Podcasts about devsecops

In this issue of the Future of Cyber newsletter, Sean Martin digs into a topic that's quietly reshaping how software gets built—and how it breaks: the rise of AI-powered coding tools like ChatGPT, Claude, and GitHub Copilot.These tools promise speed, efficiency, and reduced boilerplate—but what are the hidden trade-offs? What happens when the tools go offline, or when the systems built through them are so abstracted that even the engineers maintaining them don't fully understand what they're working with?Drawing from conversations across the cybersecurity, legal, and developer communities—including a recent legal tech conference where law firms are empowering attorneys to “vibe code” internal tools—this article doesn't take a hard stance. Instead, it raises urgent questions:Are we creating shadow logic no one can trace?Do developers still understand the systems they're shipping?What happens when incident response teams face AI-generated code with no documentation?Are AI-generated systems introducing silent fragility into critical infrastructure?The piece also highlights insights from a recent podcast conversation with security architect Izar Tarandach, who compares AI coding to junior development: fast and functional, but in need of serious oversight. He warns that organizations rushing to automate development may be building brittle systems on shaky foundations, especially when security practices are assumed rather than applied.This is not a fear-driven screed or a rejection of AI. Rather, it's a call to assess new dependencies, rethink development accountability, and start building contingency plans before outages, hallucinations, or misconfigurations force the issue.If you're a CISO, developer, architect, risk manager—or anyone involved in software delivery or security—this article is designed to make you pause, think, and ideally, respond.

Before Siri had sass and Alexa started judging your music taste, the original virtual assistant was quietly revolutionizing the '90s—powered by many patents and a whole lot of foresight. Now, as AI goes from buzzword to boss, we ask, will it transform your job, your home… or just steal your knowledge?  This week, Dave, Esmee and Rob speak with Kevin Surace, Futurist, Inventor & "Father" of the Virtual Assistant, about exploring the evolution of AI, what the future might hold, and how disruptive innovation can shake up your organization in ways you might not expect.   TLDR: 00:40 – Introduction of Kevin Surace 05:12 – Rob gets confused by Google Maps reviews and selfies 08:15 – Deep dive into the evolution of AI with Kevin 52:00 – How intelligent agents can help manage digital noise and support mental well-being 1:07:30 – Wrapping up the book the Joy Success Cycle and heading to a concert  GuestKevin Surace: https://www.linkedin.com/in/ksurace/ HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/ ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/ SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/ 'Cloud Realities' is an original podcast from Capgemini 

SBOMs were supposed to be the ingredient label for software—bringing transparency, faster response, and stronger trust. But reality shows otherwise. Fewer than 1% of GitHub projects have policy-driven SBOMs. Only 15% of developer SBOM questions get answered. And while 86% of EU firms claim supply chain policies, just 47% actually fund them.So why do SBOMs stall as compliance artifacts instead of risk-reduction tools? And what happens when they do work?In this episode of AppSec Contradictions, Sean Martin examines:Why SBOM adoption is laggingThe cost of static SBOMs for developers, AppSec teams, and business leadersReal-world examples where SBOMs deliver measurable valueHow AISBOMs are extending transparency into AI models and dataCatch the full companion article in the Future of Cybersecurity newsletter for deeper analysis and more research.

Can AI really help us build more secure software? What's working in practice right now, and where do the tools still fall short? Mattias and Paulina share their views.  We are always happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners. DevSecOps Talks podcast LinkedIn page DevSecOps Talks podcast website DevSecOps Talks podcast YouTube channel

The world of DevSecOps is changing rapidly with AI and automation. In this session, we explore how intelligent security practices are transforming development pipelines, making them smarter, faster, and more secure for modern organizations.

Software developers combine Artificial Intelligence with IT Operations and have produced a new acronym called AIOps. Today, we explored some of the best practices for making software development more productive with AIOps.   Legacy systems are an excellent application for AIOps, but Kevin Walsh from the GAO notes that it may be more economical to maintain legacy systems in place.   Christopher Clark from the U.S. Marine Corps suggests listening to users through starting AI Task Forces. They can help identify the use cases that would validate the expense of moving to AIOps.   One obvious win might be minimal risk, high-impact activities. Clark mentions preventative maintenance as a potential target. ROI from reducing costs can be apparent. Furthermore, a help desk can pose a negligible risk and have a relatively high impact on servicing needs of Marines.   One likely candidate for applied AIOps is managing the changes in a code set that takes place. BMC's Katie Tierney states that in a typical DevSecOps environment, there could be thousands of changes a day, which exceeds human capability.   The overview is apparent:  ensure appropriate oversight, governance, and transparency measures are in place when deploying agentic AI systems.        

 We're back! In this Season 5 premiere, the team reunites after their summer break to kick off an exciting new chapter. Join us as we catch up, share bold predictions for the year ahead, and explore big questions, like whether 2026 will be the year of the autonomous organization. Expect candid reflections, lively discussion, and a sneak peek at what's coming up this season.  We are very keen this season to establish a feedback loop with listeners, so will be doing shows exploring listener questions and challenges - something we are really looking forward to.  Please get in touch with us, via LinkedIn, Substack or cloudrealities@capgemini.com, if you have questions or challenges for us, we'd love to hear from you!TLDR: 00:20 – We're back! 00:35 – Catching up on what we did during the summer break 10:48 – Planning ahead until Christmas: Microsoft Ignite, AWS re:Invent, an AI mini-series and cool guests 20:27 – Tech talk: iPhone 17, deep democracy training, and the human impact of innovation 32:10 – Will autonomous organizations powered by agents emerge within 12–18 months? 40:45 – Reflections inspired by Jaws, climbing adventures, and Bruce Springsteen  HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/ ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/ SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/ 'Cloud Realities' is an original podcast from Capgemini 

Recebemos a brilhante Michelle Mesquita para provar, na prática, que AppSec não é sinônimo de “rodar um scanner e rezar”. Conversamos sobre como construir segurança desde o design, passando por threat modeling, SAST/DAST/SCA e políticas reprodutíveis — tudo sem cair na armadilha do PDF de vulnerabilidades que ninguém lê. Sim, nós também rimos (de nervoso) quando lembramos daqueles relatórios com 500 findings.Falamos ainda sobre carreira: onde começam as pessoas de AppSec, por que comunicação e influência importam tanto quanto CWE e CVE, e como programas como Security Champions destravam escala e cultura. Discutimos comunidades e referências (OWASP e afins), automação no pipeline, gamificação e até como usar IA para reduzir ruído e acelerar feedback útil para devs.E, claro, mantivemos o nosso jeitinho: didático, direto e levemente irônico. Se você quer sair do “firefighting” e colocar segurança como requisito funcional do seu produto, este episódio é para você. Prepare o café, abra o IDE e vem com a gente.O Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

