Podcasts about devsecops

Most organizations have security champions. Few have a real security culture.In this episode of AppSec Contradictions, Sean Martin explores why AppSec awareness efforts stall, why champion programs struggle to gain traction, and what leaders can do to turn intent into impact.

 In this second episode of the special AI mini-series, we now explore the human side of transformation, where technology meets purpose and people remain at the center. From future jobs and critical thinking to working with C-level leaders, how human intervention and high-quality data drive success in an AI-powered world.This week, Dave, Esmee, and Rob talk to Indhira Mani, CDO at Intact Insurance UK, about the Love for data, insights on leadership, resilience, and preparing the next generation for what's next.    TLDR:01:30 Introduction of Indhira Mani and Scotch whisky05:45 Explaining the State of AI mini-series with Craig07:12 Conversation with Indi about her boyfriend called Data 38:33 Umbrella Sharing in Japan and the trust on AI45:15 The British Insurance Award and Women in Tech finalist GuestIndhira Mani: https://www.linkedin.com/in/indhira-mani-data/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/with co-host Craig Suckling: https://www.linkedin.com/in/craigsuckling/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/ SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/ 'Cloud Realities' is an original podcast from Capgemini

Most organizations have security champions. Few have a real security culture.In this episode of AppSec Contradictions, Sean Martin explores why AppSec awareness efforts stall, why champion programs struggle to gain traction, and what leaders can do to turn intent into impact.

Шоты №43. Безопасность по умолчанию: эволюция DevOps в DevSecOps. Дмитрий Горохов, Антон Конопак Оставайтесь на связи Пишите нам: info@linkmeup.ru Канал в телеграме: t.me/linkmeup_podcast Канал на youtube: youtube.com/c/linkmeup-podcast Подкаст доступен в iTunes, Google Подкастах, Яндекс Музыке, Castbox Сообщество в вк: vk.com/linkmeup Группа в фб: www.facebook.com/linkmeup.sdsm Добавить RSS в подкаст-плеер. Пообщаться в общем чате в тг: https://t.me/linkmeup_chat Поддержите проект:

In this episode of De Nederlandse Kubernetes Podcast, we talk with Jim Bugwadia, founder and CEO of Nirmata, and Shuting Zhao, Staff Engineer and one of the maintainers of Kyverno — the CNCF project for Kubernetes policy management.Jim and Shuting share how Kyverno was born from Nirmata's commercial work and has since become one of the most widely adopted open source projects in Kubernetes governance, with over 3.4 billion image pulls.We explore the real question: Why does Kubernetes need policies if it's already declarative? Jim explains how policy as code helps developers, operators, and security teams collaborate on cluster configuration at scale — from pod security to resource quotas, network policies, and automation.Shuting dives deeper into how Kyverno enables granular control, policy exceptions, and flexible enforcement modes — from audit to enforce. They discuss how large organizations use policy automation to improve compliance, security, and even cost efficiency, citing use cases like Adidas saving 50% in dev/test environments using policy-driven resource management.We also touch on:

Josh Arzt is a Senior Solutions Architect with 25+ years of experience modernizing systems, solving complex problems, and delivering scalable cloud solutions. He is an expert in software engineering, DevSecOps, serverless architectures, and cloud migrations. He is a certified professional with a strong publication record in IT and applied mathematics.   His professional career began in the early 2000s, when he discovered .NET and all it had to offer in its early days. Using that framework, paired with his maturation in software architecture, helped shape how he approaches challenges — with curiosity, precision, and a focus on making technology practical and reliable. Along the way, he's led teams, modernized systems, written his own software in performance metrics, and helped organizations adapt to change, but what he values most is working with people: mentoring engineers, collaborating across disciplines, and finding ways to connect technical work to real human impact. He brings both experience and perspective — the ability to see the big picture while never losing sight of the craft that drew him to this field in the first place.   Josh is also a 2025-2026 board election candidate for .NET Foundation.   Topics of Discussion: [2:40] Josh talks about the .NET Foundation and its importance. [7:08] A self-described dorky child, Josh recounts his early days in IT, starting with building computers as a child. [9:33] Josh describes his transition from IT support to software development, driven by his interest in problem-solving. [15:55] Josh discusses the evolution of .NET, from its early days to the current state. [30:40] The importance of choosing the right tool for the job, regardless of the programming language. [32:42] The challenges of managing tech debt and the importance of sustainability in software development. [37:28] Josh shares his positive experiences with the .NET community and the support they provide. [38:08] How thoughtful and consistent feedback shapes the evolution of the .NET ecosystem. [40:02] Continuous learning and adaptation in the field of software development.   Mentioned in this Episode: Clear Measure Way Architect Forum Software Engineer Forum Joshua Arzt LinkedIn Technical Babble — XCalibur Systems Xcalibur37 GitHub User Xcalibur Stack Overflow     Want to Learn More? Visit AzureDevOps.Show for show notes and additional episodes.

Technology can scale almost everything—except human experience. In a world driven by efficiency, what does it mean to design for how people truly feel? It's about transforming user interactions into ongoing insight and innovation, rooted in empathy and understanding.  This week, Dave, Esmee and Rob talk to Kevin Magee, Chief Technology Officer at All human about helping organizations transform customer experiences with a focus on design, engineering, and what is called "digital performance."  TLDR:00:41 Introduction of Kevin Magee with Guinness or sparkling water?03:23 Rob wonders, is Apple really opening up its ecosystem?11:40 Deep dive with Kevin into design, engineering, and digital performance36:30 How tools built for one purpose can transform entire systems48:35 Weekend city breaks and pursuing a master's in psychology  GuestKevin Magee: https://www.linkedin.com/in/kevinmagee/ HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/ ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/ SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/ 'Cloud Realities' is an original podcast from Capgemini

