Scale to Zero - No Security Questions Left Unanswered

Hosted by Scale To Zero

TechnologyInterviews guests

Website RSS feed

Episodes

108

Latest episode

May 2026

Language

About the show

We know security is challenging, but a timely understanding of security is far more challenging! Scale to Zero is built for all the security professionals for helping them to be more privacy and security-sensitive. With this show, we hope to address all the security-related issues that are challenging to understand and resolve without the help of experts. We believed that a community space like Scale to Zero would make things a little bit simpler for everyone after we discovered the discomfort of constantly switching back and forth.

Listen to episodes

60 recent

May 20, 2026Episode 1091 hr 3 min

Ransomware in the AI Era | ft. Behnaz Karimi | Ep. 109 | ScaleToZero Podcast | Cloudanix

Ransomware is no longer just about encrypting files on a legacy server. In the age of AI, the attack surface has fundamentally shifted. In this episode, we sit down with Behnaz Karimi, An Independent Researcher, to deconstruct how ransomware has evolved over the last decade and what it means for modern, AI-driven infrastructure.From identifying the most overlooked entry points to mapping out a bulletproof incident response plan using the OWASP framework, this conversation is a tactical guide for securing organizations of all sizes.00:00 Teaser and Introduction04:10 Ransomware Today vs. 10 Years Ago08:13 Does Ransomware Affect AI Systems?11:42 Ransomware Attacks in the AI Age15:45 AI vs. Users vs. Attackers; Who is powerful?20:00 Compromised System Components for AI Attack22:48 Most Overlooked Entry Point26:06 Attacks on Small and Mid-Sized Orgs31:40 Where do you stand against AI attack?36:20 What is holding back organizations?40:46 Incident Response during Ransomware Attack50:20 Starting Security with OWASP Framework53:05 Security Tech Globally01:00:00 Summary01:01:30 Learning Recommendations#Ransomware #AISecurity #SRE #InfrastructureSecurity #IncidentResponse #OWASP #Cybersecurity #TechPodcast #CloudSecurity #InfoSec #ScaleToZero

April 8, 2026Episode 10348 min

IAM in 2026: From Anti-Patterns to Autonomous AI Agents | ft. Advait Patel | ScaleToZero Podcast | Ep. 108 | Cloudanix

Cloud infrastructure is moving faster than ever, but is your security keeping up? We sit down with a Senior Site Reliability Engineer to discuss the evolution of Infrastructure Security and Compliance in 2026. Whether you're an SRE, Security Engineer, or DevOps Lead, this episode will challenge how you think about "secure" infrastructure.Transcript: https://www.scaletozero.com/episodes/iam-in-2026-from-anti-patterns-to-autonomous-ai-agents-with-advait-patel/Advait Patel: https://www.linkedin.com/in/advaitpatel93/Powered by: https://cloudanix.comAlso Available on our YouTube Channel: https://youtu.be/1dchqWnt1hAKey Discussion Points are as Follows:00:00 Introduction07:40 Real-world Challenges of Infrastructure Security and Compliance11:20 Automating Security Checks and Avoiding Bottlenecks13:25 Security Impact of IAM Implementation17:28 Architecting an IAM Program in 202619:38 KPIs to Measure the Effectiveness of Security Implementations22:48 Measuring the Decision Quality25:12 Most Common IAM Anti-Patterns29:40 AI Agents for Automated Root Cause Analysis of IAM Failures33:27 Will AI Agents go Fully Autonomous?35:40 Using AI to Bypass IAM Security39:14 Cloud Security Trend From 2012 Should Die42:33 Future of AI Cloud Security44:14 Summary45:24 Learning Recommendations

March 25, 2026Episode 10745 min

AI Security: Hype vs. Reality and the Roadmap to CISO | Ft. Niyati Daftary | Ep. 107 | ScaleToZero Podcast | Powered by Cloudanix

Is the security impact of AI being underrated, or are we worrying about the wrong risks? In this episode, we sit down with a Security Analyst to bridge the gap between high-level security consulting and the deep-trench reality of day-to-day defense.#Cybersecurity #SecurityAnalyst #CISO #AISecurity #SecurityResearch #Infosec #CareerRoadmap #SecurityLeadership #TechPodcast #ScaleToZeroPowered by Cloudanix: https://www.cloudanix.comYouTube: https://www.youtube.com/@cloudanix00:00 Introduction04:55 AI Security Risks Organizations are Worried09:00 Security Impact of AI - Underrated?11:33 Challenges of Security Leaders18:00 Cybersecurity Perspective of a Consultant vs. Analyst22:10 Beliefs vs. Reality in Security Practices23:53 Development of a Security Research Document31:40 Challenges of Leaders Implementing Security Research Notes36:22 Roadmap for Aspiring CISOs and Security Leaders42:22 Learning Recommendations

March 11, 2026Episode 10647 min

Product Security at Scale: Minimizing Friction & Defending AI Integrations | ft. Sana Talwar | Ep.106 | ScaleToZero Podcast

