Radio and PodcastLive Radio & PodcastsLoading episode
Fetching episode details...
Radio and PodcastLive Radio & PodcastsRadio and PodcastLive Radio & PodcastsFetching episode details...
Radio and PodcastLive Radio & PodcastsGuest: Royal Hansen , VP of Engineering at Google, former CISO of Alphabet Topics: The "God-Like Designer" Fallacy: You've argued that we need to move away from the "God-like designer" model of security—where we pre-calc...
EP258 Why Your Security Strategy Needs an Immune System, Not a Fortress with Royal Hansen is an episode from Cloud Security Podcast by Google by Anton Chuvakin. Guest: Royal Hansen , VP of Engineering at Google, former CISO of Alphabet Topi...
This episode belongs to Cloud Security Podcast by Google.
Use the player on this page to stream the episode online.
Published Jan 12, 2026, 32:05 long, audio available.
Continue listening to more episodes from Cloud Security Podcast by Google.
Apr 27, 2026 - 29:37
Apr 13, 2026 - 34:11
Apr 6, 2026 - 27:23
Mar 30, 2026 - 33:26
Guest: Royal Hansen , VP of Engineering at Google, former CISO of Alphabet Topics: The "God-Like Designer" Fallacy: You've argued that we need to move away from the "God-like designer" model of security—where we pre-calculate every risk like building a bridge—and towards a biological model. Can you explain why that old engineering mindset is becoming risky in today's cloud and AI environments? Resilience vs. Robustness: In your view, what is the practical difference between a robust system (like a fortress that eventually breaks) and a resilient system (like an immune system)? How does a CISO start shifting their team's focus from creating the former to nurturing the latter? Securing the Unknown: We're entering an era where AI agents will call other agents, creating pathways we never explicitly designed. If we can't predict these interactions, how can we possibly secure them? What does "emergent security" look like in practice? Primitives for Agents: You mentioned the need for new "biological primitives" for these agents—things like time-bound access or inherent throttling. Are these just new names for old concepts like Zero Trust, or is there something different about how we need to apply them to AI? The Compliance Friction: There's a massive tension between this dynamic, probabilistic reality and the static, checklist-based world of many compliance regimes. How do you, as a leader, bridge that gap? How do you convince an auditor or a board that a "probabilistic" approach doesn't just mean "we don't know for sure"? "Safe" Failures: How can organizations get comfortable with the idea of designing for allowable failure in their subsystems, rather than striving for 100% uptime and security everywhere? Resources: Video version EP189 How Google Does Security Programs at Scale: CISO Insights BigSleep and CodeMender agents "Chasing the Rabbit" book "How Life Works: A User's Guide to the New Biology" book
You can listen to EP258 Why Your Security Strategy Needs an Immune System, Not a Fortress with Royal Hansen online on Radio and Podcast. Open the player on this page to stream the available audio.
EP258 Why Your Security Strategy Needs an Immune System, Not a Fortress with Royal Hansen is an episode from Cloud Security Podcast by Google by Anton Chuvakin.
This episode is 32:05 long.
This episode was published on Jan 12, 2026.
Yes. Use the heart button on the episode page to add it to your favorite episodes list.
Yes. This page shows related episodes from Cloud Security Podcast by Google when more episodes are available from the podcast feed.
You can listen to EP258 Why Your Security Strategy Needs an Immune System, Not a Fortress with Royal Hansen on this page when the episode audio is available from the podcast feed.
EP258 Why Your Security Strategy Needs an Immune System, Not a Fortress with Royal Hansen is from Cloud Security Podcast by Google by Anton Chuvakin.
Published Jan 12, 2026 and 32:05 long