Best Best Practices For Cloud First Cybersecurity Podcasts (2025)

1
EP249 Data First: What Really Makes Your SOC 'AI Ready'? 30:37

Play Pause

7h ago30:37

30:37

Guest: Monzy Merza, co-founder and CEO at Crogl Topics: We often hear about the aspirational idea of an "IronMan suit" for the SOC—a system that empowers analysts to be faster and more effective. What does this ideal future of security operations look like from your perspective, and what are the primary obstacles preventing SOCs from achieving it t…

1
EP248 Cloud IR Tabletop Wins: How to Stop Playing Security Theater and Start Practicing 32:42

7d ago32:42

32:42

Guest: Jibran Ilyas, Director for Incident Response at Google Cloud Topics: What is this tabletop thing, please tell us about running a good security incident tabletop? Why are tabletops for incident response preparedness so amazingly effective yet rarely done well? This is cheap/easy/useful so why do so many fail to do it? Why are tabletops seen a…

1
EP247 The Evolving CISO: From Security Cop to Cloud & AI Champion 29:00

14d ago29:00

29:00

Guest: David Gee, Board Risk Advisor, Non-Executive Director & Author, former CISO Topics: Drawing from the "Aspiring CIO and CISO" book's focus on continuous improvement, how have you seen the necessary skills, knowledge, experience, and behaviors for a CISO evolve, especially when guiding an organization through a transformation? Could you share …

1
EP246 From Scanners to AI: 25 Years of Vulnerability Management with Qualys CEO Sumedh Thakar 36:53

21d ago36:53

36:53

Guest: Sumedh Thakar, President and CEO, Qualys Topics: How did vulnerability management (VM) change since Qualys was founded in 1999? What is different about VM today? Can we actually remediate vulnerabilities automatically at scale? Why did this work for you even though many expected it would not? Where does cloud fit into modern vulnerability ma…

1
EP245 From Consumer Chatbots to Enterprise Guardrails: Securing Real AI Adoption 33:35

29d ago33:35

33:35

Guest: Rick Caccia, CEO and Co-Founder, Witness AI Topics: In what ways is the current wave of enterprise AI adoption different from previous technology shifts? If we say "but it is different this time", then why? What is your take on "consumer grade AI for business" vs enterprise AI? A lot of this sounds a bit like the CASB era circa 2014. How is …

1
EP244 The Future of SOAPA: Jon Oltsik on Platform Consolidation vs. Best-of-Breed in the Age of Agentic AI 27:32

1M ago27:32

27:32

Guest: Jon Oltsik, security researcher, ex-ESG analyst Topics: You invented the concept of SOAPA – Security Operations & Analytics Platform Architecture. As we look towards SOAPA 2025, how do you see the ongoing debate between consolidating security around a single platform versus a more disaggregated, best-of-breed approach playing out? What are t…

1
EP243 Email Security in the AI Age: An Epic 2025 Arms Race Begins 29:00

1M ago29:00

29:00

Guest: Cy Khormaee, CEO, AegisAI Ryan Luo, CTO, AegisAI Topics: What is the state of email security in 2025? Why start an email security company now? Is it true that there are new and accelerating AI threats to email? It sounds cliche, but do you really have to use good AI to fight bad AI? What did you learn from your time fighting abuse at scale a…

1
EP242 The AI SOC: Is This The Automation We've Been Waiting For? 34:01

2M ago34:01

34:01

Guest: Augusto Barros, Principal Product Manager, Prophet Security, ex-Gartner analyst Topics: What is your definition of "AI SOC"? What will AI change in a SOC? What will the post-AI SOC look like? What are the primary mechanisms by which AI SOC tools reduce attacker dwell time, and what challenges do they face in maintaining signal fidelity? Why …

1
EP241 From Black Box to Building Blocks: More Modern Detection Engineering Lessons from Google 31:33

2M ago31:33

31:33

Guest: Rick Correa,Uber TL Google SecOps, Google Cloud Topics: On the 3rd anniversary of Curated Detections, you've grown from 70 rules to over 4700. Can you walk us through that journey? What were some of the key inflection points and what have been the biggest lessons learned in scaling a detection portfolio so massively? Historically the SecOps …

1
EP240 Cyber Resiliency for the Rest of Us: Making it Happen on a Real-World Budget 29:25

2M ago29:25

29:25

Guest: Errol Weiss, Chief Security Officer (CSO) at Health-ISAC Topics: How adding digital resilience is crucial for enterprises? How to make the leaders shift from "just cybersecurity" to "digital resilience"? How to be the most resilient you can be given the resources? How to be the most resilient with the least amount of money? How to make yours…

