Application Security Weekly Subscribe

Cloud Security, Application security, DevOps

The Complexities, Configurations, and Challenges in Cloud Security – Scott Piper – ASW #304

October 21, 2024

Building cloud native apps doesn't mean you're immune to dealing with legacy systems. Cloud services have changed significantly over the last decade, both in the security controls available to them and the sheer volume of services that CSPs provide. Scott Piper shares some history of cloud security, the benefits of account separation, and how ratcheting security helps orgs stay on a paved path.

Segment resources:

Get a free demo of Wiz!

Full episode and show notes

Guest

Principal Cloud Security Researcher at Wiz

Scott Piper works on Wiz’s Threat Research team where he analyzes risks within AWS environments. Prior to that, he worked on security teams and as a cloud security consultant. He helps organize the fwd:cloudsec conference, admins the Cloud Security Forum Slack, and maintains a number of resources in his role as the Internet’s cloud security historian. His more popular projects were the open-source tool CloudMapper and the CTF flaws.cloud.

Hosts

Tech Lead at Block

Senior Engineering Leader at AWS

Application Security Engineer at Zipline

Related

Modernizing AppSec – Melinda Marks – ASW #307

November 11, 2024

In this week's interview, Melinda Marks' joins us to discuss her latest research. Her recent report Modernizing Application Security to Scale for Cloud-Native Development delves into many aspects and trends affecting AppSec as it matures, particularly in cloud-first organizations. We also discuss the fuzzy line between "cloud-native" AppSec and ev...

The State of DSPM, One of the Hottest New Cybersecurity Markets in Years – Todd Thiemann – ESW #383

November 7, 2024

Is it a product or a feature? Is it DLP 4.0, or something legitimately new? Buy now, or wait for further consolidation? There are SO many questions about this market. It's undeniably important - data hygiene and governance continues to be a frustrating mess in many organizations, but is this the solution? We'll discuss with Todd to find out.

AI benefits/risks

Funding, AI controls your PC, Cyberstarts stops Sunrise, public cyber goes private – ESW #382

October 31, 2024

This week, in the enterprise security news: the latest cybersecurity fundings Cyera acquires Trail Security Sophos acquires Secureworks new companies and products more coverage on Cyberstarts’ sunrise program AI can control your PC public cybersecurity companies are going private Splunk and Palo Alto beef All that and more, on this episode of ...