The shift from static data centers to dynamic Kubernetes workloads changes everything about security. In this essential episode, we sit down with an industry leader—an ex-vCISO, OWASP contributor, and founder of a new firm—to break down the new rules of cloud-native defense.
If you are dealing with short workload lifecycles, balancing security with velocity, or figuring out the true impact of AI on your role, this is a must-watch.
YouTube: https://youtu.be/J0asVeOCAggDinis Cruz: https://www.linkedin.com/in/diniscruz/
Host: https://www.linkedin.com/in/mpurusottamc/
Cloudanix: https://www.cloudanix.com/
00:00 Introduction and Teaser03:00 Minset Shift - From Static Servers to Kubernetes Workloads06:05 Challenges of Shifting From Traditional Data Centers to Serverless08:35 Balancing Security and Other Business Priorities14:20 Varying Cloud Costs and Managing Security Compliance19:19 Logging and Monitoring - How to prioritize effectively?23:34 Identity and Access Management for Short Workload Lifecycles28:49 Leveraging Generative AI for better Security Engineering38:12 Anticipating Attacker Mindset and Defending Your Cloud Environments45:36 How will AI evolve security roles in general?52:17 Summary53:03 Learning Recommendations from the guest
Have you ever wondered what it takes to drive successful partnerships in the AWS ecosystem? In this episode, we sit down with Lalit Khatter, a Senior AWS Partner Solution Architect, who gives us a deep dive into his dynamic role and the strategies that help AWS Partners thrive.
Lalit shares his journey from Software Engineer to PSA and reveals the essential traits of a successful AWS Partner.
Whether you're an aspiring PSA, a business leader at an AWS Partner, or simply curious about the engine that drives cloud adoption, this podcast offers unparalleled insights!
00:00 Teaser and Introduction
03:57 Role of a Partner Solution Architect and their day-to-day
08:15 Why Partner Solution Architect as a job role?
19:52 Transition from software engineer to AWS PSA
23:22 How would a SI company work with Lalit for partnering with AWS?
31:04 Trait of a successful partner
38:40 AWS programs that help partners get visibility to prospective customers
41:58 Aha moment after getting started with the AWS partner environment
48:08 Scaling with AWS Marketplace
01:03:05 Amazon Pace and Ambassador Program: Hand-in-Hand
01:06:23 AWS Ambassador Program and how to invest in it
01:10:20 Business Outcome Accelerator (AWS BOX)
01:22:53 Weekends of Lalit Khatter
01:28:40 Next 5 years of AWS Partner programs
01:33:01 Stuff about Lalit
How do you keep pace with AI adoption without compromising your security standards? We sat down with a Security and Privacy Engineering Manager to tackle the toughest challenges facing modern DevSecOps teams and C-Suite leaders today.This episode is packed with practical strategies on integrating security early and effectively. We dive deep into:00:00 Teaser and Introduction05:35 The real Challenges of Integrating Security into SDLC08:35 Embedding Security Into Developer Workflows12:09 Balancing Security & Velocity: Advice for the C-Suite16:11 Aligned Autonomy: How Enterprises Balance Security & Freedom20:46 AI Adoption is Fast- Security is Playing Catch-Up24:46 The Biggest Misconception About AI Security27:26 Defense-in-Depth for Securing AI Workloads31:27 Evolving Defenses Against Sophisticated AI-Driven Attacks35:04 AI-Driven Transformation in Security Operations and Testing38:15 Human-in-the-Loop: Why SOC Analysts Remain Essential in the AI Era41:25 Summary42:20 Learning RecommendationImportant LinksAshish Bhadouria: https://www.linkedin.com/in/ashishbhadouria/ScaleToZero: https://scaletozero.com/Cloudanix: https://scaletozero.com/Purusottam: https://www.linkedin.com/in/mpurusottamc/Art of War: https://www.amazon.in/Art-War-Sun-Tzu/dp/8184950888TLDR Sec: https://tldrsec.com/Pragmatic Engineer Blog: https://blog.pragmaticengineer.com/
What does it really take to build a security program that stands up to modern threats? In this episode, we sit down with Ashish Garg, Founder of RIGA Cyber, to move beyond the frameworks and discuss what matters most: people.