1
EP239 Linux Security: The Detection and Response Disconnect and Where Is My Agentless EDR 25:29

2M ago25:29

25:29

Guest: Craig H. Rowland, Founder and CEO, Sandfly Security Topics: When it comes to Linux environments – spanning on-prem, cloud, and even–gasp–hybrid setups – where are you seeing the most significant blind spots for security teams today? There's sometimes a perception that Linux is inherently more secure or less of a malware target than Windows. …

1
EP238 Google Lessons for Using AI Agents for Securing Our Enterprise 31:40

3M ago31:40

31:40

Guest: Dominik Swierad, Senior PM D&R AI and Sec-Gemini Topics: When introducing AI agents to security teams at Google, what was your initial strategy to build trust and overcome the natural skepticism? Can you walk us through the very first conversations and the key concerns that were raised? With a vast array of applications, how did you identify…

1
EP237 Making Security Personal at the Speed and Scale of TikTok 28:40

3M ago28:40

28:40

Guest: Kim Albarella, Global Head of Security, TikTok Questions: Security is part of your DNA. In your day to day at TikTok, what are some tips you'd share with users about staying safe online? Many regulations were written with older technologies in mind. How do you bridge the gap between these legacy requirements and the realities of a modern, mi…

1
EP236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI 27:15

3M ago27:15

27:15

Guest: Manija Poulatova, Director of Security Engineering and Operations at Lloyd's Banking Group Topics: SIEM migration is hard, and it can take ages. Yours was - given the scale and the industry - on a relatively short side of 9 months. What's been your experience so far with that and what could have gone faster? Anton might be a "reformed" analy…

1
EP235 The Autonomous Frontier: Governing AI Agents from Code to Courtroom 34:06

3M ago34:06

34:06

Guest: Anna Gressel, Partner at Paul, Weiss, one of the AI practice leads Episode co-host: Marina Kaganovich, Office of the CISO, Google Cloud Questions: Agentic AI and AI agents, with its promise of autonomous decision-making and learning capabilities, presents a unique set of risks across various domains. What are some of the key areas of concern…

1
EP234 The SIEM Paradox: Logs, Lies, and Failing to Detect 37:59

4M ago37:59

37:59

Guest: Svetla Yankova, Founder and CEO, Citreno Topics: Why do so many organizations still collect logs yet don't detect threats? In other words, why is our industry spending more money than ever on SIEM tooling and still not "winning" against Tier 1 ... or even Tier 5 adversaries? What are the hardest parts about getting the right context into a S…

1
EP233 Product Security Engineering at Google: Resilience and Security 25:44

4M ago25:44

25:44

Guest: Cristina Vintila, Product Security Engineering Manager, Google Cloud Topic: Could you share insights into how Product Security Engineering approaches at Google have evolved, particularly in response to emerging threats (like Log4j in 2021)? You mentioned applying SRE best practices in detection and response, and overall in securing the Googl…

1
EP232 The Human Element of Privacy: Protecting High-Risk Targets and Designing Systems 31:37

4M ago31:37

31:37

Guest: Sarah Aoun, Privacy Engineer, Google Topic: You have had a fascinating career since we [Tim] graduated from college together – you mentioned before we met that you've consulted with a literal world leader on his personal digital security footprint. Maybe tell us how you got into this field of helping organizations treat sensitive information…

1
EP231 Beyond the Buzzword: Practical Detection as Code in the Enterprise 30:40

4M ago30:40

30:40

Guest: David French, Staff Adoption Engineer, Google Cloud Topic: Detection as code is one of those meme phrases I hear a lot, but I'm not sure everyone means the same thing when they say it. Could you tell us what you mean by it, and what upside it has for organizations in your model of it? What gets better for security teams and security outcomes…

1
EP230 AI Red Teaming: Surprises, Strategies, and Lessons from Google 26:11

4M ago26:11

26:11

Guest: Daniel Fabian, Principal Digital Arsonist, Google Topic: Your RSA talk highlights lessons learned from two years of AI red teaming at Google. Could you share one or two of the most surprising or counterintuitive findings you encountered during this process? What are some of the key differences or unique challenges you've observed when testin…

