logo
episode-header-image
Apr 2024
45m 49s

Essential Strategies to master Incident ...

Cloud Security Podcast Team
About this episode

How do you build a Robust Detection Framework? Ashish spoke to Andrew Tabona, SVP of Cyber Threat Management and Incident Response at a Fortune 500 company about challenging the conventional wisdom of applying on-premise incident response plans to cloud environments. They speak about the critical metrics of mean time to detect, respond, and recover, and why mastering the fundamentals is key to effective cloud security.

The conversation also covers practical strategies for building a detection framework, the importance of a balanced approach to log ingestion, and the nuanced differences in incident response between cloud and traditional on-premise environments.


Guest Socials: ⁠⁠⁠Andrew Tabona

Podcast Twitter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp


Questions asked:

(00:00) Introduction

(03:20) A bit about Andrew Tabona

(04:26) What is Threat Detection and Response?

(06:14) Why incident response is different in Cloud?

(09:18) Benefits of doing Incident Response in Cloud?

(10:29) Is CSPM your incident response tool?

(12:33) Where to start with Detection in Cloud?

(16:35) Getting buy in from other teams for threat detection

(20:15) Should you build or buy a cybersecurity solution?

(22:34) Responding to incidents in a Cloud Context

(26:01) Containing incidents in a Cloud Context

(28:34) What kind of access do IR teams need?

(30:36) Balancing the signal to noise ratio

(32:10) Where to start with Threat Detection and Response

(34:37) Challenges an organisation might face

(35:58) Threat Detection and Response in MultiCloud

(37:52) Showing ROI of Cybersecurity to the business

(38:57) Where to learn about IR and Threat Detection?

(41:09) Fun Section

(44:14) Where you can connect with Andrew

Up next
Yesterday
Guide to Hybrid Cloud & Bare Metal Secret Management
Is your organization struggling with secret management across bare metal, hybrid, and multi-cloud environments? Standard cloud-native tools often fall short when you need a single, standardized solution that bridges all your infrastructure.Dan Popescu, Senior Site Reliability Eng ... Show More
32m 23s
Jul 1
"Escape-Proof" Cloud: How Block built an Automated Approach to Egress Control
Many organizations focus on keeping attackers out, but what happens when one gets in? We spoke to Ramesh Ramani, Staff Security Engineer at Block about the real challenge, which is preventing them from leaving with your data. In this episode, Ramesh details the innovative system ... Show More
40m 27s
Jun 23
Prioritizing Cloud Security: How to Decide What to Protect First
When you can't protect everything at once, how do you decide what matters most? This episode tackles the core challenge of security prioritization. Geet Pradhan, Senior Security Engineer at Lime joins the podcast to share his framework for building a SecOps plan when you're a sma ... Show More
41m 8s
Recommended Episodes
Jul 2022
Secure Cloud Migrations
Bryan Woodworth (Solutions Strategist @Aviatrix) talks about the evolution of Cloud migrations, security best practices, and how to organize for migration success. SHOW: 631CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwCHECK OUT OUR NEW PODCAST - "CLOUDCAST BASICS"SHOW SP ... Show More
39m 56s
Nov 2023
Improved Security thru Attack Path Analysis
Tim Miller (@broadcaststorm, Technical Marketing Engineer, Outshift by @Cisco) talks about new ways to approach the overwhelming security challenges created by cloud-native apps and multi-cloud. SHOW: 767 CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotw NEW TO CLOUD? CHECK ... Show More
36m 49s
Jun 2019
The so-called cloud and what it means for cyber security
What is the cloud? Is it secure? How safe is your information when it’s in the cloud? Reformed Hacker Bastien Treptel and Chief Cyber Risk Officer Fergus Brooks talk with David Kaplan from Amazon Web Services about the reliability of cloud security and what the benefits and pitfa ... Show More
20m 25s
Dec 2023
From Cloud to Cloud-native to COVID
How did the modern cloud evolve from the earliest days of AWS to today’s AI boom? What roles did open source, mobile apps, microservices and the sharing economy play?SHOW: 776CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwCHECK OUT OUR NEW PODCAST - "CLOUDCAST BASICS"SHOW ... Show More
49m 6s
Dec 2023
2023 End of Year Mailbag
Aaron and Brian answer mailbag questions from the community about the future of open source, future of VMware, the Big 3 Clouds and how AI will impact the next era of cloud.SHOW: 780CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwNEW TO CLOUD? CHECK OUT - "CLOUDCAST BASICS" ... Show More
43m 37s
Feb 2022
Cloud Cost Intelligence
Erik Peterson (@silvexis, Founder/CTO/CISO @CloudZeroInc) talks about how Cloud Cost Mgmt has matured, the importance of business context for cloud costs, and best practices for managing SaaS costs. SHOW: 592CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwCHECK OUT OUR NEW ... Show More
36m 26s
Mar 2023
3 Trends Shaping the Madness of March
March comes in like a lion, but goes out like a lamb. Let’s explore 3 storylines that might have long-ranging implications for cloud. SHOW: 703CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwCHECK OUT OUR NEW PODCAST - "CLOUDCAST BASICS"SHOW SPONSORS:Find "Breaking Analysis ... Show More
28m 27s
Jun 2022
Cloudflare Outage Analysis - Jun 21 2022
In this episode we go through the cloud flare outage blog.  https://blog.cloudflare.com/cloudflare-outage-on-june-21-2022/ Fundamentals of Networking for Effective Backends udemy course (link redirects to udemy with coupon) https://network.husseinnasser.com --- Support this podca ... Show More
25m 3s
Feb 2024
Cloud News of the Month
Welcome to the inaugural Cloud News of the Month. Aaron and Brian talk about the biggest tech stories from January 2024.SHOW: 793CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwNEW TO CLOUD? CHECK OUT OUR OTHER PODCAST - "CLOUDCAST BASICS"SHOW SPONSORS:Find "Breaking Analys ... Show More
48m 8s
Sep 2023
Ransomware and materiality. MetaStealer hits businesses. Two looks at cloud risks. His Highness, the Large Language Model.
The MGM Resorts incident is now believed to be ransomware, and how does that inform our view of Materiality of a cyber incident? MetaStealer targets businesses. Cloud access with stolen credentials. The cloud as an expansive attack surface. Johannes Ullrich from SANS describes ma ... Show More
25m 39s
Listen to millions of songs and podcasts on Anghami