Parhaat Google Cloud Podcastit (2025)

1
EP255 Separating Hype from Hazard: The Truth About Autonomous AI Hacking 29:34

8h ago29:34

29:34

Guest: Heather Adkins, VP of Security Engineering, Google Topic: The term "AI Hacking Singularity" sounds like pure sci-fi, yet you and some other very credible folks are using it to describe an imminent threat. How much of this is hyperbole to shock the complacent, and how much is based on actual, observed capabilities today? Can autonomous AI age…

1
EP19 The Art of Deconstructing Problems: Tools, Tactics, and the ScatterBrain Obfuscator with Nino Isakovic 1:53:18

19d ago1:53:18

1:53:18

In this episode, we’re joined by Nino Isakovic, a long-time low-level security expert, for a thought-provoking conversation that spans the foundational and the cutting-edge. Nino discusses the art of deconstructing problems—sharing insights on how to learn effectively, the building blocks of a robust RE toolkit, and the critical shift required in o…

1
EP254 Escaping 1990s Vulnerability Management: From Unauthenticated Scans to AI-Driven Mitigation 31:14

7d ago31:14

31:14

Guest: Caleb Hoch, Consulting Manager on Security Transformation Team, Mandiant, Google Cloud Topics: How has vulnerability management (VM) evolved beyond basic scanning and reporting, and what are the biggest gaps between modern practices and what organizations are actually doing? Why are so many organizations stuck with 1990s VM practices? Why mi…

1
EP253 The Craft of Cloud Bug Hunting: Writing Winning Reports and Secrets from a VRP Champion 28:09

14d ago28:09

28:09

Guests: Sivanesh Ashok, bug bounty hunter Sreeram KL, bug bounty hunter Topics: We hear from the Cloud VRP team that you write excellent bugbounty reports - is there any advice you'd give to other researchers when they write reports? You are one of Cloud VRP's top researchers and won the MVH (most valuable hacker) award at their event in June - wha…

1
EP252 The Agentic SOC Reality: Governing AI Agents, Data Fidelity, and Measuring Success 35:53

21d ago35:53

35:53

Guests: Alexander Pabst, Deputy Group CISO, Allianz Lars Koenig, Global Head of D&R, Allianz Topics: Moving from traditional SIEM to an agentic SOC model, especially in a heavily regulated insurer, is a massive undertaking. What did the collaboration model with your vendor look like? Agentic AI introduces a new layer of risk - that of unconstrained…

1
EP251 Beyond Fancy Scripts: Can AI Red Teaming Find Truly Novel Attacks? 25:15

28d ago25:15

25:15

Guest: Ari Herbert-Voss, CEO at RunSybil Topics: The market already has Breach and Attack Simulation (BAS), for testing known TTPs. You're calling this 'AI-powered' red teaming. Is this just a fancy LLM stringing together known attacks, or is there a genuine agent here that can discover a truly novel attack path that a human hasn't scripted for it?…

1
EP18 10,000 DLLs and Too Much Math - Wrapping Up FLARE-On 12 with the FLARE Team 47:45

1M ago47:45

47:45

In this episode, we sit down with Nick Harbour, Blas Kojusner, Moritz Raabe, and Sam Kim — members of the FLARE Team and some of this year’s challenge authors — for a deep dive into the design and execution of FLARE-On 12. The team discusses the complexity and intent behind this year's challenges, including how Sam created his grueling final challe…

1
EP250 The End of "Collect Everything"? Moving from Centralization to Data Access? 29:21

1M ago29:21

29:21

Guest: Balazs Scheidler, CEO at Axoflow, original founder of syslog-ng Topics: Are we really coming to "access to security data" and away from "centralizing the data"? How to detect without the same storage for all logs? Is data pipeline a part of SIEM or is it standalone? Will this just collapse into SIEM soon? Tell us about the issues with log pi…

1
EP249 Data First: What Really Makes Your SOC 'AI Ready'? 30:37

1M ago30:37

30:37

Guest: Monzy Merza, co-founder and CEO at Crogl Topics: We often hear about the aspirational idea of an "IronMan suit" for the SOC—a system that empowers analysts to be faster and more effective. What does this ideal future of security operations look like from your perspective, and what are the primary obstacles preventing SOCs from achieving it t…

1
EP17 What Lurks Beneath: Building a Robust Network at Black Hat with Mark Overholser 1:09:36

2M ago1:09:36

1:09:36

In this episode, we're asking the question: "What Lurks Beneath?" We're joined by Mark Overholser, a Technical Marketing Engineer at Corelight who's part of the team running the Black Hat Network Operations Center (NOC). We discuss the incident during Black Hat 2025 that introduced us and revealed the team's proactive approach to protecting every g…

