POPULARITY
Categories
Bill Staples has spent 30 years redefining how the world writes, ships, and secures code.On this week's Grit, the GitLab CEO shares what it takes to lead a public, all-remote DevSecOps company trusted by more than half of the Fortune 100. He breaks down the discipline of managing energy instead of hours, why weekly operating cadences beat quarterly plans, and how AI will 10× software engineers by auto-debugging code and closing security gaps.Guest: Bill Staples, CEO of GitLabChapters:00:00 Trailer00:42 Introduction02:34 True joy in life08:16 Winning teams13:53 When the energy isn't there18:00 Super ambitious21:01 It's not just technology29:27 Elevating quality and standard41:36 Lifelong collaborator51:22 Competent intelligence54:22 Structuring goals and time1:03:59 Who GitLab is hiring1:04:17 What “grit” means to Bill1:04:54 OutroLinks:Connect with BillLinkedInConnect with JoubinXLinkedInEmail: grit@kleinerperkins.comLearn more about Kleiner Perkins
[AAA] In 'Access All Areas' shows we go behind the scenes with the crew and their friends as they dive into complex challenges that organizations face—sometimes getting a little messy along the way.This week, we address the ‘big rocks' that can obstruct or delay successful outcomes in organizational transformations. Dave, Esmee, and Rob are joined by Jasmin Booth, Head of Product Delivery to discuss the transformation to being a (digital) product based organization.TLDR05:22 Access All Areas: This third episode focuses on the products we build that drive outcomes.06:52 Conversation with Jasmin about our digital products37:06 What makes it better to be in a product centric organization? 54:00 Conclusion of the seven Big Rocks and how to smash them59:00 Going on the Blue Bell railway HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/with Jasmin Booth: https://www.linkedin.com/in/jasminbooth15/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett: https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini
Mais do que um arquiteto de soluções, Osvaldo Alves (https://www.linkedin.com/in/osvaldofa/) é um líder que conecta pessoas, estratégia e tecnologia para entregar valor real. Com mais de 20 anos de experiência, ele já atuou em grandes projetos nos setores bancário, de telecomunicações, transportes, mineração e até mesmo com tecnologias militares. À frente de iniciativas como arquiteturas corporativas, transformação digital e estratégias de APIs, ele mostra neste episódio como a tecnologia — bem aplicada — é uma alavanca poderosa para transformar negócios. E por que, no fim das contas, saber Kubernetes e infraestrutura é só o começo.
Interpol's Operation Secure dismantles a major cybercrime network, and Singapore takes down scam centers. GitLab patches multiple vulnerabilities in its DevSecOps platform. Researchers unveil a covert method for exfiltrating data using smartwatches. EchoLeak allows for data exfiltration from Microsoft Copilot. Journalists are confirmed targets of Paragon's Graphite spyware. France calls for comments on tracking pixels. Fog ransomware operators deploy an unusual mix of tools. Skeleton Spider targets recruiters by posing as job seekers on LinkedIn and Indeed. Erie Insurance suffers ongoing outages following a cyberattack. Our N2K Lead Analyst Ethan Cook shares insights on Trump's antitrust policies. DNS neglect leads to AI subdomain exploits. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we share a selection from today's Caveat podcast where Dave Bittner and Ben Yelin are joined by N2K's Lead Analyst, Ethan Cook, to take a Policy Deep Dive into “The art of the breakup: Trump's antitrust surge.” You can listen to the full episode here and find new episodes of Caveat in your favorite podcast app each Thursday. Selected Reading Interpol takes down 20,000 malicious IPs and domains (Cybernews) Singapore leads multinational operation to shutter scam centers tied to $225 million in thefts (The Record) GitLab patches high severity account takeover, missing auth issues (Bleeping Computer) SmartAttack uses smartwatches to steal data from air-gapped systems (Bleeping Computer) Critical vulnerability in Microsoft 365 Copilot AI called EchoLeak enabled data exfiltration (Beyond Machines) Researchers confirm two journalists were hacked with Paragon spyware (TechCrunch) Tracking pixels: CNIL launches public consultation on its draft recommendation (CNIL) Fog ransomware attack uses unusual mix of legitimate and open-source