This episode is a masterclass in modern cloud architecture and the fast-evolving world of AI security. In episode 103, we sat down with a Senior Security Engineer (CISSP) to break down the architectural nuances of AWS vs. GCP IAM and how security roles are evolving in 2026. From mastering cross-account access to defining data perimeters for AI training models, this episode is a deep dive into the technical and strategic layers of cloud-native security.

YouTube: https://youtu.be/Y_OCpI8LJb4

Transcript: https://www.scaletozero.com/episodes/aws-vs-gcp-iam-architecture-the-future-of-security-in-2026-with-sneha-malshetti-cissp/

Sneha Malshetti: https://www.linkedin.com/in/sneha-malshetti/

Fearless Organization: https://www.amazon.in/Fearless-Organization-Psychological-Workplace-Innovation/dp/1119477247TLS

Handshake Deep Dive and decryption with Wireshark: https://www.youtube.com/watch?v=25_ftpJ-2ME

Cloudanix: https://cloudanix.com/

00:00 Introduction

04:30 Architectural differences between AWS and GCP IAM

08:40 Best practices to approach IAM in AWS and GCP

11:00 Achieving centralized identity federation for a consistent user experience

13:45 Manage cross-account access securely in AWS vs GCP

14:40 Balancing RBAC for large organizations

18:00 Automation and Auditing recommendations for IAM

21:42 Managing access for large organizations

23:55 Monitoring Privileged Access

27:20 Balancing Security and Speed

30:19 Data Perimeter boundaries and their importance

34:20 How have security functions transformed in the AI world?

36:55 Will AI replace Humans?

38:15 Managing sensitive data used to train AI models

42:42 Security Trends in 2026

45:48 Summary

46:48 Learning Recommendation

What are the security weaknesses that everyone overlooks, and how is the rise of AI changing the risk calculus? We sat down with a Senior Director of Security and Compliance to discuss strategic defense, from securing human capital to implementing Zero Trust for AI systems.This episode is essential for CISOs, security leaders, and compliance officers navigating the volatile landscape of modern risk.

How does AI work: https://blog.hubspot.com/marketing/how-does-ai-work

YouTube: https://youtu.be/feudnGhDZ78

Transcript:https://www.scaletozero.com/episodes/zero-trust-ai-human-risk-a-guide-to-future-proofing-security-with-james-cash/

00:00 Introduction

05:08 Significant security weaknesses often overlooked

10:25 AI SBOMs and Security

14:10 Biggest risks in security from AI systems

16:31 Ensuring AI systems are secure and responsible

20:55 Zero Trust AI Systems for Internal and Third-Party Teams

24:20 Evolution of Risks with Rise in AI

27:15 Evaluating between Traditional vs. AI SaaS provider

33:50 Keeping Stakeholders' interests in Security

39:21 Responding to Insider Threats

45:45 KPIs for Human Risk Management

49:41 Summary

50:51 Learning recommendations

In modern, fast-moving organizations, security is a shared responsibility, not a silo. We sat down with a Staff Security Engineer who operates at the intersection of development speed and security integrity to explore what truly defines a strong security program.This episode offers essential advice for leadership, engineers, and recruiters, covering everything from core culture to the risks of new AI models.

Also available on YouTube: https://youtu.be/2ut2GQPWA4I00:00 Introduction05:41 CyberArk Acquisition07:40 Top 3 Elements of Building a Strong Security Culture10:50 Good Engineering is Security Engineering13:20 Why do organizations face challenges in achieving a security culture?16:54 Moving Fast - Startups vs. Large Enterprises19:08 Addressing challenges - Startups vs. Large Scale Companies23:00 KPIs to Show Security Progress26:16 Security Teams as Enablers32:57 Right Mindset for Security Engineering36:36 Hiring the Right Security Talent38:31 Addressing Non-Deterministic Nature of LLMs43:13 Trade-Offs of Implementing Bias in Alert Triaging Systems46:11 Training an Agent for Catching Malicious Attacks48:35 Summary49:35 Learning Recommendations

The shift from static data centers to dynamic Kubernetes workloads changes everything about security. In this essential episode, we sit down with an industry leader—an ex-vCISO, OWASP contributor, and founder of a new firm—to break down the new rules of cloud-native defense.

If you are dealing with short workload lifecycles, balancing security with velocity, or figuring out the true impact of AI on your role, this is a must-watch.

