POPULARITY
Categories
390 episodes with devsecops
399 episodes with devsecops
127 episodes with devsecops
122 episodes with devsecops
110 episodes with devsecops
113 episodes with devsecops
173 episodes with devsecops
113 episodes with devsecops
69 episodes with devsecops
112 episodes with devsecops
113 episodes with devsecops
67 episodes with devsecops
89 episodes with devsecops
91 episodes with devsecops
64 episodes with devsecops
41 episodes with devsecops
40 episodes with devsecops
26 episodes with devsecops
49 episodes with devsecops
53 episodes with devsecops
21 episodes with devsecops
20 episodes with devsecops
34 episodes with devsecops
19 episodes with devsecops
38 episodes with devsecops
12 episodes with devsecops
19 episodes with devsecops
20 episodes with devsecops
15 episodes with devsecops
29 episodes with devsecops
12 episodes with devsecops
15 episodes with devsecops
30 episodes with devsecops
18 episodes with devsecops
13 episodes with devsecops
10 episodes with devsecops
11 episodes with devsecops
10 episodes with devsecops
8 episodes with devsecops
7 episodes with devsecops
6 episodes with devsecops
6 episodes with devsecops
7 episodes with devsecops
10 episodes with devsecops
6 episodes with devsecops
7 episodes with devsecops
5 episodes with devsecops
117 episodes with devsecops
7 episodes with devsecops
6 episodes with devsecops
6 episodes with devsecops
6 episodes with devsecops
5 episodes with devsecops
6 episodes with devsecops
Se você acha que segurança em nuvem é só ligar um CSPM e ser feliz, neste episódio a gente mostra que a história é bem mais cabeluda e divertida. Recebemos o Leandro Venâncio para destrinchar desde responsabilidade compartilhada e Zero Trust até o que realmente funciona no dia a dia de clusters Kubernetes sob fogo cruzado. Falamos de cultura, automação e das ciladas que a gente só aprende depois de tomar uns tombos.Partimos do básico bem-feito (identidade, redes e criptografia) e avançamos para governança com políticas (Kyverno/Gatekeeper), esteira com SAST/DAST/SCA, SBOM decente e segredos administrados em KMS/External Secrets. Amarramos com observabilidade, resposta a incidentes e como priorizar risco sem virar refém de dashboards. Spoiler: custo, compliance e performance entram no mesmo bolo e não dá pra fingir que não existem.Entre as pautas, destacamos: como aplicar Zero Trust em workloads efêmeros; por que "shift left" sem operações maduras mais atrapalha que ajuda; e onde CNAPP, CSPM e admission controllers se encontram. E claro, casos reais — porque a teoria é linda, mas a produção é quem manda.#Links Importantes:- Leandro Venâncio - https://www.linkedin.com/in/leandro-venancio/- LowOps cast com Rafael Ferreira - https://www.youtube.com/live/SC6a11HClX4- João Brito - https://www.linkedin.com/in/juniorjbn/- Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflMO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.
The concept of DevSecOps has been around long enough that it's now firmly established in most federal agencies, but using it to produce secure software on a regular basis takes careful planning. Darren Death is the Chief Information Security Officer at the Export Import Bank, and Madhuri Sammid is the Deputy Associate Chief Information Officer at the Bureau of Safety and Environmental Enforcement. They talked with Federal News Network's Jared serbu As part of our 2025 Cyber Leaders Exchange.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
In 'Access All Areas' shows we go behind the scenes with the crew and their friends as they dive into complex challenges that organisations face—sometimes getting a little messy along the way. We're launching a special AI mini-series exploring how artificial intelligence is reshaping industries. Each episode dives into key themes like scaling AI, societal impact, leadership, sustainability, and the challenges ahead. Join us for fresh insights and bold conversations on the future of intelligent systems. This week, Dave, Esmee, and Rob kick off the AI mini-series with Craig Suckling, CAIO at Capgemini and co-host of this special edition. The episode is inspired by “Riding the AI Whirlwind,” Gartner's 2025 strategic predictions report, which urges organizations to act boldly on AI's potential while managing risks like rising costs and privacy concerns TLDR:00:40 – Introduction of Craig Suckling and launch of the AI mini-series02:38 – Summary of three key insights and strategic recommendations from Gartner's “Riding the AI Whirlwind” report23:03 – Strategic planning assumptions: what they mean for business and tech leaders41:40 – Sam Altman's top three concerns about the future of AI49:35 – What key topics remain unaddressed?51:00 – What to expect from the AI mini-series featuring industry leadersHostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/with co-host Craig Suckling: https://www.linkedin.com/in/craigsuckling/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/ SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett: https://www.linkedin.com/in/louis-corbett-087250264/ 'Cloud Realities' is an original podcast from Capgemini
Abrimos o episódio colocando a mão na massa: como desenhar uma experiência de desenvolvedores (DevX) que realmente reduz lead time e aumenta throughput de entregas. Com a presença do Luiz Henrique e da Larissa Vitoriano, exploramos o que o time do iFood aprendeu ao escalar plataformas internas, padronizar fluxos de entrega e melhorar a autonomia das squads sem perder governança.Também entramos no universo de Developer Relations (DevREL) — não como “marketing técnico”, mas como ponte entre produto, plataforma e comunidade. Falamos de como priorizar feedback produtivo, quais métricas evitam vaidade e como alinhar backlog de plataforma com as dores reais de quem está codando todos os dias.Pra fechar, discutimos IA “na vida real”: onde modelos (tradicionais e LLMs) já estão gerando valor no ciclo de desenvolvimento, como observabilidade e custo entram na equação e os limites práticos de adoção — desde MLOps, finops de inferência, até segurança e privacidade.Links Importantes:- Larissa Vitoriano - https://www.linkedin.com/in/larissavitoriano/- Luiz Henrique - https://www.linkedin.com/in/luizhenrique1987/- Blog do IFood Tech - https://medium.com/ifood-tech- João Brito - https://www.linkedin.com/in/juniorjbn/- Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflMHashtags#DevX #DevREL #IA #MLOps #Plataformas #Observabilidade #FinOps #SRE #CulturaDev #Produtividade #Kubernetes #DevOps #DevSecOps #Kubicast #Containers #GetupO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.
Federal Tech Podcast: Listen and learn how successful companies get federal contracts
Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com The impact of AI in software development in the federal government is so pervasive that, in July of 2025, the President of the United States released a White House AI Action Plan. Today, we sat down with Bob Stevens from GitLab to put this development into perspective, examine some use cases, and suggest methods that federal agencies can use to prepare for this technological shift. What precipitated the initiative is the recognition that change is occurring so rapidly in the world of software development that the federal government must adapt more quickly than in the past, or it will be vulnerable to cyberattacks. Stevens notes that the federal government has been targeting modernization, producing software faster, and being more efficient, for a decade. AI will help them get there, with some possible cost reduction. For example, in the past, a vulnerability may have taken weeks to discover. Utilizing AI allows federal software developers to reduce that discovery to minutes. That ties in with one essential element in the White House initiative: security. In fact, one of the pillars of the Action Plan is titled “Promoting Secure-by-Design AI Technologies and Applications.” Stevens has been involved in federal software development for decades and thinks that a platform approach best serves the essential objectives of this Action Plan. The conversation concludes with the potential for AI to streamline government processes and improve operational efficiency. If you are interested in learning more about the economics of this approach, you can download The Economics of Software Innovations: $750 billion Opportunity at a Crossroads.
