BlueDragon Insights: BlueDragon Podcast

S02E04 Azure Integration fo Business - Josh Garverick

Jetro — Tue, 29 Apr 2025 05:00:00 GMT

Joshua Garverink, co-author of the Azure Integration Guide for Business, discusses journey into the tech industry, his experiences with Azure, and the importance of cloud integration for IT leaders.

The conversation covers various themes including the benefits of moving to Azure, the cultural shifts required for cloud adoption, architectural considerations for cloud migration, the significance of network design, and the financial implications of cloud services through FinOps.

In this conversation, Jetro and Josh discuss the critical aspects of cloud operations, focusing on Cloud FinOps, automation, cybersecurity, and the Azure ecosystem.

They emphasize the importance of investing in skills for IT operations, the role of automation in enhancing security, and best practices for OLTP systems in Azure.

The discussion also covers the significance of governance and security in cloud operations, the reality of serverless computing, and the future of Azure with technological innovations.

CHAPTERS

(00:00:00) INTRO

(00:00:42) Introduction to Azure Integration and Author Background

(00:05:33) Unlocking Opportunities with Azure for IT Leaders

(00:10:09) Cultural Shifts in Cloud Adoption

(00:12:04) Architectural Considerations for Cloud Migration

(00:16:39) The Importance of Network Design in Azure

(00:21:50) Understanding Cloud Costs and FinOps

(00:25:12) Understanding Cloud FinOps and Cost Management

(00:25:45) The Importance of Automation in Cloud Operations

(00:30:33) Investing in Skills for IT Operations

(00:31:38) The Role of Automation in Cybersecurity

(00:32:09) Best Practices for OLTP Systems in Azure

(00:35:07) Exploring the Azure Ecosystem for Data Analytics

(00:37:33) Serverless Computing: Hype or Reality?

(00:43:28) Governance and Security in Cloud Operations

(00:45:47) The Future of Azure and Technological Innovations

S02E03 Cybersecurity Architecture in Azure - Graham Gold

Jetro — Tue, 15 Apr 2025 05:00:00 GMT

SUMMARY

Graham Gold, co-author of the Microsoft Cybersecurity Architect Exam, discusses extensive background in IT, the relevance of cybersecurity architecture in cloud environments, and the evolving landscape of cybersecurity practices.

Key topics include the importance of identity management, the challenges of hybrid cloud environments, and strategies for assessing and improving security in cloud applications.

The conversation emphasizes the need for visibility, risk management, and a proactive approach to cybersecurity. Moreover Graham Gold discusses critical aspects of modern security architecture, emphasizing the importance of least privilege, segregation of duties, and the roles of SIEM and SOAR in enhancing security operations.

He highlights the necessity of automation in security processes to keep pace with the rapid changes in cloud environments.

The discussion also covers the state of security awareness in financial services, navigating compliance in the cloud, budgeting for security investments, and the shared responsibility model in cloud security.

Finally, Graham provides insights on preparing for the SC-100 exam and his future endeavors in the field of security.

CHAPTERS

(00:00:00) INTRO

(00:00:40) Introduction to Cybersecurity Architecture

(00:03:57) Understanding Microsoft Certification Levels

(00:05:52) The Relevance of Cybersecurity in Cloud

(00:08:03) Shifts in Cybersecurity Architecture with Cloud

(00:11:11) Identity as the New Perimeter

(00:15:59) Challenges in Hybrid Cloud Environments

(00:20:05) Making Sense of Data in the Cloud

(00:24:57) Assessing Security in Cloud Environments

(00:31:36) Implementing Defense in Depth Strategies

(00:33:10) Understanding Least Privilege and Segregation of Duties

(00:33:38) The Role of SIEM and SOAR in Security Architecture

(00:36:01) Automation in Security Operations

(00:38:36) The State of Security Awareness in Financial Services

(00:40:39) Navigating Compliance in the Cloud

(00:43:22) Budgeting for Security: Prioritizing Investments

(00:50:38) The Shared Responsibility Model in Cloud Security

(00:53:35) Preparing for the SC-100 Exam and Future Insights

S02E02 The rise of Cloud Security in 2025 - Eyal Estrin

Jetro — Tue, 01 Apr 2025 05:00:00 GMT

SUMMARY

Eyal Estrin discusses his background in cloud security and the importance of adapting to new security challenges in cloud environments.

