All Episodes
Displaying 41 - 60 of 99 in total
Episode 42 — Virtualization Stack: Hypervisors, VM Security and Hardening
Virtualization is the foundation of cloud computing, and understanding its stack is essential for both exam readiness and real-world practice. In this episode, we expl...
Episode 43 — Compute Workloads: Baselines, Patching and Golden Images
When deploying workloads in the cloud, consistency and control are vital. This episode examines the use of security baselines, patch management, and golden images as t...
Episode 44 — Container Platforms: Orchestrator and Container Hardening
Containers have transformed application delivery by making software portable and efficient, but they introduce unique risks. This episode explores container platforms ...
Episode 45 — Serverless Platforms: Event Models and Security Controls
Serverless computing abstracts away servers, but it does not remove security responsibilities. In this episode, we explain how serverless platforms work through event-...
Episode 46 — Network Controls: Segmentation, Firewalls and Microsegmentation
Cloud networks are virtual, but the principles of segmentation remain as important as ever. In this episode, we cover traditional controls such as firewalls alongside ...
Episode 47 — Identity Integration: Federated Access to Cloud Control Planes
Identity is the new perimeter in cloud, and integrating it correctly is critical. This episode explores federated identity, single sign-on, and the use of identity pro...
Episode 48 — Secrets Management: Vaulting and Rotation for Infrastructure
Secrets such as passwords, tokens, and keys are among the most sensitive assets in cloud infrastructure. This episode examines best practices for managing secrets, inc...
Episode 49 — Infrastructure as Code: Secure Templates and Policy Guardrails
Infrastructure as Code (IaC) makes cloud environments reproducible and scalable, but insecure templates can replicate vulnerabilities at speed. This episode explains h...
Episode 50 — Software Supply Chain: Provenance, SBOMs and Signing
Supply chain security has become one of the most urgent issues in cloud and IT. This episode explores how software provenance, Software Bills of Materials (SBOMs), and...
Episode 51 — Logging Foundations: Control Plane and Data Plane Telemetry
Logging is one of the most critical enablers of visibility in the cloud, yet it is often misunderstood or underutilized. In this episode, we begin by distinguishing be...
Episode 52 — Vulnerability Management: Scanning Cloud-Native Hosts
Vulnerability management remains a cornerstone of security, but in the cloud, it requires specialized tools and approaches. This episode examines how vulnerability sca...
Episode 53 — Resilience Engineering: Auto-Scaling, Self-Healing and Chaos
Resilience is more than availability; it is about designing systems that anticipate failure and adapt automatically. In this episode, we cover resilience engineering c...
Episode 54 — Backup & Recovery: Snapshots, Replication and DR in Cloud
Backup and recovery strategies have evolved dramatically in the cloud, where snapshots, replication, and disaster recovery services are built into most platforms. This...
Episode 55 — Edge & Hybrid: Securing Cloud Gateways and On-Prem Links
Cloud adoption rarely happens in isolation—most organizations operate hybrid models that bridge on-premises infrastructure with cloud services. In this episode, we exp...
Episode 56 — Domain 4 Overview: Cloud Application Security
Domain 4 shifts focus to application security, addressing how cloud-hosted and cloud-native applications are designed, built, and secured. This episode introduces the ...
Episode 57 — Secure SDLC: Requirements, Design and Verification in Cloud
The Secure Software Development Lifecycle (SDLC) provides the structure for building applications that remain resilient under attack. In this episode, we explore how s...
Episode 58 — Threat Modeling for Apps: Microservices and APIs
Applications today are increasingly built on microservices and APIs, and each component introduces potential vulnerabilities. This episode focuses on threat modeling a...
Episode 59 — API Security: Authentication, Authorization and Rate Limiting
APIs are the glue of modern cloud applications, and their security is a top priority. In this episode, we explore how authentication and authorization work for APIs, h...
Episode 60 — Identity for Apps: OAuth 2.0, OIDC and Token Handling
Application identity is critical to securing interactions between services, users, and cloud providers. This episode covers OAuth 2.0 as the leading framework for dele...
Episode 61 — Secrets in Code: Management and Injection Avoidance
Embedding secrets directly in code is one of the most common and dangerous mistakes developers make. In this episode, we examine why hardcoding credentials, API keys, ...