We have been running our Cloud Security Podcast by Google for almost 2 years (TWO YEARS!) and since we are on a break now, I wanted to reflect a bit, while Tim is relaxing on a beach somewhere warm and “hammy” 🙂 So, we aired 102 episodes, but what was…

In recent weeks, I did two fun webinars related to Security Operations, and there was a lot of fun Q&A. The questions below are sometimes slighting edited for clarity, typos, etc. For extra fun, I had ChatGPT answer some of them, to see if it can replace me :-) So…

This quick blog is essentially a summary of our (joint with Marshall from Mandiant) Google Cloud Next 2022 conference presentation (video) and a pointer to a just-released podcast on the same topic — security incident response (IR) in public cloud. In our Next presentation, we only had 18.5 minutes to…

As we discussed in our blogs, “Achieving Autonomic Security Operations: Reducing toil”, “Achieving Autonomic Security Operations: Automation as a Force Multiplier,” “Achieving Autonomic Security Operations: Why metrics matter (but not how you think)”, and the latest “More SRE Lessons for SOC: Release Engineering Ideas” your Security Operations Center (SOC) can…

An influential Gartner paper stated many years ago that “Clouds Are Secure: Are You Using Them Securely?” So began the legend of cloud security vs secure clouds. When I was an analyst, we sometimes had to discuss with clients whether various providers of public cloud services are “secure.” Over time…

Great blog posts are sometimes hard to find (especially on Medium), so I decided to do a periodic list blog with my favorite posts of the past quarter or so. Here is the next one. The posts below are ranked by lifetime views. This covers both Anton on Security and…

Long story why but I decided to revisit my 2018 blog titled “Why Your Security Data Lake Project Will FAIL!” That post was very fun to write and it continued to generate reactions over the years (like this one). Just as I did when I revisited my 2015 SOC nuclear…

This blog is written jointly with Konrads Klints. TL;DR: Migration from one SIEM to another raises the question of what to do with all the data in the old SIEM. A traditional approach was to let the old SIEM hardware languish until its data was no longer required. When migrating from…

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our fourth Threat Horizons Report (full version) that we just released (the official blog for #1 report, my unofficial blog for #2, my unofficial blog for #3). My favorite quotes from the report…