Jess Dodson, Senior Cloud Solution Architect at Microsoft, joins Corey on Screaming in the Cloud to discuss all things security. Corey and Jess discuss the phenomenon of companies that only care about security when reacting to a breach, and Jess highlights how important it is to have both a reactive and a proactive approach to security. Jess also shares her thoughts on why it’s valuable to get security and operations working well together, and why getting the basics right in security is still a more pressing priority than solving for level 10 security threats. Jess and Corey also reveal best practices when it comes to monitoring and revoking admin rights and much more. About JessChances are if you’ve run into “GirlGerms” online, you’ve spoken to Jess! Based in Brisbane, Jess joined Microsoft in 2019 and is now a Senior Cloud Solution in Cyber Security, after working in a mixture of both government and higher education industries for over 15 years. Jess regards herself as a 'recovering systems administrator' and still wears her operations hat when looking at security - doing REAL SecOps!Outside of work, Jess is mum to a 5 year old daughter, a cat, 4 chickens and a hive of bees. In her downtime, she spends far too many hours building Lego, playing video games or doing random crafty projects.Links Referenced:
Twitter: https://twitter.com/girlgerms

Mastodon:https://infosec.exchange/@girlgerms

DevNxt: https://devnxt.nz/

TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Do you wish your developers had less permanent access to AWS? Has the complexity of Amazon's reference architecture for temporary elevated access caused you to sob uncontrollably? With Sym, you can protect your cloud infrastructure with customizable, just-in-time access workflows that can be setup in minutes. By automating the access request lifecycle, Sym helps you reduce the scope of default access while keeping your developers moving quickly. Say goodbye to your cloud access woes with Sym. Go to symops.com/corey to learn more. That’s S-Y-M-O-P-S.com/coreyCorey: Welcome to Screaming in the Cloud. I’m Corey Quinn. My guest today is Jess Dodson, who’s a Senior Cloud Solution Architect at Microsoft. Jess, thank you for joining me. We have been passing like ships in the night on social media for years now. It is so good to finally talk to you.Jess: Lovely to talk to you in person. Thank you for inviting me on.Corey: Well, to be clear, we’re talking remotely when we record this. You are presumably Australian, and I’m still operating from a somewhat American-centric viewpoint that more or less everything in Australia is deeply poisonous.Jess: Yeah, that includes me. Yes. So, I am in Australia at the moment. I believe it is the ninth of March for you. It is the 10th of March for me [laugh].Corey: Yes, some of us are living in the future.Jess: The future. So yes, it’s about seven o’clock in the morning for me, which is fabulous. I’m awake, I’m awake.Corey: So, let’s talk about security. It seems to be top-of-mind and everyone’s talking about it. Unfortunately, it seems that they’re usually talking about it in the form of an email that starts with, “Your security is extremely important to us,” and then transitions into, “Here’s how we dropped the ball on it.” I was once told by an analyst client of mine that I was the only analyst who ever told them that companies don’t care about security. Like, “No one says that. Why is that?” And my answer was, “Well, no one will say it out loud, but I ignore what people say, I pay attention to what they do, and where they spend the money, and it is clearly not a priority.”And I would argue that