1
EP229 Beyond the Hype: Debunking Cloud Breach Myths (and What DBIR Says Now) 35:05

5M ago35:05

35:05

Guest: Alex Pinto, Associate Director of Threat Intelligence, Verizon Business, Lead the Verizon Data Breach Report Topics: How would you define "a cloud breach"? Is that a real (and different) thing? Are cloud breaches just a result of leaked keys and creds? If customers are responsible for 99% of cloud security problems, is cloud breach really ab…

1
EP228 SIEM in 2025: Still Hard? Reimagining Detection at Cloud Scale and with More Pipelines 27:09

5M ago27:09

27:09

Guest Alan Braithwaite, Co-founder and CTO @ RunReveal Topics: SIEM is hard, and many vendors have discovered this over the years. You need to get storage, security and integration complexity just right. You also need to be better than incumbents. How would you approach this now? Decoupled SIEM vs SIEM/EDR/XDR combo. These point in the opposite dir…

1
EP227 AI-Native MDR: Betting on the Future of Security Operations? 23:58

5M ago23:58

23:58

Guests: Eric Foster, CEO of Tenex.AI Venkata Koppaka, CTO of Tenex.AI Topics: Why is your AI-powered MDR special? Why start an MDR from scratch using AI? So why should users bet on an "AI-native" MDR instead of an MDR that has already got its act together and is now applying AI to an existing set of practices? What's the current breakdown in labor …

1
EP226 AI Supply Chain Security: Old Lessons, New Poisons, and Agentic Dreams 24:39

5M ago24:39

24:39

Guest: Christine Sizemore, Cloud Security Architect, Google Cloud Topics: Can you describe the key components of an AI software supply chain, and how do they compare to those in a traditional software supply chain? I hope folks listening have heard past episodes where we talked about poisoning training data. What are the other interesting and unexp…

1
EP225 Cross-promotion: The Cyber-Savvy Boardroom Podcast: EP2 Christian Karam on the Use of AI 24:46

6M ago24:46

24:46

Hosts: David Homovich, Customer Advocacy Lead, Office of the CISO, Google Cloud Alicja Cade, Director, Office of the CISO, Google Cloud Guest: Christian Karam, Strategic Advisor and Investor Resources: EP2 Christian Karam on the Use of AI (as aired originally) The Cyber-Savvy Boardroom podcast site The Cyber-Savvy Boardroom podcast on Spotify The C…

1
EP224 Protecting the Learning Machines: From AI Agents to Provenance in MLSecOps 30:40

6M ago30:40

30:40

Guest: Diana Kelley, CSO at Protect AI Topics: Can you explain the concept of "MLSecOps" as an analogy with DevSecOps, with 'Dev' replaced by 'ML'? This has nothing to do with SecOps, right? What are the most critical steps a CISO should prioritize when implementing MLSecOps within their organization? What gets better when you do it? How do we adap…

1
EP223 AI Addressable, Not AI Solvable: Reflections from RSA 2025 31:37

6M ago31:37

31:37

Guests: no guests, just us in the studio Topics: At RSA 2025, did we see solid, measurably better outcomes from AI use in security, or mostly just "sizzle" and good ideas with potential? Are the promises of an "AI SOC" repeating the mistakes seen with SOAR in previous years regarding fully automated security operations? Does "AI SOC" work according…

1
EP222 From Post-IR Lessons to Proactive Security: Deconstructing Mandiant M-Trends 35:19

6M ago35:19

35:19

Guests: Kirstie Failey @ Google Threat Intelligence Group Scott Runnels @ Mandiant Incident Response Topics: What is the hardest thing about turning distinct incident reports into a fun to read and useful report like M-Trends? How much are the lessons and recommendations skewed by the fact that they are all "post-IR" stories? Are "IR-derived" secur…

1
EP221 Special - Semi-Live from Google Cloud Next 2025: AI, Agents, Security ... Cloud? 30:26

6M ago30:26

30:26

Guests: No guests [Tim in Vegas and Anton remote] Topics: So, another Next is done. Beyond the usual Vegas chaos, what was the overarching security theme or vibe you [Tim] felt dominated the conference this year? Thinking back to Next '24, what felt genuinely different this year versus just the next iteration of last year's trends? Last year, we po…

1
EP220 Big Rewards for Cloud Security: Exploring the Google VRP 29:13

6M ago29:13

29:13

Guests: Michael Cote, Cloud VRP Lead, Google Cloud Aadarsh Karumathil, Security Engineer, Google Cloud Topics: Vulnerability response at cloud-scale sounds very hard! How do you triage vulnerability reports and make sure we're addressing the right ones in the underlying cloud infrastructure? How do you determine how much to pay for each vulnerabili…

