Multicloud strategy for AWS and GCP

View Show Notes and Transcript

What is a good multicloud strategy in 2024? We spoke to Vivek Menon, CISO for Digital Turbine about the maturity and security capabilities of major cloud service providers, AWS and GCP. Vivek spoke about the journey from on-premise to multi-cloud landscapes, the strategic approaches to cloud security in 2024, and the unique challenges that teams face across different cloud platforms. Vivek shared his insights into IAM, misconfigurations, and the value of dedicated cloud-specific teams provide a roadmap for organizations aiming to enhance their cloud security posture.

Questions asked:
00:00 Introduction
01:58 A bit about Vivek Menon
02:53 Transitioning from On-Premise to Multi-Cloud
05:35 What is mobile ad tech?
06:44 Why AWS and GCP?
08:09 Challenges in Multi-Cloud Environments  - The people piece
09:37 Challenges in Multi-Cloud Environments  - The process piece
10:42 Managing identities in a MultiCloud Environment
12:52 Managing Misconfigurations in a MultiCloud Environment
13:58 Multi-Cloud Security-  Build In-House or Buy Tools
17:44 Starting Point for MultiCloud Policy
18:54 AWS vs. Google Cloud: Comparing Cloud Security Maturity
20:28 What makes security in Google Cloud stand out
21:18 CISO Guide: Initiating a Cloud Security Strategy in 2024
25:01 The Fun Section
27:03 Where can you connect with Vivek

Ashish Rajan: [00:00:00] From a security perspective, how do you compare the maturity of the two space or between AWS and GCP at the moment?

Vivek Menon: Yeah public knowledge like AWS has been on this journey for quite a few more years than the other two providers, purely from a security point of view, some of the acquisitions that Google has made to strengthen their security features, they've worked out pretty well.

From my vantage point, they acquired Mandiant, they acquired Chronicle and so on. The way they're bringing that together and making it as a feature that most of the customers can leverage definitely helps them stand out in the security space.

Ashish Rajan: Are you truly cloud first? By that what I mean is you've never been an on premise, you've always moved into one of the public cloud providers as your first step.

Maybe even have multiple cloud providers these days. That is the kind of conversation we had on this episode of Cloud Security Podcast. We had Vivek Menon who's a CISO for Digital Turbine. They are a mobile advertising platform and they have been cloud first in the true sense that is they are without the legacy of on premise.

So we spoke to Vivek about what his approach to cloud security on a [00:01:00] multi cloud landscape has been. What does he consider as important things for people to look at cloud security programs for 2024? We also spoke about some of the challenges of teams that are working on AWS problems Azure problems GCP problems What does that look like and maybe we might have some spiced up conversation about who does security better?

Is it AWS or GCP? I'll let you find out the answer on the podcast episode, but all that and a lot more in this episode Cloud Security Podcast. If you find value from this and you want to share this with a colleague or friend who's probably looking into the whole multi cloud space in a fully cloud first kind of world, definitely share this episode with them.

We always appreciate the love and support you show us by following us on social media, following the podcast, following the YouTube channels and leaving us a review or rating that helps more people find and discover Cloud Security Podcast so we can help them become better cloud security professionals.

I hope you enjoyed this episode. I will see you on the next episode. Peace. Welcome to another episode of Cloud Security Podcast at the AWS reInvent edition. And I've got Vivek with me. Welcome Vivek to the show.

Vivek Menon: Thank you, Ashish. I'm glad to be here. Awesome.

Ashish Rajan: And for people who may not know who [00:02:00] Vivek is, could you share a bit about yourself?

Vivek Menon: Of course. So my name is Vivek Menon. I'm the CISO for Digital Turbine. And as I was just telling Ashish, I've got some additional responsibilities around enterprise data and cloud transformation as well. It's one of the perks of working for a small to medium sized firm. If you raise your hand up and you're good at executing, you get called upon.

