John DiMaria; Director of Operations Excellence
CSA Security Update
CSA STAR is the industry's most powerful program for security assurance in the cloud. The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings. This podcast series explores CSA STAR as well as CSA best practices and research along with associated technologies and tools.
Koniecznie odwiedź stronę podcastu i wesprzyj twórcę: www.cloudsecurityalliance.org
Autor
John DiMaria; Director of Operations Excellence
Kategoria
Strona podcastu
Ostatni odcinek
17 kwi 2026
Gdzie słuchać?
Podcasty w aplikacji Replaio Radio Już wkrótcePodcasty trafią do aplikacji już wkrótce. Zainstaluj teraz i jako pierwszy zobacz nowe podejście do podcastów
Odcinki
Beyond the Black Box: An AppSec Guide to AI 17.04.2026 38:15
Most organizations are still securing AI like traditional systems, but AI changes the rules entirely. In this episode, leading security experts Jim Rotan and Manish Kumar Yadav from SAP reveal how AI’s probabilistic nature, supply chain risks, and emerging attack surfaces like prompt injection demand a complete overhaul of modern security strategy. From model poisoning to AI-driven data exfiltrati...
The Importance of AI Ready Data - How AI Is Changing Data Security and Quality 16.03.2026 24:57
This episode explores how AI is transforming data management, governance, and security. Ben Wilcox, CTO with extensive cloud experience, discusses the shift from data sprawl to quality, the security implications, and best practices for organizations to prepare for AI-driven data strategies. Key Topics Impact of AI on data sprawl and governance Importance of data quality for AI effectiveness Securi...
The importance of Cybersecurity in Education 10.03.2026 28:21
Cyberattacks dominate today’s headlines, and in many cases, the weakest link isn’t technology—it’s people. In this episode, cybersecurity leader and educator Francisco Garcia Martinez, a member of the Technical Operations Committee of the Cloud Security Alliance, Spanish Chapter (CSA-ES), explores why cybersecurity education must evolve to meet the realities of an AI-driven world. As some countrie...
From Pilot to Production: Preventing Breaches in AI Platforms 24.02.2026 21:49
Artificial intelligence is no longer confined to innovation labs or pilot programs. As enterprises deploy GenAI and MLOps platforms across Azure, AWS, and hybrid environments, AI is becoming a first-class cloud workload, and that shift is exposing security models that were never designed for autonomous, adaptive systems. In this episode, we’re joined by Milan Rana, Principal AI Architect at Headst...
Beyond Encryption: Quantum Computing and the Future of Cyber Risk 28.01.2026 39:07
In this episode, we delve into the transformative world of quantum computing and its implications for cybersecurity. Join us as William (Bill) Genovese, Chief Quantum Officer at Cyber Eagle Project, shares insights on how quantum technology is reshaping cyber risk, governance, and resilience. Discover why organizations must prepare now for a quantum future, the challenges of transitioning to post-...
The New Mandate for Internal Audit in Cloud & AI Environments 23.01.2026 26:17
As organizations accelerate their adoption of cloud and AI technologies, internal audit teams face mounting pressure to evaluate increasingly complex hybrid and multi-cloud environments. In this episode, the Cloud Security Alliance’s John DiMaria sits down with Jerrad Bartczak of Advantage Partners to examine the rapidly evolving cloud risk landscape—spanning unclear shared responsibility, governa...
Navigating AI Governance Insights - ISO 42001: The Future of AI Compliance 09.01.2026 16:38
In this episode of CSA Security Update, host John DiMaria speaks with Walter Haydock, founder of StackAware, about the critical role of AI governance and compliance in today's rapidly evolving regulatory landscape. They discuss the importance of ISO 42001 as a framework for managing AI-related risks while fostering innovation. Walter shares insights on how certification can build trust with c...