In episode 154 of Cybersecurity Where You Are, Sean Atkinson discusses incident response in DevSecOps, exploring challenges and solutions in modern software development. He emphasizes the importance of integrating security into development processes and speaks about common issues like alert fatigue and software supply chain vulnerabilities. Here are some highlights from our episode:01:32. Common challenges with modern software development03:54. High-speed and continuous deployment07:08. Incident correlation with cloud deployment strategies10:00. Software supply chain vulnerabilities12:45. Alert fatigue and false positives14:30. Testing and automation as enablers of real-time anomaly detection17:40. The responsibility of incident responders to understand what they see18:58. Automated control and a projectized approach to implementing zero trust21:26. Oversight and governance with artificial intelligence and machine learning23:24. Continuous improvement and early detection28:08. Continuous monitoring and logging, automation, and incident response drills30:03. Moving down a path of helping incident responders become culturally awareResourcesCloud Security and the Shared Responsibility ModelCIS Software Supply Chain Security GuideAn Introduction to Artificial IntelligenceDefense-in-Depth: A Necessary Approach to Cloud SecurityEpisode 63: Building Capability and Integration with SBOMsEpisode 44: A Zero Trust Framework Knows No EndLeveraging Generative Artificial Intelligence for Tabletop Exercise DevelopmentIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Dave, Esmee, and Rob are strapping in for another season of bold, brain-bending conversations—and they're bringing the flux capacitor with them from Back to the Future.Season 5 beams in global leaders and innovators who challenge how we think about technology, business, and humanity. From AI disruption to digital sovereignty, from leadership to culture—this season's guests are ready to shake things up.Our first full episode drops on September 25, but before we hit 88 miles per hour, here's a quick trailer to set the timeline straight, or at least bend it a little.HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

No Kubicast de hoje nós recebemos o Leonardo Pinheiro, CRO da Clavis, para um papo direto ao ponto sobre como uma IA feita no Brasil resolve problemas do nosso cenário de cibersegurança. Falamos do Otto – a IA da Clavis –, de como ela nasceu de muita telemetria real de clientes e do porquê conhecer boleto, Pix, WhatsApp e a cadeia financeira nacional muda completamente o jogo. De quebra, confrontamos o mito do “100% seguro” e mostramos como risco, contexto e priorização guiam decisões melhores.Entramos a fundo na plataforma da Clavis (produto+serviço) e nos módulos que orbitam o Otto: gestão de vulnerabilidades, avaliação de fornecedores, correlação de eventos/EDR e validações em cloud. Discutimos quando automação brilha e quando ainda precisamos de gente experiente (ex.: pen test), além de como o Otto responde a perguntas de negócio (“qual meu score?”, “o que mitigar primeiro?”) e conecta tudo numa visão integrada.Também falamos de supply chain security, reputação e como decisões ruins de terceirização estouram no colo da sua marca. No final, tem um bloco sobre comunidade e carreira (SampaSec, Conecta 21, networking) e um respiro cultural com indicações.Links Importantes:- Leonardo Pinheiro - https://www.linkedin.com/in/leonardo-pinheiro-batista/- João Brito - https://www.linkedin.com/in/juniorjbn/- Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflM- SampaSEC - https://www.linkedin.com/groups/9381855/?fbclid=PAZXh0bgNhZW0CMTEAAact9-j_AzTmFc136pGmO_GWesqvNdULEk-rMQSkGGSlFcpGCbyZLeElRcFVqg_aem_1W_jlM9Z0G5Q6BHoe76xLw- Kubicast 125 - https://www.youtube.com/watch?v=nG7sugocQsg- A vida de Chuck - https://www.imdb.com/pt/title/tt12908150/Hashtags#SegurancaDaInformacao #Ciberseguranca #InteligenciaArtificial #IA #Otto #Clavis #SupplyChainSecurity #PenTest #GestaoDeVulnerabilidades #LGPD #SOC #EDR #ThreatIntelligence #CloudSecurity #Compliance #PlataformaDeSeguranca #Kubernetes #DevOps #DevSecOps #Kubicast #Containers #GetupO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

Threat modeling is often called the foundation of secure software design—anticipating attackers, uncovering flaws, and embedding resilience before a single line of code is written. But does it really work in practice?In this episode of AppSec Contradictions, Sean Martin explores why threat modeling so often fails to deliver:It's treated as a one-time exercise, not a continuous processResearch shows teams who put risk first discover 2x more high-priority threatsYet fewer than 4 in 10 organizations use systematic threat modeling at scaleDrawing on insights from SANS, Forrester, and Gartner, Sean breaks down the gap between theory and reality—and why evolving our processes, not just our models, is the only path forward.

Threat modeling is often called the foundation of secure software design—anticipating attackers, uncovering flaws, and embedding resilience before a single line of code is written. But does it really work in practice?In this episode of AppSec Contradictions, Sean Martin explores why threat modeling so often fails to deliver:It's treated as a one-time exercise, not a continuous processResearch shows teams who put risk first discover 2x more high-priority threatsYet fewer than 4 in 10 organizations use systematic threat modeling at scaleDrawing on insights from SANS, Forrester, and Gartner, Sean breaks down the gap between theory and reality—and why evolving our processes, not just our models, is the only path forward.

Segurança em Go não é só "rodar um scanner e rezar". Neste episódio, nós destrinchamos como escrever Go com cabeça de atacante: governança de dependências (e os perigos do type‑squatting), revisão de go.mod, uso criterioso da Standard Library e por que não usar latest em imagens. Também conectamos tecnologia com processo: repositórios privados, políticas de aprovação e pipeline que barra regressão antes do deploy.A conversa nasce de casos reais: do typo em (GHCR vs GHRC) que captura credenciais até a confusão com pacotes falsos tipo BoltDB look‑alike. Discutimos supply chain ponta a ponta, cache do Go Proxy, licenças (quando fugir de GPL) e boas práticas para autenticação.E claro, vamos além do código: SBOM no build, assinatura e verificação de imagens, OPA/Admission Control para políticas em Kubernetes, capabilities mínimas e validação de entradas com timeouts bem definidos. É papo prático, com nosso humor de sempre, para deixar segurança como padrão — não como tarefa de último minuto.Links Importantes: - Marcelo Pires - https://www.linkedin.com/in/marcpires/ - Matheus Faria - https://www.linkedin.com/in/matheusfm/ - João Brito - https://www.linkedin.com/in/juniorjbn - Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflM - Post sobre ghrc.io - https://www.linkedin.com/posts/juniorjbn_someone-is-typosquatting-ghrcio-not-github-activity-7364387040618045441-UB88/ - Typosquat - https://devops.com/typosquat-supply-chain-attack-targets-go-developers/ - https://go.dev/doc/tutorial/govulncheck - vuln.go.dev - https://github.com/anchore/syft - https://github.com/anchore/grype - https://github.com/google/capslock - https://github.com/aquasecurity/trivy - LFD121 - https://training.linuxfoundation.org/training/developing-secure-software-lfd121/ - https://deps.dev/ - https://devops.com/typosquat-supply-chain-attack-targets-go-developers/Participe de nosso programa de acesso antecipado e tenha um ambiente mais seguro em instantes! https://getup.io/zerocve

