Guests:

• Taylor Lehmann, Director at Office of the CISO, Google Cloud
• Luis Urena, Cloud Security Architect, Google Cloud

Topics

• There is a common scenario where security teams are brought in after a cloud environment is already established. From your experience, how does this late involvement typically impact the organization's security posture and what are the immediate risks they face?
• Upon hearing this, many experts suggest that “burn the environment with fire” or “nuke it from orbit” are the only feasible approaches? What is your take on that suggestion?
• On the opposite side, what if business demands you don't touch anything but “make it secure” regardless?
• Could you walk us through some of the first critical steps you do after “inheriting a cloud” and why they are prioritized in this way?
• Why not just say “add MFA everywhere”? What may or will blow up?
• We also say “address overly permissive users and roles” and this sounds valuable, but also tricky. How do we go about it?
• What are the chances that the environment is in fact compromised already? When is Compromise Assessment the right call, it does cost money, right?
• How do you balance your team’s current priorities when you’ve just adopted an insecure cloud environment. How do you make tradeoffs among your existing stack and this new one?

Resources:

• “Confetti cannons or fire extinguishers? Here’s how to secure cloud surprises”
• EP179 Teamwork Under Stress: Expedition Behavior in Cybersecurity Incident Response
• IAM Recommender
• “TM" book by Adam Shostack
• “Checklist Manifesto” book
• “Moving shields into position: How you can organize security to boost digital transformation” (with a new paper!)

Guest:

• Nelly Porter, Director of PM, Cloud Security at Google Cloud

Topics:

• Share your story and how you ended here doing confidential AI at Google?
• What problem does confidential compute + AI solve and for what clients?
• What are some specific real-world applications or use cases where you see the combination of AI and confidential computing making the most significant impact?
• What about AI in confidential vs AI on prem? Should those people just do on-prem AI instead?
• Which parts of the AI lifecycle need to be run in Confidential AI: Training? Data curation? Operational workloads?
• What are the performance (and thus cost) implications of running AI workloads in a confidential computing environment?
• Are there new risks that arise out of confidential AI?

Resources:

• Video
• EP48 Confidentially Speaking 2: Cloudful of Secrets
• EP1 Confidentially Speaking
• “To securely build AI on Google Cloud, follow these best practices“ blog (paper)

Guest:

• Dan Nutting, Manager - Cyber Defense, Google Cloud

Topics:

• What is the Defender’s Advantage and why did Mandiant decide to put this out there?

• This is the second edition. What is different about DA-II?

• Why do so few defenders actually realize their Defender’s Advantage?

• The book talks about the importance of being "intelligence-led" in cyber defense. Can you elaborate on what this means and how organizations can practically implement this approach?

• Detection engineering is presented as a continuous cycle of adaptation. How can organizations ensure their detection capabilities remain effective and avoid fatigue in their SOC?

• Many organizations don’t seem to want to make detections at all, what do we tell them?

• What is this thing called “Mission Control”- it sounds really cool, can you explain it?

Resources:

• Defender’s Advantage book

• The Defender's Advantage: Using Artificial Intelligence in Cyber Defense supplemental paper

• “Threat-informed Defense Is Hard, So We Are Still Not Doing It!” blog

• Mandiant blog