Guest: <ul> <li dir="ltr" role="presentation"><a href= "https://www.linkedin.com/in/alex-polyakov-cyber/">Alex Polyakov</a>, CEO at <a href="https://adversa.ai/">Adversa AI</a></li> </ul> Topics: <ul> <li dir="ltr" role="presentation">Adversa AI is known for its focus on AI red teaming and adversarial attacks. Can you share a particularly memorable red teaming exercise that exposed a surprising vulnerability in an AI system? What was the key takeaway for your team and the client?</li> <li dir="ltr" role="presentation">Beyond traditional adversarial attacks, what emerging threats in the AI security landscape are you most concerned about right now? </li> <li dir="ltr" role="presentation">What trips most clients,  classic security mistakes in AI systems or AI-specific mistakes?</li> <li dir="ltr" role="presentation">Are there truly new mistakes in AI systems or are they old mistakes in new clothing?</li> <li dir="ltr" role="presentation">I know it is not your job to fix it, but much of this is unfixable, right?</li> <li dir="ltr" role="presentation">Is it a good idea to use AI to secure AI?</li> </ul> Resources: <ul> <li dir="ltr" role="presentation"><a href= "https://cloud.withgoogle.com/cloudsecurity/podcast/ep84-how-to-secure-artificial-intelligence-ai-threats-approaches-lessons-so-far/"> EP84 How to Secure Artificial Intelligence (AI): Threats, Approaches, Lessons So Far</a></li> <li dir="ltr" role="presentation"><a href= "https://adversa.ai/blog/ai-red-teaming-reasoning-llm-jailbreak-china-deepseek-qwen-kimi/"> AI Red Teaming Reasoning LLM US vs China: Jailbreak Deepseek, Qwen, O1, O3, Claude, Kimi</a></li> <li dir="ltr" role="presentation"><a href= "https://adversa.ai/topic/trusted-ai-blog/">Adversa AI blog</a></li> <li dir="ltr" role="presentation"><a href= "https://cloud.google.com/transform/oops-5-serious-gen-AI-security-mistakes-to-avoid/"> Oops! 5 serious gen AI security mistakes to avoid</a></li> <li><a href= "https://www.googlecloudcommunity.com/gc/Community-Blog/Generative-AI-Fast-Followership-Avoid-These-First-Adopter/ba-p/849659"> Generative AI Fast Followership: Avoid These First Adopter Security Missteps</a></li> </ul>

<description>&lt;p dir="ltr"&gt;Guest:&lt;/p&gt; &lt;ul&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://www.linkedin.com/in/alex-polyakov-cyber/"&gt;Alex Polyakov&lt;/a&gt;, CEO at &lt;a href="https://adversa.ai/"&gt;Adversa AI&lt;/a&gt;&lt;/li&gt; &lt;/ul&gt; &lt;p dir="ltr"&gt;Topics:&lt;/p&gt; &lt;ul&gt; &lt;li dir="ltr" role="presentation"&gt;Adversa AI is known for its focus on AI red teaming and adversarial attacks. Can you share a particularly memorable red teaming exercise that exposed a surprising vulnerability in an AI system? What was the key takeaway for your team and the client?&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;Beyond traditional adversarial attacks, what emerging threats in the AI security landscape are you most concerned about right now? &lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;What trips most clients,  classic security mistakes in AI systems or AI-specific mistakes?&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;Are there truly new mistakes in AI systems or are they old mistakes in new clothing?&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;I know it is not your job to fix it, but much of this is unfixable, right?&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;Is it a good idea to use AI to secure AI?&lt;/li&gt; &lt;/ul&gt; &lt;p dir="ltr"&gt;Resources:&lt;/p&gt; &lt;ul&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://cloud.withgoogle.com/cloudsecurity/podcast/ep84-how-to-secure-artificial-intelligence-ai-threats-approaches-lessons-so-far/"&gt; EP84 How to Secure Artificial Intelligence (AI): Threats, Approaches, Lessons So Far&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://adversa.ai/blog/ai-red-teaming-reasoning-llm-jailbreak-china-deepseek-qwen-kimi/"&gt; AI Red Teaming Reasoning LLM US vs China: Jailbreak Deepseek, Qwen, O1, O3, Claude, Kimi&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://adversa.ai/topic/trusted-ai-blog/"&gt;Adversa AI blog&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://cloud.google.com/transform/oops-5-serious-gen-AI-security-mistakes-to-avoid/"&gt; Oops! 5 serious gen AI security mistakes to avoid&lt;/a&gt;&lt;/li&gt; &lt;li&gt;&lt;a href= "https://www.googlecloudcommunity.com/gc/Community-Blog/Generative-AI-Fast-Followership-Avoid-These-First-Adopter/ba-p/849659"&gt; Generative AI Fast Followership: Avoid These First Adopter Security Missteps&lt;/a&gt;&lt;/li&gt; &lt;/ul&gt;</description>