He emphasizes the shared responsibility model, the critical nature of identity and access management, and the risks associated with neglecting cloud security.

Also he shares insights on budgeting for security investments, balancing agility with security, and common pitfalls organizations face in cloud security.

In this conversation, Eyal Estrin discusses various aspects of cloud security, focusing on identity and access management, data protection strategies, and the importance of knowledge in cybersecurity.

We emphasize the need for organizations to adopt best practices in managing identities, implementing encryption, and preparing for future threats in the cloud landscape.

The discussion also highlights the significance of privileged identity management and the role of training in bridging knowledge gaps among IT professionals.

CHAPTERS

(00:00:00) INTRO

(00:00:36) Introduction to Cloud Security and Eyal's Background

(00:02:46) Understanding Cloud Security Challenges

(00:04:25) The Importance of Cloud Security Today

(00:06:15) Shared Responsibility Model in Cloud Security

(00:08:18) Key Risks of Neglecting Cloud Security

(00:10:49) Changing Mindsets in Cloud Security

(00:13:04) Layered Security Approach in Cloud

(00:15:23) Budgeting for Cloud Security Investments

(00:18:31) Balancing Agility and Security in Cloud Deployments

(00:26:26) The Cornerstone of Identity and Access Management

(00:28:37) Common Pitfalls in Identity and Access Management

(00:29:57) Enhancing Identity and Access Management

(00:31:00) Break-Glass Scenarios in Production Environments

(00:32:48) Privileged Identity Management (PIM) Insights

(00:34:46) Data Protection and Encryption Strategies

(00:39:10) Future Threat Landscape in Cloud Security

(00:43:09) Bridging the Knowledge Gap in Cybersecurity

(00:45:29) Final Thoughts on Cloud Security Best Practices

S02E01 AI and Privacy: A New Era - Krishna Kathala

Jetro — Tue, 18 Mar 2025 06:00:00 GMT

➡️ Link to Krishna Kathala's book: https://dub.sh/YengVh6

In this episode of the Blue Dragon podcast, Krishna Chaitanya Rao Kathala, author of 'Privacy in the Age of Innovation' discusses the importance of privacy in the context of AI, the role of Privacy Enhancing Technologies (PETs), and how organizations can implement these technologies to ensure compliance with regulations like GDPR.

Krishna explains various techniques such as differential privacy, federated learning, and homomorphic encryption, and emphasizes the need for a structured approach to data governance and security in AI applications.

CHAPTERS

(06:11) The Rise of AI and Privacy Concerns

(09:00) Key Techniques of Privacy Enhancing Technologies

(12:00) Implementing PETs in AI Lifecycle

(18:01) Choosing the Right PET for Your Organization

(24:50) Building Secure AI Solutions

(29:49) Best Practices for Cloud Security in AI

(34:50) Measuring Effectiveness of PETs

(45:02) Conclusion and Future Directions

S01E10 From On-Premise to Cloud: Evolving Your Security Posture - Dwayne Natwick

Jetro — Sun, 22 Sep 2024 15:16:50 GMT

In this season's finale, Dwayne Natwick and I we dive into cybersecurity with Dwayne Natwick, a seasoned expert with over 30 years of IT experience. Dwayne shares his journey from running Token Ring cables as a teenager to becoming a global cloud security lead. Discover the evolution of cloud security, the importance of risk awareness, and the critical role of identity in modern cybersecurity. Learn about the latest trends in cloud security architecture, the significance of data classification, and the future of cybersecurity in the age of AI. Dwayne also discusses the challenges of keeping up with rapid technological changes and offers insights into building a risk-aware organization. This episode is packed with valuable insights for IT and business decision-makers looking to enhance their security posture and stay ahead in the ever-evolving tech landscape. Enjoy! CHAPTERS

