October 9, 2025 • 23 mins
Cloud perimeters are fading, identities are multiplying, and threats move faster than patches. We dive into the real mechanics of securing a hybrid world—mapping cloud deployment choices, clarifying shared responsibility across SaaS, PaaS, and IaaS, and showing how Zero Trust reshapes defenses around identity, posture, and context. It’s a practical tour from first principles to field-tested patterns, grounded by case studies like Capital One and SolarWinds and anchored in frameworks such as NIST SP 800-207.
We start by decoding public, private, hosted private, community, and hybrid models, then connect those choices to risk: multi-tenant isolation, data flows between zones, and the observability challenges of decentralization. From there, we move into reliability engineering—high availability, geo-redundancy, disaster recovery—and the role Kubernetes plays in scaling securely, with a frank look at container pitfalls and how least privilege and image scanning reduce blast radius. Automation takes center stage with infrastructure as code, autoscaling, and software-defined networking, plus how SASE brings secure access to a remote-first workforce without bolting on more complexity.
Embedded systems and IoT get a hard look: scarce memory, weak encryption, default credentials, and unpatchable firmware that turns convenience into risk. We offer a simple playbook—segment aggressively, enforce egress controls, rotate credentials, and plan device lifecycles—to stop small sensors from causing big outages. Zero Trust ties it all together: never trust, always verify; microsegment to prevent lateral movement; and evaluate every access request through identity, device health, and real-time signals. Along the way, we weave in Security+ exam-style questions so you can test your knowledge and lock in the fundamentals.
If this helped you see your cloud and Zero Trust roadmap more clearly, follow the show, share it with a teammate, and leave a quick review. Got certified recently or put these controls into practice? Email professorjrod@gmail.com—we’d love to shout you out on a future episode.
Interviews with Tech Leaders and insights on the latest emerging technology trends.
Listen on: Apple Podcasts Spotify
Art By Sarah/Desmond
Music by Joakim Karud
Little chacha Productions
Juan Rodriguez can be reached at
TikTok @ProfessorJrod
ProfessorJRod@gmail.com
@Prof_JRod
Instagram ProfessorJRod
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
SPEAKER_00 (00:27):
And welcome to Technology Tech.
I'm Professor J.
Rod.
In this episode, Secure Cloudand Zero Trust, building the
future of security.
Let's tap in.
(01:12):
Where we keep tapping intotechnology one bite at a time.
Today we're diving deep into thecritical era of modern
cybersecurity, secure cloudnetwork and architecture, and
zero trust framework.
This episode will guide youthrough unpacking cloud models,
service responsibilities,design, embedded systems, IoT,
(01:34):
and the zero trust mindset thatdefines the future of enterprise
defense.
We'll explore how AWS Azure andGoogle Cloud structure share
responsibilities and why IoTdevices are both a blessing and
a curse for security teams.
So grab your notebook because bythe end you have a full map of
(01:55):
how cloud and zero trustarchitectures come together in
today's hybrid world.
Cloud deployment models.
Let's begin with clouddeployment models.
The blueprint of howorganizations choose to operate
in the cloud.
There are five key models.
Public cloud, multi-tenant.
Think AWS or Azure.
(02:16):
Multiple customers share thesame infrastructure, like
renting an apartment in ahigh-rise building.
Private cloud, dedicatedinfrastructure, your own house,
your own locks.
Ideal for highly regulatedindustries like healthcare or
finance.
Hosted private cloud, a middleground.
It's private but hosted bysomeone else, often managed
(02:37):
through third-party providers.
Community cloud, shared amongorganizations with common goals.
Think of a group of hospitalspulling resources under HIPAA.
Hybrid cloud, a combination ofon-premise and public cloud,
perfect for workloading balanceand legacy app integrations.
Security implications.
(02:57):
In a single tenant setup, youhave more control but more cost.
In a multi-tenant model,isolation is key.
Data leakage across tenants is areal risk.
Hybrid adds flexibility butcomplicates security monitoring.
Data moves in and outconsistently.
During the COVID-19 pandemic,many companies adopted hybrid
(03:20):
clouds to handle sudden remotesurges.
For instance, Zoom leveraged AWScapacity to scale globally
without owning the hardware.
Next, now that we place ourworkloads, let's explore cloud
service models.
(03:41):
SaaS, PaaS, and IS, IAS.
