Incident Response of Kubernetes and how to Automate Containment
How do you perform incident response on a Kubernetes cluster when you're not even on the same network? In this episode, Damien Burks, Senior Security engineer breaks down the immense challenges of container security and why most commercial tools are failing at automated response.While many CNAPPs provide runtime detection, they lack a "sophisticated approach to automating incident response or containment" in complex environments like private EKS . He shares his hands-on experience building a platform that uses a dynamically deployed Lambda function to achieve containment of a compromised EKS node in just 10 minutes, a process that would otherwise take hours of manual work and approvals .This is a guide for any DevSecOps or cloud security professional tasked with securing containerized workloads. The conversation also covers a layered prevention strategy, the evolving role of the cloud security engineer, and career advice for those looking to enter the field.Guest Socials - Damien's LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Security PodcastQuestions asked:(00:00) Introduction(02:15) Who is Damien Burks?(03:20) The State of Cloud Incident Response in 2025(05:15) Why There is No Sophisticated, Automated IR for Kubernetes(06:20) A Deep Dive into Kubernetes Incident Response(07:30) The Unique Challenge of a Private EKS Cluster(12:15) A Layered Approach to Prevention in a DevSecOps Culture(17:00) How to Automate Containment in a Private EKS Cluster(17:40) From Hours to 10 Minutes: The Impact of Automation(22:00) The Evolving & Complex Role of the Cloud Security Engineer(25:40) Do We Have Too Much Visibility or Not Enough?(29:00) Career Path: The Value of Learning to Code for DevSecOps(35:00) Damien's Hot Take: "Multi-Cloud Just Means Chaos"(44:20) Career Advice for Traditional IR Professionals Moving to Cloud(47:50) Final Questions: Video Games, Life's Journey, and GumboResources spoke about during the interviewDamien's Website
--------
52:22
--------
52:22
The Truth About AI in the SOC: From Alert Fatigue to Detection Engineering
"The next five years are gonna be wild." That's the verdict from Forrester Principal Analyst Allie Mellen on the state of Security Operations. This episode dives into the "massive reset" that is transforming the SOC, driven by the rise of generative AI and a revolution in data management.Allie explains why the traditional L1, L2, L3 SOC model, long considered a "rite of passage" that leads to burnout is being replaced by a more agile and effective Detection Engineering structure. As a self-proclaimed "AI skeptic," she cuts through the marketing hype to reveal what's real and what's not, arguing that while we are "not really at the point of agentic" AI, the real value lies in specialized triage and investigation agents.Guest Socials - Allie's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Security PodcastQuestions asked:(00:00) Introduction(02:35) Who is Allie Mellen?(03:15) What is Security Operations in 2025? The SIEM & XDR Shakeup(06:20) The Rise of Security Data Lakes & Data Pipeline Tools(09:20) A "Great Reset" is Coming for the SOC(10:30) Why the L1/L2/L3 Model is a Burnout Machine(13:25) The Future is Detection Engineering: An "Infinite Loop of Improvement"(17:10) Using AI Hallucinations as a Feature for New Detections(18:30) AI in the SOC: Separating Hype from Reality(22:30) What is "Agentic AI" (and Are We There Yet?)(26:20) "No One Knows How to Secure AI": The Detection & Response Challenge(28:10) The Critical Role of Observability Data for AI Security(31:30) Are SOC Teams Actually Using AI Today?(34:30) How to Build a SOC Team in the AI Era: Uplift & Upskill(39:20) The 3 Things to Look for When Buying Security AI Tools(41:40) Final Questions: Reading, Cooking, and SushiResources:You can read Allie's blogs here
--------
45:39
--------
45:39
The Security Gaps in AWS Bedrock & Azure AI You Need to Know
The race to deploy AI is on, but are the cloud platforms we rely on secure by default? This episode features a practical, in-the-weeds discussion with Kyler Middleton, Principal Developer, Internal AI Solutions, Veradigm and Sai Gunaranjan, Lead Architect, Veradigm as they compare the security realities of building AI applications on the two largest cloud providers.The conversation uncovers critical security gaps you need to be aware of. Sai reveals that Azure AI defaults to sending customer data globally for processing to keep costs low, a major compliance risk that must be manually disabled . Kyler breaks down the challenges with AWS Bedrock, including the lack of resource-level security policies and a consolidated logging system that mixes all AI conversations into one place, making incident response incredibly difficult .This is an essential guide for any cloud security or platform engineer moving into the AI space. Learn about the real-world architectural patterns, the insecure defaults to watch out for, and the new skills required to transition from a Cloud Security Engineer to an AI Security Engineer.Guest Socials - Kyler's Linkedin + Sai's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Security PodcastQuestions asked:(00:00) Introduction(02:30) Who are Kyler Middleton & Sai Gunaranjan?