Podcasts about devsecops

Semper Valens Solutions designs DevSecOps infrastructure for DISA, develops cyber weapons systems for the Air Force, supports the Army's deployment of force protection platforms and C2 systems, plus does non-cleared work for DHA, VA, and the FBI. Company COO Nick Brown shares the importance of treating candidates well in the hiring process, doing more than just applying for the position, and how the company deals with the challenges of return to office. 4:20 Most positions are Secret to TS/SCI. Locations include San Antonio, Aberdeen, MD, Fort Belvoir, and Fort Huachuca, among others.5:47 Semper Valens means always strong.9:02 How the company works to build company cohesion and culture.Find complete show notes at: https://clearedjobs.net/semper-valens-solutions-valuing-every-candidate-podcast/_ This show is brought to you by ClearedJobs.Net. Have feedback or questions for us? Email us at rriggins@clearedjobs.net. Sign up for our cleared job seeker newsletter. Create a cleared job seeker profile on ClearedJobs.Net. Engage with us on LinkedIn, Facebook, Instagram, X, or YouTube. _

In this episode of the DevOps Toolchain podcast, we dive deep into the evolving intersection of AI, IoT, and embedded systems with special guest Hariharan Ragothaman who's a seasoned technologist and DevSecOps expert. Try out Insight Hub free for 14 days now: https://testguild.me/insighthub Hariharan shares how he went from programming in BASIC as a kid to leading cutting-edge AI server validation today. We explore the mindset shifts needed when moving from embedded systems to cloud-native architectures, and why having a security-first approach isn't just optional anymore — it's essential. We also discuss: ✅ The growing role of AI in embedded systems and IoT — and what that means for testers and engineers. ✅ Practical strategies for building a security mindset (even if you don't think of yourself as a “security person”). ✅ Favorite tools and techniques for shifting security left, including real-world examples and open-source tips. ✅ The balance between technical depth and leadership skills in an AI-powered future. ✅ Hariharan's personal approach to staying ahead of the curve, from continuous learning habits to favorite books and tools. Whether you're deep in DevSecOps, testing embedded devices, or just curious about where AI and IoT are taking us next, this episode is packed with actionable advice and fresh perspectives to help you stay ahead.

The current phase of software development is probably the most insecure era ever — there's so much more application and code that's vulnerable, according to Snyk CEO Peter McKay. “It was a struggle for security teams to keep up with the pace of software development prior to generative AI, and now with generative and copilot and Windsurf and all the tools that are out there, you know, they're moving even faster and security is struggling to keep up.” McKay joins Bloomberg Intelligence's head of technology research, Mandeep Singh, to discuss the application of large-language models for securing the use of tools, including Cursor and Github copilots. He also talks about the addressable market for DevSecOps (the development, security and operations approach), potential automation driven by AI and Snyk's acquisitions for both talent and product features as the attack surface expands in cybersecurity.

Quantum computing in 2025 is rapidly advancing toward commercialization, with breakthroughs in algorithms, scalable hardware, and cloud-based quantum services driving real-world applications across finance, healthcare, logistics, and cybersecurityThis week, Dave, Esmee, and Rob dive into the cutting edge of quantum computing with Catherine Vollgraff Heidweiller, Quantum AI PM at Google, and James Goeders, Head of Product for Google Quantum AI, exploring how far we've come since our June 2023 Quantumania! episode and what to expect from Willow—the bold fusion of quantum, AI, digital integration, deployment, and the broader tech ecosystem.TLDR00:46 Meet Catherine and James – intros and backgrounds02:22 Rob is confused about students using AI09:40 Deep dive with Catherine and James on the current state and future of Quantum48:01 Quantum isn't just tech—it's a whole new way of thinking1:01:37 Seize the moment and bringing external users onto quantum hardwareGuestCatherine Vollgraff Heidweiller: https://www.linkedin.com/in/cmv-vollgraffheidweiller/James Goeders: https://www.linkedin.com/in/james-goeders-8876a7164/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

The Daytona founders - Ivan Burazin and Vedran Jukic - discuss their pivot to an AI agent cloud. We dig into the new infrastructure requirements of developing agents that need their own sandboxes to operate in.A year ago, we had them on to talk about Daytona giving us remote development environments for humans, and they have now pivoted the company to focusing on providing cloud hosting environments for AI agents to operate.I suspect this is something we're all gonna eventually need to tackle as we work to automate more of our software engineering. So we spend time breaking down the concepts and the real world needs of humans developing agents, and then the needs of AI that require places to run their own tools in code.Check out the video podcast version here https://youtu.be/l8LBqDUwtV8Creators & Guests Cristi Cotovan - Editor Bret Fisher - Host Beth Fisher - Producer Ivan Burazin - Guest Vedran Jukic - Guest You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com (00:00) - Intro (06:08) - Daytona's Sandbox Technology (12:57) - Practical Applications and Use Cases (14:29) - Security and Isolation in AI Agents (17:59) - Start Up Times for Sandboxing and Kubernetes (22:51) - Daytona vs Lambda (31:06) - Rogue Models and Isolation (34:54) - Humanless Operations and the Future of DevOps (47:17) - SDK vs MCP (50:15) - Human in the Loop (51:13) - Daytona: Open Source vs Product Offering

In this episode, we sat down with AJ Yawn, Author of the upcoming book GRC Engineering for AWS and Director of GRC Engineering at Aquia, to discuss how GRC engineering can transform compliance.We discussed the current pain points and challenges in Governance, Risk, and Compliance (GRC), how GRC has failed to keep up with software development and the threat landscape, and how to leverage cloud-native services, AI, and automation to bring GRC into the digital era.We dove into:What the phrase “GRC Engineering” means and how it differs from traditional Governance, Risk and ComplianceWhat some of the major issues are with traditional compliance in the age of DevSecOps, Cloud, API's, Automation and now AISpecific examples of GRC Engineering, including the use of automation, API's and cloud-native services to streamline security control implementation, assessment and reportingThe promise and potential of AI in GRC, and how AJ is using various models for control assessments, artifact creation and more, and how GRC practitioners should be leveraging AI as a force multiplierAJ's new book “GRC Engineering For AWS: A Hands-On Guide to Governance, Risk and Compliance Engineering”

ePlus Security + F5 API Security Podcast Series where ePlus' David Tumlin and F5's Chuck Herrin share why visibility is the foundation of modern security—and how together, ePlus & F5 are helping organizations manage the real challenges of API security in today's hybrid, multi-cloud world.

