Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In this week’s episode, we explore how Cloudflare handles application security, current trends, vulnerabilities, and future expectations. Host João Tomé is joined by Michael Tremante, Director of Product from our Application Security team. We discuss the evolution of application security and its increasing relevance today. We also go into specific use cases, covering firewall security, malware, supply chain risks, and the critical task of monitoring various vulnerabilities, including zero-day threats.

In this week’s episode, we have a segment about how we thwarted a threat campaign targeting Ukraine and explain what our team, Cloudforce One, does. Host João Tomé is joined by Blake Darché, Head of Cloudforce One. First, we discuss how Cloudforce One employed proactive defense measures to successfully prevent Russia-aligned threat actor FlyingYeti from launching their latest phishing campaign targeting Ukraine.

Alissa Starzak, Global Head of Policy at Cloudflare, about our Project Galileo that is celebrating 10 years. In June 2014, Cloudflare launched Project Galileo, a program which today provides security services, at no cost, to more than 2,600 independent journalists and nonprofit organizations around the world supporting human rights, democracy, and local communities.

In this week’s episode, we feature a segment all about policy, Internet regulation, and the 10th anniversary of our Project Galileo. Host João Tomé is joined by Alissa Starzak, Global Head of Policy at Cloudflare, to discuss policy and regulation in 2024. This conversation was recorded in early May 2024 in our San Francisco office. We begin with Alissa’s impressive background, from the private sector to the CIA, the US Army, and then Cloudflare.

Host João Tomé is joined by two guests. First, we have Ranee Bray, Chief of Staff of our Security Team, discussing how we managed programmatically what we called Code Red — several teams were put together to focus in 30 days on strengthening, validating, and remediating a security incident. Credential management, software hardening, vulnerability management, additional alerting, and other areas were also a part of the “Code Red” effort.