logo
episode-header-image
Mar 2024
50m 6s

Understanding Threat Modeling in Cloud

Cloud Security Podcast Team
About this episode

Do you need an essential guide for Threat Modeling your Cloud Environment, then this episode is definitely for you. Ashish sat down with Tyson Garrett from TrustOnCloud. We explore why and how organizations should approach threat modeling in cloud to enhance their security posture. Tyson and Ashish go through the practical steps required for effective threat modeling, including identifying and prioritizing threats, and the continuous adaptation required to address the dynamic nature of cloud services.


Guest Socials: Tyson Garrett

Podcast Twitter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp


Questions asked:

(00:00) Introduction

(02:50) A bit about Tyson Garrett

(04:27) What is Threat Modeling in Cloud?

(06:29) Threat Modeling the right way in the Cloud

(08:23) Threat Modeling in Cloud vs On Prem

(11:05) Examples of Threat Modeling

(13:41) Threat Modeling AI Services from Cloud Providers

(21:58) Including Threat Modeling in Security Programs

(25:09) Threat Modeling Cloud at Scale

(28:08) Different Approaches for Threat Modeling

(30:21) Challenges with Threat Modeling in Cloud

(33:42) Best Practices for Threat Modeling in Cloud

(39:59) Showing ROI on Threat Modeling

(42:57) Maturity Levels of Threat Modeling

(45:21) Starting point for learning about Threat Models

(46:12) The Fun Questions

(48:41) Where can you connect with Tyson


Resources spoken about during the episode

TrustOnCloud has kindly offered a Free ThreatModel of your choice to our listeners - you can register here to pick yours

Up next
Nov 18
How to Build Trust in an AI SOC for Regulated Environments
<p>How do you establish trust in an AI SOC, especially in a regulated environment? <a href="https://www.linkedin.com/in/grant-oviatt-882111a0/" target="_blank" rel="noopener noreferer">Grant Oviatt</a>, Head of SOC at P<a href="https://www.prophetsecurity.ai/" target="_blank" rel ... Show More
42m 15s
Nov 11
Threat Modeling the AI Agent: Architecture, Threats & Monitoring
Are we underestimating how the agentic world is impacting cybersecurity? We spoke to Mohan Kumar, who did production security at Box for a deep dive into the threats of true autonomous AI agents.The conversation moves beyond simple LLM applications (like chatbots) to the new worl ... Show More
47m 20s
Nov 4
AI is already breaking the Silos Between AppSec & CloudSec
The silos between Application Security and Cloud Security are officially breaking down, and AI is the primary catalyst. In this episode, Tejas Dakve, Senior Manager, Application Security, Bloomberg Industry Group and Aditya Patel, VP of Cybersecurity Architecture discuss how the ... Show More
1h 11m
Recommended Episodes
Mar 2024
Cloud Fundamentals needed for AI
<p>If you’re planning to deploy AI for your business, here’s 5 important capabilities your business needs from the cloud era in order to be successful. </p><p><b>SHOW: 806</b></p><p><b>CLOUD NEWS OF THE WEEK - </b><a href='http://bit.ly/cloudcast-cnotw'>http://bit.ly/cloudcast-cn ... Show More
21m 55s
Sep 2023
Ransomware and materiality. MetaStealer hits businesses. Two looks at cloud risks. His Highness, the Large Language Model.
The MGM Resorts incident is now believed to be ransomware, and how does that inform our view of Materiality of a cyber incident? MetaStealer targets businesses. Cloud access with stolen credentials. The cloud as an expansive attack surface. Johannes Ullrich from SANS describes ma ... Show More
25m 39s
Oct 2021
Bringing Order by Living in the Middle of the Cloud Chaos with Dave Frampton, VP/GM Cloud SIEM & Security Analytics at Sumo Logic
<p>Freedom is not something to fear; in fact, it’s an essential component of creativity. Chaos is something to avoid, however. Many creative people confuse freedom with chaos and think a chaotic environment inspires creative passion. The most creative environments are those that ... Show More
47m 33s
Jun 2019
The so-called cloud and what it means for cyber security
What is the cloud? Is it secure? How safe is your information when it’s in the cloud? Reformed Hacker Bastien Treptel and Chief Cyber Risk Officer Fergus Brooks talk with David Kaplan from Amazon Web Services about the reliability of cloud security and what the benefits and pitfa ... Show More
20m 25s
Nov 2023
Getting ahead in the cloud
<p>We’ve all heard lots about cloud technology, but, according to <a href="https://www.mckinsey.com/capabilities/mckinsey-digital/our-insights/in-search-of-cloud-value-can-generative-ai-transform-cloud-roi?stcr=B4DDD0F44E574DE38D0A19B520D88FF2&amp;cid=other-eml-alt-mip-mck&amp;hl ... Show More
24m 19s
Oct 2022
Jehan Wickramasuriya — AI in High-Stress Scenarios
Jehan Wickramasuriya is the Vice President of AI, Platform & Data Services at Motorola Solutions, a global leader in public safety and enterprise security.In this episode, Jehan discusses how Motorola Solutions uses AI to simplify data streams to help maximize human potential in ... Show More
1 h
Jun 2023
How open-source & distributed models can win AI with MosaicML’s Naveen Rao | E1754
<p>This Week in Startups is presented by:</p> <p>Vanta. Compliance and security shouldn&#39;t be a deal-breaker for startups to win new business. Vanta makes it easy for companies to get a SOC 2 report fast. TWiST listeners can get $1,000 off for a limited time at <a href="http:/ ... Show More
1 h
Listen to millions of songs and podcasts on Anghami