You can also watch on YouTube: https://youtu.be/99AzjI-RKTYWe cover the essential strategies for any security leader looking to build a resilient, proactive security culture. We dive into:00:00 Teaser and Introduction06:12 Making Security Everyone's Responsibility11:23 Tailoring the Story: Communicating Security Across Audiences15:38 Building a Proactive Security Program: Beyond Frameworks19:38 Overcoming Stakeholder Hurdles: Building Trust Through Alignment23:26 Bridging the Gap Between Security and Engineering28:06 Measuring Trust and Providing Security Value37:34 From Engineering to Security Leadership: The Power of Mentorship & Alignment42:03 Avoiding Burnout as a Security Leader: Prioritize & delegate44:45 AI in Security: Hype, Risk & Real Use Cases51:25 Summary52:10 Learning Recommendation#Cybersecurity #SecurityLeadership #ProactiveSecurity #InfoSec #CybersecurityPodcast #SecurityCulture #AIinSecurity #CISO #SecurityEngineering #CorporateSecurity
Ever wonder about the security risks lurking behind your favorite AI tools? In this episode, we sit down with Shweta Thapa, Security Specialist Solutions Architect from AWS, to demystify the complex world of GenAI and traditional application security.
Transcript: https://www.scaletozero.com/episodes/designing-security-for-genai-with-security-specialist-solutions-architect-shweta-thapa/
Guest: https://www.linkedin.com/in/shwetast/
Host: https://www.linkedin.com/in/mpurusottamc/
Cloudanix: https://cloudanix.com/
We'll cover 9 critical topics that every tech professional, business leader, and security enthusiast needs to know. Get ready to learn about:
00:00 Teaser and Introduction
05:01 Fundamentals of Designing Security for GenAI and Traditional Applications
09:00 Control of Shared Responsibility Model: LLM Provider vs. Consumer
12:25 Top Five Security Checks for GenAI System
17:39 Securing GenAI Outputs: Trustworthy vs. Toxic Content
22:03 Synthetic Data: Helpful or Harmful
24:16 Validating AI Output: Monitoring, Context & Human Judgment
28:07 Strategic Advisory Questions to Ask Stakeholders When Investing in GenAI Application
31:22 Misconceptions of Security Leaders about GenAI Security
35:56 Getting Started with GenAI: Startups vs. Enterprises
43:50 Summary
45:00 Learning Recommendation
What does it truly take to lead security and GRC in today's complex, high-stakes environments? It's about much more than just technology—it's about building trust, creating champions, and acting as an enabler, not a blocker.In this powerful episode, we sit down with [Guest Name], a seasoned Fractional CISO and Cybersecurity Advisor. With their extensive experience, we'll dive into the real-world lessons learned from bridging the gap between security teams and the rest of the business, and how to turn GRC from a requirement into a strategic advantage.00:00 Teaser and Introduction07:24 Security and Compliance Debate09:55 How are Security and Compliance not different from each other?11:17 Security challenges evolved over the years - from data centers to AI14:10 Challenges of aligning security strategies within enterprises16:53 Tips to build trust and create security champions21:00 How do you support and educate others around you?23:05 How have security engineering and leadership roles helped you evolve?25:35 Security teams working closely with other business teams28:45 Security leaders being open to security teams31:40 GRC maturity levels in organizations today34:50 Implementing GRCs more efficiently38:32 Reducing friction between security and other business teams42:48 Security teams as enablers and not blockers47:49 Scenario where your leadership was tested53:23 Summary54:16 Learning recommendations
The role of a CISO is evolving at an unprecedented pace. It's no longer just about technical defenses; it's about leading multidisciplinary teams, understanding business strategy, and navigating the profound impacts of emerging technologies like AI and Quantum Computing.
In this episode, we sit down with Patricia Titus, a seasoned Field CISO, to break down what it takes for today’s security leaders to become the multidisciplinary strategists of tomorrow. We explore how to move beyond traditional security models and embrace a future where security is a core business enabler.
