Podcasts about devsecops

  • 605PODCASTS
  • 3,962EPISODES
  • 47mAVG DURATION
  • 5WEEKLY NEW EPISODES
  • Jun 2, 2025LATEST

POPULARITY

20172018201920202021202220232024

Categories



Best podcasts about devsecops

Show all podcasts related to devsecops

Latest podcast episodes about devsecops

ITSPmagazine | Technology. Cybersecurity. Society
Turning AppSec into a Workflow, Not a Roadblock – Building Security Programs That Teams Actually Want to Use | An OWASP AppSec Global 2025 Conversation with Spyros Gasteratos | On Location Coverage with Sean Martin and Marco Ciappelli

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later May 29, 2025 17:28


During the upcoming OWASP Global AppSec EU in Barcelona, Spyros Gasteratos, long-time OWASP contributor and co-founder of Smithy, to explore how automation, collaboration, and community resources are shaping the future of application security. Spyros shares the foundation of his talk at OWASP AppSec Global: building a DevSecOps program from scratch using existing community tools—blending technical guidance with a celebration of open-source achievements.Spyros emphasizes that true progress in security stems not from an ever-growing stack of tools, but from aligning the humans behind them. According to him, security failures often stem from fragmented information and misaligned incentives across teams. His solution? Bring the teams together with a shared, streamlined flow of information and automate wherever possible to reduce wasted cycles and miscommunication.At the core of Spyros' philosophy is the need to turn AppSec from a blocker into a builder. Rather than overwhelming developers with endless bug reports, or security leaders with red dashboards, programs need to reflect the actual risk appetite of the business—prioritizing issues dynamically based on impact, timing, and operational goals. He challenges the one-size-fits-all approach, advocating instead for tagging systems that defer certain risks and encode organizational priorities in automation logic.A major part of that transformation lies in Smithy, the platform he's helping build. It's designed to be “Zapier for security”—an automation engine rooted in open-source standards that allows for custom workflows without creating a tangle of fragile scripts. The idea is to let teams focus on what's unique to them, while relying on battle-tested components for the rest.Looking ahead, Spyros doesn't buy into the doom-and-gloom narrative about AI limiting developer creativity. On the contrary, he argues that AI-enabled coding frees up cognitive space for better architecture and secure design thinking. In his view, creativity doesn't die—it just shifts from syntax to strategy.This episode is more than a discussion—it's a blueprint for how teams can rally around a common goal, and how OWASP's community can be the catalyst. Tune in to hear how open-source, automation, and human alignment are redefining AppSec from the ground up.GUEST: Spyros Gasteratos | OpenCRE co-lead and Founder of smithy.security | https://www.linkedin.com/in/spyr/HOST: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.comSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESSpyros' Session: A completely pluggable DevSecOps programme, for free, using community resources (https://owasp2025globalappseceu.sched.com/event/1whCB/a-completely-pluggable-devsecops-programme-for-free-using-community-resources)Learn more and catch more stories from OWASP Global AppSec EU 2025 Conference coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Software Engineering Institute (SEI) Podcast Series

Deploying cloud-centric technologies such as Kubernetes in edge environments poses challenges, especially for mission-critical defense systems. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Patrick Earl, Doug Reynolds, and Jeffrey Hamed, all DevOps engineers in the SEI's Software Solutions Division, sit down with senior reesearcher Jose Morales to discuss a recent case study involving the deployment of a hypervisor onto edge devices in a resource-constrained environment.

DevOps and Docker Talk
What you missed at KubeCon

DevOps and Docker Talk

Play Episode Listen Later May 24, 2025 39:21


At KubeCon EU 2025 in London, Nirmal and I discussed the important (and not-so-important) things you might have missed. There's also a video version of this show on YouTube.Creators & Guests Cristi Cotovan - Editor Beth Fisher - Producer Bret Fisher - Host Nirmal Mehta - Host (00:00) - DDT Audio Podcast Edited (00:04) - Intro (01:24) - KubeCon 2025 EU Overview (03:24) - Platform Engineering and AI Trends (07:03) - AI and Machine Learning in Kubernetes (15:38) - Project Pavilions at KubeCon (17:05) - FinOps and Cost Optimization (20:39) - HAProxy and AI Gateways (24:00) - Proxy Intelligence and Network Layer Optimization (26:52) - Developer Experience and Organizational Challenges (29:23) - Platform Engineering and Cognitive Load (35:54) - End of Life for CNCF Projects You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Getup Kubicast
#169 - Conversando sobre conversar - Carreira e Networking

Getup Kubicast

Play Episode Listen Later May 22, 2025 57:05


No episódio 169 do Kubicast, batemos um papo com Rafael Ferreira sobre um tema fundamental, mas muitas vezes negligenciado: a arte de conversar. Sim, a gente conversou sobre conversar! De forma descontraída e bem-humorada, destrinchamos como a comunicação impacta nossas carreiras, nosso networking e até o modo como nos vestimos em eventos tech.Falamos sobre gifs em palestras, sobre a "cara de pau" que ajuda a romper bolhas, e sobre como não adianta ser o melhor se ninguém souber disso. O Rafael compartilhou aprendizados de eventos, bastidores do Low Ops e sua jornada até virar MVP da Microsoft. Spoiler: ele usou o podcast como estratégia de networking. E funcionou.Participe do nosso programa de acesso antecipado de Imagens Zero CVE: getup.io/zerocveO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

Absolute AppSec
Episode 286 - Kayra Otaner - Authenticating Open Source Developers

Absolute AppSec

Play Episode Listen Later May 20, 2025


We are happy to have Kayra Otaner as a special guest on the Absolute AppSec podcast. Kayra (kayraotaner on LinkedIn and X/twitter), the current Director of DevSecOps at Roche, brings over 15 years of cybersecurity leadership experience from New York and Wall Street. He's led DevSecOps and DevOps teams across a variety of organizations, including ADP, Voice, and adMarketplace, and has served as a trusted CTO advisor for Trendyol. His background also includes cybersecurity consulting for the Turkish Navy, where he helped develop a defense solution that was later deployed in NATO's Locked Shields cyber defense war games in Tallinn. Kayra is a frequent speaker at international DevSecOps conferences and serves on the Business and Computer Science Advisory Board at Middlesex County College in New Jersey. During this episode of the podcast Kayra discusses his journey into information security and spurs on his recent thoughts on authenticating open source developers through models similar to TSA PreCheck.

T-Minus Space Daily
GRC and DevSecOps are non-negotiable for space startups.

T-Minus Space Daily

Play Episode Listen Later May 17, 2025 24:47


GRC (Governance, Risk, and Compliance) and DevSecOps (Development, Security, and Operations) are complementary frameworks that aim to ensure secure and compliant software development. Our guest today is Brandon Karpf, friend of the show, founder of T-Minus Space Daily, and cybersecurity expert. Brandon explains  why integrated GRC and DevSecOps are non-negotiables for space startups.  Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. T-Minus Crew Survey We want to hear from you! Please complete our 4 question survey. It'll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

ITSPmagazine | Technology. Cybersecurity. Society
Building, Breaking, Defending: Inside a Global AppSec Movement | OWASP AppSec Global 2025 Pre-Event Conversation with Avi Douglen | On Location Coverage with Sean Martin and Marco Ciappelli

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later May 15, 2025 22:32


At OWASP AppSec Global in Barcelona, the focus is clear: building secure software with and for the community. But it's not just about code or compliance. As Avi Douglen, OWASP Foundation board member, describes it, this gathering is a “hot tub” experience in contrast to the overwhelming scale of mega conferences. It's warm, immersive, and welcoming—designed for people who want to contribute, connect, and create.OWASP is more than just another security organization. It's a community-driven foundation that enables builders, breakers, defenders, and leaders to come together in pursuit of secure product development. This year's conference reflects that same inclusive energy. Whether you're a software engineer, architect, DevOps professional, security champion, or product manager, the sessions and networking spaces are built to meet you where you are—and help you grow.Beyond the BuzzwordsUnsurprisingly, AI will have a strong presence this year. But the conversations aren't limited to hype. Two flagship OWASP projects now focus on AI and LLMs—one on securing applications that use AI, the other on building secure AI systems themselves. Talks will unpack familiar problems in new contexts, like prompt injection mirroring the dynamics of older injection vulnerabilities. In other words: the technology shifts, but the core principles remain relevant.Diverse Tracks, Real ConversationsAttendees can engage across five curated tracks: builders, breakers, defenders, managers & culture, and project showcases. Topics range from threat modeling and DevSecOps to scaling security programs and fostering team culture. A dedicated training program, including hands-on sessions in secure coding and security champions, ensures practical takeaways—not just theory.Plus, the event embraces connection. A newcomer orientation, Women in AppSec gathering, hallway chats, evening socials, and even speed mentoring sessions all contribute to a vibrant, accessible experience where everyone—from seasoned leaders to curious newcomers—can find their place.A Truly Global CommunityWith participants flying in from all corners of the world, OWASP AppSec Global lives up to its name. The conversations, relationships, and tools that emerge from this event ripple far beyond Barcelona. If you build, secure, or manage software, this is one conference where showing up matters—not just for what you'll learn, but for who you'll meet.__________________________________Guest: Avi Douglen | Global Board of Directors at OWASP Foundation & Founder and CEO at Bounce Securityhttps://www.linkedin.com/in/avidouglen/Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine:  https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsManicode Security: https://itspm.ag/manicode-security-7q8i____________________________ResourcesLearn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spain____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Cloud Security Podcast by Google
EP224 Protecting the Learning Machines: From AI Agents to Provenance in MLSecOps