SaaS or Software as a Service.
Applications delivered over theweb.
Think Google Workspace,Salesforce.
You focus on data and accessprovider manages infrastructure
and software.
PLAS, platform as a service.
Developers playground.
(04:02):
Think Microsoft for Zura AppService.
You handle code, they handleruntime.
And then infrastructure as aservice, raw compute and
storage, AWS EC2, Google ComputeEngine, UCigure OS, patches,
firewalls.
The responsibility matrixdivides who handles what.
(04:23):
Cloud providers secure physicalinfrastructure, DDoS protection,
and regional redundancy.
The customer secures identities,access control, encryption
tools, and application settings.
Tip misconfigurations remain atop cause of cloud breaches.
Just ask Capital One in 2019.
(04:44):
The data was exposed not by AWSbut by poorly configured web
application firewall.
Security Plus tip Expect examquestions testing which party is
responsible for encryption,backup, ORS patches, and various
models.
Centralized versusdecentralized.
Before the cloud, computing wascentralized, mainframes, data
(05:08):
centers, and everything underone roof.
That model offered control butlacked agility.
Enter decentralization,distributing, processing, and
data across nodes.
Today's blockchain,peer-to-peer, and IoT network
embody this.
Blockchain decentralized trust,no single point of failure.
(05:29):
CDNs like Cloudflare replicatecontent globally, cutting
latency.
And ILT devices process data atthe edge, close to users.
Here's an example.
Netflix uses CDNs worldwide.
Ever notice how your show startsinstantly?
That's decentralized caching atwork.
Challenge Security monitoringbecomes more complex.
(05:52):
You need unified visibilityacross thousands of endpoints.
Segment four.
Releasy means designing forfailure in the cloud.
It's not if something fails,it's when.
Replication, copying data acrosszones, local, local, regional,
georedundant, high availability,multiple instances across
(06:15):
available availability zones sothat one server failures doesn't
crash your service.
Disaster recovery, backups andautomation to resolve within
minutes.
Think of a gaming service likeXbox Live.
Users expect uptime 24-7 all thetime.
Microsoft uses geo-redundantstorage to ensure gamers stay
(06:36):
connected even during regionaloutage.
Right?
And especially during Christmaswhen everybody gets their new
gift.
(06:59):
And Kubernetes orchestratorsorchestrates thousands of
containers, ensuring scaling andhealth checks automatically.
Security note containers sharehost OS One misconfiguration
equals potential privilegeescalation.
Use least privilege and imagingscanning tools like Trivi.
(07:21):
Cloud automation and SDN.
Automation is the secret sauceof the modern cloud.
Let's break it down.
Infrastructure as a code, useYAML or Terraform scripts to
deploy identical environments,reducing human error.
Load balancing, distributetraffic automatically.
Auto scaling, add resource ondemand.
(07:43):
Think retail searches on BlackFriday.
I remember those days when Iworked in retail.
Ed computing, move computationalcomputations closer to the user
for faster response.
Then we hit software-definednetworking.
It separates controller plane,decides routes and policies,
data plane, moves packets, andmanagement planes, monitor
(08:05):
performance.
Imagine SDN as air trafficcontrol for your network.
Dynamic, policy driven, secure.
Here's an example.
Google's cloud SDN can reroutetraffic around outages
automatically.
Keeping services up.
You don't have to worry aboutcrashing.
Next.
(08:25):
Cloud security considerations.
With great scalability comesgreat responsibility.
As Pete Parker once said.
(08:49):
Patching, use automated patchmanagement.
Secure communications, use BPN,private endpoints.
SD WAN and SASE combinednetworking.
Combined networking and securityfor remote work.
Case study during the solarwinds breach, compromise
software updates propagatedthrough cloud environments.
(09:12):
Lesson integrity validation ofcode and supply chain matters.
For security plus, understandhow SASE integrates firewalls as
a service, zero trust network,and CSAB in one framework.
(09:54):
Embedded systems and theInternet of Things.
Let's switch gears to embeddedsystems.
Specialize computers ineverything from cars to
pacemakers.
RTOS, real-time operatingsystems, run deterministic code
for safety criticalenvironments.
ICS and SCADA systems runfactories, power grids, and
(10:16):
pipelines.
Targets for nation stateattacks.