Brian Robbins is the CFO of GitLab, a DevSecOps platform that supports software innovation. He joins Motley Fool CEO, Tom Gardner, plus Chief Investment Officer Andy Cross and AI Engineer Karl Juhl for a conversation about: - How GitLab scaled for remote culture - How technology and AI have shifted over the years - GitLab's plan to handle the evolving cloud and DevOps landscape. Companies mentioned: GTLB Hosts: Tom Gardner, Andy Cross, Karl Juhl Guest: Brian Robbins Engineer: Bart Shannon Advertisements are sponsored content and provided for informational purposes only. The Motley Fool and its affiliates (collectively, "TMF") do not endorse, recommend, or verify the accuracy or completeness of the statements made within advertisements. TMF is not involved in the offer, sale, or solicitation of any securities advertised herein and makes no representations regarding the suitability, or risks associated with any investment opportunity presented. Investors should conduct their own due diligence and consult with legal, tax, and financial advisors before making any investment decisions. TMF assumes no responsibility for any losses or damages arising from this advertisement. Learn more about your ad choices. Visit megaphone.fm/adchoices

The telecom industry is undergoing a fundamental transformation. This shift is creating new business opportunities and services but also brings significant challenges in transformation and modernization. In this special bonus episode, building on our Reimagining Telecoms mini-series, we dive into the current opportunities shaping today's dynamic telco landscape.This week, Dave, Esmee and Rob talk to Vivek Badrinath,  Director General of the GSMA about the current opportunities shaping today's dynamic telco landscape and the role of GSMA. TLDR01:38 Introduction to Vivek and the bonus episode03:48 In-depth conversation with Vivek Badrinath42:13 Can empathy become a strategic KPI in telecom?47:20 Event in Uzbekistan and doubling down on the digital ecosystem GuestVivek Badrinath: https://www.linkedin.com/in/vivekbadrinath/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/with Praveen Shankar: https://www.linkedin.com/in/praveen-shankar-capgemini/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

Neste episódio selvagem do Kubicast, nos embrenhamos na mata fechada dos sistemas distribuídos ao lado de Flávio Mendes, criador do Trilhainfo. De uma floresta irlandesa direto para sua timeline, o Flávio trouxe um papo afiado sobre arquitetura de sistemas, desafios reais e boas práticas para não cair nas armadilhas do overengineering.Conversamos sobre como evoluir de um monolito para microsserviços sem perder o fôlego, quais as pegadinhas comuns ao lidar com sistemas distribuídos em produção, e como manter a sanidade num ambiente crítico com SLAs apertados. Tudo com bom humor, exemplos práticos e aquele clima descontraído que você já conhece.Se você trabalha com arquitetura, cloud, engenharia ou está pensando em escalar seu sistema, esse papo é para você.Links Importantes:- Flávio Mendes- TrilhaInfo - João Brito- Assista ao FilmeTEArapiaParticipe de nosso programa de acesso antecipado e tenha um ambiente mais seguro em instantes!https://getup.io/zerocveO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

Bill Staples has spent 30 years redefining how the world writes, ships, and secures code.On this week's Grit, the GitLab CEO shares what it takes to lead a public, all-remote DevSecOps company trusted by more than half of the Fortune 100. He breaks down the discipline of managing energy instead of hours, why weekly operating cadences beat quarterly plans, and how AI will 10× software engineers by auto-debugging code and closing security gaps.Guest: Bill Staples, CEO of GitLabChapters:00:00 Trailer00:42 Introduction02:34 True joy in life08:16 Winning teams13:53 When the energy isn't there18:00 Super ambitious21:01 It's not just technology29:27 Elevating quality and standard41:36 Lifelong collaborator51:22 Competent intelligence54:22 Structuring goals and time1:03:59 Who GitLab is hiring1:04:17 What “grit” means to Bill1:04:54 OutroLinks:Connect with BillLinkedInConnect with JoubinXLinkedInEmail: grit@kleinerperkins.comLearn more about Kleiner Perkins

Welcome to a new episode of The Daily Windup! Today, I had the pleasure of speaking with Yolanda Clark, CEO of Powder River Industries, a small business that has successfully navigated the world of defense contracts and specialized in DevSecOps and infrastructure as code services. Yolanda shared her journey of bringing stability to her business by establishing headquarters in Wyoming while her spouse serves in the military. In our conversation, Yolanda explained the intricacies of DevSecOps, clarifying that it involves coding within secure environments, ensuring software compliance with cyber requirements from day one. We also discussed the differences between FedRAMP and their services, with Yolanda highlighting how they provide support at a specific point within the lifecycle for their defense customers. Listen now to learn more!

Join Jim McDonald and Jeff Steadman on the Identity at the Center podcast as they welcome Lalit Choda, founder and CEO of the Non-Human Identity Management Group. Lalit, also known as "Mr. NHI," shares his journey from investment banking to becoming a leading expert in non-human identities. This episode delves into the critical and often overlooked world of NHI, exploring why it's such a hot topic now, the challenges practitioners face in managing these identities, and how to approach the problem from a risk-based perspective. Lalit discusses the limitations of traditional PAM and IGA tools for NHI, the importance of foundational controls, and the alarming implications of AI on non-human identity management. Plus, hear a fun segment about vinyl records and some surprising finds!Chapter Timestamps:00:00:00 - Introduction to Lalit Choda and the NHI Community00:02:31 - Welcome to the Identity at the Center Podcast & IdentiVerse Discussion00:06:18 - Lalit Choda's Identity Origin Story: From Mr. SOX to Mr. NHI00:12:03 - Why Non-Human Identities Are a Big Deal Right Now00:15:37 - Defining NHI and the Practitioner's Framework00:19:13 - The Scale and Challenges of NHI Management00:23:01 - New Types of NHI and Tooling Limitations00:27:12 - The Lack of a Single Source of Truth for NHI00:33:57 - Prioritizing NHI Management and the Role of PAM00:38:58 - A Risk-Based Approach to NHI and Foundational Controls00:48:15 - What Scares Lalit Most About NHI (and AI)00:50:54 - Lalit's Impressive Vinyl Collection00:56:38 - Jim and Jeff's First, Best, and Favorite Albums01:01:15 - The Intersection of Music and Non-Human Identities01:02:00 - Wrapping Up & Where to Find More InformationConnect with Lalit: https://www.linkedin.com/in/lalit-choda-5b924120/Non-Human Identity Management Group: https://www.nhimg.org/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comKeywords:Lalit Choda, Non-Human Identity, NHI, Machine Identity, Workload Identity, Identity Management, Cybersecurity, PAM, IGA, Privilege Access Management, Identity Governance and Administration, Secrets Management, Cloud Security, AI, Artificial Intelligence, DevSecOps, Risk-Based Approach, Identity Security, Service Accounts, Identity at the Center, IDAC, Jeff Steadman, Jim McDonald, IdentiVerse, Vinyl Collection, Podcast, Mr. NHI#idac #nonhumanidentity #machineidentity #cybersecurity #identityaccessmanagement #IAM #infosec #digitalidentity #workloadsecurity #devsecops #cloudsecurity #privilegedaccessmanagement #identitygovernance #zerotrust #nhi #mrnhi