So that's why I have a role that stretches a few boundaries. I've been with DT for roughly about 18 months. But I've grown up in the data space, starting my career as a data engineer back in the day I wouldn't date myself. And then switched over from data to security over the last eight, nine years.

And if you think about security, it's actually data. How do we collect all of that data, collate it, make sense of it, and then use that for decision making? That's pretty much what security is. Yeah, I'm actually pretty excited to be able to bring together different parts of my profile over the last 20 odd years and, lead the security function as well as the data function.

Ashish Rajan: That's awesome. And I think a unique combination of data and security, something that was a theme across the re:Invent keynote as well from [00:03:00] Adam. And maybe a good place to start this because I would love to go into the whole multi cloud and how DT is now fully multi cloud in a, without the on premise context.

Because you've obviously come through that on premise world similar to a lot of us as well. How was it then? I can't even imagine what multi cloud concept would translate to, but I guess the challenges that used to be in the traditional environment and how different it has become now in the multi cloud, have you got some thoughts on that?

Vivek Menon: Sure, I'll start with the story actually. Back in 2014, 2015, I used to work for CapitalOne and CapitalOne was the first, I would say, big bank or financial services company to take bet on AWS. Just cloud because there was Azure and GCP was still in its infancy, and my role specifically at that point was to build an on premise data lake on a technology that now is ancient, but Hadoop, right?

And that was the buzzword back then, and we transitioned within a year of building something on Hadoop onto AWS. And that was quite challenging, like governance was challenging, security was challenging. [00:04:00] Finding the right set of folks was challenging, and we were basically grappling in the dark, and we were just learning as we go and so on.

But when we talk about multi cloud, purely just two cloud providers, and I'm talking about public cloud, not necessarily private cloud, that amount of, I would say, consternation of moving from an on prem solution to cloud is that much less because these are actually managed services. Yeah. Even if you're leveraging only their infrastructure as a service, that is still a service that you don't have to worry about the nuts and bolts of and just start building on top of that.

I think the challenge when it comes to even just maintaining multi cloud is the truest of sense. You need to have the why, as Simon Sinek would say, on why you're doing it, right? You don't do it for a I would say disaster recovery or business continuity purposes because it's a hard sell. Only do it if there is a business need for it.

If there are customers specifically asking for it and there are dollars that support maintaining multi cloud environment. Because no matter what people tell you, what the vendors [00:05:00] tell you, it is super hard, super costly. And it just drains you. So unless there is some dedicated revenue coming out of maintaining multi cloud environments, please do not venture out.

Ashish Rajan: That's a very well balanced opinion as well. I love that. Also, what are the two public clouds that you guys are in at the moment?

Vivek Menon: We are on AWS and we are at re:Invent and then we're also on Google Cloud. And our digital turbine is in the mobile ad tech business. And so there are other areas of partnership with Google as well for us.

And so it made a commercial sense, business sense to be on GCP as well.

Ashish Rajan: And for people who don't know what mobile ad tech is, what is mobile ad tech industry?

Vivek Menon: Yeah, we do a lot of things with our mobile devices, right? From booting up a device and if it's an Android device, you get recommended what apps to download.

So there is a part that DT plays in that as well. Yeah. So the recommendation engine based on what your preferences are, which apps get shown first versus not, all of that is done through an algorithm and the tech and the algorithm behind that is something that DT plays a part in. That's on what we [00:06:00] call as a first boot monetization.

Yeah. Then there is a continuous stream as well, like any ad that you see on your phone. We just went through a cricket World Cup, I'm a big cricket fan. Yeah. So if you open up that like ESPN Crickinfo and you see a Nike ad, it's the whole aspect of Nike deciding to show me an ad and whether it's going to be a video ad, a banner ad, a static ad.

How long will that all of that is done in a matter of milleseconds. Including the bidding of what Nike would pay Crickinfo. Wow. And all of that ecosystem, the tech ecosystem is something that DT plays a part in. So yeah, we are well embedded. It's one of those things that are not as well publicly known. Yeah. But we are ubiquitous. We are there, and we just like to be like that.