AI is everywhere in application security today — but instead of fixing the problem of false positives, it often makes the noise worse. In this first episode of AppSec Contradictions, Sean Martin explores why AI in application security is failing to deliver on its promises.False positives dominate AppSec programs, with analysts wasting time on irrelevant alerts, developers struggling with insecure AI-written code, and business leaders watching ROI erode. Industry experts like Forrester and Gartner warn that without strong governance, AI risks amplifying chaos instead of clarifying risk.This episode breaks down:• Why 70% of analyst time is wasted on false positives• How AI-generated code introduces new security risks• What “alert fatigue” means for developers, security teams, and business leaders• Why automating bad processes creates more noise, not less 

AI is everywhere in application security today — but instead of fixing the problem of false positives, it often makes the noise worse. In this first episode of AppSec Contradictions, Sean Martin explores why AI in application security is failing to deliver on its promises.False positives dominate AppSec programs, with analysts wasting time on irrelevant alerts, developers struggling with insecure AI-written code, and business leaders watching ROI erode. Industry experts like Forrester and Gartner warn that without strong governance, AI risks amplifying chaos instead of clarifying risk.This episode breaks down:• Why 70% of analyst time is wasted on false positives• How AI-generated code introduces new security risks• What “alert fatigue” means for developers, security teams, and business leaders• Why automating bad processes creates more noise, not less 

Send us a textEpisode 253 – Priya Gnanasekaran, Senior Security Engineer at LAB3 (Australia)Can AI be both a risk and a defense? In this episode, Priya Gnanasekaran shares how organizations can manage today's most pressing cybersecurity challenges.On The Data Diva Talks Privacy Podcast, Debbie Reynolds, “The Data Diva,” speaks with Priya Gnanasekaran, Senior Security Engineer at LAB3 (Australia), about the complex challenges cybersecurity leaders face with AI, IoT, and cloud security. Drawing on her decade-long career spanning DevSecOps, engineering, and operations, Gnanasekaran explains why cybersecurity cannot be reduced to a single field but must be understood as an amalgamation of multiple interconnected disciplines. She highlights the distinction between IT and cybersecurity and explains why this distinction is crucial for executives making risk and investment decisions.The conversation examines AI's dual role in cybersecurity, acting both as a new attack vector and as a defensive tool that, when used responsibly, can strengthen organizational security. Gnanasekaran also details the risks of shadow AI and unmonitored enterprise use, exposing businesses to unmanaged vulnerabilities. She addresses weaknesses in IoT ecosystems, including outdated devices and hardware flaws, and argues that these cannot be solved through patchwork responses. Instead, she emphasizes the importance of “shifting left” by embedding security earlier in DevSecOps processes. Gnanasekaran stresses that cybersecurity cannot be treated like a fire department that responds only after damage has been done.This discussion offers valuable lessons on resilience, innovation, and proactive strategy, applicable not only to security professionals but also to anyone interested in understanding how digital systems can be better protected and managed.Hosted by Debbie Reynolds, “The Data Diva,” bringing global leaders together on privacy, cybersecurity, and emerging technology.Support the show

Recebemos hoje a Lara Xavier para um papo sério (e divertido) sobre observabilidade no Brasil. Conversamos sobre como sair da visão puramente reativa para uma estratégia madura que combina logs, métricas e rastros, além de cultura e processo. Entramos em dilemas de custo, priorização e responsabilidade compartilhada entre SRE e desenvolvimento, sempre com exemplos práticos do dia a dia.Falamos do começo de carreira da Lara, dos aprendizados que moldaram a forma como ela encara incidentes e de como transformar telemetria em decisões, não só em dashboards bonitos. Em “Logs e Métricas” discutimos instrumentação, qualidade de dados e sinais acionáveis, enquanto em “Vulnerabilidades e Diagnóstico” abordamos como enxergar falhas sem caça às bruxas, conectando observabilidade a segurança e a uma cultura de melhoria contínua.Puxamos também a “stack da Grafana” e as diferenças de abordagem entre times, além de boas práticas para quem quer elevar o nível da observabilidade no Kubernetes. No caminho, rimos das confusões de LinkedIn vs. Lattes, mas sem perder a mão técnica: falamos de SLO/SLI, alertas com menos ruído e decisões orientadas por telemetria. Bora?Links Importantes:- Lara Xavier - https://www.linkedin.com/in/lara-xavier-bb389788/- Links da Lara - https://linktr.ee/Larasxavier- João Brito - https://www.linkedin.com/in/juniorjbn- Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflM- Seja Grafana Champion - https://grafana.com/community/champions/Hashtags#Observabilidade #Kubernetes #DevOps #DevSecOps #Kubicast #Containers #Getup #Grafana #Logs #Métricas #SRE #SLI #SLO #Tracing #Prometheus #Loki #Jaeger #OpenTelemetry #Dashboards #Instrumentação #CarreiraTech #Comunidade #CulturaDevOps #BrasilO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

Our guest today is Akansha Shukla, an information security professional with over 10 years of experience in application security, DevSecOps, and API security. We're discussing why API security remains one of the least mature areas of AppSec today and exploring the challenges developers face when securing APIs. Akansha shares her insights on incorporating APIs into threat modeling exercises, the ongoing struggles with API discovery and inventory management, and the authorization challenges highlighted in the OWASP API Security Top 10. The conversation also touches on whether "shift left" is truly dead and why we still haven't solved basic security problems like input validation despite having the frameworks to address them.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Conheça como levar ambientes de desenvolvimento para a nuvem sem drama de setup, conflitos de versão ou aquela maratona de instalar NVM, Java, Python e afins. Neste papo com Miguel e Oscar, fundadores da CPS1, destrinchamos o que é um Cloud Development Environment (CDE), por que ele acelera o onboarding e como tiramos proveito de workspaces efêmeros para codar com tudo pronto, do banco ao message broker, em um clique. Falamos também de governança e observabilidade do ponto de vista de plataforma.Entramos a fundo na arquitetura: CPS1 como Operator no Kubernetes, templates que definem linguagem, dependências e recursos (bancos, filas, caches) e workspaces isolados, acessíveis via VS Code/JetBrains/SSH. Discutimos o clássico VDI vs CDE, eficiência de recursos com contêineres, menores custos/atritos para times de Ops e o impacto direto no famoso “time to first PR”.E não faltou OPS também: de Git branch a ambientes efêmeros, de Terraform/Ansible testados em contêiner até Quickstart e Helm charts para rodar self‑hosted. De quebra, ainda falamos de Rust por baixo do capô e da (futura) automação com agentes que criam workspaces e abrem PRs sozinhos. Sim, a hype está servida — mas com engenharia por trás.Links Importantes:- João Brito - https://www.linkedin.com/in/juniorjbn- Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflM- Conheça a CPS1 -  https://cps1.tech- Documentação pra começar na CPS1: https://docs.cps1.tech/latest/quickstart/- Miguel: https://www.linkedin.com/in/mciurcio/- Oscar: https://www.linkedin.com/in/oesgalha/Hashtags#CloudDevelopmentEnvironment #CDE #Kubernetes #DevOps #DevSecOps #Kubicast #Containers #Getup #PlatformEngineering #RemoteDevelopment #VSCode #JetBrains #KubernetesOperator #GitOps #Rust #Onboarding #Workspaces #Templates #Governança #CRDO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

