Cloud Security Podcast by Google
Cloud Security Podcast by Google focuses on security in the cloud, delivering security from the cloud, and all things at the intersection of security and cloud. Of course, we will also cover what we are doing in Google Cloud to help keep our users' data safe and workloads secure. We’re going to do our best to avoid security theater, and cut to the heart of real security questions and issues. Expect us to question threat models and ask if something is done for the data subject’s benefit or just for organizational benefit. We hope you’ll join us if you’re interested in where technology overlaps with process and bumps up against organizational design. We’re hoping to attract listeners who are happy to hear conventional wisdom questioned, and who are curious about what lessons we can and can’t keep as the world moves from on-premises computing to cloud computing.
Episodes
Guest:
- Svetla Yankova, Founder and CEO, Citreno
Topics:
- Why do so many organizations still collect logs yet don’t detect threats? In other words, why is our industry spending more money than ever on SIEM tooling and still not “winning” against Tier 1 ... or even Tier 5 adversaries?
- What ar...
Guest:
- Cristina Vintila, Product Security Engineering Manager, Google Cloud
Topic:
- Could you share insights into how Product Security Engineering approaches at Google have evolved, particularly in response to emerging threats (like Log4j in 2021)?
- You mentioned applying SRE best practices i...
Guest:
- Sarah Aoun, Privacy Engineer, Google
Topic:
- You have had a fascinating career since we [Tim] graduated from college together – you mentioned before we met that you’ve consulted with a literal world leader on his personal digital security footprint. Maybe tell us how you got into this field of helping organizations tr...
Guest:
- David French, Staff Adoption Engineer, Google Cloud
Topic:
- Detection as code is one of those meme phrases I hear a lot, but I’m not sure everyone means the same thing when they say it. Could you tell us what you mean by it, and what upside it has for organizations in your model of it?
- Read more
Guest:
- Daniel Fabian, Principal Digital Arsonist, Google
Topic:
- Your RSA talk highlights lessons learned from two years of AI red teaming at Google. Could you share one or two of the most surprising or counterintuitive findings you encountered during this process?
- What are some of the key d...
Guest:
- Alex Pinto, Associate Director of Threat Intelligence, Verizon Business, Lead the Verizon Data Breach Report
Topics:
Guest
- Alan Braithwaite, Co-founder and CTO @ RunReveal
Topics:
- SIEM is hard, and many vendors have discovered this over the years. You need to get storage, security and integration complexity just right. You also need to be better than incumbents. How ...
Guests:
- Eric Foster, CEO of Tenex.AI
- Venkata Koppaka, CTO of Tenex.AI
Topics:
- Why is your AI-powered MDR special? Why start an MDR from scratch using AI?
- So why should users bet on an “AI-native” MDR instead of an MDR that has already got its act together and is now ap...
Guest:
-
Christine Sizemore, Cloud Security Architect, Google Cloud
Topics:
- Can you describe the key components of an AI software supply chain, and how do they compare to those in a traditional software supply chain?
- I hope folks listening have heard past episodes where we ...
Hosts:
- David Homovich, Customer Advocacy Lead, Office of the CISO, Google Cloud
- Alicja Cade, Director, Office of the CISO, Google Cloud
Guest:
- Diana Kelley, CSO at Protect AI
Topics:
- Can you explain the concept of "MLSecOps" as an analogy with DevSecOps, with 'Dev' replaced by 'ML'? This has nothing to do with SecOps, right?
- What are the most critical steps a CISO should prioritize when implementing MLSecOps within their organization? ...
Guests:
- no guests, just us in the studio
Topics:
- At RSA 2025, did we see solid, measurably better outcomes from AI use in security, or mostly just "sizzle" and good ideas with potential?
- Are the promises of an "AI SOC" repeating the mistakes seen with SOAR in previous years regarding fully...
Guests:
- Kirstie Failey @ Google Threat Intelligence Group
- Scott Runnels @ Mandiant Incident Response
Topics:
- What is the hardest thing about turning distinct incident reports into a fun to read and useful report like M-Trends?
- How much are the lessons and...
Guests:
- No guests [Tim in Vegas and Anton remote]
Topics:
- So, another Next is done. Beyond the usual Vegas chaos, what was the overarching security theme or vibe you [Tim] felt dominated the conference this year?
- Thinking back to Next '24, what felt genuinely different this year versus just...
Guests:
- Michael Cote, Cloud VRP Lead, Google Cloud
- Aadarsh Karumathil, Security Engineer, Google Cloud
Topics:
- Vulnerability response at cloud-scale sounds very hard! How do you triage vulnerability reports and make sure we’re addressing the right ones in the underlying cloud infrastructure...
Guest:
- Steve Ledzian, APAC CTO, Mandiant at Google Cloud
Topics:
- We've seen a shift in how boards engage with cybersecurity. From your perspective, what's the most significant misconception boards still hold about cyber risk, particularly in the Asia Pacific region, and how has that impacted their decision-making?
- Read more
Guest:
- Henrique Teixeira, Senior VP of Strategy, Saviynt, ex-Gartner analyst
Topics:
- How have you seen IAM evolve over the years, especially with the shift to the cloud, and now AI? What are some of the biggest challenges and opportunities these two shifts present?
- ITDR (Identity Threat De...
Guest:
- Alex Polyakov, CEO at Adversa AI
Topics:
- Adversa AI is known for its focus on AI red teaming and adversarial attacks. Can you share a particularly memorable red teaming exercise that exposed a surprising vulnerability in an AI system? What was the key takeaway for your team and the client?
- Read more
Guest:
- James Campbell, CEO, Cado Security
- Chris Doman, CTO, Cado Security
Topics:
- Cloud Detection and Response (CDR) vs Cloud Investigation and Response Automation(CIRA) ... what’s the story here? There is an “R” in CDR, right?
- Can’t my (modern) SIEM/SOAR d...
Guest:
- Meador Inge, Security Engineer, Google Cloud
Topics:
- Can you walk us through Google's typical threat modeling process? What are the key steps involved?
- Threat modeling can be applied to various areas. Where does Google utilize it the most? How do we apply this to huge and complex systems?
Popular Podcasts
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The latest news in 4 minutes updated every hour, every day.
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
The Clay Travis and Buck Sexton Show. Clay Travis and Buck Sexton tackle the biggest stories in news, politics and current events with intelligence and humor. From the border crisis, to the madness of cancel culture and far-left missteps, Clay and Buck guide listeners through the latest headlines and hot topics with fun and entertaining conversations and opinions.
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com