Just play a part and not create a whole lot of fuss. Yeah.

Ashish Rajan: Now that you mentioned there's a lot of ads that are always there, especially with the free apps that you're trying to work with. And specifically in this industry, are you able to share what were some of the reasons for moving to AWS and GCP and what were some of the challenges from a security perspective that you saw?

Vivek Menon: So I'll talk about the [00:07:00] why first. There are customers who specifically talk to us about needs that their environments need. Most customers who would want us to be on AWS will tell us we love the partnership and the services that we get from AWS and we want to leverage that meaning we want a AWS service to talk to an AWS service from our end to your end. And that makes security that much more easier. That makes it much more efficient. And to a large extent, even the cost part of it that much more predictable. And then similarly, Android is a big ecosystem. And most people in the US don't realize it as much because we are, iOS has a pretty big following in the US.

But in the rest of the world, Android plays an outsized role. Especially in the developed world. And so for example, like DT is a first party firmware on about roughly 800 million devices, Android devices, right? So if you're an Android, let's say you're a game developer and you develop games for Android, you would say, Hey, I would like some of the features that you guys are exposing to [00:08:00] us to be on a GCP service, right?

Because again, security costs, predictability, talent as well, all of those things. So that's the why behind it. In terms of purely security best practices, I have a whole list of things that I can go through, I love this framework people process technology, so I leverage that to answer your question on the people front, no matter what people tell you, do not have multi cloud skilled engineers.

No, that's a mirage. That's a mirage because if that person exists or if that group exists, one, it's hard to hold on to them. And two, like it's going to get really expensive, really fast. Or for having

Ashish Rajan: the person in The talent. Yeah, the talent. Oh wow. Yeah. Okay.

Vivek Menon: So it's on paper. It sounds great. Yeah.

That the resources are fungible. They'll solve a Google problem today, they'll solve a Amazon problem tomorrow and so on. Sounds good. But does it work that well in a practical manner? I wouldn't say so. And this is just me talking as a practitioner, right? Yeah. Yeah. I would say have dedicated teams.

You can rotate them in and out [00:09:00] so they gain knowledge of the other cloud. Oh but just have dedicated teams who are really good at what they do. Yeah. Whether that's AWS. Or whether it's GCP, just stick to those boundaries that's on the people front. Yeah. The skill shortage is somewhat more, I would say, intense on the GCP side.

Very hard to find really skilled GCP security engineers, whether that's here in the US or elsewhere. So building that skill set in house is super important. Yeah. So if we have to spend time and money getting that, getting to upskill people. Yeah. On GCP, please do so because it becomes hard to fill that need otherwise.

So that's on the people front. I would say process front having consistent security policies implemented across both clouds. is super important, but also hard. Yeah. Most companies would start off with one cloud first, and then they would migrate or, try to build new features and services on the other cloud.

Take the learnings from the first cloud experience that you have from a policies point of view, and make sure that you[00:10:00] do a better job of it on the other cloud. Yeah. We have a term called Customize and Synchronize. Meaning if we customize something on one cloud, we have to synchronize that with the other cloud.

Okay. Because what happens is if you don't customize, then you have bespoke solutions for let's say AWS and bespoke for GCP. And then you start diverting. Yeah. And that is where not having a common team hurts you. Because my teams are dedicated and a common team would know, okay, I made this change here.

So that is why, and I didn't make it in GCP. So maybe that's why it's behaving differently. But if the teams are separate, they would not know that. And so I would say have a really robust process to customize and synchronize policies. It's super important. On the tech part, IAM and misconfigurations are the biggest bane of any security team.

And when I say IAM I can speak in a small to medium size. So you have, a large public firm and a larger firms have dedicated teams and so on. But small firms tend to rely on cloud IAM as [00:11:00] their identity provider instead of building out a full AD and active directory and so on.