AI Governance Gets Real: How ISO/IEC 42001 Elevates Cloud GRC 11.12.2025 26:05
As AI rapidly integrates into cloud environments, organizations are facing governance, risk, and compliance challenges that traditional frameworks like ISO 27001 were never designed to address. In this episode, we explore how ISO/IEC 42001 , the new international standard for an Artificial Intelligence Management System (AIMS), provides a structured and auditable approach to responsible AI governa...
Internal Audit in the Age of Cloud & AI: Navigating the New Risk Frontier 11.12.2025 31:23
As organizations accelerate their adoption of cloud and AI technologies, internal audit teams are being pushed into a new era of complexity. In this episode, Cloud Security Alliance’s John DiMaria and Grant Thornton’s Vik Rai unpack the evolving risk landscape across hybrid and multi-cloud environments—and what auditors must do to keep pace. We explore today’s most critical cloud security challeng...
Continuous verifiable proof is the new standard 04.11.2025 38:24
In this episode of CSA Security Update, host John DiMaria and guest Scott Fuhriman of Invary discuss the evolving landscape of cloud security, focusing on the critical vulnerabilities posed by implicit trust in foundational components like kernels and hypervisors. They explore the limitations of traditional security tools and the necessity of continuous integrity measurement as a proactive defense...
The Human Side of AI Security: Leadership, Culture, and Change 23.10.2025 26:27
Summary In this episode, John DiMaria and John Earle discuss the rapid rise of AI in cybersecurity, drawing parallels to the early adoption of cloud security. They explore the importance of organizational culture, change management, and team dynamics in shaping security initiatives. The conversation emphasizes the need for effective communication and the role of security champions in overcoming re...
Guardrails for Generative AI: Balancing Innovation with Responsibility 22.09.2025 25:50
As organizations embrace generative AI, ensuring applications align with safeguards is critical. Today, we are here to explore how proper Guardrails can enable responsible AI by filtering harmful content, enforcing policies, and supporting compliance—all without slowing innovation. Join us as we interview Saptarshi Banerjee, Senior Solutions Architect at Amazon Web Services (AWS Listeners will...
Empowering Cloud Providers: The EU Cloud Code of Conduct and GDPR Explained 26.09.2024 31:05
In this insightful episode, we explore the intricate world of GDPR compliance and how tools like codes of conduct can support cloud service providers. Our special guest, Gabriela Mercuri, Managing Director of SCOPE Europe, shares her expertise on the EU Cloud Code of Conduct (EU Cloud CoC), a pivotal GDPR compliance tool designed specifically for the cloud industry. Join us as we discuss the signi...
Real-talk: Opportunities for Security Teams to Fight AI with AI 21.08.2024 41:19
The attack surface has expanded and evolved dramatically in an era where the industry is investing nearly a trillion dollars in cloud infrastructure, operations, and applications. Modern cloud development enables faster application building and introduces complex security challenges. As generative AI becomes increasingly integrated into our tools and processes, it promises to transform how we appr...
ISO/IEC 27001:2022 Unpacked: Embracing Auditing Themes 23.07.2024 43:33
In our latest episode, we delve into the innovative approach of auditing "themes" as introduced in the ISO/IEC 27001:2022 revision. This reorganization of domains marks a significant shift in how we think about and implement information security management. By centering our conversation on auditing themes, we explore how this new structure enhances the alignment of security practices wit...
From Concept to Competence: The Impact of CSA's Zero Trust Training 27.06.2024 41:41
In this exclusive interview, we have the honor of speaking with a representative from the Cloud Security Alliance (CSA), the esteemed recipient of the 2024 Global InfoSec Award for Cutting-Edge Cybersecurity Training. This award acknowledges CSA's groundbreaking Certificate of Competence in Zero Trust (CCZT), the industry's first authoritative training and certification program dedicated...
Decoding Security Solutions: ASPM vs CSPM vs CNAPP 28.05.2024 30:23
In the ever-expanding digital world, securing applications and the infrastructure they rely on is critical. This episode tackles three key security field acronyms: Application Security Posture Management (ASPM), Cloud Security Posture Management (CSPM), and Cloud-Native Application Protection Platform (CNAPP). While all focused on bolstering security posture, these target different aspects of one&...
