Sign up to save your podcasts
Or
Share How Common Identity Misconfigurations Can Undermine Cloud Security
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
How Common Identity Misconfigurations Can Undermine Cloud Security
Send us a text
Welcome to a brand new cloud security podcast, Cloud Security Today. Instead of focusing on the latest news, we’re exploring a different take on cloud security where we dig deeper into its eclectic “how-to” side. On Cloud Security Today, we are going to talk with experts from all over the community so you can do cloud security better. Today’s experts are Nathaniel Quist (Q) and Jay Chen, and they will be talking about Unit 42’s latest cloud threat research. First up Q and J, as we call them, introduce listeners to their professional histories before telling us how they choose their research projects. We then talk to Q and Jay about findings from their latest report on identity and access management. Together, they explain some of the common vulnerabilities that come with identity and access management, like misconfigured roles. Toward the end of the episode, we talk to Q about cryptojacking, as he explains the nuances to mining coins maliciously, the various teams behind the act, and how they use code against each other.
Key Points From This Episode:
● How to become a threat researcher. Q and Jay share a little bit about their background.
● Watch your roles and look out for wildcards in configurations!
● APIs don’t always behave as expected – test them!
Tweetables:
“My biggest surprise is that even in a multi-million-dollar enterprise environment with thousands of workloads, thousands of EC2 instances and databases, they still make very fundamental mistakes.” — Jay Chen [0:09:55]
“The cloud has the potential to be so much more granularly controlled than just a normal on-prem environment. From the outside looking in, it's very complex. Complexity can bring some obscurity within the cloud environment.” — Nathaniel Quist [0:17:00]
Links Mentioned in Today’s Episode:
Matt Chiodi on LinkedIn
Matt Chiodi on Twitter
Unit 42 Cloud Threat Report
Nathaniel Quist on LinkedIn
Jay Chen on LinkedIn
IAMFinder tool on GitHub
The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
View all episodes
By Matthew Chiodi
4.9
1414 ratings
Send us a text
Welcome to a brand new cloud security podcast, Cloud Security Today. Instead of focusing on the latest news, we’re exploring a different take on cloud security where we dig deeper into its eclectic “how-to” side. On Cloud Security Today, we are going to talk with experts from all over the community so you can do cloud security better. Today’s experts are Nathaniel Quist (Q) and Jay Chen, and they will be talking about Unit 42’s latest cloud threat research. First up Q and J, as we call them, introduce listeners to their professional histories before telling us how they choose their research projects. We then talk to Q and Jay about findings from their latest report on identity and access management. Together, they explain some of the common vulnerabilities that come with identity and access management, like misconfigured roles. Toward the end of the episode, we talk to Q about cryptojacking, as he explains the nuances to mining coins maliciously, the various teams behind the act, and how they use code against each other.
Key Points From This Episode:
● How to become a threat researcher. Q and Jay share a little bit about their background.
● Watch your roles and look out for wildcards in configurations!
● APIs don’t always behave as expected – test them!
Tweetables:
“My biggest surprise is that even in a multi-million-dollar enterprise environment with thousands of workloads, thousands of EC2 instances and databases, they still make very fundamental mistakes.” — Jay Chen [0:09:55]
“The cloud has the potential to be so much more granularly controlled than just a normal on-prem environment. From the outside looking in, it's very complex. Complexity can bring some obscurity within the cloud environment.” — Nathaniel Quist [0:17:00]
Links Mentioned in Today’s Episode:
Matt Chiodi on LinkedIn
Matt Chiodi on Twitter
Unit 42 Cloud Threat Report
Nathaniel Quist on LinkedIn
Jay Chen on LinkedIn
IAMFinder tool on GitHub
The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
More shows like Cloud Security Today
View all
Risky Business
360 Listeners
Hidden Brain
43,471 Listeners
Pivot
8,916 Listeners
AWS Podcast
201 Listeners
Darknet Diaries
7,862 Listeners
Cybersecurity Today
167 Listeners
Defense in Depth
77 Listeners
Cloud Security Podcast
57 Listeners
Think Fast Talk Smart: Communication Techniques
777 Listeners
Cyber Security Headlines
117 Listeners
Coaching Real Leaders
641 Listeners
Cloud Security Podcast by Google
40 Listeners