Active directory based authentication and authorization, they tend to rely on the IAM services that clouds provide. So if you start off on let's say Google cloud, and now you're saying, let me build some services on AWS because a customer needs it. You're stuck having Google as the identity provider. You can go through a rigmarole and have still have Google authenticate you while you access AWS but obviously there are some security features that don't talk, between them as well. Yeah. So if there's ever a plan to be multi cloud, do not tie yourself to a cloud IAM solution of a public cloud rather. And have an IDP, an identity provider that's outside.

Ashish Rajan: That's independent of the two.

That's independent of the two. That way you can have your access control at a central place, identity management at a central place. It doesn't matter if you add a third public cloud tomorrow. You should still be able to and to your point about customise and synchronise. If I have made, I don't know, just making an example here, this is the team [00:12:00] finance.

This is the kind of role they have in AWS. A similar role exists for them in GCP. And obviously, this is a very specific example that I'm coming up with. But it just could be the fact that scaling becomes an easier option at that point in time, even with individual teams.

Vivek Menon: Absolutely. And you're bringing up a good point.

Scalability, as your teams grow, as your services grow, it's important to have that independent identity provider. So that you're not like, tied to the hip with any particular public cloud. Yeah. I'll tie it back or I'll close off the IAM point by going back to what I said previously. Take your learnings on how you implemented IAM on the first cloud and bring that to the second cloud.

Yeah. First, all clouds behave differently when it comes to identity. Some do better, some do worse. But there will always be some learning on how you implemented it on the first cloud. And make sure you bring that, and you fix some of those mistakes on the second cloud. I'll close off the IAM topic at this point.

Misconfigurations. We are at re:Invent. If you go to the Expo, there are like hundreds of tools just focusing on misconfigurations, [00:13:00] right? But the bane of all of this is essentially inconsistent policies. And inconsistent implementation of what we think we should be implementing. Yeah.

And even if the tools tell you where you have gone wrong from a configuration point of view, you still have to fix it. Yeah. And most teams don't have the, either the technical wherewithal or the resources themselves to go fix it. So if you're going multi cloud, make sure that the configuration piece is understood and well tied in, I would say invest in a good architect up front so that when you're building out the second public cloud, you have invested time and money up front and getting all the configurations right.

So that it is not like an afterthought, if you think that I'm going to take a expert from one cloud and just plonk them into the other cloud and say, now go do what he did here. That wouldn't work. And I would say even the best of talented engineers would say, if I'm good in one cloud, don't assume that I'm good in the other cloud.

And so that's another learning that I have.

Ashish Rajan: Would you say, [00:14:00] because I imagine a lot of people have gone down the path of going multi cloud without doing the misconfiguration piece before, and maybe they have individual teams at this point in time where one for AWS, one for GCP, if I use that example, misconfiguration across the board Because you have the rotation thing that you spoke about, which I thought was very interesting.

Because I think a lot of people look at this going, Oh, if I rotate my staff to what you said today, say for example, I'm GCP, you're AWS, next week or month later, or whatever, when we rotate back, I'm learning something completely new. And with configuration in GCP, would not be the same as configuration AWS.

It's not a one to one match as well. So is there a learning there as well from a technology perspective as well? Where would you advise people to start building internal tools for this? Because I think there's a challenge of how many custom misconfiguration rules can I actually have as well. So how do you manage that?

Vivek Menon: Yeah, so that's an interesting question. Again, I'll take a lens off a relatively smaller firm because, before this, I was with JP Morgan [00:15:00] Chase and CapitalOne those are companies with, multiple resources at their disposal. So they can create or stand up independent teams focused on these problems because it's a big enough deal for them.