Cloud Security Podcast by Google

Play Episode Listen Later May 12, 2025 30:40


Guest: Diana Kelley, CSO at Protect AI  Topics: Can you explain the concept of "MLSecOps" as an analogy with DevSecOps, with 'Dev' replaced by 'ML'? This has nothing to do with SecOps, right? What are the most critical steps a CISO should prioritize when implementing MLSecOps within their organization? What gets better  when you do it? How do we adapt traditional security testing, like vulnerability scanning, SAST, and DAST, to effectively assess the security of machine learning models? Can we? In the context of AI supply chain security, what is the essential role of third-party assessments, particularly regarding data provenance? How can organizations balance the need for security logging in AI systems with the imperative to protect privacy and sensitive data? Do we need to decouple security from safety or privacy? What are the primary security risks associated with overprivileged AI agents, and how can organizations mitigate these risks?  Top differences between LLM/chatbot AI security vs AI agent security?  Resources: “Airline held liable for its chatbot giving passenger bad advice - what this means for travellers” “ChatGPT Spit Out Sensitive Data When Told to Repeat ‘Poem' Forever” Secure by Design for AI by Protect AI “Securing AI Supply Chain: Like Software, Only Not” OWASP Top 10 for Large Language Model Applications OWASP Top 10 for AI Agents  (draft) MITRE ATLAS “Demystifying AI Security: New Paper on Real-World SAIF Applications” (and paper) LinkedIn Course: Security Risks in AI and ML: Categorizing Attacks and Failure Modes

ITSPmagazine | Technology. Cybersecurity. Society
Not So Contained: When Container Isolation Is Just an Illusion | A Brand Story with Emily Long from Edera | An On Location RSAC Conference 2025 Brand Story

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later May 6, 2025 29:52


Kubernetes revolutionized the way software is built, deployed, and managed, offering engineers unprecedented agility and portability. But as Edera co-founder and CEO Emily Long shares, the speed and flexibility of containerization came with overlooked tradeoffs—especially in security. What started as a developer-driven movement to accelerate software delivery has now left security and infrastructure teams scrambling to contain risks that were never part of Kubernetes' original design.Emily outlines a critical flaw: Kubernetes wasn't built for multi-tenancy. As a result, shared kernels across workloads—whether across customers or internal environments—introduce lateral movement risks. In her words, “A container isn't real—it's just a set of processes.” And when containers share a kernel, a single exploit can become a system-wide threat.Edera addresses this gap by rethinking how containers are run—not rebuilt. Drawing from hypervisor tech like Xen and modernizing it with memory-safe Rust, Edera creates isolated “zones” for containers that enforce true separation without the overhead and complexity of traditional virtual machines. This isolation doesn't disrupt developer workflows, integrates easily at the infrastructure layer, and doesn't require retraining or restructuring CI/CD pipelines. It's secure by design, without compromising performance or portability.The impact is significant. Infrastructure teams gain the ability to enforce security policies without sacrificing cost efficiency. Developers keep their flow. And security professionals get something rare in today's ecosystem: true prevention. Instead of chasing billions of alerts and layering multiple observability tools in hopes of finding the needle in the haystack, teams using Edera can reduce the noise and gain context that actually matters.Emily also touches on the future—including the role of AI and “vibe coding,” and why true infrastructure-level security is essential as code generation becomes more automated and complex. With GPU security on their radar and a hardware-agnostic architecture, Edera is preparing not just for today's container sprawl, but tomorrow's AI-powered compute environments.This is more than a product pitch—it's a reframing of how we define and implement security at the container level. The full conversation reveals what's possible when performance, portability, and protection are no longer at odds.Learn more about Edera: https://itspm.ag/edera-434868Note: This story contains promotional content. Learn more.Guest: Emily Long, Founder and CEO, Edera | https://www.linkedin.com/in/emily-long-7a194b4/ResourcesLearn more and catch more stories from Edera: https://www.itspmagazine.com/directory/ederaLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, emily long, containers, kubernetes, hypervisor, multi-tenancy, devsecops, infrastructure, virtualization, cybersecurity, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

Agent of Influence
Episode 069 - Does Open-Source AI Create a False Sense of Security? - Suryaprakash Nalluri

Agent of Influence

Play Episode Listen Later May 6, 2025 23:50


Does Open-Source AI Create a False Sense of Security?Listen to Suryaprakash Nalluri, an accomplished application security leader, discuss the shifting landscape of application security, challenges with open-source software, and the critical role of DevSecOps in modern development. + + +Find more episodes on YouTube or wherever you listen to podcasts, as well as at netspi.com/agentofinfluence.

Defense Unicorns, A Podcast
Shipping Software Faster and Safer with Pepr

Defense Unicorns, A Podcast

Play Episode Listen Later May 5, 2025 45:07


On this episode of The Defense Unicorns Podcast, host Rebecca Lively chats with Case Wylie, Software Engineering Lead, about building security-minded software that keeps up with developer velocity. From his early days at Red Hat to architecting open-source tools at Defense Unicorns, Case shares how Pepr—a TypeScript-based operator framework—is redefining how Kubernetes clusters are secured and managed in airgapped environments. It's not just about enforcing policy; it's about enabling developers to move faster, safer, and smarter.Through real-world metaphors (ever been to a nightclub with strict bouncers?), Case breaks down the roles of admission controllers, operator frameworks, and how Pepr works seamlessly with GitOps without adding friction. He explains why Pepr isn't just a tool, but part of a broader movement to standardize security postures, reduce configuration drift, and empower app teams to focus on delivering real value. With a human-first API and open-source DNA, Pepr is built to be accessible to all, not just Kubernetes power users.If you're curious about what it takes to scale secure software in complex, mission-critical environments—or just want a fresh, practical take on DevSecOps—this episode delivers. Case also shares his philosophy on open-source collaboration and what it means to build tools that truly stand the test of scale and scrutiny.Key Quote:“Pepr will always be open source and the reason why it's open source is because frankly, open source software, when your software is open source, you expose the application or the software or the platform, whatever it is to exponentially more eyes and more eyes over time and then more people start adopting it and using it and saying like, ‘Hey, you know what? I do have this simple thing I always have to do in my cluster. Maybe I try Pepr for that.' Right? And then they do it with a simple task, and then they say, ‘Hey, you know what? It would be great if Pepr could do this thing. And they put in a feature request. Then we develop that feature request, or they develop it, and they submit a PR to Pepr. And now Pepr as a whole is better because now you're using it. I'm using it. They're using it. The more people that use it, the better.”Case WylieTime Stamps:(02:44) Introduction to UDS and Pepr(05:59) The Importance of Air-Gapped Environments(11:40) Understanding Kubernetes Admission Control(16:05) Comparing Pepr with Other Tools(22:00) Why Pepr Uses TypeScript(34:03) The Benefits of Open Source for Pepr(43:31) Lightning RoundLinks:Connect with Casey WylieConnect with Rebecca LivelyLearn More About Defense Unicorns

ITSPmagazine | Technology. Cybersecurity. Society
Resilience Is the Destination, Innovation Is the Path | An RSAC Conference 2025 Conversation | On Location Coverage with Sean Martin and Marco Ciappelli

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later May 1, 2025 4:34


In this closing update for the day from the RSAC conference show floor, Sean Martin and Marco Ciappelli reflect on the energy, conversations, and technology shaping cybersecurity today—and what's coming next. With dozens of interviews under their belts, the duo shares what's standing out across sessions and show-floor discussions.Resilience has become a key destination, with innovation—especially around AI and quantum technologies—paving the way forward. Conversations touch on how security leaders are adjusting to new threat models, merging traditional disciplines like AppSec and DevSecOps with emerging areas such as vibe coding and container security. There's a clear sense that the dialogue has shifted: zero trust isn't just a topic; it's embedded across many conversations. AI is no longer speculative—it's embedded in discussions about GRC, automation, and security architecture.Sean brings a technical and operational lens, while Marco plans to explore the societal implications in future conversations—something noticeably less discussed this year, but still deeply relevant. With more content being edited and released over the next few days, the team invites listeners to stay tuned for articles, panels, and post-conference reflections.From San Francisco to London, Vegas, and maybe even Australia—this conversation is just getting started.___________Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974Akamai: https://itspm.ag/akamailbwcBlackCloak: https://itspm.ag/itspbcwebSandboxAQ: https://itspm.ag/sandboxaq-j2enArcher: https://itspm.ag/rsaarchwebDropzone AI: https://itspm.ag/dropzoneai-641ISACA: https://itspm.ag/isaca-96808ObjectFirst: https://itspm.ag/object-first-2gjlEdera: https://itspm.ag/edera-434868___________ResourcesLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage___________KEYWORDSsean martin, marco ciappelli, rsac 2025, quantum, ai, grc, devsecops, zero trust, appsec, resilience, event coverage, on location, conference___________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Cloud Realities
CR096 TechnoVision 2025: Your gateway to cutting-edge innovation with Data-Powered Innovation Jam podcast

