Guest: Karan Dwivedi, Security Engineering Manager, Enterprise Infrastructure Protection @ Google Cloud Topics: Google’s use of Google Cloud is a massive cloud environment with wildly diverse use cases. Could you share, for our listeners, a few examples of the different kinds of things we’re running in GCP? Given that we’re doing these wildly different things in GCP, how do we think about scaling the right security guardrails to the right places in our GCP org? How do you work with application engineering teams and project owner teams to make sure the right controls are there but not getting in the way of business?  How do we scale this exemption management process? Are there things we do here that don’t make sense at a smaller scale? Are there emergent challenges that only we would face? How do you correctly federate security responsibilities between the central team defining policy and the constituent user teams actually using the platform? Burnout is a perennial challenge for security teams–what’re you doing to keep your people happy and engaged? Resources: “How We Scale Detection and Response at Google: Automation, Metrics, Toil” (ep75) ““Hacking Google”, Op Aurora and Insider Threat at Google” (ep91) Google Cloud security foundations guide