In this inaugural episode, I’m joined by Andy Martin from ControlPlane to explore the fascinating world of Cloud Native security. Andy’s extensive experience in regulated industries like finance and government offers unique insights into modern security challenges.

We start by revisiting our “Internet of Shit” conference talk, which sets the stage for a deeper discussion about current security concerns. What particularly caught my attention was Andy’s perspective on penetration testing and its role in both digital and physical security assessments. His breakdown of social engineering attacks reveals just how sophisticated modern security threats have become.

The conversation gets especially interesting when we dive into the ethics of hacking. Andy’s analysis of Black Hat, White Hat, and Grey Hat approaches provides valuable context for understanding the security landscape. We also tackle the ongoing debate between on-premises and cloud security, examining the unique challenges each presents.

I was particularly intrigued by our discussion of compliance and certification frameworks like SOC 2 and ISO 27001. Andy’s practical threat modeling exercise demonstrates real-world risk assessment strategies that organizations can implement immediately. We also explore supply chain security and Software Bills of Materials (SBOMs), highlighting their growing importance in modern software development.

If you’re interested in cybersecurity, cloud infrastructure, or risk management, you’ll find plenty of practical insights here. Andy brings both deep technical knowledge and real-world experience to the discussion, making complex security concepts accessible while maintaining their technical depth.

Found an error or typo? File PR against this file.