"Google Cloud Security Threat Horizons Report #11 Is Out!" https://bit.ly/3PM6ced <- our new cloud threat report with (mostly!) same old - same old cloud issues -)

"A Brief Guide for Dealing with ‘Humanless #SOC’ Idiots" https://bit.ly/3C6APbn <- it is kinda a joke post, yet as they say "there's a grain of truth in every joke"...

"Securing Inherited Cloud: Top Lessons" https://bit.ly/4fYsmoh <- an extended version of our post on how to secure a cloud environment you inherited!

Google Cloud Office of the CISO 2024 Year in Review: AI Trust and Security https://bit.ly/3WhQB9Y <- a collection of fun (well, OK, they are not all fun!) things on securing AI we wrote in 2024

New Paper: “Future of #SOC: Transform the ‘How’” (Paper 5) https://bit.ly/4jmA7Ye <- follows the ideas from our "transform vs optimize" paper and gives a few tips on how to run the SOC project alongside another related effort (It is fun! I promise!)

"Anton’s Security Blog Quarterly Q4 2024" https://bit.ly/3ZLqKJA <- my slightly improved list of popular blogs, podcasts and presentations, curated by a human with some ideas from AI -)

"Celebrating 200 Episodes of Cloud Security Podcast by Google and Thanks for all the Listens!" https://bit.ly/41iE2yG

"Anton’s Alert Fatigue: The Study" https://bit.ly/3UJWBI1 is a result of some agonizing pondering of the "alert fatigue problem" over the years. Hopefully it is a fun read, because it was not a very fun write -)

"Get an Untrusted Security Advisor! Have Fun, Reduce Fail!" https://bit.ly/3BMaajh <- a collection on random, incomplete thoughts about some uses of #GenAI (#LLM really) for security. Not meant to be comprehensive or (very) analytical, so please no "YOU MISSED <this>" comments :-)

@darkuncle for the very least, the articles that I've seen have multiple red flags:
* "Military grade encryption": not a term cryptographers use, ever.
* Breaking both RSA and AES: no known plausible mechanism to break both with the same approach
* Details withheld due to sensitivity: there are zero knowledge proofs (well sorta, slight abuse of terminology here) you could give (for both AES and RSA) that would show that you have this capability. For example, sign something with the RSA2048 challenge number, or reveal the AES key of a plaintext/ciphertext pair that is generated by a trusted non colluding third party. You wouldn't reveal anything about your methods, but you would show that you have the capability.

Extraordinary claims require extraordinary evidence. And I haven't even been able to access the paper so far, so I do not see the extraordinary evidence.

"Confetti cannons or fire extinguishers? Here’s how to secure cloud surprises" https://bit.ly/4dtCDri <- congrats, you found a cloud environment that somebody deployed in prod but never tried to secure. Time to panic? Well, READ THIS FIRST! -)

"Anton’s Security Blog Quarterly Q3 2024" https://bit.ly/4dr1M61 <- the selection of the most popular blogs and podcasts is baaack!

"New Office of the CISO Paper: Organizing Security for Digital Transformation" https://bit.ly/3XKsQIV <- seeks to answer a few tricky questions about what does it mean to have a modern security org

"Not a #SOC FAQ! This is SOC FMD!" https://bit.ly/3T62LkE <- a weird little blog about the 3 things your SOC should ask (demand?) of other teams!

"The Great Cloud Security Debate: CSP vs. Third-Party Security Tools" https://bit.ly/3YWnNpE <- a very fun blog based on a recent episode of @CloudSecPodcast

"Your Roadmap to Secure #AI: A Recap" https://bit.ly/4dbrkon <- so this blog covers a few of the fun things we wrote about securing AI, combined in a semi-coherent narrative ) Take a look anyway!

An almost forgotten, penultimate Part 9 of our Detection Engineering blog series is here: "Guide your SOC Leaders to More Engineering Wisdom for Detection (Part 9)" https://bit.ly/4cYDpNC

"Tips for SOCLess Oncall" https://bit.ly/3LDpb8I <- a very, very fun read about doing D&R the modern, SOCless way! With usable details!

"Google Cloud Security Threat Horizons Report #10 Is Out!" https://bit.ly/469VW70 <- our 10th cloud threats reports reveals some serverless attack "secrets" and some mundane cloud hackage too -)

"Introducing the Coalition for Secure AI (CoSAI) and founding member organizations" https://bit.ly/3Y7LElO (epic list of participants BTW!)