Guest:  , CEO at   Topics:  Adversa AI is known for its focus on AI red teaming and adversarial attacks. Can you share a particularly memorable red teaming exercise that exposed a surprising vulnerability in an AI system? What was the key takeaway for...

EP217 Red Teaming AI: Uncovering Surprises, Facing New Threats, and the Same Old Mistakes?

Guest: <ul> <li dir="ltr" role="presentation"><a href= "https://www.linkedin.com/in/cirninja/">James Campbell</a>, CEO, <a href="https://www.cadosecurity.com/">Cado Security</a></li> <li dir="ltr" role="presentation"><a href= "https://www.linkedin.com/in/cdoman/">Chris Doman</a>, CTO, <a href="https://www.cadosecurity.com/">Cado Security</a></li> </ul> Topics: <ul> <li dir="ltr" role="presentation">Cloud Detection and Response (CDR) vs Cloud Investigation and Response Automation(<a href= "https://www.gartner.com/reviews/market/cloud-investigation-and-response-automation-cira">CIRA</a>) ... what’s the story here? There is an “R” in CDR, right?</li> <li dir="ltr" role="presentation">Can’t my (modern) SIEM/SOAR do that?  What about this becoming a part of modern SIEM/SOAR in the future?</li> <li dir="ltr" role="presentation">What gets better when you deploy a CIRA (a) and your CIRA in particular (b)?</li> <li dir="ltr" role="presentation">Ephemerality and security, what are the fun overlaps? Does “E” help “S” or hurts it? What about compliance? Ephemeral compliance sounds iffy…</li> <li dir="ltr" role="presentation">Cloud investigations, what is special about them?</li> <li dir="ltr" role="presentation">How does CSPM intersect with this? Is CIRA part of CNAPP?  </li> <li dir="ltr" role="presentation">A secret question, need to listen for it!</li> </ul> Resources: <ul> <li dir="ltr" role="presentation"><a href= "https://cloud.withgoogle.com/cloudsecurity/podcast/ep157-decoding-cdr-cira-what-happens-when-secops-meets-cloud/"> EP157 Decoding CDR & CIRA: What Happens When SecOps Meets Cloud</a></li> <li dir="ltr" role="presentation"><a href= "https://cloud.withgoogle.com/cloudsecurity/podcast/ep67-cyber-defense-matrix-and-does-cloud-security-have-to-die-to-win/"> EP67 Cyber Defense Matrix and Does Cloud Security Have to DIE to Win?</a></li> <li dir="ltr" role="presentation"><a href= "https://cloud.withgoogle.com/cloudsecurity/podcast/ep158-ghostbusters-for-the-cloud-who-you-gonna-call-for-cloud-forensics/"> EP158 Ghostbusters for the Cloud: Who You Gonna Call for Cloud Forensics</a></li> <li dir="ltr" role="presentation"><a href= "https://github.com/ramimac/aws-customer-security-incidents'">Cloud security incidents (Rami McCarthy)</a></li> <li dir="ltr" role="presentation"><a href= "https://www.cadosecurity.com/resources">Cado resources</a></li> </ul>

