Summary

In this episode of the Getting Defensive podcast, hosts Jerry Bell and Andy Kalat welcome Chris Dotson, a cloud security expert and author of ‘Practical Cloud Security’. The conversation covers a range of topics including the challenges of writing a book, common security mistakes in cloud environments, the importance of identity and access management, and the implications of the Capital One breach. They also discuss the future of non-human identities, the significance of passkeys, and the evolving landscape of cyber insurance. The episode emphasizes the shared responsibility between cloud providers and customers in maintaining security and the need for better management of identities and authentication methods.

Takeaways

• 
  
• Security professionals must maintain a broad understanding of threats.
  
  
• Risk management fundamentals are crucial for effective security.
  
  
• Non-human identities pose unique challenges in security management.
  
  
• Passkeys represent a significant advancement in authentication methods.
  
  
• Shared responsibility in cloud security is essential for both providers and customers.
  
  
• Cyber insurance can influence security practices but has its limitations.
  
  
• Understanding the Capital One breach provides valuable lessons in IAM.
  
  
• Prioritization of security measures is critical to avoid mismanagement.
  
  
• The future of cloud security will increasingly rely on automated identity management.