State of Cloud Security 2024 - Leadership Edition

View Show Notes and Transcript

Leadership Insights on Cloud Security in 2024. Ashish sat down with return guest Srinath Kuruvadi, a seasoned cloud security leader with over two decades of experience in the field. Together, they explored the current state and future of cloud security, discussing the importance of detection & incident response teams, building and maintaining a robust cloud security program, understanding the importance of stakeholder management, and the role of data security in mitigating risks. Srinath shared his perspective on the evolution of cloud security, the critical need for a prevention-first mindset while tackling the challenges of managing security in a multi-cloud environment

Questions asked:
00:00 Introduction
01:42 A bit about Srinath
01:55 How has the Cloud Security space changed?
05:27 Are CloudSec and AppSec merging?
06:29 Are stakeholders more engaged with Cloud Security?
08:10 Where are the boundaries for Cloud Security?
10:06 Finding the right talent in Cloud Security
12:31 Building a Multi Cloud Security Team
15:06 The role of platform teams
16:45 Maturity level for Cloud Security
19:18 Current patterns in Cloud Security
22:03 What should CSPs be taking more about?

Srinath Kuruvadi: [00:00:00] I think you're as a cloud security program or a cloud security team, your best friends are your application security team and your instant detection response team. I think that there are two schools of thought, right? So I do think if you're running security at any company, either you make it everybody's problem or you make it your problem, right?

I'll give you another example. I think only in the past year or so, we have seen a lot more data perimeters specific controls are actually coming out, but they are still nuts and bolts. They are like, IAM conditions. They are more like, Hey, go add this condition to this. Or go add this RCP into your environment, right?

Yeah. But then why can't you create those? Why can't you suggest those perimeters for me?

Ashish Rajan: Welcome to the State of Cloud Security. Yes, you heard that the State of Cloud Security from actual practitioners and leaders. This is the first of many that you will come across where we talk about what they're seeing as trends, what they notice as things we should care about as leaders, what we should see in the industry in terms of people, process, technology, that things keep changing every day.

And now with AI, what does that look like? All that, and a lot more [00:01:00] in this episode with Srinath Kuruvadi, I look forward to hearing about what you think about this episode and whether you want more of State of Cloud Security from leadership, from community, and perhaps another angle that we can cover for the State of Cloud Security.

So at least this way, the face behind people who are filling out the surverys instead of an anonymous survey on the internet. I hope you enjoyed this episode as always if you get value from this content and have been here for a second, third time, definitely appreciate a follow or subscribe on the audio channels of Apple, Spotify.

If you're watching this on video, YouTube, LinkedIn, I would appreciate subscribe and follow there as well. I hope you enjoy the State of Cloud Security, Leadership Edition. This time with Srinath Kuruvadi.

Welcome to the State of Cloud Security, the Leadership Edition.

Today I am with Srinath welcome to the show.

Thanks for coming on to this first of many State of Cloud Security from actual practitioners is the theme. . Could you tell us a bit about yourself first?

Srinath Kuruvadi: Thanks Ashish for having me. I'm Srinath Kuruvadi. I've been doing cloud security, actually security for about two decades now. And cloud security more recently in the past decade or so.

Ashish Rajan: One of the things I want to start off with, because you have a lot of experience in cloud security, your [00:02:00] leadership roles as well. I have found that a State of Cloud Security sometimes it's hard to tell whether there's actual leader on the other end or a person who probably doesn't have any experience that just happens to be on the internet when the survey ad came up.

I want people to be able to walk away from how some of the leaders like you, me, and others think about the State of Cloud Security as it is in 2024. And I'll try and avoid talking about AI, but we'll see how far we go with it. My belief at the moment is that people, process, technology is where people like, all of us leaders focus on that.

Hey, is my talent great? Am I able to sustain the talent that I have? Then are the technology challenges with cloud and cloud security? Because you've been in the space for a while, we'll probably start with technology first. What was cloud security like when you first started in the space and how do you see that today in 2024?