They can come up with their own, internal solution. What we have done and what I've seen some of my peers have done across the spectrum is they're leveraging as best as they can single pane of glass tools. So we have a tool like, we, from a cloud security posture management point of view, or even from a CNAPP point of view, we leverage tools that gives us a visibility across both AWS and GCP. Okay. And while that, those kind of tools are quite mature now, what we have done over on top of that is we have partnered with a startup that is still in the stealth mode, but they are able to give us context and governance. So what they're doing is they're taking the data that these CSPM providers have.

We have given them access to our AD, to GitHub, to our repositories, our CI CD pipelines. And they're able to see what has changed in the CI CD pipeline. What has changed [00:16:00] from an AD point of view. Have the repos been republished and so on. And then what is the impact of that on cloud assets?

Whether it's misconfigurations, because, one junior developer changed something in the pipeline and that was pushed through into production. We didn't realize it at that point, but the configurations are all right in production now. The CSPM tools will tell you the configurations are off, but it won't tell you why.

And so you have to go back and figure it out. But now with this tool that we're partnering up with, we're able to get some of those insights. The point being that do not think that you can do it all by yourself. Or have customized solutions because most firms do not have the time and money for it.

And there are, security is a pretty exciting space when it comes to innovation. And there are startups like the ones that we are partnering with. We give them the playground, so to speak, on figuring out whether their solution meets the needs of a customer. And we get to work with somebody who is innovating in a space.

Where, there's not a lot of mature tools, so to speak. And just to finish off on the POC [00:17:00] that we are doing, this is from a founder and a company that previously sold their product to McAfee. So there is a high level of confidence that, the team behind it is actually going to be, is pretty good and they know what they're doing and so on.

So if this turns out to be great, like from a solution point of view, then, we have a partner for the long term.

Ashish Rajan: Yeah. And also to what you said, because that going back to the team example, if today I'm working on GCP I know exactly where the change happened thanks to the context I've already provided.

The learning curve is not that high for me to quickly get to which team am I talking to resolve this. Versus, oh, I have to dig through this Trojan horse of logs to find out where and what changed. Another thing that he called out, which is really interesting. I love the policy aspect as well that he called out from a process perspective, customized and synchronized.

In terms of people who are probably looking at this and going, okay, I'm a small to medium sized business. I'm obviously someone who's never had an on premise world. Is there a good starting point for people just from a policy perspective when they are, say, in GCP and AWS trying to go on to multi cloud already?

[00:18:00] Is there something that you find that works primarily for people who are digital or cloud first kind of companies?

Vivek Menon: I would say if you're just starting off, the default policies that these cloud providers have, they get you 80 percent of the way there. The customization that you would have to do is a journey in itself.

It's not that on day one, all of the requirements are clear to you, and you know exactly where to customize. Yeah. That customization happens as you mature on whatever cloud you are on. But starting off with the custom policies is more than enough, right? And I know I'm harping on this a little bit, but as a company that, small to medium sized firms, like they don't have the resources.

So 80 percent is good enough. It's a fantastic start. Don't worry about being precise. When you mature, the maturity on the policies and how the tooling of the cloud will come by itself. So don't beat yourself up that you don't have all the policies laid out on day one. It's just a journey.

Ashish Rajan: I think one final question.

I know you are working on AWS and GCP. Now that you've seen [00:19:00] both lenses as a CISO, from a security perspective, how do you compare the maturity of the two space of between AWS and GCP at the moment?

Vivek Menon: Yeah public knowledge like AWS has been on this journey for quite a few more years than the other two providers, purely from a security point of view some of the acquisitions that Google has made to strengthen their security features they've worked out pretty well from my vantage point, they acquired Mandiant, they acquired Chronicle and so on. The way they're bringing that together and making it as a feature that most of the customers can leverage definitely helps them stand out in the security space.

Obviously, when you choose a cloud provider, there are a lot of other aspects that go into it. There's a commercial aspect, viability, hosting charges, etc. But just from my vantage point as a security person, I think Google has an edge right now, given some of the work they've done in the last few years.

