Cloud Security Reinvented

Cloud Security Reinvented: Jeremy Turner
Key insights from this episode featuring Jeremy Turner, Deputy CISO at Paidy:
⚑ Security without passwords. "In a market like Japan, things are quite different. Thinking out of the box is probably the most critical skill we need. When we think about the consumer experience, they don't have to deal with [passwords], and that really does remove a lot of friction from the typical flow," Jeremy says.
⚑ There's so much potential in the cloud. "Now you can just whip out a prepaid card, get an account, and replicate a whole enterprise. Thanks to infrastructure as code, a lot of things can be consistent. So I think that is the biggest potential for growth — more people having access to the technology."
⚑ Understand your assets and data. "Sometimes, it feels like you are trying to fix a plane while it's in flight without it crashing, and it could be very delicate. It really can get complex if you don't understand your critical assets, especially data because we don't want to lose our data."

Cloud Security Reinvented: Jay Thoden van Velzen
πŸ’‘ Name: Jay Thoden van Velzen
πŸ’‘ What he does: He's the Strategic Advisor to the CSO at SAP.
πŸ’‘ Noteworthy: SAP is one of the world's leading producers of software for the management of business processes and a company on a mission to help the world run better and improve people's lives.

Cloud Security Reinvented: Jadee Hanson
πŸ’‘ Name: Jadee Hanson
πŸ’‘ What she does: She's the CIO and CISO at Code42.
Noteworthy: As CIO and CISO at Code42, Jadee Hanson leads global risk and compliance, security operations, incident response, and insider threat monitoring and investigations. She brings more than 17 years of experience in information security and a proven track record of building security programs. Before Code42, Jadee held several senior leadership roles in the security department of Target Corporation.

Key Insights

⚑ The world of security is always changing. Technology is rapidly changing and evolving. And cloud security is following along. Jadee explains what this means for the security industry. She says, "For security practitioners, we've always had to be really good at being resilient and adaptable. So, in our world, things always change. Technology is changing, the risk landscape is changing, and threat actors change. And as the cloud has become more prevalent, we had to flex our resilient and adaptable muscles and learn something new. And I would argue that the fundamental controls that we need to have in place for the cloud really haven't changed. What's changed is the 'how'; it's the 'how we meet those controls,' and that's it."
⚑ Bad actors use cloud services as much as security practitioners. Bad actors are early adopters when it comes to cloud security. Jadee talks about this significant challenge for security practitioners. She says, "One thing that has really surprised me is that when you think of the cloud movement, there are so many features and functionalities within a cloud architecture. We know this as security practitioners, but bad actors also know this, and they know this very well. So I think my biggest surprise is to see bad actors and bad APT groups use cloud services, just like we do every day."
⚑ Let your people be the heroes of the organization. When building security teams, it's essential to let them be heroes and give them exciting opportunities to grow. Jadee explains, "I think it's really all about the people. So my advice would be to find really great people who deliver quality work, continue to challenge them, and give them really interesting opportunities. It's funny. Lots of security practitioners aren't really motivated by tons of money. They're motivated by interesting opportunities. I also think it's really important that you don't make them adversaries in the organization."

Cloud Security Reinvented: Kathy Wang
πŸ’‘ Guest: Kathy Wang, Chief Security Officer at Discord
Noteworthy: Kathy is a security executive and leader with a strong background in project management, research, and business development. She has worked in government, commercial, and technology startup environments and currently advises startups that offer security services/products.

Key Insights

⚑ The importance of access control in security. Improving access control is one of the best ways to prevent potential security problems. Kathy says, "If I think about this from a security perspective, and you look at it from a public cloud SaaS environment perspective, there are so many organizations right now where there are far too many people who have more access than they need in production environments. And so we're always looking for ways to understand, audit, and reduce all of those accesses, and this is super important for improving security posture because if you can't control or understand what access people have, then you've got all sorts of problems like insider threat as well as takeover or breach type of issues."
⚑ Security is a hard sell. Even though the number of cyber threats increases every year, security is still hard to sell. Kathy explains, "GitLab was even less of a security product company. They've built security features and security capabilities, which I was super happy to help contribute to from a CSO perspective, as in, ‘Would I use this; would I buy this?’ However, it's not the same thing as talking to customers constantly about, 'Hey, we've detected this for you. What do you think?' And then getting a response, 'You know what? Yeah, it's true. You did, but I'm not sure I want to pay for that kind of detection, though.' This is exactly what makes security such a hard sell. You could be accurate. You could be technically good, but what is that other factor that will make people want to spend money on the product? That's hard."
⚑ Think outside the box when building your security teams. The key to building highly effective security teams is to differentiate yourself. Kathy says, "Building security teams is not an easy thing to do, as you know, and we're always competing for talent with a whole bunch of other companies. So what can you do to really differentiate yourself? One of the things I learned is that you can actually go looking for talent outside of the normal pools of talent that people look for. And GitLab was really great for reinforcing that."