How do you perform incident response on a Kubernetes cluster when you're not even on the same network? In this episode, Damien Burks, Senior Security engineer breaks down the immense challenges of container security and why most commercial tools are failing at automated response.While many CNAPPs provide runtime detection, they lack a "sophisticated approach to automating incident response or containment" in complex environments like private EKS . He shares his hands-on experience building a platform that uses a dynamically deployed Lambda function to achieve containment of a compromised EKS node in just 10 minutes, a process that would otherwise take hours of manual work and approvals .This is a guide for any DevSecOps or cloud security professional tasked with securing containerized workloads. The conversation also covers a layered prevention strategy, the evolving role of the cloud security engineer, and career advice for those looking to enter the field.Guest Socials - Damien's LinkedinPodcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-Cloud Security Podcast- Youtube- Cloud Security Newsletter - Cloud Security BootCampIf you are interested in AI Cybersecurity, you can check out our sister podcast - AI Security PodcastQuestions asked:(00:00) Introduction(02:15) Who is Damien Burks?(03:20) The State of Cloud Incident Response in 2025(05:15) Why There is No Sophisticated, Automated IR for Kubernetes(06:20) A Deep Dive into Kubernetes Incident Response(07:30) The Unique Challenge of a Private EKS Cluster(12:15) A Layered Approach to Prevention in a DevSecOps Culture(17:00) How to Automate Containment in a Private EKS Cluster(17:40) From Hours to 10 Minutes: The Impact of Automation(22:00) The Evolving & Complex Role of the Cloud Security Engineer(25:40) Do We Have Too Much Visibility or Not Enough?(29:00) Career Path: The Value of Learning to Code for DevSecOps(35:00) Damien's Hot Take: "Multi-Cloud Just Means Chaos"(44:20) Career Advice for Traditional IR Professionals Moving to Cloud(47:50) Final Questions: Video Games, Life's Journey, and GumboResources spoke about during the interviewDamien's Website
Episode 4: Security as Code In this episode of the ePlus Security + F5 API Security Podcast, David Tumlin and Chuck Herrin dive into the future of “security as code,” where automation, AI, and DevSecOps converge to protect dynamic, ephemeral environments. From real-time threat validation to AI-assisted policy tuning, this is a must-listen for anyone building or securing modern apps.
Bret is joined by Philip Andrews and Dan Muret of Cast AI to discuss pod live migration between nodes in a Kubernetes cluster.
The evolving role of technology in modern defense environments, highlighting innovations in communications, automation, and open-source frameworks. Drawing from personal experience, the conversation emphasizes how real-world conflicts are reshaping how tech is deployed, adopted, and understood across military operations. This week, Dave, Esmee, and Rob speak with Ben Sparke, Enterprise Azure Cloud & AI Specialist for UK Defence at Microsoft, about how his military background informs a human-centered approach to technology in the evolving defence sector—highlighting the shift from mission-driven to tech-driven innovation. TLDR:00:37 – Introduction of Ben Sparke and face-to-face podcasting02:40 – Rob gets confused about Digital Twins representing you in court08:15 – Tech's evolving role in defence, with Ben 34:41 – Why improvisation and human adaptability matter 43:30 – Ben's hundred-mile bike race over the weekend Guest Ben Sparke: https://www.linkedin.com/in/ben-sparke/ HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/ ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/ SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett: https://www.linkedin.com/in/louis-corbett-087250264/ 'Cloud Realities' is an original podcast from Capgemini
In this issue of the Future of Cyber newsletter, Sean Martin digs into a topic that's quietly reshaping how software gets built—and how it breaks: the rise of AI-powered coding tools like ChatGPT, Claude, and GitHub Copilot.These tools promise speed, efficiency, and reduced boilerplate—but what are the hidden trade-offs? What happens when the tools go offline, or when the systems built through them are so abstracted that even the engineers maintaining them don't fully understand what they're working with?Drawing from conversations across the cybersecurity, legal, and developer communities—including a recent legal tech conference where law firms are empowering attorneys to “vibe code” internal tools—this article doesn't take a hard stance. Instead, it raises urgent questions:Are we creating shadow logic no one can trace?Do developers still understand the systems they're shipping?What happens when incident response teams face AI-generated code with no documentation?Are AI-generated systems introducing silent fragility into critical infrastructure?The piece also highlights insights from a recent podcast conversation with security architect Izar Tarandach, who compares AI coding to junior development: fast and functional, but in need of serious oversight. He warns that organizations rushing to automate development may be building brittle systems on shaky foundations, especially when security practices are assumed rather than applied.This is not a fear-driven screed or a rejection of AI. Rather, it's a call to assess new dependencies, rethink development accountability, and start building contingency plans before outages, hallucinations, or misconfigurations force the issue.If you're a CISO, developer, architect, risk manager—or anyone involved in software delivery or security—this article is designed to make you pause, think, and ideally, respond.
My guest today is Michael Ferranti, VP of Marketing at Unleash. In this conversation Michael recounts his journey from the banking sector to the tech world starting during the 2008 financial crisis. He explains how the launch of Amazon's cloud services led him to join Rackspace, a leading hosting provider at the time. Michael emphasizes the importance of culture in a company's success and delves into his career in developer tools, touching upon the shifts in cloud computing, containerization, and microservices architecture, up to the current generative AI revolution. He discusses the differences between building software for financial services and for developers, stressing the necessity of upskilling to maintain credible conversations with target audiences. Key insights shared include best practices for feature management, emphasizing the importance of small batch sizes in DevOps, and the critical need for empathy and strong mission alignment in work culture. Michael concludes with career advice for those looking to enter or advance in software marketing, highlighting the importance of curiosity and adaptability in the fast-evolving tech landscape.00:00 Introduction and Welcome00:09 Michael's Journey into Tech01:29 Early Career at Rackspace03:28 Transition to Developer Tools04:31 Differences Between BFSI and Developer Domains05:42 Understanding Developer Needs10:04 Feature Management and Testing in Production13:10 Balancing Technical and Business Requirements29:30 Building a Strong Company Culture34:45 Staying Updated with Industry Trends38:17 Career Tips for Aspiring Marketers42:15 Conclusion and Final Thoughtshttps://www.linkedin.com/in/ferrantim/Michael Ferranti is a seasoned enterprise technologist and product strategist with deep experience in the developer tools and cloud-native ecosystems. Across companies like Portworx, Teleport, and now Unleash, Michael has consistently been at the forefront of how modern engineering teams build, release, and secure software at scale.He's led product and marketing teams through high-growth phases, acquisitions, and major category creation efforts—often sitting at the intersection of infrastructure innovation and developer experience. At Portworx, he helped define the Kubernetes-native storage and backup category. At Teleport, he worked on reimagining secure infrastructure access by replacing legacy VPNs and PAM tools with developer-first identity-based access. At Unleash, he's helping redefine how teams manage feature delivery with open-source roots and enterprise-grade scale.Michael speaks the language of engineering leaders because he's worked side-by-side with them for over a decade. His approach to go-to-market is grounded in understanding real user workflows, developer psychology, and the shifting realities of enterprise architectures—from Kubernetes to DevSecOps to open-source adoption models.