DevSecOps is transforming how organizations build, secure, and deploy software. In this session, we explore the emerging trends and forward-looking predictions shaping DevSecOps in 2025 — from AI-driven automation to shifting-left security strategies. As cyber threats grow more advanced, integrating security seamlessly into DevOps pipelines has become a business-critical priority. This episode highlights what's next for secure software development, and how professionals can adapt to stay ahead.

[AAA] In 'Access All Areas' shows we go behind the scenes with the crew and their friends as they dive into complex challenges that organizations face—sometimes getting a little messy along the way.This week, we address the ‘big rocks' that can obstruct or delay successful outcomes in organizational transformations. Dave, Esmee, and Rob are joined by Jasmin Booth, Head of Product Delivery to discuss the transformation to being a (digital) product based organization.TLDR05:22 Access All Areas: This third episode focuses on the products we build that drive outcomes.06:52 Conversation with Jasmin about our digital products37:06 What makes it better to be in a product centric organization? 54:00 Conclusion of the seven Big Rocks and how to smash them59:00 Going on the Blue Bell railway HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/with Jasmin Booth: https://www.linkedin.com/in/jasminbooth15/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

Interpol's Operation Secure dismantles a major cybercrime network, and Singapore takes down scam centers. GitLab patches multiple vulnerabilities in its DevSecOps platform. Researchers unveil a covert method for exfiltrating data using smartwatches. EchoLeak allows for data exfiltration from Microsoft Copilot. Journalists are confirmed targets of Paragon's Graphite spyware. France calls for comments on tracking pixels. Fog ransomware operators deploy an unusual mix of tools. Skeleton Spider targets recruiters by posing as job seekers on LinkedIn and Indeed. Erie Insurance suffers ongoing outages following a cyberattack. Our N2K Lead Analyst Ethan Cook shares insights on Trump's antitrust policies. DNS neglect leads to AI subdomain exploits. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we share a selection from today's Caveat podcast where Dave Bittner and Ben Yelin are joined by N2K's Lead Analyst, Ethan Cook, to take a Policy Deep Dive into “The art of the breakup: Trump's antitrust surge.” You can listen to the full episode here and find new episodes of Caveat in your favorite podcast app each Thursday.   Selected Reading Interpol takes down 20,000 malicious IPs and domains (Cybernews) Singapore leads multinational operation to shutter scam centers tied to $225 million in thefts (The Record) GitLab patches high severity account takeover, missing auth issues (Bleeping Computer) SmartAttack uses smartwatches to steal data from air-gapped systems (Bleeping Computer) Critical vulnerability in Microsoft 365 Copilot AI called EchoLeak enabled data exfiltration (Beyond Machines) Researchers confirm two journalists were hacked with Paragon spyware (TechCrunch) Tracking pixels: CNIL launches public consultation on its draft recommendation (CNIL) Fog ransomware attack uses unusual mix of legitimate and open-source tools (Bleeping Computer) FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters (The Record) Erie Insurance confirms cyberattack behind business disruptions (Bleeping Computer) Why Was Nvidia Hosting Blogs About 'Brazilian Facesitting Fart Games'? (404 Media)  Secure your public DNS presence from subdomain takeovers and dangling DNS exploits (Silent Push) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Every organization is built on people, structures, and culture. But culture isn't static—it evolves with every interaction, ambition, and shift in circumstance. As IT drives business transformation, new technologies reshape how people connect and collaborate. In this ever-changing landscape, a strong, adaptive culture is the key to lasting success. This week, Dave, Esmee and Rob talk to Jitske Kramer, Corporate Anthropologist about what technology is doing to cultures and human systems and how AI can mess with the narrative. TLDR00:50  Introduction of Jitske Kramer and her book Navigating Tricky Times02:05  Rob shares his confusion about saying “thank you” to AI07:25  In-depth conversation with Jitske Kramer11:30  Visual communication via tattoos even at AWS re:Invent25:00 Corporate framing and what's going on within organizations today46:22  Exploring the contrast between the natural pace of human transformation and the rapid acceleration of technology54:14  Editing the documentary Patterns of Life55:56  Esmee's 2x Outro speed surprises everyone!Guest:Jitske Kramer: https://www.linkedin.com/in/jitskekramer/https://jitskekramer.substack.com/Tricky Times event: https://tricky-times.com/events/navigating-tricky-times-leading-through-the-messy-middle-of-change/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/ SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/ 'Cloud Realities' is an original podcast from Capgemini

Segurança em aplicações não é coisa de outro mundo. Neste episódio do Kubicast, recebemos André Esteves e Matheus Farias, duas feras do iFood que vivem o dia a dia da Application Security (AppSec) na veia! Com muito bom humor e bastante casca de produção, eles compartilham a rotina, os desafios e os aprendizados de quem realmente coloca a mão na massa para proteger sistemas em larga escala.A conversa vai de OWASP Top 10 à política de travamento de PRs, passando por burp suite, cultura dev, roles de segurança, hardening de imagens base com zero CVEs e o papel crucial dos soft skills para quem quer entrar na área. Se você acha que segurança é só sobre hacker de hoodie e terminal verde piscando, esse papo vai te mostrar a real!Links Importantes:- Andre Esteves - https://www.linkedin.com/in/andreestevespaiva/- Matheus Farias - https://www.linkedin.com/in/eu-matheus-farias-devsecops/- João Brito - https://www.linkedin.com/in/juniorjbn- Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflMParticipe de nosso programa de acesso antecipado e tenha um ambiente mais seguro em instantes!https://getup.io/zerocveO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

Technology and software development can take years to field capabilities that may no longer meet mission needs once they reach the finish line. Some department compliance practices can add 12-18 months for authorization. At the AWS Summit in Washington, D.C., Marine Corps Community Services Digital Program Manager David Raley said that his office is accelerating the development and approval processes for mission capability. Raley highlighted solutions like AWS GovCloud and a certified DevSecOps platform that help reduce authorization times from a year to 15 minutes. Raley also talked about the ways DOD is advancing zero trust implementation and security in cloud-native environments.

