"Escape-Proof" Cloud: How Block built an Automated Approach to Egress Control
Many organizations focus on keeping attackers out, but what happens when one gets in? We spoke to Ramesh Ramani, Staff Security Engineer at Block about the real challenge, which is preventing them from leaving with your data. In this episode, Ramesh details the innovative system his team built to automate egress access control at scale, moving beyond traditional, inefficient methods.Ramesh explains how by establishing "sources of truth" for both internal applications and external partners, they created a centralized governance model. This system uses SPIFFE IDs to understand application identity, validates data-sharing requests against partner approvals, and provides a seamless, self-service experience for developers. Discover how this approach not only enhances security by preventing unauthorized data exfiltration but also improves incident response, allowing them to instantly revoke access to compromised third-party domains.Guest Socials - Ramesh's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity PodcastQuestions asked:(00:00) - Introduction(00:55) - Ramesh Ramani's Journey: From Network Engineer to Cloud Security at Block(02:03) - The "Trapped Thief" Analogy: Why Egress Is a Critical, Overlooked Problem(04:07) - The Trigger for Automation: Why Traditional Egress Security Doesn't Scale(07:36) - The Secret Sauce: Using SPIFFE IDs for Application Identity Across Any Cloud(14:42) - How It Works: Requesting Access & Denying Leaks to Partners like ChatGPT(30:39) - The Foundation: Why You Must Start with a "Source of Truth" for Apps & Partners(31:23) - Incident Response: Instantly Cutting Off Access When a Partner is Compromised(33:58) - Rollout Strategy: How to Implement Egress Controls Without Burdening Other Teams(37:35) - The Fun Section: Tech, Family, RPGs, and the Best Vegetarian RamenResources discussed during the episode:BSidesSF 2025 - Centralizing Egress Access Controls Across a Hybrid Environment.
--------
40:27
Prioritizing Cloud Security: How to Decide What to Protect First
When you can't protect everything at once, how do you decide what matters most? This episode tackles the core challenge of security prioritization. Geet Pradhan, Senior Security Engineer at Lime joins the podcast to share his framework for building a SecOps plan when you're a small team. Learn why his team made AWS logs their number one priority , how to leverage compliance requirements to guide your strategy , and why he advises starting with a small list of 1-5 critical applications instead of 35. Tune in for a conversation about strategic security for the modern cloud environment.Guest Socials - Geet's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity PodcastQuestions asked:(00:00) Introduction(00:32) Meet Geet Pradhan: Senior Security Engineer at Lime(01:17) What is Detection & Response in 2025?(04:35) Defining the Cloud Detection & Response Pipeline(09:42) Why SIEM-Only Alerts Don't Work for Remote Teams(12:02) How to Choose Your First Log Sources(17:00) Building Security Culture: How to Not Be "The Police"(22:45) Where to Find Pre-Built Detection Rules & Alerts(28:38) On-Prem vs. Cloud: Why The Threat Model Is Different(36:53) Fun QuestionsResources spoken about during the interview:Geet's BSides SF TalkNate Lee - Power of Persuasion
--------
41:08
Migrating from “Tick Box" Compliance to Automating GRC in a Multi-Cloud World
In many organizations, security exception management is a manual process, often treated as a simple compliance checkbox. While necessary, this approach can lead to unmonitored configurations that drift from their approved state, creating inconsistencies in an organization's security posture over time. How can teams evolve this process to support modern development without compromising on security?In this episode, Ashish Rajan sits down with security expert Santosh Bompally, Cloud Security Engineering Team Lead at Humana to discuss a practical framework for automating exception management. Drawing on his journey from a young tech enthusiast to a security leader at Humana, Santosh explains how to transform this process from a manual task into a scalable, continuously monitored system that enables developer velocity.Learn how to build a robust program from the ground up, starting with establishing a security baseline and leveraging policy-as-code, certified components, and continuous monitoring to create a consistent and secure cloud environment.Guest Socials - Santosh's LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity PodcastQuestions asked:(00:00) Introduction(00:39) From Young Hacker to Cybersecurity Pro(02:14) The "Tick Box" Problem with Exception Management(03:17) Exposing Your Threat Landscape: The Risk of Not Automating(05:43) Where Do You Even Start? The First Steps(08:26) VMs vs Containers vs Serverless: Is It Different?