YouTube: https://youtu.be/J0asVeOCAggDinis Cruz: https://www.linkedin.com/in/diniscruz/

Host: https://www.linkedin.com/in/mpurusottamc/

Cloudanix: https://www.cloudanix.com/

00:00 Introduction and Teaser03:00 Minset Shift - From Static Servers to Kubernetes Workloads06:05 Challenges of Shifting From Traditional Data Centers to Serverless08:35 Balancing Security and Other Business Priorities14:20 Varying Cloud Costs and Managing Security Compliance19:19 Logging and Monitoring - How to prioritize effectively?23:34 Identity and Access Management for Short Workload Lifecycles28:49 Leveraging Generative AI for better Security Engineering38:12 Anticipating Attacker Mindset and Defending Your Cloud Environments45:36 How will AI evolve security roles in general?52:17 Summary53:03 Learning Recommendations from the guest

Have you ever wondered what it takes to drive successful partnerships in the AWS ecosystem? In this episode, we sit down with Lalit Khatter, a Senior AWS Partner Solution Architect, who gives us a deep dive into his dynamic role and the strategies that help AWS Partners thrive.

Lalit shares his journey from Software Engineer to PSA and reveals the essential traits of a successful AWS Partner.

Whether you're an aspiring PSA, a business leader at an AWS Partner, or simply curious about the engine that drives cloud adoption, this podcast offers unparalleled insights!

00:00 Teaser and Introduction

03:57 Role of a Partner Solution Architect and their day-to-day

08:15 Why Partner Solution Architect as a job role?

19:52 Transition from software engineer to AWS PSA

23:22 How would a SI company work with Lalit for partnering with AWS?

31:04 Trait of a successful partner

38:40 AWS programs that help partners get visibility to prospective customers

41:58 Aha moment after getting started with the AWS partner environment

48:08 Scaling with AWS Marketplace

01:03:05 Amazon Pace and Ambassador Program: Hand-in-Hand

01:06:23 AWS Ambassador Program and how to invest in it

01:10:20 Business Outcome Accelerator (AWS BOX)

01:22:53 Weekends of Lalit Khatter

01:28:40 Next 5 years of AWS Partner programs

01:33:01 Stuff about Lalit

How do you keep pace with AI adoption without compromising your security standards? We sat down with a Security and Privacy Engineering Manager to tackle the toughest challenges facing modern DevSecOps teams and C-Suite leaders today.This episode is packed with practical strategies on integrating security early and effectively. We dive deep into:00:00 Teaser and Introduction05:35 The real Challenges of Integrating Security into SDLC08:35 Embedding Security Into Developer Workflows12:09 Balancing Security & Velocity: Advice for the C-Suite16:11 Aligned Autonomy: How Enterprises Balance Security & Freedom20:46 AI Adoption is Fast- Security is Playing Catch-Up24:46 The Biggest Misconception About AI Security27:26 Defense-in-Depth for Securing AI Workloads31:27 Evolving Defenses Against Sophisticated AI-Driven Attacks35:04 AI-Driven Transformation in Security Operations and Testing38:15 Human-in-the-Loop: Why SOC Analysts Remain Essential in the AI Era41:25 Summary42:20 Learning RecommendationImportant LinksAshish Bhadouria: https://www.linkedin.com/in/ashishbhadouria/ScaleToZero: https://scaletozero.com/Cloudanix: https://scaletozero.com/Purusottam: https://www.linkedin.com/in/mpurusottamc/Art of War: https://www.amazon.in/Art-War-Sun-Tzu/dp/8184950888TLDR Sec: https://tldrsec.com/Pragmatic Engineer Blog: https://blog.pragmaticengineer.com/

What does it really take to build a security program that stands up to modern threats? In this episode, we sit down with Ashish Garg, Founder of RIGA Cyber, to move beyond the frameworks and discuss what matters most: people.

