Guest: Jason Solomon, Security Engineer, Google Topics: Could you share a bit about when you get pulled into incidents and what are your goals when you are? How does that change in the cloud? How do you establish a chain of custody and prove it for law enforcement, if needed? What tooling do you rely on for cloud forensics and is that tooling available to "normal people"?  How do we at Google know when it’s time to call for help, and how should our customers know that it’s time?  Can I quote Ray Parker Jr and ask, who you gonna call? What’s your advice to a security leader on how to “prepare for the inevitable” in this context?  Cloud forensics - is it easier or harder than the 1990s classic forensics?  Resource: EP157 Decoding CDR & CIRA: What Happens When SecOps Meets Cloud EP98 How to Cloud IR or Why Attackers Become Cloud Native Faster? EP103 Security Incident Response and Public Cloud - Exploring with Mandiant Google SRE Workbook (Ch 9) GRR Cloud Logging LibCloudForensics, Turbinia, Timesketch tools