Watch the episode on YouTube: https://youtu.be/s6475pSgSxc
00:00 Introduction04:45 From Learning AI to Secure Deployment08:25 Cross-Disciplinary Teams & the CISO's Co-Leadership Role10:05 Will AI impact only GRC or a broader area?13:29 Governance frameworks for CISOs before deploying workloads17:35 Establishing & Measuring AI Governance Frameworks20:50 Behavioral AI: Cultural shifts required to build a security mindset25:20 Measuring the effectiveness of Behavioral AI30:57 How security leaders can stay ahead in the AI native security world?33:27 Non-technical Skills for Future CISOs in the AI world35:52 Areas of expertise today's CISOs must actively cultivate39:48 Explaining the importance of AI and Quantum to stakeholders44:57 Summary45:45 Learning recommendations from Patricia
Join us for an inspiring and incredibly practical conversation with Faraz Khan, a seasoned AWS Marketplace Leader who shares invaluable insights from a career dedicated to sales, relationships, and driving business growth. This isn't just about tech; it's about the human element of sales, the power of partnerships, and navigating massive commercial opportunities.Faraz Khan: https://www.linkedin.com/in/m-faraz-k-4842883/
Sujay Maheshwari: https://www.linkedin.com/in/sujaymaheshwari/
0:00 Teaser and Introduction6:50 Sales and Relationship Learnings at Oracle Middle East11:20 Getting into Sales Life14:50 Cracking a $3 Million Deal18:08 Identifying Sales Personality Within People and Coaching Them22:10 Leaving Middle East and Shifting to India26:35 Understanding AWS Marketplace32:30 Getting Successful at AWS Marketplace40:50 Helping Understand AWS Marketplace Co-Sell to Early Adopters47:50 Wisdom for AWS Marketplace Skeptics52:55 Maneuvering AWS Marketplace and Its Different Areas59:30 Faraz Dislikes Some Aspects of His Job01:04:19 Problems Solved with AWS Marketplace India Launch01:07:35 Faraz's Life And A Day in His Life01:11:55 Faraz as a "Shayar" ("Poet") and Life Recently
Embark with us on a crucial journey into the world of Zero Trust with our guest Uttej Badwane, a seasoned Senior Security Engineer. In this episode, we'll demystify Zero Trust for organizations just getting started, dive into practical implementation steps, and explore the cutting-edge intersection of Zero Trust and Artificial Intelligence.This episode is indispensable for security leaders, engineers, architects, and anyone keen on building resilient, future-ready security postures. Don't forget to Like, Share, and Subscribe for more expert insights!Cloudanix: https://www.cloudanix.com/Zero Trust Security: https://www.cloudanix.com/learn/what-is-zero-trust-securityUttej: https://www.linkedin.com/in/uttej-badwane/00:00 Teaser and Guest Introduction03:55 Defining Zero to Zero Trust for organizations getting started08:48 Steps to evaluate and implement a zero-trust model12:34 Multi-factor Authentication, or Micro-segmentation, or Zero Trust17:38 Challenges of implementing a zero-trust framework25:58 Is Zero Trust a right fit for you?30:24 Balancing organizational complexities and zero-trust implementation35:17 IAM recommendations for a robust zero-trust implementation42:05 Staying on top of operational complexities with practical governance steps48:52 Role of AI in Zero Trust Architecture54:54 How will zero trust models change if servers are running AI agents?58:29 Learning recommendations from Uttej
Join us for a deep dive into the evolving landscape of cybersecurity with Stephen Kuenzli, an accomplished former Senior Security Architect and now the founder of a leading cybersecurity/cloud security company. In this episode, we cut through the noise to discuss practical, real-world strategies for Identity and Access Management (IAM) and confront the revolutionary impact of AI on our security programs.
This episode is a must-watch for CISOs, Security Architects, Cloud Security Engineers, and anyone looking to navigate the complexities of modern IAM and the AI-driven future of cybersecurity.
Watch on YouTube: https://youtu.be/96sztTdlN00
00:00 Teaser and Guest Introduction
06:40 IAM misconceptions blocking organizations from scaling
09:10 How to fix IAM misconceptions?
14:12 Practical example of self-serve security policy
20:25 Getting started with IAM security in real-time
24:47 Practical guide for building a better least privilege policy
29:00 Your CSP tools to leverage for scaling Cloud IAM Security
38:08 Emerging trends in security with the rise in AI
41:10 Possible implications of AI in the world of security
46:22 Challenges solved by a custom-built MCP server built by Stephen
49:22 Impact on traditional security programs due to AI-based MCP servers
55:05 Challenges of AI that security leaders should be aware of
01:01:12 Summary
01:02:08 Learning recommendations
Join us for a deep dive into the world of Cybersecurity Risk Management with seasoned expert Joseph Haske. Risk Manager, who brings a fresh perspective to navigating complex cyber challenges. In this episode, we unpack crucial topics that every security professional, leader, and stakeholder needs to understand.
