Episodes
60
Latest episode
May 2026
Language
EN
The Cloud Security Today podcast features expert commentary and personal stories on the “how” side of cybersecurity. This is not a news program but rather a podcast that focuses on cyber leadership and understanding the threats most impacting organizations today.
AI agents are moving from answering questions to taking action. That changes everything for identity and access management.In this episode, Ken Huang joins Matt to break down why traditional IAM was not built for agentic AI, where service accounts and OAuth scopes fall short, and what CISOs should do now to govern agents before they hit production at scale.Episode LinksKen's substackKen's paper from 2011 on AI (he was way ahead!)NIST AI RMF
In this episode, Michael Piacente shares insights on career transitions in IT and security, the evolving role of CISOs, and the impact of AI on security talent and practices. Discover how community, storytelling, and strategic hiring shape the future of cybersecurity leadership. ResourcesThe 2026 Global CISO Leadership ReportHitch PartnersNIST AI Framework
Send a textWhile most companies have significantly increased their investments in SaaS, they have not updated their security controls and processes to ward off threats posed by this medium. Leaving SaaS security to Cloud Access Security Brokers (CASB) is not sufficient. The security controls need to be placed around the data, APIs, and applications that are running inside a cloud environment, not outside its perimeter. This is the kind of security that AppOmni provides and today we have its CEO, Brendan O'Connor on the show to dive deeper into the subject of SaaS security. We begin with Brendan’s journey into IT and security and hear a bit more about what makes him tick. From there, we dive into the subject of security in the cloud as it pertains to SaaS specifically. Brendan does a great job of explaining why SaaS platforms are subject to so many misconfigurations and why these are not being recognized by security teams. He gets into how the cloud infrastructure is set up and uses a few brilliant analogies to describe how an attacker might get into a SaaS platform without security ever realizing. He talks about some basic security measures companies need to take and shares more about how solutions like AppOmni can automate security. For insight into the vulnerabilities of SaaS and how to guard against them, tune in today!Key Areas From This Episode:Curiosity and a love for solving problems is Brendan’s method for keeping his edge.Brendan’s recommendations for security guardrails that always need to be in place.Hear Brendan’s argument about the need for automated SaaS security.Brendan’s recommendations for setting up and measuring SaaS security.Advice from Brendan about how security teams need to adapt in light of Solar Winds.Tweetables:“Companies have significantly expanded their SaaS investment and footprint and the SaaS applications themselves have really grown in complexity. Most companies haven't updated their security controls to support SaaS, or invested in new technology to manage this problem. That's where AppOmni comes in.” — @AppOmniSecurity [0:01:54]“I love solving puzzles. Enterprise security at scale is a hard problem. It's a puzzle. There is not a one-size-fits-all solution.” — @AppOmniSecurity [0:05:29]“SaaS applications are becoming closer to operating systems in the cloud than a single simple web app. You can't watch what every individual is doing. You have got to put guardrails in place.” — @AppOmniSecurity [0:20:30]“SaaS is a fundamentally different architecture than hosting things on-premise. You need to rethink, what is the value that you get from your security tools? How can you get that value today in an automated fashion in these new systems that support that new architecture?” — @AppOmniSecurity [0:24:44]Links Mentioned in Today’s Episode:Matt Chiodi on LinkedInMatt Chiodi on TwitterBrendan O’Connor on LinkedInAppThe future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Send a textKeeping it simple is Brett’s mantra, and it has led to a great amount of success for him and the company he works for. As a security leader at Zoetis, the world’s largest animal healthcare company, Brett has managed to get ahead of the business in terms of adopting cloud securely. Although it may sound boring, standardizing security processes was a key element in the journey to automation for the Zoetis SOC. In today’s episode, Brett also talks about how he ended up in the world of cybersecurity after majoring in ecommerce, the different facets that make up his current role at Zoetis, as well as some of the tools that are extremely useful to Brett and his team. Brett also opines on how automation has led to a reduction in talent-drain on his team. We also briefly delve into the SolarWinds hack and how this changed the way Brett thinks and approaches supply chain security. Key Points From This Episode:Getting ahead of the business, build it before they come!Standardization MUST come before automation.Automation reduces talent-drain.Metrics that Brett and his team follow up on constantly.Tweetables:“Standardization...I just live and die by our process. We're very process-oriented. You can do that in the cloud but you have to take time to do that, and that's how it should be done.” — Brett Tode [0:10:38]“Your standardized