In this episode of ScaleToZero Podcast, we sit down with a Product Security Engineer to discuss the delicate balance between robust security, user experience, and developer velocity.From identifying red flags in security reviews to using AI for point-in-time vulnerability assessments, we cover the tactical moves that early security teams need to make today.The landscape is shifting from "Security vs. Engineering" to "Security + Engineering." If you're an early security team looking to leverage AI to punch above your weight class, this episode is a must-listen.YouTube: https://youtu.be/wv_1NZkv9bsCloudanix: https://www.cloudanix.com00:00 Introduction03:40 Developer-friendly Security in Practice07:22 Minimizing Friction between Security and Engineering09:15 Navigating the Trade-offs between Security and User Experience11:32 Red Flags in Third-Party Security Reviews and Internal Security Reviews19:00 Point-in-Time Vulnerability Assessments using AI21:35 Managing Malicious Updates without Manual Reviews24:55 Communicating Third-Party Security Risks to a Product Manager28:50 Improving Product Security using AI for Early Security Teams33:20 AI Performing Critical Security Job Functions35:27 Patching AI Prompt Injection Attacks41:05 AI Integration and Reshaping Security Landscape46:04 Summary#ProductSecurity #DevSecOps #AppSec #Cybersecurity #AISecurity #ProductManagement #DeveloperVelocity #TechLeadership #ScaleToZero

February 25, 2026Episode 10548 min

eBPF, MCP Servers, and the Kernel-Level Future of AI Security | ft. Ammar Ekbote | Ep. 105 | ScaleToZero Podcast

In this episode, we sit down with a veteran Security and Cloud Infra Leader to deconstruct the architecture of modern workload monitoring and the emerging risks of AI-driven connectivity. We dive deep into eBPF—the technology providing "invisible" observability—and the security implications of MCP (Model Context Protocol) servers in the enterprise.Whether you're an infra lead or a security engineer, this episode provides the technical depth to help you stay ahead of the curve.Also available on YouTube: https://youtu.be/iCfEJlgXFBU00:00 Teaser and Introduction04:12 Architectural differences between Agentless and Agent-based scanning07:50 Losing security signals in case of Agentless scanning09:23 Challenges of Agent-based scanning10:45 Vendor checklist for production release11:45 Noisy neighbour challenge and customer application14:52 Securing large agent-based vendor machines16:40 Use of eBPF for invisible workload monitoring19:17 Securing the eBPF21:00 Does eBPF solve the stability and performance risks?23:25 Security risks when LLMs use MCP servers27:16 Detect and Avoid MCP in an organizational environment32:32 Why use eBPF for security MCP?35:10 Using eBPF to run local servers in a secure way37:00 Can eBPF secure data leaks to AI models?41:19 Justifying stakeholders for using kernel-level security43:25 Evangelizing a security-first mindset44:50 Starting point for developer-led security using eBPF46:30 Learning recommendations47:10 Summary#eBPF #CloudSecurity #AISecurity #MCPServer #DevSecOps #AgentlessScanning #CloudInfrastructure #InfoSec #CybersecurityPodcast #LLMSecurity #KernelSecurity

February 4, 2026Episode 1041 hr 9 min

The Last9 Story: Scaling Engineering, GTM Strategy, and the Reality of "Overnight Success | Ep.104 | ScaleToZero Podcast | Ft. Nishant Modak | Cloudanix

What does it take to build a company that redefines how we look at engineering reliability? In this episode, we sit down with the Founder of Last9 to peel back the curtain on the journey from a single "Aha!" moment to a scaling enterprise.We move beyond the pitch deck to discuss the raw reality of building a startup, the mental models for engineering leadership, and what Vision 2026 looks like in the age of GenAI.Transcript: https://www.scaletozero.com/episodes/the-last9-story-scaling-engineering-gtm-strategy-and-the-reality-of-overnight-success/Cloudanix: https://cloudanix.com/YouTube: https://youtu.be/a955CYXLRdg00:00 Introduction of Nishant Modak03:00 Birth of Last906:40 The "Aha" moment13:00 How is Last9 different?19:10 Building blocks of Last924:20 The Moments of Overnight Success33:05 Go To Market Strategy41:40 Mental Model to Separate Administration and Engineering46:00 Engineering vs Selling49:40 Hard things of hard things, which gave results over time55:00 Vision 2026 with GenAI58:04 KPIs that helped in scaling01:01:25 Personal learnings and life#StartupStory #FounderJourney #EngineeringLeadership #Last9 #GTMStrategy #Entrepreneurship #SRE #Reliability #GenAI2026 #ScalingStartups #techpodcast

January 14, 2026Episode 10349 min

AWS vs. GCP IAM Architecture & The Future of Security in 2026 | ft. Senior Security Engineer (CISSP) - Sneha Malshetti