(00:00) Introduction and Background

(06:47) The Evolution of Cloud Security

(10:40) Data Classification and User Awareness

(13:44) Privacy Regulations: Europe vs. US

(23:59) Assessing Risk Culture and Tolerance

(26:24) The Importance of Planning and Preparedness

(30:11) Building a Risk-Aware Organization

(34:16) Allocating Budget for Security Initiatives

(38:54) The Critique of 'DevSecOps'

(44:15) The Future Outlook: Expanding Training Services and Mentoring Initiatives

S01E09 Mastering Hybrid Cloud Management for Enhanced Business Agility - Ahilan Ponnusamy

Jetro — Fri, 20 Sep 2024 09:58:56 GMT

Ahilan Ponnusamy, author of the book 'Technology Operating Models for Cloud and Edge,' discusses the concept of operating models and their importance in the IT ecosystem. He explains how cloud and edge technologies impact the technology operating model and emphasizes the prevalence of hybrid cloud as the standard deployment option for most organizations. Ponnusamy also critiques the bimodal IT approach, stating that it has failed due to its combative nature and lack of compatibility. He highlights the evolving IT landscape with the rise of AI, 5G, 6G, IoT, and edge computing, and advises IT decision-makers to build a flexible, resilient, secure, and extendable operating model. Ponnusamy also shares insights into the success and feedback of his book and discusses plans for a second edition that incorporates AI perspectives.

CHAPTERS

(00:00) Understanding Operating Models

(08:02) The Impact of Cloud and Edge Technologies

(12:58) The Failure of Bimodal IT

(23:44) Building a Foundation for Future-Proof IT

S01E08 Harnessing AI for Operational Excellence: Transforming Industrial Environments - Benny Lauwers

Jetro — Mon, 09 Sep 2024 07:29:51 GMT

Benny Lauwers, author of 'The Good, The Bad and the Practical: AI for doeners', discusses his background and how he got into writing a book on practical AI. He shares his experience in implementing AI in industrial environments, particularly in manufacturing. Lauwers emphasizes the challenges and benefits of applying AI in the industrial setting, including improving quality and safety. He also discusses a case study on using AI to detect and predict bad quality in a tile manufacturing company. The conversation highlights the importance of having people who believe in AI and are willing to take risks in implementing AI projects. The conversation explores the practical implementation of AI in organizations and the challenges that come with it. It emphasizes the importance of taking action based on AI signals and the need to consider the next steps after detection. The discussion also touches on the impact of AI on organizational culture and processes, the importance of data quality and preparation, and the need for companies to invest in IT infrastructure and data connectivity. The conversation concludes with insights on best practices for implementing AI, including considering alternative technologies, starting from the desired output, and the importance of continuous training and retraining of AI models.

CHAPTERS

(00:00) Introduction and Background

(08:32) Practical AI in Industrial Environments

(13:09) Case Study: Using AI in Manufacturing

(21:58) Taking Action Based on AI Signals

(24:02) The Impact of AI on Organizational Culture and Processes

(26:04) The Importance of Data Quality and Preparation

(28:47) Considering Alternative Technologies and Starting from the Desired Output

(32:00) Continuous Training and Retraining of AI Models

S01E07 Mastering Cloud Security: Essential Strategies for IT Leaders - Qamar Nomani

Jetro — Mon, 02 Sep 2024 14:19:03 GMT

In this conversation with Qamar Nomani, we discuss cloud security posture management (CSPM) and its benefits. Qamar shares his professional background and how he ended up writing a book on cloud security. They discuss the design and length of the book, as well as the key question of what CSPM is and its benefits. They also explore how CSPM fits into the broader cloud security ecosystem and the importance of cloud asset inventory in cybersecurity. They address the perception that cloud is less secure than on-premises and emphasize the shared responsibility model. Finally, they touch on compliance management and governance in the context of European directives. Cloud Security Posture Management (CSPM) tools help with compliance management by automating the process of checking and maintaining compliance with various standards and regulations. CSPM tools bring pre-built compliance benchmarks and engines, saving time and effort for engineers. They provide a dashboard and reports that show the organization's compliance score and highlight areas where improvements are needed. CSPM tools also assist in audits by allowing auditors to access masked assets and review controls and policies. Some major CSPM tools and vendors include Microsoft Defender for Cloud, Prisma Cloud, Orca, Sophos Optix, Wiz, Lacework, and Symantec CloudSOC.

