Watch Certified Cloud Security Professional (CCSP)

In this episode, Daniel and Adam contemplate the implications of Risk Management with regards to the Cloud. They assess the provider's risk and risk management as well as risk mitigation techniques. Then they go over many risk frameworks and metrics. Finally they discuss outsourcing and contract understanding/management.

In this episode, Daniel and Adam continue their examination of audit processes in cloud-based systems. Here they start by going through what it takes to develop an audit plan using standards as a guide. They also discuss Policies that will be used to make sure that compliance standards are stated and met. They also look at the impact of the distributed IT model.

In this episode, Daniel and Adam examine the audit process for cloud-based systems. They start by differentiating between internal and external audits. Then they talk about assurance challenges of Cloud systems. Finally, they walk you through the different types of audit reports, restrictions, and gap analysis.

In this episode, Daniel and Adam finish their talk on legal requirements and privacy. Here they begin by examining Personal Identity information and privacy concerns with regards to that. They define key terms that will help PII be properly managed. Finally they look at jurisdictional issues that may arise due to the global nature of much of cloud-based data.

In this episode, Daniel and Adam begin their discussion on legal compliance, specifically looking at legal requirements and considerations unique to Cloud environments. They look at international legislation conflicts and legal controls that may apply to your cloud systems. They also talk about eDiscovery and forensic requirements that can apply if investigation is engaged.

In this episode, Daniel and Adam take you through the process of collecting and preserving of evidence in the case of a data breach incident. They explain the proper methods of collecting data and then detail the proper way that evidence should be handled. They also explore the different parties and stakeholders that need to be notified and informed during this time.

In this episode, Daniel and Adam discuss the process and concepts of Risk Assessment. They start by defining risk which leads them to looking at defined ways of framing risk. They then move into risk assessment by explaining qualitative vs. quantitative risk, as well as cost benefit analysis which will help determine your which strategy will be taken, be that Acceptance, Avoidance, Transference, a

In this episode, Daniel and Adam explore the planning process for data center design. They start by looking at figuring out what factors will effect the build of our data-centers. They then dive into the logical design which will affect our physical design as well as other physical design considerations such as cooling and cable management.

In this episode, Daniel and Adam finish their conversation on ensuring Compliance using regulations/controls through different management systems. Here they cover the concepts and need for incident/problem management, release management and deployment management. They also cover Service Level management, availability management, and Capacity Management.

In this episode, Daniel and Adam begin their discussion on ensuring compliance to the policies for your systems. They start by discussing the CCSP's role as the voice for security implementation throughout the systems. Then they talk about the necessity for Configuration Management and Change Management to keep the systems running at the prescribed benchmarks and any deviation is documented

In this episode, Daniel and Adam jump into the topic of managing a physical infrastructure. Here they begin by managing and monitoring access, patches/updates, and performance through logs and monitoring interfaces. Then they look at the implementation of network security controls like firewalls, IDS/IPS, and honeypots. Finally they look at log aggregation software for ease of management.

In this episode, Daniel and Adam talk about what it takes to run your physical infrastructure securely. They go over physical access security measures like secure KVMs. They also talk more about secure network configurations by using VLANs, TLS, DNS Sec, and firewalls. Finally they discuss physical segregation for stand-alone hosts and the availability of clustered hosts through DRS, etc

In this episode, Daniel and Adam discuss the ways in which we can implement security from the onset of implementation of our physical infrastructure. They start by exploring the secure-by-design physical components that can/should be used in the build, including TPM, secure storage controllers, and network controllers. Finally they go over some of the baked-in security features of the virtualizati

In this episode, Daniel and Adam continue their talk on cloud software assurance and validation; picking back up with app security testing practices. Here they take you through some of the common testing procedures like DAST, SAST, and Pen Testing. They also look at the OWASP testing guide and ISO

In this episode, Daniel and Adam explain the specifics of Cloud based software assurance and validation as well as cloud application architectures. They begin by looking at supplemental security devices and cryptographic systems that developers will need to pass through and comply with. They discuss securing apps through sandboxing and app virtualization. Finally, they begin looking at security ve

In this episode, Daniel and Adam discuss the necessity of using software that has been verified as secure and then look at Identity and Access Management(IAM) solutions. They explain secure software by way of looking at approved APIs, supply-chain management, and open-source/community software. They describe IAM design by discussing Federated IDs, ID providers, Single Sign-On(SSO), and the use of

In this episode, Daniel and Adam explore the necessity of building secure applications. They begin the discussion by looking at cloud development of both RESTful and SOAP apps and common pitfalls to avoid. They also discuss the SDLC or Software Development Life-Cycle. Finally they cover common API vulnerabilities, cloud-specific risks, and threat modeling.

In this episode, Daniel and Adam finish their dissertation on Disaster Recovery and Business Continuity. Here they pick back up by exploring the strategies that can be implemented toward forming a BCDR plan. Then they discuss the importance of testing the plan to discover possible issues and verify that the BCDR plan will actually work when needed.