Aproveitamos a AWS fora do ar e o linkedin cheio de especialistas para falar um pouco sobre DevOps e SRE: o que realmente falhou, como dependências globais amplificam incidentes e por que comunicação e telemetria mudam o jogo quando o provedor está cambaleando. Falamos de estratégias de resiliência multi‑região, desenho de failure domains e decisões pragmáticas de RTO/RPO. Discutimos feature flags para degradar funcionalidades com graça, circuit breakers e backoff nos clientes, priorização de runbooks e exercícios de caos que realmente medem MTTR. Também passamos por impactos colaterais em serviços gerenciados (EKS, IAM, KMS, DynamoDB), observabilidade em modo de guerra e os limites do “gerenciado”.Fechamos com lições acionáveis para times de produto e plataforma: desde budget de disponibilidade e custos até testes de recuperação orientados a cenários. Dois tópicos‑chave que destacamos: resiliência multi‑região na prática e como treinar a organização para incidentes de baixa probabilidade e alto impacto.Por fim, damos um giro de lições aprendidas para equipes de produto e plataforma: feature flags para fallback de integrações, rotas alternativas para planos de controle, circuit breakers em clientes, e playbooks para comunicação com stakeholders. Dois tópicos que merecem atenção especial neste papo: resiliência multi-região na prática e como preparar sua organização para incidentes “quase improváveis”.#Links Importantes:- Lucas Azevedo - https://www.linkedin.com/in/lazevedo-devops/- Comunidade DevOps no Discord - https://discord.com/invite/k6wPagw4tV- João Brito - https://www.linkedin.com/in/juniorjbn/- Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflM## Hashtags#DevOps #SRE #AWS #Outage #DNS #DynamoDB #AltaDisponibilidade #Resiliencia #Observabilidade #ChaosEngineering #IncidentResponse #Runbooks #FeatureFlags #CircuitBreaker #RTO #RPO #Kubernetes #DevSecOps #Kubicast #Containers #GetupO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

Organizations pour millions into protecting running applications—yet attackers are targeting the delivery path itself.This episode of AppSec Contradictions reveals why CI/CD and cloud pipelines are becoming the new frontline in cybersecurity.

Send us a textIn this candid and cathartic episode, Ken and Mike unpack the chaos that is Q4 for security professionals. From budget burnouts to end-of-year pentesting sprints, they explore why the final months of the year feel like a perfect storm for stress. Tune in as they share hard-earned lessons, practical advice for maintaining your sanity, and some gentle reminders that not everything needs to ship before Christmas. Whether you're a tired vendor, an overwhelmed engineer, or just trying to make it to PTO, this episode is for you.

Organizations pour millions into protecting running applications—yet attackers are targeting the delivery path itself.This episode of AppSec Contradictions reveals why CI/CD and cloud pipelines are becoming the new frontline in cybersecurity.

The skills we teach today will decide the world we live in tomorrow but the digital skills gap is something we've been dealing with for decades, but it's growing faster than ever, it starts with kids and stretches all the way into late IT careers, and now we're finally taking a more connected, lifelong approach to closing it. This week, Dave, Esmee, and Rob speak with Mike Nayler, Director, National Security, Defense & Public Safety at AWS about the digital skills gap and explore how tech companies can help close it. TLDR:00:45 Introduction of Mike Nayler and the pros and cons of enterprise architects, based on a survey03:30 Rob is confused about AI replacing prompt engineers07:55 Conversation with Mike on the digital skills gap25:15 The real gap is between institutions and the people they aim to serve33:24 Mike heading back to school and writing essays againGuest Mike Nayler: https://www.linkedin.com/in/nayler/ HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/ ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/ SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/ 'Cloud Realities' is an original podcast from Capgemini

Se você acha que segurança em nuvem é só ligar um CSPM e ser feliz, neste episódio a gente mostra que a história é bem mais cabeluda e divertida. Recebemos o Leandro Venâncio para destrinchar desde responsabilidade compartilhada e Zero Trust até o que realmente funciona no dia a dia de clusters Kubernetes sob fogo cruzado. Falamos de cultura, automação e das ciladas que a gente só aprende depois de tomar uns tombos.Partimos do básico bem-feito (identidade, redes e criptografia) e avançamos para governança com políticas (Kyverno/Gatekeeper), esteira com SAST/DAST/SCA, SBOM decente e segredos administrados em KMS/External Secrets. Amarramos com observabilidade, resposta a incidentes e como priorizar risco sem virar refém de dashboards. Spoiler: custo, compliance e performance entram no mesmo bolo e não dá pra fingir que não existem.Entre as pautas, destacamos: como aplicar Zero Trust em workloads efêmeros; por que "shift left" sem operações maduras mais atrapalha que ajuda; e onde CNAPP, CSPM e admission controllers se encontram. E claro, casos reais — porque a teoria é linda, mas a produção é quem manda.#Links Importantes:- Leandro Venâncio - https://www.linkedin.com/in/leandro-venancio/- LowOps cast com Rafael Ferreira - https://www.youtube.com/live/SC6a11HClX4- João Brito - https://www.linkedin.com/in/juniorjbn/- Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflMO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

The concept of DevSecOps has been around long enough that it's now firmly established in most federal agencies, but using it to produce secure software on a regular basis takes careful planning. Darren Death is the Chief Information Security Officer at the Export Import Bank, and Madhuri Sammid is the Deputy Associate Chief Information Officer at the Bureau of Safety and Environmental Enforcement. They talked with Federal News Network's Jared serbu As part of our 2025 Cyber Leaders Exchange.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

In 'Access All Areas' shows we go behind the scenes with the crew and their friends as they dive into complex challenges that organisations face—sometimes getting a little messy along the way. We're launching a special AI mini-series exploring how artificial intelligence is reshaping industries. Each episode dives into key themes like scaling AI, societal impact, leadership, sustainability, and the challenges ahead. Join us for fresh insights and bold conversations on the future of intelligent systems.  This week, Dave, Esmee, and Rob kick off the AI mini-series with Craig Suckling, CAIO at Capgemini and co-host of this special edition. The episode is inspired by “Riding the AI Whirlwind,” Gartner's 2025 strategic predictions report, which urges organizations to act boldly on AI's potential while managing risks like rising costs and privacy concerns  TLDR:00:40 – Introduction of Craig Suckling and launch of the AI mini-series02:38 – Summary of three key insights and strategic recommendations from Gartner's “Riding the AI Whirlwind” report23:03 – Strategic planning assumptions: what they mean for business and tech leaders41:40 – Sam Altman's top three concerns about the future of AI49:35 – What key topics remain unaddressed?51:00 – What to expect from the AI mini-series featuring industry leadersHostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/with co-host Craig Suckling: https://www.linkedin.com/in/craigsuckling/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/ SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/ 'Cloud Realities' is an original podcast from Capgemini

