Cloud Security Podcast by Google focuses on security in the cloud, delivering security from the cloud, and all things at the intersection of security and cloud. Of course, we will also cover what we are doing in Google Cloud to help keep our users' data safe and workloads secure. We’re going to do our best to avoid security theater, and cut to the heart of real security questions and issues. Expect us to question threat models and ask if something is done for the data subject’s benefit or ju ...
…
continue reading
Sync Up is your one-stop shop for all things OneDrive. Join hosts, Stephen Rice and Arvind Mishra, as they shed light on how OneDrive connects you to all of your files in Microsoft and enables you to share and work together from anywhere, and any device! Hear from experts behind the design and development of OneDrive, as well as customers and Microsoft MVPs! Each episode will give you news and announcements, tips and best practices for your OneDrive experience, and some fun and humor!
…
continue reading
Cybersecurity weekly podcast series featuring industry thought leaders discussing security solutions, best practices, threat intel, and more. Our primary topics within InfoSec include: Application Security; Artificial Intelligence; Blockchain; Career Development; Cloud Security; Encryption / DLP; Endpoint / Mobile / IoT Security; GRC; Incident Response / SIEM; Identity and Access Management; Network Security; Privacy; Ransomware / Malware; and Security Awareness.
…
continue reading
Security on Cloud explores the ups and downs, and ins and outs of cloud security like no other podcast. Hear interviews with industry heavyweights, analysts, and technologists in the cloud security and compliance space. You can receive the insights you need to navigate security and compliance in this new cloud-driven world. Also, hear about high-level trends that face the cloud security industry that you need to be on top of to stay ahead. How to deal with compliance nightmares, how the whol ...
…
continue reading
Interviews with security engineers and CISOs about challenges in securing their cloud infrastructure. They share their stories and strategies used to drive results.
…
continue reading

1
EP227 AI-Native MDR: Betting on the Future of Security Operations?
23:58
23:58
Play later
Play later
Lists
Like
Liked
23:58Guests: Eric Foster, CEO of Tenex.AI Venkata Koppaka, CTO of Tenex.AI Topics: Why is your AI-powered MDR special? Why start an MDR from scratch using AI? So why should users bet on an “AI-native” MDR instead of an MDR that has already got its act together and is now applying AI to an existing set of practices? What’s the current breakdown in labor …
…
continue reading

1
EP226 AI Supply Chain Security: Old Lessons, New Poisons, and Agentic Dreams
24:39
24:39
Play later
Play later
Lists
Like
Liked
24:39Guest: Christine Sizemore, Cloud Security Architect, Google Cloud Topics: Can you describe the key components of an AI software supply chain, and how do they compare to those in a traditional software supply chain? I hope folks listening have heard past episodes where we talked about poisoning training data. What are the other interesting and unexp…
…
continue reading

1
EP225 Cross-promotion: The Cyber-Savvy Boardroom Podcast: EP2 Christian Karam on the Use of AI
24:46
24:46
Play later
Play later
Lists
Like
Liked
24:46Hosts: David Homovich, Customer Advocacy Lead, Office of the CISO, Google Cloud Alicja Cade, Director, Office of the CISO, Google Cloud Guest: Christian Karam, Strategic Advisor and Investor Resources: EP2 Christian Karam on the Use of AI (as aired originally) The Cyber-Savvy Boardroom podcast site The Cyber-Savvy Boardroom podcast on Spotify The C…
…
continue reading

1
EP224 Protecting the Learning Machines: From AI Agents to Provenance in MLSecOps
30:40
30:40
Play later
Play later
Lists
Like
Liked
30:40Guest: Diana Kelley, CSO at Protect AI Topics: Can you explain the concept of "MLSecOps" as an analogy with DevSecOps, with 'Dev' replaced by 'ML'? This has nothing to do with SecOps, right? What are the most critical steps a CISO should prioritize when implementing MLSecOps within their organization? What gets better when you do it? How do we adap…
…
continue reading

