Fred Bret-Mounet, CISO at Clarify Health Solutions, reminisces about negotiating a 25% salary increase and still being drastically underpaid, eating pasta every day, and learning that security can't just be focused on building Fort Knox. About Fred: "t all started with early e-commerce sites storing item prices client side!   A tinkerer from an early age and the constant need to feed my curiosity have been critical skills to my Information Security career.   With strong technical skills...

Nate Lee, CISO at Tradeshift, talks about creating cloud security capabilities, working with engineering, and how he built a GenAI security question answering bot. About Nate: Nate is currently CISO at Tradeshift, a B2B SaaS platform where he built the security program that has secured over $1 trillion in global business transactions. Previous to that, he led various technical teams including the company’s Platform Operations, Site Reliability Engineering and Corporate IT functions. He got...

Steve Tran, CISO at the Democratic National Committee (DNC), opens up about his personal challenges, finding his path through hacking and magic, and his passion for helping the next generation. ABOUT STEVE:  Steve is the Chief Security Officer for the Democratic National Committee, where he leads the organization's Information Technology, physical security, and cybersecurity strategies and programs. Prior to this, Steve was the Chief Information Security Officer (CISO) for MGM Studios....

Deneen DeFiore, CISO at United Airlines, talks about how she got into security, taking a new CISO role at the start of COVID, what makes a mature business oriented security program, and what CISOs need to know before considering board level opportunities. About Deneen:  Deneen is an accomplished technology and risk management executive with experience across multiple critical infrastructure sectors.   She has expertise in advising global companies and their most senior executives on...

Kapil Assudani, CISO at Edwards Lifesciences, shares how he was one payment away from getting kicked out of his Masters program, being resilient and resourceful, building credibility, and finding ways to reduce the attack surface. About Kapil: Kapil Assudani, with over 20 years of experience in information security, currently holds the position of Senior Vice President and Chief Information Security Officer at Edwards Lifesciences. His tenure at Edwards, spanning over six years, has...

Mike Melo, CISO and head of technology at LifeLabs, talks about his approach to innovation and insights on leading cloud security tools. About Mike Melo:  "Heavily focused on people and integrity-led progression, Mike Melo is a Senior IT Executive and Chief Information Security Officer (CISO) with over 15+ years of experience advancing operational efficiencies, cyber indomitability, and overall organizational success. Currently serving as the CISO & VP IT Shared Services for LifeLabs in...

Jadee Hanson, CISO and CIO at Code42, shares how even as a kid she knew cybersecurity was her calling and how that led to CISO, CIO, and product leadership responsibilities. About Jadee Hanson: As chief information security officer and chief information officer at Code42, Jadee Hanson leads global risk and compliance, security operations, incident response, and insider threat monitoring and investigations. To her position, she brings more than 17 years of information security and a proven...

Brett Cumming, head of security at Skechers, shares how his sister inadvertently got him into cybersecurity and how saying yes to everything laid the foundation for a career in cyber. About Brett: Brett Cumming is a transformative leader who built and currently leads the information security program for the global footwear leader Skechers, helping the organization scale 5x during his tenure. Mr. Cumming’s experience working in both business and engineering focused tech roles provides a...

Bernard Brantley, CISO at Corelight, outlines his vision of modern security and cloud capabilities based on his experience at companies like Microsoft and Amazon, tying together security and business objectives. ABOUT BERNARD: Bernard Brantley is the Chief Information Security Officer (CISO) at San Francisco-based Corelight. He has previously managed threat hunting, threat intelligence, network security architecture and analytics for some of the most mission critical environments at both...

Rinki Sethit, CISO at BILL, discusses her journey in cybersecurity from roles at early cloud adopters like Intuit and Twitter to security vendors like Palo Alto Networks and ultimately to board roles at companies like ForgeRock. ABOUT RINKI:  VP & CISO (CHIEF INFORMATION SECURITY OFFICER) Rinki is currently the Vice President and Chief Information Security Officer at BILL, where she will be leading the global information technology functions and is also responsible for leading efforts to...

Cloud Ace is back for season 2, featuring both new guests and a new host. Frank Kim, a SANS Fellow and CISO-in-Residence at YL Ventures, will sit in as host this season as a wide range of guests join him in exploring the full gamut of cloud topics from multi-cloud and public cloud, to containers, threat detection, cloud pen testing, DevSecOps, automation and everything in between. SPONSER NOTE: Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this...

Brandon Evans and fellow cloud security podcaster Ashish Rajan, host of the Cloud Security Podcast and Principal Cloud Security Advocate for Snyk, chat about developer-first security, multicloud abstraction layers, cybersecurity conferences, and the 5 Cs of cloud security products (CASB, CIEM, CNAPP, CSPM, and CWPP). Our Guest - Ashish Rajan Ashish Rajan is the host of the wildly popular Cloud Security Podcast, a CISO, CyberSecurity Influencer, a SANS Trainer for Cloud Security and an...