Abrimos o episódio colocando a mão na massa: como desenhar uma experiência de desenvolvedores (DevX) que realmente reduz lead time e aumenta throughput de entregas. Com a presença do Luiz Henrique e da Larissa Vitoriano, exploramos o que o time do iFood aprendeu ao escalar plataformas internas, padronizar fluxos de entrega e melhorar a autonomia das squads sem perder governança.Também entramos no universo de Developer Relations (DevREL) — não como “marketing técnico”, mas como ponte entre produto, plataforma e comunidade. Falamos de como priorizar feedback produtivo, quais métricas evitam vaidade e como alinhar backlog de plataforma com as dores reais de quem está codando todos os dias.Pra fechar, discutimos IA “na vida real”: onde modelos (tradicionais e LLMs) já estão gerando valor no ciclo de desenvolvimento, como observabilidade e custo entram na equação e os limites práticos de adoção — desde MLOps, finops de inferência, até segurança e privacidade.Links Importantes:- Larissa Vitoriano - https://www.linkedin.com/in/larissavitoriano/- Luiz Henrique - https://www.linkedin.com/in/luizhenrique1987/- Blog do IFood Tech - https://medium.com/ifood-tech- João Brito - https://www.linkedin.com/in/juniorjbn/- Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflMHashtags#DevX #DevREL #IA #MLOps #Plataformas #Observabilidade #FinOps #SRE #CulturaDev #Produtividade #Kubernetes #DevOps #DevSecOps #Kubicast #Containers #GetupO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

En este episodio de El Podcast de Dynamic Devs, Jonathan González conversa con Oliver Fierro sobre el reto central de hoy: cómo asegurar el pipeline de CI/CD sin perder velocidad. Profundizan en dónde aparecen las vulnerabilidades en DevSecOps, cómo priorizar hallazgos (CVE) dentro de una plataforma interna (IDP), y el papel real de GitHub Advanced Security, Snyk y Trivy en la automatización. También exploran indicadores técnicos para medir madurez y una mirada al futuro: IA generativa y agentes que prometen pipelines auto-protegidos.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com The impact of AI in software development in the federal government is so pervasive that, in July of 2025, the President of the United States released a White House AI Action Plan. Today, we sat down with Bob Stevens from GitLab to put this development into perspective, examine some use cases, and suggest methods that federal agencies can use to prepare for this technological shift. What precipitated the initiative is the recognition that change is occurring so rapidly in the world of software development that the federal government must adapt more quickly than in the past, or it will be vulnerable to cyberattacks. Stevens notes that the federal government has been targeting modernization, producing software faster, and being more efficient, for a decade. AI will help them get there, with some possible cost reduction. For example, in the past, a vulnerability may have taken weeks to discover. Utilizing AI allows federal software developers to reduce that discovery to minutes. That ties in with one essential element in the White House initiative: security. In fact, one of the pillars of the Action Plan is titled “Promoting Secure-by-Design AI Technologies and Applications.” Stevens has been involved in federal software development for decades and thinks that a platform approach best serves the essential objectives of this Action Plan. The conversation concludes with the potential for AI to streamline government processes and improve operational efficiency. If you are interested in learning more about the economics of this approach, you can download The Economics of Software Innovations: $750 billion Opportunity at a Crossroads.

How do you perform incident response on a Kubernetes cluster when you're not even on the same network? In this episode, Damien Burks, Senior Security engineer breaks down the immense challenges of container security and why most commercial tools are failing at automated response.While many CNAPPs provide runtime detection, they lack a "sophisticated approach to automating incident response or containment" in complex environments like private EKS . He shares his hands-on experience building a platform that uses a dynamically deployed Lambda function to achieve containment of a compromised EKS node in just 10 minutes, a process that would otherwise take hours of manual work and approvals .This is a guide for any DevSecOps or cloud security professional tasked with securing containerized workloads. The conversation also covers a layered prevention strategy, the evolving role of the cloud security engineer, and career advice for those looking to enter the field.Guest Socials -⁠ ⁠⁠⁠⁠Damien's LinkedinPodcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security PodcastQuestions asked:(00:00) Introduction(02:15) Who is Damien Burks?(03:20) The State of Cloud Incident Response in 2025(05:15) Why There is No Sophisticated, Automated IR for Kubernetes(06:20) A Deep Dive into Kubernetes Incident Response(07:30) The Unique Challenge of a Private EKS Cluster(12:15) A Layered Approach to Prevention in a DevSecOps Culture(17:00) How to Automate Containment in a Private EKS Cluster(17:40) From Hours to 10 Minutes: The Impact of Automation(22:00) The Evolving & Complex Role of the Cloud Security Engineer(25:40) Do We Have Too Much Visibility or Not Enough?(29:00) Career Path: The Value of Learning to Code for DevSecOps(35:00) Damien's Hot Take: "Multi-Cloud Just Means Chaos"(44:20) Career Advice for Traditional IR Professionals Moving to Cloud(47:50) Final Questions: Video Games, Life's Journey, and GumboResources spoke about during the interviewDamien's Website

Episode 4: Security as Code In this episode of the ePlus Security + F5 API Security Podcast, David Tumlin and Chuck Herrin dive into the future of “security as code,” where automation, AI, and DevSecOps converge to protect dynamic, ephemeral environments.  From real-time threat validation to AI-assisted policy tuning, this is a must-listen for anyone building or securing modern apps.

Bret is joined by Philip Andrews and Dan Muret of Cast AI to discuss pod live migration between nodes in a Kubernetes cluster.