1
Why Cloud Identity is Your New Front Line in Cybersecurity 9:04

7M ago9:04

9:04

Stolen credentials. Risky login behavior. Shared accounts with no audit trail. Businesses that overlook identity management face serious security gaps, compliance challenges, and operational inefficiencies. Most cybersecurity strategies focus on firewalls and endpoint tools—but today, your real perimeter is every login. In this episode of Perimeter…

1
EP219 Beyond the Buzzwords: Decoding Cyber Risk and Threat Actors in Asia Pacific 31:46

7M ago31:46

31:46

Guest: Steve Ledzian, APAC CTO, Mandiant at Google Cloud Topics: We've seen a shift in how boards engage with cybersecurity. From your perspective, what's the most significant misconception boards still hold about cyber risk, particularly in the Asia Pacific region, and how has that impacted their decision-making? Cybersecurity is rife with jargon.…

1
EP218 IAM in the Cloud & AI Era: Navigating Evolution, Challenges, and the Rise of ITDR/ISPM 30:10

7M ago30:10

30:10

Guest: Henrique Teixeira, Senior VP of Strategy, Saviynt, ex-Gartner analyst Topics: How have you seen IAM evolve over the years, especially with the shift to the cloud, and now AI? What are some of the biggest challenges and opportunities these two shifts present? ITDR (Identity Threat Detection and Response) and ISPM (Identity Security Posture Ma…

1
EP217 Red Teaming AI: Uncovering Surprises, Facing New Threats, and the Same Old Mistakes? 23:11

7M ago23:11

23:11

Guest: Alex Polyakov, CEO at Adversa AI Topics: Adversa AI is known for its focus on AI red teaming and adversarial attacks. Can you share a particularly memorable red teaming exercise that exposed a surprising vulnerability in an AI system? What was the key takeaway for your team and the client? Beyond traditional adversarial attacks, what emergin…

1
The Future of Work: Why the Modern Desktop Experience Changes Everything 10:27

7M ago10:27

10:27

Slow device setups. Frustrating VPN issues. Former employees still accessing company data. Businesses relying on outdated IT models face major security risks, lost productivity, and unnecessary costs. Most organizations focus on cybersecurity tools but ignore a foundational shift that could improve security, streamline operations, and boost employe…

1
EP216 Ephemeral Clouds, Lasting Security: CIRA, CDR, and the Future of Cloud Investigations 31:43

7M ago31:43

31:43

Guest: James Campbell, CEO, Cado Security Chris Doman, CTO, Cado Security Topics: Cloud Detection and Response (CDR) vs Cloud Investigation and Response Automation(CIRA) ... what's the story here? There is an "R" in CDR, right? Can't my (modern) SIEM/SOAR do that? What about this becoming a part of modern SIEM/SOAR in the future? What gets better w…

1
IT Lifecycle Management: The Foundation of Secure Operations 10:15

8M ago10:15

10:15

40% higher IT costs. Unpatched security gaps. Former employees still accessing company data. These are just a few of the risks businesses face when they don’t have a structured IT lifecycle strategy. Most organizations focus on cybersecurity tools but overlook the foundational issue: lifecycle management. Without a plan for tracking, securing, and …

1
EP215 Threat Modeling at Google: From Basics to AI-powered Magic 26:03

8M ago26:03

26:03

Guest: Meador Inge, Security Engineer, Google Cloud Topics: Can you walk us through Google's typical threat modeling process? What are the key steps involved? Threat modeling can be applied to various areas. Where does Google utilize it the most? How do we apply this to huge and complex systems? How does Google keep its threat models updated? What …

1
From Detection to Action: How SOAR Stops Cyberattacks in Minutes 15:40

8M ago15:40

15:40

287 days. That’s how long it takes—on average—to detect and contain a breach. Cybercriminals aren’t waiting for you to catch up. With automated attack methods and round-the-clock threats, small to mid-sized businesses (SMBs) can’t afford slow response times. Traditional security tools detect threats - but without automation, attackers have the uppe…

1
EP214 Reconciling the Impossible: Engineering Cloud Systems for Diverging Regulations 29:22

8M ago29:22

29:22

Guest: Archana Ramamoorthy, Senior Director of Product Management, Google Cloud Topics: You are responsible for building systems that need to comply with laws that are often mutually contradictory. It seems technically impossible to do, how do you do this? Google is not alone in being a global company with local customers and local requirements. Ho…