1
EP248 Cloud IR Tabletop Wins: How to Stop Playing Security Theater and Start Practicing 32:42

2M ago32:42

32:42

Guest: Jibran Ilyas, Director for Incident Response at Google Cloud Topics: What is this tabletop thing, please tell us about running a good security incident tabletop? Why are tabletops for incident response preparedness so amazingly effective yet rarely done well? This is cheap/easy/useful so why do so many fail to do it? Why are tabletops seen a…

1
EP247 The Evolving CISO: From Security Cop to Cloud & AI Champion 29:00

2M ago29:00

29:00

Guest: David Gee, Board Risk Advisor, Non-Executive Director & Author, former CISO Topics: Drawing from the "Aspiring CIO and CISO" book's focus on continuous improvement, how have you seen the necessary skills, knowledge, experience, and behaviors for a CISO evolve, especially when guiding an organization through a transformation? Could you share …

1
EP246 From Scanners to AI: 25 Years of Vulnerability Management with Qualys CEO Sumedh Thakar 36:53

2M ago36:53

36:53

Guest: Sumedh Thakar, President and CEO, Qualys Topics: How did vulnerability management (VM) change since Qualys was founded in 1999? What is different about VM today? Can we actually remediate vulnerabilities automatically at scale? Why did this work for you even though many expected it would not? Where does cloud fit into modern vulnerability ma…

1
EP16 The Machine Learning Revolution in Reverse Engineering with Hahna Kane Latonick 1:25:26

2M ago1:25:26

1:25:26

In this episode of Behind the Binary, we're joined by renowned security researcher Hahna Kane Latonick for a deep dive into the powerful world where reverse engineering meets data science. Hahna shares her expertise on how techniques like supervised and unsupervised learning can be used to classify and predict security threats, and she explains how…

1
EP245 From Consumer Chatbots to Enterprise Guardrails: Securing Real AI Adoption 33:35

2M ago33:35

33:35

Guest: Rick Caccia, CEO and Co-Founder, Witness AI Topics: In what ways is the current wave of enterprise AI adoption different from previous technology shifts? If we say "but it is different this time", then why? What is your take on "consumer grade AI for business" vs enterprise AI? A lot of this sounds a bit like the CASB era circa 2014. How is …

1
EP244 The Future of SOAPA: Jon Oltsik on Platform Consolidation vs. Best-of-Breed in the Age of Agentic AI 27:32

3M ago27:32

27:32

Guest: Jon Oltsik, security researcher, ex-ESG analyst Topics: You invented the concept of SOAPA – Security Operations & Analytics Platform Architecture. As we look towards SOAPA 2025, how do you see the ongoing debate between consolidating security around a single platform versus a more disaggregated, best-of-breed approach playing out? What are t…

1
EP15 Getting Ready for FLARE-On 12 - An Inside Look at the Reverse Engineering Gauntlet 39:13

3M ago39:13

39:13

In this episode, we're "Getting Ready for FLARE-On 12" with an inside look at the world-renowned reverse engineering competition. We’re joined by long-time FLARE-On host and challenge author Nick Harbour and regular challenge author Blas Kojusner for an in-depth conversation. We'll take a brief tour of FLARE-On history and discuss how it has grown …

1
EP243 Email Security in the AI Age: An Epic 2025 Arms Race Begins 29:00

3M ago29:00

29:00

Guest: Cy Khormaee, CEO, AegisAI Ryan Luo, CTO, AegisAI Topics: What is the state of email security in 2025? Why start an email security company now? Is it true that there are new and accelerating AI threats to email? It sounds cliche, but do you really have to use good AI to fight bad AI? What did you learn from your time fighting abuse at scale a…

1
EP242 The AI SOC: Is This The Automation We've Been Waiting For? 34:01

3M ago34:01

34:01

Guest: Augusto Barros, Principal Product Manager, Prophet Security, ex-Gartner analyst Topics: What is your definition of "AI SOC"? What will AI change in a SOC? What will the post-AI SOC look like? What are the primary mechanisms by which AI SOC tools reduce attacker dwell time, and what challenges do they face in maintaining signal fidelity? Why …

1
EP14 Web3's Dark Side: Unmasking the New Age of Financial Crime 1:12:14

3M ago1:12:14

1:12:14

Web3 promised a new era of decentralized finance, but it has also created a new frontier for crime, with thefts and hacks far surpassing those in the traditional financial sector. In this episode, we sit down with experts Blas Kojusner, Robert Wallace, and Joseph Dobson to explore the Wild West of Web3 and decentralized finance (DeFi). But what is …