The evolving role of technology in modern defense environments, highlighting innovations in communications, automation, and open-source frameworks. Drawing from personal experience, the conversation emphasizes how real-world conflicts are reshaping how tech is deployed, adopted, and understood across military operations.  This week, Dave, Esmee, and Rob speak with Ben Sparke, Enterprise Azure Cloud & AI Specialist for UK Defence at Microsoft, about  how his military background informs a human-centered approach to technology in the evolving defence sector—highlighting the shift from mission-driven to tech-driven innovation.  TLDR:00:37 – Introduction of Ben Sparke and face-to-face podcasting02:40 – Rob gets confused about Digital Twins representing you in court08:15 – Tech's evolving role in defence, with Ben 34:41 – Why improvisation and human adaptability matter 43:30 – Ben's hundred-mile bike race over the weekend  Guest Ben Sparke: https://www.linkedin.com/in/ben-sparke/ HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/ ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/ SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/ 'Cloud Realities' is an original podcast from Capgemini 

In this issue of the Future of Cyber newsletter, Sean Martin digs into a topic that's quietly reshaping how software gets built—and how it breaks: the rise of AI-powered coding tools like ChatGPT, Claude, and GitHub Copilot.These tools promise speed, efficiency, and reduced boilerplate—but what are the hidden trade-offs? What happens when the tools go offline, or when the systems built through them are so abstracted that even the engineers maintaining them don't fully understand what they're working with?Drawing from conversations across the cybersecurity, legal, and developer communities—including a recent legal tech conference where law firms are empowering attorneys to “vibe code” internal tools—this article doesn't take a hard stance. Instead, it raises urgent questions:Are we creating shadow logic no one can trace?Do developers still understand the systems they're shipping?What happens when incident response teams face AI-generated code with no documentation?Are AI-generated systems introducing silent fragility into critical infrastructure?The piece also highlights insights from a recent podcast conversation with security architect Izar Tarandach, who compares AI coding to junior development: fast and functional, but in need of serious oversight. He warns that organizations rushing to automate development may be building brittle systems on shaky foundations, especially when security practices are assumed rather than applied.This is not a fear-driven screed or a rejection of AI. Rather, it's a call to assess new dependencies, rethink development accountability, and start building contingency plans before outages, hallucinations, or misconfigurations force the issue.If you're a CISO, developer, architect, risk manager—or anyone involved in software delivery or security—this article is designed to make you pause, think, and ideally, respond.

My guest today is Michael Ferranti, VP of Marketing at Unleash. In this conversation Michael recounts his journey from the banking sector to the tech world starting during the 2008 financial crisis. He explains how the launch of Amazon's cloud services led him to join Rackspace, a leading hosting provider at the time. Michael emphasizes the importance of culture in a company's success and delves into his career in developer tools, touching upon the shifts in cloud computing, containerization, and microservices architecture, up to the current generative AI revolution. He discusses the differences between building software for financial services and for developers, stressing the necessity of upskilling to maintain credible conversations with target audiences. Key insights shared include best practices for feature management, emphasizing the importance of small batch sizes in DevOps, and the critical need for empathy and strong mission alignment in work culture. Michael concludes with career advice for those looking to enter or advance in software marketing, highlighting the importance of curiosity and adaptability in the fast-evolving tech landscape.00:00 Introduction and Welcome00:09 Michael's Journey into Tech01:29 Early Career at Rackspace03:28 Transition to Developer Tools04:31 Differences Between BFSI and Developer Domains05:42 Understanding Developer Needs10:04 Feature Management and Testing in Production13:10 Balancing Technical and Business Requirements29:30 Building a Strong Company Culture34:45 Staying Updated with Industry Trends38:17 Career Tips for Aspiring Marketers42:15 Conclusion and Final Thoughtshttps://www.linkedin.com/in/ferrantim/Michael Ferranti is a seasoned enterprise technologist and product strategist with deep experience in the developer tools and cloud-native ecosystems. Across companies like Portworx, Teleport, and now Unleash, Michael has consistently been at the forefront of how modern engineering teams build, release, and secure software at scale.He's led product and marketing teams through high-growth phases, acquisitions, and major category creation efforts—often sitting at the intersection of infrastructure innovation and developer experience. At Portworx, he helped define the Kubernetes-native storage and backup category. At Teleport, he worked on reimagining secure infrastructure access by replacing legacy VPNs and PAM tools with developer-first identity-based access. At Unleash, he's helping redefine how teams manage feature delivery with open-source roots and enterprise-grade scale.Michael speaks the language of engineering leaders because he's worked side-by-side with them for over a decade. His approach to go-to-market is grounded in understanding real user workflows, developer psychology, and the shifting realities of enterprise architectures—from Kubernetes to DevSecOps to open-source adoption models.

Before Siri had sass and Alexa started judging your music taste, the original virtual assistant was quietly revolutionizing the '90s—powered by many patents and a whole lot of foresight. Now, as AI goes from buzzword to boss, we ask, will it transform your job, your home… or just steal your knowledge?  This week, Dave, Esmee and Rob speak with Kevin Surace, Futurist, Inventor & "Father" of the Virtual Assistant, about exploring the evolution of AI, what the future might hold, and how disruptive innovation can shake up your organization in ways you might not expect.   TLDR: 00:40 – Introduction of Kevin Surace 05:12 – Rob gets confused by Google Maps reviews and selfies 08:15 – Deep dive into the evolution of AI with Kevin 52:00 – How intelligent agents can help manage digital noise and support mental well-being 1:07:30 – Wrapping up the book the Joy Success Cycle and heading to a concert  GuestKevin Surace: https://www.linkedin.com/in/ksurace/ HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/ ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/ SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/ 'Cloud Realities' is an original podcast from Capgemini 

Bem-vindos a mais um Kubicast! Neste episódio, recebemos Victor Carvalho para destrinchar o Talos Linux como base enxuta e segura para rodar Kubernetes. Nós comparamos a proposta minimalista do Talos com distros generalistas, e debatemos por que um SO "Kubernetes-first" reduz superfície de ataque e acelera a vida de quem opera clusters no dia a dia.Falamos de segurança no detalhe: kernel hardenizado (KSP), SELinux funcionando de verdade com Kubernetes, criptografia de disco com chaves via TPM/KMS, e o modelo API-driven (sem SSH) que muda a forma como operamos nós. Também discutimos operação e upgrades, incluindo o uso do Talos Factory e de Terraform para padronizar imagens, além de estratégias para controlar endpoints e certificados.Fechamos com experiências reais: comparativos de tempo de provisioning, requisitos mínimos, rede (Flannel vs Cilium), dores comuns (certificados/TLS, IP flutuante) e boas práticas de produção — aquela mistura de técnica com bom humor que só a nossa bancada entrega.Links Importantes:- Victor Cardoso - https://www.linkedin.com/in/victorbmcarvalho/- João Brito - https://www.linkedin.com/in/juniorjbn/- Site oficial do Talos Linux - https://talos.dev- Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflMHashtags#Talos #TalosLinux #Kubernetes #DevOps #DevSecOps #Kubicast #Containers #Getup #K8s #SELinux #KSP #Terraform #Proxmox #Flannel #Cilium #ZeroTrust #Imutabilidade #Homelab #Observabilidade #SBOMO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

