Join us for a deep dive into the world of Cybersecurity Risk Management with seasoned expert Joseph Haske. Risk Manager, who brings a fresh perspective to navigating complex cyber challenges. In this episode, we unpack crucial topics that every security professional, leader, and stakeholder needs to understand.

Transcript:

Cloudanix: https://www.cloudanix.com/

00:00 Teaser and Introduction03:54 Does non-tech experience help you in the field of security?07:39 Different perspective on the field of risk management with vast experience09:36 Qualitative vs. Quantitative Risk Management, who outgrows whom, and how12:29 Strengths and Weaknesses of the Qualitative and Quantitative Risk Framework14:00 Educating your teams to follow the right risk framework15:36 Fundamental differences between underlying philosophies and the FAIR framework18:00 Selecting the right framework for small and growing organizations19:47 Balancing the usage of Qualitative vs Quantitative risk approach23:00 Importance of the peer review process25:03 Challenges to implementing the FAIR approach27:27 Mitigating the challenges of implementing the FAIR approach29:37 Biggest misconception before starting a risk management program31:31 Future of risk management32:55 Preparing for the future of risk management34:31 Approaching the security challenges raised by new technologies like AI or quantum computing36:40 Building the right culture to drive a successful risk management program39:49 Summary41:00 Learning Recommendations

In this groundbreaking episode of the ScaleToZero podcast, we sit down with Brad Geesaman, a Principal Security Engineer, to explore the revolutionary impact of Agentic AI on Application Security. From the inspiration behind this cutting-edge field to the practicalities of building AI-powered solutions, we cover it all.

This episode is a must-listen for CISOs, Security Engineers, CTOs, and anyone looking to understand how AI is redefining the future of AppSec.

Transcript: https://www.scaletozero.com/episodes/ai-in-appsec-the-paradigm-shift-with-brad-geesaman/

Brad: https://www.linkedin.com/in/bradgeesaman/

00:00 Teaser and Introduction

04:00 Inspiration to focus on Application Security using AgenticAI

05:56 Understanding AgenticAI0

8:52 Agentic AI versus Traditional AI

12:44 Paradigm shift of secure coding with the change of AI

15:28 Importance of tool integration and standardization of AgenticAI for AppSec

18:00 Standardization of Agent SDKs or NCPs

20:22 Using AI to secure AI

23:12 Are AI systems reliable considering their nondeterminism

25:15 Considerations for adopting AI for AppSec

29:54 Impact of AI on organizational structure for security

32:27 Elements of AppSec with the least AI benefits

36:10 What is Reaperbot

42:42 Advantages and disadvantages of testing methods of Reaperbot

45:00 Vision for Reaperbot in the near future

48:00 Building trust within teams with the rise in these decision-making agents

52:12 Recommendations for operations teams to avoid vulnerabilities or misconfiguration

54:58 Considerations for the operations team when using AI systems for security purposes

01:00:02 Summary

01:01:05 Learning recommendations

In this insightful episode of the podcast, we speak with a seasoned Senior Cloud Security Consultant and Architect about a unique approach to security: minimalism. We explore how the principles of minimalist living can be applied to build leaner, more effective security strategies in the cloud and beyond.

Whether you're a security leader, architect, or cloud enthusiast, this episode offers a fresh perspective on building robust and efficient security strategies.

YouTube: https://youtu.be/plqzCwd1rUM

00:00 Teaser and Introduction06:45 Minimalist living09:30 Applying the minimalist living approach to security16:30 Do organizations practice the basics of security?24:45 Investing early in security29:40 Balancing local and global security frameworks37:17 Best ways for startups to work with AWS and vice versa42:55 Educating global leaders to work with Indian customers48:50 Maximizing AWS Benefits for Startups56:19 How can India win in cyberspace?01:08:31 Learning recommendations

In this episode of the Scale To Zero podcast, we dive deep into the world of Security Champions with our guest speaker Bonnie Viteri, a seasoned cybersecurity expert. We explore how to build, scale, and maintain a thriving Security Champions program that truly makes a difference.

Watch on YouTube: https://youtu.be/3bpNxeKmWug

Bonnie: https://www.linkedin.com/in/bonniebyer-viteri/ScaleToZero: https://www.scaletozero.com/

Cloudanix: https://www.cloudanix.com/

Here's what we covered:

00:00 Teaser and Introduction

03:15 Defining the role of a security champion

04:45 Signals to identify a security champion when working with development teams

06:00 Real life example of someone turning into an excelent security champion

07:50 Why security teams at Yahoo are called paranoids?

09:16 How does a security champion evolve over time?

11:20 Principles of successful security champions program

13:55 Scaling security champions program along with organization's growth

16:28 North star for scaling security champions program

19:14 Differences in building champions program at startup vr large orgs

22:30 Aligning security champions program with business outcomes

26:00 Metrics to show alignment and progress of security program

28:55 Data driven security champions program for non-believers

31:46 Keeping security champions program fresh and relevant

34:28 Keeping individual security champions engaged and happy

37:50 Tips to prevent burnout

39:34 Examples of recognition and appreciation of security champions

42:39 Bridging gaps between security teams and other business teams

45:45 Challenges of fostering collaboration between security and other business teams

48:28 Summary

49:27 Learning recommendations

In this episode of the ScaleToZero podcast, we had an insightful conversation with Rowan Udell, an AWS IAM leader and security consultant, about the future of cloud security. We delved into critical topics like prohibiting human access to production accounts, maximizing ROI in IAM and policy management, and the role of Just-In-Time access. We also explored the impact of LLMs on IAM engineering and discussed practical strategies for minimizing attack surfaces in the healthcare industry. This episode is a must-listen for anyone responsible for AWS security and identity management.