Cloud Security Reinvented: Allison Miller
πŸ’‘ Name: Allison Miller
πŸ’‘ What she does: Allison is the VP of Trust at Reddit.
πŸ’‘ Noteworthy: Allison was in marketing before dedicating her career to cybersecurity.

Cloud Security Reinvented: Amanda Fennell
πŸ’‘ Name: Amanda Fennell
πŸ’‘ What she does: She's the CIO and CSO at Relativity.
πŸ’‘ Noteworthy: Amanda joined the Relativity team in 2018 as the CSO, and her responsibilities expanded to include the role of the CIO in 2021. She's responsible for championing and directing security strategy in risk management and compliance practices, as well as building and supporting Relativity's information technology. Amanda also hosts Relativity's Security Sandbox podcast, which explores and explains the unique links between non-security topics and the security realm.

Cloud Security Reinvented: Roland Cloutier
Episode Summary

Cybersecurity is an ever-changing field. And since the emergence of the cloud, social media networks, and machine learning algorithms, the security space has continued to evolve to respond to the market's needs.

But some things never change — the willingness to learn, adapt, and improve remains the golden standard of cybersecurity.

In this episode of the Cloud Security Reinvented podcast, our host Andy Ellis welcomes Roland Cloutier, the Global Chief Security Officer at TikTok. They talk about the most significant changes since the emergence of cloud computing, what it's like to work at TikTok, and why technologists should always keep learning.



πŸ’‘ Name: Roland Cloutier

πŸ’‘ What he does: He's the Global Chief Security Officer at TikTok.

πŸ’‘ Company: TikTok

πŸ’‘ Noteworthy: As Global Chief Security Officer of TikTok, Roland Cloutier brings an unprecedented understanding and knowledge of global protection and security leadership to one of the world's leading media, social, and technology companies. He oversees the company's information protection, risk, workforce protection, crisis management, and investigative security operations worldwide.

Cloud Security Reinvented: Andy Steingruebl

When someone says Pinterest, the first thing that comes to mind is a social platform and a place to seek inspiration. But for the people working behind the scenes, it's more than that.

In February 2021, Pinterest had 459 million active monthly users. That's a lot of data and traffic, and security measures must be put in place for an exceptional user experience. So how do they do it?

In this episode of Cloud Security Reinvented, our host Andy Ellis chats with Andy Steingruebl, the Chief Security Officer at Pinterest. The two discuss the difference between the on-premise and cloud era and what differentiates Pinterest from companies like PayPal. They also touch upon the best and worst on-premise practices and the future of technology.


πŸ’‘ Name: Andy Steingruebl

πŸ’‘ What he does: Andy is the Chief Security Officer at Pinterest.

πŸ’‘ Websites: Pinterest

πŸ’‘Noteworthy: Andy is an Information Security professional with more than 25 years of experience. He has extensive experience in most security management and architecture areas, including Policy, Compliance, Communication, Infrastructure, and Incident Response. He is an excellent communicator with the ability to communicate with all levels of the organization, customers, policymakers, and regulators. He has a track record of significantly contributing toward making the internet a safer, more secure place for users and companies.

Cloud Security Reinvented: Meg Anderson

Episode Summary

The cloud has been around for a while now. And ever since it emerged — two decades ago — it has brought in new ways to think about security, identity, and access management.

But at the end of the day, we still need to make sure that the right people have the right information at the right time.

In this episode of the Cloud Security Reinvented podcast, our host Andy Ellis welcomes Meg Anderson, the VP - CISO at Principal Financial Group. They talk about the changes in cloud security since the emergence of the cloud, some of the best and worst practices, and what the future holds for cloud security.



