DSO Overflow

Follow DSO Overflow
Share on
Copy link to clipboard

If you can't wait until the next DevSecOps - London Gathering then this podcast will be an interim boast. This podcast captures interviews and discussions with people involved with factoring security into their delivery.

Michael Man


    • Jan 31, 2025 LATEST EPISODE
    • monthly NEW EPISODES
    • 43m AVG DURATION
    • 45 EPISODES


    Search for episodes from DSO Overflow with a specific topic:

    Latest episodes from DSO Overflow

    S5Ep1 - Securing the Software Supply Chain with Francois Proulx

    Play Episode Listen Later Jan 31, 2025 48:14


    DSO Overflow S5EP1Security the Software Supply ChainwithFrancois ProulxIn this episode, featuring Francois Proulx, a senior product security engineer, we discuss software supply chain security, particularly the security of build pipelines and dependencies. Francois shares insights on defining supply chains, identifying vulnerabilities, threat modeling, and strategies to improve security. The conversation explores topics like the SALSA framework, risk factors in CI/CD pipelines, and reducing complexity in dependencies. The discussion emphasizes threat awareness, holistic approaches, and the importance of isolating critical processes in software development. Practical tools and insights on research and AI's role in security were also touched upon.Resources mentioned in this podcast:Francois' LinkedIn profileBoost blog siteBoost on GitHubSLSA websiteDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud, Tigera and ApiiroYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacregg

    S4Ep10 - Threat modelling with Ashley Ward

    Play Episode Listen Later Dec 6, 2024 46:32


    DSO Overflow S4EP10Threat ModellingwithAshley WardIn this month's episode, Steve and Glenn chatted with Ashley Ward to discuss topics around threat modelling.Ashley is a highly experienced CTO at ControlPlan with expertise in cloud-native architectures and cybersecurity, known for leading transformative initiatives across startups and large enterprises, including as Group CTO for a €4.5 billion company. He excels in scaling organisations through agile, FinOps, and DevSecOps, while inspiring teams and engaging with stakeholders at all levels. As a Justice of the Peace since 2017, Ashley brings additional strengths in decision-making, public speaking, and community-focused leadership.In this episode of DSO Overflow, Ashley Ward, CTO at Control Plane, discusses threat modelling in cloud-native environments, security challenges, and the impact of emerging technologies like AI. Ward explains that threat modeling should start with existing knowledge and highlights the benefits of collaborative, iterative approaches. He emphasises involving various teams in the process to account for application, platform, and infrastructure layers. Ward also discusses practical frameworks, such as the CIA triad and STRIDE, and points out the specific challenges in cloud-native threat modelling, like microservices and fast-paced release cycles. Regarding AI, he cautions about the heightened risks, as AI democratises hacking capabilities. Ward advocates for using AI thoughtfully in threat modelling and encourages companies to adopt proactive security strategies. He concludes by encouraging organisations to embrace threat modelling as an evolving, essential practice.Resources mentioned in this podcast:Ashley Ward's LinkedIn profileControlPlane websiteDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud, Tigera and ApiiroYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacregg

    S4Ep9 - Open Source Integrity with Luke Hinds

    Play Episode Listen Later Nov 19, 2024 41:29


    DSO Overflow S4EP9Open Source IntegritywithLuke HindsIn this month's episode, Jessica and Glenn chatted with Luke Hinds to discuss topics around Open Source integrity and provenance.Luke is a co-founder and the CTO at Stacklok who loves building open source software and communities, as well as leading talented engineering teams to develop innovative cutting edge security technologies at scale.In this episode, Luke talks about the challenges of ensuring open source software integrity and provenance using cryptographic technologies and automated signing of software within the CICD pipeline using a non-profit software cryptographic signing service. He talks about managing developer expectations and how security should enable software development. We briefly discuss the dangers of putting too much trust into AI and the data that supports GenAI models.Resources mentioned in this podcast:Luke Hind's LinkedIn profileStacklok on LinkedInStacklok's websitesigstore on LinkedInsigstore websiteslsa websiteMinder websiteMinder on GitHubDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud, Tigera and ApiiroYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacregg

    S4Ep8 - Cloud Native and Kubernetes with Steve Wade and Michael Foster

    Play Episode Listen Later Oct 22, 2024 51:15


    DSO Overflow S4EP8Cloud Native and KuberneteswithSteve Wade and Michael FosterIn this month's episode, Steve met with Steve Wade  and Michael Foster to talk about the  Cloud Native Club and new and future developments in Kubernetes.Steve Wade founded The Cloud Native Club, a global community for cloud-native enthusiasts. He is also a maintainer of the Flux Terraform Provider. As an experienced conference speaker, independent cloud-native consultant, and trainer, Steve shares his expertise worldwide. He has held platform leadership roles across various industries, including real estate, gaming, fintech, and the UK Parliament. With a BSc in Computer Science, Steve is passionate about cloud-native software development and distributed computing.Michael Foster regards himself as a passionate tech enthusiast and open-source advocate with a multidisciplinary background. Understands the importance of community and being a good communicator. Great problem solver, quick thinker, constant learner, and someone who is process-orientated. Able to conceptualize, coordinate, and implement by paying attention to detail while seeing the big picture. I am continually working to bridge the gap between tech and business.In this episode, Steve Wade introduces his new community called the Cloud Native Club while Steve Giguere and special guest host Michael Foster (Red Hat) introduces The State of Kubernetes Security report as an anchor to pick Steve Wade's brain on everything from how we secure cloud native to AI's influence on Kubernetes now and in the future.Cloud Native Club:The Cloud Native Club is a global community I founded in July 2024, dedicated to connecting cloud-native enthusiasts from all walks of life, no matter where they are in the world. Inspired by my journey transitioning from a football career to the tech industry, I quickly realised the immense value of community in fostering growth and success. However, I also saw that many people, especially those in remote areas, lacked access to the supportive networks that can be crucial for learning and development. The Cloud Native Club was created to bridge that gap. It's a place where anyone—from beginners to seasoned professionals—can come together to learn, share, and grow in the cloud-native space. Through our forum, weekly hangouts, and YouTube series like "My Journey" and "Project Spotlight," we aim to make cutting-edge cloud-native knowledge accessible to everyone while fostering a strong, supportive, and inclusive community.Resources mentioned in this podcast:Steve Wade's LinkedIn profileSteve Wade's Twitter profileThe Cloud Native Club on LinkedInThe Cloud Native Club on TwitterThe Cloud Native Club on YouTubeMichael Foster's LinkedIn ProfileDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud, Tigera and ApiiroYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDev

    S3Ep7 - Managing the risks that really matter with Sam Watkins

    Play Episode Listen Later Sep 16, 2024 39:25


    DSO Overflow S4EP7Managing the risks that really matterwithSam WatkinsIn this month's episode, Glenn and Jessica speak with Sam Watkins to talk about a new paradigm for managing risks.Sam Watkins is an accomplished engineer working at BT in the UK. Sam is driven by a passion for driving change through the implementation of technological solutions, possessing the expertise in impacting organisational capability and performance, catering to business needs by early adaption of futuristic technological trends, and enabling organisations to meet the business needs.In this episode, Sam reveals to Jess and Glenn the exciting work she is doing at BT, a major telecommunication company in the UK to improve the organisation's application security posture. You will hear Sam talk about challenging the current paradigm of managing vulnerabilities to a paradigm of managing weaknesses. Sam discusses the risks that really matter while remaining empathetic to the needs of everyone within the organisation including compliance, engineering and risk management.Resources mentioned in this podcast:Sam's LinkedIn profileSam's personal websiteCommon Weakness EnumerationDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud, Tigera and ApiiroYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

    S4Ep6 - Security in front-end application development with David Mytton

    Play Episode Listen Later Jun 13, 2024 44:38


    DSO Overflow S4EP6Security in front-end application developmentwithDavid MyttonIn this month's episode, Glenn speaks with David Mytton to talk about how to make sure front-end development is secure.David Mytton is the CEO of Arcjet, a devtools software startup that helps developers protect their apps. He also writes the weekly Console.dev devtools newsletter which helps developers find the best tools.He's an angel investor in >30 early-stage developer-first startups and is working towards an Engineering Science PhD in sustainable computing at the University of Oxford. His research has been featured in The Times, WSJ, Financial Times, Fast Company, Computer Weekly, and Sky News..In this episode, David and Glenn cover the main security challenges and security hygiene affecting front-end application development. They discuss a broad range of topics including software dependencies, input validation, securing environment variables, and many other security related topics that all developers should consider when developing front-end applications.Resources mentioned in this podcast:David's LinkedIn profileDavid's blogConsole.devDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud, Tigera and ApiiroYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

    S4Ep5 - LLMs and GenAI with John Boero

    Play Episode Listen Later May 17, 2024 38:36


    DSO Overflow S4EP5LLM and GenAI securitywithJohn BoeroIn this month's episode, Jess and Glenn speak with Field CTO at TeraSky John Boero to talk about LLMs and GenAI.John lives in London and has 20 years in the IT industry developing and consulting for Red Hat, Puppet, HashiCorp, and more with emphasis on performance and security.In this episode, John talks about the inherent risks of using LLMs and GenAI and provides some hints on how to benefit from using them effectively. He discusses the technical details involved in LLMs to give listeners a better understanding of what's under the hood of GenAI models.Resources mentioned in this podcast:John's LinkedIn profileTerraSky's websiteDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud, Tigera and ApiiroYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

    S4Ep4 - IoT, AI and DevSecOps with Darren Richardson

    Play Episode Listen Later Apr 9, 2024 34:07


    DSO Overflow S4EP4IoT, AI and DevSecOpswithDarren RichardsonIn this month's episode, Jess and Glenn speak with networking graduate, security enthusiast, coder and giant with a great bushy beard Darren Richardson from Eficode.Darren is an IT graduate specializing in system administration, network operation and information security with experience in Cisco IOS operation and network management. He has a passion for information security with a bias towards offensive security and ethical hacking.In this episode, Darren talks about the inherent security challenges of using IoT devices, and discusses the intersection of AI and DevSecOps and how AI is changing the way we do DevOps.Resources mentioned in this podcast:Darren's LinkedIn profileEficode's websiteDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud, Tigera and ApiiroYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

    S4Ep3 - Paving the Road to Effective Software Development with Sarah Wells

    Play Episode Listen Later Mar 11, 2024 43:50


    DSO Overflow S4EP3Paving the Road to Effective Software DevelopmentwithSarah WellsIn this month's episode, Jess and Glenn speak with Sarah Wells an independent tech consultant, author formerly the Technical Director for Engineering Enablement at the Financial Times to talk about how to balance developer autonomy with standardisation.Sarah is a technology leader, consultant and conference speaker with a focus on microservices, engineering enablement, observability and devops. She has over 20 years experience as a developer, principal engineer and tech director across product, platform, SRE and devops teams.She spent over a decade at the Financial Times, leading as it transformed into a true cloud native organisation, releasing code 250 times as often and embracing autonomous empowered teams.In this episode, Sarah shares her experience of transforming a software devlivery programme throgh balancing autonomy with standardisation. She discusses how she moved from monthly releases to multiple releases a day bringing focus, flow and joy to the organisation's engineering community.Resources mentioned in this podcast:Sarah's LinkedIn profileEnabling Microservice Success bookSarah's consultancy websiteDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud, Apiiro, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

    S4Ep2 - Resilient Cybersecurity with Kennedy Torkura

    Play Episode Listen Later Feb 12, 2024 43:02


    DSO Overflow S4EP2Resilient CybersecuritywithKennedy TorkuraIn this month's episode, Steve and Glenn speak with Kennedy Torkura from Mitigant to talk about how to build cyber resiliency into your organisation.Kennedy is a cybersecurity professional, CTO and co-founder at Mitigant who specialises continuous security verification and making cybersecurity resilience a first-class citizen in the cloud. Kennedy holds a doctorate in cybersecurity whose thesis covers continuous security paradigms in cloud-native infrastructure. He is also a contributor to the book Security Chaos Engineering released in 2023.In this episode, Kennedy talks about security chaos engineering and how to build security resilience into your organisation. He tells us wha security security chaos engineering (SCE) is, how to start with SCE, and how SCE builds resilience. We also discuss the concepts around detect and respond and how cyber attack emulation creates a more cyber resilient mindset.Resources mentioned in this podcast:Kennedy's LinkedIn profileKennedy's Mitigant blogKennedy's MediumMitigant.ioSecurity Chaos Engineering (book)Netflix Chaos MonkeyDSO Overflow with Aaron Rinehart and Kennedy TorkuraDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud, Apiiro, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

