Shauli Rozen: [00:00:00] So think about the four C's of cloud security. Everybody talks about it, right? Cloud, cluster, container, code, right? So CDR is just one. It's just the cloud. Cluster, KDR, Kubernetes Detection Response. Container, eBPF based process analysis. And a code or application, I think that's ADR, Application Detection Response.

Basically, understanding all of the different layers that an attacker might be able to utilize in order to penetrate your organization.

Ashish Rajan: If you're a cloud security person who's looking at Kubernetes, you're probably missing a blind spot that is very obvious. I'm at KubeCon today and I'm talking to Shauli Rozen.

We spoke about Kubernetes runtime security. That's right. The same way, A lot of us try and secure our applications that are hosted in cloud. These days, most applications that are built on AI or any of the newer projects seems to be a lot more on Kubernetes. In this conversation, we spoke about the space of CADR, C A D R.

Yes, I know, it's another acronym. It's not official yet, but I think [00:01:00] we would like it to be official. So we spoke about CADR, how different it is to a CSPM, and why the way CSPM or even as much as CNAPP may be missing something here when they talk about Kubernetes security and why runtime security for Kubernetes is going to be a bit different than you may believe with the CNAPP.

All that and a lot more in this conversation with Shauli Rozen from ARMO Security. And as always, if you're listening or watching a Cloud Security Podcast episode for a second or third time, I would really appreciate if you're on Apple Podcasts or Spotify, give us a follow. If you're watching this on YouTube or LinkedIn, definitely follow or subscribe because that would truly help support the work we're doing over here.

I hope you enjoyed this episode with Shauli and get to learn more about runtime security kubernetes, the cloud native way. I'll talk to you soon.

Welcome to another episode of Cloud Security Podcast. Today, we're talking about CADR and to talk about this, hey man, thanks for coming in.

Shauli Rozen: Thank you for having me.

Ashish Rajan: Could you tell us a bit about yourself and your professional career and what led you to start a company?

Shauli Rozen: So it's been a while. I have a long history behind me, but I'm an engineer by profession. Turned into more into the management and [00:02:00] business roles when I did my MBA in here in the United States, actually.

Ashish Rajan: Oh,

Shauli Rozen: and then, then went back to Israel, worked in a few startups, a few technology startups. And then I met Ben, my co founder.

And he had this great idea of, runtime security for Kubernetes. And we started dating, right? And we had quite a bit of dating got to know each other.

The technology that he had in mind was amazing. And I thought, yeah let's make the jump after being an executive in a few startups. And do one of my own.

Ashish Rajan: And so Kubescape was one of the things that came out of that as well. Which is an open source project in CNCF.

Shauli Rozen: Yes.

Ashish Rajan: Could you tell us a bit about what that project is and where do people end up using it?

Shauli Rozen: Yeah, so Kubescape is honestly in the beginning was an almost like a side effect So we, you know, Ben, you know came up with this idea of runtime security for kubernetes, which is based on detailed data on the application behavior and it was very advanced, but it was also 2019 2020.

Oh, we will go to companies and we present that And, the feedback was this is amazing, but we are facing [00:03:00] much more basic problems. We want to know basic Kubernetes hygiene. We want to scan for vulnerabilities. We want to scan for misconfigurations. Like we're really in our basics right now.

Ashish Rajan: Yeah.

Shauli Rozen: So we thought, hey let's, take out an open source that does exactly that.

Ashish Rajan: Yeah.

Shauli Rozen: And that's where Kubescape came up. Ben came up with it. We launched it in the beginning. It was just scanning for the NSA and CISA guidance for hardening of Kubernetes. It just came up, I think it was 2020 or

Ashish Rajan: 2021.

Shauli Rozen: And Kubescape was the first tool that kind of took your cluster and scanned against that.

Ashish Rajan: Oh, so CIS benchmarks and all that.

Shauli Rozen: Yes, CIS, NSA, all of those benchmarks. And then we just, it took off really fast.

Ashish Rajan: Yep.

Shauli Rozen: Today it has like over 10, 000 stars in GitHub. I don't know, something like 30k companies already using it, in their environments.