Cloud Realities

Play Episode Listen Later May 1, 2025 91:45


TechnoVision 2025 by Capgemini helps business leaders and technologists understand and prioritize emerging technologies. It provides a clear view of tech trends, guiding decision-makers to enhance organizational effectiveness. TechnoVision acts as a beacon in the evolving technology landscape.In this very special episode, Dave, Esmee, and Rob talk in detail with the Capgemini Data-Powered Innovation Jam podcast team, featuring Ron Tolido, CTO and CIO Insight & Data Global; Weiwei Feng, Global Tech Lead AI & Generative AI; and Robert Engels, Head Global AI Lab. They explore the seven containers in TechnoVision 2025, which organizes current trends into distinct areas that shape how businesses will innovate, operate, and expand.TLDR00:50 Teaming between the Cloud Realties hosts and the Data-Powered Innovation Jam podcast team05:52 Introduction by Ron Tolido, what's new in TechnoVision 2025 and the 7 main containers 12:25 Invisible Infostructure by Rob Kernahan21:32 Applications Unleashed by Ron Tolido37:30 Thriving on Data by Robert "Dr. Bob" Engels47:36 Process on the Fly by Weiwei Feng1:02:40 We Collaborate by Dave Chapman1:13:27 You Experience by Esmee van de Giessen1:26:39 Balance by Design by Ron Tolido1:28:06 Overall conclusionGuestsRon Tolido: https://www.linkedin.com/in/rtolido/Robert (Dr. Bob) Engels: https://www.linkedin.com/in/robertengels/Weiwei Feng: https://www.linkedin.com/in/weiwei-feng-a2417795/Data-Powered Innovation Jam podcast https://www.capgemini.com/insights/research-library/data-powered-innovation-jam-podcast/TechnoVision 2025https://www.capgemini.com/insights/research-library/technovision-2025/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

Getup Kubicast
#166 - Suply-Chain e DevSecOps com Carlos Nogueira

Getup Kubicast

Play Episode Listen Later Apr 29, 2025 71:28


DevOps morreu? Ou o problema é que a gente nunca entendeu direito o que era?No episódio 166 do Kubicast, abrimos o estúdio (e o verbo) pra refletir sobre o verdadeiro papel do DevOps nos times modernos — sem buzzwords e sem teatro.Com uma bagagem prática de quem vive a operação real de times de plataforma, João Brito discute como o conceito de DevOps foi distorcido ao longo dos anos, o impacto da senioridade técnica nesse cenário e por que segurança deveria ser parte (e não acessório) desse processo.Problemas enfrentadosRedução de DevOps a ferramentas de CI/CD, ignorando o aspecto cultural.Falta de senioridade técnica em projetos que deveriam promover boas práticas.Atribuição equivocada de segurança como um elemento isolado e "externo" ao fluxo de desenvolvimento.Times de produto e infraestrutura operando em silos, gerando entregas frágeis e sem confiabilidade.Tentativas frustradas de implementar DevOps sem autonomia real ou alinhamento cultural.Ao longo do episódio, ficou claro que o DevOps ainda faz todo sentido — mas apenas se for entendido como deveria: uma filosofia de colaboração, melhoria contínua e responsabilidade compartilhada. Reduzir DevOps a automação é como dizer que tocar guitarra é só apertar cordas.Alguns links que citamos no episódio:SLSA no DevOps na PraiaPolicies e assinaturas em imagens dockerA cultura de confiabilidade, a segurança pensada desde a origem e o respeito à maturidade técnica dos times precisam caminhar juntos. Caso contrário, DevOps vira só mais um slide bonito no keynote da empresa.O Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

Relating to DevSecOps
Episode #078:

Relating to DevSecOps

Play Episode Listen Later Apr 22, 2025 46:48


Send us a textIn this must-listen episode of Relating to DevSecOps, Ken welcomes the ever-inspiring Tanya Janca, aka SheHacksPurple—author, AppSec expert, and champion of making security usable. Together, they dig into why so many application security policies fail, why developers ignore them, and how to make them actually work. Tanya shares real-world experiences from both dev and security perspectives, plus her journey from being ignored to lobbying governments for change.From communication failures and TL;DR policy pages to leveraging wikis and code reuse, this episode is a practical masterclass in creating impactful, developer-friendly security standards.

Semaphore Uncut
Patrick Debois on AI & DevOps: What's Next?

Semaphore Uncut

Play Episode Listen Later Apr 22, 2025 26:03


In this episode of Semaphore Uncut, Patrick Debois—Generative AI and DevOps specialist —joins Darko Fabijan to share his perspective on how AI intersects with DevOps, DevSecOps, and infrastructure as code. Patrick discusses everything from generative tooling to failure handling, and what makes this era of automation both exciting and risky.Like this episode? Be sure to leave a ⭐️⭐️⭐️⭐️⭐️ review on the podcast player of your choice and share it with your friends.

ITSPmagazine | Technology. Cybersecurity. Society
Quantum Security, Real Problems, and the Unifying Layer Behind It All | A Brand Story Conversation with Marc Manzano, General Manager of the Cybersecurity Group at SandboxAQ | A RSAC Conference 2025 Brand Story Pre-Event Conversation

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Apr 21, 2025 9:31


We're on the road to RSAC 2025 — or maybe on a quantum-powered highway — and this time, Sean and I had the pleasure of chatting with someone who's not just riding the future wave, but actually building it.Marc Manzano, General Manager of the Cybersecurity Group at SandboxAQ, joined us for this Brand Story conversation ahead of the big conference in San Francisco. For those who haven't heard of SandboxAQ yet, here's a quick headline: they're a spin-out from Google, operating at the intersection of AI and quantum technologies. Yes — that intersection.But let's keep our feet on the ground for a second, because this story isn't just about tech that sounds cool. It's about solving the very real, very painful problems that security teams face every day.Marc laid out their mission clearly: Active Guard, their flagship platform, is built to simplify and modernize two massive pain points in enterprise security — cryptographic asset management and non-human identity management. Think: rotating certificates without manual effort. Managing secrets and keys across cloud-native infrastructure. Automating compliance reporting for quantum-readiness. No fluff — just value, right out of the box.And it's not just about plugging a new tool into your already overloaded stack. What impressed us is how SandboxAQ sees themselves as the unifying layer — enhancing interoperability across existing systems, extracting more intelligence from the tools you already use, and giving teams a unified view through a single pane of glass.And yes, we also touched on AI SecOps — because as AI becomes a standard part of infrastructure, so must security for it. Active Guard is already poised to give security teams visibility and control over this evolving layer.Want to see it in action? Booth 6578, North Expo Hall. Swag will be there. Demos will be live. Conversations will be real.We'll be there too — recording a deeper Brand Story episode On Location during the event.Until then, enjoy this preview — and get ready to meet the future of cybersecurity.⸻Keywords:sandboxaq, active guard, rsa conference 2025, quantum cybersecurity, ai secops, cryptographic asset management, non-human identity, cybersecurity automation, security compliance, rsa 2025, cybersecurity innovation, certificate lifecycle management, secrets management, security operations, quantum readiness, rsa sandbox, cybersecurity saas, devsecops, interoperability, digital transformation______________________Guest: Marc Manzano,, General Manager of the Cybersecurity Group at SandboxAQMarc Manzano on LinkedIn

The Tea on Cybersecurity
Cybersecurity Lingo Explained: vCISO, PII, and More

The Tea on Cybersecurity

Play Episode Listen Later Apr 21, 2025 23:56


Cybersecurity lingo can be overwhelming, but once you get the hang of the essentials, staying secure becomes much easier.In this episode, host Jara Rowe sits down with Marie Joseph, Senior Security Advisor at Trava, to break down key terms like vCISO, PII, and cybersecurity maturity models. They also differentiate between terms like hacker vs. threat actor and firewall vs. antivirus by highlighting the nuances that matter most. Plus, Marie reveals why continuous compliance is crucial, and how concepts like attack surface and risk tolerance fit into the bigger picture of your security strategy.Key takeaways:Essential cybersecurity terms and definitions: vCISO, PII, and more The importance of understanding and managing your attack surfaceWhy cybersecurity compliance can't be a one-time effortEpisode highlights:(00:00) Today's topic: Understanding cybersecurity terms(01:47) What is a vCISO, and why it benefits small businesses(02:54) Definition of PII, BCP, SIEM, DevSecOps, and BCRA (08:40) Hackers vs. threat actors Explained(10:28) Why businesses need an antivirus and a firewall(13:37) Patch management and cybersecurity attack surfaces(16:04) Continuous cybersecurity compliance(21:27) Recapping cybersecurity essentialsConnect with the host:Jara Rowe's LinkedIn - @jararoweConnect with the guest:Marie Joseph's LinkedIn - @marie-joseph-a81394143Connect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blogLinkedIn - @travasecurityYouTube - @travasecurity