    S4Ep1 - Contract First Development with Holly Cummins

    Play Episode Listen Later Jan 9, 2024 41:28


    DSO Overflow S4EP1Contract First DevelopmentwithHolly CumminsIn this month's episode, Steve, Jess and Glenn speak with Holly Cummins to talk about how to API contracts and Contract First Development.Holly Cummins is a Senior Principal Software Engineer on the Red Hat Quarkus team and a Java Champion. Over her career, Holly has been a full-stack javascript developer, a WebSphere Liberty build architect, a client-facing consultant, a JVM performance engineer, and an innovation leader.  Holly has used the power of cloud to understand climate risks, count fish, help a blind athlete run ultra-marathons in the desert solo, and invent stories (although not at all the same time). She gets worked up about sustainability, technical empathy, extreme programming, the importance of proper testing, and automating all the things. You can find her at http://hollycummins.com, or follow her on socials at @holly_cummins(@hachyderm.io)Resources mentioned in this podcast:PactMicrocksMore on Quarkus' Pact support (and contract testing in general)A nice introduction to ‘contract-first' app development, with a deeper discussion of an ‘ideal' lifecycleSam Newman's book (Building Microservices)Holly's coordinates:Mastodon: https://hachyderm.io/@holly_cumminsLinkedIn: https://www.linkedin.com/in/holly-k-cummins/X/Twitter: https://twitter.com/holly_cumminsHolly's site: https:// hollycummins.comDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud, Apiiro, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

    S3Ep12 - The World of OWASP with Sam Stepanyan

    Play Episode Listen Later Dec 4, 2023 47:38


    DSO Overflow S3EP12The world of OWASPwithSam StepanyanIn this month's episode, Steve and Glenn speak with Sam Stepanyan who was recently voted onto the OWASP board. Sam tells us about his involvement with OWASP, the origins of OWASP,  and what the future hold for OWASP.Sam is an OWASP London Chapter Leader, elected OWASP board member and an Independent Application Security Consultant with over 20 years of experience in the IT industry with a background in software engineering and web application development. Sam has worked for various financial services institutions in the City of London specialising in Application Security consulting, Secure Software Development Lifecycle (SDLC), developer training, source code reviews and vulnerability management. Sam holds a Master's degree in Software Engineering and a CISSP certification.Resources mentioned in this podcast:Sam's LinkedIn ProfileSam's X (formerly Twitter)OWASP ProjectsOWASP Application Security Verification Standard (ASVS)OWASP Mobile Application SecurityOWASP Low-Code/No-Code Top 10OWASP AI ExchangeOWASP Top 10 for LLMsOWASP CheatSheet seriesOWASP MembershipDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud, Apiiro, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

    S3Ep11 - Storing secrets with Mackenzie Jackson

    Play Episode Listen Later Nov 6, 2023 42:28


    DSO Overflow S3EP11Storing secretswithMackenze JacksonIn this month's episode, Steve, Jess and Glenn speak with Mackenzie Jackson to talk about managing secrets and digital authentication credentials in distributed architectures. In particular, Mackenzie digs into the concepts of secrets sprawl, and how we can keep secrets safe.Mackenzie is currently the developer advocate at GitGuardian, a developer-first cybersecurity company based in Paris that is focused on helping keep secrets and credentials out of source code.Mackenzie is passionate about technology and building a community of engaged developers to shape future tools and systems. As the co-founder and former CTO of startup Conpago, Mackenze understands the importance of solid operational and security foundations in any tech team and the importance of in-depth security processes and policies.Resources mentioned in this podcast:Mackenzie's LinkedIn profileMackenzie's X (FKA Twitter)GitGuardianDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud, Apiiro, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

    S3Ep10 - Private end-points with Jonathan D'Aloia

    Play Episode Listen Later Oct 2, 2023 37:50


    DSO Overflow S3EP10Private end-pointswithJonathan D'AloiaIn this episode, Glenn, Jess and Steve are joined by Jonathan D'Aloia from Adatis to talk about benefits and challenges of using private end-points. Jonathan is a Principal DevOps Engineer at Adatis (part of Telefonica Tech) and is also an Azure Certified DevOps engineer and certified Cloud Solution Architect.Jonathan works with Infrastructure as code languages such as BICEP, Terraform and ARM templates, writes and designs YAML templates to automate the deployment of the Infrastructure as well as pipelines to deploy the code base to these resources.In this episode, Jonathan talks about his journey to Azure certification, the challenges of using public end-points and how private end-points can help overcome those challenges. He also explains some of the pitfalls of using private end-points ensuring our listeners are better informed when they decide to review their end-point security architecture.Resources mentioned in this podcast:Jonathan's LinkedIn profileAzure certification by MicrosoftAdatis (part of Telefonica Tech)DSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud, Apiiro, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

    S3Ep9 - Container Security with Rony Moshkovich

    Play Episode Listen Later Sep 4, 2023 47:42


    DSO Overflow S3EP9Container SecuritywithRony MoshkovichIn this episode, Glenn and Jess are joined by Rony Moshkovich, co-founder & CPO at Prevasio, an AlgoSec company to talk about adopting a container security programme. Rony has extensive experience with cloud platform development, developing cloud-hosted service platforms for companies such as NTT, Symantec, HCL, CA, and more. A true veteran of the antivirus industry, Rony has worked as Development Director and Malware Research Lab Manager for CAHCL and PC ToolsSymantec. Having many years of extensive experience in building and managing security research labs, Rony is a recognised expert in Threat Management and Identity Access Management solutions for various markets.Resources mentioned in this podcast:Rony's LinkedIn profileCloud Native Computing Foundation (CNCF)Prevasio (and AlgoSec company)DSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud,, Apiiro, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