Support the show - try out Insight Hub free for 14 days now: https://testguild.me/insighthub In this episode of the TestGuild DevOps Toolchain Podcast, host Joe Colantonio sits down with Patrick Quilter, CEO of Deploy360, to explore how AI is reshaping DevSecOps and what it means for testers, developers, and security engineers. Patrick shares his unique journey from automation engineer to founder to acquisition, and now leading a company working directly with the Department of Defense on secure, AI-powered development pipelines. You'll learn: Why automation engineers are perfectly positioned to move into security How agentic AI can transform DevOps workflows with specialized security agents Why AI won't replace skilled developers—but can supercharge them The role of local vs. cloud LLMs in security and supply chain protection Where DevSecOps and AI are headed in the next 1–3 years Patrick also reveals how Deploy360 is rolling out its next-gen DevSecOps platform and why small-to-medium businesses may benefit most from early access. Learn more about Patrick and Deploy360: Don't forget to subscribe, share, and leave a review if you find this episode valuable for your testing or DevSecOps journey. Try out SmartBear's Bugsnag for free, today. No credit card required: https://testguild.me/bugsnagfree

Começamos provocando: mais visibilidade sempre ajuda? Partimos de um caso real para discutir por que dashboards sem ação só empilham problemas. Falamos de ruído de alertas, thresholds mal calibrados e cultura de “ver tudo” que, sem priorização, não move o ponteiro.Na sequência, entramos na parte estratégica: apetite de risco, ownership e quem tem o crachá para dizer “vai” ou “não vai”. Trazemos exemplos contrastando setores (financeiro vs. saúde), impacto no negócio e como isso redefine criticidade, SLAs e o que é “aceitável” em produção.Fechamos com prática de campo: shift left de verdade (não é “rodar o Sonar e pronto”), modelagem de ameaças para começar pelo básico certo (acesso, hardening, atualização), e o papel de Kubernetes na jornada em que o foco volta para o produto — com priorização inteligente, e não caça a balas de prata.Links Importantes:- Caroline Assunção - https://www.linkedin.com/in/caroline-assuncao/- João Brito - https://www.linkedin.com/in/juniorjbn- Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflMO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

Bret discusses exciting news about Swarm being maintained until 2030.

The second Trump administration has spent 2025 accelerating its software modernization initiatives through the creation of agencies like the U.S. DOGE Service and other entities designed to digitize and modernize the American government. Modeling after DOD enterprise software container platforms, the Department of Veterans Affairs stood up its own Platform One application in 2021 to drive software modernization within the agency. Matthew Fuqua, technical lead at VA's Platform One, told GovCIO Media & Research Platform One is a sandbox environment where software developers can safely experiment and build applications using protected data. He said his team took inspiration from similar endeavors in federal government and built a platform where developers can focus their efforts solely on coding. Fuqua said that Platform One's ethos centered around “speed, stability, scale and security,” and each tenet drives the mission of providing services through software that can benefit veterans. Platform One supports the VA's DevSecOps strategy to streamline its operations and shift away from the traditional waterfall approach to software development that hinders innovation at speed. In a DevSecOps environment, Fuqua's team is able to monitor, update and secure troves of data rapidly, shortening processes that used to take days down to hours. Fuqua said that AI has opened the door to new potential applications but data security is paramount when considering building new software.

In today's episode, we get the unvarnished truth about making the difficult transition from federal on-prem networks to the cloud.   Michael Howard, US Transportation Command, gives a thorough analysis of topics like containers, cloud service providers, and specific benefits of cloud native applications. He has experience in enterprise-level commercial organizations, enabling him to compare available tools with those approved for a secure environment like the DoD.   He begins by stating that his area of responsibility is making a transition away from the traditional waterfall method of software development to a more agile approach. He shocks the audience by stating that his organization only releases updates quarterly. In today's rapidly changing world, a more dynamic release cycle is mandatory.   Containers:  We know that containers provide smaller pockets of code. Michael Howard points out that this allows for portability between clouds and on prem solutions.    Cloud Service Providers (CSP): It is essential to train staff in the specifics of cloud-native applications for each CSP, as every CSP has its own unique terminology and operational guidelines.   Cybersecurity:  Michael Howard's team has leveraged cloud-native tools to stand up a zero-trust compatible instance that provides data from disparate sources in a flexible, yet secure manner.   Michael Howard provides a wide range of information for the listener. The focus is on the benefits of containerized workloads, Kubernetes, and DevSecOps for improving efficiency and security.      

Neste episódio, mergulhamos no Dia 2 de IaC com o especialista Renan Lira para descobrir como transformar um ambiente greenfield em uma infraestrutura padronizada e testada em produção. Abordamos desde os primeiros passos de configuração até as nuances de modularização e governança de código.Falamos sobre Smart Abstraction e mostramos como criar módulos que atendem a múltiplos ambientes sem inflar a complexidade. Depois, comparamos duas abordagens do mercado — Pulumi e Terraform — discutindo trade‑offs, convenções de nomenclatura e práticas de documentação.Também exploramos a integração de IaC em pipelines CI/CD, estratégias de teste e validação contínua, além de discutir as melhores práticas de segurança e compliance para proteger sua infraestrutura. Tudo isso com uma boa dose de humor e insights práticos para aplicar hoje mesmo.Links Importantes:- Renan Lira - https://www.linkedin.com/in/therenanlira/- Artigo de IaC - https://medium.com/bluems-tech/infrastructure-as-code-lifecycle-management-adc7e18a669c- João Brito - https://www.linkedin.com/in/juniorjbn- Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflMO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

Bret and Nirmal are joined by Michael Irwin to discuss Docker's comprehensive AI toolkit, covering everything from local model deployment to cloud-based container orchestration across multiple interconnected tools and services.