SBOMs were supposed to be the ingredient label for software—bringing transparency, faster response, and stronger trust. But reality shows otherwise. Fewer than 1% of GitHub projects have policy-driven SBOMs. Only 15% of developer SBOM questions get answered. And while 86% of EU firms claim supply chain policies, just 47% actually fund them.So why do SBOMs stall as compliance artifacts instead of risk-reduction tools? And what happens when they do work?In this episode of AppSec Contradictions, Sean Martin examines:Why SBOM adoption is laggingThe cost of static SBOMs for developers, AppSec teams, and business leadersReal-world examples where SBOMs deliver measurable valueHow AISBOMs are extending transparency into AI models and dataCatch the full companion article in the Future of Cybersecurity newsletter for deeper analysis and more research.

AI is enabling developers and non-developers (product managers, solutions engineers) to write more lines of code than even before. Businesses are under pressure to ship these AI built products to stay competitive while still meeting regulatory requirements. Can AI solve this problem? In this talk, we will explore the opportunities and pitfalls to use AI agents for DevSecOps. About the speaker: Sanket Naik is the founder and CEO at Palosade, building a purpose-built AI platform enabling enterprises to automate their security program and unleash their business potential. He enjoys giving back to startups through investing and advisory roles. Before Palosade, he was the SVP of engineering for Coupa. In this role, he built the cloud and cybersecurity organization, over 12 years, from the ground up through an initial public offering followed by significant global growth. He has also held engineering roles at HP and Qualys.Sanket holds a BS in electronics engineering from the University of Mumbai and an MS in CS from Purdue University with research at the multi-disciplinary CERIAS cybersecurity center.

SBOMs were supposed to be the ingredient label for software—bringing transparency, faster response, and stronger trust. But reality shows otherwise. Fewer than 1% of GitHub projects have policy-driven SBOMs. Only 15% of developer SBOM questions get answered. And while 86% of EU firms claim supply chain policies, just 47% actually fund them.So why do SBOMs stall as compliance artifacts instead of risk-reduction tools? And what happens when they do work?In this episode of AppSec Contradictions, Sean Martin examines:Why SBOM adoption is laggingThe cost of static SBOMs for developers, AppSec teams, and business leadersReal-world examples where SBOMs deliver measurable valueHow AISBOMs are extending transparency into AI models and dataCatch the full companion article in the Future of Cybersecurity newsletter for deeper analysis and more research.

Can AI really help us build more secure software? What's working in practice right now, and where do the tools still fall short? Mattias and Paulina share their views.  We are always happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners. DevSecOps Talks podcast LinkedIn page DevSecOps Talks podcast website DevSecOps Talks podcast YouTube channel

Software developers combine Artificial Intelligence with IT Operations and have produced a new acronym called AIOps. Today, we explored some of the best practices for making software development more productive with AIOps.   Legacy systems are an excellent application for AIOps, but Kevin Walsh from the GAO notes that it may be more economical to maintain legacy systems in place.   Christopher Clark from the U.S. Marine Corps suggests listening to users through starting AI Task Forces. They can help identify the use cases that would validate the expense of moving to AIOps.   One obvious win might be minimal risk, high-impact activities. Clark mentions preventative maintenance as a potential target. ROI from reducing costs can be apparent. Furthermore, a help desk can pose a negligible risk and have a relatively high impact on servicing needs of Marines.   One likely candidate for applied AIOps is managing the changes in a code set that takes place. BMC's Katie Tierney states that in a typical DevSecOps environment, there could be thousands of changes a day, which exceeds human capability.   The overview is apparent:  ensure appropriate oversight, governance, and transparency measures are in place when deploying agentic AI systems.        

 We're back! In this Season 5 premiere, the team reunites after their summer break to kick off an exciting new chapter. Join us as we catch up, share bold predictions for the year ahead, and explore big questions, like whether 2026 will be the year of the autonomous organization. Expect candid reflections, lively discussion, and a sneak peek at what's coming up this season.  We are very keen this season to establish a feedback loop with listeners, so will be doing shows exploring listener questions and challenges - something we are really looking forward to.  Please get in touch with us, via LinkedIn, Substack or cloudrealities@capgemini.com, if you have questions or challenges for us, we'd love to hear from you!TLDR: 00:20 – We're back! 00:35 – Catching up on what we did during the summer break 10:48 – Planning ahead until Christmas: Microsoft Ignite, AWS re:Invent, an AI mini-series and cool guests 20:27 – Tech talk: iPhone 17, deep democracy training, and the human impact of innovation 32:10 – Will autonomous organizations powered by agents emerge within 12–18 months? 40:45 – Reflections inspired by Jaws, climbing adventures, and Bruce Springsteen  HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/ ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/ SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/ 'Cloud Realities' is an original podcast from Capgemini 

Recebemos a brilhante Michelle Mesquita para provar, na prática, que AppSec não é sinônimo de “rodar um scanner e rezar”. Conversamos sobre como construir segurança desde o design, passando por threat modeling, SAST/DAST/SCA e políticas reprodutíveis — tudo sem cair na armadilha do PDF de vulnerabilidades que ninguém lê. Sim, nós também rimos (de nervoso) quando lembramos daqueles relatórios com 500 findings.Falamos ainda sobre carreira: onde começam as pessoas de AppSec, por que comunicação e influência importam tanto quanto CWE e CVE, e como programas como Security Champions destravam escala e cultura. Discutimos comunidades e referências (OWASP e afins), automação no pipeline, gamificação e até como usar IA para reduzir ruído e acelerar feedback útil para devs.E, claro, mantivemos o nosso jeitinho: didático, direto e levemente irônico. Se você quer sair do “firefighting” e colocar segurança como requisito funcional do seu produto, este episódio é para você. Prepare o café, abra o IDE e vem com a gente.O Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