1
EP223 AI Addressable, Not AI Solvable: Reflections from RSA 2025
31:37
31:37
Play later
Play later
Lists
Like
Liked
31:37Guests: no guests, just us in the studio Topics: At RSA 2025, did we see solid, measurably better outcomes from AI use in security, or mostly just "sizzle" and good ideas with potential? Are the promises of an "AI SOC" repeating the mistakes seen with SOAR in previous years regarding fully automated security operations? Does "AI SOC" work according…
…
continue reading
Olga Dalecka joins Stephen Rice and Arvind Mishra on this month's Sync Up podcast to share how OneDrive’s mobile app is transforming the way users experience and manage their photos. From Moments of Joy and Photo Shuffle to AI-powered editing and seamless sharing, this episode dives into the innovations making OneDrive the trusted home for your mem…
…
continue reading

1
EP222 From Post-IR Lessons to Proactive Security: Deconstructing Mandiant M-Trends
35:19
35:19
Play later
Play later
Lists
Like
Liked
35:19Guests: Kirstie Failey @ Google Threat Intelligence Group Scott Runnels @ Mandiant Incident Response Topics: What is the hardest thing about turning distinct incident reports into a fun to read and useful report like M-Trends? How much are the lessons and recommendations skewed by the fact that they are all “post-IR” stories? Are “IR-derived” secur…
…
continue reading

1
EP221 Special - Semi-Live from Google Cloud Next 2025: AI, Agents, Security ... Cloud?
30:26
30:26
Play later
Play later
Lists
Like
Liked
30:26Guests: No guests [Tim in Vegas and Anton remote] Topics: So, another Next is done. Beyond the usual Vegas chaos, what was the overarching security theme or vibe you [Tim] felt dominated the conference this year? Thinking back to Next '24, what felt genuinely different this year versus just the next iteration of last year's trends? Last year, we po…
…
continue reading

1
EP220 Big Rewards for Cloud Security: Exploring the Google VRP
29:13
29:13
Play later
Play later
Lists
Like
Liked
29:13Guests: Michael Cote, Cloud VRP Lead, Google Cloud Aadarsh Karumathil, Security Engineer, Google Cloud Topics: Vulnerability response at cloud-scale sounds very hard! How do you triage vulnerability reports and make sure we’re addressing the right ones in the underlying cloud infrastructure? How do you determine how much to pay for each vulnerabili…
…
continue reading

1
EP219 Beyond the Buzzwords: Decoding Cyber Risk and Threat Actors in Asia Pacific
31:46
31:46
Play later
Play later
Lists
Like
Liked
31:46Guest: Steve Ledzian, APAC CTO, Mandiant at Google Cloud Topics: We've seen a shift in how boards engage with cybersecurity. From your perspective, what's the most significant misconception boards still hold about cyber risk, particularly in the Asia Pacific region, and how has that impacted their decision-making? Cybersecurity is rife with jargon.…
…
continue reading

1
EP218 IAM in the Cloud & AI Era: Navigating Evolution, Challenges, and the Rise of ITDR/ISPM
30:10
30:10
Play later
Play later
Lists
Like
Liked
30:10Guest: Henrique Teixeira, Senior VP of Strategy, Saviynt, ex-Gartner analyst Topics: How have you seen IAM evolve over the years, especially with the shift to the cloud, and now AI? What are some of the biggest challenges and opportunities these two shifts present? ITDR (Identity Threat Detection and Response) and ISPM (Identity Security Posture Ma…
…
continue reading

1
EP217 Red Teaming AI: Uncovering Surprises, Facing New Threats, and the Same Old Mistakes?
23:11
23:11
Play later
Play later
Lists
Like
Liked
23:11Guest: Alex Polyakov, CEO at Adversa AI Topics: Adversa AI is known for its focus on AI red teaming and adversarial attacks. Can you share a particularly memorable red teaming exercise that exposed a surprising vulnerability in an AI system? What was the key takeaway for your team and the client? Beyond traditional adversarial attacks, what emergin…
…
continue reading