Like the one that they had inNew York City here in September,
where they found a whole bunchof phones and servers that can
send three million text messagesa minute.
unknown (10:34):
Right?
SPEAKER_00 (10:34):
That can take down the communications.
Next, Internet of Things.
Billions of devices, ofteninsecure, insecure by design.
And my my definition of Internetof Things when they first came
out, not so much now, which Iwould tell my students, is
things that need the internet,but you really can't go on the
internet with those things.
unknown (10:56):
Right?
SPEAKER_00 (10:56):
So like the ring doorbell needs the internet, but
I can't go to the ring doorbelland and you know go on the
internet.
And you know, A-L-E-X-A, I can'tsay it because I have one right
next to me.
That was a device that didn't,you know, right when it first
came out, it needed theinternet, but you can't go on
the internet with it.
But actually now you can,especially now with the plus
(11:18):
that they added to it.
Billions of device, ofteninsecure by design, minimal
memory equals weak encryption,rush products, unpacked,
unpatched firmware, and defaultpasswords open the door.
But here's the thing aboutInternet of Things or things
like this in general.
If they are convenient, thenpeople will buy them.
(11:41):
If they're inconvenient, noone's gonna buy them.
Right?
If you make it harder for peopleto buy it because they're
inconvenient, no one's gonna buyit.
You gotta you have to make itconvenient for people.
So one of the things thathappens is you give up security.
But after a while, I thinkpeople, if you slowly introduce
(12:05):
them to security, I think itgets a little bit easier.
The example I give ismulti-factor authentication.
Nobody wanted to do multi-factorauthentication years ago.
Now, everybody's used to aone-time password being sent to
your phone, so now you canimplement a lot of more
multi-factor authenticationbecause people are now used to
it.
(12:25):
Right?
That's something that they'vegotten common to.
So, all right, real event in2016.
The Mary Botnet hijack IoTcameras taking down Twitter,
Netflix, and Reddit.
Best practice segment IoTnetworks, change the default.
Follow IoT SF, IIC, CSA, andETSI frameworks.
(12:50):
Next, zero trust architecture.
Finally, zero trust, thesecurity philosophy of our era.
Old model was trust but verify,the new model, never trust,
always verify.
Drivers, cloud, remote work,BYOD, and wireless network.
Zero trust key components,identity and access management,
(13:13):
micro segmentation, policyenforcement points, continuously
monitoring, threat detection andprevention, the benefits,
improved governance, granularaccess, minimize lateral
movement.
NIST Zero Trust Framework, SP800-207, sets the gold standard
(13:34):
and aligns your exam prep withits principles.
Real world example, Google'sBeyond Corp Pioneered Zero
Trust.
Employees authenticate based onidentity and device posture, not
network location.
Alright, now that we've done allthat, let's take a look at our
questions.
(13:54):
We're gonna have four questions,and the way I do it is I ask you
a question and then I give youthe four choices, and then I
repeat the question and the fourchoices, and then I wait five
seconds and you try to get theright answer.
Alright, question one.
The company hosts a webapplication on AWS EC2 instance
(14:15):
and manages its own operatingsystem, security groups, and
encryption keys.
According to the shareresponsibility model, who is
responsible for securing theunderlying hardware and the
physical data center?
A the customer B AWS C thirdparty security provider or D the
network administrator.
(14:37):
Alright, let's take it again.
A company hosts a webapplication on AWS EC2 instance
and manages its own operatingsystems, security groups, and
encryption keys.
According to the shareresponsibility model, who is
responsible for securing theunderlying hardware and physical
data center?
(14:57):
A the customer B AWS C thirdparty security provider or D the
network administrator.
I'll give you five seconds toanswer.
Five, four, three, two, one, andthe answer is B, AWS.
In the IAAS model, theinfrastructure as a service
(15:21):
model, the cloud provider, inthis case being AWS, is
responsible for physicalsecurity, infrastructure, and
hypervisor maintenance.
The customer manages the OS,apps, and data.
The division ensures isolationbetween tenants, but requires
correct configuration by theclient.
(15:43):
I think this is a little bit ofan unfair question because it
doesn't say if it's SaaS or PaaSor infrastructure as a service.
But it does give you the shareresponsibility model.
So that's the clue in thequestion.
Alright, question two,deployment models.
(16:03):
A hospital consortium shares aprivate cloud designed for HIPAA
compliance, where multiplehospitals use the same cloud
infrastructure to manage thepatient data securely.