(11:15) Building Your Program: Start with a Security Baseline(14:44) What Standard to Follow? (CIS, PCI, HIPAA)(17:20) The Lifecycle of a Control: When Should You Retire One?(19:42) The 3 Levels of Security Automation Maturity(23:25) Do You Need to Be a Coder for GRC Automation?(26:16) Fun Questions: Home Automation, Family & Food
--------
28:48
Using AI Agents to Solve Cloud Vulnerability Overload
In this episode, Ashish Rajan talks with Harry Wetherald, Co-Founder & CEO of Maze, about the reality of modern vulnerability management. They explore why current tools like CNAPPs can generate up to 90% false positives and how AI agents can provide a real solution by thinking like a security engineer to identify genuine, exploitable threats. Learn about the challenges of building your own AI solutions and how this new approach can eliminate noise and build trust between security and engineering teamGuest Socials - Harry's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity PodcastQuestions asked:(00:00) Introduction(02:27) Who is Harry Wetherald?(04:45) The "Wall of Red": Why Security Tools Create 90% False Positives(06:21) The Mission: Solving Vulnerability Overload with AI(10:11) How an AI Agent Investigates a Vulnerability(16:09) The Hard Reality of Building Your Own AI Solution(18:14) Building for a Future of Evolving AI Models(20:00) What is the Role of an MCP (AI Copilot)?(27:31) Building AI Agents for Cloud Security(31:25) "Think Like a Hacker": Asking AI to Red Team Your Cloud(33:04) How AI Will Shape Security Programs in 2025 & Beyond(36:20) Fun Questions with HarryThank you Maze for sponsoring this episode.
--------
38:09
Adapting to New Threats, Copilot Risks & The Future of Data (Feat. Matthew Radolec, Varonis)
AI is reshaping cybersecurity as we know it. From sophisticated AI-driven phishing attacks to the amplified risk of insider threats using tools like Copilot, the landscape is shifting at an unprecedented pace. How can security leaders and practitioners adapt?Join Ashish Rajan and Matthew Radolec (Varonis) as they explore the critical challenges and opportunities AI presents. Learn why 86% of attacks involve credential misuse and how AI agents are making it easier than ever for non-technical insiders to exfiltrate data.In this episode, you'll learn about:The "Blast Radius": How AI tools can dramatically increase data exposure.From "Breaking In" to "Logging In": The dominance of credential-based attacks.AI-Powered Social Engineering: The rise of "conversational bait".Copilot Use Cases & "Aha!" MomentsData Integrity in AI: The critical, overlooked pillar of AI security.The Enduring Importance of Access Management in an AI World.Transforming Security Operations: AI for incident response, playbooks, and forensics.Guest Socials - Matt's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity PodcastQuestions asked:(00:00) Introduction(01:57) New Threat Landscape in Cloud & AI(08:08) Use cases for regulated industries(10:03) Impact of Agentic AI in the cybersecurity space(12:22) Blind spots of going into AI(18:06) Shared responsibility for LLM providers(20:56) Lifting up security programs for AI(27:82) How is incident response changing with AI?(29:30) Cybersecurity areas that will be most impacted by AI(34:43) The Fun SectionThank you to our episode sponsor Varonis
Learn Cloud Security in Public Cloud the unbiased way from CyberSecurity Experts solving challenges at Cloud Scale. We can be honest because we are not owned by Cloud Service Provider like AWS, Azure or Google Cloud.
We aim to make the community learn Cloud Security through community stories from small - Large organisations solving multi-cloud challenges to diving into specific topics of Cloud Security.
We LIVE STREAM interviews on Cloud Security Topics every weekend on Linkedin, YouTube, Facebook and Twitter with over 150 people watching and asking questions and interacting with the Guest.
Deutschland