Transcript:
Cloudanix: https://www.cloudanix.com/
00:00 Teaser and Introduction03:54 Does non-tech experience help you in the field of security?07:39 Different perspective on the field of risk management with vast experience09:36 Qualitative vs. Quantitative Risk Management, who outgrows whom, and how12:29 Strengths and Weaknesses of the Qualitative and Quantitative Risk Framework14:00 Educating your teams to follow the right risk framework15:36 Fundamental differences between underlying philosophies and the FAIR framework18:00 Selecting the right framework for small and growing organizations19:47 Balancing the usage of Qualitative vs Quantitative risk approach23:00 Importance of the peer review process25:03 Challenges to implementing the FAIR approach27:27 Mitigating the challenges of implementing the FAIR approach29:37 Biggest misconception before starting a risk management program31:31 Future of risk management32:55 Preparing for the future of risk management34:31 Approaching the security challenges raised by new technologies like AI or quantum computing36:40 Building the right culture to drive a successful risk management program39:49 Summary41:00 Learning Recommendations
In this groundbreaking episode of the ScaleToZero podcast, we sit down with Brad Geesaman, a Principal Security Engineer, to explore the revolutionary impact of Agentic AI on Application Security. From the inspiration behind this cutting-edge field to the practicalities of building AI-powered solutions, we cover it all.
This episode is a must-listen for CISOs, Security Engineers, CTOs, and anyone looking to understand how AI is redefining the future of AppSec.
Transcript: https://www.scaletozero.com/episodes/ai-in-appsec-the-paradigm-shift-with-brad-geesaman/
Brad: https://www.linkedin.com/in/bradgeesaman/
00:00 Teaser and Introduction
04:00 Inspiration to focus on Application Security using AgenticAI
05:56 Understanding AgenticAI0
8:52 Agentic AI versus Traditional AI
12:44 Paradigm shift of secure coding with the change of AI
15:28 Importance of tool integration and standardization of AgenticAI for AppSec
18:00 Standardization of Agent SDKs or NCPs
20:22 Using AI to secure AI
23:12 Are AI systems reliable considering their nondeterminism
25:15 Considerations for adopting AI for AppSec
29:54 Impact of AI on organizational structure for security
32:27 Elements of AppSec with the least AI benefits
36:10 What is Reaperbot
42:42 Advantages and disadvantages of testing methods of Reaperbot
45:00 Vision for Reaperbot in the near future
48:00 Building trust within teams with the rise in these decision-making agents
52:12 Recommendations for operations teams to avoid vulnerabilities or misconfiguration
54:58 Considerations for the operations team when using AI systems for security purposes
01:00:02 Summary
01:01:05 Learning recommendations
In this insightful episode of the podcast, we speak with a seasoned Senior Cloud Security Consultant and Architect about a unique approach to security: minimalism. We explore how the principles of minimalist living can be applied to build leaner, more effective security strategies in the cloud and beyond.
Whether you're a security leader, architect, or cloud enthusiast, this episode offers a fresh perspective on building robust and efficient security strategies.
YouTube: https://youtu.be/plqzCwd1rUM
00:00 Teaser and Introduction06:45 Minimalist living09:30 Applying the minimalist living approach to security16:30 Do organizations practice the basics of security?24:45 Investing early in security29:40 Balancing local and global security frameworks37:17 Best ways for startups to work with AWS and vice versa42:55 Educating global leaders to work with Indian customers48:50 Maximizing AWS Benefits for Startups56:19 How can India win in cyberspace?01:08:31 Learning recommendations
In this episode of the Scale To Zero podcast, we dive deep into the world of Security Champions with our guest speaker Bonnie Viteri, a seasoned cybersecurity expert. We explore how to build, scale, and maintain a thriving Security Champions program that truly makes a difference.
Watch on YouTube: https://youtu.be/3bpNxeKmWug
Bonnie: https://www.linkedin.com/in/bonniebyer-viteri/ScaleToZero: https://www.scaletozero.com/
Cloudanix: https://www.cloudanix.com/
Here's what we covered:
00:00 Teaser and Introduction
03:15 Defining the role of a security champion
04:45 Signals to identify a security champion when working with development teams
06:00 Real life example of someone turning into an excelent security champion
07:50 Why security teams at Yahoo are called paranoids?