Before Siri had sass and Alexa started judging your music taste, the original virtual assistant was quietly revolutionizing the '90s—powered by many patents and a whole lot of foresight. Now, as AI goes from buzzword to boss, we ask, will it transform your job, your home… or just steal your knowledge? This week, Dave, Esmee and Rob speak with Kevin Surace, Futurist, Inventor & "Father" of the Virtual Assistant, about exploring the evolution of AI, what the future might hold, and how disruptive innovation can shake up your organization in ways you might not expect. TLDR: 00:40 – Introduction of Kevin Surace 05:12 – Rob gets confused by Google Maps reviews and selfies 08:15 – Deep dive into the evolution of AI with Kevin 52:00 – How intelligent agents can help manage digital noise and support mental well-being 1:07:30 – Wrapping up the book the Joy Success Cycle and heading to a concert GuestKevin Surace: https://www.linkedin.com/in/ksurace/ HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/ ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/ SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett: https://www.linkedin.com/in/louis-corbett-087250264/ 'Cloud Realities' is an original podcast from Capgemini
Bem-vindos a mais um Kubicast! Neste episódio, recebemos Victor Carvalho para destrinchar o Talos Linux como base enxuta e segura para rodar Kubernetes. Nós comparamos a proposta minimalista do Talos com distros generalistas, e debatemos por que um SO "Kubernetes-first" reduz superfície de ataque e acelera a vida de quem opera clusters no dia a dia.Falamos de segurança no detalhe: kernel hardenizado (KSP), SELinux funcionando de verdade com Kubernetes, criptografia de disco com chaves via TPM/KMS, e o modelo API-driven (sem SSH) que muda a forma como operamos nós. Também discutimos operação e upgrades, incluindo o uso do Talos Factory e de Terraform para padronizar imagens, além de estratégias para controlar endpoints e certificados.Fechamos com experiências reais: comparativos de tempo de provisioning, requisitos mínimos, rede (Flannel vs Cilium), dores comuns (certificados/TLS, IP flutuante) e boas práticas de produção — aquela mistura de técnica com bom humor que só a nossa bancada entrega.Links Importantes:- Victor Cardoso - https://www.linkedin.com/in/victorbmcarvalho/- João Brito - https://www.linkedin.com/in/juniorjbn/- Site oficial do Talos Linux - https://talos.dev- Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflMHashtags#Talos #TalosLinux #Kubernetes #DevOps #DevSecOps #Kubicast #Containers #Getup #K8s #SELinux #KSP #Terraform #Proxmox #Flannel #Cilium #ZeroTrust #Imutabilidade #Homelab #Observabilidade #SBOMO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.
SBOMs were supposed to be the ingredient label for software—bringing transparency, faster response, and stronger trust. But reality shows otherwise. Fewer than 1% of GitHub projects have policy-driven SBOMs. Only 15% of developer SBOM questions get answered. And while 86% of EU firms claim supply chain policies, just 47% actually fund them.So why do SBOMs stall as compliance artifacts instead of risk-reduction tools? And what happens when they do work?In this episode of AppSec Contradictions, Sean Martin examines:Why SBOM adoption is laggingThe cost of static SBOMs for developers, AppSec teams, and business leadersReal-world examples where SBOMs deliver measurable valueHow AISBOMs are extending transparency into AI models and dataCatch the full companion article in the Future of Cybersecurity newsletter for deeper analysis and more research.
AI is enabling developers and non-developers (product managers, solutions engineers) to write more lines of code than even before. Businesses are under pressure to ship these AI built products to stay competitive while still meeting regulatory requirements. Can AI solve this problem? In this talk, we will explore the opportunities and pitfalls to use AI agents for DevSecOps. About the speaker: Sanket Naik is the founder and CEO at Palosade, building a purpose-built AI platform enabling enterprises to automate their security program and unleash their business potential. He enjoys giving back to startups through investing and advisory roles. Before Palosade, he was the SVP of engineering for Coupa. In this role, he built the cloud and cybersecurity organization, over 12 years, from the ground up through an initial public offering followed by significant global growth. He has also held engineering roles at HP and Qualys.Sanket holds a BS in electronics engineering from the University of Mumbai and an MS in CS from Purdue University with research at the multi-disciplinary CERIAS cybersecurity center.
Can AI really help us build more secure software? What's working in practice right now, and where do the tools still fall short? Mattias and Paulina share their views. We are always happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners. DevSecOps Talks podcast LinkedIn page DevSecOps Talks podcast website DevSecOps Talks podcast YouTube channel
The world of DevSecOps is changing rapidly with AI and automation. In this session, we explore how intelligent security practices are transforming development pipelines, making them smarter, faster, and more secure for modern organizations.
Software developers combine Artificial Intelligence with IT Operations and have produced a new acronym called AIOps. Today, we explored some of the best practices for making software development more productive with AIOps. Legacy systems are an excellent application for AIOps, but Kevin Walsh from the GAO notes that it may be more economical to maintain legacy systems in place. Christopher Clark from the U.S. Marine Corps suggests listening to users through starting AI Task Forces. They can help identify the use cases that would validate the expense of moving to AIOps. One obvious win might be minimal risk, high-impact activities. Clark mentions preventative maintenance as a potential target. ROI from reducing costs can be apparent. Furthermore, a help desk can pose a negligible risk and have a relatively high impact on servicing needs of Marines. One likely candidate for applied AIOps is managing the changes in a code set that takes place. BMC's Katie Tierney states that in a typical DevSecOps environment, there could be thousands of changes a day, which exceeds human capability. The overview is apparent: ensure appropriate oversight, governance, and transparency measures are in place when deploying agentic AI systems.