Watch on YouTube: https://youtu.be/r0eupMDCqB8

#cybersecurity AWS #IAM #CloudSecurity #DevSecOps #JustInTimeAccess #LLM #SecurityBestPractices

00:00 Teaser and Introduction

05:45 Prohibiting human access to production cloud accounts

12:00 Recommendations to prohibit human access to production accounts

15:30 Strategy to maximize ROI in IAM and Policy Management

19:00 Thoughts on the ability to create users and roles at will in the cloud

23:19 What is Just-In-Time and its role in the cloud?

30:14 Providing secure access to teams in the healthcare industry via IAM

38:05 How organizations can keep the attack surface minimum

41:51 Common misconfigurations seen with minimal fix

44:22 Less-known features of AWS IAM with great impact

48:30 Are LLMs a blessing or curse to IAM engineers?

51:20 Shift of LLMs that IAM engineers should expect in 2025

55:35 Summary

56:38 Learning recommendations

In our latest episode of the ScaleToZero podcast, we had a fascinating conversation with Anshuman Bhartiya, an AppSec Tech Lead and cybersecurity expert. We explored the intricacies of product security, including the challenges of implementation, building a strong security culture, and leveraging AI models for application security.

Anshuman shared with us practical tips for balancing user experience with robust security measures and offered valuable recommendations for integrating AI into development processes. A must-listen for anyone invested in application security and the future of secure product development.

Transcript: Website: https://scaletozero.com/

Cloudanix: https://www.cloudanix.com/

#podcast AppSec #ProductSecurity #SDLC #Cybersecurity #GenAI #SecurityCulture

00:00 Teaser and Introduction

04:19 Defining Product Security

07:42 Challenges of implementing security

10:28 Balancing the workflow with engineering and security teams with use-case

15:38 Tools and processes to build secure SDLC processes

19:47 Practical ways to build the right security culture

22:45 Balancing user experience and security of a product with an example

28:52 Catering to the third-party security ecosystem

33:00 Key metrics to measure the effectiveness of the product security program

39:11 Use of AI models to secure the application

43:12 How GenAI has changed the world of product security

46:30 Recommendations to appsec team for integrating AI into dev processes

49:39 Summary

50:49 Learning recommendations

Join us for an in-depth conversation with Jason Jordaan, a seasoned Principal Digital Forensics Analyst, as we unravel the complexities of modern digital forensics. In this episode, we have covered topics such as the most common digital evidence, cloud and mobile impact, essential skills, and the DFIR intersection. Whether you're a seasoned professional or just starting, this episode offers valuable insights into the dynamic world of digital forensics.

YouTube: https://youtu.be/JPzgCTFm_j0

00:00 Teaser and Introduction

08:55 Most common types of digital evidence encountered in investigations

11:30 Impact of cloud computing and mobile devices in the field of digital forensics

15:30 Key skills required in digital forensics

19:01 Tackling most challenging aspects of digital forensics investigation

24:03 Ensuring the chain of custody and authenticity of digital evidence

29:05 Is the Digital Forensics job overwhelming

33:50 Intersection of Digital Forensics and Incident Response

39:45 Practical ways for organizations to investigate threats via digital forensics

45:52 Challenges of investigating deepfakes and other forms of AI-generated content

51:02 Advice for beginners interested in Digital Forensics

57:00 Summary

58:03 Learning recommendations on Digital Forensics

Join us as we delve into the world of threat detection with our expert guest Reanna Shultz, a renowned security leader and community builder.In this insightful podcast, we explore the critical challenges facing security teams today, including the need for real-time threat detection, the constant evolution of the threat landscape, and the importance of stakeholder buy-in. We also discuss strategies for breaking the detection-reaction cycle, leveraging AI/ML for enhanced detection, and the skills needed to thrive as a future detection engineer. This podcast is a must-watch for anyone interested in cybersecurity, threat intelligence, and the future of security operations.00:00 Teaser and guest introduction06:08 Importance of real-time threat detection in consumer electronics industry11:50 How to detect bad actors?16:07 Challenges faced by security teams to convince stakeholders about security21:14 Creating playbooks for threat detection27:45 Balancing threat detection with false positives in high-volume settings.31:13 Staying current with the fast-paced threat landscape.33:15 How to automate keeping up with the threat landscape?37:21 Breaking the detection-reaction cycle in cybersecurity40:32 Rubrik for SOC analysts to manage their stress levels46:55 Scaling programs to prioritize threat detection50:54 Detection-reaction to insider threats54:27 Tips to involve other business areas in security programs56:41 Impact of ML/AI on threat detection59:30 What does a future detection engineer look like?01:02:50 Is the industry moving to build its own SIEM systems?01:05:05 Summary01:06:55 Reading and learning recommendations from Reanna

In this insightful podcast, we explore the transformative impact of AI on the cybersecurity landscape. Join us as we discuss how AI can be leveraged to enhance threat detection, improve incident response, and augment human analysts.

Join us as we delve into the critical role of security awareness programs in building a strong security posture.In this insightful podcast episode with Mauricio Duarte, our host Purusottam has discussed the challenges faced by security awareness program managers, the importance of tailored training, and effective methods for delivering engaging and impactful training. We also explore incident response best practices, including measuring effectiveness and leveraging incident data for continuous improvement. Finally, we offer valuable advice for managing stress and burnout within security leadership roles.