processes are the things that really are going to keep you in control and keep you effective over time. Automation is really cool and great because it's going to save us time. But without that standardized process, you can never get to automation.” — Brett Tode [0:13:04]“In almost everything I do, I try to keep things simple. Don't try to make something so complex from the get-go because it’s just never going to work.” — Brett Tode [0:24:49]“We’re always going to strive to be better. I think everyone should do that because making yourself better is just providing more value for the company. At the end of the day, that's what we're all supposed to be doing.” — Brett Tode [0:25:52]Links Mentioned in Today’s Episode:Brett on LinkedInZoetis CareersThe future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Send a textThis episode of the Cloud Security Today podcast is a little different from the others because this time host Matthew Chiodi gives the interviewer’s seat over to Yousuf Khan and they talk about an exciting new development in Matt’s career.Matt announces a big career move and talks about how he’s hoping to fix some of the biggest problems in SaaS security today. He tells Yousuf about his new role and the fresh approach that his new company is bringing to the field. At the end of the episode, they discuss working in a start-up environment and give advice to anyone considering working in a start-up.If you enjoyed this episode, subscribe, or follow Cloud Security Today wherever you get your podcasts.Timestamps[0:28] Matt introduces the topic for today’s episode[1:50] Exciting news from Matt about his latest career move[5:10] Matt explains one of the biggest challenges in app security today[7:25] How have we managed app security up to now?[9:20] So how does Cerby work?[11:32] Matt’s new role at Cerby and an outline of his first few months[12:50] Why Matt likes working in a start-up environment[14:05] How Matt became interested in Cerby[16:20] What’s next for Cerby?[18:10] The advice that Matt would give to anyone looking to join a start-up[20:40] Yousuf adds his thoughts about working for a start-upEpisode LinksRidge VenturesYousuf Khan's Linkedin ProfileCerby's websiteMatt's Linkedin Profile
Send a textIn this conversation, MK Palmore shares insights from his diverse leadership journey, spanning the Marine Corps, FBI, and cybersecurity. He emphasizes the importance of a people-centered leadership approach, the balance between technical and leadership skills, and the significance of effective communication. MK reflects on his experiences, the impact of mentorship, and the lessons learned from both successes and failures in leadership roles. MK highlights the challenges in attracting diverse talent to cybersecurity and the necessity of nurturing new professionals. He concludes with insights on continuous learning and the importance of maintaining a beginner's mindset.TakeawaysDiverse experiences shape leadership philosophy.Mentorship plays a significant role in professional development.Silence from leaders can lead to assumptions and uncertainty.Leaders should increase communication during times of uncertainty.Maintaining a mindset of continuous learning is vital for personal growth.Chapters00:00Introduction to Leadership and Music02:57Diverse Leadership Experiences06:05The Importance of People-Centered Leadership09:05Technical Skills vs. Leadership Skills11:49Communication as a Leadership Skill14:53Learning from Mistakes in Communication18:01The Impact of Silence in Leadership20:44Navigating Uncertainty in Leadership25:06Bridging the Gap: Technical and Business Communication30:22Building Personal Brand and Eminence32:53Overcoming Barriers in Cybersecurity Talent Acquisition38:31Staying Sharp: Continuous Learning and Adaptability
Send a textSummaryIn this conversation, Chris Hetner discusses the evolving role of boards of directors in cybersecurity, emphasizing the need for improved communication and understanding of cyber risks. He highlights the challenges boards face in adapting to new SEC rules and the importance of leveraging AI responsibly. Hetner also shares insights on tools for quantifying cyber risk and prioritizing investments while advocating for continuous learning and proactive engagement with board members.TakeawaysBoards are becoming more aware of cybersecurity risks.Cybersecurity discussions often receive limited airtime in board meetings.The SEC's new disclosure rules can drive more frequent discussions on cyber risk.AI governance is crucial as AI technologies become more prevalent.Collaboration with general counsel and risk officers is essential.Chapters00:00 Introduction and Background on Cybersecurity and Boards03:05 Current Challenges Facing Boards in Cybersecurity06:11 Understanding Cyber Risk and Communication with Boards08:58 Improving Board Engagement with Cybersecurity11:56 Leveraging SEC Guidelines for Cyber Risk Discussions15:02 The Role of AI in Cybersecurity Governance18:05 Tools for Quantifying Cyber Risk21:12 Prioritizing Cybersecurity Investments24:02 The Importance of AI Governance26:57 Staying Informed in Cybersecurity30:13 Final Thoughts and Continuous LearningThe future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Send a textEpisode SummaryOn today’s episode, Senior Advisor and Strategist at the Cybersecurity and Infrastructure Security Agency, Allan Friedman, joins Matt to