1
EP241 From Black Box to Building Blocks: More Modern Detection Engineering Lessons from Google 31:33

3M ago31:33

31:33

Guest: Rick Correa,Uber TL Google SecOps, Google Cloud Topics: On the 3rd anniversary of Curated Detections, you've grown from 70 rules to over 4700. Can you walk us through that journey? What were some of the key inflection points and what have been the biggest lessons learned in scaling a detection portfolio so massively? Historically the SecOps …

1
EP240 Cyber Resiliency for the Rest of Us: Making it Happen on a Real-World Budget 29:25

4M ago29:25

29:25

Guest: Errol Weiss, Chief Security Officer (CSO) at Health-ISAC Topics: How adding digital resilience is crucial for enterprises? How to make the leaders shift from "just cybersecurity" to "digital resilience"? How to be the most resilient you can be given the resources? How to be the most resilient with the least amount of money? How to make yours…

1
EP239 Linux Security: The Detection and Response Disconnect and Where Is My Agentless EDR 25:29

4M ago25:29

25:29

Guest: Craig H. Rowland, Founder and CEO, Sandfly Security Topics: When it comes to Linux environments – spanning on-prem, cloud, and even–gasp–hybrid setups – where are you seeing the most significant blind spots for security teams today? There's sometimes a perception that Linux is inherently more secure or less of a malware target than Windows. …

1
EP13 Beyond the Bug: Scaling Bug Bounty Programs & Launching a Cyber Startup with Dr. Jared DeMott 37:15

4M ago37:15

37:15

In this episode of Behind the Binary, we sit down with Dr. Jared DeMott to pull back the curtain on the world of cybersecurity. Formerly with the Microsoft Security Response Center (MSRC), Jared shares invaluable wisdom on managing bug bounty programs at scale and what truly makes a good bug report. We then pivot to explore his fascinating career j…

1
EP238 Google Lessons for Using AI Agents for Securing Our Enterprise 31:40

4M ago31:40

31:40

Guest: Dominik Swierad, Senior PM D&R AI and Sec-Gemini Topics: When introducing AI agents to security teams at Google, what was your initial strategy to build trust and overcome the natural skepticism? Can you walk us through the very first conversations and the key concerns that were raised? With a vast array of applications, how did you identify…

1
EP237 Making Security Personal at the Speed and Scale of TikTok 28:40

4M ago28:40

28:40

Guest: Kim Albarella, Global Head of Security, TikTok Questions: Security is part of your DNA. In your day to day at TikTok, what are some tips you'd share with users about staying safe online? Many regulations were written with older technologies in mind. How do you bridge the gap between these legacy requirements and the realities of a modern, mi…

1
EP236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI 27:15

4M ago27:15

27:15

Guest: Manija Poulatova, Director of Security Engineering and Operations at Lloyd's Banking Group Topics: SIEM migration is hard, and it can take ages. Yours was - given the scale and the industry - on a relatively short side of 9 months. What's been your experience so far with that and what could have gone faster? Anton might be a "reformed" analy…

1
EP235 The Autonomous Frontier: Governing AI Agents from Code to Courtroom 34:06

5M ago34:06

34:06

Guest: Anna Gressel, Partner at Paul, Weiss, one of the AI practice leads Episode co-host: Marina Kaganovich, Office of the CISO, Google Cloud Questions: Agentic AI and AI agents, with its promise of autonomous decision-making and learning capabilities, presents a unique set of risks across various domains. What are some of the key areas of concern…

1
EP12 Unpacking Malware & Minds: A Reverse Engineer's Journey with Danny Quist 59:50

5M ago59:50

59:50

Join us as we explore the world of reverse engineering with pioneer and CTO, Danny Quist. We'll examine the evolving landscape of binary analysis tools, the constant battle with malware obfuscation, and what it was like building one of the very first malware repositories for research. Plus, Danny shares unique insights on neuro-diversity and cognit…

1
EP234 The SIEM Paradox: Logs, Lies, and Failing to Detect 37:59

5M ago37:59

37:59

Guest: Svetla Yankova, Founder and CEO, Citreno Topics: Why do so many organizations still collect logs yet don't detect threats? In other words, why is our industry spending more money than ever on SIEM tooling and still not "winning" against Tier 1 ... or even Tier 5 adversaries? What are the hardest parts about getting the right context into a S…