    S3Ep8 - Static Application Security Testing with Nipun Gupta

    Play Episode Listen Later Aug 7, 2023 36:33


    DSO Overflow S3EP8Static Application Security TestingwithNipun GuptaIn this episode, Glenn is joined by Nipun Gupta, a seasoned technology executive, entrepreneur, and speaker to talk about static code analysis, its benefits, its pitfalls and how best to integrate tools into developer workflows.  Based nowadays in London, UK after a decade in Silicon Valley, Nipun has developed a reputation as a thought leader and innovator in cybersecurity at places like NCC Group, Deutsche Bank, and Deloitte. Prior to leading Integrations Product at Devo, he served as the Vice President, Global Cyber Security Strategy & Innovation Lead at Deutsche Bank's Silicon Valley office. Currently serving as the COO at Bearer, a fast-growing static code analysis platform that is redefining what code security can do, Nipun is at the forefront of the DevSecOps revolution, helping companies of all sizes adopt modern approaches to software development and security.Resources mentioned in this podcast:Nipun's LinkedIn profileNipun's Twitter FeedBearer CLI documentationBearer on GitHubBearer on TwitterDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud,, Apiiro, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

    S3Ep7 - Open Source Cloud Security with Matt Johnson

    Play Episode Listen Later Jul 17, 2023 45:08


    DSO Overflow S3EP7Open Source Cloud SecuritywithMatt JohnsonIn this episode, Steve, Jess and I are joined by Matt Johnson, developer advocate at Palo Alto Networks to talk to us about open source cloud security. Matt is a Developer Advocate for all things cloud security and open source at Prisma Cloud (part of Palo Alto). Hobbyist pentester, network and container geek, he specialises in Cloud Infrastructure and developer ecosystem security. Matt introduces us to the Checkov and Yor open source projects and talks about how AI may affect cloud security in the future.Resources mentioned in this podcast:Matt's LinkedIn profileCheckovYorCICD Goat on GitHubKubernetes Goat on GitHubDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud,, Apiiro, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

    S3Ep6 - Notes from Japan with John Willis

    Play Episode Listen Later Jun 19, 2023 46:55


    DSO Overflow S3EP6Notes from JapanwithJohn WillisIn this episode, Glenn is joined by John Willis, DevOps advocate and co-author of the DevOps Handbook to talk about our recent trip to Japan in which we visited a number of organisations to gain an understanding of lean principles. Listen to John as he shares his views of the trip and what he learned about quality, community, society and of course, Deming.Resources mentioned in this podcast:John's LinkedIn profileJohn's Profound Deming blogJohn's lates book on DemingThe DevOps HandbookDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud, Apiiro, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

    S3Ep5 - Workload authentication and authorisation using SPIFFE and OPA with Charlie Egan

    Play Episode Listen Later May 30, 2023 46:27


    DSO Overflow S3EP5Workload authentication and authorisation using SPIFEE and OPAwithCharlie EgainIn this episode, Steve, Jess and I are joined by Charlie Egan, developer advocate and Styra to talks to us about using SPIFFE (Secure Production Identity Framework For Everyone) and OPA (Open Policy Agent) to authenticate and authorise workloads. Charlie explains what SPIFFE is, how to start using it, and the challenges it helps organisations overcome.Resources mentioned in this podcast:Charlie's LinkedIn profileSPIFFEOPADSO Overflow S1Ep7 on Open Policy AgentDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud,, Apiiro, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

    S3Ep4 - The 'Man' Who Started It with Michael Man

    Play Episode Listen Later Apr 3, 2023 47:41


    In this episode, Steve, Jess and Glenn met with Michael Man, the founder of the DevSecOps London Gathering and this podcast, to chat about how it all started and the principles and philosophy of the Gathering. We reminisce about some key moments as well as discussing Michael's decision to step down from running the events and the podcast.We hope you enjoy listening to this episode as much as we enjoyed recording it.DSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.Michael's LinkedIn ProfileThis podcast is brought to you by our sponsors:  Prisma Cloud,, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

    S3Ep3 - Leveraging Systems Thinking with Simon Copsey

    Play Episode Listen Later Mar 6, 2023 47:52


    DSO Overflow S3EP3Leveraging Systems ThinkingwithSimon CopleyIn this episode, Steve, Jess and I are joined by Simon Copsey who talks to us about taking a systems thinking approach to improving organisational performance. He tells us among other things, about challenging assumptions, identifying, understanding and managing constraints, and how important it is to recognise cognitive dissonance.Resources mentioned in this podcast:Simon's LinkedIn profileCurious Coffee ClubGoldratt's Rule of FlowThe Unicorn ProjectThe GoalDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud, Contrast Security, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

    S3Ep2 - Cloud Security with Paul Schwarzenberger

    Play Episode Listen Later Feb 6, 2023 49:26


    DSO Overflow S3EP2Cloud SecuritywithPaul SchwarzenbergerIn this episode, Steve and I are joined by Paul Schwarzenberger who talks to us about cloud providers, cloud security and an OWASP project he has recently started working on. We hear about Paul's journey into cloud security, his views on certification programmes, and he warns us of the security traps that await us when working with cloud technologies.Resource mentioned in this podcast:OWASP 2023 Global AppSec in DublinOWASP Domain Protect projectPaul's LinkedIn profileDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud, Contrast Security, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

    S3Ep1 - CVE, CVSS and the Land of Broken Dreams with Francesco Cipollone

    Play Episode Listen Later Jan 16, 2023 48:56


    DSO Overflow S3EP1CVE, CVSS and the Land of Broken DreamswithFrancesco CipolloneIn this episode, Steve and Glenn are joined by Francesco 'Frank' Cipollone CEO and Founder of AppSec Phoenix. Frank talks about CVEs, CVSS scoring and how they create too much noise to be effective in helping organisations improve their security posture. We hear Frank speak about contextualisation and risk as a means to improve security within your organisation.Resource mentioned in this podcast:AppSec Phoenix websiteFrank's Cyber Security and Cloud PodcastWhitepaper on vulnerability managementDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud, Contrast Security, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

