Jason Edwards

Certified: The GIAC GPCS Audio Course

The podcast delivers practical cloud security guidance for professionals who have to ship real systems on real timelines. Episodes focus on the moves that prevent costly incidents: reducing accidental exposure, tightening identity and permissions, hardening serverless triggers, securing managed platforms, and building durable defaults that survive updates and team changes. The approach is technical and operational, with clear explanations that translate directly into repeatable patterns. Each topic is designed to help you think like both a defender and an architect: what attackers exploit firs...

Author

Jason Edwards

Category

Technology

Latest episode

Feb 10, 2026

Where to listen?

Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts

Get it on Google Play Install for free Android 5M+ downloads · 4.8 rating iOS soon

Episodes

Welcome to Certified: The GIAC GPCS Audio Course 10.02.2026

The podcast delivers practical cloud security guidance for professionals who have to ship real systems on real timelines. Episodes focus on the moves that prevent costly incidents: reducing accidental exposure, tightening identity and permissions, hardening serverless triggers, securing managed platforms, and building durable defaults that survive updates and team changes. The approach is technica...

Episode 60 — Secure serverless event triggers so trusted inputs cannot be quietly replaced 10.02.2026

This episode explains why event triggers are a primary trust boundary in serverless architectures, because whoever controls the trigger often controls when and how your function executes, and the GPCS exam expects you to reason about trusted inputs and integrity. You’ll define triggers broadly—HTTP endpoints, message queues, storage events, schedules, and integration events—and then map how trigge...

Episode 59 — Prevent serverless privilege overreach with tight identity and resource scopes 10.02.2026

This episode focuses on least privilege for serverless workloads, because functions often start small but accumulate permissions as teams add features, and the GPCS exam regularly tests whether you can spot privilege overreach hidden behind “it’s just a function.” You’ll define function identity, permission scope, and resource boundaries, then learn how to map each function’s actions to the smalle...

Episode 58 — Harden serverless functions to block persistence, reinfection, and silent reuse 10.02.2026

This episode explains hardening strategies for serverless functions with a focus on attacker goals that are easy to miss: persistence through configuration changes, reinfection through supply chain or deployment paths, and silent reuse of compromised identities or triggers. You’ll define persistence in serverless terms, including modified environment variables, altered triggers, injected dependenc...

Episode 57 — Assess serverless environments for misconfigurations that enable takeover 10.02.2026

This episode focuses on assessing serverless deployments for the misconfigurations that enable compromise quickly, matching exam questions that ask you to identify the highest-impact weakness in an event-driven design. You’ll define the main assessment targets: function permissions, trigger exposure, environment configuration, dependency integrity, and observability, then learn how a single miscon...

Episode 56 — Secure serverless architectures by understanding their real attack surfaces 10.02.2026

This episode introduces serverless security by focusing on what changes compared to traditional compute: you manage less infrastructure, but you rely more heavily on identity, event inputs, and managed service integrations, which the GPCS exam treats as primary attack surfaces. You’ll define serverless functions, managed runtimes, and event-driven execution, then map the real risks: overly permiss...

Episode 55 — Verify hardened configurations remain stable through updates and team changes 10.02.2026

This episode teaches configuration stability as a security requirement, because managed platforms change through provider updates, feature toggles, and team-driven modifications, and the GPCS exam often tests continuous validation rather than one-time setup. You’ll define drift for managed application services, including settings that silently revert, new defaults introduced by platform updates, a...

Episode 54 — Build secure defaults for cloud application services that teams will keep 10.02.2026

This episode explains how to create secure defaults that are durable in real organizations, because the exam expects you to choose answers that reduce risk without relying on perfect human behavior. You’ll define secure defaults as baseline configurations applied consistently through templates, policies, and deployment pipelines, so teams inherit safe choices automatically and exceptions become ex...

Episode 53 — Reduce control-plane risk by locking down service settings and permissions 10.02.2026

This episode focuses on control-plane risk: the danger that someone with access to service configuration can change behavior, expose data, disable protections, or create persistence without touching the application code, a core theme in GPCS-style “what matters most” questions. You’ll define the control plane versus the data plane, then map common control-plane actions to impact, such as modifying...

Episode 52 — Assess managed application services for misconfigurations attackers exploit first 10.02.2026

This episode trains you to assess managed application services the way attackers do, focusing on misconfigurations that create immediate compromise paths and often appear as “easy points” on the GPCS exam. You’ll learn the high-priority assessment questions: is the service publicly reachable when it shouldn’t be, are administrative settings overly permissive, does the runtime identity have broad a...

Episode 51 — Secure cloud application service platforms with hardened baseline configurations 10.02.2026

This episode explains how managed cloud application platforms (such as app services, container platforms, and managed runtimes) concentrate risk in a few baseline settings that determine exposure, identity permissions, and logging quality, which is why the GPCS exam frequently tests “secure-by-default” configuration thinking. You’ll define what a hardened baseline is for managed application servic...

Episode 50 — Restrict administrative paths to trusted networks while keeping operations moving 10.02.2026

This episode teaches how to restrict administrative access to trusted network paths without creating brittle processes that teams will bypass, a real-world balancing act that the GPCS exam often encodes in “best answer” choices. You’ll define trusted networks in functional terms—controlled egress, known ingress points, monitored routes, and managed devices—then connect those constraints to adminis...