tools (Bleeping Computer) FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters (The Record) Erie Insurance confirms cyberattack behind business disruptions (Bleeping Computer) Why Was Nvidia Hosting Blogs About 'Brazilian Facesitting Fart Games'? (404 Media) Secure your public DNS presence from subdomain takeovers and dangling DNS exploits (Silent Push) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Every organization is built on people, structures, and culture. But culture isn't static—it evolves with every interaction, ambition, and shift in circumstance. As IT drives business transformation, new technologies reshape how people connect and collaborate. In this ever-changing landscape, a strong, adaptive culture is the key to lasting success. This week, Dave, Esmee and Rob talk to Jitske Kramer, Corporate Anthropologist about what technology is doing to cultures and human systems and how AI can mess with the narrative. TLDR00:50 Introduction of Jitske Kramer and her book Navigating Tricky Times02:05 Rob shares his confusion about saying “thank you” to AI07:25 In-depth conversation with Jitske Kramer11:30 Visual communication via tattoos even at AWS re:Invent25:00 Corporate framing and what's going on within organizations today46:22 Exploring the contrast between the natural pace of human transformation and the rapid acceleration of technology54:14 Editing the documentary Patterns of Life55:56 Esmee's 2x Outro speed surprises everyone!Guest:Jitske Kramer: https://www.linkedin.com/in/jitskekramer/https://jitskekramer.substack.com/Tricky Times event: https://tricky-times.com/events/navigating-tricky-times-leading-through-the-messy-middle-of-change/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/ SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett: https://www.linkedin.com/in/louis-corbett-087250264/ 'Cloud Realities' is an original podcast from Capgemini
Segurança em aplicações não é coisa de outro mundo. Neste episódio do Kubicast, recebemos André Esteves e Matheus Farias, duas feras do iFood que vivem o dia a dia da Application Security (AppSec) na veia! Com muito bom humor e bastante casca de produção, eles compartilham a rotina, os desafios e os aprendizados de quem realmente coloca a mão na massa para proteger sistemas em larga escala.A conversa vai de OWASP Top 10 à política de travamento de PRs, passando por burp suite, cultura dev, roles de segurança, hardening de imagens base com zero CVEs e o papel crucial dos soft skills para quem quer entrar na área. Se você acha que segurança é só sobre hacker de hoodie e terminal verde piscando, esse papo vai te mostrar a real!Links Importantes:- Andre Esteves - https://www.linkedin.com/in/andreestevespaiva/- Matheus Farias - https://www.linkedin.com/in/eu-matheus-farias-devsecops/- João Brito - https://www.linkedin.com/in/juniorjbn- Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflMParticipe de nosso programa de acesso antecipado e tenha um ambiente mais seguro em instantes!https://getup.io/zerocveO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.
Technology and software development can take years to field capabilities that may no longer meet mission needs once they reach the finish line. Some department compliance practices can add 12-18 months for authorization. At the AWS Summit in Washington, D.C., Marine Corps Community Services Digital Program Manager David Raley said that his office is accelerating the development and approval processes for mission capability. Raley highlighted solutions like AWS GovCloud and a certified DevSecOps platform that help reduce authorization times from a year to 15 minutes. Raley also talked about the ways DOD is advancing zero trust implementation and security in cloud-native environments.
Send us a textIn this episode of Relating to DevSecOps, Ken and Mike discuss the challenges faced by CISOs in today's security landscape, particularly the struggle to balance immediate security needs with long-term preventative strategies. They explore the disconnect between security leadership and practitioners, the urgency of addressing security issues, and the importance of understanding the root causes of vulnerabilities. The conversation emphasizes the need for CISOs to engage more deeply with their teams and to focus on effective, context-driven security solutions rather than simply reacting to the latest threats.
DevSecOps: الأمان ماشي اختيار، راه ضرورة، خاصة في الخدمات العمومية اللي كتخدم الملايين ديال المغاربة.