Retornamos com a segunda parte do nosso bate-papo com o engenheiro de sistemas Felipe Rocha, e agora com o foco total no Kubernetes e seus componentes fundamentais. De forma descontraída, mas técnica, exploramos desde o isolamento de workloads em namespaces até o roteamento seguro de conexões com CNI e políticas de rede.Aprofundamos em tópicos-chave como a adoção de arquiteturas multi tenant e a dinâmica de configuração de segredos dinâmicos com Secret Engines, ilustrando como integrar Helm Charts, ArgoCD e Terraform para criar pipelines GitOps realmente escaláveis. Além disso, discutimos o trade-off entre visibilidade operacional e automação gerenciada em clusters EKS.Encerramos refletindo sobre como manter uma plataforma ágil em grandes corporações, equilibrando governança e rapidez de entrega, e por que a segurança no Kubernetes é mais um processo de retardamento do que de bloqueio absoluto.Links Importantes:- Felipe Rocha - https://www.linkedin.com/in/felipefonsecarocha- João Brito - https://www.linkedin.com/in/juniorjbn- Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflMHashtags#kubernetes #serviceaccount #networkpolicies #cni #gitops #helm #terraform #devops #devsecops #kubicast #containers #getupO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

Host Alex Theuma is joined by DuploCloud Founder and CEO Venkat Thiruvengadam. Venkat shares his journey from Microsoft Azure to building a $50M-funded DevSecOps platform. He discusses bootstrapping the company for the first three years, through to leading the company through what he calls an “existential moment” for all SaaS businesses: the shift to AI-native operations. Guest links: Website: https://duplocloud.com/ LinkedIn: https://www.linkedin.com/in/venkat-thiruvengadam-35a7396/      Check out the other ways SaaStock is helping SaaS founders move their business forward: 

Embarcamos em mais um episódio do Kubicast, desta vez com a participação especial do engenheiro de sistemas Felipe Rocha, para mergulhar de cabeça na engenharia de plataforma e nas estratégias de segurança de containers que vêm moldando o futuro da infraestrutura moderna. Com nosso bom humor característico, exploramos as nuances técnicas de como as equipes podem acelerar a entrega de software sem comprometer a integridade dos ambientes.Discutimos os desafios práticos enfrentados ao migrar de uma prova de conceito (POC) para um produto mínimo viável (MVP), revelando insights valiosos sobre automação, governança de dados e cultura DevSecOps. Além disso, abordamos o uso de inteligência artificial e técnicas de fine-tuning (RUG) para enriquecer modelos de linguagem com conhecimento específico de negócio e garantir respostas mais precisas e seguras.Por fim, refletimos sobre os principais obstáculos de manutenção contínua, o trade-off entre velocidade e segurança e como uma plataforma eficiente pode reduzir o atrito entre desenvolvimento e operação. Afinal, somos nós, profissionais de TI, que impulsionamos a inovação, e este episódio traz um panorama completo dos aprendizados e boas práticas que aplicamos no dia a dia.Links Importantes:- Felipe Rocha - https://www.linkedin.com/in/felipefonsecarocha- João Brito - https://www.linkedin.com/in/juniorjbn- Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflMHashtags#plataforma #segurança #cibernética #automação #inteligênciaartificial #containers #kubicast #kubernetes #devops #devsecops #getup #Kubicast #Kubernetes #DevOps #DevSecOps #Containers #GetupO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

As digital infrastructure becomes increasingly interwoven with third-party code, APIs, and AI-generated components, organizations are realizing they can't ignore the origins—or the risks—of their software. Theresa Lanowitz, Chief Evangelist at LevelBlue, joins Sean Martin and Marco Ciappelli to unpack why software supply chain visibility has become a top concern not just for CISOs, but for CEOs as well.Drawing from LevelBlue's Data and AI Accelerator Report, part of their annual Futures Report series, Theresa highlights a striking correlation: 80% of organizations with low software supply chain visibility experienced a breach in the past year, while only 6% with high visibility did. That data underscores the critical role visibility plays in reducing business risk and maintaining operational resilience.More than a technical concern, software supply chain risk is now a boardroom topic. According to the report, CEOs have the highest awareness of this risk—even more than CIOs and CISOs—because of the direct impact on brand reputation, stock value, and partner trust. As Theresa puts it, software has become the “last mile” of digital business, and that makes it everyone's problem.The conversation explores why now is the time to act. Government regulations are increasing, adversarial attacks are intensifying, and organizations are finally beginning to connect software vulnerabilities with business outcomes. Theresa outlines four critical actions: leverage CEO awareness, understand and prioritize vulnerabilities, invest in modern security technologies, and demand transparency from third-party providers.Importantly, cybersecurity culture is emerging as a key differentiator. Companies that embed security KPIs across all business units—and align security with business priorities—are not only more secure, they're also more agile. As software creation moves faster and more modular, the organizations that prioritize visibility and responsibility throughout the supply chain will be best positioned to adapt, grow, and protect their operations.Learn more about LevelBlue: https://itspm.ag/levelblue266f6cNote: This story contains promotional content. Learn more.Guest: Theresa Lanowitz, Chief Evangelist of AT&T Cybersecurity / LevelBlue [@LevelBlueCyber]On LinkedIn | https://www.linkedin.com/in/theresalanowitz/ResourcesTo learn more, download the complete findings of the LevelBlue Threat Trends Report here: https://itspm.ag/levelbyqdpTo download the 2025 LevelBlue Data Accelerator: Software Supply Chain and Cybersecurity report, visit: https://itspm.ag/lbdaf6iLearn more and catch more stories from LevelBlue: https://www.itspmagazine.com/directory/levelblueLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Bret is joined by Andrew Tunall, the President and Chief Product Officer at Embrace, to discuss his prediction that we'll all start shipping non-QA'd code (buggier code in production) and QA will need to be replaced with better observability.

In this episode, host Jethro Jones discusses the crucial topic of AI and cybersecurity with Sam Bourgeois, an experienced IT director with a background in private industry and education. The conversation covers the importance of AI standards, the ethical implications of AI use, and the need for cybersecurity awareness among young people. Sam introduces 'Make It Secure Academy,' an innovative platform aimed at educating students about cybersecurity through interactive and engaging methods. The episode emphasizes the critical need to incorporate these lessons into everyday education to protect children in an increasingly digital world.Cybertraps PodcastAI Standards, AI Ethics, and Cybersecurity for kids.Working for a company that has an International footprint How to support someone who wants to bring on tools. Guardrails, not blockade. NISTRegulations around AIIs it worthwhile for kids to learn standards about AI usage. A student should know and recognize there are correct and incorrect ways to use AI. With great power comes great responsibility. MakeITsecure academyOnce data is exposed, they're being watched and tracked all the timeKids will turn 18 with data exposed for years. How to teach kids without it being a gotcha! On a mission to protect every kid, one kid at a time. About Sam BourgeoisSam is the leader of a large managed services provider in the US serving global customers ranging from defense to education. He is the Sr. Dir. of Technology and Cybersecurity and leads the visioning of new products and services, oversees DEVSECOPs teams and serves as the cyber leader of the organization and many clients. He has deep telecommunication, IT, education, and corporate training industry experiences, and is passionate about serving those in need whether it's in Rotary or non-profit board membership. Socials: @makeitsecurellc = insta, Fbhttps://www.linkedin.com/company/102108099Webpresence LLC - https://www.makeitsecurellc.com/home501c3 - https://www.make-it-secure.org/LMS - https://makeitsecure.academy/Intro to the LMS and Courses - https://youtu.be/xEyFXhe6Z3E  We're thrilled to be sponsored by IXL. IXL's comprehensive teaching and learning platform for math, language arts, science, and social studies is accelerating achievement in 95 of the top 100 U.S. school districts. Loved by teachers and backed by independent research from Johns Hopkins University, IXL can help you do the following and more:Simplify and streamline technologySave teachers' timeReliably meet Tier 1 standardsImprove student performance on state assessments