(03:40) Common AI Use Cases: Chatbots & Product Integration(05:15) Beyond IAM: The Full Scope of AI Security in the Cloud(07:30) The Role of the Cloud in Deploying Secure AI(13:10) AWS AI Architecture: Bedrock, Knowledge Bases & Vector Databases(15:10) Azure AI Architecture: AI Services, ML Workspaces & Foundry(21:00) The "Delete the Frontend" Problem: The Risk of Agentic AI(23:25) A Security Deep Dive into Microsoft Azure AI Services(29:20) Azure's Insecure Default: Sending Your Data Globally(31:35) A Security Deep Dive into AWS Bedrock(32:30) The Critical Gap: No Resource Policies in AWS Bedrock(33:20) AWS Bedrock's Logging Problem: A Nightmare for Incident Response(36:15) AWS vs. Azure: Which is More Secure for AI Today?(39:20) A Maturity Model for Adopting AI Security in the Cloud(44:15) From Cloud Security to AI Security Engineer: What's the Skill Gap?(48:45) Final Questions: Toddlers, Kickball, Barbecue & Ice Cream
--------
55:06
--------
55:06
The Evolution of Email Security: From Pre-Breach to Post-Breach Protection
For the last 30 years, email security has been stuck in the past, focusing almost entirely on stopping bad things from getting into the inbox. In this episode, Rajan Kapoor, Field CISO at Material Security and former Director of Security at Dropbox, argues that this pre-breach mindset is dangerously outdated. The real challenge today is post-breach: protecting the sensitive data that already lives inside your mailboxes.The conversation explores why we must evolve from "email security" to the broader concept of "workspace security" . Rajan explains how interconnected productivity suites like Google Workspace and Microsoft 365 have turned the inbox into a gateway to everything else Drive, accounts, and sensitive company data. We also discuss how the rise of AI co-pilots will create new risks, as they can instantly find and surface over-shared data that was previously hidden in plain sight .Guest Socials - Rajan's LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Security PodcastQuestions asked:(00:00) Introduction(02:00) Who is Rajan Kapoor? Field CISO at Material Security(02:38) What is Email Security in 2025? The 30-Year-Old Problem(03:20) The Critical Shift: From Pre-Breach to Post-Breach Protection(04:20) The Rise of Workspace Security: Beyond the Inbox(06:00) Why Focusing on Email is "Not Even Half" The Problem(06:50) Are Microsoft 365 Security Challenges Different from Google's?(09:30) Rethinking the Approach to Email Security(11:40) How AI Co-Pilots Will Exploit Your Over-Shared Data(13:30) A Real-World Attack: From Email to Malicious OAuth App(17:00) How Should CISOs Structure Their Teams for Workspace Security?(19:25) The Role of CASB vs. API-Based Security for Data at Rest(23:10) How CISOs Can Separate Signal From Noise in a Crowded Market(24:45) Final Questions: Home Automation, Career Risks, and Ethiopian Food
--------
30:02
--------
30:02
Using AI to Fix Your Cloud Security Backlog beyond Visibility
You have the visibility, you see the alerts, but your security backlog is still growing faster than your team can fix it. So, are you actually getting more secure? In this episode, Snir Ben Shimol, CEO of Zest Security, argues that "knowing about an open door or an open window don't make you more secure... just make you more aware" .We spoke about the traditional "whack-a-mole" approach to vulnerability management. Snir shared an analogy: when planning a trip, the most important question isn't who goes first, but "what is the vehicle?" . He explains how AI's ability to perform recursive analysis can find the "vehicle" for your remediation efforts, that one base image upgrade or single code change that can reduce 20-30% of your entire vulnerability backlog in one action .Guest Socials - Snir's LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity PodcastQuestions:(00:00) Introduction(02:30) Who is Snir Ben Shimol?(03:20) What is Cloud Security in 2025? Moving from Visibility to Action(07:25) Why Visibility Isn't Making You More Secure(10:20) The Slow, Manual Process of Remediation Today: Losing the Battle(16:00) The "Vehicle vs. Priority" Analogy for Vulnerability Management(17:45) How AI Enables Recursive Analysis to Find the Most Impactful Fix(20:00) The Three Pillars of AI-Driven Cloud Security Resolution(22:30) Why Your CNAPP/CSPM Can't Solve the Remediation Problem(25:20) Why Traditional Prioritization (EPSS, KEV) is a Waterfall Approach(28:10) The "Buy vs. Build" Dilemma for AI Security Solutions(30:15) The Complexity of Building a Multi-Agent AI System for Security(41:45) How CISOs Can Separate Real AI Products from Marketing Fluff(44:50) Final Questions: Surfing, Communication, and Thai Food
Learn Cloud Security in Public Cloud the unbiased way from CyberSecurity Experts solving challenges at Cloud Scale. We can be honest because we are not owned by Cloud Service Provider like AWS, Azure or Google Cloud.
We aim to make the community learn Cloud Security through community stories from small - Large organisations solving multi-cloud challenges to diving into specific topics of Cloud Security.
We LIVE STREAM interviews on Cloud Security Topics every weekend on Linkedin, YouTube, Facebook and Twitter with over 150 people watching and asking questions and interacting with the Guest.
South Africa