<description>&lt;p dir="ltr"&gt;Guest:&lt;/p&gt; &lt;ul&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://www.linkedin.com/in/cirninja/"&gt;James Campbell&lt;/a&gt;, CEO, &lt;a href="https://www.cadosecurity.com/"&gt;Cado Security&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://www.linkedin.com/in/cdoman/"&gt;Chris Doman&lt;/a&gt;, CTO, &lt;a href="https://www.cadosecurity.com/"&gt;Cado Security&lt;/a&gt;&lt;/li&gt; &lt;/ul&gt; &lt;p dir="ltr"&gt;Topics:&lt;/p&gt; &lt;ul&gt; &lt;li dir="ltr" role="presentation"&gt;Cloud Detection and Response (CDR) vs Cloud Investigation and Response Automation(&lt;a href= "https://www.gartner.com/reviews/market/cloud-investigation-and-response-automation-cira"&gt;CIRA&lt;/a&gt;) ... what’s the story here? There is an “R” in CDR, right?&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;Can’t my (modern) SIEM/SOAR do that?  What about this becoming a part of modern SIEM/SOAR in the future?&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;What gets better when you deploy a CIRA (a) and your CIRA in particular (b)?&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;Ephemerality and security, what are the fun overlaps? Does “E” help “S” or hurts it? What about compliance? Ephemeral compliance sounds iffy…&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;Cloud investigations, what is special about them?&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;How does CSPM intersect with this? Is CIRA part of CNAPP?  &lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;A secret question, need to listen for it!&lt;/li&gt; &lt;/ul&gt; &lt;p dir="ltr"&gt;Resources:&lt;/p&gt; &lt;ul&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://cloud.withgoogle.com/cloudsecurity/podcast/ep157-decoding-cdr-cira-what-happens-when-secops-meets-cloud/"&gt; EP157 Decoding CDR &amp; CIRA: What Happens When SecOps Meets Cloud&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://cloud.withgoogle.com/cloudsecurity/podcast/ep67-cyber-defense-matrix-and-does-cloud-security-have-to-die-to-win/"&gt; EP67 Cyber Defense Matrix and Does Cloud Security Have to DIE to Win?&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://cloud.withgoogle.com/cloudsecurity/podcast/ep158-ghostbusters-for-the-cloud-who-you-gonna-call-for-cloud-forensics/"&gt; EP158 Ghostbusters for the Cloud: Who You Gonna Call for Cloud Forensics&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://github.com/ramimac/aws-customer-security-incidents'"&gt;Cloud security incidents (Rami McCarthy)&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://www.cadosecurity.com/resources"&gt;Cado resources&lt;/a&gt;&lt;/li&gt; &lt;/ul&gt; &lt;p&gt; &lt;/p&gt;</description>

Guest:  , CEO,  , CTO,   Topics:  Cloud Detection and Response (CDR) vs Cloud Investigation and Response Automation() ... what’s the story here? There is an “R” in CDR, right? Can’t my (modern) SIEM/SOAR do that?  What about this becoming...

EP216 Ephemeral Clouds, Lasting Security: CIRA, CDR, and the Future of Cloud Investigations

