Brandon Evans reunites with his former co-worker, Josh, a Senior Security Architect at Snowflake, as they discuss how to build security into DevOps organizations and how he was able to identify vulnerabilities in cloud DevOps tooling. Our Guest - Joshua Makinen Joshua Makinen is a security expert based out of Seattle who has been working in security design and penetration testing for 6 years. Currently, he works with Snowflake to decompose and mitigate the risks associated with Snowflake's infrastructure and public-facing offerings as a Data Cloud. During his time as a Security Consultant with NCC Group, he was exposed to a multitude of different organizations and was fascinated by the wide variety of problems they faced, technologies they used, and the approaches to cloud security they chose as a result. While much of his career accomplishments are not public, he once released a container image registry scanning tool called go-pillage-registries and also (accidentally) discovered and responsibly disclosed a couple of high-severity bug-bounty findings and CVE-2021-3583 in Ansible. Internal threats to an organization's supply chain and management interfaces for sensitive environments remains as one of Josh's favorite topics to consider in security.  Follow Joshua Twitter LinkedIn Web Sponsor's Note: Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcast and would like to learn more about cloud security, SANS Cloud Security curriculum is here to support your journey into building, deploying, and managing secure cloud infrastructure, platforms, and applications. Whether you are on a technical flight plan, or a leadership one, SANS Cloud Security curriculum has resources, training, and certifications to fit your needs. Focus on where the cloud is going, not where it is today. Your organization is going to need someone with hands-on technical experience and cloud security-specific knowledge. You will be prepared not only for your current role, but also for a cutting-edge future in cloud security. Review and Download Cloud Security Resources: sans.org/cloud-security/ Join our growing and diverse community of cloud security professionals on your platform of choice: Discord | Twitter | LinkedIn | YouTube Join the global cybersecurity community in its most festive cyber security challenge and virtual conference of the year. The SANS Holiday Hack Challenge is a FREE series of super fun, high-quality, hands-on cybersecurity challenges. The SANS Holiday Hack Challenge is for all skill levels, with a stellar prize at the end for the best of the best entries.Learn more at SANS.org/HHC2022