Send us a textIn this episode of Relating to DevSecOps, Ken and Mike discuss the challenges faced by CISOs in today's security landscape, particularly the struggle to balance immediate security needs with long-term preventative strategies. They explore the disconnect between security leadership and practitioners, the urgency of addressing security issues, and the importance of understanding the root causes of vulnerabilities. The conversation emphasizes the need for CISOs to engage more deeply with their teams and to focus on effective, context-driven security solutions rather than simply reacting to the latest threats.

DevSecOps: الأمان ماشي اختيار، راه ضرورة، خاصة في الخدمات العمومية اللي كتخدم الملايين ديال المغاربة.

Julián Duque from Heroku joins me to explain and demo their new AI platform.Check out the video podcast version here https://youtu.be/BGqlLZHdRDsCreators & Guests Cristi Cotovan - Editor Bret Fisher - Host Beth Fisher - Producer Julián Duque - Guest You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com (00:00) - Introduction (05:12) - Deep Dive into Heroku's AI Capabilities (14:23) - Heroku MCP server (28:27) - Describing MCP Tool Interactions (30:48) - DevOps Automation with Heroku MCP server (37:02) - Heroku AI and Future Prospects

Discover how emotional intelligence is revolutionizing cybersecurity leadership in this episode of AWS Executive Insights, featuring Hart Rossman, VP of Global Services Security. Beyond technical expertise, security leaders must cultivate empathy, emotional regulation, and interpersonal skills within their workforce in order to avoid burnout, reduce human errors, and realize greater productivity. Learn how AWS is transforming traditional DevSecOps team management by integrating emotional intelligence training with incident response capabilities, leading to faster resolution times and more resilient security operations. Rossman also discusses how empathy and psychological safety are becoming critical differentiators in building high-performance security teams. This conversation is essential for any leaders looking to elevate their teams' effectiveness through enhanced emotional intelligence and cultural transformation. Watch now to uncover the critical connection between EQ and security excellence.

The telecom industry is undergoing a fundamental transformation. This shift is creating new business opportunities and services but also brings significant challenges in transformation and modernization. In a new five-part mini-series, Reimagining Telecoms, we will explore these challenges through five distinct lenses: Growth, Networks, Simplification, Data & AI, and Regulation, uncovering lessons and insights relevant to telecom organizations and beyond. This week, in the final episode of the mini-series, Dave, Esmee, and Rob talk to Nik Willetts, CEO of TM Forum, to discuss growth—the telco industry's biggest challenge—and how it intersects with Hyperscalers, innovation, and shaping the industry's future. TLDR01:05 Introduction of Nik and an update on the mini-series03:41 Main conversation with Nik Willetts29:10 Navigating the balance between collaboration and competition34:57 Looking ahead to DTW Ignite, the Dolomites, and Brunello wine, served by sommelier Rob GuestNik Willetts: https://www.linkedin.com/in/nikwilletts/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/with Praveen Shankar: https://www.linkedin.com/in/praveen-shankar-capgemini/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

Firefly is a cloud infrastructure automation platform that helps cloud teams, DevOps, SRE, platform engineering, DevSecOps, and other groups manage their entire cloud as code. Firefly helps to manage cloud complexity and produce consistent and efficient cloud platforms with code. To help Firefly better understand their customers and industry trends around Infrastructure as Code (IaC),... Read more »

Firefly is a cloud infrastructure automation platform that helps cloud teams, DevOps, SRE, platform engineering, DevSecOps, and other groups manage their entire cloud as code. Firefly helps to manage cloud complexity and produce consistent and efficient cloud platforms with code. To help Firefly better understand their customers and industry trends around Infrastructure as Code (IaC),... Read more »

Launching our new Podcast: https://agenticdevops.fmBret and Nirmal are at KubeCon London and record their ideas about how AI Agents will change DevOps, platform engineering, SRE, automation, troubleshooting, and more.Creators & Guests Cristi Cotovan - Editor Bret Fisher - Host Beth Fisher - Producer Nirmal Mehta - Host You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Warfighters in the Department of Defense (DoD) operate in high-stakes environments where security, efficiency, and speed are critical. In such environments DevSecOps has become crucial in the drive toward modernization and overall mission success. A recent study led by researchers at the Carnegie Mellon University Software Engineering Institute (SEI) examined the state of DevSecOps within the Department of Defense. In this podcast, Eileen Wrubel, the SEI's Transforming Software Acquisition Policy and Practice technical director, sits down with George Lamb, director for DoD Cloud and Software Modernization in the Information Enterprise Office of the DoD CIO, which is responsible for the DoD Software Modernization Strategy and its associated implementation plan, and Bill Nichols, lead of the SEI's Software Engineering Measurement and Analysis work. They discuss DevSecOps successes in the DoD and opportunities for scaling its impact.

Firefly is a cloud infrastructure automation platform that helps cloud teams, DevOps, SRE, platform engineering, DevSecOps, and other groups manage their entire cloud as code. Firefly helps to manage cloud complexity and produce consistent and efficient cloud platforms with code. To help Firefly better understand their customers and industry trends around Infrastructure as Code (IaC),... Read more »

