#VDZ26 
Secure By Design: Architecting your cloud and AI workloads from the perspective of infosec by Natalie Godec

So you've vibe-coded your Super Smart AI Agentic App and are ready to set it free on the Internet. You are sure it will do well, it solves this amazing use-case, with such clever technology! You pick your favourite cloud provider, decide on a runtime - perhaps, Kubernetes or Cloud Run - buy a domain, ask Gemini to wire up a deployment pipeline. Happy days!

But here's the thing. You can't vibe-code security. Every single thing you deploy to the cloud needs to be secured. And it's a hard task! Even for cybersecurity professionals.

But fret not. Cloud providers, such as Google Cloud, have already put in the work to make your job easier. And in this talk, you will learn the fundamentals of securing your workloads, (almost) end-to-end.

Devoxx

A conference talk transcript covering cloud and AI workload security from an infrastructure perspective. Topics include securing Kubernetes clusters (private control planes, workload identity, policy controller/OPA gatekeeper, binary authorization for supply chain security), securing serverless services like Cloud Run (ingress restrictions, Identity-Aware Proxy), securing data in PostgreSQL and BigQuery (private connectivity via PSC, column/row-level security, DLP), and protecting the entire cloud perimeter using org policies and VPC Service Controls. Practical examples use Google Cloud but most concepts apply to AWS and other providers.

Secure By Design: Architecting cloud and AI workloads from the perspective of infosec by N. Godec