In episode 154 of Cybersecurity Where You Are, Sean Atkinson discusses incident response in DevSecOps, exploring challenges and solutions in modern software development. He emphasizes the importance of integrating security into development processes and speaks about common issues like alert fatigue and software supply chain vulnerabilities. Here are some highlights from our episode:01:32. Common challenges with modern software development03:54. High-speed and continuous deployment07:08. Incident correlation with cloud deployment strategies10:00. Software supply chain vulnerabilities12:45. Alert fatigue and false positives14:30. Testing and automation as enablers of real-time anomaly detection17:40. The responsibility of incident responders to understand what they see18:58. Automated control and a projectized approach to implementing zero trust21:26. Oversight and governance with artificial intelligence and machine learning23:24. Continuous improvement and early detection28:08. Continuous monitoring and logging, automation, and incident response drills30:03. Moving down a path of helping incident responders become culturally awareResourcesCloud Security and the Shared Responsibility ModelCIS Software Supply Chain Security GuideAn Introduction to Artificial IntelligenceDefense-in-Depth: A Necessary Approach to Cloud SecurityEpisode 63: Building Capability and Integration with SBOMsEpisode 44: A Zero Trust Framework Knows No EndLeveraging Generative Artificial Intelligence for Tabletop Exercise DevelopmentIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Dave, Esmee, and Rob are strapping in for another season of bold, brain-bending conversations—and they're bringing the flux capacitor with them from Back to the Future.Season 5 beams in global leaders and innovators who challenge how we think about technology, business, and humanity. From AI disruption to digital sovereignty, from leadership to culture—this season's guests are ready to shake things up.Our first full episode drops on September 25, but before we hit 88 miles per hour, here's a quick trailer to set the timeline straight, or at least bend it a little.HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

No Kubicast de hoje nós recebemos o Leonardo Pinheiro, CRO da Clavis, para um papo direto ao ponto sobre como uma IA feita no Brasil resolve problemas do nosso cenário de cibersegurança. Falamos do Otto – a IA da Clavis –, de como ela nasceu de muita telemetria real de clientes e do porquê conhecer boleto, Pix, WhatsApp e a cadeia financeira nacional muda completamente o jogo. De quebra, confrontamos o mito do “100% seguro” e mostramos como risco, contexto e priorização guiam decisões melhores.Entramos a fundo na plataforma da Clavis (produto+serviço) e nos módulos que orbitam o Otto: gestão de vulnerabilidades, avaliação de fornecedores, correlação de eventos/EDR e validações em cloud. Discutimos quando automação brilha e quando ainda precisamos de gente experiente (ex.: pen test), além de como o Otto responde a perguntas de negócio (“qual meu score?”, “o que mitigar primeiro?”) e conecta tudo numa visão integrada.Também falamos de supply chain security, reputação e como decisões ruins de terceirização estouram no colo da sua marca. No final, tem um bloco sobre comunidade e carreira (SampaSec, Conecta 21, networking) e um respiro cultural com indicações.Links Importantes:- Leonardo Pinheiro - https://www.linkedin.com/in/leonardo-pinheiro-batista/- João Brito - https://www.linkedin.com/in/juniorjbn/- Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflM- SampaSEC - https://www.linkedin.com/groups/9381855/?fbclid=PAZXh0bgNhZW0CMTEAAact9-j_AzTmFc136pGmO_GWesqvNdULEk-rMQSkGGSlFcpGCbyZLeElRcFVqg_aem_1W_jlM9Z0G5Q6BHoe76xLw- Kubicast 125 - https://www.youtube.com/watch?v=nG7sugocQsg- A vida de Chuck - https://www.imdb.com/pt/title/tt12908150/Hashtags#SegurancaDaInformacao #Ciberseguranca #InteligenciaArtificial #IA #Otto #Clavis #SupplyChainSecurity #PenTest #GestaoDeVulnerabilidades #LGPD #SOC #EDR #ThreatIntelligence #CloudSecurity #Compliance #PlataformaDeSeguranca #Kubernetes #DevOps #DevSecOps #Kubicast #Containers #GetupO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

Threat modeling is often called the foundation of secure software design—anticipating attackers, uncovering flaws, and embedding resilience before a single line of code is written. But does it really work in practice?In this episode of AppSec Contradictions, Sean Martin explores why threat modeling so often fails to deliver:It's treated as a one-time exercise, not a continuous processResearch shows teams who put risk first discover 2x more high-priority threatsYet fewer than 4 in 10 organizations use systematic threat modeling at scaleDrawing on insights from SANS, Forrester, and Gartner, Sean breaks down the gap between theory and reality—and why evolving our processes, not just our models, is the only path forward.

Threat modeling is often called the foundation of secure software design—anticipating attackers, uncovering flaws, and embedding resilience before a single line of code is written. But does it really work in practice?In this episode of AppSec Contradictions, Sean Martin explores why threat modeling so often fails to deliver:It's treated as a one-time exercise, not a continuous processResearch shows teams who put risk first discover 2x more high-priority threatsYet fewer than 4 in 10 organizations use systematic threat modeling at scaleDrawing on insights from SANS, Forrester, and Gartner, Sean breaks down the gap between theory and reality—and why evolving our processes, not just our models, is the only path forward.