Get featured on the show by leaving us a Voice Mail: https://bit.ly/MIPVM

During the upcoming OWASP Global AppSec EU in Barcelona, Spyros Gasteratos, long-time OWASP contributor and co-founder of Smithy, to explore how automation, collaboration, and community resources are shaping the future of application security. Spyros shares the foundation of his talk at OWASP AppSec Global: building a DevSecOps program from scratch using existing community tools—blending technical guidance with a celebration of open-source achievements.Spyros emphasizes that true progress in security stems not from an ever-growing stack of tools, but from aligning the humans behind them. According to him, security failures often stem from fragmented information and misaligned incentives across teams. His solution? Bring the teams together with a shared, streamlined flow of information and automate wherever possible to reduce wasted cycles and miscommunication.At the core of Spyros' philosophy is the need to turn AppSec from a blocker into a builder. Rather than overwhelming developers with endless bug reports, or security leaders with red dashboards, programs need to reflect the actual risk appetite of the business—prioritizing issues dynamically based on impact, timing, and operational goals. He challenges the one-size-fits-all approach, advocating instead for tagging systems that defer certain risks and encode organizational priorities in automation logic.A major part of that transformation lies in Smithy, the platform he's helping build. It's designed to be “Zapier for security”—an automation engine rooted in open-source standards that allows for custom workflows without creating a tangle of fragile scripts. The idea is to let teams focus on what's unique to them, while relying on battle-tested components for the rest.Looking ahead, Spyros doesn't buy into the doom-and-gloom narrative about AI limiting developer creativity. On the contrary, he argues that AI-enabled coding frees up cognitive space for better architecture and secure design thinking. In his view, creativity doesn't die—it just shifts from syntax to strategy.This episode is more than a discussion—it's a blueprint for how teams can rally around a common goal, and how OWASP's community can be the catalyst. Tune in to hear how open-source, automation, and human alignment are redefining AppSec from the ground up.GUEST: Spyros Gasteratos | OpenCRE co-lead and Founder of smithy.security | https://www.linkedin.com/in/spyr/HOST: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.comSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESSpyros' Session: A completely pluggable DevSecOps programme, for free, using community resources (https://owasp2025globalappseceu.sched.com/event/1whCB/a-completely-pluggable-devsecops-programme-for-free-using-community-resources)Learn more and catch more stories from OWASP Global AppSec EU 2025 Conference coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Traditional businesses are transforming to enhance consumer engagement and operational efficiency by integrating advanced technologies, helping them stay competitive in the digital age; how can technology best support this transformation?This week, Dave, Esmee and Rob talk to Sandeep Seeripat, CIO at Twinings about how the 300-year-old tea company is undergoing a business transformation. They explore strategies to enhance consumer engagement and operational efficiency, and how Twinings is repositioning itself in the digital world.TLDR00:40 Introduction of Sandeep Seeripat04:03 Rob is confused about by the AI's overly sycophantic behavior07:20 Conversation with Sandeep about three Centuries of Innovation at Twinings43:18 What if brands created with the sensitivity of an artist?53:25 Capture that perfect picture in South AfricaGuestSandeep Seeripat: https://www.linkedin.com/in/sandeepseeripat/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

Deploying cloud-centric technologies such as Kubernetes in edge environments poses challenges, especially for mission-critical defense systems. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Patrick Earl, Doug Reynolds, and Jeffrey Hamed, all DevOps engineers in the SEI's Software Solutions Division, sit down with senior reesearcher Jose Morales to discuss a recent case study involving the deployment of a hypervisor onto edge devices in a resource-constrained environment.

At KubeCon EU 2025 in London, Nirmal and I discussed the important (and not-so-important) things you might have missed. There's also a video version of this show on YouTube.Creators & Guests Cristi Cotovan - Editor Beth Fisher - Producer Bret Fisher - Host Nirmal Mehta - Host (00:00) - DDT Audio Podcast Edited (00:04) - Intro (01:24) - KubeCon 2025 EU Overview (03:24) - Platform Engineering and AI Trends (07:03) - AI and Machine Learning in Kubernetes (15:38) - Project Pavilions at KubeCon (17:05) - FinOps and Cost Optimization (20:39) - HAProxy and AI Gateways (24:00) - Proxy Intelligence and Network Layer Optimization (26:52) - Developer Experience and Organizational Challenges (29:23) - Platform Engineering and Cognitive Load (35:54) - End of Life for CNCF Projects You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

[AAA] In 'Access All Areas' shows we go behind the scenes with the crew and their friends as they dive into complex challenges that organisations face—sometimes getting a little messy along the way. This week, in what may or may not be our 100th episode, Dave, Esmee and Rob talk to James Wilson, AI Ethicist and Lead Gen AI Architect and Philip Harker, Advisory Lead, Insights and Data at Capgemini UK, about exploring the deep importance of ethics as we move forward into the intelligence age.  TLDR00:42 Is this really our 100th episode or not?04:38 What is a team AAA episode and welcoming James and Philip06:12 Rob sets the stage, why AI Ethics matters09:42 In-depth chat with James and Philip59:11 Exploring AI and quantum as innovation boosters1:06:00 A quiet weekend and Safe AI for KidsGuestsJames Wilson: https://www.linkedin.com/in/james-wilson-1938a1/Philip Harker: https://www.linkedin.com/in/philip-harker-243300/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

No episódio 169 do Kubicast, batemos um papo com Rafael Ferreira sobre um tema fundamental, mas muitas vezes negligenciado: a arte de conversar. Sim, a gente conversou sobre conversar! De forma descontraída e bem-humorada, destrinchamos como a comunicação impacta nossas carreiras, nosso networking e até o modo como nos vestimos em eventos tech.Falamos sobre gifs em palestras, sobre a "cara de pau" que ajuda a romper bolhas, e sobre como não adianta ser o melhor se ninguém souber disso. O Rafael compartilhou aprendizados de eventos, bastidores do Low Ops e sua jornada até virar MVP da Microsoft. Spoiler: ele usou o podcast como estratégia de networking. E funcionou.Participe do nosso programa de acesso antecipado de Imagens Zero CVE: getup.io/zerocveO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

We are happy to have Kayra Otaner as a special guest on the Absolute AppSec podcast. Kayra (kayraotaner on LinkedIn and X/twitter), the current Director of DevSecOps at Roche, brings over 15 years of cybersecurity leadership experience from New York and Wall Street. He's led DevSecOps and DevOps teams across a variety of organizations, including ADP, Voice, and adMarketplace, and has served as a trusted CTO advisor for Trendyol. His background also includes cybersecurity consulting for the Turkish Navy, where he helped develop a defense solution that was later deployed in NATO's Locked Shields cyber defense war games in Tallinn. Kayra is a frequent speaker at international DevSecOps conferences and serves on the Business and Computer Science Advisory Board at Middlesex County College in New Jersey. During this episode of the podcast Kayra discusses his journey into information security and spurs on his recent thoughts on authenticating open source developers through models similar to TSA PreCheck.