πŸ’‘ Name: Meg Anderson

πŸ’‘ What she does: She's the VP - CISO at Principal Financial Group.

πŸ’‘ Company: Principal Financial Group

πŸ’‘ Noteworthy: Meg participates in a number of CISO councils. She is a board member of the Financial Services Information Sharing and Analysis Center (FS-ISAC), where she chairs the Strategy Committee and is on the FinCyber Advisory Group for the Carnegie Endowment for International Peace. Before the role of VP - CISO, Meg acquired over twenty years of technical and leadership experience in application development.

Cloud Security Reinvented: Sameer Sait

Episode Summary

It's been more than a decade since the cloud emerged as a new concept. And it's safe to say that it has practically become the new normal, especially since the COVID-19 outbreak.

However, when it comes to improving cyber security and risk management in the cloud, we still have a long way to go.

In this episode of the Cloud Security Reinvented podcast, our host Andy Ellis welcomes Sameer Sait, an information security expert and the former CISO of Amazon's Whole Foods Market. They talk about the shift in security mechanisms due to the explosion of the cloud, the importance of shared responsibility, and what we can learn from highly regulated industries. Tune into this episode to hear some insightful observations about the future of cybersecurity.



πŸ’‘ Name: Sameer Sait

πŸ’‘ What he does: He's the former CISO of Amazon's Whole Foods Market.

πŸ’‘ Company: N/A

πŸ’‘ Noteworthy: He's an information security and risk executive with 16+ years of global leadership experience at Fortune 100 firms.

Cloud Security Reinvented: Justin Somaini

Security and privacy are burning topics in the cloud era. But not many companies have professionals dealing with these issues. Therefore, it's critical to make the topic of cybersecurity more accessible to business owners and board members.

In this episode of Cloud Security Reinvented, we get to hear from Justin Somaini, the Chief Security Officer of Unity Technologies. Justin and our host Andy Ellis discuss cloud security and how companies in the iGaming industry approach it.

They also discuss the past and present of cybersecurity and share predictions regarding the cloud's future. Justin also shares a valuable piece of advice anyone interested in becoming part of the security industry could benefit from.


πŸ’‘ Name: Justin Somaini

πŸ’‘ What he does: Justin is the Chief Security Officer of Unity Technologies.

πŸ’‘ Website: Unity Technologies

πŸ’‘ Noteworthy: Before joining Unity Technologies, Justin worked at PricewaterhouseCoopers and Charles Schwab.

Cloud Security Reinvented: Nick Vigier

Episode Summary

Cloud security looks a lot different to an outside observer than to an insider. And everyone thinks that some companies are further along in their cloud maturity journey than they really are.

But there's still a lot of work to be done regarding cybersecurity, so organizations should focus more on becoming cloud-native rather than going for the less-demanding "lift-and-shift" migration method.

In this episode of the Cloud Security Reinvented podcast, our host Andy Ellis welcomes Nick Vigier, a CISO and the owner of Rising Tide Security, LLC. They discuss the downsides of using the forklift migration method, the importance of shifting perspective, and why there is no security career ladder.



πŸ’‘ Name: Nick Vigier

πŸ’‘ What he does: He's the Former CISO at & DigitalOcean.

πŸ’‘ Company: Rising Tide Security

πŸ’‘ Noteworthy: Nick was a founding member of the "FDSecE" role at Palantir. The FDSecE team was part of the Business Development team. It consisted of information security experts responsible for acting as thought leaders with clients in topics ranging from security strategy to forensics.

Cloud Security Reinvented: Nick Selby

Episode Summary

There's no universal rule for breaking into a new industry. And the same goes for starting a career in the information security field.

But one thing's for sure — if you let your passion guide you and you're willing to work hard, there's no limit to what you can accomplish.

In this episode of the Cloud Security Reinvented podcast, our host Andy Ellis welcomes Nick Selby, the Director, Software Assurance Practice at Trail of Bits. They talk about what it's like working in cloud security, why attention to detail is crucial, and how cloud technology is democratizing innovation.



πŸ’‘ Name: Nick Selby

πŸ’‘ What he does: He's the Director, Software Assurance Practice at Trail of Bits.

πŸ’‘ Company: Trail of Bits

πŸ’‘ Noteworthy: He is the author and co-author of several books, including "Cyber Crime: A Basic Primer" and "Cyber Survival Manual: From Identity Theft to The Digital Apocalypse and Everything in Between."