1
EP233 Product Security Engineering at Google: Resilience and Security 25:44

5M ago25:44

25:44

Guest: Cristina Vintila, Product Security Engineering Manager, Google Cloud Topic: Could you share insights into how Product Security Engineering approaches at Google have evolved, particularly in response to emerging threats (like Log4j in 2021)? You mentioned applying SRE best practices in detection and response, and overall in securing the Googl…

1
EP232 The Human Element of Privacy: Protecting High-Risk Targets and Designing Systems 31:37

5M ago31:37

31:37

Guest: Sarah Aoun, Privacy Engineer, Google Topic: You have had a fascinating career since we [Tim] graduated from college together – you mentioned before we met that you've consulted with a literal world leader on his personal digital security footprint. Maybe tell us how you got into this field of helping organizations treat sensitive information…

1
EP11 Tracing Lazarus: Greg Sinclair on Attributing North Korean Cyber Threats Through Binary Similarity 1:02:10

6M ago1:02:10

1:02:10

Ever wonder who names the world's most notorious APTs? In this episode, we sit down with Greg Sinclair, a reverse engineer from the FLARE team at Google. Greg not only hunts down sophisticated malware but also shares the behind the scenes story of how he discovered and named the North Korean APT, the Lazarus Group. He also discusses his innovative …

1
EP231 Beyond the Buzzword: Practical Detection as Code in the Enterprise 30:40

6M ago30:40

30:40

Guest: David French, Staff Adoption Engineer, Google Cloud Topic: Detection as code is one of those meme phrases I hear a lot, but I'm not sure everyone means the same thing when they say it. Could you tell us what you mean by it, and what upside it has for organizations in your model of it? What gets better for security teams and security outcomes…

1
EP230 AI Red Teaming: Surprises, Strategies, and Lessons from Google 26:11

6M ago26:11

26:11

Guest: Daniel Fabian, Principal Digital Arsonist, Google Topic: Your RSA talk highlights lessons learned from two years of AI red teaming at Google. Could you share one or two of the most surprising or counterintuitive findings you encountered during this process? What are some of the key differences or unique challenges you've observed when testin…

1
EP229 Beyond the Hype: Debunking Cloud Breach Myths (and What DBIR Says Now) 35:05

6M ago35:05

35:05

Guest: Alex Pinto, Associate Director of Threat Intelligence, Verizon Business, Lead the Verizon Data Breach Report Topics: How would you define "a cloud breach"? Is that a real (and different) thing? Are cloud breaches just a result of leaked keys and creds? If customers are responsible for 99% of cloud security problems, is cloud breach really ab…

1
EP10 Tim Blazytko - Protecting Intellectual Property: Obfuscation & Anti-Reverse Engineering in Software 1:08:32

6M ago1:08:32

1:08:32

What goes into creating effective software protections? This episode features a conversation with Tim Blazytko, Chief Scientist and Head of Engineering at Emproof, about the essential strategies for protecting software intellectual property. We cover the core concepts of code obfuscation and anti-reverse engineering and discuss practical, modern ap…

1
EP228 SIEM in 2025: Still Hard? Reimagining Detection at Cloud Scale and with More Pipelines 27:09

6M ago27:09

27:09

Guest Alan Braithwaite, Co-founder and CTO @ RunReveal Topics: SIEM is hard, and many vendors have discovered this over the years. You need to get storage, security and integration complexity just right. You also need to be better than incumbents. How would you approach this now? Decoupled SIEM vs SIEM/EDR/XDR combo. These point in the opposite dir…

1
EP227 AI-Native MDR: Betting on the Future of Security Operations? 23:58

7M ago23:58

23:58

Guests: Eric Foster, CEO of Tenex.AI Venkata Koppaka, CTO of Tenex.AI Topics: Why is your AI-powered MDR special? Why start an MDR from scratch using AI? So why should users bet on an "AI-native" MDR instead of an MDR that has already got its act together and is now applying AI to an existing set of practices? What's the current breakdown in labor …

1
EP226 AI Supply Chain Security: Old Lessons, New Poisons, and Agentic Dreams 24:39

7M ago24:39

24:39

Guest: Christine Sizemore, Cloud Security Architect, Google Cloud Topics: Can you describe the key components of an AI software supply chain, and how do they compare to those in a traditional software supply chain? I hope folks listening have heard past episodes where we talked about poisoning training data. What are the other interesting and unexp…

1
EP09 Thomas Roccia - AI, Data Visualization, and the Future of Security Research 1:08:07

7M ago1:08:07

1:08:07

In this episode, we’re joined by Thomas Roccia, a security researcher at Microsoft. Thomas discusses the growth of the Unprotect Project, how AI is changing security research, and the impact of data visualizations for conveying technical information. Drawing on his experience, Thomas offers a unique perspective on the intersection of open-source co…