DevOps and Docker Talk
Docker Model Runner

DevOps and Docker Talk

Play Episode Listen Later Apr 21, 2025 13:06


Docker launched "Docker Model Runner" to run LLMs through llama.cpp with a single "docker model" command. In this episode Bret details examples and some useful use cases for using this way to run LLMs. He breaks down the internals. How it works, when you should use it or not use it; and, how to get started using Open WebUI for a private ChatGPT-like experience.★Topics★Model Runner DocsHub ModelsOCI ArtifactsOpen WebUIMy Open WebUI Compose fileCreators & Guests Cristi Cotovan - Editor Beth Fisher - Producer Bret Fisher - Host (00:00) - Intro (00:46) - Model Runner Elevator Pitch (01:28) - Enabling Docker Model Runner (04:28) - Self Promotion! Is that an ad? For me? (05:03) - Downloading Models (07:11) - Architectrure of Model Runner (10:49) - ORAS (11:09) - What's next for Model Runner? (12:13) - Troubleshooting You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

ITSPmagazine | Technology. Cybersecurity. Society
Vibe Coding: Creativity Meets Risk in the Age of AI-Driven Development | A Conversation with Izar Tarandach | Redefining CyberSecurity with Sean Martin

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Apr 17, 2025 35:52


⬥GUEST⬥Izar Tarandach, Sr. Principal Security Architect for a large media company | On LinkedIn: https://www.linkedin.com/in/izartarandach/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥In this episode of Redefining CyberSecurity, host Sean Martin sits down with Izar Tarandach, Senior Principal Security Architect at a major entertainment company, to unpack a concept gaining traction across some developer circles: vibe coding.Vibe coding, as discussed by Izar and Sean, isn't just about AI-assisted development—it's about coding based on a feeling or a flow, often driven by prompts to large language models (LLMs). It's being explored in organizations from startups to large tech companies, where the appeal lies in speed and ease: describe what you want, and the machine generates the code. But this emerging approach is raising significant concerns, particularly in security circles.Izar, who co-hosts the Security Table podcast with Matt Coles and Chris Romeo, calls attention to the deeper implications of vibe coding. At the heart of his concern is the risk of ignoring past lessons. Generating code through AI may feel like progress, but without understanding what's being written or how it fits into the broader architecture, teams risk reintroducing old vulnerabilities—at scale.One major issue: the assumption that code generated by AI is inherently good or secure. Izar challenges that notion, reminding listeners that today's coding models function like junior developers—they may produce working code, but they're also prone to mistakes, hallucinations, and a lack of contextual understanding. Worse yet, organizations may begin to skip traditional checks like code reviews and secure development lifecycles, assuming the machine already got it right.Sean highlights a potential opportunity—if used wisely, vibe coding could allow developers to focus more on outcomes and user needs, rather than syntax and structure. But even he acknowledges that, without collaboration and proper feedback loops, it's more of a one-way zone than a true jam session between human and machine.Together, Sean and Izar explore whether security leaders are aware of vibe-coded systems running in their environments—and how they should respond. Their advice: assume you already have vibe-coded components in play, treat that code with the same scrutiny as anything else, and don't trust blindly. Review it, test it, threat model it, and hold it to the same standards.Tune in to hear how this new style of development is reshaping conversations about security, responsibility, and collaboration in software engineering.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring LinkedIn Post — https://www.linkedin.com/posts/izartarandach_sigh-vibecoding-when-will-we-be-able-activity-7308105048926879744-fNMSSecurity Table Podcast: Vibe Coding: What Could Possibly Go Wrong? — https://securitytable.buzzsprout.com/2094080/episodes/16861651-vibe-coding-what-could-possibly-go-wrongWebinar: Secure Coding = Developer Power, An ITSPmagazine Webinar with Manicode Security — https://www.crowdcast.io/c/secure-coding-equals-developer-power-how-to-convince-your-boss-to-invest-in-you-an-itspmagazine-webinar-with-manicode-security-ad147fba034a⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

Cloud Realities
CR95: The gap between humanity and AI with Anders Indset, Philosopher & Author

Cloud Realities

Play Episode Listen Later Apr 17, 2025 61:18


This year is the year that AI moves from the individual assistant to the collective and autonomous - from co-pilots to agent to agent integration.  But what do we know of its collective impact and how does humanity fit in?This week's Easter Special, Dave, Esmee and Rob talk to Anders Indset, about his work (Ex Machina and the Singularity Paradox), capability of infinite progress, humane capitalism, where might the human find themselves in an AGI world and does the intersection of quantum and AI make the chance of us living in a simulation more likely…TLDR01:34 Introduction of Anders Indset03:50 Rob is confused about hackers starting to create saleable products08:12 Conversation with Anders Indset49:50 Who do we see as future leaders in our team?59:15 Conference in Austria about values in Europe and the future of Europe

Redefining CyberSecurity
Vibe Coding: Creativity Meets Risk in the Age of AI-Driven Development | A Conversation with Izar Tarandach | Redefining CyberSecurity with Sean Martin

Redefining CyberSecurity

Play Episode Listen Later Apr 17, 2025 35:52


⬥GUEST⬥Izar Tarandach, Sr. Principal Security Architect for a large media company | On LinkedIn: https://www.linkedin.com/in/izartarandach/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥In this episode of Redefining CyberSecurity, host Sean Martin sits down with Izar Tarandach, Senior Principal Security Architect at a major entertainment company, to unpack a concept gaining traction across some developer circles: vibe coding.Vibe coding, as discussed by Izar and Sean, isn't just about AI-assisted development—it's about coding based on a feeling or a flow, often driven by prompts to large language models (LLMs). It's being explored in organizations from startups to large tech companies, where the appeal lies in speed and ease: describe what you want, and the machine generates the code. But this emerging approach is raising significant concerns, particularly in security circles.Izar, who co-hosts the Security Table podcast with Matt Coles and Chris Romeo, calls attention to the deeper implications of vibe coding. At the heart of his concern is the risk of ignoring past lessons. Generating code through AI may feel like progress, but without understanding what's being written or how it fits into the broader architecture, teams risk reintroducing old vulnerabilities—at scale.One major issue: the assumption that code generated by AI is inherently good or secure. Izar challenges that notion, reminding listeners that today's coding models function like junior developers—they may produce working code, but they're also prone to mistakes, hallucinations, and a lack of contextual understanding. Worse yet, organizations may begin to skip traditional checks like code reviews and secure development lifecycles, assuming the machine already got it right.Sean highlights a potential opportunity—if used wisely, vibe coding could allow developers to focus more on outcomes and user needs, rather than syntax and structure. But even he acknowledges that, without collaboration and proper feedback loops, it's more of a one-way zone than a true jam session between human and machine.Together, Sean and Izar explore whether security leaders are aware of vibe-coded systems running in their environments—and how they should respond. Their advice: assume you already have vibe-coded components in play, treat that code with the same scrutiny as anything else, and don't trust blindly. Review it, test it, threat model it, and hold it to the same standards.Tune in to hear how this new style of development is reshaping conversations about security, responsibility, and collaboration in software engineering.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring LinkedIn Post — https://www.linkedin.com/posts/izartarandach_sigh-vibecoding-when-will-we-be-able-activity-7308105048926879744-fNMSSecurity Table Podcast: Vibe Coding: What Could Possibly Go Wrong? — https://securitytable.buzzsprout.com/2094080/episodes/16861651-vibe-coding-what-could-possibly-go-wrongWebinar: Secure Coding = Developer Power, An ITSPmagazine Webinar with Manicode Security — https://www.crowdcast.io/c/secure-coding-equals-developer-power-how-to-convince-your-boss-to-invest-in-you-an-itspmagazine-webinar-with-manicode-security-ad147fba034a⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

Getup Kubicast
#164 - Segurança é tão importante assim? (Parte 2)

Getup Kubicast

Play Episode Listen Later Apr 15, 2025 41:49


Você já caiu na armadilha da “imagem invulnerável”? Na segunda parte do episódio 164 da sétima temporada do Kubicast, continuamos nosso papo com Alexandre Sieira, fundador da Tenchi Security, entrando de cabeça nos desafios técnicos da segurança prática — aquela do dia a dia, que envolve CVE, GitHub comprometido e decisões que custam caro.Com exemplos reais e reflexões afiadas, Sieira nos mostra por que segurança é mais do que política: é arquitetura, processo e cultura em ação. Problemas enfrentadosImagens de container com base vulnerável sendo tratadas como “seguras”.Falta de visibilidade sobre o que está rodando no pipeline.Risco de dependências excessivas e falta de controle na supply chain.Incidentes reais de comprometimento em ferramentas de CI/CD (como GitHub Actions).Dificuldade em conciliar segurança com performance operacional.Soluções adotadasGestão contínua de vulnerabilidades com foco em redução de superfície de ataque.Uso do SBOM (Software Bill of Materials) como aliado na rastreabilidade.Segregação de ambientes com deploy seguro entre contas e contextos.Otimizações de arquitetura sem abrir mão de práticas seguras.Estreitamento entre times de produto e segurança desde o início da jornada. Ao longo do episódio, ficou claro que segurança eficaz não depende de uma stack perfeita — mas sim de decisões conscientes. Frequentar o mundo real de DevSecOps é entender que agilidade e segurança não só podem coexistir, como se complementam. Releases frequentes, rastreabilidade e cultura de melhoria contínua são fatores que reduzem riscos e aumentam a confiança da operação. Entre as boas práticas discutidas, reforçamos que menos é mais: minimizar dependências, separar ambientes, aplicar princípios como Least Privilege e pensar sempre em blast radius são decisões simples, mas com grande impacto. Além disso, aproximar os times desde a arquitetura ajuda a criar um ambiente de segurança distribuída — e não centralizada como barreira.