Segurança em Go não é só "rodar um scanner e rezar". Neste episódio, nós destrinchamos como escrever Go com cabeça de atacante: governança de dependências (e os perigos do type‑squatting), revisão de go.mod, uso criterioso da Standard Library e por que não usar latest em imagens. Também conectamos tecnologia com processo: repositórios privados, políticas de aprovação e pipeline que barra regressão antes do deploy.A conversa nasce de casos reais: do typo em (GHCR vs GHRC) que captura credenciais até a confusão com pacotes falsos tipo BoltDB look‑alike. Discutimos supply chain ponta a ponta, cache do Go Proxy, licenças (quando fugir de GPL) e boas práticas para autenticação.E claro, vamos além do código: SBOM no build, assinatura e verificação de imagens, OPA/Admission Control para políticas em Kubernetes, capabilities mínimas e validação de entradas com timeouts bem definidos. É papo prático, com nosso humor de sempre, para deixar segurança como padrão — não como tarefa de último minuto.Links Importantes: - Marcelo Pires - https://www.linkedin.com/in/marcpires/ - Matheus Faria - https://www.linkedin.com/in/matheusfm/ - João Brito - https://www.linkedin.com/in/juniorjbn - Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflM - Post sobre ghrc.io - https://www.linkedin.com/posts/juniorjbn_someone-is-typosquatting-ghrcio-not-github-activity-7364387040618045441-UB88/ - Typosquat - https://devops.com/typosquat-supply-chain-attack-targets-go-developers/ - https://go.dev/doc/tutorial/govulncheck - vuln.go.dev - https://github.com/anchore/syft - https://github.com/anchore/grype - https://github.com/google/capslock - https://github.com/aquasecurity/trivy - LFD121 - https://training.linuxfoundation.org/training/developing-secure-software-lfd121/ - https://deps.dev/ - https://devops.com/typosquat-supply-chain-attack-targets-go-developers/Participe de nosso programa de acesso antecipado e tenha um ambiente mais seguro em instantes! https://getup.io/zerocve

AI is everywhere in application security today — but instead of fixing the problem of false positives, it often makes the noise worse. In this first episode of AppSec Contradictions, Sean Martin explores why AI in application security is failing to deliver on its promises.False positives dominate AppSec programs, with analysts wasting time on irrelevant alerts, developers struggling with insecure AI-written code, and business leaders watching ROI erode. Industry experts like Forrester and Gartner warn that without strong governance, AI risks amplifying chaos instead of clarifying risk.This episode breaks down:• Why 70% of analyst time is wasted on false positives• How AI-generated code introduces new security risks• What “alert fatigue” means for developers, security teams, and business leaders• Why automating bad processes creates more noise, not less 

AI is everywhere in application security today — but instead of fixing the problem of false positives, it often makes the noise worse. In this first episode of AppSec Contradictions, Sean Martin explores why AI in application security is failing to deliver on its promises.False positives dominate AppSec programs, with analysts wasting time on irrelevant alerts, developers struggling with insecure AI-written code, and business leaders watching ROI erode. Industry experts like Forrester and Gartner warn that without strong governance, AI risks amplifying chaos instead of clarifying risk.This episode breaks down:• Why 70% of analyst time is wasted on false positives• How AI-generated code introduces new security risks• What “alert fatigue” means for developers, security teams, and business leaders• Why automating bad processes creates more noise, not less 

Our guest today is Akansha Shukla, an information security professional with over 10 years of experience in application security, DevSecOps, and API security. We're discussing why API security remains one of the least mature areas of AppSec today and exploring the challenges developers face when securing APIs. Akansha shares her insights on incorporating APIs into threat modeling exercises, the ongoing struggles with API discovery and inventory management, and the authorization challenges highlighted in the OWASP API Security Top 10. The conversation also touches on whether "shift left" is truly dead and why we still haven't solved basic security problems like input validation despite having the frameworks to address them.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Support the show - try out Insight Hub free for 14 days now: https://testguild.me/insighthub In this episode of the TestGuild DevOps Toolchain Podcast, host Joe Colantonio sits down with Patrick Quilter, CEO of Deploy360, to explore how AI is reshaping DevSecOps and what it means for testers, developers, and security engineers. Patrick shares his unique journey from automation engineer to founder to acquisition, and now leading a company working directly with the Department of Defense on secure, AI-powered development pipelines. You'll learn: Why automation engineers are perfectly positioned to move into security How agentic AI can transform DevOps workflows with specialized security agents Why AI won't replace skilled developers—but can supercharge them The role of local vs. cloud LLMs in security and supply chain protection Where DevSecOps and AI are headed in the next 1–3 years Patrick also reveals how Deploy360 is rolling out its next-gen DevSecOps platform and why small-to-medium businesses may benefit most from early access. Learn more about Patrick and Deploy360: Don't forget to subscribe, share, and leave a review if you find this episode valuable for your testing or DevSecOps journey. Try out SmartBear's Bugsnag for free, today. No credit card required: https://testguild.me/bugsnagfree

Bret discusses exciting news about Swarm being maintained until 2030.

The second Trump administration has spent 2025 accelerating its software modernization initiatives through the creation of agencies like the U.S. DOGE Service and other entities designed to digitize and modernize the American government. Modeling after DOD enterprise software container platforms, the Department of Veterans Affairs stood up its own Platform One application in 2021 to drive software modernization within the agency. Matthew Fuqua, technical lead at VA's Platform One, told GovCIO Media & Research Platform One is a sandbox environment where software developers can safely experiment and build applications using protected data. He said his team took inspiration from similar endeavors in federal government and built a platform where developers can focus their efforts solely on coding. Fuqua said that Platform One's ethos centered around “speed, stability, scale and security,” and each tenet drives the mission of providing services through software that can benefit veterans. Platform One supports the VA's DevSecOps strategy to streamline its operations and shift away from the traditional waterfall approach to software development that hinders innovation at speed. In a DevSecOps environment, Fuqua's team is able to monitor, update and secure troves of data rapidly, shortening processes that used to take days down to hours. Fuqua said that AI has opened the door to new potential applications but data security is paramount when considering building new software.

In today's episode, we get the unvarnished truth about making the difficult transition from federal on-prem networks to the cloud.   Michael Howard, US Transportation Command, gives a thorough analysis of topics like containers, cloud service providers, and specific benefits of cloud native applications. He has experience in enterprise-level commercial organizations, enabling him to compare available tools with those approved for a secure environment like the DoD.   He begins by stating that his area of responsibility is making a transition away from the traditional waterfall method of software development to a more agile approach. He shocks the audience by stating that his organization only releases updates quarterly. In today's rapidly changing world, a more dynamic release cycle is mandatory.   Containers:  We know that containers provide smaller pockets of code. Michael Howard points out that this allows for portability between clouds and on prem solutions.    Cloud Service Providers (CSP): It is essential to train staff in the specifics of cloud-native applications for each CSP, as every CSP has its own unique terminology and operational guidelines.   Cybersecurity:  Michael Howard's team has leveraged cloud-native tools to stand up a zero-trust compatible instance that provides data from disparate sources in a flexible, yet secure manner.   Michael Howard provides a wide range of information for the listener. The focus is on the benefits of containerized workloads, Kubernetes, and DevSecOps for improving efficiency and security.      