Brandon Evans reconnects with former co-worker Marqueze “Q” Sawyers, a Senior Manager of Software Engineering at Asurion, as they chat about moving fast while failing safely while developing cloud-based applications, using tools like GitHub actions to enable security pipelines in a DevSecOps environment, and making security look as cool as it is for Security Champions and engineers. Our Guest - Marqueze Sawyers Twitter: https://twitter.com/MarquezeSawyers LinkedIn:...

Brandon Evans meets with Ahmed AbuGharbia, a Security Manager and Consultant at Sirius Computer Solutions as well as a Certified Instructor Candidate for SANS SEC540: Cloud Security and DevSecOps Automation, to discuss reskilling traditional security professionals to work with Cloud and DevSecOps, getting executive buy-in for investing in their employees, and about an incident he responded to in which all of the infrastructure within his client’s AWS account was deleted. Our Guest - Ahmed...

Jabez Abraham, Senior Cyber Security Cloud Architect at Paige, meets with his former co-worker Brandon Evans to discuss how cloud native security capabilities can eliminate complexity while applying consistent security controls for organizations spanning multiple geographies, cloud accounts, and regulatory regimes. Our Guest - Jabez Abraham As a Senior Cyber Security Cloud Architect at Paige.ai, Jabez is passionate about cloud computing. He thrives on solving problems by leveraging native...

Stacy Dunn, CISO Dojo podcast Co-Host, OWASP Chapter Co-Leader, SANS Senior Solutions Engineer, and former engineer for Check Point and Snyk, chats with Brandon Evans about the Software Development Lifecycle in the cloud, supply-chain security concerns, and the importance of creativity in a field that they both feel is incorrectly considered a hard science. Our Guest - Stacy Dunn Follow Stacy: LinkedIn CISO Dojo Podcast Resources mentioned in this...

Brandon Evans reunites with his former co-worker, Josh, a Senior Security Architect at Snowflake, as they discuss how to build security into DevOps organizations and how he was able to identify vulnerabilities in cloud DevOps tooling. Our Guest - Joshua Makinen Joshua Makinen is a security expert based out of Seattle who has been working in security design and penetration testing for 6 years. Currently, he works with Snowflake to decompose and mitigate the risks associated with Snowflake's...

Brandon Evans talks about building a Cloud Adoption Roadmap with Lysandra Capella, a manager at one of the largest financial institutions in the Dutch Caribbean and a SANS superstar (23 GIAC certs!) Our Guest - Lysandra Capella As a Banking professional with more than 10 years’ experience in cybersecurity domain, Lysandra currently supports executive management at a Financial Institution with strategy formulation, security assurance and IT governance. She comes with a background where she...

Aaron Hutson walks Brandon Evans through his journey from being an on-prem SysAdmin and cloud skeptic to a cloud security student, consultant, and educator who has worked on the Defense Information Systems Agency (DISA) Secure Cloud Computing Architecture initiative. Our Guest - Aaron Hutson Aaron is a passionate advocate for cybersecurity, information technology and education. Aaron holds a Master of Science in Cybersecurity and numerous certifications, such as CISSP, AWS CSAP, GCIH, OSCP...

Brandon Evans is joined by John Alves of CyberOne, who is also an up-and-coming instructor for SANS SEC510: Public Cloud Security: AWS, Azure, and GCP, to take a deep-dive into Microsoft Azure security platforms, creating cloud security learning paths for those you manage, and getting involved with the SANS community. Our Guest - John Alves Twitter: @cyberlowdown LinkedIn: https://www.linkedin.com/in/alves-john/ Resources mentioned in this episode: For Sentinal Training -...

This episode features a panel of three of the top Cloud Identity and Access Management experts in the world. Kat Traxler, Karl Fosaaen, and Kyler Middleton are incredibly knowledgable about how IAM works in all three cloud providers, but Kyler specializes in AWS, Karl spends most of his time with Azure, and Kat is our resident GCP guru. Each panelist will represent their primary cloud’s strengths and weaknesses. Which provider will come out on top? Will any cloud provider leave this...

Dr. Anton Chuvakin and Brandon Evans discuss why some organizations desperately try to follow the on-premises blueprint when securing the cloud, how to prevent Compliance from getting in the way of the evolution of IT Security, and what Anton is doing at Google Cloud to deal with the Shared Responsibility Model breaking in the real world. Our Guest - Dr. Anton Chuvakin Dr. Anton Chuvakin is now involved with security solution strategy at Google Cloud, where he arrived via Chronicle Security...

Frank Kim, the Lead for the SANS Cloud Security and Security Leadership curriculums, joins Brandon Evans to discuss how these areas intersect, the role cloud technologies and vendors play in the People, Process, and Technology Framework, why developers who introduce security flaws today can become the security experts of the future, and the importance of staying curious about cloud trends like multicloud and DevOps. Our Guest - Frank Kim Frank is the Founder of ThinkSec, a security...

Welcome to the SANS Cloud Ace podcast.  Our exciting podcast season 1 will be hosted by Brandon Evans, a SANS instructor and co-author of SEC510: Public Cloud Security: AWS, Azure, and GCP. We'll cover applicable information to use right away with topics such as how to move from on-prem to cloud, identity and access management, and more.