You can also watch on YouTube: https://youtu.be/99AzjI-RKTYWe cover the essential strategies for any security leader looking to build a resilient, proactive security culture. We dive into:00:00 Teaser and Introduction06:12 Making Security Everyone's Responsibility11:23 Tailoring the Story: Communicating Security Across Audiences15:38 Building a Proactive Security Program: Beyond Frameworks19:38 Overcoming Stakeholder Hurdles: Building Trust Through Alignment23:26 Bridging the Gap Between Security and Engineering28:06 Measuring Trust and Providing Security Value37:34 From Engineering to Security Leadership: The Power of Mentorship & Alignment42:03 Avoiding Burnout as a Security Leader: Prioritize & delegate44:45 AI in Security: Hype, Risk & Real Use Cases51:25 Summary52:10 Learning Recommendation#Cybersecurity #SecurityLeadership #ProactiveSecurity #InfoSec #CybersecurityPodcast #SecurityCulture #AIinSecurity #CISO #SecurityEngineering #CorporateSecurity

Ever wonder about the security risks lurking behind your favorite AI tools? In this episode, we sit down with Shweta Thapa, Security Specialist Solutions Architect from AWS, to demystify the complex world of GenAI and traditional application security.

Transcript: https://www.scaletozero.com/episodes/designing-security-for-genai-with-security-specialist-solutions-architect-shweta-thapa/

Guest: https://www.linkedin.com/in/shwetast/

Host: https://www.linkedin.com/in/mpurusottamc/

Cloudanix: https://cloudanix.com/

We'll cover 9 critical topics that every tech professional, business leader, and security enthusiast needs to know. Get ready to learn about:

00:00 Teaser and Introduction

05:01 Fundamentals of Designing Security for GenAI and Traditional Applications

09:00 Control of Shared Responsibility Model: LLM Provider vs. Consumer

12:25 Top Five Security Checks for GenAI System

17:39 Securing GenAI Outputs: Trustworthy vs. Toxic Content

22:03 Synthetic Data: Helpful or Harmful

24:16 Validating AI Output: Monitoring, Context & Human Judgment

28:07 Strategic Advisory Questions to Ask Stakeholders When Investing in GenAI Application

31:22 Misconceptions of Security Leaders about GenAI Security

35:56 Getting Started with GenAI: Startups vs. Enterprises

43:50 Summary

45:00 Learning Recommendation

What does it truly take to lead security and GRC in today's complex, high-stakes environments? It's about much more than just technology—it's about building trust, creating champions, and acting as an enabler, not a blocker.In this powerful episode, we sit down with [Guest Name], a seasoned Fractional CISO and Cybersecurity Advisor. With their extensive experience, we'll dive into the real-world lessons learned from bridging the gap between security teams and the rest of the business, and how to turn GRC from a requirement into a strategic advantage.00:00 Teaser and Introduction07:24 Security and Compliance Debate09:55 How are Security and Compliance not different from each other?11:17 Security challenges evolved over the years - from data centers to AI14:10 Challenges of aligning security strategies within enterprises16:53 Tips to build trust and create security champions21:00 How do you support and educate others around you?23:05 How have security engineering and leadership roles helped you evolve?25:35 Security teams working closely with other business teams28:45 Security leaders being open to security teams31:40 GRC maturity levels in organizations today34:50 Implementing GRCs more efficiently38:32 Reducing friction between security and other business teams42:48 Security teams as enablers and not blockers47:49 Scenario where your leadership was tested53:23 Summary54:16 Learning recommendations

The role of a CISO is evolving at an unprecedented pace. It's no longer just about technical defenses; it's about leading multidisciplinary teams, understanding business strategy, and navigating the profound impacts of emerging technologies like AI and Quantum Computing.

In this episode, we sit down with Patricia Titus, a seasoned Field CISO, to break down what it takes for today’s security leaders to become the multidisciplinary strategists of tomorrow. We explore how to move beyond traditional security models and embrace a future where security is a core business enabler.

Watch the episode on YouTube: https://youtu.be/s6475pSgSxc

00:00 Introduction04:45 From Learning AI to Secure Deployment08:25 Cross-Disciplinary Teams & the CISO's Co-Leadership Role10:05 Will AI impact only GRC or a broader area?13:29 Governance frameworks for CISOs before deploying workloads17:35 Establishing & Measuring AI Governance Frameworks20:50 Behavioral AI: Cultural shifts required to build a security mindset25:20 Measuring the effectiveness of Behavioral AI30:57 How security leaders can stay ahead in the AI native security world?33:27 Non-technical Skills for Future CISOs in the AI world35:52 Areas of expertise today's CISOs must actively cultivate39:48 Explaining the importance of AI and Quantum to stakeholders44:57 Summary45:45 Learning recommendations from Patricia