Which cloud deployment modelbest fits this scenario?
A public cloud, B private cloud,C Community Cloud, D.
(16:25):
Hybrid Cloud.
I'll read it again.
A hospital consortium shares aprivate cloud designed for HIPAA
compliance, where multiplehospitals use the same cloud
infrastructure to manage thepatient data securely.
Which cloud deployment modelbest fits this scenario?
A public cloud, B, privatecloud, C Community Cloud, D
(16:48):
hybrid cloud.
I'll give you five seconds.
Community cloud is used byorganizations with shared
mission policies or complianceneeds.
Healthcare or education.
(17:23):
A lot of these places, a lot ofthese exams have keywords.
You find the keyword, you'regonna find what the answer is.
So ILT security risk.
Alright, question three.
A manufacturer deployed hundredsof ILT sensors in a factory.
After deployment, theydiscovered the devices cannot
receive firmware updates orpatches.
(17:44):
What is the greatest securityrisk associated with these
devices?
A.
They use too much bandwidth.
B.
They cannot connect to thecorporate network.
C.
They may become unpatchable andvulnerable to exploits.
D.
They're incompatible with SDNcontrollers.
I'll read it again.
It's an IoT security riskquestion.
(18:06):
A manufacturer deployed hundredsof IoT sensors in his factories.
After deployment, theydiscovered the devices cannot
receive firmware updates orpatches.
What is the greatest securityrisk associated with these
devices?
A.
They use too much bandwidth.
B they cannot connect to thecorporate network.
(18:27):
C They may become unpatchableand vulnerable to exploits, or
D.
They're incompatible with SDNcontrollers.
I'll give you five seconds tothink about it for the answer.
5, 4, 3, 2, 1.
And the answer is C.
They become unpatchable andvulnerable to exploits.
(18:48):
IoT devices often lack resourcesfor patching.
Unpatchable firmware is asignificant risk because
vulnerabilities remainexploitable for the device
lifecycle.
Best practice to segment IoTnetworks and replace outdated
hardware.
Yeah, some of these devices youcannot upgrade.
You just have to replace it.
(19:10):
Right?
Like the I think the olderversions of ALEXA, the ones
without a screen, I don't thinkyou can update them.
I think you just you just haveto replace them.
In my opinion, they've gotten alot better.
But yeah, they went from noscreen to little screens, bigger
screens, and now they have awhole whole thing.
I'm a big fan of them.
(19:31):
If you don't know that already,I'm a big fan of A L E X A.
Alright, last question.
Zero trust architecture.
An organization is transtransitioning to a zero trust
model.
Which principle best definesthis architecture?
A trust users inside the networkperimeter.
(19:54):
B verify only externalconnections.
C assume every user and deviceis untrusted, requiring
continuous verification.
And D apply least privilege tonetwork devices only.
I'll read it to you again.
An organization is transitioningto a zero trust model.
Which principle best definesthis architecture?
(20:17):
A trust users inside the networkperimeter.
B verify only externalconnections.
C assume every user and deviceis untrusted, requiring
continuous verification, or D.
Apply these principles tonetwork devices only.
I'll give you five seconds.
Think about it.
(20:38):
Five, four, three, two, one.
And the answer is C assume everyuser and device is untrusted,
requiring continuousverification.
Zero Trust Foundation is nevertrust, always verify.
Every access request, eitherinternal or external, requires
(20:59):
authentication, authorization,and continuous monitoring.
This model mitigates lateralmovement and insider threats
aligned with NIS SP 800-207guidance.
So, how do you do?
Did you get them all right?
(21:20):
Did you get some of them right?
Review these concepts before youpractice for your next Security
Plus exam.
Right?
Hopefully, you will take itvery, very soon.
I actually had a student take itrecently and he passed.
I'm so proud of him.
He he let me know that hepassed.
(21:42):
So let me know if you take anexam and uh and you pass.
I'll give you a shout out if youemail me at professorjrod at
gmail.com and you tell me thatyou passed any of the Compte
exams.
I just passed my pen plus acouple of weeks ago.
So very happy with that.
That's my seventh certification.
So yeah, you could be, you know,you can do it.
(22:04):
If an old guy like me can do it,anybody can do it.
Right?
So if you are if you passed theexam recently, send me a note.
