should consider for log retention and securing the storage 36:05 Logging and monitoring standards that different industries can follow 39:30 Key metrics to showcase the importance of logging and monitoring for stakeholders 42:30 Summary 43:23 Rating Security Practices

Worried about cyberattacks but can't find the right security people? This episode of ScaletoZero with Matthew Marji is your one-stop shop! Matthew has cracked the code on building a dream cybersecurity team, from must-have skills to attracting top talent. Startups, learn about prioritizing security programs for your first hire. We'll also reveal how to create a security-focused culture that engineers will love, avoid common integration pitfalls, and explore the soft skills that make a security pro truly shine. Don't let cyber threats hold you back - listen in and build your dream cybersecurity team today! 00:00 Teaser and Introduction 05:13 Key skills organizations should look for hiring security professionals 09:20 Strategies for attracting and retaining top security talents 12:50 Security programs startups should prioritize when hiring their first security leader 15:00 Skills, Experience, or Anything else? What should startups prioritize? 17:40 How to ensure security culture remains at the forefront? 21:40 Common pitfalls to avoid when integrating cybersecurity into broader business processes 24:40 Recommendations to foster security culture in organizations 28:30 Practical strategies to bring security awareness to your organization 34:20 Technical learning needs for security leaders when hiring 40:10 Summary 40:47 Rating Security Practices

Get ready for a paradigm shift in how you build software. In this episode of the Scale to Zero podcast with Adam Shostack, we crash-landed with a powerful concept called Secure by Design! It's not just a mantra for the Rebel Alliance, it's the key to building unbreachable software from the very first line of code. 00:00 Teaser and Introduction of guest 05:44 What is the Secure by Design concept? And why is it crucial? 09:30 Difference between Secure by Design and Secure by Default 12:50 Key steps to integrate Secure by Design principles in SDLCs 18:45 Area of focus for integrating threat modeling in SDLCs 21:18 Validating the threat modeling design 25:50 Thin line between Star Wars and Secure by Design concept 31:00 Examples from Star Wars that resonate Secure by Design concept 33:20 Role of communication and collaboration in the Secure by Design concept across various teams 36:40 How to raise awareness about the importance of Secure by Design within workplaces 40:00 Concept of Cyber Public Health and its connection to threat modeling 44:29 Summary 45: 20 Rating Security Practices section

Feeling overwhelmed by cyber risk? We've got you covered! In this episode of ScaletoZero, Our guest Amit Subhanje dives deep into everything risk management, from understanding its importance to conquering cybersecurity and cloud security challenges. Remember security awareness is the key, get ready to become a risk management master! Hit play and join now! 00:00 Teaser + Introduction 04:35 Day in Amit's life 06:20 What is risk management and it's importance? 08:22 Risk management and cybersecurity or cloud security 11:00 Challenges organizations face managing cyber risks 13:55 How to address cyber risk challenges? 16:30 Thin line between enterprise risk management and risk management 17:00 How can startups build comprehensive risk mitigation plan? 22:45 Building security awareness in an organization 29:20 How can teams lead and be accountable for security incidents? 33:10 Summary 34:10 Rating security practices

Feeling lost in the world of Detection and Response (D&R)? In this episode of ScaletoZero, our guest Pablo Vidal equips you with everything you need, from core concepts and overcoming common challenges to leveraging automation and building a winning incident response process. We explore the future of D&R with Generative AI, offer valuable advice for aspiring security engineers, and provide organizations with strategies to hire top talent and identify red flags during recruitment. Join us and become a D&R master! 00:00 Teaser 01:00 Introduction and more 07:00 Concept of Detection and Response 08:21 Motivation to continue in detection and response 11:40 Challenges in implementing incident detection and response process 13:30 Typical incident response process 15:25 Using automation or orchestration tools for incident response 17:00 Keeping the right balance between SDLC and incident response 19:35 Generative AI and Incident Response Process 22:20 Will GenAi replace security engineers? 24:40 Advice to newbies in incident and response 26:40 Additional skills to have 28:00 Skills organizations should look for while hiring security engineering teams 31:30 Strategies for organizations to attract top talent 33:45 Common do's and don't of hiring security engineering team 35:25 Red flags in candidates during the hiring process 37:37 Summary 38:37 Rating Security Practices

In episode 30 of the ScaletoZero podcast, we had a very thoughtful discussion with Jesse Miller who is also known as an operational powerhouse when it comes to information security and compliance. This episode is a must-watch for all the leaders who are building their cybersecurity teams. Jesse shares some real uncommon insights (without sugarcoating facts) that will help security leaders and SMBs build their cybersecurity teams. 00:00 Teaser + Introduction 07:00 Skills to look for when hiring security teams10:57 How do you attract the right talent to your organization?13:47 Hiring early security roles for growing startups14:22 Setting KPIs for the newly hired security roles17:50 How security teams can engage with other business units?21:30 Where organizations are making mistakes?26:24 What is Building Virtuous Circle?29:40 Benefits of building a virtuous circle with clients in your organization.30:55 How can CISOs educate their clients about sound security investments?32:50 Advice to aspiring CISOs and CIOs35:28 Summary36:18 Rating Security Practices

In episode 29 of the ScaletoZero Podcast, we had an insightful discussion with Josh Pyorre about threat-hunting approaches in today's digital world. Josh shared his expertise on balancing security complexities and creativity while discussing ways to reduce cyber risks for individuals and organizations. 00:00 Teaser 01:00 Introduction 05:00 What is Threat Hunting? 08:00 Why threat hunting is important for organizations? 08:55 Proactive vs. Reactive approach to threat hunting 10:17 Challenges of adopting a proactive or reactive approach 12:00 Creatively approaching Threat Research 16:25 Generative AI in Cybersecurity 18:33 Challenges of GenAI for security threat research 22:22 Keeping balance in presenting complex security topics to a diverse audience 24:25 Why security ecosystems should prioritize startups and non-profits 29:20 Summary 30:20 Rating Security Practices