In this episode, host Jethro Jones discusses the crucial topic of AI and cybersecurity with Sam Bourgeois, an experienced IT director with a background in private industry and education. The conversation covers the importance of AI standards, the ethical implications of AI use, and the need for cybersecurity awareness among young people. Sam introduces 'Make It Secure Academy,' an innovative platform aimed at educating students about cybersecurity through interactive and engaging methods. The episode emphasizes the critical need to incorporate these lessons into everyday education to protect children in an increasingly digital world.Cybertraps PodcastAI Standards, AI Ethics, and Cybersecurity for kids.Working for a company that has an International footprint How to support someone who wants to bring on tools. Guardrails, not blockade. NISTRegulations around AIIs it worthwhile for kids to learn standards about AI usage. A student should know and recognize there are correct and incorrect ways to use AI. With great power comes great responsibility. MakeITsecure academyOnce data is exposed, they're being watched and tracked all the timeKids will turn 18 with data exposed for years. How to teach kids without it being a gotcha! On a mission to protect every kid, one kid at a time. About Sam BourgeoisSam is the leader of a large managed services provider in the US serving global customers ranging from defense to education. He is the Sr. Dir. of Technology and Cybersecurity and leads the visioning of new products and services, oversees DEVSECOPs teams and serves as the cyber leader of the organization and many clients. He has deep telecommunication, IT, education, and corporate training industry experiences, and is passionate about serving those in need whether it's in Rotary or non-profit board membership. Socials: @makeitsecurellc = insta, Fbhttps://www.linkedin.com/company/102108099Webpresence LLC - https://www.makeitsecurellc.com/home501c3 - https://www.make-it-secure.org/LMS - https://makeitsecure.academy/Intro to the LMS and Courses - https://youtu.be/xEyFXhe6Z3E  Join the Transformative Mastermind Today and work on your school, not just in it. Apply today. We're thrilled to be sponsored by IXL. IXL's comprehensive teaching and learning platform for math, language arts, science, and social studies is accelerating achievement in 95 of the top 100 U.S. school districts. Loved by teachers and backed by independent research from Johns Hopkins University, IXL can help you do the following and more:Simplify and streamline technologySave teachers' timeReliably meet Tier 1 standardsImprove student performance on state assessments

Dave, Esmee, and Rob take a moment to look back on the wild ride that was Season 4—revisiting the themes that sparked the biggest conversations and the guests who left a lasting impression. They also reveal what's on their summer to-do lists and drop a few juicy hints about what's coming in Season 5. Get ready—it's going to be even bigger and bolder.Thank you to all our listeners and guests for joining us in Season 4 - have a great summer and we will see you in September!TLDR:00:40 Season 4 by the numbers – and a fun mix-up with round figures03:20 Reflecting on standout topics and memorable guests03:42 Scaling AI: Hyperscaler narratives, tech momentum, and the adoption gap13:18 Ethics in the AI era – how organizations can and must stay grounded18:12 The human factor: Why “human-in-the-loop” matters more than ever27:29 Sovereignty in tech – geopolitics, shifting narratives, and the rise of Sovereign AI37:16 A deep dive into Telco – highlights from our dedicated mini-series53:48 2025 tech trends with Gene Kim55:33 Listener Q&A: Daniel Delicate on Cynefin vs. IT operating models1:01:44 Andrea Kis on keeping humanity in fast-paced tech1:06:09 Ezhil Suresh on how we prep and record our podcast with top-tier guests1:11:38 John Eaton-Griffin on how guests have shaped our thinking1:17:19 A word from our co-host1:19:57 Looking ahead to Season 5: AAA episodes, new industry mini-series, and Hyperscaler events1:22:09 Meet our new AI companions: Substack and the Cloud Realities chatbot1:23:40 What's next for us this summerHostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

The rise of structure software fueled globalization by streamlining operations across borders. Now, Cloud and AI are accelerating this momentum, enabling faster innovation, smarter decision-making, and scalable growth. By modernizing ERP with intelligent technologies, organizations can stay agile, competitive, and ready for the next wave of global transformation.This week, Dave, Esmee and Rob talk to Timo Elliott, Innovation Evangelist at SAP, to explore how SAP is driving globalization—and how organizations can accelerate innovation through the power of Cloud and AI. TLDR00:55 Introduction of Timo Elliott02:40 Rob shares his confusion about misleading online ads08:06 In-depth conversation with Timo46:32 Rethinking control in enterprise systems1:00:00 Brunch at a Paris café or joining an event?GuestTimo Elliott: https://www.linkedin.com/in/timoelliott/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

Meet Nayan Goel

GreenOps is a cultural transformation that empowers developers to turn emissions data into meaningful action, bridging the communication gap with ESG teams and exposing the critical truth that cloud cost and carbon cost are not the same, which fundamentally reshapes how we approach sustainable IT.This week, Dave, Esmee and Rob talk to James Hall, Head of GreenOps at Green Pixie, to unpack the real state of GreenOps today—and why we've only just scratched the surface.  TLDR 01:57 Rob is confused about AGI 06:11 Cloud conversation with James Hall 22:10 Esmee as media archeologist, found GreenOps is 50 years old 30:46 Having some drinks in the summer Guest James Hall: https://www.linkedin.com/in/james-f-hall/ Hosts Dave Chapman: https://www.linkedin.com/in/chapmandr/ Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/ Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Production Marcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/ Dave Chapman: https://www.linkedin.com/in/chapmandr/ Sound Ben Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/ Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