    S2Ep5 - Security Differently with Mario Platt

    Play Episode Listen Later Sep 12, 2022 49:00


    DSO Overflow S3EP5Security DifferentlywithMario Platt from LastPassIn this episode Glenn Wilson and Steve Giguere sit down with Mario Platt to discuss how the current paradigm of doing security is not working. Taking lessons from how safety is managed within a physically demanding role, Mario examens why compliance is failing and how we need to build a new model based on resilience.Resources mentioned in this podcast:Mario's presentation given at DSO LG in May 2022Rasmussen paper Rasmussen, J. (1997). Risk management in a dynamic society: A modelling problem. Safety Science, 27(2-3), 183-213Dekker, S. (2015)”Safety Differently - Human Factors for a new era”, Ashgate PublishingDecluttering your security management systemRasmussen's Systemic Risk Modelling and Cyber SecurityWhy our security policies are a business liability and what to do about itDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

    S2Ep4 - Cloud Security @ Large with Ashish and Shilpi

    Play Episode Listen Later Sep 2, 2022 50:31


    DSO/Overflow S2EP4Cloud Security at LargewithAshish Rajan and Shilpi Bhattacharjee from the Cloud Security Podcasthttps://cloudsecuritypodcast.tv/https://twitter.com/cloudsecpod?lang=enhttps://www.youtube.com/c/CloudSecurityPodcast?sub_confirmation=1Watch on YouTube: https://youtu.be/HV6iJReLoXEIn the episode, Jessica Cregg sits with Ashish and Shilpi and breaks the 4th wall about their mega successful Cloud Security Podcast, what advocacy means, and the state of Cloud Security at large.  DSO/Overflow is a DevSecOps London Gathering production.  Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprouthttps://open.spotify.com/show/0XVk0AKg26yLTCMMwkIA7mThis podcast is brought to you by our sponsors:  Prisma Cloud and SysdigYour HostsSteve Giguere: linkedin.com/in/stevegiguereGlenn Wilson: linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our websiteFor more about DevSecOps London Gathering check outhttps://dsolg.com

    S2Ep3 - Or Weis on Modern Authorization

    Play Episode Listen Later Mar 31, 2022 42:09


    In this episode, Or Weis talks to us about Full Stack Permission as a Service, why simplifying access control is crucial to creating secure infrastructure and how the use of access control could facilitate a zero-trust architecture.BIOOr is the CEO and co-founder of Permit.io, and co-maintainer and author of open source OPAL.ac. Or is a serial entrepreneur who is passionate about developer tools, previously founding Rookout.com, a leading production debugging solution; and managing Upwards Israel's largest founders' PLG community. Before becoming a founder, Or worked as a lead engineer in multiple cybersecurity and big data companies, the intelligence corps, as a consultant for the Ministry of Defence, and as VP R&D at Netline CT cyber division.You can reach Or via LinkedIn linkedin.com/in/orweisThis podcast is brought to you by our sponsors:  Prisma Cloud and SysdigYour HostsSteve Giguere: linkedin.com/in/stevegiguereGlenn Wilson: linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website https://dsolg.com

    S2Ep2 - Chris Tomkins and Nathan Skrzypczak on VPP and K8s Calico Data Planes

    Play Episode Listen Later Mar 9, 2022 53:24


    In this episode, Nathan and Chris talk about VPP, Calico, CNI and Service Mesh architecture. We will learn how VPP can enhance security and performance of your K8s clusters and the benefits of using Calico.BiosChris Tomkins - Chris is lead developer advocate at Tigera, where he champions user needs to support Project Calico's users and contributor community. He has worked in networking since 2000. After realising that a per-device CLI is not a scalable solution for a large environment, he took an early interest in infrastructure-as-code approaches and large-scale automation and continues to have a special interest in pursuing technologies in these areas. You can reach Chris on Twitter @tomkinsda and LinkedIn https://www.linkedin.com/in/cdtomkins/ Nathan Skryypczak - Nathan is a software engineering at Cisco focusing on container networking & cloud app performance. After spending some time deploying & scaling web applications he took interest in converting his love for script based infras into cloud native approaches, and now contributes to the building blocks of line rate container networking. He's a maintainer of the Calico/VPP integration, and of the QUIC stack & the cNAT in VPP.You can reach Nathan via LinkedIn https://www.linkedin.com/in/sknatThis podcast is brought to you by our sponsors:  Prisma Cloud and DynaminetYour HostsSteve Giguere: https://www.linkedin.com/in/stevegiguere/Glenn Wilson: https://www.linkedin.com/in/glennwilson/DevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website https://dsolg.com

    S2Ep1 - Nigel Kersten: Accelerating DevOps Adoption

    Play Episode Listen Later Jan 31, 2022 40:25


    Episode SummaryIn this episode, Nigel gives his views on the current state of DevOps adoption, the role of security in DevOps, and gives us some clues from the State of DevOps Report 2021 that will help organisations accelerate their DevOps journey.Nigel's BioNigel is a Field CTO at Puppet where he is responsible for bringing product knowledge and a senior technical operations perspective to Puppet field teams and customers, working on services strategy and representing the customer back into the product organization. He works with many of Puppet's largest customers on the cultural and organizational changes necessary for large scale DevOps implementations. He has been deeply involved in Puppet's DevOps initiatives, and regularly speaks around the world about the adoption of DevOps in the enterprise and IT organizational transformation.Episode LinksState of DevOps Reports:  https://puppet.com/resources/?refinementList%5Btype%5D%5B0%5D=Report&page=1&configure%5BhitsPerPage%5D=18Nigel's LinkedIn: linkedin.com/in/nigelkerstenNigel's Twitter: @nigelkerstenThis podcast is brought to you by our sponsors:  Prisma Cloud and DynaminetYour HostsSteve Giguere: https://www.linkedin.com/in/stevegiguere/Glenn Wilson: https://www.linkedin.com/in/glennwilson/DevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website https://dsolg.com