So at least people have some context of, okay, some people may agree, some people might chime in, but I'm curious as to how have you seen the cloud security space change?

Srinath Kuruvadi: So I think the cloud security as a space has evolved a lot, right? When it started, it barely existed.

It used to be more VM security or system [00:03:00] security or more securing the sandbox environments. That's how it started. And then it has gotten a lot more mature over at least in the past 15 plus years.

Ashish Rajan: Okay.

Srinath Kuruvadi: And a lot of it in the past 8 to 9 years, I would say. And that has come in on different angles and we have borrowed from multiple areas of security itself.

Yeah. Like application security, like incident detection and response. And then we have applied that in a cloud context. So I think still we are in a state that we are maturing in my opinion, but we still think that the cloud service providers have given us a lot of nuts and bolts. And it is still a security program who need to use it in a more effective way.

Yeah. So we can actually reduce meaningful risk to the business. And that's where a crux of a big part of our cloud security engineering bandwidth goes in, in any organization that we are seeing.

Ashish Rajan: I sometimes still have the same conversation that I had 10 years ago in cloud security. Are you still having those conversations as well?

Absolutely. Yeah. The reason I called it out is I think it's weird cause you, I still walk into rooms and I'll have [00:04:00] conversations with other CISOs who are moving to cloud in 2024. You've done this in the cloud security space and broadly as well. Where do you think people should focus on?

I think what would you say people should consider having these things in their security program in 2024?

Please don't say AI.

Srinath Kuruvadi: No, AI has a space, but I do think it's always been about fundamentals. Even now, and even if you talk about areas outside cloud security, it's always been about the fundamentals.

You talk about asset inventory, you talk about basic preventative controls, just talk about basic detective controls and be ready for that incident. It's always been about the same things, but again, it depends on your area and your areas of maturity and how much of a depth do you need to go into depending on the complexity off your environment.

So it's definitely I do think it's the basic elements applied in the cloud context, but we struggle at the basics because it's about where it stands in your priority of things in your security program. But there is no doubt cloud security as an area, has gained a prominent place [00:05:00] in any security program.

It's not like a nice to have anymore. Yeah. It's definitely a must have. Yeah. Given in all the breaches and given all the attacks. Given all the unique challenges of the shared responsibility model that we actually run into. So we have to prioritize this in your security program. Barely there is any security program where I've seen at least one person or at least a team working on cloud security has been almost a given in any mature organization or even in a fairly mid to large enterprises is what we are seeing.

Ashish Rajan: Even though cloud security has gotten itself a prominent spot, which I think 10 plus years ago, no one wanted to even have that as a line item.

Srinath Kuruvadi: It used to be more merged with application security.

Ashish Rajan: Yeah.

Srinath Kuruvadi: Like now there is like cloud security and infrastructure security has its own place.

Ashish Rajan: But do you feel, cause the promised land is that AppSec and CloudSec combine and become product security. Do you find that in the conversations you have and in the. maturity cycle of this 10 plus years journey that people have had. Is that still where we are going? You reckon?

Srinath Kuruvadi: I do think we need to bring context from the [00:06:00] application into the cloud world and from the cloud world into the application security world. Yeah. It's all about that context so that we can enrich our controls based on those pieces of context.

I'm not sure if you're going to merge them both as disciplines. Yeah. But I do see that they can benefit each other. You need to be more informed. Yeah. In fact, I think as a cloud security program or a cloud security team, your best friends are your application security team and your incident detection response team.

Like you have to see hand in hand with everything that you're actually putting in place.

Ashish Rajan: Yeah. Talking about best friends, stakeholder management is a big thing as well in our leadership roles as well. Do you find that the stakeholder side of things as well. Are they more informed about cloud security?

Cause I think the initial challenge used to be security itself did not consider cloud security the thing. Now, at least it is a thing now talking to other people in the organization, say, Hey, we want a vulnerability resolved in whatever AWS, Azure, Google cloud pick your cloud service provider, or maybe all of them together.