Aligning Security Standards: Maximizing Synergy Between CSA STAR Level 2 and ISO 27001 02.05.2024 28:32
In this episode, John DiMaria & Cameron Kline, Director of Attest Services at BARR Advisory , delve into the relationship between CSA STAR Level 2 and ISO 27001 standards, emphasizing the significant overlap in best practices, procedures, and controls for cloud service providers (CSPs) operating in medium- to high-risk environments. They highlight how collaboration with an auditing firm certif...
Navigating the New Age of Compliance 30.04.2024 37:55
In a world where the speed of business is only outpaced by the speed of regulatory changes, staying compliant without slowing down has become the new competitive edge. In this episode, we delve into the heart of agile compliance with a special guest Travis Howerton; Co-Founder and Chief Executive Officer of RegScale, a pioneering company at the forefront of compliance automation. Discover how auto...
Why CPA Firms Excel in Cybersecurity Attestations 17.01.2024 28:33
In the latest CSA Security Update Podcast episode, we delve into the fascinating world of cybersecurity attestations and explore why CPA firms are increasingly leading the charge in this domain. Host John DiMaria is joined by Pawel Wilczynski, Cybersecurity Manager at Baker Newman Noyes (BNN), a top-ranked tax, assurance, and advisory firm and an accredited CSA STAR Assessment Firm. The episode de...
Cloud Security Unveiled: Navigating CSA STAR Attestation and SOC2 in the Digital Age 27.11.2023 43:44
In today's digital landscape, cloud security and governance are paramount. But how do we measure and attest to the security controls of cloud service providers? Enter the Cloud Security Alliance STAR Attestation and SOC2 - two prominent frameworks for assessing and ensuring cloud security. In this episode, we dive deep into the intricacies of CSA STAR Attestation, its relationship with SOC2,...
Bridging Cloud Security and Compliance: Government Cloud, FEDRAMP, and CCM/STAR Integration 24.07.2023 41:05
In our enlightening interview with Steve Orrin, Federal CTO at Intel, we delve into the intricate world of government cloud technologies, the key role of FEDRAMP, and the future of CCM/STAR integration. Orrin provides an insider's perspective on how these powerful tools are shaping the landscape of data security and regulatory compliance in the digital age. We also explore the challenges and...
Securing Cloud Technology: Insights from NCC Group. Adopting and Implementing CSA Cloud Control Matrix 16.05.2023 34:26
In this podcast interview, we sit down with Nandor Csonka, the global practice lead for cloud security services at NCC Group, to explore their adoption and implementation of the CSA Cloud Control Matrix (CCM). Nandor shares the initial process of why NCC Group adopted the CCM and the challenges they encountered as a non CSP (Cloud Service Provider), along with their strategies for overcoming them....
Shining Bright with Dell: A Case Study on Embracing CSA STAR Program for Cloud Security 18.04.2023 17:56
This case study highlights Dell Technologies' journey towards adopting the Cloud Security Alliance's (CSA) Security, Trust, and Assurance Registry (STAR) program to enhance its cloud security. Dell Technologies addressed the continued challenges of the cloud by adopting the CSA STAR program, which provided a framework for assessing and documenting cloud providers' security and comp...
Private Cloud Computing - Security Considerations, Risks and Shared Responsibility 30.01.2023 35:16
Private cloud computing refers to a computing infrastructure setup where an organization operates its own cloud environment within its data center. What are the unique information security challenges faced day to day. VS other types of cloud, and how does one use the CSA Cloud Control Matrix to mitigate the risks? Due to heightened security issues over the last few years, are companies considering...
Podobne podcasty
Replaio nie jest wydawcą podcastów; nazwy audycji, okładki i audio należą do ich autorów i są rozpowszechniane przez publiczne kanały RSS