Cloud Security Podcast by Google

Guests: No guests! Just Tim and Anton Topics: Hard to believe we've been doing these since 2022, is that right? What did we see this year at RSA, apart from AI? And more AI? And more AI? What framework can we use to understand the approaches vendors take to AI and security? Just saying “AI washing” is not enough! How to tell “AI washer” from “AI tourist”?  I sense that “securing AI” (and agents) is finally growing as fast as "using AI for security”, do you agree? Is the AI vulnerability apocalypse coming? Soon? Have we seen any signs of AI backlash? Resource: ...

Cloud Security Podcast by Google

Guests: , Senior Manager, Threat Analysis, Mandiant, Google Cloud , Mandiant Incident Response, Google Cloud  Topics: Do we need to rethink "Mean Time to Respond" entirely, or are we just in deep trouble? Why are threat groups collaborating so well, and are there actual lessons for defenders in their "business" model? What is the scalable advice for teams worried about voice phishing and GenAI cloning? What does "weaponizing the administrative fabric" actually mean in a world where identity is the perimeter? Why is identity/SaaS compromise "news" in 2026 when cloud security folks have...

Cloud Security Podcast by Google

Guest: , Operating Advisor, a SIEM legend since 1999 Topics: You argue that declaring existing SIEM being obsolete is a "marketing slogan" rather than a true thesis. What is the real pain point and the actual gap in traditional SIEMs as opposed to the more sensational claims? You highlight that "correlation, state, timelines, and real-time detection require locality," making centralization a necessary trade-off. Can a truly federated or decoupled SIEM architecture achieve the same fidelity and real-time performance for complex, stateful detections as a centralized one? You call the rise of...

Cloud Security Podcast by Google

Guest: , , author of Topics: Your book focuses on the US, China, and Russia. When you were planning the book did you also want to cover players like Israel, Iran, and North Korea? Most of our listeners are migrating to or operating heavily in the cloud. As nations refine their “digital battlefield” strategies, does the "shared responsibility model" actually hold up against a nation-state actor? How does a company’s detection strategy need to change when the adversary isn't a teenager looking for a ransom, but a state-funded group whose goal might be long-term persistence or subtle...

Cloud Security Podcast by Google

Guest: , CEO and co-founder @ Topics: focuses on securing generative AI in use. Can you walk us through a real, anonymized example of a data leak caused by employee AI usage that your platform has identified? AI governance gets thrown around a lot. What does this mean in the context of Shadow AI? How should organizations be thinking about governing AI in light of upcoming AI regulations in the US and in the EU? If we generally agree that employees are using AI tools before they are sanctioned, how can organizations control this? Network, API, endpoint? Many organizations struggle with the...

Cloud Security Podcast by Google

Guests: , Global Deputy CISO, Allianz SE , Director of D&R, Google Topics: We’ve spent decades obsessed with MTTD (Mean Time to Detect) and MTTR (Mean Time to Respond). As AI agents begin to handle the bulk of triage at machine speed, do these metrics become "vanity metrics"? If an AI resolves an alert in seconds, does measuring the "mean" still tell us anything about the health of our security program, or should we be looking at "Time to Context" instead? You mentioned the Maturity Triangle. Can you walk us through that framework? Specifically, how does AI change the balance between...

Cloud Security Podcast by Google

Guest: , VP of Threat Detection and Response, Fiserv Topics: What is the right way for people to bridge the gap and translate executive dreams and board goals into the reality of life on the ground? How do we talk to people who think they have "transformed" their SOC simply by buying a better, shinier product (like a modern SIEM) while leaving their old processes intact? What are the specific challenges and advantages you’ve seen with a federated SOC versus a centralized one? What does a "federated" or "sub-SOC" model actually mean in practice? Why is the message that "EDR doesn't cover...

Cloud Security Podcast by Google

Guest: , Global CISO at  Topics: You mentioned that centralized security can't work anymore. Can you elaborate on the key changes—driven by cloud, SaaS, and AI—that have made this traditional model unsustainable for a modern organization? Why do some persist at centralized, top down approach to security, despite that? What do you mean by "Freedom, Responsibility and distributed security”?  Can you explain the difference between “centralized security” and what you define as “security with distributed ownership”?  Is this the same “federated”? In our...

Cloud Security Podcast by Google

Guest: , Director of Detection Engineering at UKG  Topics: We ended our season . In your opinion, are we living in the world that the guests describe in ?  Do you think AI-powered attacks are really here, and if so, what is your plan to respond? Is it faster patching? Better D&R? Something else altogether?  Your team has a hybrid agent workflow: could you tell us what that means?  Also, define “AI agent” please. What are your production use cases for AI and AI agents in your SOC? What are your overall SOC metrics and how does the agentic AI part play into that?...

Cloud Security Podcast by Google

Guest: , CEO at Topic: Why is agent security so different from “just” LLM security? Why now? Agents are coming, sure, but they are - to put it mildly - not in wide use. Why create now and not wait for people to make the mistakes? It sounds like “agents + IAM” is a disaster waiting to happen. What should be our approach for solving this? Do we have one? Which one agentic AI risk keeps you up at night?  Is there an interesting AI shared responsibility angle here? Agent developer, operator, downstream system operator? We are having a lot of experimentation, but sometimes little...