Guest: <ul> <li dir="ltr" role="presentation"><a href= "https://www.linkedin.com/in/meador-inge-a1419a6/">Meador Inge</a>, Security Engineer, Google Cloud</li> </ul>  Topics: <ul> <li dir="ltr" role="presentation">Can you walk us through Google's typical threat modeling process? What are the key steps involved?</li> <li dir="ltr" role="presentation">Threat modeling can be applied to various areas. Where does Google utilize it the most? How do we apply this to huge and complex systems?</li> <li dir="ltr" role="presentation">How does Google keep its threat models updated? What triggers a reassessment?</li> <li dir="ltr" role="presentation">How does Google operationalize threat modeling information to prioritize security work and resource allocation? How does it influence your security posture?</li> <li dir="ltr" role="presentation">What are the biggest challenges Google faces in scaling and improving its threat modeling practices? Any stories where we got this wrong?</li> <li dir="ltr" role="presentation">How can LLMs like Gemini improve Google's threat modeling activities? Can you share examples of basic and more sophisticated techniques?</li> <li dir="ltr" role="presentation">What advice would you give to organizations just starting with threat modeling? </li> </ul> Resources: <ul> <li dir="ltr" role="presentation"><a href= "https://cloud.withgoogle.com/cloudsecurity/podcast/threat-models-and-cloud-security/"> EP12 Threat Models and Cloud Security</a></li> <li dir="ltr" role="presentation"><a href= "https://cloud.withgoogle.com/cloudsecurity/podcast/ep150-taming-the-ai-beast-threat-modeling-for-modern-ai-systems-with-gary-mcgraw/"> EP150 Taming the AI Beast: Threat Modeling for Modern AI Systems with Gary McGraw</a></li> <li dir="ltr" role="presentation"><a href= "https://cloud.withgoogle.com/cloudsecurity/podcast/ep200-zero-touch-prod-security-rings-and-foundational-services-how-google-does-workload-security/"> EP200 Zero Touch Prod, Security Rings, and Foundational Services: How Google Does Workload Security</a></li> <li dir="ltr" role="presentation"><a href= "https://cloud.withgoogle.com/cloudsecurity/podcast/ep140-system-hardening-at-google-scale-new-challenges-new-solutions/"> EP140 System Hardening at Google Scale: New Challenges, New Solutions</a></li> <li dir="ltr" role="presentation"><a href= "https://www.threatmodelingmanifesto.org/">Threat Modeling manifesto</a></li> <li dir="ltr" role="presentation"><a href= "https://cloud.withgoogle.com/cloudsecurity/podcast/ep176-google-on-google-cloud-how-google-secures-its-own-cloud-use/"> EP176 Google on Google Cloud: How Google Secures Its Own Cloud Use</a></li> <li dir="ltr" role="presentation"><a href= "https://github.com/hysnsec/awesome-threat-modelling">Awesome Threat Modeling</a></li> <li dir="ltr" role="presentation"><a href= "https://shostack.org/books/threat-modeling-book">Adam Shostack “Threat Modeling: Designing for Security”</a> book</li> <li dir="ltr" role="presentation"><a href= "https://www.cl.cam.ac.uk/archive/rja14/book.html">Ross Anderson “Security Engineering”</a>  book</li> <li><a href= "https://www.amazon.com/How-Solve-Mathematical-Princeton-Science/dp/069111966X"> ”How to Solve It”</a> book</li> </ul>

<description>&lt;p dir="ltr"&gt;Guest:&lt;/p&gt; &lt;ul&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://www.linkedin.com/in/meador-inge-a1419a6/"&gt;Meador Inge&lt;/a&gt;, Security Engineer, Google Cloud&lt;/li&gt; &lt;/ul&gt; &lt;p&gt;&lt;strong&gt; &lt;/strong&gt;Topics:&lt;/p&gt; &lt;ul&gt; &lt;li dir="ltr" role="presentation"&gt;Can you walk us through Google's typical threat modeling process? What are the key steps involved?&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;Threat modeling can be applied to various areas. Where does Google utilize it the most? How do we apply this to huge and complex systems?&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;How does Google keep its threat models updated? What triggers a reassessment?&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;How does Google operationalize threat modeling information to prioritize security work and resource allocation? How does it influence your security posture?&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;What are the biggest challenges Google faces in scaling and improving its threat modeling practices? Any stories where we got this wrong?&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;How can LLMs like Gemini improve Google's threat modeling activities? Can you share examples of basic and more sophisticated techniques?&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;What advice would you give to organizations just starting with threat modeling? &lt;/li&gt; &lt;/ul&gt; &lt;p dir="ltr"&gt;Resources:&lt;/p&gt; &lt;ul&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://cloud.withgoogle.com/cloudsecurity/podcast/threat-models-and-cloud-security/"&gt; EP12 Threat Models and Cloud Security&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://cloud.withgoogle.com/cloudsecurity/podcast/ep150-taming-the-ai-beast-threat-modeling-for-modern-ai-systems-with-gary-mcgraw/"&gt; EP150 Taming the AI Beast: Threat Modeling for Modern AI Systems with Gary McGraw&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://cloud.withgoogle.com/cloudsecurity/podcast/ep200-zero-touch-prod-security-rings-and-foundational-services-how-google-does-workload-security/"&gt; EP200 Zero Touch Prod, Security Rings, and Foundational Services: How Google Does Workload Security&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://cloud.withgoogle.com/cloudsecurity/podcast/ep140-system-hardening-at-google-scale-new-challenges-new-solutions/"&gt; EP140 System Hardening at Google Scale: New Challenges, New Solutions&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://www.threatmodelingmanifesto.org/"&gt;Threat Modeling manifesto&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://cloud.withgoogle.com/cloudsecurity/podcast/ep176-google-on-google-cloud-how-google-secures-its-own-cloud-use/"&gt; EP176 Google on Google Cloud: How Google Secures Its Own Cloud Use&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://github.com/hysnsec/awesome-threat-modelling"&gt;Awesome Threat Modeling&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://shostack.org/books/threat-modeling-book"&gt;Adam Shostack “Threat Modeling: Designing for Security”&lt;/a&gt; book&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://www.cl.cam.ac.uk/archive/rja14/book.html"&gt;Ross Anderson “Security Engineering”&lt;/a&gt;  book&lt;/li&gt; &lt;li&gt;&lt;a href= "https://www.amazon.com/How-Solve-Mathematical-Princeton-Science/dp/069111966X"&gt; ”How to Solve It”&lt;/a&gt; book&lt;/li&gt; &lt;/ul&gt;</description>