On this episode of The Defense Unicorns Podcast, host Rebecca Lively sits down with Brandt Keller, software engineer and CNCF ambassador, to explore what happens when a former Marine brings his frontline mindset to DevSecOps. Brandt's story is one of relentless problem-solving, especially in disconnected, air-gapped environments where “cloud-native” has to mean something entirely different.Brandt unpacks how open source can be both a lifeline and a liability in government systems, and why just consuming it isn't enough—real security means showing up, contributing, and understanding what's under the hood. He shares his perspective on trust, transparency, and why the U.S. government's lack of contribution to critical tools like Kubernetes might be the real risk. The conversation also explores the cultural shift required to embrace open ecosystems in highly regulated spaces.From debates over supply chain security and SBOMs to the practical challenges of deploying software in classified settings, this episode offers a grounded, behind-the-scenes look at what it takes to build tools that truly work at the tactical edge. Key Quote:“ When you try to take something that is not airgap friendly and make it airgap friendly, you quickly find out that you made a lot of assumptions about how this thing would be used and where, and kind of the underlying infrastructure and when you try to work back for them that it's, it, it's difficult. It's not something you can't overcome. It's not insurmountable, but it is difficult. But you also find out that there's just a lot of areas for. Resiliency that you didn't also plan for, that applied to connected environments. And so this is where I've kind of been diving into this more and more lately to try and to describe, and build some knowledge to around why this is important for kind of building any application today. It may be a little niche to go to the extreme of air gap, but I believe like there's still some of these underlying cloud native fundamentals that is like, if you start with the ability for knowing how your architecture adapts to varying levels of connectivity, then you're probably building a stronger, more resilient system overall.”Brandt KellerTime Stamps:(03:19) The Defense Sector and Career Path(06:15) Becoming a Cloud Native Computing Foundation Ambassador(09:48) Open Source Contributions and the Challenges(14:14) Government and the lack of Open Source(32:53) Kubernetes and Foreign Contributions(37:24) The Importance of Air Gap in Cloud Native Tools(53:16) Lightning Round Links:Connect with Brandt KellerConnect with Rebecca LivelyLearn More About Defense Unicorns

GRC (Governance, Risk, and Compliance) and DevSecOps (Development, Security, and Operations) are complementary frameworks that aim to ensure secure and compliant software development. Our guest today is Brandon Karpf, friend of the show, founder of T-Minus Space Daily, and cybersecurity expert. Brandon explains  why integrated GRC and DevSecOps are non-negotiables for space startups.  Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. T-Minus Crew Survey We want to hear from you! Please complete our 4 question survey. It'll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

At OWASP AppSec Global in Barcelona, the focus is clear: building secure software with and for the community. But it's not just about code or compliance. As Avi Douglen, OWASP Foundation board member, describes it, this gathering is a “hot tub” experience in contrast to the overwhelming scale of mega conferences. It's warm, immersive, and welcoming—designed for people who want to contribute, connect, and create.OWASP is more than just another security organization. It's a community-driven foundation that enables builders, breakers, defenders, and leaders to come together in pursuit of secure product development. This year's conference reflects that same inclusive energy. Whether you're a software engineer, architect, DevOps professional, security champion, or product manager, the sessions and networking spaces are built to meet you where you are—and help you grow.Beyond the BuzzwordsUnsurprisingly, AI will have a strong presence this year. But the conversations aren't limited to hype. Two flagship OWASP projects now focus on AI and LLMs—one on securing applications that use AI, the other on building secure AI systems themselves. Talks will unpack familiar problems in new contexts, like prompt injection mirroring the dynamics of older injection vulnerabilities. In other words: the technology shifts, but the core principles remain relevant.Diverse Tracks, Real ConversationsAttendees can engage across five curated tracks: builders, breakers, defenders, managers & culture, and project showcases. Topics range from threat modeling and DevSecOps to scaling security programs and fostering team culture. A dedicated training program, including hands-on sessions in secure coding and security champions, ensures practical takeaways—not just theory.Plus, the event embraces connection. A newcomer orientation, Women in AppSec gathering, hallway chats, evening socials, and even speed mentoring sessions all contribute to a vibrant, accessible experience where everyone—from seasoned leaders to curious newcomers—can find their place.A Truly Global CommunityWith participants flying in from all corners of the world, OWASP AppSec Global lives up to its name. The conversations, relationships, and tools that emerge from this event ripple far beyond Barcelona. If you build, secure, or manage software, this is one conference where showing up matters—not just for what you'll learn, but for who you'll meet.__________________________________Guest: Avi Douglen | Global Board of Directors at OWASP Foundation & Founder and CEO at Bounce Securityhttps://www.linkedin.com/in/avidouglen/Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine:  https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsManicode Security: https://itspm.ag/manicode-security-7q8i____________________________ResourcesLearn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spain____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Understanding the true environmental cost of digital innovation is crucial for governments aiming to embed sustainability into their digital delivery processes. Governments are embedding sustainability into the heart of digital delivery. Can governments ensure that their digital advancements contribute positively to the environment while maintaining efficiency and effectiveness in their services?This week, Dave, Esmee, and Rob talk to Liam Walsh, Chief Architect, and Paul Mukherjee, CTO at the UK Department for Environment, Food and Rural Affairs (Defra), to explore how the UK government is embedding sustainability into the heart of digital delivery—and holding tech suppliers accountable.TLDR00:32 Introduction of Liam Walsh and Paul Mukherjee01:47 Rob is not confused but Marcel has frustrations with the slow pace of AI implementation05:50 Discussion with Liam and Paul on integrating sustainability within government operations31:17 The significance of Fusion Teams36:18 Attending a gig and reading AI books in front of the caravanGuestsLiam Walsh: https://www.linkedin.com/in/liamjameswalsh/Paul Mukherjee: https://www.linkedin.com/in/paulmukherjee/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

Guest: Diana Kelley, CSO at Protect AI  Topics: Can you explain the concept of "MLSecOps" as an analogy with DevSecOps, with 'Dev' replaced by 'ML'? This has nothing to do with SecOps, right? What are the most critical steps a CISO should prioritize when implementing MLSecOps within their organization? What gets better  when you do it? How do we adapt traditional security testing, like vulnerability scanning, SAST, and DAST, to effectively assess the security of machine learning models? Can we? In the context of AI supply chain security, what is the essential role of third-party assessments, particularly regarding data provenance? How can organizations balance the need for security logging in AI systems with the imperative to protect privacy and sensitive data? Do we need to decouple security from safety or privacy? What are the primary security risks associated with overprivileged AI agents, and how can organizations mitigate these risks?  Top differences between LLM/chatbot AI security vs AI agent security?  Resources: “Airline held liable for its chatbot giving passenger bad advice - what this means for travellers” “ChatGPT Spit Out Sensitive Data When Told to Repeat ‘Poem' Forever” Secure by Design for AI by Protect AI “Securing AI Supply Chain: Like Software, Only Not” OWASP Top 10 for Large Language Model Applications OWASP Top 10 for AI Agents  (draft) MITRE ATLAS “Demystifying AI Security: New Paper on Real-World SAIF Applications” (and paper) LinkedIn Course: Security Risks in AI and ML: Categorizing Attacks and Failure Modes