Cloud Security Reinvented: Renee Guttman

Episode Summary

Over a long security career, not only do professionals grow and change, but the world they're operating within also changes. And talking about security, we are witnesses to the transition from local software to cloud security.

The cloud brought new trends in solving security problems. But certain practices from the pre-cloud era still resonate and are in use. At the same time, we still do some things that we should stop.

In this episode of Cloud Security Reinvented, Andy Ellis welcomes Renee Guttmann, a transformational leader in cybersecurity. Andy and Renee get into how building an on-premise model is blended with how the cloud could be leveraged, how security protocols have been modified for the cloud, and how the cloud has changed the approach to cybersecurity.



πŸ’‘ Name: Renee Guttmann

πŸ’‘ What she does: Chief Information Security/IT Executive.

πŸ’‘ Company: Cydome Security

πŸ’‘ Noteworthy: Renee has delivered world-class global information security programs for Coca-Cola, Time Warner, Royal Caribbean, Campbell, and Capital One, and helped establish the office of the CISO at Optiv. She advises startups on defining their products, services, and go-to-market strategies. On the community front, she partners with other CISOs on cybersecurity training and mentorship. She has been active as a Board Member and Advisor at a large children's mental health facility for almost a decade.

Cloud Security Reinvented: Brian Haugli

Episode Summary

Implementing an effective security program has become a necessity over the past decade. And without a doubt, all businesses need to level up their security game to mitigate risks and protect their information.

But small- and mid-market companies are somehow left behind when it comes to security guidance and realistic capabilities.

In this episode of the Cloud Security Reinvented podcast, our host Andy Ellis introduces Brian Haugli, the Managing Partner at SideChannel. They talk about the increasing demand for cybersecurity for all organizations, why the black-and-white view won't get us far in security, and the future of technology.



πŸ’‘ Name: Brian Haugli

πŸ’‘ What he does: He's the Managing Partner at SideChannel.

πŸ’‘ Company: SideChannel

πŸ’‘ Noteworthy: Brain is the co-author of "Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework."

πŸ’‘ Where to find Brian: LinkedIn


Cloud Security Reinvented: Morey Haber

The cloud is the future for a reason. Besides its massive impact on security and more convenient file storage options, the cloud has fostered the creation of an environment where you can have all the information in the palm of your hand. And speaking of the cloud and technology, the best is yet to come.

However, its ability to deliver tons of information to users worldwide is a double-edged sword. The cloud has a blend of both true and false information, which makes you doubt the credibility of any source you read, whether it's Wikipedia or a random webpage.

In the new episode of Cloud Security Reinvented, Andy Ellis chats with Morey Haber, the Chief Security Officer at BeyondTrust. They get into the significance of the cloud compared to on-premise solutions, the most significant tech opportunities in the future, and the security loopholes that should have been eliminated a long time ago.



πŸ’‘ Name: Morey Haber

πŸ’‘ What he does: Morey is the Chief Security Officer at BeyondTrust.

πŸ’‘ Company: BeyondTrust

πŸ’‘ Noteworthy: Besides his role as a CSO, Morey is also a prolific writer. So far, he's published three books — Identity Attack Vectors, Privileged Attack Vectors, and Asset Attack Vectors.

πŸ’‘ Where to find Morey: LinkedIn

Cloud Security Reinvented: Ryan Gurney

Cloud-based solutions are the future of technological advancement. The cloud has gone through various phases, and these changes have made it one of the most potent inventions of today.

Thanks to a broad range of cloud-based tools, even founders without a development background can start a company and release a product. But that's not the only advantage of the cloud. Technological development, alongside the cloud, could significantly reduce one of the most critical issues faced by the world — poverty.

In this episode of Cloud Security Reinvented, Andy Ellis welcomes Ryan Gurney, the CISO-in-Residence at YL Ventures. They have an interesting chat about the cloud, its benefits, the exhausting role of the CISOs, and the tech practices that no longer work.
Read More…

Could Security Reinvented: Dan Walsh

Cloud Security Reinvented: Chris Foulon

Cloud Security Reinvented: Jonathan Jaffe

Cloud Security Reinvented: Drew Daniels

Cloud Security Reinvented: Deneen DeFiore

Cloud Security Reinvented: Ben Waugh

Cloud Security Reinvented: Ty Sbano