I'll I'll throw you a shout out.
Right, we can do that, I'llthrow you a shout out.
Alright.
We just tapped into one of themost critical lessons in modern
cybersecurity.
(22:26):
How cloud infrastructurearchitecture and zero trust
redefined security from theground up.
From cloud public cloud tomicroservices, IoT to identity.
This episode covered technologyshaping your future as a
cybersecurity professional.
I'm Professor J Rod.
Thank you for tuning in toTechnology Tap.
(22:47):
Remember to study responsibly,secure your configurations, and
as always, keep tapping intotechnology.
(23:09):
This has been a presentation ofLittle Catcha Productions, art
by Sarah, music by Joe Kim.
We're now part of the Pod MatchNetwork.
You can follow me at TikTok atProfessor J Rod at J R O D, or
you can email me at ProfessorJrod at J R O D at Gmail.
And welcome to Technology Tech.
I'm Professor J.
Rod.
In this episode, Secure Cloudand Zero Trust, building the
future of security.
Let's tap in.
(01:12):
Where we keep tapping intotechnology one bite at a time.
Today we're diving deep into thecritical era of modern
cybersecurity, secure cloudnetwork and architecture, and
zero trust framework.
This episode will guide youthrough unpacking cloud models,
service responsibilities,design, embedded systems, IoT,
(01:34):
and the zero trust mindset thatdefines the future of enterprise
defense.
We'll explore how AWS Azure andGoogle Cloud structure share
responsibilities and why IoTdevices are both a blessing and
a curse for security teams.
So grab your notebook because bythe end you have a full map of
(01:55):
how cloud and zero trustarchitectures come together in
today's hybrid world.
Cloud deployment models.
Let's begin with clouddeployment models.
The blueprint of howorganizations choose to operate
in the cloud.
There are five key models.
Public cloud, multi-tenant.
Think AWS or Azure.
(02:16):
Multiple customers share thesame infrastructure, like
renting an apartment in ahigh-rise building.
Private cloud, dedicatedinfrastructure, your own house,
your own locks.
Ideal for highly regulatedindustries like healthcare or
finance.
Hosted private cloud, a middleground.
It's private but hosted bysomeone else, often managed
(02:37):
through third-party providers.
Community cloud, shared amongorganizations with common goals.
Think of a group of hospitalspulling resources under HIPAA.
Hybrid cloud, a combination ofon-premise and public cloud,
perfect for workloading balanceand legacy app integrations.
Security implications.
(02:57):
In a single tenant setup, youhave more control but more cost.
In a multi-tenant model,isolation is key.
Data leakage across tenants is areal risk.
Hybrid adds flexibility butcomplicates security monitoring.
Data moves in and outconsistently.
During the COVID-19 pandemic,many companies adopted hybrid
(03:20):
clouds to handle sudden remotesurges.
For instance, Zoom leveraged AWScapacity to scale globally
without owning the hardware.
Next, now that we place ourworkloads, let's explore cloud
service models.
(03:41):
SaaS, PaaS, and IS, IAS.
SaaS or Software as a Service.
Applications delivered over theweb.
Think Google Workspace,Salesforce.
You focus on data and accessprovider manages infrastructure
and software.
PLAS, platform as a service.
Developers playground.
(04:02):
Think Microsoft for Zura AppService.
You handle code, they handleruntime.
And then infrastructure as aservice, raw compute and
storage, AWS EC2, Google ComputeEngine, UCigure OS, patches,
firewalls.
The responsibility matrixdivides who handles what.
(04:23):
Cloud providers secure physicalinfrastructure, DDoS protection,
and regional redundancy.
The customer secures identities,access control, encryption
tools, and application settings.
Tip misconfigurations remain atop cause of cloud breaches.
Just ask Capital One in 2019.
(04:44):
The data was exposed not by AWSbut by poorly configured web
application firewall.
Security Plus tip Expect examquestions testing which party is
responsible for encryption,backup, ORS patches, and various
models.
Centralized versusdecentralized.
Before the cloud, computing wascentralized, mainframes, data
(05:08):
centers, and everything underone roof.
That model offered control butlacked agility.
Enter decentralization,distributing, processing, and
data across nodes.
Today's blockchain,peer-to-peer, and IoT network
embody this.
Blockchain decentralized trust,no single point of failure.