Julián Duque from Heroku joins me to explain and demo their new AI platform.Check out the video podcast version here https://youtu.be/BGqlLZHdRDsCreators & Guests Cristi Cotovan - Editor Bret Fisher - Host Beth Fisher - Producer Julián Duque - Guest You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com (00:00) - Introduction (05:12) - Deep Dive into Heroku's AI Capabilities (14:23) - Heroku MCP server (28:27) - Describing MCP Tool Interactions (30:48) - DevOps Automation with Heroku MCP server (37:02) - Heroku AI and Future Prospects
Discover how emotional intelligence is revolutionizing cybersecurity leadership in this episode of AWS Executive Insights, featuring Hart Rossman, VP of Global Services Security. Beyond technical expertise, security leaders must cultivate empathy, emotional regulation, and interpersonal skills within their workforce in order to avoid burnout, reduce human errors, and realize greater productivity. Learn how AWS is transforming traditional DevSecOps team management by integrating emotional intelligence training with incident response capabilities, leading to faster resolution times and more resilient security operations. Rossman also discusses how empathy and psychological safety are becoming critical differentiators in building high-performance security teams. This conversation is essential for any leaders looking to elevate their teams' effectiveness through enhanced emotional intelligence and cultural transformation. Watch now to uncover the critical connection between EQ and security excellence.
The telecom industry is undergoing a fundamental transformation. This shift is creating new business opportunities and services but also brings significant challenges in transformation and modernization. In a new five-part mini-series, Reimagining Telecoms, we will explore these challenges through five distinct lenses: Growth, Networks, Simplification, Data & AI, and Regulation, uncovering lessons and insights relevant to telecom organizations and beyond. This week, in the final episode of the mini-series, Dave, Esmee, and Rob talk to Nik Willetts, CEO of TM Forum, to discuss growth—the telco industry's biggest challenge—and how it intersects with Hyperscalers, innovation, and shaping the industry's future. TLDR01:05 Introduction of Nik and an update on the mini-series03:41 Main conversation with Nik Willetts29:10 Navigating the balance between collaboration and competition34:57 Looking ahead to DTW Ignite, the Dolomites, and Brunello wine, served by sommelier Rob GuestNik Willetts: https://www.linkedin.com/in/nikwilletts/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/with Praveen Shankar: https://www.linkedin.com/in/praveen-shankar-capgemini/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett: https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini
Firefly is a cloud infrastructure automation platform that helps cloud teams, DevOps, SRE, platform engineering, DevSecOps, and other groups manage their entire cloud as code. Firefly helps to manage cloud complexity and produce consistent and efficient cloud platforms with code. To help Firefly better understand their customers and industry trends around Infrastructure as Code (IaC),... Read more »
Firefly is a cloud infrastructure automation platform that helps cloud teams, DevOps, SRE, platform engineering, DevSecOps, and other groups manage their entire cloud as code. Firefly helps to manage cloud complexity and produce consistent and efficient cloud platforms with code. To help Firefly better understand their customers and industry trends around Infrastructure as Code (IaC),... Read more »
Launching our new Podcast: https://agenticdevops.fmBret and Nirmal are at KubeCon London and record their ideas about how AI Agents will change DevOps, platform engineering, SRE, automation, troubleshooting, and more.Creators & Guests Cristi Cotovan - Editor Bret Fisher - Host Beth Fisher - Producer Nirmal Mehta - Host You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com
Warfighters in the Department of Defense (DoD) operate in high-stakes environments where security, efficiency, and speed are critical. In such environments DevSecOps has become crucial in the drive toward modernization and overall mission success. A recent study led by researchers at the Carnegie Mellon University Software Engineering Institute (SEI) examined the state of DevSecOps within the Department of Defense. In this podcast, Eileen Wrubel, the SEI's Transforming Software Acquisition Policy and Practice technical director, sits down with George Lamb, director for DoD Cloud and Software Modernization in the Information Enterprise Office of the DoD CIO, which is responsible for the DoD Software Modernization Strategy and its associated implementation plan, and Bill Nichols, lead of the SEI's Software Engineering Measurement and Analysis work. They discuss DevSecOps successes in the DoD and opportunities for scaling its impact.