Semper Valens Solutions designs DevSecOps infrastructure for DISA, develops cyber weapons systems for the Air Force, supports the Army's deployment of force protection platforms and C2 systems, plus does non-cleared work for DHA, VA, and the FBI. Company COO Nick Brown shares the importance of treating candidates well in the hiring process, doing more than just applying for the position, and how the company deals with the challenges of return to office. 4:20 Most positions are Secret to TS/SCI. Locations include San Antonio, Aberdeen, MD, Fort Belvoir, and Fort Huachuca, among others.5:47 Semper Valens means always strong.9:02 How the company works to build company cohesion and culture.Find complete show notes at: https://clearedjobs.net/semper-valens-solutions-valuing-every-candidate-podcast/_ This show is brought to you by ClearedJobs.Net. Have feedback or questions for us? Email us at rriggins@clearedjobs.net. Sign up for our cleared job seeker newsletter. Create a cleared job seeker profile on ClearedJobs.Net. Engage with us on LinkedIn, Facebook, Instagram, X, or YouTube. _

In this episode of the DevOps Toolchain podcast, we dive deep into the evolving intersection of AI, IoT, and embedded systems with special guest Hariharan Ragothaman who's a seasoned technologist and DevSecOps expert. Try out Insight Hub free for 14 days now: https://testguild.me/insighthub Hariharan shares how he went from programming in BASIC as a kid to leading cutting-edge AI server validation today. We explore the mindset shifts needed when moving from embedded systems to cloud-native architectures, and why having a security-first approach isn't just optional anymore — it's essential. We also discuss: ✅ The growing role of AI in embedded systems and IoT — and what that means for testers and engineers. ✅ Practical strategies for building a security mindset (even if you don't think of yourself as a “security person”). ✅ Favorite tools and techniques for shifting security left, including real-world examples and open-source tips. ✅ The balance between technical depth and leadership skills in an AI-powered future. ✅ Hariharan's personal approach to staying ahead of the curve, from continuous learning habits to favorite books and tools. Whether you're deep in DevSecOps, testing embedded devices, or just curious about where AI and IoT are taking us next, this episode is packed with actionable advice and fresh perspectives to help you stay ahead.

The current phase of software development is probably the most insecure era ever — there's so much more application and code that's vulnerable, according to Snyk CEO Peter McKay. “It was a struggle for security teams to keep up with the pace of software development prior to generative AI, and now with generative and copilot and Windsurf and all the tools that are out there, you know, they're moving even faster and security is struggling to keep up.” McKay joins Bloomberg Intelligence's head of technology research, Mandeep Singh, to discuss the application of large-language models for securing the use of tools, including Cursor and Github copilots. He also talks about the addressable market for DevSecOps (the development, security and operations approach), potential automation driven by AI and Snyk's acquisitions for both talent and product features as the attack surface expands in cybersecurity.

Quantum computing in 2025 is rapidly advancing toward commercialization, with breakthroughs in algorithms, scalable hardware, and cloud-based quantum services driving real-world applications across finance, healthcare, logistics, and cybersecurityThis week, Dave, Esmee, and Rob dive into the cutting edge of quantum computing with Catherine Vollgraff Heidweiller, Quantum AI PM at Google, and James Goeders, Head of Product for Google Quantum AI, exploring how far we've come since our June 2023 Quantumania! episode and what to expect from Willow—the bold fusion of quantum, AI, digital integration, deployment, and the broader tech ecosystem.TLDR00:46 Meet Catherine and James – intros and backgrounds02:22 Rob is confused about students using AI09:40 Deep dive with Catherine and James on the current state and future of Quantum48:01 Quantum isn't just tech—it's a whole new way of thinking1:01:37 Seize the moment and bringing external users onto quantum hardwareGuestCatherine Vollgraff Heidweiller: https://www.linkedin.com/in/cmv-vollgraffheidweiller/James Goeders: https://www.linkedin.com/in/james-goeders-8876a7164/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

The Daytona founders - Ivan Burazin and Vedran Jukic - discuss their pivot to an AI agent cloud. We dig into the new infrastructure requirements of developing agents that need their own sandboxes to operate in.A year ago, we had them on to talk about Daytona giving us remote development environments for humans, and they have now pivoted the company to focusing on providing cloud hosting environments for AI agents to operate.I suspect this is something we're all gonna eventually need to tackle as we work to automate more of our software engineering. So we spend time breaking down the concepts and the real world needs of humans developing agents, and then the needs of AI that require places to run their own tools in code.Check out the video podcast version here https://youtu.be/l8LBqDUwtV8Creators & Guests Cristi Cotovan - Editor Bret Fisher - Host Beth Fisher - Producer Ivan Burazin - Guest Vedran Jukic - Guest You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com (00:00) - Intro (06:08) - Daytona's Sandbox Technology (12:57) - Practical Applications and Use Cases (14:29) - Security and Isolation in AI Agents (17:59) - Start Up Times for Sandboxing and Kubernetes (22:51) - Daytona vs Lambda (31:06) - Rogue Models and Isolation (34:54) - Humanless Operations and the Future of DevOps (47:17) - SDK vs MCP (50:15) - Human in the Loop (51:13) - Daytona: Open Source vs Product Offering

In this episode, we sat down with AJ Yawn, Author of the upcoming book GRC Engineering for AWS and Director of GRC Engineering at Aquia, to discuss how GRC engineering can transform compliance.We discussed the current pain points and challenges in Governance, Risk, and Compliance (GRC), how GRC has failed to keep up with software development and the threat landscape, and how to leverage cloud-native services, AI, and automation to bring GRC into the digital era.We dove into:What the phrase “GRC Engineering” means and how it differs from traditional Governance, Risk and ComplianceWhat some of the major issues are with traditional compliance in the age of DevSecOps, Cloud, API's, Automation and now AISpecific examples of GRC Engineering, including the use of automation, API's and cloud-native services to streamline security control implementation, assessment and reportingThe promise and potential of AI in GRC, and how AJ is using various models for control assessments, artifact creation and more, and how GRC practitioners should be leveraging AI as a force multiplierAJ's new book “GRC Engineering For AWS: A Hands-On Guide to Governance, Risk and Compliance Engineering”

Brian Robbins is the CFO of GitLab, a DevSecOps platform that supports software innovation. He joins Motley Fool CEO, Tom Gardner, plus Chief Investment Officer Andy Cross and AI Engineer Karl Juhl for a conversation about: - How GitLab scaled for remote culture - How technology and AI have shifted over the years - GitLab's plan to handle the evolving cloud and DevOps landscape. Companies mentioned: GTLB Hosts: Tom Gardner, Andy Cross, Karl Juhl Guest: Brian Robbins Engineer: Bart Shannon Advertisements are sponsored content and provided for informational purposes only. The Motley Fool and its affiliates (collectively, "TMF") do not endorse, recommend, or verify the accuracy or completeness of the statements made within advertisements. TMF is not involved in the offer, sale, or solicitation of any securities advertised herein and makes no representations regarding the suitability, or risks associated with any investment opportunity presented. Investors should conduct their own due diligence and consult with legal, tax, and financial advisors before making any investment decisions. TMF assumes no responsibility for any losses or damages arising from this advertisement. Learn more about your ad choices. Visit megaphone.fm/adchoices

