Topics covered:

• How would you define “a cloud breach”? Is that a real (and different) thing? 


• Are cloud breaches just a result of leaked keys and creds?


• If customers are responsible for 99% of cloud security problems, is cloud breach really about a customer being breached?


• Are misconfigurations really responsible for so many cloud security breaches? How are we still failing at configuration?


• What parts of DBIR are not total “groundhog day”?


• Something about vuln exploitation vs credential abuse in today’s breaches–what’s driving the shifts we’re seeing? DBIR


• Are we at peak ransomware? Will ransomware be here in 20 years? Will we be here in 20 years talking about it?


• How is AI changing the breach report, other than putting in hilarious footnotes about how the report is for humans to read and and is written by actual humans?