This episode is a masterclass in modern cloud architecture and the fast-evolving world of AI security. In episode 103, we sat down with a Senior Security Engineer (CISSP) to break down the architectural nuances of AWS vs. GCP IAM and how security roles are evolving in 2026. From mastering cross-account access to defining data perimeters for AI training models, this episode is a deep dive into the technical and strategic layers of cloud-native security.YouTube: https://youtu.be/Y_OCpI8LJb4Transcript: https://www.scaletozero.com/episodes/aws-vs-gcp-iam-architecture-the-future-of-security-in-2026-with-sneha-malshetti-cissp/Sneha Malshetti: https://www.linkedin.com/in/sneha-malshetti/Fearless Organization: https://www.amazon.in/Fearless-Organization-Psychological-Workplace-Innovation/dp/1119477247TLSHandshake Deep Dive and decryption with Wireshark: https://www.youtube.com/watch?v=25_ftpJ-2MECloudanix: https://cloudanix.com/00:00 Introduction04:30 Architectural differences between AWS and GCP IAM08:40 Best practices to approach IAM in AWS and GCP11:00 Achieving centralized identity federation for a consistent user experience13:45 Manage cross-account access securely in AWS vs GCP14:40 Balancing RBAC for large organizations18:00 Automation and Auditing recommendations for IAM21:42 Managing access for large organizations23:55 Monitoring Privileged Access27:20 Balancing Security and Speed30:19 Data Perimeter boundaries and their importance34:20 How have security functions transformed in the AI world?36:55 Will AI replace Humans?38:15 Managing sensitive data used to train AI models42:42 Security Trends in 202645:48 Summary46:48 Learning Recommendation

November 26, 2025Episode 10252 min

Zero Trust AI & Human Risk | Senior Director of Security | Ft. James Cash | Ep. 102 | ScaleToZero Podcast | Cloudanix

What are the security weaknesses that everyone overlooks, and how is the rise of AI changing the risk calculus? We sat down with a Senior Director of Security and Compliance to discuss strategic defense, from securing human capital to implementing Zero Trust for AI systems.This episode is essential for CISOs, security leaders, and compliance officers navigating the volatile landscape of modern risk.How does AI work: https://blog.hubspot.com/marketing/how-does-ai-workYouTube: https://youtu.be/feudnGhDZ78Transcript:https://www.scaletozero.com/episodes/zero-trust-ai-human-risk-a-guide-to-future-proofing-security-with-james-cash/00:00 Introduction05:08 Significant security weaknesses often overlooked10:25 AI SBOMs and Security14:10 Biggest risks in security from AI systems16:31 Ensuring AI systems are secure and responsible20:55 Zero Trust AI Systems for Internal and Third-Party Teams24:20 Evolution of Risks with Rise in AI27:15 Evaluating between Traditional vs. AI SaaS provider33:50 Keeping Stakeholders' interests in Security39:21 Responding to Insider Threats45:45 KPIs for Human Risk Management49:41 Summary50:51 Learning recommendations

November 12, 2025Episode 10152 min

Beyond Tech: Culture and Mindset of Security Engineering | Ft. Dakota Riley | Ep.101 | Cloudanix

In modern, fast-moving organizations, security is a shared responsibility, not a silo. We sat down with a Staff Security Engineer who operates at the intersection of development speed and security integrity to explore what truly defines a strong security program.This episode offers essential advice for leadership, engineers, and recruiters, covering everything from core culture to the risks of new AI models.Also available on YouTube: https://youtu.be/2ut2GQPWA4I00:00 Introduction05:41 CyberArk Acquisition07:40 Top 3 Elements of Building a Strong Security Culture10:50 Good Engineering is Security Engineering13:20 Why do organizations face challenges in achieving a security culture?16:54 Moving Fast - Startups vs. Large Enterprises19:08 Addressing challenges - Startups vs. Large Scale Companies23:00 KPIs to Show Security Progress26:16 Security Teams as Enablers32:57 Right Mindset for Security Engineering36:36 Hiring the Right Security Talent38:31 Addressing Non-Deterministic Nature of LLMs43:13 Trade-Offs of Implementing Bias in Alert Triaging Systems46:11 Training an Agent for Catching Malicious Attacks48:35 Summary49:35 Learning Recommendations

October 29, 2025Episode 10055 min

Kubernetes Security Mastery: Shifting Mindsets for Ephemeral Environments | Ep.100 | Ft. Dinis Cruz

The shift from static data centers to dynamic Kubernetes workloads changes everything about security. In this essential episode, we sit down with an industry leader—an ex-vCISO, OWASP contributor, and founder of a new firm—to break down the new rules of cloud-native defense.If you are dealing with short workload lifecycles, balancing security with velocity, or figuring out the true impact of AI on your role, this is a must-watch.YouTube: https://youtu.be/J0asVeOCAggDinis Cruz: https://www.linkedin.com/in/diniscruz/Host: https://www.linkedin.com/in/mpurusottamc/Cloudanix: https://www.cloudanix.com/00:00 Introduction and Teaser03:00 Minset Shift - From Static Servers to Kubernetes Workloads06:05 Challenges of Shifting From Traditional Data Centers to Serverless08:35 Balancing Security and Other Business Priorities14:20 Varying Cloud Costs and Managing Security Compliance19:19 Logging and Monitoring - How to prioritize effectively?23:34 Identity and Access Management for Short Workload Lifecycles28:49 Leveraging Generative AI for better Security Engineering38:12 Anticipating Attacker Mindset and Defending Your Cloud Environments45:36 How will AI evolve security roles in general?52:17 Summary53:03 Learning Recommendations from the guest