Bill Staples has spent 30 years redefining how the world writes, ships, and secures code.On this week's Grit, the GitLab CEO shares what it takes to lead a public, all-remote DevSecOps company trusted by more than half of the Fortune 100. He breaks down the discipline of managing energy instead of hours, why weekly operating cadences beat quarterly plans, and how AI will 10× software engineers by auto-debugging code and closing security gaps.Guest: Bill Staples, CEO of GitLabChapters:00:00 Trailer00:42 Introduction02:34 True joy in life08:16 Winning teams13:53 When the energy isn't there18:00 Super ambitious21:01 It's not just technology29:27 Elevating quality and standard41:36 Lifelong collaborator51:22 Competent intelligence54:22 Structuring goals and time1:03:59 Who GitLab is hiring1:04:17 What “grit” means to Bill1:04:54 OutroLinks:Connect with BillLinkedInConnect with JoubinXLinkedInEmail: grit@kleinerperkins.comLearn more about Kleiner Perkins

Welcome to a new episode of The Daily Windup! Today, I had the pleasure of speaking with Yolanda Clark, CEO of Powder River Industries, a small business that has successfully navigated the world of defense contracts and specialized in DevSecOps and infrastructure as code services. Yolanda shared her journey of bringing stability to her business by establishing headquarters in Wyoming while her spouse serves in the military. In our conversation, Yolanda explained the intricacies of DevSecOps, clarifying that it involves coding within secure environments, ensuring software compliance with cyber requirements from day one. We also discussed the differences between FedRAMP and their services, with Yolanda highlighting how they provide support at a specific point within the lifecycle for their defense customers. Listen now to learn more!

Join Jim McDonald and Jeff Steadman on the Identity at the Center podcast as they welcome Lalit Choda, founder and CEO of the Non-Human Identity Management Group. Lalit, also known as "Mr. NHI," shares his journey from investment banking to becoming a leading expert in non-human identities. This episode delves into the critical and often overlooked world of NHI, exploring why it's such a hot topic now, the challenges practitioners face in managing these identities, and how to approach the problem from a risk-based perspective. Lalit discusses the limitations of traditional PAM and IGA tools for NHI, the importance of foundational controls, and the alarming implications of AI on non-human identity management. Plus, hear a fun segment about vinyl records and some surprising finds!Chapter Timestamps:00:00:00 - Introduction to Lalit Choda and the NHI Community00:02:31 - Welcome to the Identity at the Center Podcast & IdentiVerse Discussion00:06:18 - Lalit Choda's Identity Origin Story: From Mr. SOX to Mr. NHI00:12:03 - Why Non-Human Identities Are a Big Deal Right Now00:15:37 - Defining NHI and the Practitioner's Framework00:19:13 - The Scale and Challenges of NHI Management00:23:01 - New Types of NHI and Tooling Limitations00:27:12 - The Lack of a Single Source of Truth for NHI00:33:57 - Prioritizing NHI Management and the Role of PAM00:38:58 - A Risk-Based Approach to NHI and Foundational Controls00:48:15 - What Scares Lalit Most About NHI (and AI)00:50:54 - Lalit's Impressive Vinyl Collection00:56:38 - Jim and Jeff's First, Best, and Favorite Albums01:01:15 - The Intersection of Music and Non-Human Identities01:02:00 - Wrapping Up & Where to Find More InformationConnect with Lalit: https://www.linkedin.com/in/lalit-choda-5b924120/Non-Human Identity Management Group: https://www.nhimg.org/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comKeywords:Lalit Choda, Non-Human Identity, NHI, Machine Identity, Workload Identity, Identity Management, Cybersecurity, PAM, IGA, Privilege Access Management, Identity Governance and Administration, Secrets Management, Cloud Security, AI, Artificial Intelligence, DevSecOps, Risk-Based Approach, Identity Security, Service Accounts, Identity at the Center, IDAC, Jeff Steadman, Jim McDonald, IdentiVerse, Vinyl Collection, Podcast, Mr. NHI#idac #nonhumanidentity #machineidentity #cybersecurity #identityaccessmanagement #IAM #infosec #digitalidentity #workloadsecurity #devsecops #cloudsecurity #privilegedaccessmanagement #identitygovernance #zerotrust #nhi #mrnhi

Interpol's Operation Secure dismantles a major cybercrime network, and Singapore takes down scam centers. GitLab patches multiple vulnerabilities in its DevSecOps platform. Researchers unveil a covert method for exfiltrating data using smartwatches. EchoLeak allows for data exfiltration from Microsoft Copilot. Journalists are confirmed targets of Paragon's Graphite spyware. France calls for comments on tracking pixels. Fog ransomware operators deploy an unusual mix of tools. Skeleton Spider targets recruiters by posing as job seekers on LinkedIn and Indeed. Erie Insurance suffers ongoing outages following a cyberattack. Our N2K Lead Analyst Ethan Cook shares insights on Trump's antitrust policies. DNS neglect leads to AI subdomain exploits. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we share a selection from today's Caveat podcast where Dave Bittner and Ben Yelin are joined by N2K's Lead Analyst, Ethan Cook, to take a Policy Deep Dive into “The art of the breakup: Trump's antitrust surge.” You can listen to the full episode here and find new episodes of Caveat in your favorite podcast app each Thursday.   Selected Reading Interpol takes down 20,000 malicious IPs and domains (Cybernews) Singapore leads multinational operation to shutter scam centers tied to $225 million in thefts (The Record) GitLab patches high severity account takeover, missing auth issues (Bleeping Computer) SmartAttack uses smartwatches to steal data from air-gapped systems (Bleeping Computer) Critical vulnerability in Microsoft 365 Copilot AI called EchoLeak enabled data exfiltration (Beyond Machines) Researchers confirm two journalists were hacked with Paragon spyware (TechCrunch) Tracking pixels: CNIL launches public consultation on its draft recommendation (CNIL) Fog ransomware attack uses unusual mix of legitimate and open-source tools (Bleeping Computer) FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters (The Record) Erie Insurance confirms cyberattack behind business disruptions (Bleeping Computer) Why Was Nvidia Hosting Blogs About 'Brazilian Facesitting Fart Games'? (404 Media)  Secure your public DNS presence from subdomain takeovers and dangling DNS exploits (Silent Push) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Firefly is a cloud infrastructure automation platform that helps cloud teams, DevOps, SRE, platform engineering, DevSecOps, and other groups manage their entire cloud as code. Firefly helps to manage cloud complexity and produce consistent and efficient cloud platforms with code. To help Firefly better understand their customers and industry trends around Infrastructure as Code (IaC),... Read more »