(05:29):
CDNs like Cloudflare replicatecontent globally, cutting
latency.
And ILT devices process data atthe edge, close to users.
Here's an example.
Netflix uses CDNs worldwide.
Ever notice how your show startsinstantly?
That's decentralized caching atwork.
Challenge Security monitoringbecomes more complex.
(05:52):
You need unified visibilityacross thousands of endpoints.
Segment four.
Releasy means designing forfailure in the cloud.
It's not if something fails,it's when.
Replication, copying data acrosszones, local, local, regional,
georedundant, high availability,multiple instances across
(06:15):
available availability zones sothat one server failures doesn't
crash your service.
Disaster recovery, backups andautomation to resolve within
minutes.
Think of a gaming service likeXbox Live.
Users expect uptime 24-7 all thetime.
Microsoft uses geo-redundantstorage to ensure gamers stay
(06:36):
connected even during regionaloutage.
Right?
And especially during Christmaswhen everybody gets their new
gift.
(06:59):
And Kubernetes orchestratorsorchestrates thousands of
containers, ensuring scaling andhealth checks automatically.
Security note containers sharehost OS One misconfiguration
equals potential privilegeescalation.
Use least privilege and imagingscanning tools like Trivi.
(07:21):
Cloud automation and SDN.
Automation is the secret sauceof the modern cloud.
Let's break it down.
Infrastructure as a code, useYAML or Terraform scripts to
deploy identical environments,reducing human error.
Load balancing, distributetraffic automatically.
Auto scaling, add resource ondemand.
(07:43):
Think retail searches on BlackFriday.
I remember those days when Iworked in retail.
Ed computing, move computationalcomputations closer to the user
for faster response.
Then we hit software-definednetworking.
It separates controller plane,decides routes and policies,
data plane, moves packets, andmanagement planes, monitor
(08:05):
performance.
Imagine SDN as air trafficcontrol for your network.
Dynamic, policy driven, secure.
Here's an example.
Google's cloud SDN can reroutetraffic around outages
automatically.
Keeping services up.
You don't have to worry aboutcrashing.
Next.
(08:25):
Cloud security considerations.
With great scalability comesgreat responsibility.
As Pete Parker once said.
(08:49):
Patching, use automated patchmanagement.
Secure communications, use BPN,private endpoints.
SD WAN and SASE combinednetworking.
Combined networking and securityfor remote work.
Case study during the solarwinds breach, compromise
software updates propagatedthrough cloud environments.
(09:12):
Lesson integrity validation ofcode and supply chain matters.
For security plus, understandhow SASE integrates firewalls as
a service, zero trust network,and CSAB in one framework.
(09:54):
Embedded systems and theInternet of Things.
Let's switch gears to embeddedsystems.
Specialize computers ineverything from cars to
pacemakers.
RTOS, real-time operatingsystems, run deterministic code
for safety criticalenvironments.
ICS and SCADA systems runfactories, power grids, and
(10:16):
pipelines.
Targets for nation stateattacks.
Like the one that they had inNew York City here in September,
where they found a whole bunchof phones and servers that can
send three million text messagesa minute.
unknown (10:34):
Right?
SPEAKER_00 (10:34):
That can take down the communications.
Next, Internet of Things.
Billions of devices, ofteninsecure, insecure by design.
And my my definition of Internetof Things when they first came
out, not so much now, which Iwould tell my students, is
things that need the internet,but you really can't go on the
internet with those things.
unknown (10:56):
Right?
SPEAKER_00 (10:56):
So like the ring doorbell needs the internet, but
I can't go to the ring doorbelland and you know go on the
internet.
And you know, A-L-E-X-A, I can'tsay it because I have one right
next to me.
That was a device that didn't,you know, right when it first
came out, it needed theinternet, but you can't go on
the internet with it.
But actually now you can,especially now with the plus
(11:18):
that they added to it.
Billions of device, ofteninsecure by design, minimal
memory equals weak encryption,rush products, unpacked,
unpatched firmware, and defaultpasswords open the door.
But here's the thing aboutInternet of Things or things
like this in general.
If they are convenient, thenpeople will buy them.
(11:41):
If they're inconvenient, noone's gonna buy them.
Right?
If you make it harder for peopleto buy it because they're
inconvenient, no one's gonna buyit.
You gotta you have to make itconvenient for people.
