As organizations scale their cloud infrastructure, securing assets efficiently becomes a critical challenge.

This article intends to share the personal view and experience of the author.

When assessing Google Cloud environments, one of the areas that we spend the most time understanding is Identity and Access Management. This article aims to demonstrate the different ways IAM can be assessed in GCP and its pros and cons. Much of the work is about processing and correlating data from multiple sources to determine attack paths.

Now that we’ve covered the core components and ways of securing both the control plane and the data plane of a Kubernetes cluster, let’s dive into what actually happens under the hood when you use kubectl, the CLI tool for interacting with Kubernetes.

In this episode of the O3C Cloud Security Podcast, host Håkon Sørum and guests Rami McCarthy and Olav Østbye delve into the ...

In this episode of the O3C Cloud Security Podcast, host Håkon Sørum and guests Rami McCarthy and Olav Østbye delve into the intricacies of cloud security strategy. Rami shares his extensive background in cloud security, discussing his transition from consultancy to in-house roles and now to a vendor position. The conversation emphasizes the importance of visibility in cloud security, the need to understand the business context, and the critical steps for CISOs moving to the cloud. They explore the challenges faced by security leaders in navigating the evolving landscape of cloud security, the significance of identity and data security, and the need for democratizing security practices across organizations. The discussion also highlights the role of people in shaping security strategies and the future trends that will impact cloud security.You can find Rami at: https://www.linkedin.com/in/ramimac/ and https://ramimac.me/