We're back! In this Season 5 premiere, the team reunites after their summer break to kick off an exciting new chapter. Join us as we catch up, share bold predictions for the year ahead, and explore big questions, like whether 2026 will be the year of the autonomous organization. Expect candid reflections, lively discussion, and a sneak peek at what's coming up this season. We are very keen this season to establish a feedback loop with listeners, so will be doing shows exploring listener questions and challenges - something we are really looking forward to. Please get in touch with us, via LinkedIn, Substack or cloudrealities@capgemini.com, if you have questions or challenges for us, we'd love to hear from you!TLDR: 00:20 – We're back! 00:35 – Catching up on what we did during the summer break 10:48 – Planning ahead until Christmas: Microsoft Ignite, AWS re:Invent, an AI mini-series and cool guests 20:27 – Tech talk: iPhone 17, deep democracy training, and the human impact of innovation 32:10 – Will autonomous organizations powered by agents emerge within 12–18 months? 40:45 – Reflections inspired by Jaws, climbing adventures, and Bruce Springsteen HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/ ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/ SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett: https://www.linkedin.com/in/louis-corbett-087250264/ 'Cloud Realities' is an original podcast from Capgemini
Recebemos a brilhante Michelle Mesquita para provar, na prática, que AppSec não é sinônimo de “rodar um scanner e rezar”. Conversamos sobre como construir segurança desde o design, passando por threat modeling, SAST/DAST/SCA e políticas reprodutíveis — tudo sem cair na armadilha do PDF de vulnerabilidades que ninguém lê. Sim, nós também rimos (de nervoso) quando lembramos daqueles relatórios com 500 findings.Falamos ainda sobre carreira: onde começam as pessoas de AppSec, por que comunicação e influência importam tanto quanto CWE e CVE, e como programas como Security Champions destravam escala e cultura. Discutimos comunidades e referências (OWASP e afins), automação no pipeline, gamificação e até como usar IA para reduzir ruído e acelerar feedback útil para devs.E, claro, mantivemos o nosso jeitinho: didático, direto e levemente irônico. Se você quer sair do “firefighting” e colocar segurança como requisito funcional do seu produto, este episódio é para você. Prepare o café, abra o IDE e vem com a gente.O Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.
In episode 154 of Cybersecurity Where You Are, Sean Atkinson discusses incident response in DevSecOps, exploring challenges and solutions in modern software development. He emphasizes the importance of integrating security into development processes and speaks about common issues like alert fatigue and software supply chain vulnerabilities. Here are some highlights from our episode:01:32. Common challenges with modern software development03:54. High-speed and continuous deployment07:08. Incident correlation with cloud deployment strategies10:00. Software supply chain vulnerabilities12:45. Alert fatigue and false positives14:30. Testing and automation as enablers of real-time anomaly detection17:40. The responsibility of incident responders to understand what they see18:58. Automated control and a projectized approach to implementing zero trust21:26. Oversight and governance with artificial intelligence and machine learning23:24. Continuous improvement and early detection28:08. Continuous monitoring and logging, automation, and incident response drills30:03. Moving down a path of helping incident responders become culturally awareResourcesCloud Security and the Shared Responsibility ModelCIS Software Supply Chain Security GuideAn Introduction to Artificial IntelligenceDefense-in-Depth: A Necessary Approach to Cloud SecurityEpisode 63: Building Capability and Integration with SBOMsEpisode 44: A Zero Trust Framework Knows No EndLeveraging Generative Artificial Intelligence for Tabletop Exercise DevelopmentIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
Dave, Esmee, and Rob are strapping in for another season of bold, brain-bending conversations—and they're bringing the flux capacitor with them from Back to the Future.Season 5 beams in global leaders and innovators who challenge how we think about technology, business, and humanity. From AI disruption to digital sovereignty, from leadership to culture—this season's guests are ready to shake things up.Our first full episode drops on September 25, but before we hit 88 miles per hour, here's a quick trailer to set the timeline straight, or at least bend it a little.HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett: https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini
No Kubicast de hoje nós recebemos o Leonardo Pinheiro, CRO da Clavis, para um papo direto ao ponto sobre como uma IA feita no Brasil resolve problemas do nosso cenário de cibersegurança. Falamos do Otto – a IA da Clavis –, de como ela nasceu de muita telemetria real de clientes e do porquê conhecer boleto, Pix, WhatsApp e a cadeia financeira nacional muda completamente o jogo. De quebra, confrontamos o mito do “100% seguro” e mostramos como risco, contexto e priorização guiam decisões melhores.Entramos a fundo na plataforma da Clavis (produto+serviço) e nos módulos que orbitam o Otto: gestão de vulnerabilidades, avaliação de fornecedores, correlação de eventos/EDR e validações em cloud. Discutimos quando automação brilha e quando ainda precisamos de gente experiente (ex.: pen test), além de como o Otto responde a perguntas de negócio (“qual meu score?”, “o que mitigar primeiro?”) e conecta tudo numa visão integrada.Também falamos de supply chain security, reputação e como decisões ruins de terceirização estouram no colo da sua marca. No final, tem um bloco sobre comunidade e carreira (SampaSec, Conecta 21, networking) e um respiro cultural com indicações.Links Importantes:- Leonardo Pinheiro - https://www.linkedin.com/in/leonardo-pinheiro-batista/- João Brito - https://www.linkedin.com/in/juniorjbn/- Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflM- SampaSEC - https://www.linkedin.com/groups/9381855/?fbclid=PAZXh0bgNhZW0CMTEAAact9-j_AzTmFc136pGmO_GWesqvNdULEk-rMQSkGGSlFcpGCbyZLeElRcFVqg_aem_1W_jlM9Z0G5Q6BHoe76xLw- Kubicast 125 - https://www.youtube.com/watch?v=nG7sugocQsg- A vida de Chuck - https://www.imdb.com/pt/title/tt12908150/Hashtags#SegurancaDaInformacao #Ciberseguranca #InteligenciaArtificial #IA #Otto #Clavis #SupplyChainSecurity #PenTest #GestaoDeVulnerabilidades #LGPD #SOC #EDR #ThreatIntelligence #CloudSecurity #Compliance #PlataformaDeSeguranca #Kubernetes #DevOps #DevSecOps #Kubicast #Containers #GetupO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.
Threat modeling is often called the foundation of secure software design—anticipating attackers, uncovering flaws, and embedding resilience before a single line of code is written. But does it really work in practice?In this episode of AppSec Contradictions, Sean Martin explores why threat modeling so often fails to deliver:It's treated as a one-time exercise, not a continuous processResearch shows teams who put risk first discover 2x more high-priority threatsYet fewer than 4 in 10 organizations use systematic threat modeling at scaleDrawing on insights from SANS, Forrester, and Gartner, Sean breaks down the gap between theory and reality—and why evolving our processes, not just our models, is the only path forward.
Threat modeling is often called the foundation of secure software design—anticipating attackers, uncovering flaws, and embedding resilience before a single line of code is written. But does it really work in practice?In this episode of AppSec Contradictions, Sean Martin explores why threat modeling so often fails to deliver:It's treated as a one-time exercise, not a continuous processResearch shows teams who put risk first discover 2x more high-priority threatsYet fewer than 4 in 10 organizations use systematic threat modeling at scaleDrawing on insights from SANS, Forrester, and Gartner, Sean breaks down the gap between theory and reality—and why evolving our processes, not just our models, is the only path forward.