Guest:  , Security Engineer, Google Cloud   Topics:  Can you walk us through Google's typical threat modeling process? What are the key steps involved? Threat modeling can be applied to various areas. Where does Google utilize it the most? How do...

EP215 Threat Modeling at Google: From Basics to AI-powered Magic

Guest: <ul> <li dir="ltr" role="presentation"><a href= "https://www.linkedin.com/in/archanaramamoorthy/">Archana Ramamoorthy</a>, Senior Director of Product Management, Google Cloud</li> </ul> Topics: <ul> <li dir="ltr" role="presentation">You are responsible for building systems that need to comply with laws that are often mutually contradictory. It seems technically impossible to do, how do you do this?</li> <li dir="ltr" role="presentation">Google is not alone in being a global company with local customers and local requirements. How are we building systems that provide local compliance with global consistency in their use for customers who are similar in scale to us? </li> <li dir="ltr" role="presentation">Originally, Google had global systems synchronized around the entire planet–planet scale supercompute–with atomic clocks. How did we get to regionalized approach from there? </li> <li dir="ltr" role="presentation">Engineering takes a long time. How do we bring enough agility to product definition and engineering design to give our users robust foundations in our systems that also let us keep up with changing and diverging regulatory goals?</li> <li dir="ltr" role="presentation">What are some of the biggest challenges you face working in the trusted cloud space?</li> <li dir="ltr" role="presentation">Is there something you would like to share about being a woman leader in technology?  How did you overcome the related challenges?</li> </ul> Resources: <ul> <li dir="ltr" role="presentation"><a href= "https://youtu.be/28z2Au40UyM">Video</a></li> <li dir="ltr" role="presentation"><a href= "https://www.forbes.com/sites/googlecloud/2020/07/14/compliance-without-compromise/"> “Compliance Without Compromise”</a> by Jeanette Manfra (2020, still very relevant!)</li> <li dir="ltr" role="presentation"><a href= "https://www.amazon.com/Good-Great-Some-Companies-Others/dp/0066620996"> “Good to Great”</a> book</li> <li><a href= "https://www.amazon.com/Appreciative-Leadership-Performance-Thriving-Organization/dp/0071714065"> “Appreciative Leadership”</a> book</li> </ul>

