Guest: David Stone,  Staff Consultant  at Office of the CISO, Google Cloud Topics: Speaking as a former CISO, what triggered your organization migration to the cloud? When did you and the security organization get brought in? How did you plan your security organization journey to the cloud? Did you take going to Cloud as an opportunity to change things beyond the tools you were using?  As you got going into the cloud, what was the hardest part for your organization ? What was most surprising? Good surprise and bad surprise? How did you design security controls for the cloud? How do you validate and verify security controls in the cloud?  How did you incorporate your cloud environment into your SOC’s responsibility Having covered all that tactical terrain, one final strategic question: is moving to Cloud a net risk reduction? Can it be? Resources: “How CISOs need to adapt their mental models for cloud security” “Megatrends drive cloud adoption—and improve security for all” “EP47 Megatrends, Macro-changes, Microservices, Oh My! Changes in 2022 and Beyond in Cloud Security“ (ep47) “CISO’s Guide to Cloud Security Transformation“ paper [PDF] Google SRE book GCAT site