ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "Getting Started with Cloud Pentesting | Ft. Scott Weston | Ep.78 | Scale To Zero Podcast | Cloudanix"
Episode Synopsis
Join us as we delve into the world of cloud pen-testing with our guest Scott Weston, a seasoned cybersecurity expert. In this insightful podcast, we discuss the development of GCPwn, a powerful tool for identifying vulnerabilities in Google Cloud Platform (GCP) environments. Learn about the tool's capabilities, limitations, and future roadmap.
We also explore the broader landscape of cloud security, including the shared responsibility model, common misconfigurations, and the importance of continuous learning. Whether you're a seasoned security professional or just starting your journey, this podcast offers valuable insights and practical advice.
Shared Responsibility Model: https://www.cloudanix.com/learn/what-is-shared-responsibility-model
00:00 Teaser and Introduction
04:35 Introducing self-developed tool GCPwn
07:30 Is GCPwn an active or passive pen testing tool?
08:47 Envisioning GCPwn for users
10:15 Areas GCPwn does not suit well
12:16 Future Roadmap of GCPwn
13:41 AWS Pwn landscape after year 2016
15:51 Describing Shared Responsibility Model
19:20 Security considerations of cloud platforms as a cloud pentester
22:25 Are pentesting certifications enough?
28:07 Common cloud misconfiguration to look for
35:26 Tools to get started with pen-testing
38:38 Cloud platforms to focus on as a beginner
41:30 Where to get started as a cloud pentester
44:00 Learning resources
53:29 Summary
54:30 Reading and other recommended resources
We also explore the broader landscape of cloud security, including the shared responsibility model, common misconfigurations, and the importance of continuous learning. Whether you're a seasoned security professional or just starting your journey, this podcast offers valuable insights and practical advice.
Shared Responsibility Model: https://www.cloudanix.com/learn/what-is-shared-responsibility-model
00:00 Teaser and Introduction
04:35 Introducing self-developed tool GCPwn
07:30 Is GCPwn an active or passive pen testing tool?
08:47 Envisioning GCPwn for users
10:15 Areas GCPwn does not suit well
12:16 Future Roadmap of GCPwn
13:41 AWS Pwn landscape after year 2016
15:51 Describing Shared Responsibility Model
19:20 Security considerations of cloud platforms as a cloud pentester
22:25 Are pentesting certifications enough?
28:07 Common cloud misconfiguration to look for
35:26 Tools to get started with pen-testing
38:38 Cloud platforms to focus on as a beginner
41:30 Where to get started as a cloud pentester
44:00 Learning resources
53:29 Summary
54:30 Reading and other recommended resources
More episodes of the podcast Scale to Zero - No Security Questions Left Unanswered
Beyond Tech: Culture and Mindset of Security Engineering | Ft. Dakota Riley | Ep.101 | Cloudanix
12/11/2025
Kubernetes Security Mastery: Shifting Mindsets for Ephemeral Environments | Ep.100 | Ft. Dinis Cruz
29/10/2025
Integrating Security Into Your SDLC Process | Ft. Ashish Bhadouria | Ep. 98 | ScaleToZero Podcast
01/10/2025
A Founder's Guide to Proactive Security & Leadership | Ft. Ashish Garg | Ep.97 | ScaleToZero Podcast
17/09/2025
Designing Security for GenAI: 9 Key Concepts | Ft. Shweta Thapa | Ep. 96 | ScaleToZero Podcast
03/09/2025
In God we trust