Defense Unicorns, A Podcast
Why DIU Ruined Wayne Starr in the Best Way

Defense Unicorns, A Podcast

Play Episode Listen Later Apr 14, 2025 50:18


On this episode of The Defense Unicorns Podcast, we're not just talking about writing code—we're talking about what happens when you try to change the culture of software inside the Department of Defense. From flying to Qatar to debug mission-critical planning tools to reflashing smart lightbulbs with open-source firmware, Wayne Starr has done it all. Host Rebecca Lively sits down with Wayne, a Unicorn Engineer at Defense Unicorns,  to unpack what it takes to deliver secure, user-centered software in one of the world's most complex environments.Wayne shares how his early career at DIU “ruined” him—in the best possible way—by showing what was possible when bureaucratic blockers are set aside and software teams are trusted to deliver. He dives into real DevSecOps wins and war stories, including a mission-planning app that saved hours of planner time and real dollars in fuel. Along the way, he reflects on the absurdity of battles over office headsets, the power of printing MP3s on paper, and how open source gives individuals more control over their technology.If you've ever tried to navigate the maze of government compliance, or if you're just wondering what DevSecOps looks like when it's done right, Wayne's story offers a rare behind-the-scenes look. From tactical impact to philosophical reflections, this conversation covers what it means to ship software that matters—and why knowing the rules better than anyone else is sometimes the only way to change the game.Key Quote Options:“  I want to control technology. I don't want technology to control me. If it's closed-source software, it could suddenly require a subscription at some point, it could be connected to the cloud, and who knows what's happening with the data, who knows where that's going. And so I try to pull as much back as I can to things that I can control and that I can monitor and use.”Wayne StarrTime Stamps:(00:49) First Assignment at Defense Innovation Unit(04:28) Skepticism and Acceptance from Users(12:16) Open Source Software Journey(29:55) Creating ZARF(39:23) Other Notable Open Source Projects: Pepper and Lula(43:31) Lightning RoundLinks:Connect with Wayne StarrConnect with Rebecca LivelyLearn More About Defense Unicorns

Cloud Realities
CRLIVE45 Google Cloud Next 2025: Evolving Digital and AI Landscape for Fortune 500 companies with Gina Fratarcangeli, Google Cloud

Cloud Realities

Play Episode Listen Later Apr 12, 2025 24:44


Hello Las Vegas — we've arrived for Google Cloud Next 2025!Arthur C. Clarke's third law, "Any sufficiently advanced technology is indistinguishable from magic"Hot drop coming through! The #CloudRealities podcast team has landed in electric Las Vegas—and you know what they say: what happens in Vegas normally stays in Vegas... but in this case, we're bringing 8 incredible conversations in the coming days with inspiring guests who are shaping the future of cloud, data, and AI.On the last day, we have two separate episodes lined up to explore how AI is affecting the macro scale and impacting leadership transformation.In this conversation, Dave, Esmee, and Rob talk with Gina Fratarcangeli, Managing Director, NA GSI Leader at Google Cloud about The shifting landscape of Digital and AI technologies among Fortune 500 companies.TLDR00:20 Introduction of Gina Fratarcangeli03:20 Key announcements from the Google Cloud Next Keynote05:56 Main conversation with Gina Fratarcangeli about Fortune 500 companies and their journey towards digital transformation and AI22:01 Who's your favorite magician?GuestGina Fratarcangeli: https://www.linkedin.com/in/gina-fratarcangeli/ HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

Cloud Realities
CRLIVE46 Google Cloud Next 2025: Leading Cloud Transformation with Strategic Vision with Lee Moore, Google Cloud

Cloud Realities

Play Episode Listen Later Apr 12, 2025 42:10


Hello Las Vegas — we've arrived for Google Cloud Next 2025!Arthur C. Clarke's third law, "Any sufficiently advanced technology is indistinguishable from magic"Hot drop coming through! The #CloudRealities podcast team has landed in electric Las Vegas—and you know what they say: what happens in Vegas normally stays in Vegas... but in this case, we're bringing 8 incredible conversations in the coming days with inspiring guests who are shaping the future of cloud, data, and AI.On the last day, we have two separate episodes lined up to explore how AI is affecting the macro scale and impacting leadership transformation.In the last conversation of the event, Dave, Andy, and Rob talk with  Lee Moore, VP Global Google Cloud Consulting at Google Cloud about Leading Cloud Transformation with Strategic Vision.TLDR00:50 Introduction of Lee Moore07:00 Final key announcements from the Google Cloud Next Keynote11:05 Main conversation with Lee Moore about cloud and AI-driven transformation and Intentional leadership 36:31 Who's your favorite magician and tying all the magic together of a fantastic week!!GuestLee Moore: https://www.linkedin.com/in/lee-t-moore/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Guest host Andy Appleby: https://www.linkedin.com/in/andyapplebycapgeminiglobalinfrastructureservices/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

Cloud Realities
CRLIVE42 Google Cloud Next 2025: AI Fueling Insurance Evolution with Meg Tucker, Google Cloud

Cloud Realities

Play Episode Listen Later Apr 11, 2025 32:20


Hello Las Vegas — we've arrived for Google Cloud Next 2025!Arthur C. Clarke's third law, "Any sufficiently advanced technology is indistinguishable from magic"Hot drop coming through! The #CloudRealities podcast team has landed in electric Las Vegas—and you know what they say: what happens in Vegas normally stays in Vegas... but in this case, we're bringing 8 incredible conversations in the coming days with inspiring guests who are shaping the future of cloud, data, and AI.On the second day, we have three separate episodes lined up to deep dive into industries such as insurance, telecom, and retail, all linked to AI, data, and innovation.In this conversation, Dave, Esmee, and Rob talk with Meg Tucker, Director of Insurance at Google Cloud about Fueling Insurance Evolution with AI.TLDR00:26 Introduction of Meg Tucker02:36 Key announcements from the Google Cloud Next Keynote07:26 Main conversation with Meg Tucker about the Insurance Evolution based on AI29:30 Who's your favorite magician?GuestMeg Tucker: https://www.linkedin.com/in/megtuckerla/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

Cloud Realities
CRLIVE43 Google Cloud Next 2025: Unlocking Retail Potential with Kapil Dabi, Google Cloud

Cloud Realities

Play Episode Listen Later Apr 11, 2025 28:45


Hello Las Vegas — we've arrived for Google Cloud Next 2025!Arthur C. Clarke's third law, "Any sufficiently advanced technology is indistinguishable from magic"Hot drop coming through! The #CloudRealities podcast team has landed in electric Las Vegas—and you know what they say: what happens in Vegas normally stays in Vegas... but in this case, we're bringing 8 incredible conversations in the coming days with inspiring guests who are shaping the future of cloud, data, and AI.On the second day, we have three separate episodes lined up to deep dive into industries such as insurance, telecom, and retail, all linked to GenAI, data, and innovation.In this conversation, Dave, Esmee, and Rob talk with Kapil Dabi, America's Director & Market Lead, Retail at Google Cloud about Unlocking Retail Potential with AI and Data. TLDR00:24 Introduction of Kapil Dabi03:00 Key announcements from the Google Cloud Next Keynote and Retail market strategies09:50 Main conversation with Kapil Dabi about how to unlock retail potential with AI and Data26:10 Who's your favorite magician?GuestKapil Dabi: https://www.linkedin.com/in/kapildabi/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

Cloud Realities
CRLIVE44 Google Cloud Next 2025: Accelerating Innovation in Telecom with AI, Jen Hawes-Hewitt, Google Cloud

Cloud Realities

Play Episode Listen Later Apr 11, 2025 35:03


Hello Las Vegas — we've arrived for Google Cloud Next 2025!Hot drop coming through! The #CloudRealities podcast team has landed in electric Las Vegas—and you know what they say: what happens in Vegas normally stays in Vegas... but in this case, we're bringing 8 incredible conversations in the coming days with inspiring guests who are shaping the future of cloud, data, and AI.On the second day, we have three separate episodes lined up to deep dive into industries such as insurance, telecom, and retail, all linked to GenAI, data, and innovation.In this conversation, Dave, Andy, and Rob talk with Jen Hawes-Hewitt, Head of Global Solution Partner Programs, Global Telecom Industry at Google Cloud about Accelerating Innovation in Telecom with AI and GenAI.TLDR01:04 Introduction of Jen Hawes-Hewitt and guest host Andy Appleby04:06 Key announcements from the Google Cloud Next Keynote09:39 Main conversation with Jen Hawes-Hewitt31:58 Who's your favorite magician?GuestJen Hawes-Hewitt: https://www.linkedin.com/in/jenhaweshewitt/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Guest host Andy Appleby: https://www.linkedin.com/in/andyapplebycapgeminiglobalinfrastructureservices/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