1
EP213 From Promise to Practice: LLMs for Anomaly Detection and Real-World Cloud Security 28:01

8M ago28:01

28:01

Guest: Yigael Berger, Head of AI, Sweet Security Topic: Where do you see a gap between the "promise" of LLMs for security and how they are actually used in the field to solve customer pains? I know you use LLMs for anomaly detection. Explain how that "trick" works? What is it good for? How effective do you think it will be? Can you compare this to …

1
Why SIEM and Threat Detection Are Foundational for SMB Cybersecurity 12:17

8M ago12:17

12:17

Cybercriminals aren’t just targeting enterprises anymore. SMBs are in the crosshairs, and the consequences are costly. A single data breach can cost an SMB over $3 million, yet many businesses still lack the visibility needed to detect threats before it’s too late. In this episode of Perimeter Perspective, hosts Michael Moore and Alyssa Birchfield …

1
EP212 Securing the Cloud at Scale: Modern Bank CISO on Metrics, Challenges, and SecOps 33:16

8M ago33:16

33:16

Guest: Dave Hannigan, CISO at Nu Bank Topics: Tell us about the challenges you're facing as CISO at NuBank and how are they different from your past life at Spotify? You're a big cloud based operation - what are the key challenges you're tracking in your cloud environments? What lessons do you wish you knew back in your previous CISO run [at Spotif…

1
How MXDR Protects SMBs from Cyber Threats 15:27

8M ago15:27

15:27

60% of small businesses close within six months of a cyberattack. Cyber threats are evolving, and small to mid-sized businesses are becoming prime targets. Traditional security solutions—like standalone antivirus and firewalls—leave dangerous gaps that attackers exploit. Businesses need a proactive, unified approach to threat detection and response…

1
EP211 Decoding the Underground: Google's Dual-Lens Threat Intelligence Magic 26:02

8M ago26:02

26:02

Guest: Kimberly Goody, Head of Intel Analysis and Production, Google Cloud Topics: Google's Threat Intelligence Group (GTIG) has a unique position, accessing both underground forum data and incident response information. How does this dual perspective enhance your ability to identify and attribute cybercriminal campaigns? Attributing cyberattacks w…

1
Zero Trust SaaS Security: Protecting Your Apps, Identities, and Devices 11:09

9M ago11:09

11:09

Ready for SaaS security without the complexity? Managing SaaS security is becoming one of the biggest challenges for IT teams. With employees using apps like Salesforce, Dropbox, and countless others, businesses struggle to keep access secure without adding friction to everyday workflows. Legacy security approaches—like VPNs and standalone logins—f…

1
EP210 Cloud Security Surprises: Real Stories, Real Lessons, Real "Oh No!" Moments 26:58

9M ago26:58

26:58

Guest: Or Brokman, Strategic Google Cloud Engineer, Security and Compliance, Google Cloud Topics: Can you tell us about one particular cloud consulting engagement that really sticks out in your memory? Maybe a time when you lifted the hood, so to speak, and were absolutely floored by what you found – good or bad! In your experience, what's that one…

1
EP209 vCISO in the Cloud: Navigating the New Security Landscape (and Don't Forget Resilience!) 29:06

9M ago29:06

29:06

Guests: Beth Cartier, former CISO, vCISO, founder of Initiative Security Guest host of the CISO mini-series: Marina Kaganovich, Executive Trust Lead, Office of the CISO @ Google Cloud Topics: How is that vCISO'ing going? What is special about vCISO and cloud? Is it easier or harder? AI, cyber, resilience - all are hot topics these days. In the cont…

1
EP208 The Modern CISO: Balancing Risk, Innovation, and Business Strategy (And Where is Cloud?) 31:19

9M ago31:19

31:19

Guest host: Marina Kaganovich, Executive Trust Lead, Office of the CISO @ Google Cloud Guest: John Rogers, CISO @ MSCI Topics: Can you briefly walk us through your CISO career path? What are some of the key (cloud or otherwise) trends that CISOs should be keeping an eye on? What is the time frame for them? What are the biggest cloud security challe…

1
How Network as a Service (SASE) Empowers Mid-Market IT Leaders 9:20

9M ago9:20

9:20

Are You Ready to Scale Securely? For mid-market businesses, staying secure while growing your IT infrastructure is no easy task. Legacy solutions like VPNs can leave your network vulnerable, while the costs and complexity of piecing together security tools can overwhelm even the best IT teams. What’s the solution? Network as a Service (SASE)—a clou…