discuss SBOMs. As Senior Advisor and Strategist at CISA, Allan coordinates the global cross-sector community efforts around software bill of materials (SBOM). He was previously the Director of Cybersecurity Initiatives at NTIA, leading pioneering work on vulnerability disclosure, SBOM, and other security topics.Before joining the Federal government, Friedman spent over a decade as a noted information security and technology policy scholar at Harvard’s Computer Science Department, the Brookings Institution, and George Washington University’s Engineering School.He is the co-author of the popular text Cybersecurity and Cyberwar: What Everyone Needs to Know, has a C.S. degree from Swarthmore College, and a Ph.D. from Harvard University.Today, Allan talks about SBOMs and their adoption in non-security industries, Secure by design and secure by default tactics, and how to make software security second nature. What, exactly, is the SBOM? Hear about how SBOMs could’ve helped against significant attacks, the concept of antifragility, and why vulnerability disclosure programs are so important. Timestamp Segments· [02:27] Allan’s career path.· [05:10] Allan’s day-to-day.· [06:15] What has been most rewarding?· [08:00] SBOMs in non-security startups.· [10:50] Real-world examples of Secure by Design tactics.· [17:30] Will software security ever seem obvious to us?· [19:30] What is the SBOM, and will it solve all our problems?· [23:41] Could an SBOM have helped against the SolarWinds attack?· [27:52] Memory-safe programming languages.· [30:16] Misconceptions around Secure by Design, Secure by Default.· [32:00] The importance of vulnerability disclosure programs.· [35:37] Antifragility in cybersecurity.· [41:47] VEX.· [44:29] How to get involved with CISA.· [48:00] How does Allan stay sharp? Notable Quotes· “Sometimes, organizations need a good excuse to do the right thing.”· “It is bananas that software that we use, and pay for, still delivers with it not just the occasional vulnerability, but very real risks that require massive investments from customers.”· “When tech vendors make important logging information available for free, everyone wins.”· “The SB in SBOM doesn’t stand for Silver Bullet.” Relevant LinksEmail: sbom@cisa.dhs.govWebsite: www.cisa.govLinkedIn: Allan Friedman Resources:Open Source Security PodcastRisky Business PodcastThe future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Send a textIn a world where cyber-attacks are ever-changing, cybersecurity has to adapt accordingly. Joining us today to delve into the world of cloud security for federal agencies is Sandeep Shilawat, Vice President of Cloud and Edge Computing at ManTech. Sandeep has extensive experience in both Commercial and Federal technology markets. We’ll get to hear his predictions on where the cloud world is heading, as well as what the Federal Authority to Operate (ATO) process will look like in the future. We learn the benefits of cloud compliance standards, as well as how FedRAMP is leveling the playing field in federal cloud computing. We also touch on the role of 5G in cloud computing, and why its presence will disrupt going forward. Join us as we pick Sandeep’s brain for some insights into the present and future of federal cybersecurity.Tweetables“Visibility has become [the] single biggest challenge and nobody's dealing with cloud management in a multi-cloud perspective from cradle to grave.” — @Shilawat [0:09:03]“I think that having a managed cloud service is probably the first approach that should be considered by an agency head. I do think that that's where the market is heading. Sooner or later, it will probably become a de facto way of doing cloud security.” — @Shilawat [0:19:43]The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Send a textEpisode SummaryOn this episode, Matt speaks with Senior Executive, Board Director, and leader in Cybersecurity, risk management, and regulatory compliance, Chris Hetner about cybersecurity and the newly-proposed SEC cybersecurity rules. With over 25 years of experience in the cybersecurity space, Chris has served in roles including as Senior Cybersecurity Advisor to the Chairman at the SEC, Managing Director of Information Security Operations at GE Capital, and SVP Information Security at Citi.Today, Chris talks about understanding the proposed cybersecurity rules, defining materiality, and the importance of focusing on cyber-resilience. Where does the Cloud come into it? Hear about the cost of cyberattacks, the core risk exposures, and Chris’s formula to personal growth. Timestamp Segments· [02:47] Chris’s proudest moments.· [10:00] The new proposed rules.· [14:26] Defining materiality.· [23:56] Bridging the language gap.· [32:14] Focusing on cyber-resilience.· [35:36] Cybersecurity expertise on the board.· [41:27] The cloud.· [45:32] The formula to personal growth. Notable Quotes· “Ransomware extortion is relatively insignificant relative to the overall cost of the event.”· “You can’t outsource the risk.”· “Realize that you’re not always the smartest person in the room.”· “We don’t know it all, and we never will.”The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Claim this listing to keep it up to date, reach guests who want to pitch you, and manage bookings with Guestify.
Claim this listing
Jeremy Snyder
Richey Malhotra
Drive Electric Alabama
Proxify
Rupa Singh
The National Academy of Sciences
