Sign up to save your podcasts
Or
Share How Common Identity Misconfigurations Can Undermine Cloud Security
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
How Common Identity Misconfigurations Can Undermine Cloud Security
Send us a text
Welcome to a brand new cloud security podcast, Cloud Security Today. Instead of focusing on the latest news, we’re exploring a different take on cloud security where we dig deeper into its eclectic “how-to” side. On Cloud Security Today, we are going to talk with experts from all over the community so you can do cloud security better. Today’s experts are Nathaniel Quist (Q) and Jay Chen, and they will be talking about Unit 42’s latest cloud threat research. First up Q and J, as we call them, introduce listeners to their professional histories before telling us how they choose their research projects. We then talk to Q and Jay about findings from their latest report on identity and access management. Together, they explain some of the common vulnerabilities that come with identity and access management, like misconfigured roles. Toward the end of the episode, we talk to Q about cryptojacking, as he explains the nuances to mining coins maliciously, the various teams behind the act, and how they use code against each other.
Key Points From This Episode:
● How to become a threat researcher. Q and Jay share a little bit about their background.
● Watch your roles and look out for wildcards in configurations!
● APIs don’t always behave as expected – test them!
Tweetables:
“My biggest surprise is that even in a multi-million-dollar enterprise environment with thousands of workloads, thousands of EC2 instances and databases, they still make very fundamental mistakes.” — Jay Chen [0:09:55]
“The cloud has the potential to be so much more granularly controlled than just a normal on-prem environment. From the outside looking in, it's very complex. Complexity can bring some obscurity within the cloud environment.” — Nathaniel Quist [0:17:00]
Links Mentioned in Today’s Episode:
Matt Chiodi on LinkedIn
Matt Chiodi on Twitter
Unit 42 Cloud Threat Report
Nathaniel Quist on LinkedIn
Jay Chen on LinkedIn
IAMFinder tool on GitHub
The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
View all episodes
By Matthew Chiodi
4.9
1515 ratings
Send us a text
Welcome to a brand new cloud security podcast, Cloud Security Today. Instead of focusing on the latest news, we’re exploring a different take on cloud security where we dig deeper into its eclectic “how-to” side. On Cloud Security Today, we are going to talk with experts from all over the community so you can do cloud security better. Today’s experts are Nathaniel Quist (Q) and Jay Chen, and they will be talking about Unit 42’s latest cloud threat research. First up Q and J, as we call them, introduce listeners to their professional histories before telling us how they choose their research projects. We then talk to Q and Jay about findings from their latest report on identity and access management. Together, they explain some of the common vulnerabilities that come with identity and access management, like misconfigured roles. Toward the end of the episode, we talk to Q about cryptojacking, as he explains the nuances to mining coins maliciously, the various teams behind the act, and how they use code against each other.
Key Points From This Episode:
● How to become a threat researcher. Q and Jay share a little bit about their background.
● Watch your roles and look out for wildcards in configurations!
● APIs don’t always behave as expected – test them!
Tweetables:
“My biggest surprise is that even in a multi-million-dollar enterprise environment with thousands of workloads, thousands of EC2 instances and databases, they still make very fundamental mistakes.” — Jay Chen [0:09:55]
“The cloud has the potential to be so much more granularly controlled than just a normal on-prem environment. From the outside looking in, it's very complex. Complexity can bring some obscurity within the cloud environment.” — Nathaniel Quist [0:17:00]
Links Mentioned in Today’s Episode:
Matt Chiodi on LinkedIn
Matt Chiodi on Twitter
Unit 42 Cloud Threat Report
Nathaniel Quist on LinkedIn
Jay Chen on LinkedIn
IAMFinder tool on GitHub
The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
More shows like Cloud Security Today
View all
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
637 Listeners
CyberWire Daily
1,016 Listeners
Cybersecurity Today
175 Listeners
CISO Series Podcast
188 Listeners
Cloud Security Podcast
57 Listeners
Cyber Security Headlines
134 Listeners
Cloud Security Podcast by Google
40 Listeners