Cloud Security Podcast by Google

Guest: , VP of Engineering at Google, former CISO of Alphabet Topics: The "God-Like Designer" Fallacy: You've argued that we need to move away from the "God-like designer" model of security—where we pre-calculate every risk like building a bridge—and towards a biological model. Can you explain why that old engineering mindset is becoming risky in today’s cloud and AI environments? Resilience vs. Robustness: In your view, what is the practical difference between a robust system (like a fortress that eventually breaks) and a resilient system (like an immune system)? How does a CISO...

Cloud Security Podcast by Google

Guest: , Technical Leader, OT Consulting, Mandiant Topics: When we hear “attacks on Operational Technology (OT)” some think of Stuxnet targeting PLCs or even backdoored pipeline control software plot in the 1980s. Is this space always so spectacular or are there less “kaboom” style attacks we are more concerned about in practice? Given the old "air-gapped" mindset of many OT environments, what are the most common security gaps or blind spots you see when organizations start to integrate cloud services for things like data analytics or remote monitoring? How is the shift to cloud...

Cloud Security Podcast by Google

Guest: Topics: Do you believe that AI is going to end up being a net improvement for defenders or attackers?  Is short term vs long term different? We’re excited about the new book you have coming out with your co-author .  We want to ask the same question, but for society: do you think AI is going to end up helping the forces of liberal democracy, or the forces of corruption, illiberalism, and authoritarianism?  If exploitation is always cheaper than patching (and attackers don’t follow as many rules and procedures), do we have a chance here?  If this requires...

Cloud Security Podcast by Google

Guest: , VP of Security Engineering, Google Topic: The term "AI Hacking Singularity" sounds like pure sci-fi, yet you and some other very credible folks describe an imminent threat. How much of this is hyperbole to shock the complacent, and how much is based on actual, observed capabilities today?  Can autonomous AI agents really achieve that "exploit - at - machine - velocity" without human intervention for the zero-day discovery phase? On the other hand, why may it actually not happen? When we talk about autonomous AI attack platforms, are we talking about highly resourced...

Cloud Security Podcast by Google

Guest: , Consulting Manager on Security Transformation Team, Mandiant, Google Cloud Topics: How has vulnerability management (VM) evolved beyond basic scanning and reporting, and what are the biggest gaps between modern practices and what organizations are actually doing? Why are so many organizations stuck with 1990s VM practices? Why mitigation planning is still hard for so many? Why do many organizations, including large ones, still rely on unauthenticated scans despite the known importance of authenticated scanning for accurate results? What constitutes a "gold standard" vulnerability...

Cloud Security Podcast by Google

Guests: , bug bounty hunter Sreeram KL, bug bounty hunter Topics: We hear from the Cloud VRP team that you write excellent bugbounty reports - is there any advice you'd give to other researchers when they write reports? You are one of Cloud VRP's top researchers and won the MVH (most valuable hacker) award at their event in June - what do you think makes you so successful at finding issues?  What is a Bugswat? What do you find most enjoyable and least enjoyable about the VRP? What is the single best piece of advice you'd give an aspiring cloud bug hunter today?  Resources: ...

Cloud Security Podcast by Google

Guests: , Deputy Group CISO, Allianz ,  Global Head of D&R, Allianz  Topics:  Moving from traditional SIEM to an agentic SOC model, especially in a heavily regulated insurer, is a massive undertaking. What did the collaboration model with your vendor look like?  Agentic AI introduces a new layer of risk - that of unconstrained or unintended autonomous action. In the context of Allianz, how did you establish the governance framework for the SOC alert triage agents? Where did you draw the line between fully automated action and the mandatory "human-in-the-loop" for...

Cloud Security Podcast by Google

Guest: , CEO at Topics: The market already has Breach and Attack Simulation (BAS), for testing known TTPs. You’re calling this 'AI-powered' red teaming. Is this just a fancy LLM stringing together known attacks, or is there a genuine agent here that can discover a truly novel attack path that a human hasn't scripted for it? Let's talk about the 'so what?' problem. Pentest reports are famous for becoming shelf-ware. How do you turn a complex AI finding into an actionable ticket for a developer, and more importantly, how do you help a CISO decide which of the thousand 'criticals' to...

Cloud Security Podcast by Google

Guest: , CEO at , original founder of Topics: Are we really coming  to “access to security data” and away from “centralizing the data”? How to detect without the same storage for all logs? Is data pipeline a part of SIEM or is it standalone? Will this just collapse into SIEM soon? Tell us about the issues with log pipelines in the past? What about enrichment? Why do it in a pipeline, and not in a SIEM? We are unable to share enough practices between security teams. How are we fixing it? Is pipelines part of the answer? Do you have a piece of advice for people who want to do...

Cloud Security Podcast by Google

Guest: , co-founder and CEO at Topics: We often hear about the aspirational idea of an "IronMan suit" for the SOC—a system that empowers analysts to be faster and more effective. What does this ideal future of security operations look like from your perspective, and what are the primary obstacles preventing SOCs from achieving it today? You've also raised a metaphor of AI in the SOC as a "Dr. Jekyll and Mr. Hyde" situation. Could you walk us through what you see as the "Jekyll"—the noble, beneficial promise of AI—and what are the factors that can turn it into the dangerous "Mr....