1
EP216 Ephemeral Clouds, Lasting Security: CIRA, CDR, and the Future of Cloud Investigations
31:43
31:43
Play later
Play later
Lists
Like
Liked
31:43Guest: James Campbell, CEO, Cado Security Chris Doman, CTO, Cado Security Topics: Cloud Detection and Response (CDR) vs Cloud Investigation and Response Automation(CIRA) ... what’s the story here? There is an “R” in CDR, right? Can’t my (modern) SIEM/SOAR do that? What about this becoming a part of modern SIEM/SOAR in the future? What gets better w…
…
continue reading
In this episode of Sync Up, hosts Stephen Rice and Arvind Mishra sit down with David Johnson, one of Microsoft IT's key architects, to uncover how the company manages OneDrive and SharePoint at scale. From security and automation to self-service with guardrails, they explore the strategies that keep Microsoft’s data secure while enabling seamless c…
…
continue reading

1
EP215 Threat Modeling at Google: From Basics to AI-powered Magic
26:03
26:03
Play later
Play later
Lists
Like
Liked
26:03Guest: Meador Inge, Security Engineer, Google Cloud Topics: Can you walk us through Google's typical threat modeling process? What are the key steps involved? Threat modeling can be applied to various areas. Where does Google utilize it the most? How do we apply this to huge and complex systems? How does Google keep its threat models updated? What …
…
continue reading

1
EP214 Reconciling the Impossible: Engineering Cloud Systems for Diverging Regulations
29:22
29:22
Play later
Play later
Lists
Like
Liked
29:22Guest: Archana Ramamoorthy, Senior Director of Product Management, Google Cloud Topics: You are responsible for building systems that need to comply with laws that are often mutually contradictory. It seems technically impossible to do, how do you do this? Google is not alone in being a global company with local customers and local requirements. Ho…
…
continue reading

1
EP213 From Promise to Practice: LLMs for Anomaly Detection and Real-World Cloud Security
28:01
28:01
Play later
Play later
Lists
Like
Liked
28:01Guest: Yigael Berger, Head of AI, Sweet Security Topic: Where do you see a gap between the “promise” of LLMs for security and how they are actually used in the field to solve customer pains? I know you use LLMs for anomaly detection. Explain how that “trick” works? What is it good for? How effective do you think it will be? Can you compare this to …
…
continue reading

1
EP212 Securing the Cloud at Scale: Modern Bank CISO on Metrics, Challenges, and SecOps
33:16
33:16
Play later
Play later
Lists
Like
Liked
33:16Guest: Dave Hannigan, CISO at Nu Bank Topics: Tell us about the challenges you're facing as CISO at NuBank and how are they different from your past life at Spotify? You're a big cloud based operation - what are the key challenges you're tracking in your cloud environments? What lessons do you wish you knew back in your previous CISO run [at Spotif…
…
continue reading

1
EP211 Decoding the Underground: Google's Dual-Lens Threat Intelligence Magic
26:02
26:02
Play later
Play later
Lists
Like
Liked
26:02Guest: Kimberly Goody, Head of Intel Analysis and Production, Google Cloud Topics: Google's Threat Intelligence Group (GTIG) has a unique position, accessing both underground forum data and incident response information. How does this dual perspective enhance your ability to identify and attribute cybercriminal campaigns? Attributing cyberattacks w…
…
continue reading