Cloud Realities
CRLIVE40 Google Cloud Next 2025: Strategic Thinking and Visioning in AI with Charlotte Gistelinck, Google Cloud

Cloud Realities

Play Episode Listen Later Apr 10, 2025 36:09


Hello Las Vegas — we've arrived for Google Cloud Next 2025!Arthur C. Clarke's third law, "Any sufficiently advanced technology is indistinguishable from magic"Hot drop coming through! The Cloud Realities podcast team has landed in electric Las Vegas—and you know what they say: what happens in Vegas normally stays in Vegas... but in this case, we're bringing 8 incredible conversations in the coming days with inspiring Google guests who are shaping the future of cloud, data, and AI.On the first day, we have 3 separate episodes lined up to discuss Google AI strategy & vision, practical implementations, and exciting use cases.In the second conversation, Dave, Esmee, and Rob, talk with Charlotte Gistelinck, Machine Learning / AI Partner Engineer at Google, on how strategic thinking and visioning in AI/ML are key to driving innovation and long-term success.TLDR00:24 Introduction of Charlotte Gistelinck 04:12 Key announcements from the Google Cloud Next Keynote 07:17 Main conversation with Charlotte about Strategic Thinking and Visioning in AI  37:14 Who's your favorite magician?GuestCharlotte Gistelinck: https://www.linkedin.com/in/charlottegistelinck/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

Cloud Realities
CRLIVE41 Google Cloud Next 2025: Driving Digital Transformation with customers with Jim Anderson, Google Cloud

Cloud Realities

Play Episode Listen Later Apr 10, 2025 26:38


Hello Las Vegas — we've arrived for Google Cloud Next 2025!Arthur C. Clarke's third law, "Any sufficiently advanced technology is indistinguishable from magic"Hot drop coming through! The #CloudRealities podcast team has landed in electric Las Vegas—and you know what they say: what happens in Vegas normally stays in Vegas... but in this case, we're bringing 8 incredible conversations in the coming days with inspiring guests who are shaping the future of cloud, data, and AI.On the first day, we have 3 separate episodes lined up to discuss Google AI strategy & vision, practical implementations, and exciting use cases.In the third conversation, Dave, Esmee, and Rob talk with Jim Anderson, VP, NA Partner Ecosystem & Channels at Google, on how customers are using Cloud, AI/ML, and Data Analytics to power digital transformation. From real-world success stories to the trends shaping the year ahead—this one's packed with actionable insights.TLDR00:23 Introduction of Jim Anderson04:17 Key announcements from the Google Cloud Next Keynote06:44 Main conversation with Jim Anderson about Driving Digital Transformation with Customers 24:50 Who's your favorite magician?GuestJim Anderson: https://www.linkedin.com/in/jimmya/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

Cloud Realities
CRLIVE39 Google Cloud Next 2025: Leading AI Innovation with Saurabh Tiwary, Google Cloud

Cloud Realities

Play Episode Listen Later Apr 10, 2025 40:33


Hello Las Vegas — we've arrived for Google Cloud Next 2025!Arthur C. Clarke's third law, "Any sufficiently advanced technology is indistinguishable from magic"Hot drop coming through! The #CloudRealities podcast team has landed in electric Las Vegas—and you know what they say: what happens in Vegas normally stays in Vegas... but in this case, we're bringing 8 incredible conversations in the coming days with inspiring guests who are shaping the future of cloud, data, and AI.On the first day, we have 3 separate episodes lined up to discuss Google AI strategy & vision, practical implementations, and exciting use cases.Dave, Esmee, and Rob kick off with Saurabh Tiwary, VP, General Manager, Cloud AI at Google Cloud, about Leading AI Innovation for Enterprise Solutions, to solve complex enterprise challenges and deliver true business value.TLDR00:22 We're back in Vegas, here's what to expect in the coming days01:43 Introduction of Saurabh Tiwary and the David Copperfield show05:14 Discussion on Google Cloud Next themes this week with special guest James Goeders, Head of Product, Google Quantum AI12:10 Main conversation on Cloud AI with Saurabh Tiwary37:28 Who's your favorite magician?GuestSaurabh Tiwary: https://www.linkedin.com/in/saurabh-tiwary/ HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

Unveiled: GovCon Stories
Messy Market, Magic Moves

Unveiled: GovCon Stories

Play Episode Listen Later Apr 9, 2025 54:58


We're in a season of disruption—political shifts, evolving policies, contracting delays, and social tensions are impacting how business gets done, especially in the federal space. If you're a small business owner or leader trying to make sense of how to stay relevant—or just stay open—you're not alone.In this episode, we're unpacking how to navigate the high-stakes environment of public sector contracting when the rules seem to keep changing. We'll explore how policy, politics, and procurement slowdowns intersect with real-world business survival.Then, we'll shift gears and talk about tangible strategies to pivot smartly—without losing your footing. Whether you're repositioning your offers, realigning with a new customer, or expanding to commercial markets, this conversation is your guide to pivoting with power, not panic.Guest Bio:Shaun Edens founded Lucky Rabbit in 2020 and has since led its growth into a trusted digital modernization partner for agencies like USCIS, OPM, CMS, GSA, and ED, as well as commercial clients like CrabPlace.com. With a background in senior roles at firms including CTEC, TechFlow, Enlightened, and Booz Allen Hamilton, he brings deep expertise in agile transformation, cloud migration, DevSecOps, and enterprise architecture.Shaun holds an MBA from the University of Illinois and a B.S. in Computer Science from Morehouse College. He's certified in SAFe, Scrum, Product Ownership, and AWS, and skilled in tools like ReactJS, Go, Python, and CI/CD pipelines. Focused on innovation and transparency, Shaun continues to lead Lucky Rabbit in delivering human-centered, secure digital solutions that drive real impact.Call(s) to Action:Help spread the word about Unveiled: GovCon Stories: https://shows.acast.com/unveiled-govcon-storiesDo you want to be a guest or recommend a topic that you would like to learn or hear about on the podcast? Let us know through our guest feedback and registration form.Links:Lucky RabbitLucky Rabbit BlueTechFollow Lucky Rabbit on LinkedInSponsors:The views and opinions expressed in this podcast are solely those of the hosts and guests, and do not reflect the views or endorsements of our sponsors.Withum – Diamond Sponsor!Withum is a forward-thinking, technology-driven advisory and accounting firm, helping clients to be in a position of strength in today's complex business environment. Go to Withum's website to learn more about how they can help your business! Hosted on Acast. See acast.com/privacy for more information.

PODCAFÉ DA TI
Joas Santos: Hackeando para proteger - Segurança Ofensiva

PODCAFÉ DA TI

Play Episode Listen Later Apr 8, 2025 83:26 Transcription Available


Joas Santos é especialista em Red Team e traz uma visão prática sobre como pensar segurança de forma ofensiva. Falamos sobre engenharia social, testes de intrusão, inteligência de ameaças, mentoria e os desafios de construir defesas que realmente funcionam. Uma conversa direta com quem está na linha de frente da segurança cibernética no Brasil.

Cloud Realities
CR094: Shifting perspective on sustainability with Lewis Richards, Microsoft

Cloud Realities

Play Episode Listen Later Apr 3, 2025 52:23


As organizations increasingly integrate Gen AI into their operations, it's crucial to consider the technology's environmental impact. However, only 12% of executives report that their organizations measure Gen AI's footprint, and just 20% prioritize its environmental footprint among the top five factors when choosing or developing models. Despite this, Gen AI's ability to rapidly process large volumes of data helps organizations improve customer experience, optimize operations, drive growth, and foster innovation.This week, Dave, Esmee and Rob talk to Lewis Richards, Microsoft Chief Sustainability Officer, UK about the pivotal shift in global sustainability perspectives, the challenges of fostering meaningful conversations in the digital world and strategies to enhance human understanding of technology and its impacts. TLDR04:10 Rob is confused about shaky user interface design 07:26 Sustainability conversation with Lewis Richards43:15 What would a digital waste constellation look like? 49:50 Training for a High Rock fitness race GuestLewis Richards: https://www.linkedin.com/in/lewisrichardscso/Developing sustainable Gen AI, Report from the Capgemini Research Institute: https://www.capgemini.com/insights/research-library/sustainable-gen-ai/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

Getup Kubicast
#163 - DevSecOps na prática com Robson Santos

Getup Kubicast

Play Episode Listen Later Apr 3, 2025 60:14


No episódio 163 do Kubicast, conversamos com o especialista em segurança Robson, que compartilha experiência prática sobre como integrar segurança desde o início do ciclo de desenvolvimento. Abordamos temas essenciais como DevOps, DevSecOps, desenvolvimento seguro, segurança na nuvem, e as melhores práticas para ambientes  Kubernetes e Cloud Native.Confira os principais temas abordados neste episódio:  Desafios e Certificações em SegurançaIntegração entre Desenvolvimento, Operações e SegurançaSAST, DAST e Ferramentas Open SourceModelagem de Ameaças e Estratégias de MitigaçãoSegmentação de Rede e Políticas de Segurança no KubernetesRecomendações Práticas e Cultura de ResiliênciaEncerramento e Convite para a ComunidadeComente abaixo suas dúvidas e experiências, curta e compartilhe este vídeo para ajudar nossa comunidade a crescer. Para saber mais, confira os links dos recursos e certificações mencionados no vídeo.**Links Úteis:**  https://linkedin.com/company/getupcloudhttps://www.linkedin.com/in/juniorjbn/https://www.linkedin.com/in/medrobson80/Inscreva-se para mais conteúdos sobre #DevOps, #DevSecOps, #Kubernetes, #CloudNative, #Containers e #Segurança!O Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

