Do you need an essential guide for Threat Modeling your Cloud Environment, then this episode is definitely for you. Ashish sat down with Tyson Garrett from TrustOnCloud. We explore why and how organizations should approach threat modeling in cloud to enhance their security posture. Tyson and Ashish go through the practical steps required for effective threat modeling, including identifying and prioritizing threats, and the continuous adaptation required to address the dynamic nature of cloud services.
Guest Socials: Tyson Garrett
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
Questions asked:
(00:00) Introduction
(02:50) A bit about Tyson Garrett
(04:27) What is Threat Modeling in Cloud?
(06:29) Threat Modeling the right way in the Cloud
(08:23) Threat Modeling in Cloud vs On Prem
(11:05) Examples of Threat Modeling
(13:41) Threat Modeling AI Services from Cloud Providers
(21:58) Including Threat Modeling in Security Programs
(25:09) Threat Modeling Cloud at Scale
(28:08) Different Approaches for Threat Modeling
(30:21) Challenges with Threat Modeling in Cloud
(33:42) Best Practices for Threat Modeling in Cloud
(39:59) Showing ROI on Threat Modeling
(42:57) Maturity Levels of Threat Modeling
(45:21) Starting point for learning about Threat Models
(46:12) The Fun Questions
(48:41) Where can you connect with Tyson
Resources spoken about during the episode
TrustOnCloud has kindly offered a Free ThreatModel of your choice to our listeners - you can register here to pick yours
Network Pentest 2.0 : The Cloud Pentest Revolution
Google Cloud Hacking Red Team Perspective!
Cloud Security in the BoardRoom - CISO Perspective with Phil Venables
Google Cloud IAP - A Pentester Viewpoint
Doing Google Cloud Security RIGHT!
An AWS Centric View of Google Cloud Identity
So You WANT TO DO Google Cloud Threat Detection - Start here!
Using Data Perimeters in AWS To Scale Guardrails
AWS INCIDENT RESPONSE - Automate Containment
Cloud Security Baseline For Scale
AWS ReInforce 2023 Recap & Highlights
Will Application Security Eat Cloud Security for Lunch!
AI Security - Can LLM be Attacked?
What is DevSecOps? DevSecOps with Cloud & AI explained for 2023
Evolution of Kubernetes Security | KubeCon EU 2023
A DEV FRIENDLY CLOUD NATIVE SECURITY PIPELINE!
THEY SCANNED ENTIRE GITHUB FOR SECRETS AND FOUND THIS!
Kubernetes Cluster Security Audit Explained
Network Security for Kubernetes
CONTINUOUS KUBERNETES SECURITY IN 2023
Create your
podcast in
minutes
It is Free
Insight Story: Tech Trends Unpacked
Zero-Shot
Fast Forward by Tomorrow Unlocked: Tech past, tech future
The Unbelivable Truth - Series 1 - 26 including specials and pilot
Lex Fridman Podcast