And that's why we decided to make our, enterprise product also part of that. So we took that runtime information and that runtime protection data. We latched it on and now the ARMO platform is basically combining all of those together.

Ashish Rajan: How would you [00:04:00] describe runtime? And the reason I ask this is because every time I try and talk about Kubernetes security, people talk about, Oh, I have CNAPP, I have CSPM, throw all these acronyms.

For people who probably, just to give them a sense of why, to your point, Kubescape was that first layer for posture management, if I could use that word for if you're benchmarking, right? That I would think is where CSPM normally kind of ends. How would you describe runtime security for people who probably haven't worked in that kubernetes space quite a lot?

How would you describe that?

Shauli Rozen: So I think there is the business aspect of it and the technology aspect of it technology wise Runtime is what is actually happening in your cluster So taking data from cloud logs taking data from eBPF, which is now the most prevalent and most detailed data that you can get you know, what system calls are running in my environment?

What code is running? What networking events, what file access events are happening, and that is runtime data. That is data that is happening in runtime. It's not yet runtime security,

Ashish Rajan: just data, right? It's almost

Shauli Rozen: like Datadog, monitoring, open [00:05:00] telemetry agent, all of those are looking at runtime data.

It's runtime data. Now, what I believe you can do with this runtime data is you can take it back into CSPM. You can take it back into KSPM and use it to prioritize and create

Ashish Rajan: remediations for

Shauli Rozen: those elements. Most of the CSPM tools or KSPM tools will tell you, hey, here's an application, which is overprivileged, right?

Ashish Rajan: Yeah.

Shauli Rozen: But really what I'm saying Is it might be overprivileged because there might be the case that this is the privilege that this application needs.

Ashish Rajan: Yeah.

Shauli Rozen: You just don't know unless you have that data.

Ashish Rajan: Yeah.

Shauli Rozen: So we take that data, we compare it with best practices and say, Hey, this application, here's a new configuration to it that will actually work with what's happening in runtime.

It will not break the application. But it will be more secure. So that layer of runtime information on top of all of the CSPM data and posture data creates much better prioritization and gives you remediation advice. Having said that, I think real runtime [00:06:00] security is preventing attacks Identifying, detecting, and responding to attacks.

Ashish Rajan: Yeah,

Shauli Rozen: and if CSPM and KSPM was like the table stacks, I think in 2021 It was like the glory child of 2021. Everybody needed. I completely understand that. But I think by today quite honestly CSPM is a commodity.

Ashish Rajan: Okay,

Shauli Rozen: Yeah, I take API, you take cloud APIs. I check them against rules.

Here you go.

Ashish Rajan: Yeah.

Shauli Rozen: Pretty much a commodity. And I think the next level and where the real battle of innovation is going to be is, who can use the data to detect and response to actual attacks and actual threats in your environments

Ashish Rajan: A lot of people think of runtime security as application security as well sometimes.

And sometimes we'll put CDR in there as well. Yes. So where does all of that fit into in this conversation?

Shauli Rozen: To be honest, I think 2025 and right now is the time where companies and analysts as well are trying to define this space, right? [00:07:00] Gartner came up with CNAPP which in my mind basically says everything under the sun, CNAPP.

Okay, now, 95 percent of CNAPPs today. It's a glorified CSPM. They take a CSPM, and they call it CNAPP, and here we go. I think the biggest part of protection is actually runtime protection, and here, I specifically have a very structured approach to how it looks like, and I think it's about what data that you use for the detection, and can you build a full story out of it?

CDR, which is a term that is currently talked about quite a bit. It's cloud detection and response. In my mind, that translates to taking cloud logs, cloud data, and detecting issues with them and responding to them. That's cloud detection response. Just like EDR is taking endpoint data and identifying issues.

Unfortunately, CDR is a very small part. It's also not real time. You're using logs and it takes [00:08:00] 15 minutes for the logs together. But there is also a lot of things happening in the clusters and eBPF is a big part of that. There are a lot of eBPF projects now. Kubescape is a big part of that as well.

