— Cloud Security Office Hours Overview
Quick recap. The meeting began with casual conversation and introductions before transitioning into discussions about cloud security and vendor-neutral approaches to cybersecurity. The group explored challenges and implementations related to AI in cybersecurity, including vendor demos, practical applications, and the need for proper security measures for AI systems. The conversation ended with participants sharing personal stories of technical mistakes and failures, emphasizing the importance of learning from errors and the human element in engineering and IT work.
Show 6 discussion topics
Cloud Security Office Hours Overview
The meeting began with casual conversation about water polo and its dangers, followed by Shawn welcoming participants to Cloud Security Office Hours. Shawn shared that he had sent out packages and stickers to several members, including a rare 1998 issue of Kevin Mitnick's newsletter. He emphasized the vendor-agnostic nature of the group and reminded participants not to use the forum for marketing purposes. The conversation ended with a discussion about the importance of vendor discussions and strong opinions in fostering productive conversations.
AI Cybersecurity: Challenges and Prospects
The group discussed the current state and challenges of AI in cybersecurity, particularly focusing on vendor demos and implementations. Roland shared his upcoming panel discussion on AI and security, emphasizing its focus on thought leadership rather than sales. The conversation then shifted to a recent Black Hat demo by Snyk, where a young presenter showcased their Gen AI patch generation tool, though the demo encountered technical difficulties. The team debated the practicality and effectiveness of AI tools in security, with Jay and Neil highlighting the disconnect between vendor excitement and buyer skepticism, while Shawn shared positive experiences with AI implementation in their platform for policy generation and threat storyline creation.
Securing Agentic AI Systems
The meeting focused on the challenges and approaches to securing AI systems, particularly agentic AI. Alejandro emphasized the need to run AI systems side-by-side with manual processes to identify limitations and hallucinations, drawing parallels to onboarding new employees. Jay and Shawn highlighted the importance of understanding and monitoring AI usage within organizations before implementing security measures. Tyler discussed the complexities of securing AI systems, including data contamination during model training and the challenges of managing non-human identities generated by AI agents. The group also touched on the need for better threat modeling and authorization frameworks for AI systems.
AI Security and Professional Responsibility
The meeting participants discussed the challenges of AI security and the responsibilities of professionals in the field. Jay advised Brian to document risks when faced with ethically questionable requests from CEOs, noting that CEOs ultimately bear accountability. Paul expressed concerns about the lack of time to be truly competent in AI and cybersecurity, given the rapid pace of product releases and the complexity of the field. Neil shared a personal anecdote about a university's openness policy and suggested focusing on regulatory and compliance issues when discussing AI risks. The conversation touched on the evolving nature of security threats and the need for appropriate controls in AI systems.
Travel Safety and Data Mishaps
Shawn shared his experience of being followed and having his wallet and passport stolen in Kowloon, leading to an orchestrated setup by the police to search his hotel room. Dave recounted a professional mishap where he accidentally deleted 11 terabytes of customer data while migrating storage, emphasizing the importance of script anonymization and careful handling of critical operations. The group discussed the challenges of traveling with sensitive equipment and the need for caution, with Alhaji mentioning his birthday celebration.
Learning from Technical Mistakes
The meeting focused on sharing personal stories of technical mistakes and failures, with participants including Shawn, Dave, Neil, and others. These stories highlighted the importance of learning from errors and the value of transparency in professional settings. The group discussed the need for a future meeting where attendees could share their own mistakes, emphasizing the human element in engineering and IT work. Shawn announced that about 20 new people had signed up for the group this week and encouraged others to share topics or speak at future meetings. The conversation ended with plans to have participants introduce themselves in the next session.