logo
episode-header-image
Mar 2024
50m 6s

Understanding Threat Modeling in Cloud

Cloud Security Podcast Team
About this episode

Do you need an essential guide for Threat Modeling your Cloud Environment, then this episode is definitely for you. Ashish sat down with Tyson Garrett from TrustOnCloud. We explore why and how organizations should approach threat modeling in cloud to enhance their security posture. Tyson and Ashish go through the practical steps required for effective threat modeling, including identifying and prioritizing threats, and the continuous adaptation required to address the dynamic nature of cloud services.


Guest Socials: Tyson Garrett

Podcast Twitter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp


Questions asked:

(00:00) Introduction

(02:50) A bit about Tyson Garrett

(04:27) What is Threat Modeling in Cloud?

(06:29) Threat Modeling the right way in the Cloud

(08:23) Threat Modeling in Cloud vs On Prem

(11:05) Examples of Threat Modeling

(13:41) Threat Modeling AI Services from Cloud Providers

(21:58) Including Threat Modeling in Security Programs

(25:09) Threat Modeling Cloud at Scale

(28:08) Different Approaches for Threat Modeling

(30:21) Challenges with Threat Modeling in Cloud

(33:42) Best Practices for Threat Modeling in Cloud

(39:59) Showing ROI on Threat Modeling

(42:57) Maturity Levels of Threat Modeling

(45:21) Starting point for learning about Threat Models

(46:12) The Fun Questions

(48:41) Where can you connect with Tyson


Resources spoken about during the episode

TrustOnCloud has kindly offered a Free ThreatModel of your choice to our listeners - you can register here to pick yours

Up next
Aug 22
New Identity Blueprint for a Future with Cloud & AI
Identity is the root cause of over 70% of all security incidents, yet many organizations still rely on fundamentally flawed authentication methods. In this episode, Jasson Casey, CEO and co-founder of Beyond Identity, explains why even common forms of MFA are insufficient and why ... Show More
49m 44s
Aug 8
AI for SOC Automation: A Blueprint for the New world of Incident Response
The nature of Security Operations is changing. As cloud environments grow in complexity and data volumes explode, traditional approaches to detection and response are proving insufficient. This episode features an in-depth conversation with Kyle Polley, who leads the AI security ... Show More
52m 39s
Aug 7
The Truth About Agentic AI in the SOC: Reality vs. Hype
What does the integration of AI into a Security Operations Center (SOC) practically look like? This episode explores the concept of the "Agentic SOC," moving beyond marketing terms to discuss its real-world applications and limitations.Ashish Rajan is joined by Edward Wu, CEO of ... Show More
52m 39s
Recommended Episodes
Mar 2024
Cloud Fundamentals needed for AI
If you’re planning to deploy AI for your business, here’s 5 important capabilities your business needs from the cloud era in order to be successful. SHOW: 806CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwCHECK OUT OUR NEW PODCAST - "CLOUDCAST BASICS"SHOW SPONSORS:Want to ... Show More
21m 55s
Sep 2023
Ransomware and materiality. MetaStealer hits businesses. Two looks at cloud risks. His Highness, the Large Language Model.
The MGM Resorts incident is now believed to be ransomware, and how does that inform our view of Materiality of a cyber incident? MetaStealer targets businesses. Cloud access with stolen credentials. The cloud as an expansive attack surface. Johannes Ullrich from SANS describes ma ... Show More
25m 39s
Oct 2021
Bringing Order by Living in the Middle of the Cloud Chaos with Dave Frampton, VP/GM Cloud SIEM & Security Analytics at Sumo Logic
Freedom is not something to fear; in fact, it’s an essential component of creativity. Chaos is something to avoid, however. Many creative people confuse freedom with chaos and think a chaotic environment inspires creative passion. The most creative environments are those that pro ... Show More
47m 33s
Jun 2019
The so-called cloud and what it means for cyber security
What is the cloud? Is it secure? How safe is your information when it’s in the cloud? Reformed Hacker Bastien Treptel and Chief Cyber Risk Officer Fergus Brooks talk with David Kaplan from Amazon Web Services about the reliability of cloud security and what the benefits and pitfa ... Show More
20m 25s
Nov 2023
Getting ahead in the cloud
We’ve all heard lots about cloud technology, but, according to new McKinsey research, only 20 to 30 percent of industries are using it regularly and at scale. On today’s episode of The McKinsey Podcast, McKinsey senior partners Mark Gu and James Kaplan share findings from the rep ... Show More
24m 19s
Oct 2022
Jehan Wickramasuriya — AI in High-Stress Scenarios
Jehan Wickramasuriya is the Vice President of AI, Platform & Data Services at Motorola Solutions, a global leader in public safety and enterprise security.In this episode, Jehan discusses how Motorola Solutions uses AI to simplify data streams to help maximize human potential in ... Show More
1 h
Jun 2023
How open-source & distributed models can win AI with MosaicML’s Naveen Rao | E1754
This Week in Startups is presented by: Vanta. Compliance and security shouldn't be a deal-breaker for startups to win new business. Vanta makes it easy for companies to get a SOC 2 report fast. TWiST listeners can get $1,000 off for a limited time at vanta.com/twist. Trovata. ... Show More
1 h
Listen to millions of songs and podcasts on Anghami