09:16 How does a security champion evolve over time?
11:20 Principles of successful security champions program
13:55 Scaling security champions program along with organization's growth
16:28 North star for scaling security champions program
19:14 Differences in building champions program at startup vr large orgs
22:30 Aligning security champions program with business outcomes
26:00 Metrics to show alignment and progress of security program
28:55 Data driven security champions program for non-believers
31:46 Keeping security champions program fresh and relevant
34:28 Keeping individual security champions engaged and happy
37:50 Tips to prevent burnout
39:34 Examples of recognition and appreciation of security champions
42:39 Bridging gaps between security teams and other business teams
45:45 Challenges of fostering collaboration between security and other business teams
48:28 Summary
49:27 Learning recommendations
In this episode of the ScaleToZero podcast, we had an insightful conversation with Rowan Udell, an AWS IAM leader and security consultant, about the future of cloud security. We delved into critical topics like prohibiting human access to production accounts, maximizing ROI in IAM and policy management, and the role of Just-In-Time access. We also explored the impact of LLMs on IAM engineering and discussed practical strategies for minimizing attack surfaces in the healthcare industry. This episode is a must-listen for anyone responsible for AWS security and identity management.
Watch on YouTube: https://youtu.be/r0eupMDCqB8
#cybersecurity AWS #IAM #CloudSecurity #DevSecOps #JustInTimeAccess #LLM #SecurityBestPractices
00:00 Teaser and Introduction
05:45 Prohibiting human access to production cloud accounts
12:00 Recommendations to prohibit human access to production accounts
15:30 Strategy to maximize ROI in IAM and Policy Management
19:00 Thoughts on the ability to create users and roles at will in the cloud
23:19 What is Just-In-Time and its role in the cloud?
30:14 Providing secure access to teams in the healthcare industry via IAM
38:05 How organizations can keep the attack surface minimum
41:51 Common misconfigurations seen with minimal fix
44:22 Less-known features of AWS IAM with great impact
48:30 Are LLMs a blessing or curse to IAM engineers?
51:20 Shift of LLMs that IAM engineers should expect in 2025
55:35 Summary
56:38 Learning recommendations
In our latest episode of the ScaleToZero podcast, we had a fascinating conversation with Anshuman Bhartiya, an AppSec Tech Lead and cybersecurity expert. We explored the intricacies of product security, including the challenges of implementation, building a strong security culture, and leveraging AI models for application security.
Anshuman shared with us practical tips for balancing user experience with robust security measures and offered valuable recommendations for integrating AI into development processes. A must-listen for anyone invested in application security and the future of secure product development.
Transcript: Website: https://scaletozero.com/
Cloudanix: https://www.cloudanix.com/
#podcast AppSec #ProductSecurity #SDLC #Cybersecurity #GenAI #SecurityCulture
00:00 Teaser and Introduction
04:19 Defining Product Security
07:42 Challenges of implementing security
10:28 Balancing the workflow with engineering and security teams with use-case
15:38 Tools and processes to build secure SDLC processes
19:47 Practical ways to build the right security culture
22:45 Balancing user experience and security of a product with an example
28:52 Catering to the third-party security ecosystem
33:00 Key metrics to measure the effectiveness of the product security program
39:11 Use of AI models to secure the application
43:12 How GenAI has changed the world of product security
46:30 Recommendations to appsec team for integrating AI into dev processes
49:39 Summary
50:49 Learning recommendations
Join us for an in-depth conversation with Jason Jordaan, a seasoned Principal Digital Forensics Analyst, as we unravel the complexities of modern digital forensics. In this episode, we have covered topics such as the most common digital evidence, cloud and mobile impact, essential skills, and the DFIR intersection. Whether you're a seasoned professional or just starting, this episode offers valuable insights into the dynamic world of digital forensics.