Cloud Realities
CR093: Role of AI/Gen AI in cybersecurity with Corence Klop, Rabobank

Cloud Realities

Play Episode Listen Later Mar 27, 2025 44:18


AI and Generative AI are transforming cybersecurity by enhancing threat detection and response. These technologies offer unmatched accuracy and efficiency, making them crucial for protecting sensitive data. As cyber threats evolve, integrating AI into security strategies is essential. This week, Dave, Esmee and Rob talk to Corence Klop, CISO at the Rabobank, about the expanding role of AI and Generative AI in cybersecurity, and how to begin integrating these technologies into your organization. TLDR04:45 Rob is confused about wrong AI information for a hotel booking 08:20 Conversation with Corence33:40 How can you identify the state of flow for your end-user in agile practices?40:50 Going to the swimming pool and disco with your daughter  GuestCorence Klop: https://www.linkedin.com/in/corenceklop/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

DevOps and Docker Talk
What's Coming in 2025?

DevOps and Docker Talk

Play Episode Listen Later Mar 26, 2025 16:42 Transcription Available


This episode is about what I'm seeing and what I'm doing right now, and then for the rest of the year. There are three parts. First, I talk about what's about to happen for me for the next few weeks re going to London for KubeCon. Then what I'm planning to change in this podcast, as well as my other content on YouTube for the rest of the year. And lastly, I talk about some industry trends that I'm seeing that will force me, I think, to change the format of this show. I recorded the episode on March 22, 2025.★Topics★My work at KubeCon EU in LondonWhat's next for this Podcast and my YouTubeWhat's up with AI for DevOps?Creators & Guests Beth Fisher - Producer Bret Fisher - Host (00:00) - What's Coming in 2025 (01:07) - Highlights I'm excited about re KubeCon (04:35) - Changes to this Podcast (05:58) - What's up with AI and "Agentic DevOps"? (15:11) - Upcoming guests You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Relating to DevSecOps
Episode #077: Is Google Eating the Cloud?

Relating to DevSecOps

Play Episode Listen Later Mar 24, 2025 31:59


Send us a textIn this episode of Relating to DevSecOps, Ken Toler and Mike McCabe dive deep into Google's blockbuster acquisition of Wiz.io for a reported $32 billion. They explore the implications for cloud security, the consolidation of the DevSecOps tooling landscape, and how this move compares to Google's previous acquisitions like Mandiant and Chronicle. The duo debates the future of multi-cloud strategies, platform fatigue, and whether Wiz will remain the darling of the security community—or get lost in the labyrinth of Google Cloud products. With sharp insights and a dash of hot takes, they paint a picture of a cloud security ecosystem at a pivotal turning point

DevOps and Docker Talk
Docker Build the best way with Docker Bake

DevOps and Docker Talk

Play Episode Listen Later Mar 24, 2025 15:05 Transcription Available


The Docker Bake Build tool just went general availability, and I'm excited about what this means for creating reproducible builds and automation that can run anywhere  CI locally. I love it. Really, and in this video I'm gonna break down some of the features, the benefits and walk through some examples.In this episode I explain why docker buildx bake exists, what it can do, and I walk through multiple examples of Bake files and how it's better than docker build image and docker compose build. I also touch on BuildKit and Docker's GitHub Actions.There's also a video version of this show on YouTube.★Get started with Docker Bake★Walkthough https://docs.docker.com/guides/bake/ Docs: https://docs.docker.com/build/bake/GA Announcement: https://www.docker.com/blog/ga-launch-docker-bake/Creators & Guests Beth Fisher - Producer Bret Fisher - Host (00:00) - Intro (00:04) - / (00:41) - History Lesson (01:29) - Bake Today (02:43) - Ad for... Me! (03:53) - List of Benefits (10:29) - Use Bake Everywhere (12:41) - Leaning into Bake, maybe? You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Cloud Realities
CRSP04: Reimagining Telecom Industry pt.4 - Data & AI with Osman Peermamode, Vodafone Group

Cloud Realities

Play Episode Listen Later Mar 20, 2025 47:05


The telecom industry is undergoing a fundamental transformation. This shift is creating new business opportunities and services but also brings significant challenges in transformation and modernization. In a new five-part mini-series, Reimagining Telecoms, we will explore these challenges through five distinct lenses: Growth, Networks, Simplification, Data & AI, and Regulation, uncovering lessons and insights relevant to telecom organizations and beyond. This week, Dave, Esmee and Rob talk to Osman Peermamode, Director, Data & Analytics at Vodafone Group about data and how can it act as a differentiator and does regulation both help or hinder that progress?TLDR01:50 Update on Reimagining Telecoms mini-series03:30  Main conversation with Osman Peermamode34:00 AI in other industries and owns the intelligence?  43:55 May dashboard rest in peace GuestOsman Peermamode: https://www.linkedin.com/in/osmanpeermamode/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/with Praveen Shankar: https://www.linkedin.com/in/praveen-shankar-capgemini/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

Startup Field Guide by Unusual Ventures: The Product Market Fit Podcast
Jyoti Bansal on how Traceable found product-market fit

Startup Field Guide by Unusual Ventures: The Product Market Fit Podcast

Play Episode Listen Later Mar 19, 2025 29:49


Jyoti Bansal is the CEO of  @Harnessio  and  @TraceableAI . He is also a co-founder of Unusual Ventures.In a special episode of the Startup Field Guide podcast, Jyoti sits down with John Vrionis – his co-founder and friend of 20 years — to discuss the recent merger of Harness and Traceable. This merger positions Harness + Traceable to create the most advanced AI-native DevSecOps platform in the world!Join us as we discuss:00:00 Product market-fit is a journey1:38 The recent merger between Harness and Traceable3:09 The insight that led to Traceable's founding4:37 The technical inflection that Jyoti saw in 20197:46 The initial idea for Traceable11:39 Figuring out the right customer14:12 Iterating on Traceable's GTM approach16:34 Advice for early-stage founders21:54 The big vision for Traceable + Harness25:56 One book all founders should read26:26 Jyoti's advice on team-building27:55 Essential soft skill for founders28:55 Perspective on leadershipJohn Vrionis is the co-founder and CEO of Unusual Ventures.Unusual Ventures is a seed-stage venture capital firm designed from the ground up to give a distinct advantage to founders building the next generation of software companies. Unusual has invested in category-defining companies like Webflow, Arctic Wolf Networks, Carta, Robinhood, and Harness. Learn more about us at https://www.unusual.vc/.

Cloud Realities
CR092: Get the people right, and tech follow Amy Williams, Barclays

Cloud Realities

Play Episode Listen Later Mar 13, 2025 53:59


In the complex technology landscape, getting the people right is crucial for success. When the right team is in place, the technology will naturally follow, leading to impactful outcomes. Building a strong team ensures that the organization can navigate challenges and leverage technological advancements effectively.This week, Dave, Esmee and Rob talk to Amy Williams, Managing Director, Cloud Services Product Lead at Barclays about the importance of good leadership and why is it important in today's Cloud landscape.TLDR 04:43 Rob is confused about train information at stations08:30 Conversation with Amy Williams43:32 Polarity Management and The Leadership Perspective Shift51:15 Running the 10K faster and continuing with great work within the teamGuest:Amy Williams: https://www.linkedin.com/in/amy-williams-618bb612/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

Lean Blog Interviews
John Willis on Deming's Journey to Profound Knowledge in IT & DevOps

Lean Blog Interviews

Play Episode Listen Later Mar 12, 2025 60:08


My guest for Episode #524 of the Lean Blog Interviews Podcast is John Willis, an accomplished IT management expert with over 45 years of experience. His extensive body of work includes contributions to Deming's Journey to Profound Knowledge and co-authoring The DevOps Handbook. See video, transcript, and more Hosts a podcast that I was recently on, "Profound." John focuses his current research on DevOps, DevSecOps, IT risk, modern governance, and audit compliance. Over the course of his career, he has sold companies to Docker and Dell, and he played a foundational role at Opscode (now Chef). In addition, John founded Gulf Breeze Software, an award-winning IBM business partner recognized for its successful deployment of Tivoli technology for enterprise clients. He has authored six IBM Redbooks on enterprise systems management and served as the founder and chief architect of Chain Bridge Systems. Altogether, John has written more than 11 books and launched over 10 startups, cementing his reputation as a significant innovator in the IT industry. In this episode, the discussion navigates the intersection of lean principles, agile methodologies, and Deming's philosophies as they apply to modern IT and operations. John delves into how systems thinking, profound knowledge, and psychological safety underpin effective incident management and cybersecurity practices. The conversation explores practical challenges and the proactive strategies necessary for integrating legacy improvement methods with today's cloud innovations and infrastructure as code. Throughout the episode, John examines the real-world application of these timeless principles, offering listeners actionable insights into continuous improvement and risk management. He highlights the importance of questioning established norms and embracing complexity to drive operational excellence, providing a compelling roadmap for navigating the evolving digital landscape. Questions, Notes, and Highlights: Could you share your origin story regarding Lean and continuous improvement--specifically, what you learned during your early years at Exxon? How have you seen Deming's principle of eliminating fear put into practice in IT and entrepreneurial settings? Is the phenomenon you described established fact or more of a hypothesis? How can we confirm or measure the validity of that knowledge? Why do you consider cyber terrorism one of today's most significant threats? This podcast is part of the #LeanCommunicators network. 