CHAPTERS

(00:00) Introduction and Background

(03:03) Understanding Cloud Security Posture Management (CSPM)

(05:18) The Benefits of Cloud Security Posture Management

(09:17) Integrating CSPM into the Cloud Security Ecosystem

(19:04) The Importance of Cloud Asset Inventory in Cybersecurity

(25:05) Addressing the Perception of Cloud Insecurity

(29:02) Compliance Management and Governance in the Cloud

(32:06) Introduction to CSPM and Compliance Management

(36:42) CSPM Tools for Hybrid Cloud Environments

(39:53) Expanding Compliance Beyond IT Infrastructure

(48:49) DevSecOps and the Shift Left Approach

(54:29) The Future of Qamar Nomani

S01E06 Cloud Data Governance: Ensuring Data Integrity and Security - Marcelo Leite

Jetro — Tue, 27 Aug 2024 06:38:18 GMT

In this episode, I talk with technology executive and author Marcelo Leite. We discuss the concepts of a database, data warehouse, data lake, and data lake house. He explains how these concepts have evolved and are used in modern data management. We also discuss the importance of data classification and data loss prevention (DLP) in ensuring data security, introduce the concept of data mesh and its relevance for CTOs and CIOs and covering two main themes: data mesh and the impact of cloud-based data platforms on security. We end with the Kusto Query Language (KQL) and the trend of SaaS solutions for data platforms. Enjoy!

CHAPTERS

(00:00) Introduction and Background of Marcelo Leite

(07:40) Understanding the Concepts of Database, Data Warehouse, Data Lake, and Data Lake House

(19:14) The Importance of Data Classification and DLP in Data Security

(26:55) Exploring the Concept of Data Mesh

(32:02) Why CTOs and CIOs Should Consider Data Mesh

(33:09) Managing Complex Data Environments with Data Mesh

(41:00) Ensuring Security in Cloud-Based Data Platforms

(49:53) Analyzing Logs and Telemetry with Kusto Query Language (KQL)

(53:23) Simplifying Data Analytics with SaaS Solutions

(58:37) The Future of Data: Serving AI and Automation

S01E05 Enhancing Cybersecurity: Writing Strategies for Effective Risk Management - Vincent van Dijk

Jetro — Sun, 18 Aug 2024 17:26:10 GMT

Vincent van Dijk, an information security specialist, discusses his journey from software development to data science to cybersecurity. He emphasizes the importance of writing in cybersecurity and the need for clear and effective policies. Vincent also shares his thoughts on the impact of cloud computing and the rise of managed security service providers. He predicts that compliance will continue to increase and that the cybersecurity industry will face challenges related to stress and burnout. Vincent is currently working on two books, one about making choices and another about becoming the best cybersecurity expert.

CHAPTERS

(00:00:00) Introduction and Background

(00:06:15) The Importance of Writing in Cybersecurity

(00:11:10) Marker 7

(00:13:19) The Impact of Cloud Computing on Information Security

(00:25:33) Data-Driven Decision-Making in Cybersecurity

(00:34:21) Challenges in the Cybersecurity Industry: Stress and Burnout

(00:41:18) Upcoming Books: Making Choices and Becoming the Best Cybersecurity Expert

S01E04 Navigating Cloud Adoption: Key Strategies for Managing Public Cloud - Stephane Eyskens