So one of the things thathappens is you give up security.
But after a while, I thinkpeople, if you slowly introduce
(12:05):
them to security, I think itgets a little bit easier.
The example I give ismulti-factor authentication.
Nobody wanted to do multi-factorauthentication years ago.
Now, everybody's used to aone-time password being sent to
your phone, so now you canimplement a lot of more
multi-factor authenticationbecause people are now used to
it.
(12:25):
Right?
That's something that they'vegotten common to.
So, all right, real event in2016.
The Mary Botnet hijack IoTcameras taking down Twitter,
Netflix, and Reddit.
Best practice segment IoTnetworks, change the default.
Follow IoT SF, IIC, CSA, andETSI frameworks.
(12:50):
Next, zero trust architecture.
Finally, zero trust, thesecurity philosophy of our era.
Old model was trust but verify,the new model, never trust,
always verify.
Drivers, cloud, remote work,BYOD, and wireless network.
Zero trust key components,identity and access management,
(13:13):
micro segmentation, policyenforcement points, continuously
monitoring, threat detection andprevention, the benefits,
improved governance, granularaccess, minimize lateral
movement.
NIST Zero Trust Framework, SP800-207, sets the gold standard
(13:34):
and aligns your exam prep withits principles.
Real world example, Google'sBeyond Corp Pioneered Zero
Trust.
Employees authenticate based onidentity and device posture, not
network location.
Alright, now that we've done allthat, let's take a look at our
questions.
(13:54):
We're gonna have four questions,and the way I do it is I ask you
a question and then I give youthe four choices, and then I
repeat the question and the fourchoices, and then I wait five
seconds and you try to get theright answer.
Alright, question one.
The company hosts a webapplication on AWS EC2 instance
(14:15):
and manages its own operatingsystem, security groups, and
encryption keys.
According to the shareresponsibility model, who is
responsible for securing theunderlying hardware and the
physical data center?
A the customer B AWS C thirdparty security provider or D the
network administrator.
(14:37):
Alright, let's take it again.
A company hosts a webapplication on AWS EC2 instance
and manages its own operatingsystems, security groups, and
encryption keys.
According to the shareresponsibility model, who is
responsible for securing theunderlying hardware and physical
data center?
(14:57):
A the customer B AWS C thirdparty security provider or D the
network administrator.
I'll give you five seconds toanswer.
Five, four, three, two, one, andthe answer is B, AWS.
In the IAAS model, theinfrastructure as a service
(15:21):
model, the cloud provider, inthis case being AWS, is
responsible for physicalsecurity, infrastructure, and
hypervisor maintenance.
The customer manages the OS,apps, and data.
The division ensures isolationbetween tenants, but requires
correct configuration by theclient.
(15:43):
I think this is a little bit ofan unfair question because it
doesn't say if it's SaaS or PaaSor infrastructure as a service.
But it does give you the shareresponsibility model.
So that's the clue in thequestion.
Alright, question two,deployment models.
(16:03):
A hospital consortium shares aprivate cloud designed for HIPAA
compliance, where multiplehospitals use the same cloud
infrastructure to manage thepatient data securely.
Which cloud deployment modelbest fits this scenario?
A public cloud, B private cloud,C Community Cloud, D.
(16:25):
Hybrid Cloud.
I'll read it again.
A hospital consortium shares aprivate cloud designed for HIPAA
compliance, where multiplehospitals use the same cloud
infrastructure to manage thepatient data securely.
Which cloud deployment modelbest fits this scenario?
A public cloud, B, privatecloud, C Community Cloud, D
(16:48):
hybrid cloud.
I'll give you five seconds.
Community cloud is used byorganizations with shared
mission policies or complianceneeds.
Healthcare or education.
(17:23):
A lot of these places, a lot ofthese exams have keywords.
You find the keyword, you'regonna find what the answer is.
So ILT security risk.
Alright, question three.
A manufacturer deployed hundredsof ILT sensors in a factory.
After deployment, theydiscovered the devices cannot
receive firmware updates orpatches.
(17:44):
What is the greatest securityrisk associated with these
devices?
A.
They use too much bandwidth.
B.
They cannot connect to thecorporate network.
C.
They may become unpatchable andvulnerable to exploits.
D.
They're incompatible with SDNcontrollers.
I'll read it again.
It's an IoT security riskquestion.
