Sign up to save your podcasts
Or
Share EP140 System Hardening at Google Scale: New Challenges, New Solutions
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
EP140 System Hardening at Google Scale: New Challenges, New Solutions
Guest:
-
Andrew Hoying, Senior Security Engineering Manager @ Google
Topics:
-
What is different about system hardening today vs 20 years ago?
-
Also, what is special about hardening systems at Google massive scale?
-
Can I just apply CIS templates and be done with it?
-
Part of hardening has to be following up with developers after they have un-hardened things – how do we operationalize that at scale without getting too much in the way of productivity?
-
A part of hardening has got to be responding to new regulation and compliance regimes, how do you incorporate new controls and stay responsive to the changing world around us?
-
Are there cases where we have taken lessons from hardening at scale and converted those into product improvements?
-
What metrics do you track to keep your teams moving, and what metrics do your leads look at to understand how you're doing? [Spoiler: the answer here is VERY fun!]
Resources:
-
"Why Shared Fate is a Better Way to Manage Cloud Risk" article (and this too)
-
CIS for GCP
-
GCP IAM Deny
-
CloudSecList by Marco Lancini
View all episodes
By Anton Chuvakin
4.8
3939 ratings
Guest:
-
Andrew Hoying, Senior Security Engineering Manager @ Google
Topics:
-
What is different about system hardening today vs 20 years ago?
-
Also, what is special about hardening systems at Google massive scale?
-
Can I just apply CIS templates and be done with it?
-
Part of hardening has to be following up with developers after they have un-hardened things – how do we operationalize that at scale without getting too much in the way of productivity?
-
A part of hardening has got to be responding to new regulation and compliance regimes, how do you incorporate new controls and stay responsive to the changing world around us?
-
Are there cases where we have taken lessons from hardening at scale and converted those into product improvements?
-
What metrics do you track to keep your teams moving, and what metrics do your leads look at to understand how you're doing? [Spoiler: the answer here is VERY fun!]
Resources:
-
"Why Shared Fate is a Better Way to Manage Cloud Risk" article (and this too)
-
CIS for GCP
-
GCP IAM Deny
-
CloudSecList by Marco Lancini
More shows like Cloud Security Podcast by Google
View all
WSJ Your Money Briefing
1,722 Listeners
WSJ What’s News
4,424 Listeners
Security Now (Audio)
2,010 Listeners
Risky Business
373 Listeners
CyberWire Daily
1,025 Listeners
NVIDIA AI Podcast
347 Listeners
Darknet Diaries
8,079 Listeners
Cybersecurity Today
177 Listeners
Practical AI
211 Listeners
Cloud Security Podcast
58 Listeners
Cybersecurity Headlines
140 Listeners
Huberman Lab
29,300 Listeners
The AI Daily Brief: Artificial Intelligence News and Analysis
681 Listeners
HBR On Leadership
168 Listeners
AI Security Podcast
9 Listeners