Yeah. I may also want to add that, bringing in sort of the data part of my profile, BigQuery is a big differentiator, pun intended, in how data can be leveraged in a much [00:20:00] more efficient manner. Yeah. And I think that is also where a little bit that the GCP has the edge over. So it's come a long way since Hadoop days.

Oh, a hundred percent. A hundred percent. Like Hadoop is so passe that no one even talks about it.

Ashish Rajan: Fair enough. Cause now to your point, BigQuery is like almost synonym with the data. Anyone who has a big data project, they all talk about BigQuery as well. Are there any specific examples from a security perspective that you can think of for the people who are watching this?

Obviously this is current point in time that makes the security of GCP stand out for you?

Vivek Menon: I would say the security operations piece. Okay. Google has been known to collect hoards and hoards of data and be able to cultivate it and massage it to an extent where it starts making sense.

Yeah. And they have brought that same mentality to security as well. Going back to what I was saying like security is essentially data. Yeah. If you're able to collect all of the data collated and make sense of it, then your life becomes that much more easier as a security professional. Google is able to fall back on to what they do on the search engine side and how they collect [00:21:00] it, how they store it, how they optimize it for reporting and so on. And all of that translates into a tool such as BigQuery, which helps security as well. And they have reporting and features that we leverage to a certain extent that allows us to be that much more thorough in how we approach our security problems.

Awesome.

Ashish Rajan: So one final question to wrap this up as well. If any CISO watching this are listening to this who is thinking of a cloud security strategy roadmap for 2024. For people who are small to medium-sized businesses at the moment, have a CISO, maybe two scenarios.

One that is just dropping into a world where there's GCP and AWS no team and another scenario where there is AWS Security Team and a GCP Security Team. What would you say some of the things maybe starting with the first one, where no team at all, what would you have some of the suggestions that would you would make to people to consider to put in their cloud security strategy?

Vivek Menon: So let me understand the scenarios first. So you said no team in the first scenario. So basically a blank slate?

Ashish Rajan: Yeah. So I started the company today, [00:22:00] but I just was AWS GCP. Now I've been told, Hey, security is important. I need to hire Vivek ASAP. Yep. Vivek has been dropped into a company with AWS GCP, no team,

Vivek Menon: Virik is the first person.

In the first scenario, I would say, and I mentioned this a bit previously as well, find the best security engineer that you can find and don't worry about the AWS versus GCP part. Okay. Because having somebody with both the skills is It's like nearly impossible only because those kind of skill set and resources are pretty scarce, right?

So find the best security engineer and then work your way through it from a best practices point of view. I would say leverage what you know of what each of these clouds do well. AWS the scalability and reliability is pretty awesome. And so leverage those aspects to build a solution on the security front, as a security professional, you're also responsible for business continuity and disaster recovery.

And I think AWS does a pretty bang up job of it. On the Google front, as we were just talking on the previous question, their security processes are a little bit more mature, given their [00:23:00] background and what they've done in the last few years. So leverage those aspects as you're trying to build out your security team there, but yeah, keep them separate.

Even if the teams are small, having dedicated resources are that much more better. And then, customize and synchronize. If you customize anything in one cloud, ensure that the policy synchronization exists on the other end as well.

Ashish Rajan: And now that you've scaled up to two teams, after you've done the basic foundation, what are some of the challenging pieces that they can look at?

I guess, what's the next frontier to go?

Vivek Menon: Yeah, I think the next frontier is monitoring. Okay. Super hard, everyone talks about having a single pane of glass. But just keeping up with how the assets get spun up and terminated and spun up again, that in itself is a task. So to monitor them effectively, ensure that none of the misconfigurations or incidents or IAM misalignments happen is hard.

But that is where the next level of maturity comes for these teams. I'm assuming that they have taken care of all the identity part of it. I'm assuming that they are, synchronizing the [00:24:00] policies. The next step on the maturity journey is monitoring effectively and being able to respond relatively quickly on either of those clouds.