Segurança em Go não é só "rodar um scanner e rezar". Neste episódio, nós destrinchamos como escrever Go com cabeça de atacante: governança de dependências (e os perigos do type‑squatting), revisão de go.mod, uso criterioso da Standard Library e por que não usar latest em imagens. Também conectamos tecnologia com processo: repositórios privados, políticas de aprovação e pipeline que barra regressão antes do deploy.A conversa nasce de casos reais: do typo em (GHCR vs GHRC) que captura credenciais até a confusão com pacotes falsos tipo BoltDB look‑alike. Discutimos supply chain ponta a ponta, cache do Go Proxy, licenças (quando fugir de GPL) e boas práticas para autenticação.E claro, vamos além do código: SBOM no build, assinatura e verificação de imagens, OPA/Admission Control para políticas em Kubernetes, capabilities mínimas e validação de entradas com timeouts bem definidos. É papo prático, com nosso humor de sempre, para deixar segurança como padrão — não como tarefa de último minuto.Links Importantes: - Marcelo Pires - https://www.linkedin.com/in/marcpires/ - Matheus Faria - https://www.linkedin.com/in/matheusfm/ - João Brito - https://www.linkedin.com/in/juniorjbn - Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflM - Post sobre ghrc.io - https://www.linkedin.com/posts/juniorjbn_someone-is-typosquatting-ghrcio-not-github-activity-7364387040618045441-UB88/ - Typosquat - https://devops.com/typosquat-supply-chain-attack-targets-go-developers/ - https://go.dev/doc/tutorial/govulncheck - vuln.go.dev - https://github.com/anchore/syft - https://github.com/anchore/grype - https://github.com/google/capslock - https://github.com/aquasecurity/trivy - LFD121 - https://training.linuxfoundation.org/training/developing-secure-software-lfd121/ - https://deps.dev/ - https://devops.com/typosquat-supply-chain-attack-targets-go-developers/Participe de nosso programa de acesso antecipado e tenha um ambiente mais seguro em instantes! https://getup.io/zerocve
AI is everywhere in application security today — but instead of fixing the problem of false positives, it often makes the noise worse. In this first episode of AppSec Contradictions, Sean Martin explores why AI in application security is failing to deliver on its promises.False positives dominate AppSec programs, with analysts wasting time on irrelevant alerts, developers struggling with insecure AI-written code, and business leaders watching ROI erode. Industry experts like Forrester and Gartner warn that without strong governance, AI risks amplifying chaos instead of clarifying risk.This episode breaks down:• Why 70% of analyst time is wasted on false positives• How AI-generated code introduces new security risks• What “alert fatigue” means for developers, security teams, and business leaders• Why automating bad processes creates more noise, not less
AI is everywhere in application security today — but instead of fixing the problem of false positives, it often makes the noise worse. In this first episode of AppSec Contradictions, Sean Martin explores why AI in application security is failing to deliver on its promises.False positives dominate AppSec programs, with analysts wasting time on irrelevant alerts, developers struggling with insecure AI-written code, and business leaders watching ROI erode. Industry experts like Forrester and Gartner warn that without strong governance, AI risks amplifying chaos instead of clarifying risk.This episode breaks down:• Why 70% of analyst time is wasted on false positives• How AI-generated code introduces new security risks• What “alert fatigue” means for developers, security teams, and business leaders• Why automating bad processes creates more noise, not less
Send us a textEpisode 253 – Priya Gnanasekaran, Senior Security Engineer at LAB3 (Australia)Can AI be both a risk and a defense? In this episode, Priya Gnanasekaran shares how organizations can manage today's most pressing cybersecurity challenges.On The Data Diva Talks Privacy Podcast, Debbie Reynolds, “The Data Diva,” speaks with Priya Gnanasekaran, Senior Security Engineer at LAB3 (Australia), about the complex challenges cybersecurity leaders face with AI, IoT, and cloud security. Drawing on her decade-long career spanning DevSecOps, engineering, and operations, Gnanasekaran explains why cybersecurity cannot be reduced to a single field but must be understood as an amalgamation of multiple interconnected disciplines. She highlights the distinction between IT and cybersecurity and explains why this distinction is crucial for executives making risk and investment decisions.The conversation examines AI's dual role in cybersecurity, acting both as a new attack vector and as a defensive tool that, when used responsibly, can strengthen organizational security. Gnanasekaran also details the risks of shadow AI and unmonitored enterprise use, exposing businesses to unmanaged vulnerabilities. She addresses weaknesses in IoT ecosystems, including outdated devices and hardware flaws, and argues that these cannot be solved through patchwork responses. Instead, she emphasizes the importance of “shifting left” by embedding security earlier in DevSecOps processes. Gnanasekaran stresses that cybersecurity cannot be treated like a fire department that responds only after damage has been done.This discussion offers valuable lessons on resilience, innovation, and proactive strategy, applicable not only to security professionals but also to anyone interested in understanding how digital systems can be better protected and managed.Hosted by Debbie Reynolds, “The Data Diva,” bringing global leaders together on privacy, cybersecurity, and emerging technology.Support the show
Recebemos hoje a Lara Xavier para um papo sério (e divertido) sobre observabilidade no Brasil. Conversamos sobre como sair da visão puramente reativa para uma estratégia madura que combina logs, métricas e rastros, além de cultura e processo. Entramos em dilemas de custo, priorização e responsabilidade compartilhada entre SRE e desenvolvimento, sempre com exemplos práticos do dia a dia.Falamos do começo de carreira da Lara, dos aprendizados que moldaram a forma como ela encara incidentes e de como transformar telemetria em decisões, não só em dashboards bonitos. Em “Logs e Métricas” discutimos instrumentação, qualidade de dados e sinais acionáveis, enquanto em “Vulnerabilidades e Diagnóstico” abordamos como enxergar falhas sem caça às bruxas, conectando observabilidade a segurança e a uma cultura de melhoria contínua.Puxamos também a “stack da Grafana” e as diferenças de abordagem entre times, além de boas práticas para quem quer elevar o nível da observabilidade no Kubernetes. No caminho, rimos das confusões de LinkedIn vs. Lattes, mas sem perder a mão técnica: falamos de SLO/SLI, alertas com menos ruído e decisões orientadas por telemetria. Bora?Links Importantes:- Lara Xavier - https://www.linkedin.com/in/lara-xavier-bb389788/- Links da Lara - https://linktr.ee/Larasxavier- João Brito - https://www.linkedin.com/in/juniorjbn- Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflM- Seja Grafana Champion - https://grafana.com/community/champions/Hashtags#Observabilidade #Kubernetes #DevOps #DevSecOps #Kubicast #Containers #Getup #Grafana #Logs #Métricas #SRE #SLI #SLO #Tracing #Prometheus #Loki #Jaeger #OpenTelemetry #Dashboards #Instrumentação #CarreiraTech #Comunidade #CulturaDevOps #BrasilO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.