And I believe you need a combined approach. So almost so I'll take a step back. Yeah. So think about the four C's of cloud security. Everybody talks about it, right? Cloud, cluster, container, code. Yep. So CDR is just one. It's just the cloud. Cluster, KDR, Kubernetes detection response. Container, eBPF based process analysis.

And a code or application, I think that's ADR, application detection response. Basically, understanding all of the different layers that an attacker might be able to utilise in order to penetrate your organization.

Ashish Rajan: It actually goes back to what you were saying because at the end goal for a security team is to block a malicious attack.

It doesn't matter if it's on cloud, container, kubernetes And I think because you mentioned ADR [00:09:00] as well. What is ADR?

Shauli Rozen: So ADR in my mind is application detection response.

Ashish Rajan: Okay.

Shauli Rozen: What is that? It's basically looking at application events usually using eBPF, what functions are being called what network activity is happening.

Ashish Rajan: Yeah.

Shauli Rozen: And identifying anomalies or malicious activity there. Now, if you took ADR and you take KDR and you take CDR and you bring them together into a single platform,

Ashish Rajan: yeah.

Shauli Rozen: That's what I define as CADR or. CADR or whatever they want to call it, but regardless of how they call it, CADR is basically the only way

Ashish Rajan: that

Shauli Rozen: you can create what we like to call in ARMO, explainability.

It's the only place where you can say, okay, this is what happened in application. This is what happens in the cluster. This is what happened in the cloud and the combinations of these events, that's the attack, right? That's the story that we can tell. And I think many of the companies out there are currently missing this full story.

Ashish Rajan: Interesting. And this is totally fine if you don't want to answer this question because I'm curious. [00:10:00] There is ASPM and then there is also the world of DAST, all that, where do you see that fit in? Because as you said that the moment an application security person hears this isn't that DAST?

And

Shauli Rozen: yes and no.

Ashish Rajan: Okay.

Shauli Rozen: So the way I separate the world and I think also I start to see it also in organizations is there are like four quadrants or something like that. So think of it this way, there's the left side, my code, my CICD. That's where ASPM fits in, scanning for vulnerabilities.

That's also where SAST fits in, Snyk, those type of companies. And in that layer on the left hand side, this is for me posture. Scanning for vulnerabilities is posture. Now there's also, there's application posture. Snyk. There is Cloud Posture, Wiz and CSPM. Those two, in my mind, are converging.

That's also why Wiz launched WizCode, I think.

Ashish Rajan: That's right. Because,

Shauli Rozen: In my mind, posture is posture. It's going to be one team. Infrastructure, security, application security. That's one team trying to make sure that we are [00:11:00] resilient as possible. All of the vulnerabilities are fixed.

All of the misconfigurations are fixed.

And there is the right hand side where you need to respond to attacks that are happening in the meantime. This is more of security operation, incident response team. And they also, in my mind, will converge between application security and cloud security because they need to see all of the events together.

So on that front, you mentioned, DAST and SAST. I do believe that ADR, like that part of CADR, is the next generation of SAST and DAST. And actually I think fixes much of the illness of SAST, the industry suffered from SAST, quite a bit. So eBPF is a very, I would say elegant way to be less intrusive, use kernel observability.

Ashish Rajan: Yeah.

Shauli Rozen: To do things which are very much similar to us, but you can do it in a much more scalable way.

Ashish Rajan: I keep going back to how you described in the beginning, which is basically as security people, most of us don't really care if it's on Kubernetes or cloud, whichever multi-cloud, whatever.

I care about the fact that if there is a malicious attack [00:12:00] potential, I have identified it, I have responded to it, I've closed it. And I love the quadrant thing that he called out for the left and right as well. In your mind at the moment, people that you're looking, or I guess I imagine a lot of people who are not even at Kubecon and people who may not be that familiar with the Kubernetes landscape.

What is eBPF and how prolific is Kubernetes in usage? 'Cause to your point, you have Kubescape. You are going into the whole CADR space as well is a usage that you see across your customer base. primarily Kubernetes and like now we have in this world of AI as well. Is that where, do you feel where we're going?

Because I imagine people who are listening to this, who are leaders planning for 2025, should they consider a Kubernetes thing, like an eBPF approach in there? So first question, where do you see the usage of Kubernetes go from here?

