In the past decade, many companies have moved to the cloud and started leveraging its power. As with everything, security plays a big role when it comes to the cloud, which is why I am happy that we have shows such as the Cloud Security Podcast that bring us new bits (and bytes) of wisdom on a regular basis.
About the show
The Cloud Security Podcast is a weekly show that brings in-depth cloud security knowledge from the best and brightest cloud security experts and leaders. Compared to other podcasts, this one is in the form of live streams combining both video and audio, making it much more approachable for folks who have just started listening to podcasts. The show originally started in late 2019, and now it is ranked among the Top 100 weekly live interviews. As the need for cloud security became apparent and seeing how successful the Cloud Security podcast is, the large cloud service providers such as Azure, Google Cloud, and AWS started their own cloud security podcasts as well. Even though the Cloud Security Podcasts are powered by Snyk, they are and will continue to be vendor-neutral.
Ashish Rajan
Ashish Rajan is the host of the show, a CISO, Cyber Security Influencer and a SANS Trainer who often speak about all things Cloud Security & DevSecOps at conferences such as DevSecCon, RSA and CNCF. He is also passionate about community meetup and events as he is the founder of the DevSecOps Melbourne meetup group.
Shilpi Bhattacharjee
Shilpi Bhattacharjee is the producer of the Cloud Security Podcast, and she is considered the execution ninja and master of “Getting Things Done”. Together with Ashish, they are basically a package deal, turning all the projects into successful ones.
Featured episode – S4 E16 “THEY SCANNED ENTIRE GITHUB FOR SECRETS AND FOUND THIS”
Just recently, I listened to one of the episodes that was recorded from KubeCon EU 2023, where Ashish interviewed Mackenzie Jackson from the GitGuardian. A couple months ago, they performed a deep scan of GitHub space and found over 10 million stored secrets! Bysecrets,” you can imagine not only usernames and passwords but also API tokens, AWS access keys, and much more.
One interesting takeaway from this episode is that many companies are removing the secrets so they are not visible in plain sight and in the production version, but they might forget that they might still have them in the commit history. With some of the projects having a long history, it might be quite a hard task to go through the change history and remove the leaked secrets.
If you have read so far, you might want to follow me here on Hashnode. Feel free to connect with me over at LinkedIn or Mastodon.