1
EP210 Cloud Security Surprises: Real Stories, Real Lessons, Real "Oh No!" Moments
26:58
26:58
Play later
Play later
Lists
Like
Liked
26:58Guest: Or Brokman, Strategic Google Cloud Engineer, Security and Compliance, Google Cloud Topics: Can you tell us about one particular cloud consulting engagement that really sticks out in your memory? Maybe a time when you lifted the hood, so to speak, and were absolutely floored by what you found – good or bad! In your experience, what's that one…
…
continue reading
Join Stephen Rice and Arvind Mishra as they discuss the ins and outs of OneDrive Sync with legendary Sync expert, Gaia Carini. They cover everything from the basics of OneDrive Sync to more advanced features like Files on Demand and Known Folder Move (KFM). Gaia also shares best practices for deploying OneDrive Sync in organizations and highlights …
…
continue reading

1
EP209 vCISO in the Cloud: Navigating the New Security Landscape (and Don’t Forget Resilience!)
29:06
29:06
Play later
Play later
Lists
Like
Liked
29:06Guests: Beth Cartier, former CISO, vCISO, founder of Initiative Security Guest host of the CISO mini-series: Marina Kaganovich, Executive Trust Lead, Office of the CISO @ Google Cloud Topics: How is that vCISO’ing going? What is special about vCISO and cloud? Is it easier or harder? AI, cyber, resilience - all are hot topics these days. In the cont…
…
continue reading

1
EP208 The Modern CISO: Balancing Risk, Innovation, and Business Strategy (And Where is Cloud?)
31:19
31:19
Play later
Play later
Lists
Like
Liked
31:19Guest host: Marina Kaganovich, Executive Trust Lead, Office of the CISO @ Google Cloud Guest: John Rogers, CISO @ MSCI Topics: Can you briefly walk us through your CISO career path? What are some of the key (cloud or otherwise) trends that CISOs should be keeping an eye on? What is the time frame for them? What are the biggest cloud security challe…
…
continue reading

1
EP207 Slaying the Ransomware Dragon: Can a Startup Succeed?
32:55
32:55
Play later
Play later
Lists
Like
Liked
32:55Guest: Bob Blakley, Co-founder and Chief Product Officer of Mimic Topics: Tell us about the ransomware problem - isn't this a bit of old news? Circa 2015, right? What makes ransomware a unique security problem? What's different about ransomware versus other kinds of malware? What do you make of the “RansomOps” take (aka “ransomware is not malware”)…
…
continue reading

1
EP206 Paying the Price: Ransomware's Rising Stakes in the Cloud
33:01
33:01
Play later
Play later
Lists
Like
Liked
33:01Guest: Allan Liska, CSIRT at Recorded Future, now part of Mastercard Topics: Ransomware has become a pervasive threat. Could you provide us with a brief overview of the current ransomware landscape? It's often said that ransomware is driven by pure profit. Can you remind us of the business model of ransomware gangs, including how they operate, thei…
…
continue reading

1
EP205 Cybersecurity Forecast 2025: Beyond the Hype and into the Reality
28:19
28:19
Play later
Play later
Lists
Like
Liked
28:19Guest: Andrew Kopcienski, Principal Intelligence Analyst, Google Threat Intelligence Group Questions: You have this new Cybersecurity Forecast 2025 report, what’s up with that? We are getting a bit annoyed about the fear-mongering on “oh, but attackers will use AI.” You are a threat analyst, realistically, how afraid are you of this? The report dis…
…
continue reading

1
EP204 Beyond PCAST: Phil Venables on the Future of Resilience and Leading Indicators
30:32
30:32
Play later
Play later
Lists
Like
Liked
30:32Guest: Phil Venables, Vice President, Chief Information Security Officer (CISO) @ Google Cloud Topics Why is our industry suddenly obsessed with resilience? Is this ransomware’s doing? How did the PCAST report come to be? Can you share the backstory and how it was created? The PCAST report emphasizes the importance of leading indicators for securit…
…
continue reading

1
EP203 Cloud Shared Responsibility: Beyond the Blame Game with Rich Mogull
37:13
37:13
Play later
Play later
Lists
Like
Liked
37:13Guest: Rich Mogull, SVP of Cloud Security at Firemon and CEO at Securosis Topics: Let’s talk about cloud security shared responsibility. How to separate the blame? Is there a good framework for apportioning blame? You've introduced the Cloud Shared Irresponsibilities Model, stating cloud providers will be considered partially responsible for breach…
…
continue reading