Bret and Nirmal are joined by Michael Irwin to discuss Docker's comprehensive AI toolkit, covering everything from local model deployment to cloud-based container orchestration across multiple interconnected tools and services.

As digital infrastructure becomes increasingly interwoven with third-party code, APIs, and AI-generated components, organizations are realizing they can't ignore the origins—or the risks—of their software. Theresa Lanowitz, Chief Evangelist at LevelBlue, joins Sean Martin and Marco Ciappelli to unpack why software supply chain visibility has become a top concern not just for CISOs, but for CEOs as well.Drawing from LevelBlue's Data and AI Accelerator Report, part of their annual Futures Report series, Theresa highlights a striking correlation: 80% of organizations with low software supply chain visibility experienced a breach in the past year, while only 6% with high visibility did. That data underscores the critical role visibility plays in reducing business risk and maintaining operational resilience.More than a technical concern, software supply chain risk is now a boardroom topic. According to the report, CEOs have the highest awareness of this risk—even more than CIOs and CISOs—because of the direct impact on brand reputation, stock value, and partner trust. As Theresa puts it, software has become the “last mile” of digital business, and that makes it everyone's problem.The conversation explores why now is the time to act. Government regulations are increasing, adversarial attacks are intensifying, and organizations are finally beginning to connect software vulnerabilities with business outcomes. Theresa outlines four critical actions: leverage CEO awareness, understand and prioritize vulnerabilities, invest in modern security technologies, and demand transparency from third-party providers.Importantly, cybersecurity culture is emerging as a key differentiator. Companies that embed security KPIs across all business units—and align security with business priorities—are not only more secure, they're also more agile. As software creation moves faster and more modular, the organizations that prioritize visibility and responsibility throughout the supply chain will be best positioned to adapt, grow, and protect their operations.Learn more about LevelBlue: https://itspm.ag/levelblue266f6cNote: This story contains promotional content. Learn more.Guest: Theresa Lanowitz, Chief Evangelist of AT&T Cybersecurity / LevelBlue [@LevelBlueCyber]On LinkedIn | https://www.linkedin.com/in/theresalanowitz/ResourcesTo learn more, download the complete findings of the LevelBlue Threat Trends Report here: https://itspm.ag/levelbyqdpTo download the 2025 LevelBlue Data Accelerator: Software Supply Chain and Cybersecurity report, visit: https://itspm.ag/lbdaf6iLearn more and catch more stories from LevelBlue: https://www.itspmagazine.com/directory/levelblueLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In this episode, host Jethro Jones discusses the crucial topic of AI and cybersecurity with Sam Bourgeois, an experienced IT director with a background in private industry and education. The conversation covers the importance of AI standards, the ethical implications of AI use, and the need for cybersecurity awareness among young people. Sam introduces 'Make It Secure Academy,' an innovative platform aimed at educating students about cybersecurity through interactive and engaging methods. The episode emphasizes the critical need to incorporate these lessons into everyday education to protect children in an increasingly digital world.Cybertraps PodcastAI Standards, AI Ethics, and Cybersecurity for kids.Working for a company that has an International footprint How to support someone who wants to bring on tools. Guardrails, not blockade. NISTRegulations around AIIs it worthwhile for kids to learn standards about AI usage. A student should know and recognize there are correct and incorrect ways to use AI. With great power comes great responsibility. MakeITsecure academyOnce data is exposed, they're being watched and tracked all the timeKids will turn 18 with data exposed for years. How to teach kids without it being a gotcha! On a mission to protect every kid, one kid at a time. About Sam BourgeoisSam is the leader of a large managed services provider in the US serving global customers ranging from defense to education. He is the Sr. Dir. of Technology and Cybersecurity and leads the visioning of new products and services, oversees DEVSECOPs teams and serves as the cyber leader of the organization and many clients. He has deep telecommunication, IT, education, and corporate training industry experiences, and is passionate about serving those in need whether it's in Rotary or non-profit board membership. Socials: @makeitsecurellc = insta, Fbhttps://www.linkedin.com/company/102108099Webpresence LLC - https://www.makeitsecurellc.com/home501c3 - https://www.make-it-secure.org/LMS - https://makeitsecure.academy/Intro to the LMS and Courses - https://youtu.be/xEyFXhe6Z3E  Join the Transformative Mastermind Today and work on your school, not just in it. Apply today. We're thrilled to be sponsored by IXL. IXL's comprehensive teaching and learning platform for math, language arts, science, and social studies is accelerating achievement in 95 of the top 100 U.S. school districts. Loved by teachers and backed by independent research from Johns Hopkins University, IXL can help you do the following and more:Simplify and streamline technologySave teachers' timeReliably meet Tier 1 standardsImprove student performance on state assessments

Brian Robbins is the CFO of GitLab, a DevSecOps platform that supports software innovation. He joins Motley Fool CEO, Tom Gardner, plus Chief Investment Officer Andy Cross and AI Engineer Karl Juhl for a conversation about: - How GitLab scaled for remote culture - How technology and AI have shifted over the years - GitLab's plan to handle the evolving cloud and DevOps landscape. Companies mentioned: GTLB Hosts: Tom Gardner, Andy Cross, Karl Juhl Guest: Brian Robbins Engineer: Bart Shannon Advertisements are sponsored content and provided for informational purposes only. The Motley Fool and its affiliates (collectively, "TMF") do not endorse, recommend, or verify the accuracy or completeness of the statements made within advertisements. TMF is not involved in the offer, sale, or solicitation of any securities advertised herein and makes no representations regarding the suitability, or risks associated with any investment opportunity presented. Investors should conduct their own due diligence and consult with legal, tax, and financial advisors before making any investment decisions. TMF assumes no responsibility for any losses or damages arising from this advertisement. Learn more about your ad choices. Visit megaphone.fm/adchoices