Guest:

• Alicja Cade, Director for Financial Services, Office of the CISO, Google Cloud

Topics:

• We are talking about your journey as a CISO migrating to the cloud. Could you give us the overview of …
• What triggered your organization's migration to the cloud? When did you and the security team get brought in?
• Did you take going to the cloud as an opportunity to change things beyond the tools you were using?
• As you got going into the cloud, what was the hardest part for your organization?
• If that was hardest, what was most surprising? Good surprise and bad surprise?
• How did you design security controls for the cloud?
• How do you validate and verify security controls in the cloud?
• How did you keep both security practitioners and the rest of your IT teams from lift-and-shift thinking?
• Did your data security practice change?
• Having covered all that tactical terrain, one final strategic question: is moving to the cloud a net risk reduction? Can it be?

Resources:

• "CISO Walks Into the Cloud: Frustrations, Successes, Lessons ... And Does the Risk Change?" (ep80)
• "Visualizing Google Cloud: 101 Illustrated References for Cloud Engineers and Architects" by Priyanka Vergadia
• "Cyberpolitics in International Relations" book
• CSA CCM v4
• Cyber Risk Institute
• "Modernize Data Security with Autonomic Data Security Approach" (ep79) and the paper on autonomic data security.
• "Preparing for Cloud Migrations from a CISO Perspective, Part 1" (ep5)
• "Preparing for Cloud Migrations from a CISO Perspective, Part 2" (ep11)
• "How CISOs need to adapt their mental models for cloud security" blog