(18:06):
A manufacturer deployed hundredsof IoT sensors in his factories.
After deployment, theydiscovered the devices cannot
receive firmware updates orpatches.
What is the greatest securityrisk associated with these
devices?
A.
They use too much bandwidth.
B they cannot connect to thecorporate network.
(18:27):
C They may become unpatchableand vulnerable to exploits, or
D.
They're incompatible with SDNcontrollers.
I'll give you five seconds tothink about it for the answer.
5, 4, 3, 2, 1.
And the answer is C.
They become unpatchable andvulnerable to exploits.
(18:48):
IoT devices often lack resourcesfor patching.
Unpatchable firmware is asignificant risk because
vulnerabilities remainexploitable for the device
lifecycle.
Best practice to segment IoTnetworks and replace outdated
hardware.
Yeah, some of these devices youcannot upgrade.
You just have to replace it.
(19:10):
Right?
Like the I think the olderversions of ALEXA, the ones
without a screen, I don't thinkyou can update them.
I think you just you just haveto replace them.
In my opinion, they've gotten alot better.
But yeah, they went from noscreen to little screens, bigger
screens, and now they have awhole whole thing.
I'm a big fan of them.
(19:31):
If you don't know that already,I'm a big fan of A L E X A.
Alright, last question.
Zero trust architecture.
An organization is transtransitioning to a zero trust
model.
Which principle best definesthis architecture?
A trust users inside the networkperimeter.
(19:54):
B verify only externalconnections.
C assume every user and deviceis untrusted, requiring
continuous verification.
And D apply least privilege tonetwork devices only.
I'll read it to you again.
An organization is transitioningto a zero trust model.
Which principle best definesthis architecture?
(20:17):
A trust users inside the networkperimeter.
B verify only externalconnections.
C assume every user and deviceis untrusted, requiring
continuous verification, or D.
Apply these principles tonetwork devices only.
I'll give you five seconds.
Think about it.
(20:38):
Five, four, three, two, one.
And the answer is C assume everyuser and device is untrusted,
requiring continuousverification.
Zero Trust Foundation is nevertrust, always verify.
Every access request, eitherinternal or external, requires
(20:59):
authentication, authorization,and continuous monitoring.
This model mitigates lateralmovement and insider threats
aligned with NIS SP 800-207guidance.
So, how do you do?
Did you get them all right?
(21:20):
Did you get some of them right?
Review these concepts before youpractice for your next Security
Plus exam.
Right?
Hopefully, you will take itvery, very soon.
I actually had a student take itrecently and he passed.
I'm so proud of him.
He he let me know that hepassed.
(21:42):
So let me know if you take anexam and uh and you pass.
I'll give you a shout out if youemail me at professorjrod at
gmail.com and you tell me thatyou passed any of the Compte
exams.
I just passed my pen plus acouple of weeks ago.
So very happy with that.
That's my seventh certification.
So yeah, you could be, you know,you can do it.
(22:04):
If an old guy like me can do it,anybody can do it.
Right?
So if you are if you passed theexam recently, send me a note.
I'll I'll throw you a shout out.
Right, we can do that, I'llthrow you a shout out.
Alright.
We just tapped into one of themost critical lessons in modern
cybersecurity.
(22:26):
How cloud infrastructurearchitecture and zero trust
redefined security from theground up.
From cloud public cloud tomicroservices, IoT to identity.
This episode covered technologyshaping your future as a
cybersecurity professional.
I'm Professor J Rod.
Thank you for tuning in toTechnology Tap.
(22:47):
Remember to study responsibly,secure your configurations, and
as always, keep tapping intotechnology.
(23:09):
This has been a presentation ofLittle Catcha Productions, art
by Sarah, music by Joe Kim.
We're now part of the Pod MatchNetwork.
You can follow me at TikTok atProfessor J Rod at J R O D, or
you can email me at ProfessorJrod at J R O D at Gmail.
Popular Podcasts
Las Culturistas with Matt Rogers and Bowen Yang
Ding dong! Join your culture consultants, Matt Rogers and Bowen Yang, on an unforgettable journey into the beating heart of CULTURE. Alongside sizzling special guests, they GET INTO the hottest pop-culture moments of the day and the formative cultural experiences that turned them into Culturistas. Produced by the Big Money Players Network and iHeartRadio.
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.