logo
episode-header-image
Mar 2024
50m 6s

Understanding Threat Modeling in Cloud

Cloud Security Podcast Team
About this episode

Do you need an essential guide for Threat Modeling your Cloud Environment, then this episode is definitely for you. Ashish sat down with Tyson Garrett from TrustOnCloud. We explore why and how organizations should approach threat modeling in cloud to enhance their security posture. Tyson and Ashish go through the practical steps required for effective threat modeling, including identifying and prioritizing threats, and the continuous adaptation required to address the dynamic nature of cloud services.


Guest Socials: Tyson Garrett

Podcast Twitter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp


Questions asked:

(00:00) Introduction

(02:50) A bit about Tyson Garrett

(04:27) What is Threat Modeling in Cloud?

(06:29) Threat Modeling the right way in the Cloud

(08:23) Threat Modeling in Cloud vs On Prem

(11:05) Examples of Threat Modeling

(13:41) Threat Modeling AI Services from Cloud Providers

(21:58) Including Threat Modeling in Security Programs

(25:09) Threat Modeling Cloud at Scale

(28:08) Different Approaches for Threat Modeling

(30:21) Challenges with Threat Modeling in Cloud

(33:42) Best Practices for Threat Modeling in Cloud

(39:59) Showing ROI on Threat Modeling

(42:57) Maturity Levels of Threat Modeling

(45:21) Starting point for learning about Threat Models

(46:12) The Fun Questions

(48:41) Where can you connect with Tyson


Resources spoken about during the episode

TrustOnCloud has kindly offered a Free ThreatModel of your choice to our listeners - you can register here to pick yours

Up next
Yesterday
Incident Response of Kubernetes and how to Automate Containment
How do you perform incident response on a Kubernetes cluster when you're not even on the same network? In this episode, Damien Burks, Senior Security engineer breaks down the immense challenges of container security and why most commercial tools are failing at automated response. ... Show More
52m 22s
Oct 3
The Truth About AI in the SOC: From Alert Fatigue to Detection Engineering
"The next five years are gonna be wild." That's the verdict from Forrester Principal Analyst Allie Mellen on the state of Security Operations. This episode dives into the "massive reset" that is transforming the SOC, driven by the rise of generative AI and a revolution in data ma ... Show More
45m 39s
Sep 23
The Security Gaps in AWS Bedrock & Azure AI You Need to Know
The race to deploy AI is on, but are the cloud platforms we rely on secure by default? This episode features a practical, in-the-weeds discussion with Kyler Middleton, Principal Developer, Internal AI Solutions, Veradigm and Sai Gunaranjan, Lead Architect, Veradigm as they compar ... Show More
55m 6s
Recommended Episodes
Mar 2024
Cloud Fundamentals needed for AI
If you’re planning to deploy AI for your business, here’s 5 important capabilities your business needs from the cloud era in order to be successful. SHOW: 806CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwCHECK OUT OUR NEW PODCAST - "CLOUDCAST BASICS"SHOW SPONSORS:Want to ... Show More
21m 55s
Sep 2023
Ransomware and materiality. MetaStealer hits businesses. Two looks at cloud risks. His Highness, the Large Language Model.
The MGM Resorts incident is now believed to be ransomware, and how does that inform our view of Materiality of a cyber incident? MetaStealer targets businesses. Cloud access with stolen credentials. The cloud as an expansive attack surface. Johannes Ullrich from SANS describes ma ... Show More
25m 39s
Oct 2021
Bringing Order by Living in the Middle of the Cloud Chaos with Dave Frampton, VP/GM Cloud SIEM & Security Analytics at Sumo Logic
Freedom is not something to fear; in fact, it’s an essential component of creativity. Chaos is something to avoid, however. Many creative people confuse freedom with chaos and think a chaotic environment inspires creative passion. The most creative environments are those that pro ... Show More
47m 33s
Jun 2019
The so-called cloud and what it means for cyber security
What is the cloud? Is it secure? How safe is your information when it’s in the cloud? Reformed Hacker Bastien Treptel and Chief Cyber Risk Officer Fergus Brooks talk with David Kaplan from Amazon Web Services about the reliability of cloud security and what the benefits and pitfa ... Show More
20m 25s
Nov 2023
Getting ahead in the cloud
We’ve all heard lots about cloud technology, but, according to new McKinsey research, only 20 to 30 percent of industries are using it regularly and at scale. On today’s episode of The McKinsey Podcast, McKinsey senior partners Mark Gu and James Kaplan share findings from the rep ... Show More
24m 19s
Oct 2022
Jehan Wickramasuriya — AI in High-Stress Scenarios
Jehan Wickramasuriya is the Vice President of AI, Platform & Data Services at Motorola Solutions, a global leader in public safety and enterprise security.In this episode, Jehan discusses how Motorola Solutions uses AI to simplify data streams to help maximize human potential in ... Show More
1 h
Jun 2023
How open-source & distributed models can win AI with MosaicML’s Naveen Rao | E1754
This Week in Startups is presented by: Vanta. Compliance and security shouldn't be a deal-breaker for startups to win new business. Vanta makes it easy for companies to get a SOC 2 report fast. TWiST listeners can get $1,000 off for a limited time at vanta.com/twist. Trovata. ... Show More
1 h
Listen to millions of songs and podcasts on Anghami