Amit Megiddo

It seems like this problem never goes away.

We're constantly misconfiguring.

Cloud providers ship powerful built-in controls, but most teams struggle to turn security intent into consistent enforcement across AWS, Azure, Google Cloud, and OCI.

Different policy models force security teams into manual translation and one-off exceptions, which get brittle fast as accounts, services, APIs, and AI workloads change.

Our sponsor, Native, is the secure-by-design control plane for cloud security.

It helps teams operationalize provider native enforcement, manage intent centrally, and roll out changes safely at scale.

Native works through the cloud's own mechanisms so guardrails are enforced natively, while teams can preview impact before deployment and reduce drift over time.

With native, security isn't bolted on after the fact, like what we were just talking about.

It becomes part of how you operate the cloud.

You want to learn more?

You got to go to their website.

Go to native.security.

It's just spelled exactly the way it sounds.

N-A-T-I-V-E dot security.

Go there.

And when you go there and you find out more, let them know that you learned about them from the CISO series.

Amit, I'm pretty sure you know how to play this game, correct?

Yes, you do.

So I'm going to... Okay.

This is two bad scenarios brought to us from a listener.