Do you find that stakeholders a lot more informed or onboard, or is [00:07:00] there still a journey to be had in terms of educating them about it? Or is it more that the challenge is a lot more complex and it's not easy as I'm just going to click this button and it's resolved.

Srinath Kuruvadi: I think that there are two schools of thought, right?

So I do think if you're running security at any company, either you make it everybody's problem or you make it your problem. So depending on your bandwidth, depending on your resourcing, depending on your budget, right? Either you hire a bunch of kubernetes security experts and then make it their problem.

So nobody else worries about it, or you make it a shared responsibility. And so your business or your stakeholders Hey, security, along with quality, along with reliability, along with resilience, everything, this is another thing you need to care about.

Ashish Rajan: Yeah. Yeah.

Srinath Kuruvadi: So it depends on where, and then I think the most successful security programs I've seen , are those where you have well defined shared responsibility, whereas who is actually going to reduce risks.

Yeah. And once that is clear it becomes easier.

Ashish Rajan: Where do people draw the line for cloud security operation, application security, vulnerability [00:08:00] management?

There is like this pockets of best friend that we have in the organization, but there's always a confusion.

I was talking to another CISO, they were trying to figure out that hey shouldn't cloud security alerts go to vulnerability management,

Srinath Kuruvadi: right?

Ashish Rajan: And then there was another school of thought, but shouldn't cloud security alerts go to the SOC team because it could be a potential incident, but then you don't want to wake up a SOC team person at 3am because the public S3 bucket versus a, Hey, there's an IP address open on the internet.

Like they would not know the context difference. Where do you find the boundaries being drawn for cloud security? What are people doing in the cloud security team?

Srinath Kuruvadi: At the risk of, having worked for about eight or so companies now,

Ashish Rajan: yeah,

Srinath Kuruvadi: I don't like to be opinionated, but I think this is one of the things which I've seen time and again work very well is like you need to have a general triage team, right?

For any alerts that comes in, right? That's your triage one or our first line of triage level one. Yeah, and the second line is where you bring the subject matter experts like that's where the cloud security team can contribute. Application security team can contribute depending on what the alert we are talking about.

And I think the best use of our cloud security [00:09:00] engineering bandwidth is to focus on classes of problems. As opposed to single problem, like chasing down every single thing. If you work on building the security faults or pave paths or whatever you call it, then you can actually have one person work on one thing and then make this entire class of problems go away for the organization as opposed to having these subject matter experts being pulled into one on one for every single alert, every single finding that actually comes in.

That's generally, I've seen it working well.

Ashish Rajan: Yeah.

Srinath Kuruvadi: The only exception being incident. If there is a big incident, like log4j or whatever, then everybody needs to have all hands on deck, and then you come together.

Ashish Rajan: Oh, so it's more like to your point because I think incidents are as in public incidents, not because if you look at a CSP everything is an incident.

It's like a big wall of red sign. Holy shit. Like a mine, there's fire every day. 10, 000 of them. So I think you, when you say incident, you're referring to publicly known incidents.

Srinath Kuruvadi: Or maybe your customer data is in trouble or you have reason to believe that there was a data leak.

Ashish Rajan: Yeah.

Srinath Kuruvadi: Or do you have a reason to believe that there was a Bitcoin miner in your environment?

Yeah. Or there's a malware [00:10:00] that we found in your environment. Like those are the kinds of things which I would actually use. We call them as incidents, which has some real business impact.

Ashish Rajan: You're almost saying that level one SOC teams probably should be the ones triaging, but then we are in this, which is my I guess the next part that the talent part as well, because they technically have never I think as much as I would like to sit here and talk about that, Hey, cloud security should be easy.

They have been like this when I say they, the security operation teams have been amazing at doing level one, level two, three, four data centers. As much as I would, they might like to think it's just another environment. I don't need to know anything and GenAI can solve my problem. Do you find that there is a knowledge gap that people have not seen in terms of the SOC teams being equipped with the right knowledge to even , that example that I used earlier about S3 bucket versus an open IP or IP address on the internet.

They would not know the difference. For them, that sounds like an incident. I'm curious from your perspective, talent retention and even finding talent in this [00:11:00] space is hard. It was hard in the beginning. Is it still hard now?

Srinath Kuruvadi: I would say so, but I do think there are certain, again, as a tier two subject matter expert for your organization, as a cloud security expert, it's up to you to help them help you.

Okay. So if you set up run books, if you set up common playbooks where you can actually say that, Hey, these are the kinds of things where you can investigate yourself. Then you're going to bother me less. So if you make that investment, then you can actually scale your team better, your bandwidth better.

Ashish Rajan: Yeah.

Srinath Kuruvadi: So the SOC one teams or the tier one triage teams. They can essentially be more and be more self sufficient that's one way to scale. But I do think going back to your question around talent and how we are actually managing this particular space, a lot of the security or risk based thinking translates over to the cloud as well.

So I'm also a big fan of thoughtfully setting up teams where you actually bring a diversity of skills together in terms of junior senior mix in terms of AWS, Azure, GCP experience, right? So if you bring that kind of a rich, [00:12:00] diverse set of folks together, magic happens. Yeah. Yeah. And that's why as leaders, we spend a big part of our jobs in hiring and retaining and at the same time setting up structures and incentivize them and provide all the recognition they need to actually get great things done.

And that's where you can actually build a stable team. If you build a team where there is a person leaving every other day or every other month or every other year, then you're not actually hunkering down and building some quality outcomes for the business.

Ashish Rajan: We are hearing rumbles of Oracle cloud and IBM cloud being used everywhere as well.

Srinath Kuruvadi: So five different clouds?

Ashish Rajan: Yeah. Now it's not three anymore. It's five almost. How would you design a cloud security team? Do you need to have all cloud providers covered? Obviously if you are an organization which has multi cloud, do you need to all have all of that covered across your board?

But is that one person? Cause I see a lot of times LinkedIn would have, I'm a multi cloud expert. I'm going, wow. It's like saying I can drive a left hand, right hand and on top of the car as well. It's like a full stack engineer. Yeah. I can do everything. Yeah. So is there like a [00:13:00] full stack multi cloud thing that you feel is a reality?

Srinath Kuruvadi: But I do think that it is the way I think about it is that as a shared services that you need to always invest.

Ashish Rajan: Yeah.

Srinath Kuruvadi: Like shared services, essentially. Let's talk about CSPM right as a capability, we can build CSPM as a shared service where you just throw in different clouds, but you get the same set of contracts for CSPM like capability.

Yes. So it is like invest once and throw it on multiple clouds and it's the same set of capabilities that can actually work, but there's always going to be the last mile, which is going to be very different to the CSPs. And that is another place where you might have to bring the expertise. So it's almost like a shared service for that tackles multiple cloud challenges.

And then there is a last mile set of capabilities that you can have to invest. So this is where you have to bring in a GCP engineer, Azure engineer, or AWS engineer.

Ashish Rajan: Yeah.

Srinath Kuruvadi: Who actually understands the specificities of the cloud. Yeah. And then build on top of the shared services so that you can get efficiencies by scale.

At the end of the day I'm a practitioner by heart and I was an engineer. I used to write code, so I do like efficiencies wherever possible.

Ashish Rajan: Yeah. Yeah.

Srinath Kuruvadi: And I think this is an, a [00:14:00] nice way for us to be thinking. Also always, I mean there's such a common problem there is gonna be a fourth cloud, fifth cloud, 10th cloud thrown at you.

So be ready for it In terms of common set of capabilities must have capabilities that you actually need to reduce the risk. Alright.

Ashish Rajan: cause I think to your point, initially when you're starting to build the team, if you are already multi-cloud, at least have SMEs in each one of those teams. But keep it, keep that layer light.

Yeah. Okay.

Srinath Kuruvadi: The SMEs are light, but your shared services is gonna be heavier.

Ashish Rajan: Oh okay. Actually, that's a good point. And the CSPM, whether it's a open S3 bucket, open blob storage or open, same. Like it's the same at the end of the day. Correct. It's more the context for it is hey, someone else would know the deeper context for it so they can go deeper into it.

Srinath Kuruvadi: Exactly.

Ashish Rajan: Oh, okay. And to your point, level one kind of looks at the basic triage level,

Srinath Kuruvadi: right?

Ashish Rajan: From the shared service?

Srinath Kuruvadi: Absolutely.

Ashish Rajan: Ah, okay.

Srinath Kuruvadi: I'll give you another example, right? Yeah. For example, Azure. Azure has something called Azure Policy Framework.

Ashish Rajan: That's right.

Srinath Kuruvadi: Which does not exist in AWS and GCP.

So it is a little bit easier for us to be doing preventative controls. So that's where the single person or a small slice or [00:15:00] a small layer of Azure security expertise is going to bring that expertise and add that layer on top of your shared services.

Ashish Rajan: Yeah, because I think a lot of organizations that I've been talking to, working with, they have platform teams as well.

Now they have the, this is what the Terraforms of the world have created now. Suddenly there's a lot of platform teams. No one is a sysadmin anymore, unfortunately. But the platform teams are building that shared capability across the board. What does that paved path look like? And what I was going to share earlier was that people have gone down the path that I still have.

Ashish is the AWS person, Ashish is the GCP person, Ashish is the Azure person. But I can't expect that all those three people to be the same person.

Fatigue and all of that, but also the fact that if someone wants to go and leave and don't need another person, like now you have failure. Yeah. Now you already have six people already in the team.

So I started with three now I'm sitting at six people just for failover. And so if one person go on a holiday as we do that as well the reality of leadership to expect that one [00:16:00] per one team or one person knows all of it. It's probably unfair. And that's where shared services make sense.

Srinath Kuruvadi: Absolutely.

Yeah. And that's where I'm a big fan of this platform concept, right? You can actually build a platform for multiple clouds in a single place, right? In that way, you can bring consistency in the way we do controls, the way we do risks, and you can actually compare apples to apples when it says, okay, GCP risk here is comparable to the AWS risk here with this particular asset, with this type of data.

Yeah. In that way, you can actually compare and right size your investments and also being able to build SLAs around. What kind of vulnerabilities are more important? I think that consistent layer is important and platform is a great place and platform should do things like Terraform and opinionated modules and those kinds of things, which will actually bring reduced risk from misconfigurations.

Ashish Rajan: A question on maturity as well, because I think in my mind, when I think of State of Cloud Security obviously the people process technology , so we spoke about people and technology. But one thing we haven't spoken about the strategic lens for, what does that maturity look like? And [00:17:00] maturity, not just in terms of where we are today in terms of what the cloud service provider has given us, our business objectives may be different where the talent can be like as much as we would like to hire everyone in the planet who's amazing, limited number of those limited number of their availability, they might not in the same city, all of that.

Where do you see the maturity level go for cloud these days?

Srinath Kuruvadi: I do think in terms of capabilities, right? When I say If you're ready for an incident, that's maturity level basic,

Ashish Rajan: right?

Srinath Kuruvadi: And when you go a little bit beyond that, then you actually look at hygiene in your environment, like vulnerabilities, what kind of misconfigurations exist.

And are they like drop everything, work on it kind of vulnerabilities or are they mostly like maybe a level two, level three, or V2, V3 from our maturities, from our criticality perspective, right? So that would be like the next level. And the third thing would be like, as I said, the classes of problems, like where essentially say, okay, I'm seeing this problem.

I'm seeing this other problem. This other app also has the same problem. How can I put a [00:18:00] composite in control that can actually make this entire problem go away, right? And this is where opinionator Terraform modules and those were going to come in. So I would say that would be the next layer. So organizations go through this, right?

So if I'm a one person security team, a very small team, I'm a head of security or security engineer, first hire, then I'm going to just focus on incident readiness. I'm going to focus on okay, how can I be prepared for that bad day?

And be aware of it and just build relationship with everybody.

Okay. And then also make sure that I have some very basic MFAs kind of things like turned on so that I'm at least ready for bad stuff. The second thing I'm going to just go as okay, now I'm feel comfortable. Let's go to the next level and look at vulnerability management. Let's look at some of the basics around least privilege, some amount of like lateral movement problems that exist in our environment.

And how can I address that in in terms of like architectural design and principles and also just throwing in controls that are more effective. And the third thing is I'm going to just go after a class of problems and put preventative controls in place, opinionated Terraform modules to do resource management in the cloud, right?

I'm going to go after that. So [00:19:00] in that way, that's how I see the maturity actually grow.

And as an engineer, you could be anywhere depending on your organization. So it does not necessarily mean you could be capable of the opinionations or the most mature capabilities that you would like to see in cloud security.

But sometimes you could be working on like really basic like incident readiness like I was talking about.

Ashish Rajan: In terms of you mentioned capability, the compute or the patterns or the themes you're seeing in the conversations you're having with the industry. Are there obvious patterns that are coming out in the conversations it's easy for us to dive into one problem quite deep without realising the next wave coming.

And the wave could be AI, the wave could not be AI. But I think in terms of. So what are you seeing is almost coming up more often in conversations in terms of technology within the cloud space. Even if it's AI, even though we said we won't talk about AI, feel free to throw out a word. But what are you seeing as themes across the board that would be to your point are here to stay and people either, if they have it in their security program today, maybe adding it in the next [00:20:00] year or so.

Srinath Kuruvadi: I can think of three things that actually comes to my mind. One is I think we are only off late thinking about data security. I think a big part of your cloud security should be about data security. Like data exfiltration risk is the number one problem facing any public cloud provider, any cloud footprint, any cloud hosted data that exists.

And I think we should be start taking that seriously. And for good or bad reason, this is getting all the attention, right? DSPM and you can see the DLP and capabilities. But I think that we should not stop at those capabilities. We should actually use that to meaningfully reduce risk, right?

So that is one thing that I'm seeing as a pattern that is coming up quite a bit. The second thing I'm actually seeing is a bit of an interest, but I really would love to see a lot more is like prevention first mindset. So being able to say like, how can I stop that problem from even happening instead of just this whack a mole chasing down problem after problem, right?

And that is where I see a ton of energy going into prevention first mindset. How can I make sure all cloud assets are secure from [00:21:00] start? They stay in that secure state and then they get shut down that in that secure state.

Ashish Rajan: Yeah.

Srinath Kuruvadi: So that is another pattern that I think there's a ton of energy that is going, but I also think there should be a lot more we could be doing.

The third thing is a lot around a systematic approach to controls, I would say. So if I have two security engineers, I give them the same environment, they will go after with two different set of controls. Hey, I have this Friday morning. I come in, they go after two different things.

Like, why is that inconsistency? Shouldn't they be going after the same risks for the same environment? No it's because of their skills, their comfort level. And also they'd have preference.

Ashish Rajan: Yeah.

Srinath Kuruvadi: Like instead I would love for us to be thinking about as a State of Cloud Security, how can we bring consistency around cloud security risks?

If two people with two different skill sets, then given the same environment, they should go after the same risks.

So in that way, we should be able to think about okay, this is the most important risk and this is what I'm going to be doing irrespective of who is actually going to be doing it. Once we solve that, then we can throw AI at the problem and AI is going to solve that problem for us instead of

Ashish Rajan: [00:22:00] Because the data will be consistent.

It's not changing. Okay. Okay. And what is something that cloud security providers are not talking about at the moment that they should be doing?

Srinath Kuruvadi: I think they should be giving more opinionation, in my opinion. So I think they should be a lot more opinionated. They should give us more secure from start principles.

They're giving us a lot more of nuts and bolts, as I say. And we need to be putting them together. Yeah. And that is the part which I think that is a lot more work to be done in that space.

Ashish Rajan: Oh, yeah. Because to your point, the well architected framework that came by all three cloud providers is the beginning of one of those, where now at least there's something to start with, but then there isn't an industry based standard or a there's no specific framework.

I can just use that from a cloud provider and just use that to build a whole program if I want to.

Srinath Kuruvadi: Absolutely. I'll give you another example. Only in the past year or so, we have seen a lot more data perimeters,specific controls that are actually coming out. But they're still nuts and bolts.

They're like IAM conditions. They're more like, Hey, go add this condition to this or go add this RCP in your environment.

Ashish Rajan: [00:23:00] Yeah.

Srinath Kuruvadi: But then why can't you create those? Why can't you suggest those perimeters for me? Why can't you observe my traffic and then suggest perimeters for me?

Sounds like GenAI problem exactly. In fact, I am actually very excited about one possibility that Gen AI might bring to us is personalizing recommendations based on my risks, my environment, my structure, and then my compensating controls. Given everything, feed that in into a Gen AI system.

And that essentially tells me, Hey, here's where your risks exist. Here's what you're missing. Wouldn't that be awesome?

Ashish Rajan: Yeah, it's funny the flip side to all optimization, if it truly comes to fruition would be Yeah. We'll be solving people problems after that. Absolutely. It's just the opinion of someone I I don't believe in MFA oh, great.

So there's no GenAI for that, unfortunately. As much as we will find the perfect path.

I generally feel as humans have done and I think. There's a movie that came out, Don't Look Up, and I always think of that movie, I think of as much as I would like to think GenAI is going to be that thing that tells us, Hey, there's a meteor coming towards you right now.

You need to do something about it. [00:24:00] Someone would be in an opinion would definitely go, nah, not good enough for me. I'm going to wait. I want to see what if it deflects, we truly don't know how earth behaves or just bounces back.

Srinath Kuruvadi: Isn't it similar to like , when we used to hesitate putting up credit cards online.

Yeah. Same. Or get into Uber. Yeah. Yeah. It's commonplace. Give it some time. It's going to be common practice and it's going to take off.

Ashish Rajan: That's right. What are we hoping for? But where can people find you on the internet? They want to connect with you more about this as well.

Srinath Kuruvadi: I'm on LinkedIn. So LinkedIn is the best way to reach me.

I'm Srinath Kuruvadi there.

Ashish Rajan: Awesome. I'll share the link in the comments as well. But dude, thanks so much for coming on the show.

Srinath Kuruvadi: Thank you so much. I

appreciate your State of Cloud Security information . We'll hope to share some more of this. Talk to you soon. Peace. Next episode. Thank you for listening or watching this episode of Cloud Security Podcast.

We have been running for the past five years, so I'm sure we haven't covered everything cloud security yet. And if there's a particular cloud security topic that we can cover for you in an interview format on Cloud Security Podcast, or make a training video on tutorials on Cloud Security Bootcamp, definitely reach out to us on info at cloudsecuritypodcast. tv By the way, if you're interested in [00:25:00] AI and cybersecurity, as many cybersecurity leaders are, you might be interested in our sister AI Cybersecurity Podcast which I run with former CSO of Robinhood, Caleb Sima, where we talk about everything AI and cybersecurity. How can organizations deal with cybersecurity on AI systems, AI platforms, whatever AI has to bring next as an evolution of ChatGPT and everything else continues.

If you have any other suggestions, definitely drop them on info at CloudSecurityPodcast. tv. I'll drop that in the description and the show notes as well so you can reach out to us easily. Otherwise, I will see you in the next episode. Peace.

No items found.
More Videos