1
OneDrive's Year in Review & Unlicensed User Changes
34:04
34:04
Play later
Play later
Lists
Like
Liked
34:04With 2024 coming to a close, the Sync Up crew is reflecting on our favorite OneDrive features of the year, and looking forward to the Unlicensed User changes coming in 2025! Stephen Rice and Arvind Mishra are joined by keeper of the OneDrive roadmap, Irfan Shahdad, and Archive and unlicensed user expert Trent Green! Irfan will take you through the …
…
continue reading

1
EP202 Beyond Tiered SOCs: Detection as Code and the Rise of Response Engineering
37:09
37:09
Play later
Play later
Lists
Like
Liked
37:09Guest: Amine Besson, Tech Lead on Detection Engineering, Behemoth Cyberdefence Topics: What is your best advice on detection engineering to organizations who don’t want to engineer anything in security? What is the state of art when it comes to SOC ? Who is doing well? What on Earth is a fusion center? Why classic “tiered SOCs” fall flat when deali…
…
continue reading

1
EP201 Every CTO Should Be a CSTO (Or Else!) - Transformation Lessons from The Hoff
36:57
36:57
Play later
Play later
Lists
Like
Liked
36:57Guest: Chris Hoff, Chief Secure Technology Officer at Last Pass Topics: I learned that you have a really cool title that feels very “now” - Chief Secure Technology Officer? What’s the story here? Weirdly, I now feel that every CTO better be a CSTO or quit their job :-) After, ahem, not-so-recent events you had a chance to rebuild a lot of your stac…
…
continue reading

1
EP200 Zero Touch Prod, Security Rings, and Foundational Services: How Google Does Workload Security
27:38
27:38
Play later
Play later
Lists
Like
Liked
27:38Guest: Michael Czapinski, Security & Reliability Enthusiast, Google Topics: “How Google protects its production services” paper covers how Google's infrastructure balances several crucial aspects, including security, reliability, development speed, and maintainability. How do you prioritize these competing demands in a real-world setting? What atta…
…
continue reading

1
EP199 Your Cloud IAM Top Pet Peeves (and How to Fix Them)
29:26
29:26
Play later
Play later
Lists
Like
Liked
29:26Guests: Michele Chubirka, Staff Cloud Security Advocate, Google Cloud Sita Lakshmi Sangameswaran, Senior Developer Relations Engineer, Google Cloud Topics: What is your reaction to “in the cloud you are one IAM mistake away from a breach”? Do you like it or do you hate it? Or do you "it depends" it? :-) Everyone's talking about how "identity is the…
…
continue reading

1
EP198 GenAI Security: Unseen Attack Surfaces & AI Pentesting Lessons
27:22
27:22
Play later
Play later
Lists
Like
Liked
27:22Guests: Ante Gojsalic, Co-Founder & CTO at SplxAI Topics: What are some of the unique challenges in securing GenAI applications compared to traditional apps? What current attack surfaces are most concerning for GenAI apps, and how do you see these evolving in the future? Do you have your very own list of top 5 GenAI threats? Everybody seem to! What…
…
continue reading

1
EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective
29:34
29:34
Play later
Play later
Lists
Like
Liked
29:34Guest: Travis Lanham, Uber Tech Lead (UTL) for Security Operations Engineering, Google Cloud Topics: There’s been a ton of discussion in the wake of the three SIEM week about the future of SIEM-like products. We saw a lot of takes on how this augurs the future of disassembled or decoupled SIEMs. Can you explain what these disassembled SIEMs are all…
…
continue reading