At Knowledge 2025, the spotlight is on big announcements and bold innovations—but we're taking you behind the scene!. In this two-part special, we dive into the engine driving ServiceNow's evolution, with exclusive conversations you won't hear on the main stage.In Part 2, Dave, Esmee, and Rob speak with Amanda Joslin, Senior Director of Platform and AI Innovation Product Management at ServiceNow, about the latest announcements from Knowledge 2025. They discuss how AI is being embedded directly into workflows and customer experiences through proactive, intelligent automation. TLDR02:09 Introduction of Amanda Joslin and Knowledge 202502:48 Rob is confused about seating at large conferences09:45 Conversation with Amanda Joslin on the main announcements at Knowledge 2025 and the ServiceNow platform52:20 Kill the Backlog and moving toward a zero-backlog operating model57:32 Jamaica, sunshine, and the sea GuestAmanda Joslin: https://www.linkedin.com/in/amandajoslin/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

At Knowledge 2025, the spotlight is on big announcements and bold innovations—but we're taking you behind the scene!. In this two-part special, we dive into the engine driving ServiceNow's evolution, with exclusive conversations you won't hear on the main stage.In Part 1, Dave, Esmee, and Rob sit down with Karel van der Poel, SVP of Products at ServiceNow, to reflect on a decade of growth. They explore what it really takes to drive meaningful innovation—not just scattered ideas, but a clear vision, the ability to scale, and a focus on lasting impact.TLDR00:54 Welcome to Knowledge 2025: Inside ServiceNow's flagship conference05:30 Rob is confused about the tension between Big Tech, Big Government, and Innovation 12:22 Conversation with Karel van der Poel, scaling innovation at ServiceNow 51:30 Designing trust and what it takes to build AI agents people rely on 59:40 From platforms to the open seaGuestKarel van der Poel: https://www.linkedin.com/company/andersindset/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

Kubernetes revolutionized the way software is built, deployed, and managed, offering engineers unprecedented agility and portability. But as Edera co-founder and CEO Emily Long shares, the speed and flexibility of containerization came with overlooked tradeoffs—especially in security. What started as a developer-driven movement to accelerate software delivery has now left security and infrastructure teams scrambling to contain risks that were never part of Kubernetes' original design.Emily outlines a critical flaw: Kubernetes wasn't built for multi-tenancy. As a result, shared kernels across workloads—whether across customers or internal environments—introduce lateral movement risks. In her words, “A container isn't real—it's just a set of processes.” And when containers share a kernel, a single exploit can become a system-wide threat.Edera addresses this gap by rethinking how containers are run—not rebuilt. Drawing from hypervisor tech like Xen and modernizing it with memory-safe Rust, Edera creates isolated “zones” for containers that enforce true separation without the overhead and complexity of traditional virtual machines. This isolation doesn't disrupt developer workflows, integrates easily at the infrastructure layer, and doesn't require retraining or restructuring CI/CD pipelines. It's secure by design, without compromising performance or portability.The impact is significant. Infrastructure teams gain the ability to enforce security policies without sacrificing cost efficiency. Developers keep their flow. And security professionals get something rare in today's ecosystem: true prevention. Instead of chasing billions of alerts and layering multiple observability tools in hopes of finding the needle in the haystack, teams using Edera can reduce the noise and gain context that actually matters.Emily also touches on the future—including the role of AI and “vibe coding,” and why true infrastructure-level security is essential as code generation becomes more automated and complex. With GPU security on their radar and a hardware-agnostic architecture, Edera is preparing not just for today's container sprawl, but tomorrow's AI-powered compute environments.This is more than a product pitch—it's a reframing of how we define and implement security at the container level. The full conversation reveals what's possible when performance, portability, and protection are no longer at odds.Learn more about Edera: https://itspm.ag/edera-434868Note: This story contains promotional content. Learn more.Guest: Emily Long, Founder and CEO, Edera | https://www.linkedin.com/in/emily-long-7a194b4/ResourcesLearn more and catch more stories from Edera: https://www.itspmagazine.com/directory/ederaLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, emily long, containers, kubernetes, hypervisor, multi-tenancy, devsecops, infrastructure, virtualization, cybersecurity, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

In this closing update for the day from the RSAC conference show floor, Sean Martin and Marco Ciappelli reflect on the energy, conversations, and technology shaping cybersecurity today—and what's coming next. With dozens of interviews under their belts, the duo shares what's standing out across sessions and show-floor discussions.Resilience has become a key destination, with innovation—especially around AI and quantum technologies—paving the way forward. Conversations touch on how security leaders are adjusting to new threat models, merging traditional disciplines like AppSec and DevSecOps with emerging areas such as vibe coding and container security. There's a clear sense that the dialogue has shifted: zero trust isn't just a topic; it's embedded across many conversations. AI is no longer speculative—it's embedded in discussions about GRC, automation, and security architecture.Sean brings a technical and operational lens, while Marco plans to explore the societal implications in future conversations—something noticeably less discussed this year, but still deeply relevant. With more content being edited and released over the next few days, the team invites listeners to stay tuned for articles, panels, and post-conference reflections.From San Francisco to London, Vegas, and maybe even Australia—this conversation is just getting started.___________Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974Akamai: https://itspm.ag/akamailbwcBlackCloak: https://itspm.ag/itspbcwebSandboxAQ: https://itspm.ag/sandboxaq-j2enArcher: https://itspm.ag/rsaarchwebDropzone AI: https://itspm.ag/dropzoneai-641ISACA: https://itspm.ag/isaca-96808ObjectFirst: https://itspm.ag/object-first-2gjlEdera: https://itspm.ag/edera-434868___________ResourcesLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage___________KEYWORDSsean martin, marco ciappelli, rsac 2025, quantum, ai, grc, devsecops, zero trust, appsec, resilience, event coverage, on location, conference___________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