In this episode, Daniel and Adam being their discussion of Disaster Recovery(DR) and Business Continuity management. They begin by pointedly defining what exactly DR and Business Continuity are so that we can effectively plan and implement them. They they look at the risks that could lead to implementing BCDR plans. They also cover the 3 ways that a Cloud solution can be leveraged for BCDR.

In this episode, Daniel and Adam continue discussing possible security controls for your cloud infrastructure. They pick up by looking at controlling access through Identity, Authentication, and Authorization systems. Then they talk about Auditing as security which helps us verify that our security measures are being effective. This also includes the cloud-specific considerations that will need to

In this episode, Daniel and Adam discuss the designing and planning of security controls. They start by looking at controlling the physical environment, including the building, support structures, and the physical devices themselves. Then they move on to looking at security control measures for the virtualization and communications systems.

In this episode, Daniel and Adam describe the importance of risk assessment with regards to Cloud infrastructure. They look at what risks could potentially impact a cloud infrastructure as well as virtualization specific risks. They then describe counter measures and mitigation strategies to protect our cloud infrastructure environments.

In this episode, Daniel and Adam walk you through the common cloud infrastructure components to help you better understand each from a cloud security perspective. They discuss the physical environment, the management plane, network components, and virtualization all the while giving insight on how to implement security to each.

In this episode, Daniel and Adam take a look at more data management concepts and practices. They start by exploring data rights management, then segueing into data retention, deletion, and archiving policies. Then they discuss auditability, traceability, and accountability of data events.

In this episode, Daniel and Adam take you through designing and implementing relevant jurisdictional data protections for personally identifiable information. They begin by defining common privacy terms like Data Subject, Controller, and Processor. They also examine the idea of legal constraints and considerations that must be accounted for when working with personal data. Finally they explore the

In this episode, Daniel and Adam help you understand and implement Data Discovery and Classification techniques. They begin by explaining what Data Discovery is and how it is done through data labeling and content analysis. Then they tackle Data Classification to prioritize by sensitivity and the challenges of adding protections and even re-evaluation and re-classification.

In this episode, Daniel and Adam finish their discussion on cloud data security strategies, jumping right back in with more about encryption implementations. Here, they take you through a myriad of security technologies like masking and obfuscation. They also explain the process of Tokenization. Finally they look at emerging technologies like bit splitting and homomorphic encryption.

In this episode, Daniel and Adam continue their discussion on cloud data security strategies, jumping right back in with more about encryption implementations. Next they explore the different systems of encryption key management; describing the benefits of each. They discuss where keys should be stored and the importance of backups in case of key loss.

In this episode, Daniel and Adam begin looking at designing and applying cloud data security strategies. They start by exploring the many threats to data that can be encountered like, DDOS, unauthorized access, data corruption, and internal malfeasance. Then they go over the available technologies to help mitigate those threats, specifically exploring encryption.

In this episode, Daniel and Adam explain some considerations that need to be addressed when designing and implementing Cloud data storage architectures. They start by looking at storage locations and access mechanisms like mandatory and discretionary access controls. Finally they discuss the differences between object and block/volume storage.

In this episode, Daniel and Adam take a closer look at the Cloud Security Data Life Cycle phases. They explain what it takes to keep data secure at each one of these phases from securely storing to making sure that destroyed data is unrecoverable. They also talk about the idea of how secure a cloud solution is.

In this episode, Daniel and Adam spend time taking a look at the top 10 Application security risks; describing them one by one. They also explain the Cloud Data Security Life Cycle which helps us understand the phases that our data abides in at any given time. Finally they discuss Service Level Agreements(SLA) from a security and risk perspective, which is basically our contract of service with ou

In this episode, Daniel and Adam talk about the common risks inherent to cloud environments. They walk you through areas of risk pertaining to the hypervisors, both type-I and type-II, as well as risks that are present with IaaS, Saas, and PaaS. They also discuss the importance of physical security.

In this episode, Daniel and Adam take you through the TCI Reference Architecture matrix which will show the ways and areas that we need to address as an entity that is considering or utilizing cloud services and how we can secure them.

In this episode, Daniel and Adam move forward with their exposition on fundamental cloud services concepts and definitions. Here they take a look at the many roles that cloud admins and architects. This includes cloud customer, cloud administrator, cloud developer, and cloud service managers etc.

In this episode, Daniel and Adam continue building the foundation knowledge and concepts for cloud computing. Here they dive into defining the service models such as IaaS, SaaS, and PaaS. They also describe the different deployment models like Private Cloud, Public Cloud, Hybrid Cloud, and Community Cloud.

In this episode, Daniel and Adam take you through the foundational concepts for cloud computing. Here they will take you through some common cloud vernacular and definitions. Also they describe the consequences of implementing a cloud solution from a security perspective.

In this episode, Daniel and Adam give a general overview of what to expect in the upcoming Python programming series. They cover topics like who is the intended audience, what the scope of the series will cover, and what are some specific topics that will be addressed.