Our guest today is Akansha Shukla, an information security professional with over 10 years of experience in application security, DevSecOps, and API security. We're discussing why API security remains one of the least mature areas of AppSec today and exploring the challenges developers face when securing APIs. Akansha shares her insights on incorporating APIs into threat modeling exercises, the ongoing struggles with API discovery and inventory management, and the authorization challenges highlighted in the OWASP API Security Top 10. The conversation also touches on whether "shift left" is truly dead and why we still haven't solved basic security problems like input validation despite having the frameworks to address them.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Conheça como levar ambientes de desenvolvimento para a nuvem sem drama de setup, conflitos de versão ou aquela maratona de instalar NVM, Java, Python e afins. Neste papo com Miguel e Oscar, fundadores da CPS1, destrinchamos o que é um Cloud Development Environment (CDE), por que ele acelera o onboarding e como tiramos proveito de workspaces efêmeros para codar com tudo pronto, do banco ao message broker, em um clique. Falamos também de governança e observabilidade do ponto de vista de plataforma.Entramos a fundo na arquitetura: CPS1 como Operator no Kubernetes, templates que definem linguagem, dependências e recursos (bancos, filas, caches) e workspaces isolados, acessíveis via VS Code/JetBrains/SSH. Discutimos o clássico VDI vs CDE, eficiência de recursos com contêineres, menores custos/atritos para times de Ops e o impacto direto no famoso “time to first PR”.E não faltou OPS também: de Git branch a ambientes efêmeros, de Terraform/Ansible testados em contêiner até Quickstart e Helm charts para rodar self‑hosted. De quebra, ainda falamos de Rust por baixo do capô e da (futura) automação com agentes que criam workspaces e abrem PRs sozinhos. Sim, a hype está servida — mas com engenharia por trás.Links Importantes:- João Brito - https://www.linkedin.com/in/juniorjbn- Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflM- Conheça a CPS1 - https://cps1.tech- Documentação pra começar na CPS1: https://docs.cps1.tech/latest/quickstart/- Miguel: https://www.linkedin.com/in/mciurcio/- Oscar: https://www.linkedin.com/in/oesgalha/Hashtags#CloudDevelopmentEnvironment #CDE #Kubernetes #DevOps #DevSecOps #Kubicast #Containers #Getup #PlatformEngineering #RemoteDevelopment #VSCode #JetBrains #KubernetesOperator #GitOps #Rust #Onboarding #Workspaces #Templates #Governança #CRDO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.
Support the show - try out Insight Hub free for 14 days now: https://testguild.me/insighthub In this episode of the TestGuild DevOps Toolchain Podcast, host Joe Colantonio sits down with Patrick Quilter, CEO of Deploy360, to explore how AI is reshaping DevSecOps and what it means for testers, developers, and security engineers. Patrick shares his unique journey from automation engineer to founder to acquisition, and now leading a company working directly with the Department of Defense on secure, AI-powered development pipelines. You'll learn: Why automation engineers are perfectly positioned to move into security How agentic AI can transform DevOps workflows with specialized security agents Why AI won't replace skilled developers—but can supercharge them The role of local vs. cloud LLMs in security and supply chain protection Where DevSecOps and AI are headed in the next 1–3 years Patrick also reveals how Deploy360 is rolling out its next-gen DevSecOps platform and why small-to-medium businesses may benefit most from early access. Learn more about Patrick and Deploy360: Don't forget to subscribe, share, and leave a review if you find this episode valuable for your testing or DevSecOps journey. Try out SmartBear's Bugsnag for free, today. No credit card required: https://testguild.me/bugsnagfree
Começamos provocando: mais visibilidade sempre ajuda? Partimos de um caso real para discutir por que dashboards sem ação só empilham problemas. Falamos de ruído de alertas, thresholds mal calibrados e cultura de “ver tudo” que, sem priorização, não move o ponteiro.Na sequência, entramos na parte estratégica: apetite de risco, ownership e quem tem o crachá para dizer “vai” ou “não vai”. Trazemos exemplos contrastando setores (financeiro vs. saúde), impacto no negócio e como isso redefine criticidade, SLAs e o que é “aceitável” em produção.Fechamos com prática de campo: shift left de verdade (não é “rodar o Sonar e pronto”), modelagem de ameaças para começar pelo básico certo (acesso, hardening, atualização), e o papel de Kubernetes na jornada em que o foco volta para o produto — com priorização inteligente, e não caça a balas de prata.Links Importantes:- Caroline Assunção - https://www.linkedin.com/in/caroline-assuncao/- João Brito - https://www.linkedin.com/in/juniorjbn- Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflMO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.
Bret discusses exciting news about Swarm being maintained until 2030.
The second Trump administration has spent 2025 accelerating its software modernization initiatives through the creation of agencies like the U.S. DOGE Service and other entities designed to digitize and modernize the American government. Modeling after DOD enterprise software container platforms, the Department of Veterans Affairs stood up its own Platform One application in 2021 to drive software modernization within the agency. Matthew Fuqua, technical lead at VA's Platform One, told GovCIO Media & Research Platform One is a sandbox environment where software developers can safely experiment and build applications using protected data. He said his team took inspiration from similar endeavors in federal government and built a platform where developers can focus their efforts solely on coding. Fuqua said that Platform One's ethos centered around “speed, stability, scale and security,” and each tenet drives the mission of providing services through software that can benefit veterans. Platform One supports the VA's DevSecOps strategy to streamline its operations and shift away from the traditional waterfall approach to software development that hinders innovation at speed. In a DevSecOps environment, Fuqua's team is able to monitor, update and secure troves of data rapidly, shortening processes that used to take days down to hours. Fuqua said that AI has opened the door to new potential applications but data security is paramount when considering building new software.
In today's episode, we get the unvarnished truth about making the difficult transition from federal on-prem networks to the cloud. Michael Howard, US Transportation Command, gives a thorough analysis of topics like containers, cloud service providers, and specific benefits of cloud native applications. He has experience in enterprise-level commercial organizations, enabling him to compare available tools with those approved for a secure environment like the DoD. He begins by stating that his area of responsibility is making a transition away from the traditional waterfall method of software development to a more agile approach. He shocks the audience by stating that his organization only releases updates quarterly. In today's rapidly changing world, a more dynamic release cycle is mandatory. Containers: We know that containers provide smaller pockets of code. Michael Howard points out that this allows for portability between clouds and on prem solutions. Cloud Service Providers (CSP): It is essential to train staff in the specifics of cloud-native applications for each CSP, as every CSP has its own unique terminology and operational guidelines. Cybersecurity: Michael Howard's team has leveraged cloud-native tools to stand up a zero-trust compatible instance that provides data from disparate sources in a flexible, yet secure manner. Michael Howard provides a wide range of information for the listener. The focus is on the benefits of containerized workloads, Kubernetes, and DevSecOps for improving efficiency and security.
Bret and Nirmal are joined by Michael Irwin to discuss Docker's comprehensive AI toolkit, covering everything from local model deployment to cloud-based container orchestration across multiple interconnected tools and services.