1
EP225 Cross-promotion: The Cyber-Savvy Boardroom Podcast: EP2 Christian Karam on the Use of AI 24:46

7M ago24:46

24:46

Hosts: David Homovich, Customer Advocacy Lead, Office of the CISO, Google Cloud Alicja Cade, Director, Office of the CISO, Google Cloud Guest: Christian Karam, Strategic Advisor and Investor Resources: EP2 Christian Karam on the Use of AI (as aired originally) The Cyber-Savvy Boardroom podcast site The Cyber-Savvy Boardroom podcast on Spotify The C…

1
EP224 Protecting the Learning Machines: From AI Agents to Provenance in MLSecOps 30:40

7M ago30:40

30:40

Guest: Diana Kelley, CSO at Protect AI Topics: Can you explain the concept of "MLSecOps" as an analogy with DevSecOps, with 'Dev' replaced by 'ML'? This has nothing to do with SecOps, right? What are the most critical steps a CISO should prioritize when implementing MLSecOps within their organization? What gets better when you do it? How do we adap…

1
EP223 AI Addressable, Not AI Solvable: Reflections from RSA 2025 31:37

7M ago31:37

31:37

Guests: no guests, just us in the studio Topics: At RSA 2025, did we see solid, measurably better outcomes from AI use in security, or mostly just "sizzle" and good ideas with potential? Are the promises of an "AI SOC" repeating the mistakes seen with SOAR in previous years regarding fully automated security operations? Does "AI SOC" work according…

1
EP222 From Post-IR Lessons to Proactive Security: Deconstructing Mandiant M-Trends 35:19

7M ago35:19

35:19

Guests: Kirstie Failey @ Google Threat Intelligence Group Scott Runnels @ Mandiant Incident Response Topics: What is the hardest thing about turning distinct incident reports into a fun to read and useful report like M-Trends? How much are the lessons and recommendations skewed by the fact that they are all "post-IR" stories? Are "IR-derived" secur…

1
EP221 Special - Semi-Live from Google Cloud Next 2025: AI, Agents, Security ... Cloud? 30:26

8M ago30:26

30:26

Guests: No guests [Tim in Vegas and Anton remote] Topics: So, another Next is done. Beyond the usual Vegas chaos, what was the overarching security theme or vibe you [Tim] felt dominated the conference this year? Thinking back to Next '24, what felt genuinely different this year versus just the next iteration of last year's trends? Last year, we po…

1
EP08 Roman Hussy - Inside AbuseCH: A Community's Fight Against Malware 42:13

8M ago42:13

42:13

This episode shines a light on abuse.ch, a vital non-profit project built by and for the global cybersecurity community. We chat with founder Roman Huessy about the collective effort behind tracking malware and botnets for over a decade. Discover the journey of maintaining a crucial shared resource—the technical challenges of hosting an open platfo…

1
EP220 Big Rewards for Cloud Security: Exploring the Google VRP 29:13

8M ago29:13

29:13

Guests: Michael Cote, Cloud VRP Lead, Google Cloud Aadarsh Karumathil, Security Engineer, Google Cloud Topics: Vulnerability response at cloud-scale sounds very hard! How do you triage vulnerability reports and make sure we're addressing the right ones in the underlying cloud infrastructure? How do you determine how much to pay for each vulnerabili…

1
EP219 Beyond the Buzzwords: Decoding Cyber Risk and Threat Actors in Asia Pacific 31:46

8M ago31:46

31:46

Guest: Steve Ledzian, APAC CTO, Mandiant at Google Cloud Topics: We've seen a shift in how boards engage with cybersecurity. From your perspective, what's the most significant misconception boards still hold about cyber risk, particularly in the Asia Pacific region, and how has that impacted their decision-making? Cybersecurity is rife with jargon.…

1
EP218 IAM in the Cloud & AI Era: Navigating Evolution, Challenges, and the Rise of ITDR/ISPM 30:10

8M ago30:10

30:10

Guest: Henrique Teixeira, Senior VP of Strategy, Saviynt, ex-Gartner analyst Topics: How have you seen IAM evolve over the years, especially with the shift to the cloud, and now AI? What are some of the biggest challenges and opportunities these two shifts present? ITDR (Identity Threat Detection and Response) and ISPM (Identity Security Posture Ma…

Kuuntelemisen arvoisia podcasteja

Google Cloud podcastit

Kuuntelemisen arvoisia podcasteja

Pikakäyttöopas