<description>&lt;p dir="ltr"&gt;Guest:&lt;/p&gt; &lt;ul&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://www.linkedin.com/in/archanaramamoorthy/"&gt;Archana Ramamoorthy&lt;/a&gt;, Senior Director of Product Management, Google Cloud&lt;/li&gt; &lt;/ul&gt; &lt;p dir="ltr"&gt;Topics:&lt;/p&gt; &lt;ul&gt; &lt;li dir="ltr" role="presentation"&gt;You are responsible for building systems that need to comply with laws that are often mutually contradictory. It seems technically impossible to do, how do you do this?&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;Google is not alone in being a global company with local customers and local requirements. How are we building systems that provide local compliance with global consistency in their use for customers who are similar in scale to us? &lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;Originally, Google had global systems synchronized around the entire planet–planet scale supercompute–with atomic clocks. How did we get to regionalized approach from there? &lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;Engineering takes a long time. How do we bring enough agility to product definition and engineering design to give our users robust foundations in our systems that also let us keep up with changing and diverging regulatory goals?&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;What are some of the biggest challenges you face working in the trusted cloud space?&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;Is there something you would like to share about being a woman leader in technology?  How did you overcome the related challenges?&lt;/li&gt; &lt;/ul&gt; &lt;p dir="ltr"&gt;Resources:&lt;/p&gt; &lt;ul&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://youtu.be/28z2Au40UyM"&gt;Video&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://www.forbes.com/sites/googlecloud/2020/07/14/compliance-without-compromise/"&gt; “Compliance Without Compromise”&lt;/a&gt; by Jeanette Manfra (2020, still very relevant!)&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://www.amazon.com/Good-Great-Some-Companies-Others/dp/0066620996"&gt; “Good to Great”&lt;/a&gt; book&lt;/li&gt; &lt;li&gt;&lt;a href= "https://www.amazon.com/Appreciative-Leadership-Performance-Thriving-Organization/dp/0071714065"&gt; “Appreciative Leadership”&lt;/a&gt; book&lt;/li&gt; &lt;/ul&gt;</description>

Guest:  , Senior Director of Product Management, Google Cloud  Topics:  You are responsible for building systems that need to comply with laws that are often mutually contradictory. It seems technically impossible to do, how do you do this? Google is...

EP214 Reconciling the Impossible: Engineering Cloud Systems for Diverging Regulations

Guest: <ul> <li dir="ltr" role="presentation"><a href= "https://www.linkedin.com/in/yigaelberger/">Yigael Berger</a>, Head of AI, <a href="https://www.sweet.security/">Sweet Security</a></li> </ul> Topic: <ul> <li dir="ltr" role="presentation">Where do you see a gap between the “promise” of LLMs for security and how they are actually used in the field to solve customer pains?</li> <li dir="ltr" role="presentation">I know you use LLMs for anomaly detection. Explain how that “trick” works? What is it good for? How effective do you think it will be? </li> <li dir="ltr" role="presentation">Can you compare this to other anomaly detection methods? Also, won’t this be costly - how do you manage to keep inference costs under control at scale? </li> <li dir="ltr" role="presentation">SOC teams often grapple with the tradeoff between “seeing everything” so that they never miss any attack, and handling too much noise. What are you seeing emerge in cloud D&R to address this challenge?</li> <li dir="ltr" role="presentation">We hear from folks who developed an automated approach to handle a reviews queue previously handled by people. Inevitably even if precision and recall can be shown to be superior, executive or customer backlash comes hard with a false negative (or a flood of false positives). Have you seen this phenomenon, and if so, what have you learned about handling it?</li> <li dir="ltr" role="presentation">What are other barriers that need to be overcome so that LLMs can push the envelope further for improving security?</li> <li dir="ltr" role="presentation">So from your perspective, LLMs are going to tip the scale in whose favor - cybercriminals or defenders? </li> </ul> Resource: <ul> <li dir="ltr" role="presentation"><a href= "https://cloud.withgoogle.com/cloudsecurity/podcast/ep157-decoding-cdr-cira-what-happens-when-secops-meets-cloud/"> EP157 Decoding CDR & CIRA: What Happens When SecOps Meets Cloud</a></li> <li dir="ltr" role="presentation"><a href= "https://cloud.withgoogle.com/cloudsecurity/podcast/ep194-deep-dive-into-adr-application-detection-and-response/"> EP194 Deep Dive into ADR - Application Detection and Response</a></li> <li dir="ltr" role="presentation"><a href= "https://cloud.withgoogle.com/cloudsecurity/podcast/ep135-ai-and-security-the-good-the-bad-and-the-magical/"> EP135 AI and Security: The Good, the Bad, and the Magical</a></li> <li dir="ltr" role="presentation"><a href= "https://www.youtube.com/@AndrejKarpathy/playlists">Andrej Karpathy series on how LLMs work</a></li> <li dir="ltr" role="presentation"><a href= "https://www.sweet.security/blog">Sweet Security blog</a></li> </ul>