YouTube: https://youtu.be/JPzgCTFm_j0
00:00 Teaser and Introduction
08:55 Most common types of digital evidence encountered in investigations
11:30 Impact of cloud computing and mobile devices in the field of digital forensics
15:30 Key skills required in digital forensics
19:01 Tackling most challenging aspects of digital forensics investigation
24:03 Ensuring the chain of custody and authenticity of digital evidence
29:05 Is the Digital Forensics job overwhelming
33:50 Intersection of Digital Forensics and Incident Response
39:45 Practical ways for organizations to investigate threats via digital forensics
45:52 Challenges of investigating deepfakes and other forms of AI-generated content
51:02 Advice for beginners interested in Digital Forensics
57:00 Summary
58:03 Learning recommendations on Digital Forensics
Join us as we delve into the world of threat detection with our expert guest Reanna Shultz, a renowned security leader and community builder.In this insightful podcast, we explore the critical challenges facing security teams today, including the need for real-time threat detection, the constant evolution of the threat landscape, and the importance of stakeholder buy-in. We also discuss strategies for breaking the detection-reaction cycle, leveraging AI/ML for enhanced detection, and the skills needed to thrive as a future detection engineer. This podcast is a must-watch for anyone interested in cybersecurity, threat intelligence, and the future of security operations.00:00 Teaser and guest introduction06:08 Importance of real-time threat detection in consumer electronics industry11:50 How to detect bad actors?16:07 Challenges faced by security teams to convince stakeholders about security21:14 Creating playbooks for threat detection27:45 Balancing threat detection with false positives in high-volume settings.31:13 Staying current with the fast-paced threat landscape.33:15 How to automate keeping up with the threat landscape?37:21 Breaking the detection-reaction cycle in cybersecurity40:32 Rubrik for SOC analysts to manage their stress levels46:55 Scaling programs to prioritize threat detection50:54 Detection-reaction to insider threats54:27 Tips to involve other business areas in security programs56:41 Impact of ML/AI on threat detection59:30 What does a future detection engineer look like?01:02:50 Is the industry moving to build its own SIEM systems?01:05:05 Summary01:06:55 Reading and learning recommendations from Reanna
In this insightful podcast, we explore the transformative impact of AI on the cybersecurity landscape. Join us as we discuss how AI can be leveraged to enhance threat detection, improve incident response, and augment human analysts. We also delve into the emerging risks and threats posed by AI, such as deepfakes and AI-powered attacks. Learn about the evolving role of human factors in cybersecurity and the essential skills security professionals need to thrive in an AI-driven world. Threat Modeling: https://www.cloudanix.com/learn/what-is-threat-modeling ScaleToZero website: https://www.scaletozero.com Cloudanix: https://www.cloudanix.com 00:00 Teaser and Introduction 06:40 How can AI be powerful for enhancing security? 11:22 Emerging risks and threats that AI can introduce 14:22 Role of human factors in deepfakes 20:20 How can AI augment human analysts? 26:50 Leveraging AI for prevention and prediction of cyber attacks 28:31 New skills security professionals require in an AI-driven world 30:52 How do cybercriminals exploit humans? 34:00 How should organizations face insider threat attacks? 40:55 Evolving teams from awareness to taking a proactive security approach 44:00 KPIs to measure implemented security practices 48:42 Protecting data from generative AI tools and maintaining data confidentiality 53:58 Summary 54:49 Learning recommendations
Join us as we delve into the critical role of security awareness programs in building a strong security posture.In this insightful podcast episode with Mauricio Duarte, our host Purusottam has discussed the challenges faced by security awareness program managers, the importance of tailored training, and effective methods for delivering engaging and impactful training. We also explore incident response best practices, including measuring effectiveness and leveraging incident data for continuous improvement. Finally, we offer valuable advice for managing stress and burnout within security leadership roles. 00:00 Introduction of Mauricio Durate 08:55 Role of security awareness program manager in an organization 10:00 Challenges faced by the security awareness program manager 11:50 Challenges faced in maintaining security awareness program 14:35 Phishing simulation training programs 21:46 Tailoring security programs to different business stakeholders 24:40 Effective methods of delivering security awareness program 27:27 Ensuring the effective of security awareness training programs 30:57 Determining the severity of the Incident 34:24 Ensuring the least threats to organizational assets during an incident 36:14 Leveraging incident response information for deeper analysis 38:24 Measuring the effectiveness of incident response plan 41:55 How can security culture teams and incident response teams go hand-in-hand 45:54 Tips for burnout and stress caused within security leadership roles 51:45 Summary of episode learnings 52:52 Learning recommendations from Mauricio