Episode 49 — Reduce admin compromise risk using strong authentication and access constraints 10.02.2026

This episode explains how to reduce privileged account compromise by combining strong authentication with constraints that limit what an attacker can do even if they capture a credential, aligning with exam questions that emphasize layered controls. You’ll define strong authentication in practice, including MFA design choices, phishing-resistant approaches conceptually, and the importance of reaut...

Episode 48 — Harden remote administrative access without leaving durable attack surfaces 10.02.2026

This episode focuses on remote administrative access as a high-risk pathway that must be engineered to be both secure and sustainable, a frequent theme on the GPCS exam when questions involve management interfaces and privileged actions. You’ll define administrative access surfaces such as management consoles, remote shells, bastion-style access points, and privileged APIs, then connect them to at...

Episode 47 — Decide when private service endpoints beat public exposure in real architectures 10.02.2026

This episode teaches decision-making: when private endpoints are the right answer, when they are overkill, and how to justify the choice using risk and operational requirements, which is a common exam skill. You’ll evaluate factors like data sensitivity, threat model, required consumers, latency and routing complexity, incident response visibility, and the likelihood that “temporary” public exposu...

Episode 46 — Securely access cloud services using private endpoints and scoped connectivity 10.02.2026

This episode introduces private service endpoints as a connectivity pattern that reduces exposure by keeping service access off the public internet, and it ties the concept to GPCS exam objectives around network boundaries and secure access paths. You’ll define private endpoints in practical terms: a way for workloads and administrators to reach managed services through private network paths with...

Episode 45 — Respond to storage misconfiguration signals before they become headlines 10.02.2026

This episode focuses on early response when storage misconfiguration signals appear, emphasizing the exam-relevant difference between containment, validation, and full remediation. You’ll define misconfiguration signals such as newly public resources, policy changes that widen access, missing encryption enforcement, or alerts that indicate anonymous reads, then learn how to verify whether the sign...

Episode 44 — Detect storage abuse through access patterns, anomalies, and logging discipline 10.02.2026

This episode explains how to detect storage abuse by learning what normal access looks like and then identifying deviations that indicate misuse, a common GPCS pattern when questions test analysis rather than vendor features. You’ll define storage-relevant signals such as unusual listing behavior, spikes in read volume, access from new locations or identities, repeated access-denied events that in...

Episode 43 — Reduce cloud storage data exfiltration risk with detection-minded controls 10.02.2026

This episode teaches you to reduce exfiltration risk by combining prevention and detection in storage design, because the GPCS exam often rewards answers that interrupt attacker workflows and also produce evidence. You’ll define exfiltration in cloud storage terms, including bulk downloads, stealthy object-by-object pulls, and misuse of sharing mechanisms that turn private data into externally acc...

Episode 42 — Control storage permissions with least privilege and tight data boundaries 10.02.2026

This episode focuses on designing storage permissions so access is intentional, reviewable, and limited to the smallest practical scope, which maps directly to exam questions about effective access and real-world questions about containment. You’ll define identity-based permissions versus resource-based permissions, then learn how scoping works at the level of accounts, projects, resource groups,...

Episode 41 — Prevent accidental public exposure with durable storage access patterns 10.02.2026

This episode explains how cloud storage becomes publicly reachable through default sharing behaviors, inherited permissions, and convenience-driven configuration, and why the GPCS exam tests your ability to recognize “public by mistake” patterns quickly. You’ll define what public exposure means across object, bucket, container, and share constructs, then connect common root causes such as anonymou...

Episode 40 — Secure cloud storage services by design, not by hope 10.02.2026

This episode introduces cloud storage security as an architecture problem, not a checklist, aligning with GPCS exam questions that test default risk, access design, and detection readiness for high-value data services. You’ll define core storage risks such as unintended public exposure, overly broad internal access, insecure sharing links, weak data boundaries between environments, and missing log...

Episode 39 — Validate encryption coverage so “enabled” means provably protecting the data 10.02.2026

This episode focuses on proving encryption coverage, because “enabled” is not the same as “effective,” and exam questions often probe whether you can verify coverage across services, datasets, and access paths. You’ll define coverage as the set of data objects and storage locations that are actually encrypted with the intended keys, under the intended policies, and with the intended access restric...

Episode 38 — Protect encryption workflows from misconfigurations that silently disable security 10.02.2026

This episode covers how encryption controls fail quietly through misconfiguration, which the GPCS exam often tests by presenting “encrypted” environments that are actually exposed due to policy, service, or workflow mistakes. You’ll learn how misconfigurations happen: using the wrong key for the wrong dataset, allowing broad decrypt permissions, skipping encryption on specific object types, or dep...

Episode 37 — Choose encryption approaches that survive incident response and legal scrutiny 10.02.2026

This episode teaches you how to choose encryption approaches that remain defensible under incident response pressure and legal scrutiny, where you may need to prove what was protected, what keys were used, and whether unauthorized decryption likely occurred. You’ll compare provider-managed keys, customer-managed keys, and application-managed encryption, focusing on control, auditability, operation...

Listen to the Certified: The GIAC GPCS Audio Course podcast in Replaio

Radio and podcasts in one app - free, with no sign-up. Install today and do not miss the launch

Get it on Google Play

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.