Because, sometimes depending on the resources you do well on one versus another, but that's the next step. Oh,

Ashish Rajan: okay. Is this some advice for people who are probably working on monitoring for the two clouds?

Vivek Menon: There are tools out there from a CSPM, CNAPP point of view that do it for you. But the tools are just a means to an end.

You need to be good at that tool itself to ensure that all of your assets are being covered. The biggest mistake that I see people make. And it's a journey for us as well at DT is ensuring that you have full coverage of the assets that you own. Oh, like relying on the tool to say the tool is doing it.

It's just magic. It just happens in the background. Yeah that's a fool's errand. Actually, you have to be really diligent and somebody who understands the security operations work really well to be full time monitoring whether all the assets are being captured and be monitored. And then comes the aspect of, responding if there is an incident or a [00:25:00] misconfirmation.

Awesome.

Ashish Rajan: That's actually a great advice. Thank you so much for sharing that. I've got three fun questions for you. Sure. First one being, what do you spend time most on, when you're not doing this technology cloud thing?

Vivek Menon: Yo, so I'm a big sports fan. You guys are from UK. I'm a big Arsenal fan.

Oh, nice. Sorry, I'm a Chelsea fan. And to be fair, I'm not a recent fan. I've lived through some of the pains. Oh, okay, fair enough. Like 20 years. So I love sports, grew up watching a lot of sports and, I'm trying to pass it on to my son as well. Outside of that, we travel quite a bit.

I have traveled to close to about 50 countries. Wow. I have this thing in me that I want to do 100 before I cannot travel anymore. And again, this is something that, we do well as a family. So we have been to quite a few places. That's awesome.

Ashish Rajan: And maybe the next question is, what is something that you're proud of, but that is not on your social media?

I

Vivek Menon: can speak six languages. Wow. I, which ones read? Write five of them. So obviously English, I can speak Hindi. I grew up in Mumbai, so I can speak Marathi my mother tongue or it's the language I do speak at home is Malyalam. And [00:26:00] then because of Malyalam I can speak Tamil and I can speak Gujarati as well.

Ashish Rajan: How do you link Malyalam and Gujarati?

Vivek Menon: That's why Gujarati is because if you grow up in Mumbai, it's like a second language. Oh, a lot of Gujaratis

Ashish Rajan: I'm like going that's two other extreme. Okay. Oh, that's pretty awesome man. And my last question.

Vivek Menon: What's your favorite cuisine or restaurant that you can share? As a family, we tend to like Thai quite a bit.

Nice. It's a good combination of like Indian cuisine and the exotic East Asian cuisine. And being originally from Kerala, I love anything that has It's a coconut base to it and , most Thai dishes have a coconut base to it. So I think that's our calling. Awesome.

Ashish Rajan: I'm going to add a fourth question because I think you've maybe out of the 50 countries you've traveled to, which one stood out for you?

Vivek Menon: Ooh, that's a tough one. And it's something that I've thought about quite a bit as a family. We have loved Switzerland, we have done it a few times and yeah, like the way of life. The quality of life. It's everything is so pristine. It's almost postcard ish. I know it's cliched, but it is.

If you go to Oh, it is that good? It is that good. Even the cities are so well done. If there is [00:27:00] life, then this is it.

Ashish Rajan: Awesome. Now, dude, thank you so much for sharing that. I'm going to add Switzerland to my country to do in 2024 though. Thank you so much for coming on the show. Absolutely. It's been a pleasure.

Where can people find you on the internet? They want to connect with you, man.

Vivek Menon: On LinkedIn, for sure. I don't do Twitter or, other social media. So it's all in LinkedIn. Awesome.

Ashish Rajan: You don't like the other social media drama.

Vivek Menon: I went off of it like a few years ago. I felt it was too much noise.

So I am just sticking with Linkedin

Ashish Rajan: Awesome. I'll put that in the shownotes as well. Thank you so much for joining the show and I will see you next episode. Thanks everyone. Thank you.

More Videos