Sign up to save your podcasts
Or
Share EP140 System Hardening at Google Scale: New Challenges, New Solutions
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
EP140 System Hardening at Google Scale: New Challenges, New Solutions
Guest:
-
Andrew Hoying, Senior Security Engineering Manager @ Google
Topics:
-
What is different about system hardening today vs 20 years ago?
-
Also, what is special about hardening systems at Google massive scale?
-
Can I just apply CIS templates and be done with it?
-
Part of hardening has to be following up with developers after they have un-hardened things – how do we operationalize that at scale without getting too much in the way of productivity?
-
A part of hardening has got to be responding to new regulation and compliance regimes, how do you incorporate new controls and stay responsive to the changing world around us?
-
Are there cases where we have taken lessons from hardening at scale and converted those into product improvements?
-
What metrics do you track to keep your teams moving, and what metrics do your leads look at to understand how you’re doing? [Spoiler: the answer here is VERY fun!]
Resources:
-
“Why Shared Fate is a Better Way to Manage Cloud Risk” article (and this too)
-
CIS for GCP
-
GCP IAM Deny
-
CloudSecList by Marco Lancini
View all episodes
By Anton Chuvakin
4.8
3838 ratings
Guest:
-
Andrew Hoying, Senior Security Engineering Manager @ Google
Topics:
-
What is different about system hardening today vs 20 years ago?
-
Also, what is special about hardening systems at Google massive scale?
-
Can I just apply CIS templates and be done with it?
-
Part of hardening has to be following up with developers after they have un-hardened things – how do we operationalize that at scale without getting too much in the way of productivity?
-
A part of hardening has got to be responding to new regulation and compliance regimes, how do you incorporate new controls and stay responsive to the changing world around us?
-
Are there cases where we have taken lessons from hardening at scale and converted those into product improvements?
-
What metrics do you track to keep your teams moving, and what metrics do your leads look at to understand how you’re doing? [Spoiler: the answer here is VERY fun!]
Resources:
-
“Why Shared Fate is a Better Way to Manage Cloud Risk” article (and this too)
-
CIS for GCP
-
GCP IAM Deny
-
CloudSecList by Marco Lancini
More shows like Cloud Security Podcast by Google
View all
Risky Business
363 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
633 Listeners
The Cloudcast
154 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
372 Listeners
CyberWire Daily
1,008 Listeners
AWS Podcast
199 Listeners
Smashing Security
313 Listeners
Click Here
387 Listeners
Cybersecurity Today
141 Listeners
Kubernetes Podcast from Google
182 Listeners
CISO Series Podcast
187 Listeners
Hacking Humans
308 Listeners
Defense in Depth
72 Listeners
Cyber Security Headlines
120 Listeners
Risky Bulletin
33 Listeners