<description>&lt;p dir="ltr"&gt;Guest:&lt;/p&gt; &lt;ul&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://www.linkedin.com/in/yigaelberger/"&gt;Yigael Berger&lt;/a&gt;, Head of AI, &lt;a href="https://www.sweet.security/"&gt;Sweet Security&lt;/a&gt;&lt;/li&gt; &lt;/ul&gt; &lt;p dir="ltr"&gt;Topic:&lt;/p&gt; &lt;ul&gt; &lt;li dir="ltr" role="presentation"&gt;Where do you see a gap between the “promise” of LLMs for security and how they are actually used in the field to solve customer pains?&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;I know you use LLMs for anomaly detection. Explain how that “trick” works? What is it good for? How effective do you think it will be? &lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;Can you compare this to other anomaly detection methods? Also, won’t this be costly - how do you manage to keep inference costs under control at scale? &lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;SOC teams often grapple with the tradeoff between “seeing everything” so that they never miss any attack, and handling too much noise. What are you seeing emerge in cloud D&amp;R to address this challenge?&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;We hear from folks who developed an automated approach to handle a reviews queue previously handled by people. Inevitably even if precision and recall can be shown to be superior, executive or customer backlash comes hard with a false negative (or a flood of false positives). Have you seen this phenomenon, and if so, what have you learned about handling it?&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;What are other barriers that need to be overcome so that LLMs can push the envelope further for improving security?&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;So from your perspective, LLMs are going to tip the scale in whose favor - cybercriminals or defenders? &lt;/li&gt; &lt;/ul&gt; &lt;p dir="ltr"&gt;Resource:&lt;/p&gt; &lt;ul&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://cloud.withgoogle.com/cloudsecurity/podcast/ep157-decoding-cdr-cira-what-happens-when-secops-meets-cloud/"&gt; EP157 Decoding CDR &amp; CIRA: What Happens When SecOps Meets Cloud&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://cloud.withgoogle.com/cloudsecurity/podcast/ep194-deep-dive-into-adr-application-detection-and-response/"&gt; EP194 Deep Dive into ADR - Application Detection and Response&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://cloud.withgoogle.com/cloudsecurity/podcast/ep135-ai-and-security-the-good-the-bad-and-the-magical/"&gt; EP135 AI and Security: The Good, the Bad, and the Magical&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://www.youtube.com/@AndrejKarpathy/playlists"&gt;Andrej Karpathy series on how LLMs work&lt;/a&gt;&lt;/li&gt; &lt;li dir="ltr" role="presentation"&gt;&lt;a href= "https://www.sweet.security/blog"&gt;Sweet Security blog&lt;/a&gt;&lt;/li&gt; &lt;/ul&gt; &lt;p&gt; &lt;/p&gt;</description>

Guest:  , Head of AI,   Topic:  Where do you see a gap between the “promise” of LLMs for security and how they are actually used in the field to solve customer pains? I know you use LLMs for anomaly detection. Explain how that “trick” works?...

EP213 From Promise to Practice: LLMs for Anomaly Detection and Real-World Cloud Security

Cloud Security Podcast by Google focuses on security in the cloud, delivering security from the cloud, and all things at the intersection of security and cloud. Of course, we will also cover what we are doing in Google Cloud to help keep our users' data safe and workloads secure. 

We’re going to do our best to avoid security theater, and cut to the heart of real security questions and issues. Expect us to question threat models and ask if something is done for the data subject’s benefit or just for organizational benefit. 

We hope you’ll join us if you’re interested in where technology overlaps with process and bumps up against organizational design. We’re hoping to attract listeners who are happy to hear conventional wisdom questioned, and who are curious about what lessons we can and can’t keep as the world moves from on-premises computing to cloud computing.

Cloud Security Podcast by Google

Details

Recent Episodes