Host Alex Theuma is joined by DuploCloud Founder and CEO Venkat Thiruvengadam. Venkat shares his journey from Microsoft Azure to building a $50M-funded DevSecOps platform. He discusses bootstrapping the company for the first three years, through to leading the company through what he calls an “existential moment” for all SaaS businesses: the shift to AI-native operations. Guest links: Website: https://duplocloud.com/ LinkedIn: https://www.linkedin.com/in/venkat-thiruvengadam-35a7396/ Check out the other ways SaaStock is helping SaaS founders move their business forward:
As digital infrastructure becomes increasingly interwoven with third-party code, APIs, and AI-generated components, organizations are realizing they can't ignore the origins—or the risks—of their software. Theresa Lanowitz, Chief Evangelist at LevelBlue, joins Sean Martin and Marco Ciappelli to unpack why software supply chain visibility has become a top concern not just for CISOs, but for CEOs as well.Drawing from LevelBlue's Data and AI Accelerator Report, part of their annual Futures Report series, Theresa highlights a striking correlation: 80% of organizations with low software supply chain visibility experienced a breach in the past year, while only 6% with high visibility did. That data underscores the critical role visibility plays in reducing business risk and maintaining operational resilience.More than a technical concern, software supply chain risk is now a boardroom topic. According to the report, CEOs have the highest awareness of this risk—even more than CIOs and CISOs—because of the direct impact on brand reputation, stock value, and partner trust. As Theresa puts it, software has become the “last mile” of digital business, and that makes it everyone's problem.The conversation explores why now is the time to act. Government regulations are increasing, adversarial attacks are intensifying, and organizations are finally beginning to connect software vulnerabilities with business outcomes. Theresa outlines four critical actions: leverage CEO awareness, understand and prioritize vulnerabilities, invest in modern security technologies, and demand transparency from third-party providers.Importantly, cybersecurity culture is emerging as a key differentiator. Companies that embed security KPIs across all business units—and align security with business priorities—are not only more secure, they're also more agile. As software creation moves faster and more modular, the organizations that prioritize visibility and responsibility throughout the supply chain will be best positioned to adapt, grow, and protect their operations.Learn more about LevelBlue: https://itspm.ag/levelblue266f6cNote: This story contains promotional content. Learn more.Guest: Theresa Lanowitz, Chief Evangelist of AT&T Cybersecurity / LevelBlue [@LevelBlueCyber]On LinkedIn | https://www.linkedin.com/in/theresalanowitz/ResourcesTo learn more, download the complete findings of the LevelBlue Threat Trends Report here: https://itspm.ag/levelbyqdpTo download the 2025 LevelBlue Data Accelerator: Software Supply Chain and Cybersecurity report, visit: https://itspm.ag/lbdaf6iLearn more and catch more stories from LevelBlue: https://www.itspmagazine.com/directory/levelblueLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Bret is joined by Andrew Tunall, the President and Chief Product Officer at Embrace, to discuss his prediction that we'll all start shipping non-QA'd code (buggier code in production) and QA will need to be replaced with better observability.
In this episode, host Jethro Jones discusses the crucial topic of AI and cybersecurity with Sam Bourgeois, an experienced IT director with a background in private industry and education. The conversation covers the importance of AI standards, the ethical implications of AI use, and the need for cybersecurity awareness among young people. Sam introduces 'Make It Secure Academy,' an innovative platform aimed at educating students about cybersecurity through interactive and engaging methods. The episode emphasizes the critical need to incorporate these lessons into everyday education to protect children in an increasingly digital world.Cybertraps PodcastAI Standards, AI Ethics, and Cybersecurity for kids.Working for a company that has an International footprint How to support someone who wants to bring on tools. Guardrails, not blockade. NISTRegulations around AIIs it worthwhile for kids to learn standards about AI usage. A student should know and recognize there are correct and incorrect ways to use AI. With great power comes great responsibility. MakeITsecure academyOnce data is exposed, they're being watched and tracked all the timeKids will turn 18 with data exposed for years. How to teach kids without it being a gotcha! On a mission to protect every kid, one kid at a time. About Sam BourgeoisSam is the leader of a large managed services provider in the US serving global customers ranging from defense to education. He is the Sr. Dir. of Technology and Cybersecurity and leads the visioning of new products and services, oversees DEVSECOPs teams and serves as the cyber leader of the organization and many clients. He has deep telecommunication, IT, education, and corporate training industry experiences, and is passionate about serving those in need whether it's in Rotary or non-profit board membership. Socials: @makeitsecurellc = insta, Fbhttps://www.linkedin.com/company/102108099Webpresence LLC - https://www.makeitsecurellc.com/home501c3 - https://www.make-it-secure.org/LMS - https://makeitsecure.academy/Intro to the LMS and Courses - https://youtu.be/xEyFXhe6Z3E We're thrilled to be sponsored by IXL. IXL's comprehensive teaching and learning platform for math, language arts, science, and social studies is accelerating achievement in 95 of the top 100 U.S. school districts. Loved by teachers and backed by independent research from Johns Hopkins University, IXL can help you do the following and more:Simplify and streamline technologySave teachers' timeReliably meet Tier 1 standardsImprove student performance on state assessments
In this episode, host Jethro Jones discusses the crucial topic of AI and cybersecurity with Sam Bourgeois, an experienced IT director with a background in private industry and education. The conversation covers the importance of AI standards, the ethical implications of AI use, and the need for cybersecurity awareness among young people. Sam introduces 'Make It Secure Academy,' an innovative platform aimed at educating students about cybersecurity through interactive and engaging methods. The episode emphasizes the critical need to incorporate these lessons into everyday education to protect children in an increasingly digital world.Cybertraps PodcastAI Standards, AI Ethics, and Cybersecurity for kids.Working for a company that has an International footprint How to support someone who wants to bring on tools. Guardrails, not blockade. NISTRegulations around AIIs it worthwhile for kids to learn standards about AI usage. A student should know and recognize there are correct and incorrect ways to use AI. With great power comes great responsibility. MakeITsecure academyOnce data is exposed, they're being watched and tracked all the timeKids will turn 18 with data exposed for years. How to teach kids without it being a gotcha! On a mission to protect every kid, one kid at a time. About Sam BourgeoisSam is the leader of a large managed services provider in the US serving global customers ranging from defense to education. He is the Sr. Dir. of Technology and Cybersecurity and leads the visioning of new products and services, oversees DEVSECOPs teams and serves as the cyber leader of the organization and many clients. He has deep telecommunication, IT, education, and corporate training industry experiences, and is passionate about serving those in need whether it's in Rotary or non-profit board membership. Socials: @makeitsecurellc = insta, Fbhttps://www.linkedin.com/company/102108099Webpresence LLC - https://www.makeitsecurellc.com/home501c3 - https://www.make-it-secure.org/LMS - https://makeitsecure.academy/Intro to the LMS and Courses - https://youtu.be/xEyFXhe6Z3E Join the Transformative Mastermind Today and work on your school, not just in it. Apply today. We're thrilled to be sponsored by IXL. IXL's comprehensive teaching and learning platform for math, language arts, science, and social studies is accelerating achievement in 95 of the top 100 U.S. school districts. Loved by teachers and backed by independent research from Johns Hopkins University, IXL can help you do the following and more:Simplify and streamline technologySave teachers' timeReliably meet Tier 1 standardsImprove student performance on state assessments