Shauli Rozen: So Kubernetes in my mind has only been growing We started with Kubernetes.

Today, we're not only focused on Kubernetes. We go up into the cloud and into non Kubernetes workloads.

Ashish Rajan: Okay.

Shauli Rozen: But still, 90 percent of our [00:13:00] customers are, Kubernetes based and Kubernetes, I think 2022 was the year where Kubernetes started to go into production in really a massive way and today it is so prevalent.

Almost every company we speak to, is mostly they will still have non Kubernetes workloads, but the move to Kubernetes is super, super significant. Having said that, companies don't think about security as Kubernetes security. Think about it as security, right?

They might be running their application on security, so it's on Kubernetes. So their application security is also Kubernetes security. Just part of it.

Ashish Rajan: Yeah.

Shauli Rozen: And cloud security. Kubernetes security, just part of cloud security. People don't think about dedicated Kubernetes security solutions.

Ashish Rajan: Yeah.

Shauli Rozen: And maybe they don't need to, but in some cases, we've encountered companies where, you know, 100 percent of the workloads, are running on Kubernetes. Everything is running on Kubernetes. It's running on Kubernetes in the cloud. And now the issue in RFP, [00:14:00] what is the RFP for?

Cloud security. Oh, okay. Because they don't think about it, even though. So like the thing about it is part of that environment, right?

Ashish Rajan: And that's where I think to your point, the CNAPP category kind of becomes a default. Oh, I guess there's a CNAPP, which does everything. So I'm glad you called out the fact that kubernetes in cloud is still classified as cloud security as well, because I think we started covering Kubernetes security on Cloud Security Podcast about three, four years ago.

At that point, people were like, why are you covering Kubernetes? And this is almost 2022, 2023, when we start seeing it. We spoke to Kelsey Hightower. He was talking, Hey man, this is going to be like that next big thing, blah, blah. And now today, to your point, there is still a segment of the market that believes that Kubernetes security is the same as cloud security because of the CNAPP conversation that we just had as well.

Shauli Rozen: Yes. All I'll say about that is one, they are right. They need to secure their cloud. That's what they're thinking about. Where they might be confused. Is when [00:15:00] you choose a vendor, for example, or when you think about the functionality that you need. Doing cloud security without, having detailed Kubernetes knowledge and experience and a product that is very knowledgeable in Kubernetes.

It's like doing EDR without knowing, what kernel version you are running or without awareness to the underlying infrastructure. And that's why I do believe Kubernetes security is part of cloud security.

Ashish Rajan: Yeah.

Shauli Rozen: But if you just put cloud security, just with CSPM. Yeah. And. You don't have someone who really knows what's going on in Kubernetes.

It's a huge blind spot. It's just an enormous blind spot.

Ashish Rajan: And to talk about blind spots, how does one notice or understand if the CSPM they're using right now has the blind spot? Are there any specific examples that come to mind in the way natively you'll do Kubernetes security versus how a CSPM, Oh yeah, we do coverage of Kubernetes.

Don't worry about that.

Shauli Rozen: Yeah. So you know what you'll see very often is that you will see a few checks you'll see the like we started, right? You will see [00:16:00] some very basic CIS benchmarks, you will see NSA, can they generate for you the right network policy? Can they know second profiles for everyone over your workloads?

Do they have the intimacy of what's happening? I think eBPF is a huge part of Kubernetes security. And as such, also part of cloud security. Yeah. 90 percent of the CSPM is not reliant on that data. It is just it's basically missing.

Ashish Rajan: So people who are in leadership positions planning for their 2025 strategy, like building their roadmap, obviously to what you said and what we are seeing as well, a lot more people are building Kubernetes in cloud.

What should that roadmap include in terms of things that would help them cover for those malicious attacks that we were talking about that are runtime and potential? I guess they obviously have to think about the overall picture when you work on a roadmap. So what do you think they should think about including in their roadmap for 2025?

Shauli Rozen: So I think CADR, as I said is going to be a term.

It's going to be a term. We as a [00:17:00] company, quite honestly, are trying to lead that discussion and make sure that it is a category.

We're not alone there. We have other companies who are with us in this journey. And I think it's a very important journey.