TechnoVision 2025 by Capgemini helps business leaders and technologists understand and prioritize emerging technologies. It provides a clear view of tech trends, guiding decision-makers to enhance organizational effectiveness. TechnoVision acts as a beacon in the evolving technology landscape.In this very special episode, Dave, Esmee, and Rob talk in detail with the Capgemini Data-Powered Innovation Jam podcast team, featuring Ron Tolido, CTO and CIO Insight & Data Global; Weiwei Feng, Global Tech Lead AI & Generative AI; and Robert Engels, Head Global AI Lab. They explore the seven containers in TechnoVision 2025, which organizes current trends into distinct areas that shape how businesses will innovate, operate, and expand.TLDR00:50 Teaming between the Cloud Realties hosts and the Data-Powered Innovation Jam podcast team05:52 Introduction by Ron Tolido, what's new in TechnoVision 2025 and the 7 main containers 12:25 Invisible Infostructure by Rob Kernahan21:32 Applications Unleashed by Ron Tolido37:30 Thriving on Data by Robert "Dr. Bob" Engels47:36 Process on the Fly by Weiwei Feng1:02:40 We Collaborate by Dave Chapman1:13:27 You Experience by Esmee van de Giessen1:26:39 Balance by Design by Ron Tolido1:28:06 Overall conclusionGuestsRon Tolido: https://www.linkedin.com/in/rtolido/Robert (Dr. Bob) Engels: https://www.linkedin.com/in/robertengels/Weiwei Feng: https://www.linkedin.com/in/weiwei-feng-a2417795/Data-Powered Innovation Jam podcast https://www.capgemini.com/insights/research-library/data-powered-innovation-jam-podcast/TechnoVision 2025https://www.capgemini.com/insights/research-library/technovision-2025/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

Send us a textIn this must-listen episode of Relating to DevSecOps, Ken welcomes the ever-inspiring Tanya Janca, aka SheHacksPurple—author, AppSec expert, and champion of making security usable. Together, they dig into why so many application security policies fail, why developers ignore them, and how to make them actually work. Tanya shares real-world experiences from both dev and security perspectives, plus her journey from being ignored to lobbying governments for change.From communication failures and TL;DR policy pages to leveraging wikis and code reuse, this episode is a practical masterclass in creating impactful, developer-friendly security standards.

We're on the road to RSAC 2025 — or maybe on a quantum-powered highway — and this time, Sean and I had the pleasure of chatting with someone who's not just riding the future wave, but actually building it.Marc Manzano, General Manager of the Cybersecurity Group at SandboxAQ, joined us for this Brand Story conversation ahead of the big conference in San Francisco. For those who haven't heard of SandboxAQ yet, here's a quick headline: they're a spin-out from Google, operating at the intersection of AI and quantum technologies. Yes — that intersection.But let's keep our feet on the ground for a second, because this story isn't just about tech that sounds cool. It's about solving the very real, very painful problems that security teams face every day.Marc laid out their mission clearly: Active Guard, their flagship platform, is built to simplify and modernize two massive pain points in enterprise security — cryptographic asset management and non-human identity management. Think: rotating certificates without manual effort. Managing secrets and keys across cloud-native infrastructure. Automating compliance reporting for quantum-readiness. No fluff — just value, right out of the box.And it's not just about plugging a new tool into your already overloaded stack. What impressed us is how SandboxAQ sees themselves as the unifying layer — enhancing interoperability across existing systems, extracting more intelligence from the tools you already use, and giving teams a unified view through a single pane of glass.And yes, we also touched on AI SecOps — because as AI becomes a standard part of infrastructure, so must security for it. Active Guard is already poised to give security teams visibility and control over this evolving layer.Want to see it in action? Booth 6578, North Expo Hall. Swag will be there. Demos will be live. Conversations will be real.We'll be there too — recording a deeper Brand Story episode On Location during the event.Until then, enjoy this preview — and get ready to meet the future of cybersecurity.⸻Keywords:sandboxaq, active guard, rsa conference 2025, quantum cybersecurity, ai secops, cryptographic asset management, non-human identity, cybersecurity automation, security compliance, rsa 2025, cybersecurity innovation, certificate lifecycle management, secrets management, security operations, quantum readiness, rsa sandbox, cybersecurity saas, devsecops, interoperability, digital transformation______________________Guest: Marc Manzano,, General Manager of the Cybersecurity Group at SandboxAQMarc Manzano on LinkedIn

⬥GUEST⬥Izar Tarandach, Sr. Principal Security Architect for a large media company | On LinkedIn: https://www.linkedin.com/in/izartarandach/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥In this episode of Redefining CyberSecurity, host Sean Martin sits down with Izar Tarandach, Senior Principal Security Architect at a major entertainment company, to unpack a concept gaining traction across some developer circles: vibe coding.Vibe coding, as discussed by Izar and Sean, isn't just about AI-assisted development—it's about coding based on a feeling or a flow, often driven by prompts to large language models (LLMs). It's being explored in organizations from startups to large tech companies, where the appeal lies in speed and ease: describe what you want, and the machine generates the code. But this emerging approach is raising significant concerns, particularly in security circles.Izar, who co-hosts the Security Table podcast with Matt Coles and Chris Romeo, calls attention to the deeper implications of vibe coding. At the heart of his concern is the risk of ignoring past lessons. Generating code through AI may feel like progress, but without understanding what's being written or how it fits into the broader architecture, teams risk reintroducing old vulnerabilities—at scale.One major issue: the assumption that code generated by AI is inherently good or secure. Izar challenges that notion, reminding listeners that today's coding models function like junior developers—they may produce working code, but they're also prone to mistakes, hallucinations, and a lack of contextual understanding. Worse yet, organizations may begin to skip traditional checks like code reviews and secure development lifecycles, assuming the machine already got it right.Sean highlights a potential opportunity—if used wisely, vibe coding could allow developers to focus more on outcomes and user needs, rather than syntax and structure. But even he acknowledges that, without collaboration and proper feedback loops, it's more of a one-way zone than a true jam session between human and machine.Together, Sean and Izar explore whether security leaders are aware of vibe-coded systems running in their environments—and how they should respond. Their advice: assume you already have vibe-coded components in play, treat that code with the same scrutiny as anything else, and don't trust blindly. Review it, test it, threat model it, and hold it to the same standards.Tune in to hear how this new style of development is reshaping conversations about security, responsibility, and collaboration in software engineering.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring LinkedIn Post — https://www.linkedin.com/posts/izartarandach_sigh-vibecoding-when-will-we-be-able-activity-7308105048926879744-fNMSSecurity Table Podcast: Vibe Coding: What Could Possibly Go Wrong? — https://securitytable.buzzsprout.com/2094080/episodes/16861651-vibe-coding-what-could-possibly-go-wrongWebinar: Secure Coding = Developer Power, An ITSPmagazine Webinar with Manicode Security — https://www.crowdcast.io/c/secure-coding-equals-developer-power-how-to-convince-your-boss-to-invest-in-you-an-itspmagazine-webinar-with-manicode-security-ad147fba034a⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: