EP80 CISO Walks Into the Cloud: Frustrations, Successes, Lessons ... And Does the Risk Change?

Guest:

• David Stone, Staff Consultant at Office of the CISO, Google Cloud

Topics:

• Speaking as a former CISO, what triggered your organization migration to the cloud?
• When did you and the security organization get brought in?
• How did you plan your security organization journey to the cloud?
• Did you take going to Cloud as an opportunity to change things beyond the tools you were using?
• As you got going into the cloud, what was the hardest part for your organization ?
• What was most surprising? Good surprise and bad surprise?
• How did you design security controls for the cloud?
• How do you validate and verify security controls in the cloud?
• How did you incorporate your cloud environment into your SOC's responsibility
• Having covered all that tactical terrain, one final strategic question: is moving to Cloud a net risk reduction? Can it be?

Resources:

• "How CISOs need to adapt their mental models for cloud security"
• "Megatrends drive cloud adoption—and improve security for all"
• "EP47 Megatrends, Macro-changes, Microservices, Oh My! Changes in 2022 and Beyond in Cloud Security" (ep47)
• "CISO's Guide to Cloud Security Transformation" paper [PDF]
• Google SRE book
• GCAT site