It's a journey of taking cloud security from, posture to run time and to actually detecting and preventing and responding to attacks. Now my advice to CISOs is, don't drink the platformization Kool Aid. Okay, there are some companies in the market preaching platformization.

But what they really are doing is bundling. Okay, it's not really platformization. They just sell you a bunch of products under the same UI. You need to switch the UI with a drop down to move from one to another. There's no synergies. I'm biased, of course, but I think if there is a place for a best of breed, it's this place, you can take your, CSPM provider and say, yeah, for sure they have an eBPF agent.

Yeah, let's take that. It's not the same skill set.

These are kernel developers, people who know deeply the inside and outside of the kernel. [00:18:00] CSPM is more about data manipulation, which is an amazing challenge, but I think it's solved by now.

Ashish Rajan: To add another layer to this as well the CSPM and the way people plan for roadmap, they might be looking at CSPM.

So if there, if the CSPM provider is using eBPF, but it's not native to your point, it's a capability that has been added later. Maybe something to be questioning them at that point in time for Kubernetes.

Shauli Rozen: What I would say is. first of all, my I don't know, my approach to life is question everything.

Yeah, it's not a bad strategy. If someone sells you something, you always need to question. Also question me.

Yep. And what's the solution to solve that? Test, okay? You believe the eBPF agent of your current CSP provider is good enough. Try it out against us. Try it out against some of our competitors.

Throw some advanced attacks into it. Even put it out and don't throw attacks and see what's happening. And I can tell you that in one case, you'll get a ton of false positives. It will alert you on all kinds of rules because the specificity and the [00:19:00] knowledge is not really there.

Ashish Rajan: And

Shauli Rozen: then in the attacks part, we will just identify more attacks. So what I say is put a criteria for you.

Ashish Rajan: Yeah,

Shauli Rozen: and then put us to the win and see who does it better

Ashish Rajan: We've been talking about the CADR space at what stage the company would need a CADR I don't imagine everyone needs a CADR in the beginning.

So people who are I guess small to medium sized businesses who are trying to figure out one cloud provider Fully into it just doing Kubernetes versus someone which is an enterprise that is multicloud on premise, hybrid, throw all the acronyms in there as well. At what stage do you feel people are mature enough to have a CADR?

Is it in the beginning stage itself or is it rather in the later stages when you're a lot bigger?

Shauli Rozen: So I think, one kind of, runtime protection, detection response or another, you need from the get go. Okay. And you can use the open source, Kubescape, our open source, you can use it.

The non enterprise version of it will give you, I would say pretty basic coverage of runtime security. We'll send you alerts when an unexpected process is [00:20:00] running. I would say it would cover 80%, of a small organization needs.

Ashish Rajan: Yeah.

Shauli Rozen: There are also other like Falco, right? So you can use those.

After that, the next level in my mind within CADR would be ADR. I would say that having the eBPF, because that's the last line of defense that's more real time. I think that would be the next level. And large organizations should go for the full CADR in order to get that explainability. Also because they will have many more events.

So when you have more events, you need to do that correlation to actually reduce them. The idea is to reduce the amount.

Ashish Rajan: Actually, that's a good point. Because you need the volume to validate the data. If you don't have enough volume, then, yeah, do you really need to buy a Ferrari when a Toyota can do the job as well?

Exactly. And for people who are in the cloud security space, so probably to your point have been given the challenge of, hey, you do cloud security. There's kubernetes security in there as well. How should they look at filling the gap? Because the security roadmap that a lot of CISOs or security leaders would build is built on the fact that, Oh, okay.

So Shauli [00:21:00] just mentioned that? Hey, I should have eBPF native capabilities, because that's what makes Kubernetes. How are you seeing the cloud security community grow into that kubernetes security gap that is left at the moment,

Shauli Rozen: On one hand, I see more and more companies using the best of breed approach.

So they have the CSPM, but they have a very large Kubernetes footprint and they will use a company like us or other company for the Kubernetes security.

Ashish Rajan: Yeah,

Shauli Rozen: but I think the bigger move It's not from cloud to Kubernetes, it's from posture to runtime. And when you do that's where eBPF is becoming much more prevalent and much more strong.

