CNAPPs & CSPMs don’t tell the full cloud security story скачать в хорошем качестве

CNAPPs & CSPMs don’t tell the full cloud security story

In this episode we speak to Nick Jones, an expert in offensive cloud security and Head of Research at WithSecure to expose the biggest security gaps in cloud environments and why CNAPPs and CSPMs alone are not enough often. How cloud pentesting differs from traditional pentesting Why CSPMs & CNAPPs don’t tell the full cloud security story The biggest cloud attack paths—identity, IAM users, and CI/CD Why “misconfigurations vs vulnerabilities” is the wrong debate How organizations should prepare for a cloud pentest With real-world examples from red team engagements and cloud security research, Nick shares insider knowledge on how attackers target AWS, Azure, and Kubernetes environments—and what security teams can do to stop them. Questions asked: 00:00 Introduction 02:40 A bit about Nick Jones 03:56 How has Cloud Security Evolved? 05:52 Why do we need pentesting in Cloud Security? 08:09 Misconfiguration vs Vulnerabilities 11:04 Cloud Pentesting in Different Environments 17:05 Impact of Kubernetes Adoption on Offensive Cloud Security 20:19 Planning for a Cloud Pentest 29:04 Common Attacks Paths in Cloud 33:05 Mitigating Common Risk in Cloud 35:14 What is Detection as Code? 41:17 Skills for Cloud Pentesting 45:28 Fun Sections -------------------------------------------------------------------------------- 📱Cloud Security Podcast Social Media📱 _____________________________________ 🛜 Website: https://cloudsecuritypodcast.tv/ 🧑🏾‍💻 Cloud Security Bootcamp - https://www.cloudsecuritybootcamp.com/ ✉️ Cloud Security Newsletter - https://www.cloudsecuritynewsletter.com/ Twitter:   / cloudsecpod   LinkedIn:   / cloud-security-podcast   #cloudsecurity #cloudpentesting #offensivecloudsecurity