Dave, Esmee, and Rob take a moment to look back on the wild ride that was Season 4—revisiting the themes that sparked the biggest conversations and the guests who left a lasting impression. They also reveal what's on their summer to-do lists and drop a few juicy hints about what's coming in Season 5. Get ready—it's going to be even bigger and bolder.Thank you to all our listeners and guests for joining us in Season 4 - have a great summer and we will see you in September!TLDR:00:40 Season 4 by the numbers – and a fun mix-up with round figures03:20 Reflecting on standout topics and memorable guests03:42 Scaling AI: Hyperscaler narratives, tech momentum, and the adoption gap13:18 Ethics in the AI era – how organizations can and must stay grounded18:12 The human factor: Why “human-in-the-loop” matters more than ever27:29 Sovereignty in tech – geopolitics, shifting narratives, and the rise of Sovereign AI37:16 A deep dive into Telco – highlights from our dedicated mini-series53:48 2025 tech trends with Gene Kim55:33 Listener Q&A: Daniel Delicate on Cynefin vs. IT operating models1:01:44 Andrea Kis on keeping humanity in fast-paced tech1:06:09 Ezhil Suresh on how we prep and record our podcast with top-tier guests1:11:38 John Eaton-Griffin on how guests have shaped our thinking1:17:19 A word from our co-host1:19:57 Looking ahead to Season 5: AAA episodes, new industry mini-series, and Hyperscaler events1:22:09 Meet our new AI companions: Substack and the Cloud Realities chatbot1:23:40 What's next for us this summerHostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett: https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini
The rise of structure software fueled globalization by streamlining operations across borders. Now, Cloud and AI are accelerating this momentum, enabling faster innovation, smarter decision-making, and scalable growth. By modernizing ERP with intelligent technologies, organizations can stay agile, competitive, and ready for the next wave of global transformation.This week, Dave, Esmee and Rob talk to Timo Elliott, Innovation Evangelist at SAP, to explore how SAP is driving globalization—and how organizations can accelerate innovation through the power of Cloud and AI. TLDR00:55 Introduction of Timo Elliott02:40 Rob shares his confusion about misleading online ads08:06 In-depth conversation with Timo46:32 Rethinking control in enterprise systems1:00:00 Brunch at a Paris café or joining an event?GuestTimo Elliott: https://www.linkedin.com/in/timoelliott/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett: https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini
Semper Valens Solutions designs DevSecOps infrastructure for DISA, develops cyber weapons systems for the Air Force, supports the Army's deployment of force protection platforms and C2 systems, plus does non-cleared work for DHA, VA, and the FBI. Company COO Nick Brown shares the importance of treating candidates well in the hiring process, doing more than just applying for the position, and how the company deals with the challenges of return to office. 4:20 Most positions are Secret to TS/SCI. Locations include San Antonio, Aberdeen, MD, Fort Belvoir, and Fort Huachuca, among others.5:47 Semper Valens means always strong.9:02 How the company works to build company cohesion and culture.Find complete show notes at: https://clearedjobs.net/semper-valens-solutions-valuing-every-candidate-podcast/_ This show is brought to you by ClearedJobs.Net. Have feedback or questions for us? Email us at rriggins@clearedjobs.net. Sign up for our cleared job seeker newsletter. Create a cleared job seeker profile on ClearedJobs.Net. Engage with us on LinkedIn, Facebook, Instagram, X, or YouTube. _
Brian Robbins is the CFO of GitLab, a DevSecOps platform that supports software innovation. He joins Motley Fool CEO, Tom Gardner, plus Chief Investment Officer Andy Cross and AI Engineer Karl Juhl for a conversation about: - How GitLab scaled for remote culture - How technology and AI have shifted over the years - GitLab's plan to handle the evolving cloud and DevOps landscape. Companies mentioned: GTLB Hosts: Tom Gardner, Andy Cross, Karl Juhl Guest: Brian Robbins Engineer: Bart Shannon Advertisements are sponsored content and provided for informational purposes only. The Motley Fool and its affiliates (collectively, "TMF") do not endorse, recommend, or verify the accuracy or completeness of the statements made within advertisements. TMF is not involved in the offer, sale, or solicitation of any securities advertised herein and makes no representations regarding the suitability, or risks associated with any investment opportunity presented. Investors should conduct their own due diligence and consult with legal, tax, and financial advisors before making any investment decisions. TMF assumes no responsibility for any losses or damages arising from this advertisement. Learn more about your ad choices. Visit megaphone.fm/adchoices
Bill Staples has spent 30 years redefining how the world writes, ships, and secures code.On this week's Grit, the GitLab CEO shares what it takes to lead a public, all-remote DevSecOps company trusted by more than half of the Fortune 100. He breaks down the discipline of managing energy instead of hours, why weekly operating cadences beat quarterly plans, and how AI will 10× software engineers by auto-debugging code and closing security gaps.Guest: Bill Staples, CEO of GitLabChapters:00:00 Trailer00:42 Introduction02:34 True joy in life08:16 Winning teams13:53 When the energy isn't there18:00 Super ambitious21:01 It's not just technology29:27 Elevating quality and standard41:36 Lifelong collaborator51:22 Competent intelligence54:22 Structuring goals and time1:03:59 Who GitLab is hiring1:04:17 What “grit” means to Bill1:04:54 OutroLinks:Connect with BillLinkedInConnect with JoubinXLinkedInEmail: grit@kleinerperkins.comLearn more about Kleiner Perkins
Interpol's Operation Secure dismantles a major cybercrime network, and Singapore takes down scam centers. GitLab patches multiple vulnerabilities in its DevSecOps platform. Researchers unveil a covert method for exfiltrating data using smartwatches. EchoLeak allows for data exfiltration from Microsoft Copilot. Journalists are confirmed targets of Paragon's Graphite spyware. France calls for comments on tracking pixels. Fog ransomware operators deploy an unusual mix of tools. Skeleton Spider targets recruiters by posing as job seekers on LinkedIn and Indeed. Erie Insurance suffers ongoing outages following a cyberattack. Our N2K Lead Analyst Ethan Cook shares insights on Trump's antitrust policies. DNS neglect leads to AI subdomain exploits. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we share a selection from today's Caveat podcast where Dave Bittner and Ben Yelin are joined by N2K's Lead Analyst, Ethan Cook, to take a Policy Deep Dive into “The art of the breakup: Trump's antitrust surge.” You can listen to the full episode here and find new episodes of Caveat in your favorite podcast app each Thursday. Selected Reading Interpol takes down 20,000 malicious IPs and domains (Cybernews) Singapore leads multinational operation to shutter scam centers tied to $225 million in thefts (The Record) GitLab patches high severity account takeover, missing auth issues (Bleeping Computer) SmartAttack uses smartwatches to steal data from air-gapped systems (Bleeping Computer) Critical vulnerability in Microsoft 365 Copilot AI called EchoLeak enabled data exfiltration (Beyond Machines) Researchers confirm two journalists were hacked with Paragon spyware (TechCrunch) Tracking pixels: CNIL launches public consultation on its draft recommendation (CNIL) Fog ransomware attack uses unusual mix of legitimate and open-source tools (Bleeping Computer) FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters (The Record) Erie Insurance confirms cyberattack behind business disruptions (Bleeping Computer) Why Was Nvidia Hosting Blogs About 'Brazilian Facesitting Fart Games'? (404 Media) Secure your public DNS presence from subdomain takeovers and dangling DNS exploits (Silent Push) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
© 2020-2025 Ivy Podcast Discovery LLC
