The Cyber Hero Adventure Show with Sonrai Security

3 mins to read

Our CEO had the chance to sit down with host of the Cyber Hero Adventure Show, Gary Berman, alongside the CEO of Inspectiv., Ray Espinoza. It’s not every day the heroes, or ‘good guys/girls’ of cybersecurity, get the spotlight or make the news, so we jumped at the opportunity to join Gary. That is the whole premise of the Cyber Hero Adventures Show – sitting down with global thought leaders and experts who are part of the work keeping us all safe in the digital age.

This episode falls under the theme of the upcoming RSAConference 2022: Transform. If you would like to listen and watch the podcast find it here, but in the meantime, we’ll summarize highlights from this episode below.

*Brendan walks through his introduction into cybersecurity dating back to his partnership with Sandy Bird at Q1 Labs, selling to IBM and becoming General Manager of IBM Security, and eventually founding Sonrai Security to govern public clouds.

*Brendan shares his ‘origin story‘, or what compels him to do the work he does – the greater purpose and responsibility of cybersecurity, as well as cloud being the “great innovation that’s going to make a difference in the future of security.” Brendan explains the power of the cloud ‘if done correctly’, and cautions against the catastrophe of using the cloud improperly. Sonrai exists to help enterprises harness the cloud and secure in a way that was never before possible. (3:23)

*Brendan lays out the crux of the cloud transformation security issue, that traditional security folks underestimate just how different security practices are in the cloud, and that on the flipside, cloud teams can overestimate their ability to deliver security.

*Gary notes Sonrai Security’s rest Forrester snapshot study surveying over 150 cloud decision makers on the state of identity management in the cloud. Gary specifically calls out one statistic from the report, noting that organizations on average host 6 different security tools in their cloud. Gary continues by asking Ray Espinoza if organizations truly have visibility into their own capabilities with all that tool stacking. (16:20)

*‘What are the top challenges organizations are facing whether in the multi cloud or public cloud?’ (19:28)

Brendan right off the bat suggests the importance of fundamentally understanding that the types of controls you need in place are totally different than before – listing cloud provider controls, unique identity controls, and a far more granular level of control of data governance.

Additionally, he explains that the cloud cannot be seen as one emphorous entity, as organizations have many different teams using the cloud, and each workload deserves its own tailored security practices.

“We should treat a development sandbox differently than a regulated workload with sensitive PII’

Lastly, there is a shift towards including more teams in the security mission than in the past where it was just security teams creating firewalls. Development teams are one Brendan offers to include, as they can play a part in the remediation efforts, something where automation can play a large role.

  1. Have an understanding of your controls
  2. You cannot see the cloud as a single entity
  3. Involve your Development teams and leverage automation

On a wonderfully positive note, Brendan shares his belief that the work Sonrai and others are doing for the cloud is laying the foundation of a 30 year career for younger folks in the industry.

“Young people coming into this industry have this opportunity to develop the skills to give them the rest of their career” (27:28)

To enjoy the full Cyber Hero Adventures Show podcast, watch the episode here.

This episode was inspired by the upcoming RSAConference 2022 theme, ‘Transform’. We will attending this year’s event to learn from our peers and meet experts.

We have meeting spaces booked out and fun events like ‘BBQ & Breaches’ lead by Jeff Moncrief, Field CTO, as he walks through the Scoville units in your cloud that lead to data breaches. From mild to extreme, we review the ‘hot ones’ accessing your crown-jewel data through our use cases. Reach out to us if you’re interested in connecting at RSA.