Guests:

• Taylor Lehmann, Director at Office of the CISO, Google Cloud
• Luis Urena, Cloud Security Architect, Google Cloud

Topics

• There is a common scenario where security teams are brought in after a cloud environment is already established. From your experience, how does this late involvement typically impact the organization's security posture and what are the immediate risks they face?
• Upon hearing this, many experts suggest that “burn the environment with fire” or “nuke it from orbit” are the only feasible approaches? What is your take on that suggestion?
• On the opposite side, what if business demands you don't touch anything but “make it secure” regardless?
• Could you walk us through some of the first critical steps you do after “inheriting a cloud” and why they are prioritized in this way?
• Why not just say “add MFA everywhere”? What may or will blow up?
• We also say “address overly permissive users and roles” and this sounds valuable, but also tricky. How do we go about it?
• What are the chances that the environment is in fact compromised already? When is Compromise Assessment the right call, it does cost money, right?
• How do you balance your team’s current priorities when you’ve just adopted an insecure cloud environment. How do you make tradeoffs among your existing stack and this new one?

Resources:

• “Confetti cannons or fire extinguishers? Here’s how to secure cloud surprises”
• EP179 Teamwork Under Stress: Expedition Behavior in Cybersecurity Incident Response
• IAM Recommender
• “TM" book by Adam Shostack
• “Checklist Manifesto” book
• “Moving shields into position: How you can organize security to boost digital transformation” (with a new paper!)