1
EP196 AI+TI: What Happens When Two Intelligences Meet?
28:08
28:08
Play later
Play later
Lists
Like
Liked
28:08Guest: Vijay Ganti, Director of Product Management, Google Cloud Security Topics: What have been the biggest pain points for organizations trying to use threat intelligence (TI)? Why has it been so difficult to convert threat knowledge into effective security measures in the past? In the realm of AI, there's often hype (and people who assume “it’s …
…
continue reading

1
EP195 Containers vs. VMs: The Security Showdown!
41:16
41:16
Play later
Play later
Lists
Like
Liked
41:16Cross-over hosts: Kaslin Fields, co-host at Kubernetes Podcast Abdel Sghiouar, co-host at Kubernetes Podcast Guest: Michele Chubirka, Cloud Security Advocate, Google Cloud Topics: How would you approach answering the question ”what is more secure, container or a virtual machine (VM)?” Could you elaborate on the real-world implications of this for s…
…
continue reading

1
The role of data normalization in cloud security - Kabir Mathur, CEO at Leen
36:02
36:02
Play later
Play later
Lists
Like
Liked
36:02Lars and Kabir Mathur, CEO of Leen, discuss the concept of unified APIs for security data, emphasizing the need for normalization and integration of various security tools. Kabir explains how Leen differentiates itself by not only providing data connectors but also delivering data over an API, making it accessible for developers. They explore the c…
…
continue reading

1
EP194 Deep Dive into ADR - Application Detection and Response
30:55
30:55
Play later
Play later
Lists
Like
Liked
30:55Guest: Daniel Shechter, Co-Founder and CEO at Miggo Security Topics: Why do we need Application Detection and Response (ADR)? BTW, how do you define it? Isn’t ADR a subset of CDR (for cloud)? What is the key difference that sets ADR apart from traditional EDR and CDR tools? Why can’t I just send my application data - or eBPF traces - to my SIEM and…
…
continue reading
In this special episode of the Sync Up podcast, join Stephen Rice as he takes you behind the scenes of the OneDrive Fall Event "AI Innovations for Work and Home." Get exclusive insights from interviews with key speakers like Jason Moore, Arwa Tyebkhan and more as they reveal their favorite features, and share some of the exciting upcoming developme…
…
continue reading

1
EP193 Inherited a Cloud? Now What? How Do I Secure It?
30:41
30:41
Play later
Play later
Lists
Like
Liked
30:41Guests: Taylor Lehmann, Director at Office of the CISO, Google Cloud Luis Urena, Cloud Security Architect, Google Cloud Topics There is a common scenario where security teams are brought in after a cloud environment is already established. From your experience, how does this late involvement typically impact the organization's security posture and …
…
continue reading

1
EP192 Confidential + AI: Can AI Keep a Secret?
33:04
33:04
Play later
Play later
Lists
Like
Liked
33:04Guest: Nelly Porter, Director of PM, Cloud Security at Google Cloud Topics: Share your story and how you ended here doing confidential AI at Google? What problem does confidential compute + AI solve and for what clients? What are some specific real-world applications or use cases where you see the combination of AI and confidential computing making…
…
continue reading
In this episode of the Sync Up Podcast, hosts Stephen Rice and Arvind Mishra dive into the design of Copilot in OneDrive with special guest Ben Truelove, a veteran designer at Microsoft. Ben shares insights from his 27-year journey at Microsoft, including how the team designed and iterated to deliver the best Copilot experience to our customers. Tu…
…
continue reading

1
EP191 Why Aren't More Defenders Winning? Defender’s Advantage and How to Gain it!
23:36
23:36
Play later
Play later
Lists
Like
Liked
23:36Guest: Dan Nutting, Manager - Cyber Defense, Google Cloud Topics: What is the Defender’s Advantage and why did Mandiant decide to put this out there? This is the second edition. What is different about DA-II? Why do so few defenders actually realize their Defender’s Advantage? The book talks about the importance of being "intelligence-led" in cyber…
…
continue reading