logo
episode-header-image
Mar 2024
50m 6s

Understanding Threat Modeling in Cloud

Cloud Security Podcast Team
About this episode

Do you need an essential guide for Threat Modeling your Cloud Environment, then this episode is definitely for you. Ashish sat down with Tyson Garrett from TrustOnCloud. We explore why and how organizations should approach threat modeling in cloud to enhance their security posture. Tyson and Ashish go through the practical steps required for effective threat modeling, including identifying and prioritizing threats, and the continuous adaptation required to address the dynamic nature of cloud services.


Guest Socials: Tyson Garrett

Podcast Twitter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp


Questions asked:

(00:00) Introduction

(02:50) A bit about Tyson Garrett

(04:27) What is Threat Modeling in Cloud?

(06:29) Threat Modeling the right way in the Cloud

(08:23) Threat Modeling in Cloud vs On Prem

(11:05) Examples of Threat Modeling

(13:41) Threat Modeling AI Services from Cloud Providers

(21:58) Including Threat Modeling in Security Programs

(25:09) Threat Modeling Cloud at Scale

(28:08) Different Approaches for Threat Modeling

(30:21) Challenges with Threat Modeling in Cloud

(33:42) Best Practices for Threat Modeling in Cloud

(39:59) Showing ROI on Threat Modeling

(42:57) Maturity Levels of Threat Modeling

(45:21) Starting point for learning about Threat Models

(46:12) The Fun Questions

(48:41) Where can you connect with Tyson


Resources spoken about during the episode

TrustOnCloud has kindly offered a Free ThreatModel of your choice to our listeners - you can register here to pick yours

Up next
Jul 9
Guide to Hybrid Cloud & Bare Metal Secret Management
Is your organization struggling with secret management across bare metal, hybrid, and multi-cloud environments? Standard cloud-native tools often fall short when you need a single, standardized solution that bridges all your infrastructure.Dan Popescu, Senior Site Reliability Eng ... Show More
32m 23s
Jul 1
"Escape-Proof" Cloud: How Block built an Automated Approach to Egress Control
Many organizations focus on keeping attackers out, but what happens when one gets in? We spoke to Ramesh Ramani, Staff Security Engineer at Block about the real challenge, which is preventing them from leaving with your data. In this episode, Ramesh details the innovative system ... Show More
40m 27s
Jun 23
Prioritizing Cloud Security: How to Decide What to Protect First
When you can't protect everything at once, how do you decide what matters most? This episode tackles the core challenge of security prioritization. Geet Pradhan, Senior Security Engineer at Lime joins the podcast to share his framework for building a SecOps plan when you're a sma ... Show More
41m 8s
Recommended Episodes
Mar 2024
Cloud Fundamentals needed for AI
If you’re planning to deploy AI for your business, here’s 5 important capabilities your business needs from the cloud era in order to be successful. SHOW: 806CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwCHECK OUT OUR NEW PODCAST - "CLOUDCAST BASICS"SHOW SPONSORS:Want to ... Show More
21m 55s
Sep 2023
Ransomware and materiality. MetaStealer hits businesses. Two looks at cloud risks. His Highness, the Large Language Model.
The MGM Resorts incident is now believed to be ransomware, and how does that inform our view of Materiality of a cyber incident? MetaStealer targets businesses. Cloud access with stolen credentials. The cloud as an expansive attack surface. Johannes Ullrich from SANS describes ma ... Show More
25m 39s
Oct 2021
Bringing Order by Living in the Middle of the Cloud Chaos with Dave Frampton, VP/GM Cloud SIEM & Security Analytics at Sumo Logic
Freedom is not something to fear; in fact, it’s an essential component of creativity. Chaos is something to avoid, however. Many creative people confuse freedom with chaos and think a chaotic environment inspires creative passion. The most creative environments are those that pro ... Show More
47m 33s
Jun 2019
The so-called cloud and what it means for cyber security
What is the cloud? Is it secure? How safe is your information when it’s in the cloud? Reformed Hacker Bastien Treptel and Chief Cyber Risk Officer Fergus Brooks talk with David Kaplan from Amazon Web Services about the reliability of cloud security and what the benefits and pitfa ... Show More
20m 25s
Nov 2023
Getting ahead in the cloud
We’ve all heard lots about cloud technology, but, according to new McKinsey research, only 20 to 30 percent of industries are using it regularly and at scale. On today’s episode of The McKinsey Podcast, McKinsey senior partners Mark Gu and James Kaplan share findings from the rep ... Show More
24m 19s
Oct 2022
Jehan Wickramasuriya — AI in High-Stress Scenarios
Jehan Wickramasuriya is the Vice President of AI, Platform & Data Services at Motorola Solutions, a global leader in public safety and enterprise security.In this episode, Jehan discusses how Motorola Solutions uses AI to simplify data streams to help maximize human potential in ... Show More
1 h
Jun 2023
How open-source & distributed models can win AI with MosaicML’s Naveen Rao | E1754
This Week in Startups is presented by: Vanta. Compliance and security shouldn't be a deal-breaker for startups to win new business. Vanta makes it easy for companies to get a SOC 2 report fast. TWiST listeners can get $1,000 off for a limited time at vanta.com/twist. Trovata. ... Show More
1 h
Listen to millions of songs and podcasts on Anghami