Jetro — Sat, 03 Aug 2024 15:04:14 GMT

Stefan Eysken, author of the Azure Cloud Native Architecture Map book, discusses his background and the motivation behind writing the book. He highlights the drivers for organizations to move to the cloud, including time to market, security, and cost. The conversation explores the evolution of Azure over the past five years, with a focus on the privatization of PaaS services and the rise of data and AI platforms. The discussion also touches on the importance of cloud security and the role of cloud architects and DevSecOps in ensuring secure cloud environments. The conversation covers various topics related to cloud computing, security, and the future of Azure. The main themes include the importance of writing secure code, the challenges of integrating security into the development process, the rise of DevSecOps and GitOps, the comparison between Azure and other cloud providers, the future of AI and data platforms, and Microsoft's open-minded approach to multi-cloud and open source.

CHAPTERS

(00:00:00) Introduction and Background

(00:07:00) Privatization of PaaS Services

(00:15:00) Cloud Repatriation: Trends and Considerations

(00:29:30) Challenges of MLOps and Data Platforms

(00:35:55) Continuous Learning and Keeping Up

(00:45:34) Microsoft's Open-Minded Approach

S01E03 Building Trust in the Digital Age: Insights on Cybersecurity and Cloud - Mike Bursell

Jetro — Thu, 11 Jul 2024 03:10:37 GMT

Mike Bursell, a cybersecurity expert and author of the book 'Trust in Computer Systems and the Cloud,' discusses the concept of trust in the digital world. He explores the definition of trust, the challenges of trust in computer systems and the cloud, and the emerging trend of zero trust. He also delves into the importance of a trusted computing base, the role of hardware security modules (HSMs), and the potential of confidential computing. Additionally, he discusses the relationship between open source and trust, the future of blockchain, and his upcoming projects. CHAPTERS

(00:00:00) Introduction and Background of Mike Bursell

(00:06:22) The Rise of Confidential Computing

(00:12:31) The Role of Open Source in Trust

(00:30:27) Upcoming Projects and Research

S01E02 Mastering Cybersecurity: Navigating Privacy Laws and Compliance - Walter Rocchi

Jetro — Tue, 02 Jul 2024 16:00:00 GMT

Walter Rocchi, an ISO 27001 Lead Implementer and Lead Auditor, to discuss the importance of cybersecurity and privacy in European organizations.

We talk about continuous improvement and training to ensure effective security measures.

We compare the European mindset toward privacy and data protection with other continents, discuss the challenges of balancing European innovation and regulation, investigate the importance of frameworks like ISO 27001 and NIST in ensuring cybersecurity and data protection.

We also touch on the relevance of cloud security and the role of information security officers in understanding cloud security and AI security.

Then we conclude with a discussion on the current legal framework for exchanging personal data of European citizens with the US and the importance of technical controls in data protection.

Enjoy!

CHAPTERS

(00:00:00) Introduction and Professional Background

(00:08:31) The Evolution of Information Security and Privacy Risk Categories

(00:24:12) Addressing the Gap Between Certification and Security Improvement

(00:30:59) The Use of Frameworks in Different Countries

(00:45:12) The Role of Information Security Officers in Cloud Security

(00:53:28) The Current Legal Framework for Data Exchange between the EU and the US

(01:01:13) The Future of Security and Privacy in Europe

S01E01 Mastering Cloud Migration: Strategies for Seamless Transitions - Jonah Andersson

Jetro — Thu, 27 Jun 2024 07:11:54 GMT

This first episode of the BlueDragon Podcast delves into the transformative world of cloud computing, featuring insights from industry expert Jonah Andersson. We discuss the evolution of Azure, cloud adoption trends, and the foundational knowledge necessary for leveraging cloud technologies effectively.

CHAPTERS

(00:00:00) Introduction and Overview

(00:06:16) Cloud Adoption and Attitude of Organizations

(00:12:40) Auto Scaling and Benefits of Cloud

(00:24:28) Challenges and Benefits of Cloud Repatriation

(00:36:01) The Importance of Cloud Security

(00:40:24) The Evolving Role of Cloud Solution Architects

(00:50:23) Jonah's Journey: Writing and Publishing a Book on Azure