    EP17: A History of Kubernetes Security with Rory McCune

    Play Episode Listen Later Dec 29, 2021 45:26


    From containers to Kubernetes to cloud, it can be hard enough to keep up with the technologies let alone how to secure them.  Rory McCune was there at the inception.  Starting as a pen tester looking into  containers he has become one of the world's foremost Kubernetes security authorities. In this episode Glenn and Steve talk to him about the early days of containers, the orchestration wars, the first ever Kubernetes CVE and how security chases a technology maturing at breakneck speed.You can reach Rory on Twitter: https://twitter.com/raeseneYour HostsSteve Giguere: https://www.linkedin.com/in/stevegiguere/Glenn Wilson: https://www.linkedin.com/in/glennwilson/DevSecOps - London GatheringKeep in touch with our events associated with this podcast.https://dsolg.comhttps://www.meetup.com/DevSecOps-London-Gathering/https://twitter.com/DevSecOps_LGhttps://www.youtube.com/c/DevSecOpsLondonGathering

    EP:16 Breaking down silos with Stefania Chaplin

    Play Episode Play 30 sec Highlight Listen Later Dec 26, 2021 45:21


    In this episode, Steve and Glenn are joined by Stefania Chaplin to talk about breaking down silos.BioStefania Chaplin's experience within Cybersecurity, DevSecOps and OSS governance means she's helped countless organisations understand and implement security throughout their SDLC. As a python developer at heart, Stefania is always optimising and improving efficiency wherever she goes by scripting & automating processes and creating integrations. Stefania is passionate about DevSecOps and cybersecurity, having spoken at many conferences including; RSA Conference, ADDO, OWASP, JavaZone, Women of Silicon Roundabout, Women in DevOps, DZone and many more. She is also an active member of OWASP DevSlop, hosting their technical shows.You can reach Stefania on Twitter, Instagram, and YouTube with the handle @devstefops, or on LinkedIn https://www.linkedin.com/in/stefania-chaplin.Useful linksDeming's 14 points:   https://deming.org/explore/fourteen-points/Your HostsSteve Giguere: https://www.linkedin.com/in/stevegiguere/Glenn Wilson: https://www.linkedin.com/in/glennwilson/DevSecOps - London GatheringKeep in touch with our events associated with this podcast.https://dsolg.comhttps://www.meetup.com/DevSecOps-London-Gathering/https://twitter.com/DevSecOps_LGhttps://www.youtube.com/c/DevSecOpsLondonGathering

    EP15: DevSecOps Personas

    Play Episode Listen Later Oct 25, 2021 53:17


    In this episode, Steve and Glenn speak with Ed Tucker and Gary Robinson about the differences between DevSecOps personas.DevSecOps Personas – what Developers, Security, and Operations think when it comes to people/tech/processes/culture when it comes to rolling out DevSecOps programs.  Each of these teams have different drivers, ambitions, blockers, and challenges when it comes to a successful DevSecOps program.  As Dale Carnegie said, ‘The only way to get anyone to do anything, is to make them want to do it' -  all the tech and process in the world isn't going to make it successful if the people and culture (and heart) are not in it.   So let's share what we've seen from 100s of company interactions, understand better where everyone is coming from, and how to approach a DevSecOps program that can move the needle like Marty McFly playing Doc Brown's guitar.   We've love this to be interactive, so bring your stories and questions.Gary Robinson has been working in software and cyber security for 20+ years, as a coder, pen tester, consultant, Security Architect at Citi, Global Board member at OWASP, and heading up Uleska to focus on DevSecOps for the last 5 years.  Gary's focused on the people, process, technology, and culture aspect of DevSecOps – as someone who's worked in all three spaces during his time – and what drivers, blockers, etc each experience with ‘DevSecOps', ‘shift-left', ‘secure by design', and the rest.Ed Tucker is an exceptional Cyber Security leader, with extensive knowledge across most sectors, as a defender, vendor, consultant and founder.  He was the 2017 European Chief Information Security Officer of the Year, UK Security Professional of the Year, and Security Leader of the Year and has been globally recognised for his vision and delivery.Your HostsSteve Giguere: https://www.linkedin.com/in/stevegiguere/Glenn Wilson: https://www.linkedin.com/in/glennwilson/DevSecOps - London GatheringKeep in touch with our events associated with this podcast.https://www.meetup.com/DevSecOps-London-Gathering/https://twitter.com/DevSecOps_LGhttps://www.youtube.com/c/DevSecOpsLondonGathering

    EP14: Threat Modeling - A Manifesto And Some Code

    Play Episode Listen Later Aug 23, 2021 38:07


    Title: Threat Modeling - A Manifesto And Some CodeThreat Modeling: Why we think it matters for you, and how you can implement it in your organization.Modeling: How to model your system in an expressive way.Eliciting threats: What are some of the major approaches in use and how can it be done closer to the developer and at Agile speed.Evolution: Automated threat analysis using an open source tool (pytm). We will talk through the making of pytm and then do a demo.Guest SpeakersMatthew Coles (he/him) is a security professional focused on the security of physical devices and the ecosystems and processes that enable them to operate. He has a MSc in Computer Science from Worcester Polytechnic University (USA), and maintains a CSSLP certification.https://www.linkedin.com/in/matthew-coles-4330652/Izar Tarandach (he/him) has peeked and poked at security from various sides over the last couple of decades, currently focusing on modern SDLC's and how AppSec extrapolates onto the larger scheme of Security. He has a MSc in Computer Science/Security from Boston University (USA).https://www.linkedin.com/in/izartarandach/Izar and Matt have collaborated on security techniques and training for the past 10 years, co-authoring a book on Threat Modeling, are founding members of the Threat Modeling Manifesto, and created and maintain an open source threat modeling automation system, pytm.Your HostsMichael Man: https://www.linkedin.com/in/mman/Glenn Wilson: https://www.linkedin.com/in/glennwilson/DevSecOps - London GatheringKeep in touch with our events associated with this podcast.https://www.meetup.com/DevSecOps-London-Gathering/https://twitter.com/DevSecOps_LGhttps://www.youtube.com/c/DevSecOpsLondonGathering