Ashish Rajan: And would you say, in terms of where we're going with this the logging part, because a lot of the challenges in the cloud security space used to be around that, hey, I found a vulnerability I don't know, insert CSPM provider has given me 10, 000 vulnerabilities. Okay, fine. Half of them are false positive.

The ones that I find, I have sent this log to someone. Usually in the initial stages, it's usually the cloud security person, then it matures to SOC people. What happens with the Kubernetes security logs? Who's [00:22:00] looking after that in the organization you're speaking to?

Shauli Rozen: So that's a big mess, right? In many cases, nobody knows.

And the Kubernetes logs usually end up at the DevOps or the platform team ends. That's what really is happening. And what we're trying to do as a provider is to get access to that also for the security team. And it's also a bit of education, right? Because security teams sometimes don't think about Kubernetes events as security events.

Ashish Rajan: Yeah.

Shauli Rozen: So that's a big gap that, that we are now filling up.

Ashish Rajan: Interesting. Cause, and this is a good point to call out as well, cause I think I was having a conversation on an advisory call cause we've been doing some work on educating people on Kubernetes security. There's certain terminologies, like a CNAPP provider may show you that, Hey, by the way, it looks like you have five namespaces.

Yes. And what the hell is the namespace? Exactly. Because like even that sometimes just getting the foundational layer, sometimes it's missing. Is that why it goes through the platform team? 'cause they have the understanding of what namespace is.

Shauli Rozen: Yeah. And they also the the people who will know how to fix things.

You have a service account which is mounted on a [00:23:00] pod and it's a risky situation.

Ashish Rajan: Yeah.

Shauli Rozen: To remove that. The DevOps and the platform teams are the ones that are gonna do that. You need to map a new volume. It's all done by the DevOps team. So I think connecting security teams and enabling them to send the right data to the DevOps team is the key thing there.

Ashish Rajan: Obviously, you guys are trying to talk about runtime security in 2019, 2020, and now that we have 2024 now, we spoke about what it is today with the CADR space coming up as well? Where do you see this kind of go as you see more people try and talk about? What's the kubernetes challenge or cloud challenge and it could be the same thing that you said earlier that the CADR space is coming up?

Where do you see the future go with this in the kubernetes security space at the moment in terms of adoption of more kubernetes, more cloud is security going towards CADR or is it going to be more, Hey, I'm going to start with my CDR, add ADR, and then CADR.

Shauli Rozen: I think CADR will come as a category Okay.

And will not be broken down. There is a certain [00:24:00] situation where I can see that the CDR part is being covered by the CSPM companies.

Ashish Rajan: Okay. Because

Shauli Rozen: they have that capability of collecting a lot of data. They collect, the API data, so now they collect all the, also the logs.

Ashish Rajan: Yeah.

Shauli Rozen: What they lack usually is eBPF kernel type capabilities.

. So I do see some places. In general, I think it's going to be cSPM and CADR. That's in general. But I do see cases where the CDR part of CADR will still be under the CSPM. I'll give you an example, okay? We are now working with a huge customer, and they asked us to send our ADR logs into the CSPM.

Okay, because they chose that as the place that collects all of the data

Ashish Rajan: Yeah,

Shauli Rozen: so they saw that our agent is much better than that agent

Ashish Rajan: Yeah,

Shauli Rozen: I will not say names, but they still wanted to use that platform for collecting all the cloud logs and all the cloud events. So that's a situation that may happen. Within CADR I do believe that the [00:25:00] eBPF part the EDR, ADR, KDR, whatever you want to call That's the biggest I would say value and the most technologically difficult problem to solve

Ashish Rajan: And that's where the being native actually gives you an advantage versus I'm just going to read from my API call and hopefully I get the right data.

Most of the time you really care about real time information as well because you don't want to know the attack is happening right now, not eight hours later. Exactly. Yeah. Yeah. That's most of the technical questions I had. I've got three more fun questions for you.

Shauli Rozen: Okay. Fun is fun.

Ashish Rajan: First one being, what do you spend most time on when you're not working on solving all the CADR problems of the world?