Dev Interrupted
Can You Buy Your Way to DevSecOps Success? | Arcjet's David Mytton

Dev Interrupted

Play Episode Listen Later Mar 11, 2025 48:40 Transcription Available


If you're tired of hearing "shift left" in DevSecOps and seeing little real change, you're not alone.In this episode, David Mytton (CEO of ArcJet, founder of Console.dev) breaks down why traditional approaches to developer security often fail. He reveals the core conflict between developers (who want to build fast) and security teams (who want to mitigate risk), and explains why this misalignment of incentives can be detrimental for your software. Learn why simply handing devs more security tools isn't enough.David shares his insights from years of experience reviewing developer tools and building security products. He discusses the importance of developer-centric design, the power of the right incentives, and the need for security solutions that seamlessly integrate into the developer workflow. Plus, he reveals the secrets to successful developer marketing and why traditional approaches often backfire.Tune in to discover how to foster a security-conscious culture within your engineering team, without stifling innovation or creating unnecessary friction. Learn how to empower developers to build secure software by design, and discover the tools and strategies that are shaping the future of DevSecOps.Check out:Translating DevEx to the Board Beyond the DORA FrameworksIntroducing AI-Powered Code Review with gitStreamFollow the hosts:Follow BenFollow AndrewFollow today's guest(s):console.devarcjet.comSupport the show: Subscribe to our Substack Leave us a review Subscribe on YouTube Follow us on Twitter or LinkedIn Offers: Learn about Continuous Merge with gitStream Get your DORA Metrics free forever

Cloud Realities
CRLIVE38: MWC 2025 Day 3 with Oliver Buschmann from Ericsson and Closing Round Table Discussion

Cloud Realities

Play Episode Listen Later Mar 7, 2025 103:12


We are live from #MWC25 (Mobile World Congress 2025), direct from the Expo floor, with a limited series of episodes talking to leaders from across the industry on themes of the conference, as well as filling in on all of the news and gossip.On the conference's final day, Dave, Esmee, and Rob will deep dive into the near future, concluding the event with discussions on a moon landing and global (space) connectivity between partners and vendors.Oliver Buschmann, VP, Head of Strategy at EricssonRound table discussion with Heather Tulk, President Commercial and Public Sector from Telus, Thierry Klein President, Bell Labs Solutions Research, and Ashish Surti Chief Digital & Information Officer at Colt Technology ServicesTLDR00:33 Evaluation of day 2 and expectations of day 3 - it's all about collaboration08:47 Conversation with Oliver Buschmann about the future and strategy of Telcom's37:56 C-level round table discussion about grow beyond connectivity, data and AI and the importance of cybersecurity vs new trends1:22:50 Overall MWC reflections by the team including the Tapas and Sapas framework®GuestsOliver Buschmann: https://www.linkedin.com/in/oliver-buschmann-4751a8/Heather Tulk: https://www.linkedin.com/in/heathertulk/ Thierry Klein: https://www.linkedin.com/in/thierry-klein/ Ashish Surti: https://www.linkedin.com/in/ashishsurti/Guest host: Praveen Shankar: https://www.linkedin.com/in/praveen-shankar-capgemini/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

ITSPmagazine | Technology. Cybersecurity. Society
Turning Developers into Security Champions: The Business Case for Secure Development | A Manicode Brand Story with Jim Manico

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Mar 6, 2025 42:25


Organizations build and deploy applications at an unprecedented pace, but security is often an afterthought. This episode of ITSPmagazine's Brand Story features Jim Manico, founder of Manicode Security, in conversation with hosts Sean Martin and Marco Ciappelli. The discussion explores the current state of application security, the importance of developer training, and how organizations can integrate security from the ground up to drive better business outcomes.The Foundation of Secure DevelopmentJim Manico has spent decades helping engineers and architects understand and implement secure coding practices. His work with the Open Web Application Security Project (OWASP), including contributions to the OWASP Top 10 and the OWASP Cheat Sheet Series, has influenced how security is approached in software development. He emphasizes that security should not be an afterthought but a fundamental part of the development process.He highlights OWASP's role in providing documentation, security tools, and standards like the Application Security Verification Standard (ASVS), which is now in its 5.0 release. These resources help organizations build secure applications, but Manico points out that simply having the guidance available isn't enough—engineers need the right training to apply security principles effectively.Why Training MattersManico has trained thousands of engineers worldwide and sees firsthand the impact of hands-on education. He explains that developers often lack formal security training, which leads to common mistakes such as insecure authentication, improper data handling, and vulnerabilities in third-party dependencies. His training programs focus on practical, real-world applications, allowing developers to immediately integrate security into their work.Security training also helps businesses beyond just compliance. While some companies initially engage in training to meet regulatory requirements, many realize the long-term value of security in reducing risk, improving product quality, and building customer trust. Manico shares an example of a startup that embedded security from the beginning, investing heavily in training early on. That approach helped differentiate them in the market and contributed to their success as a multi-billion-dollar company.The Role of AI and Continuous LearningManico acknowledges that the speed of technological change presents challenges for security training. Frameworks, programming languages, and attack techniques evolve constantly, requiring continuous learning. He has integrated AI tools into his training workflow to help answer complex questions, identify knowledge gaps, and refine content. AI serves as an augmentation tool, not a replacement, and he encourages developers to use it as an assistant to strengthen their understanding of security concepts.Security as a Business EnablerThe conversation reinforces that secure coding is not just about avoiding breaches—it is about building better software. Organizations that prioritize security early can reduce costs, improve reliability, and increase customer confidence. Manico's approach to education is about empowering developers to think beyond compliance and see security as a critical component of software quality and business success.For organizations looking to enhance their security posture, developer training is an investment that pays off. Manicode Security offers customized training programs to meet the specific needs of teams, covering topics from secure coding fundamentals to advanced application security techniques. To learn more or schedule a session, Jim Manico can be reached at Jim@manicode.com.Tune in to the full episode to hear more insights from Jim Manico on how security training is shaping the future of application security.Learn more about Manicode: https://itspm.ag/manicode-security-7q8iNote: This story contains promotional content. Learn more.Guest: Jim Manico, Founder and Secure Coding Educator at Manicode Security | On Linkedin: https://www.linkedin.com/in/jmanico/ResourcesDownload the Course Catalog: https://itspm.ag/manicode-x684Learn more and catch more stories from Manicode Security: https://www.itspmagazine.com/directory/manicode-securityAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Cloud Realities
CRLIVE37: MWC 2025 Day 2 with Chris Penrose NVIDIA and Kaaren Hilsen, Telenor

Cloud Realities

Play Episode Listen Later Mar 6, 2025 74:55


We are live from #MWC25 (Mobile World Congress 2025), direct from the Expo floor, with a limited series of episodes talking to leaders from across the industry on themes of the conference, as well as filling in on all of the news and gossip.On the second day of the conference, Dave, Esmee, and Rob had very exciting conversations about AI trends with:Chris Penrose, Global VP for Business Development for Telcos at NVIDIAKaaren Hilsen, Head of AI Factory at TelenorTLDR:00:37: Evaluation of day 1 and expectations of day 2 - it's all about AI and the future6:03: Conversation with Chris Penrose about NVIDIA partnerships and trends42:25: Conversation with Kaaren Hilsen about setting up the AI factory1:11:20 Reflections on day 2 by the teamGuestChris Penrose: https://www.linkedin.com/in/chris-penrose-7742441/Kaaren Hilsen: https://www.linkedin.com/in/kaarenhilsen/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

CISO-Security Vendor Relationship Podcast
Zero Trust Purple Team DevSecOps Mesh: A CASB Journey Through the Identity Fabric

CISO-Security Vendor Relationship Podcast

Play Episode Listen Later Feb 11, 2025 37:33


All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Steve Zalewski. Joining us is our sponsored guest, Matt Muller, field CISO, Tines. In this episode: Seeking the early AI adopters Taking the SOC back to basics Changing our automation expectations Communicate risk Thanks to our podcast sponsor, Tines! Build, run, and monitor your most important workflows with Tines. Tines' smart, secure workflow platform empowers your whole team regardless of their coding abilities, environment complexities, or tech stack. From low code, no code to natural language, anyone can get up and running in minutes – not days or weeks. Learn more at Tines.com.