    EP13: Top 5 things I wish I knew about SAST

    Play Episode Listen Later Aug 4, 2021 45:05


    Application security testing ... top tips to achieve more SASTisfaction from your tooling.ReferencesYoutube Channel: AppSecEngineerYoutube Channel: we45OSSF ScorecardPlease visit our YouTube Channel to see Florin present in our July 2021 Gathering (monthly meet-up).Guest SpeakersFlorin CoadaI've been working in the Application Security testing space for the last eight years. I was lucky enough to experience many customer environments and different testing technologies (SAST, DAST, IAST, SCA). Over the years, I became more interested in SAST, and I am currently working as a product manager in this space. One of my areas of personal interest is how we enable developers to become more independent and get security teams to trust them more. I'm always up for a talk about security, gaming and a combination of both.https://www.linkedin.com/in/florincoada/Abhay BhargavAbhay is the CEO of we45, a focused Application Security company. He's a renowned application security expert and a leader in the domain of DevSecOps. Abhay brings with him, a rich experience with working on complex security engagements, from penetration testing to security architecture reviews to compliance consulting.https://www.linkedin.com/in/abhaybhargav/Your HostsMichael Man: https://www.linkedin.com/in/mman/Glenn Wilson: https://www.linkedin.com/in/glennwilson/DevSecOps - London GatheringKeep in touch with our events associated with this podcast.https://www.meetup.com/DevSecOps-London-Gathering/https://twitter.com/DevSecOps_LGhttps://www.youtube.com/c/DevSecOpsLondonGathering

    EP12: Exploring eBPF Cloud Native Security

    Play Episode Listen Later Jun 19, 2021 35:14 Transcription Available


    Extended Berkeley Packet Filter (eBPF) allows us to tap into the kernel to implement monitoring, observability, networking, and security.  In this episode, we invited Chris Kranz and Liz Rice to discuss the usage and adoption of eBPF within Cloud Native solutions.Referenceshttp://www.brendangregg.com/https://nathanleclaire.com/https://github.com/iovisor/bpftracehttps://ebpf.io/what-is-ebpfhttps://github.com/lizrice/ebpf-beginnerseBPF for Windows: https://www.youtube.com/watch?v=LrrV-eo6fugCommunity: http://slack.cilium.io/eBPF Summit 2021https://ebpf.io/summit-2021/Please visit our YouTube Channel to see Chris present in our June 2021 Gathering (monthly meet-up).Guest SpeakersChris KranzChris supports the Sales Engineering team in EMEA at Sysdig, helping make cloud native easier and more secure for Sysdig customers. Before joining Sysdig, he spent time building microservices and cloud applications with various end users, and before that lived a life of cloud, virtualisation and storage!https://www.linkedin.com/in/ckranz/@ckranzLiz RiceLiz is focused on containers, cloud native technologies, security and distributed systems, and  heavily involved in open source as the chair the Technical Oversight Committee of the Cloud Native Computing Foundation (CNCF), and an ambassador for OpenUK.https://www.linkedin.com/in/lizrice/@lizriceYour HostsMichael Man: https://www.linkedin.com/in/mman/Glenn Wilson: https://www.linkedin.com/in/glennwilson/DevSecOps - London GatheringKeep in touch with our events associated with this podcast.https://www.meetup.com/DevSecOps-London-Gathering/https://twitter.com/DevSecOps_LGhttps://www.youtube.com/c/DevSecOpsLondonGathering

    Ep11: From Zero To a DevSecOps Hero

    Play Episode Listen Later Jun 6, 2021 39:33 Transcription Available


    Learning or knowing what to study in the field of security is a tough subject in it's own right.  Join us with Marcus and Josh where we understand what best practices they follow them.Please visit our YouTube Channel to see Marcus present in our May 2021 Gathering (monthly meet-up).Guest Speakers:Marcus Maxwell:Marcus Maxwell is a Principal Consultant at Contino. He has spent the last 5 years helping large enterprises with building out their Kubernetes clusters, migrating to cloud and most recently with the cloud security programmes. Marcus has given talks before at AWS Loft, DevSecOps - London Gathering, Docker London and more.https://www.linkedin.com/in/marcusmaxwell/@mindful_monkJosh ArmitageKnown for a booming voice and distinct lack of a sense of humour, Josh works as a consultant after spending time with everything from mainframes to machine learning and kubernetes. Having split his life half in the UK, half in Australia, he's now back in London helping regulated enterprises embrace lean software development, cloud native architectures and team happiness as a true north metric.https://www.linkedin.com/in/josh-armitage-b7825a41/@JoshArmiYour HostsMichael Man: https://www.linkedin.com/in/mman/Glenn Wilson: https://www.linkedin.com/in/glennwilson/DevSecOps - London GatheringKeep in touch with our events associated with this podcast.https://www.meetup.com/DevSecOps-London-Gathering/https://twitter.com/DevSecOps_LGhttps://www.youtube.com/c/DevSecOpsLondonGathering

    Ep10: Security Chaos Engineering

    Play Episode Listen Later May 9, 2021 52:04 Transcription Available


    Join us to explore and learn what is Security Chaos Engineering with two of the leading figures in this field Aaron Reinhart and Kennedy Torkura.If you missed the Gathering watch the meet-up here.References: Aaron ReinhartChaos Engineering: System Resiliency in PracticeSecurity Chaos EngineeringReferences: Kennedy TorkuraSecurity-Chaos-Engineering-for-Cloud-ServicesFrom Dependability to Resilience → Security Chaos Engineering for Cloud ServicesRisk-Driven Fault Injection: Security Chaos Engineering for the Fast & FuriousContact Details:Aaron Reinhart: https://www.linkedin.com/in/aaronsrinehart/Kennedy Torkura: https://www.linkedin.com/in/aondona/ Your HostsMichael Man: https://www.linkedin.com/in/mman/Glenn Wilson: https://www.linkedin.com/in/glennwilson/DevSecOps - London GatheringKeep in touch with our events associated with this podcast.https://www.meetup.com/DevSecOps-London-Gathering/https://twitter.com/DevSecOps_LGhttps://www.youtube.com/c/DevSecOpsLondonGathering

