Great podcast thanks Jason! I agree cloud is more ephemeral for cloud IR.
Questions:
Q1: In cloud what do you consider a security event vs. an incident? Is that different in cloud?
Q2: When it comes to monitoring ML environments, the community struggles because of various reason. There is the NVIDIA Morpheus project on github but its still a maturing space when it comes to cloud. What design requirements do you ask from data scientists and engineers building out ML in the cloud that allows you to capture artifacts?
Not sure Jason is reading these, but I can try to answer.
Q1 Frankly, I don't see cloud breaking the "event vs incident" definition, in general. What I observed is a bit more uncertainty on what is considered an incident (e.g. on premise, a new vulnerability is very rarely an incident, while some cloud teams treat a major vuln as an all-hands-on-deck incident
Q2 Frankly, this is too long to answer here, perhaps we need a separate podcast episode on this. Got a guest in mind?