Shauli Rozen: People who know me will know the answer surfing.

Ashish Rajan: Oh,

Shauli Rozen: nice. Yeah, I'm a very, I'm not a good surfer, but I like to surf. Fair. Okay, so it's fun. I always say, I don't know if I'm surfing, but I take a board and I go into the ocean and see what happens.

Ashish Rajan: Oh, fair. Okay, just catch a few waves.

Shauli Rozen: Yeah, and Israel is not big in waves. I do get a chance to travel here to the States a lot.

Ashish Rajan: Oh, nice.

Shauli Rozen: So I always stay like a day or two in Santa Cruz or in [00:26:00] LA.

Ashish Rajan: Do you actually fly with your board?

Shauli Rozen: No.

I'm like you're the guy with the extra large luggage.

Shauli Rozen: I don't want to it's gonna sound that I have a board in every place.

So I have a friend who lives in the valley. Oh, I bought a board and I keep it in his house.

Ashish Rajan: Ah Smart. Okay. Yeah, and second question. What is something that you're proud of that is not on your social media?

Shauli Rozen: First of all, I'm not big on social media, so almost everything I say is not going on social media.

But I would say I'm mostly part of course of my family and my kids and the time I get to spend with them. And if I may be a little bit I don't know, emotional is my country, which is going through a very difficult period at this time. And I think We're managing a very difficult situation.

Ashish Rajan: Yeah,

Shauli Rozen: relatively well.

Ashish Rajan: Yeah, it's definitely a difficult situation. I've got a third question as well. What's your favorite cuisine or restaurant that you can share with us?

Shauli Rozen: So my favorite cuisine would be like a barbeque, like a

Ashish Rajan: smoked

Shauli Rozen: barbeque.

Ashish Rajan: Oh, like a texas style.

Shauli Rozen: [00:27:00] Like a texas, whatever style.

Yesterday I was here in Salt Lake City. Shout out to Pat's Barbeque. Oh, okay. It's really good. It was recommended by someone here local. Yeah. And it was really good. They also have a small fetish for Panda Express, which is

Ashish Rajan: Fair. Yeah, okay, fair. If you enjoy Panda Express, you enjoy Panda Express.

People are secret admirers of it. They definitely don't like

Shauli Rozen: It's not good for you for sure but it's I call it like because of all of the different flavors and sweet and sour sauce and stuff like that,

it plays with your mind in the right places.

Ashish Rajan: Yeah. It definitely does.

And where can people find you on the internet to talk more about what the work that you guys are doing at ARMO.

Shauli Rozen: So armosecurity.io is the website, but I always encourage people just reach out to me. Shauli, S-H-A-U-L-I Rozen. Yeah, it's a very difficult name, but the link is the always the, it's the only Shauli Rozen in LinkedIn.

So you're the only Shauli Rozen in? I think so in LinkedIn that, that will appear in your search.

Ashish Rajan: Oh, okay. Perfect. [00:28:00] I'll still put the LinkedIn information description as well, but cool. Thank you so much for coming in, man. Great to see

Shauli Rozen: you, man. Great to see as well. Great discussion.

Ashish Rajan: Thanks everyone for tuning in and learning about CADR with this as well.

I'll see you next episode. Thank you for listening or watching this episode of Cloud Security Podcast. We have been running for the past five years, so I'm sure we haven't covered everything cloud security yet. If there's a particular cloud security topic that we can cover for you in an interview format on Cloud Security Podcast, or make a training video on tutorials on Cloud Security Bootcamp, definitely reach out to us on info at cloudsecuritypodcast. tv By the way, if you're interested in AI and cybersecurity, as many cybersecurity leaders are, you might be interested in our sister podcast, which I run with former CSO of Robinhood, Caleb Sima, where we talk about everything AI and cybersecurity. How can organizations deal with cybersecurity on AI systems, AI platforms, whatever AI has to bring next as an evolution of chat, GPT, and everything else continues.

If you have any other suggestions, definitely drop them on info at CloudSecurityPodcast. tv. I'll drop that in the description and the show notes as well [00:29:00] so you can reach out to us easily. Otherwise, I will see you in the next episode. Peace.

‍