    Ep09: DevOps meets Security

    Play Episode Listen Later Apr 24, 2021 39:59 Transcription Available


    DevOps meets Security.London DevOps meets DevSecOps - London Gathering. https://www.meetup.com/London-DevOps/Speakers Bio:Matt Saunders is a technical operations leader, using Devops and continuous delivery to help teams deliver quality software quickly and efficiently. He is also co-organiser of the London DevOps meetup - a group with over 8,000 members which meets monthly.https://www.linkedin.com/in/msaunders/Marc Cluet is a Senior Partner Solutions Engineer at Hashicorp and has over 25 years of experience in the Industry. Heis one of the organisers of London DevOps which is the second biggest DevOps meetup in the world, he also helps organise DevOps Exchange Barcelona and Barcelona Big Data and is a DevOps Institute Ambassador.https://www.linkedin.com/in/marccluet/

    Ep08:Kubernetes Exam Cram

    Play Episode Listen Later Apr 5, 2021 47:40 Transcription Available


    We have the pleasure to have Steve Giguere and Michael Foster, the hosts from Clust3rF8ck, to share with us their experience cramming in all the relevant materials to take both the CKA (Kubernetes Administrator) and CKS (Kubernetes Security Specialist) examshttps://www.twitch.tv/clust3rf8ckhttps://www.cncf.io/certification/cka/https://www.cncf.io/certification/cks/Speakers Bio:Steve Giguere is a dedicated DevSecOps community champion, securing cloud native applications. In addition to Clust3rF8ck, he has a podcast called CoSeCast and represents the UK at playing Ultimate Frisbee.https://www.linkedin.com/in/stevegiguere/https://twitter.com/_SteveGiguere_Michael Foster is a Cloud Native Advocate at StackRox, a Kubernetes native security application. Michael's consulting background instilled the importance of selecting the right tool for the job and creating healthy communities for growth. His work allows him to review, discuss, and contribute to the CNCF ecosystem through various media forms.As a co-organizer of the Kubernetes & Cloud Native Security Meetups, Michael enjoys helping people become more security-focused during their Cloud native journey.https://www.linkedin.com/in/mfosterche/https://twitter.com/IdealUsrname

    DSO Overflow Ep07:Using Rego to define your policies

    Play Episode Listen Later Feb 18, 2021 35:56


    In this episode we invited Anders from the Open Policy Agent project and Alex one of the masterminds behind a new opensource project called KICS.OpenSource ProjectsKICS - Keep your Infrastructure as Code Secure: https://kics.io/Styra Academy: https://academy.styra.com/Rego Playground: https://play.openpolicyagent.org/Official Docs: https://www.openpolicyagent.org/docs/latest/OPA Blog: https://blog.openpolicyagent.org/Guest Detailshttps://www.linkedin.com/in/anderseknert/https://www.linkedin.com/in/roichman/

    DSO Overflow Ep04: Secure Delivery Playbook

    Play Episode Listen Later Sep 12, 2020 48:52


    In this episode I have invited Stuart and James who are the project leads behind the Secure Delivery Playbook. This is a distilled version of their various client engagements when incorporating security into their development.Secure Delivery Playbook details:https://secure-delivery.playbook.ee/### DevSecOps - London Gathering ###https://dso-lg.comhttps://dso-overflow.comAlso follow us on Twitter: @DevSecOps_LG

    DSO Overflow Ep05: Semgrep

    Play Episode Listen Later Sep 12, 2020 45:51


    In this episode I have the pleasure of talking to Clint from R2C - a software security startup from the US. They are championing an open source project called semgrep. I will be exploring what this is and how it is modernising SAST. Semgrep details:https://semgrep.dev/### DevSecOps - London Gathering ###https://dso-lg.comhttps://dso-overflow.comAlso follow us on Twitter: @DevSecOps_LG

    DSO Overflow Ep06: Checkov

    Play Episode Listen Later Sep 12, 2020 41:15


    In this episode I have the pleasure of talking to James and Corcoran - two very talented individuals when it comes to Infrastructure as Code as well as all things DevOps; in addition we have Barak the CTO of Bridgecrew the company behind the opensource project - CheckovCheckov details:https://www.checkov.io/1.Introduction/Getting%20Started.html### DevSecOps - London Gathering ###https://dso-lg.comhttps://dso-overflow.comAlso follow us on Twitter: @DevSecOps_LG

    DSO Overflow Ep03: Experimenting with and adopting AWS Lambda (Matthew Joyce)

    Play Episode Listen Later May 17, 2020 26:38


    In this episode, Matthew Joyce shares his experience with taking on AWS Lamdba for one of his projects.Matthew's details:https://www.linkedin.com/in/matthew-joyce-1301772/### DevSecOps - London Gathering ###https://dso-lg.comhttps://dso-overflow.comAlso follow us on Twitter: @DevSecOps_LG

    DSO Overflow Ep02: Passing a DSO Online Course (Emily Young)

    Play Episode Listen Later May 10, 2020 26:40


    In this episode, I speak to Emily Young who has embarked on the Certified DevSeOps Professional online course and the gruelling twelve hour exam.Emily's details:https://www.linkedin.com/in/emily-young-a3a77255/@Ra1nb0wAn4lyst### DevSecOps - London Gathering ###https://www.meetup.com/DevSecOps-London-Gathering/Also follow us on Twitter: @DevSecOps_LG

    DSO Overflow Ep01: terraform-compliance with Emre Erkunt

    Play Episode Listen Later Nov 24, 2019 27:08


    In this episode I have the pleasure of talking to Emre Erkunt - he is an independent consultant and the founder of an opensource project called Terraform-Compliance. Look out for the black falcon logo. Stickers available in our next Gathering.Emre's details:https://terraform-compliance.com/@3rkunt### DevSecOps - London Gathering ###https://www.meetup.com/DevSecOps-London-Gathering/Also follow us on Twitter: @DevSecOps_LG

    Claim DSO Overflow

    In order to claim this podcast we'll send an email to with a verification link. Simply click the link and you will be able to edit tags, request a refresh, and other features to take control of your podcast page!

    Claim Cancel