Firefly is a cloud infrastructure automation platform that helps cloud teams, DevOps, SRE, platform engineering, DevSecOps, and other groups manage their entire cloud as code. Firefly helps to manage cloud complexity and produce consistent and efficient cloud platforms with code. To help Firefly better understand their customers and industry trends around Infrastructure as Code (IaC),... Read more »
Get featured on the show by leaving us a Voice Mail: https://bit.ly/MIPVM
During the upcoming OWASP Global AppSec EU in Barcelona, Spyros Gasteratos, long-time OWASP contributor and co-founder of Smithy, to explore how automation, collaboration, and community resources are shaping the future of application security. Spyros shares the foundation of his talk at OWASP AppSec Global: building a DevSecOps program from scratch using existing community tools—blending technical guidance with a celebration of open-source achievements.Spyros emphasizes that true progress in security stems not from an ever-growing stack of tools, but from aligning the humans behind them. According to him, security failures often stem from fragmented information and misaligned incentives across teams. His solution? Bring the teams together with a shared, streamlined flow of information and automate wherever possible to reduce wasted cycles and miscommunication.At the core of Spyros' philosophy is the need to turn AppSec from a blocker into a builder. Rather than overwhelming developers with endless bug reports, or security leaders with red dashboards, programs need to reflect the actual risk appetite of the business—prioritizing issues dynamically based on impact, timing, and operational goals. He challenges the one-size-fits-all approach, advocating instead for tagging systems that defer certain risks and encode organizational priorities in automation logic.A major part of that transformation lies in Smithy, the platform he's helping build. It's designed to be “Zapier for security”—an automation engine rooted in open-source standards that allows for custom workflows without creating a tangle of fragile scripts. The idea is to let teams focus on what's unique to them, while relying on battle-tested components for the rest.Looking ahead, Spyros doesn't buy into the doom-and-gloom narrative about AI limiting developer creativity. On the contrary, he argues that AI-enabled coding frees up cognitive space for better architecture and secure design thinking. In his view, creativity doesn't die—it just shifts from syntax to strategy.This episode is more than a discussion—it's a blueprint for how teams can rally around a common goal, and how OWASP's community can be the catalyst. Tune in to hear how open-source, automation, and human alignment are redefining AppSec from the ground up.GUEST: Spyros Gasteratos | OpenCRE co-lead and Founder of smithy.security | https://www.linkedin.com/in/spyr/HOST: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.comSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESSpyros' Session: A completely pluggable DevSecOps programme, for free, using community resources (https://owasp2025globalappseceu.sched.com/event/1whCB/a-completely-pluggable-devsecops-programme-for-free-using-community-resources)Learn more and catch more stories from OWASP Global AppSec EU 2025 Conference coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
Traditional businesses are transforming to enhance consumer engagement and operational efficiency by integrating advanced technologies, helping them stay competitive in the digital age; how can technology best support this transformation?This week, Dave, Esmee and Rob talk to Sandeep Seeripat, CIO at Twinings about how the 300-year-old tea company is undergoing a business transformation. They explore strategies to enhance consumer engagement and operational efficiency, and how Twinings is repositioning itself in the digital world.TLDR00:40 Introduction of Sandeep Seeripat04:03 Rob is confused about by the AI's overly sycophantic behavior07:20 Conversation with Sandeep about three Centuries of Innovation at Twinings43:18 What if brands created with the sensitivity of an artist?53:25 Capture that perfect picture in South AfricaGuestSandeep Seeripat: https://www.linkedin.com/in/sandeepseeripat/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett: https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini
Deploying cloud-centric technologies such as Kubernetes in edge environments poses challenges, especially for mission-critical defense systems. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Patrick Earl, Doug Reynolds, and Jeffrey Hamed, all DevOps engineers in the SEI's Software Solutions Division, sit down with senior reesearcher Jose Morales to discuss a recent case study involving the deployment of a hypervisor onto edge devices in a resource-constrained environment.
At KubeCon EU 2025 in London, Nirmal and I discussed the important (and not-so-important) things you might have missed. There's also a video version of this show on YouTube.Creators & Guests Cristi Cotovan - Editor Beth Fisher - Producer Bret Fisher - Host Nirmal Mehta - Host (00:00) - DDT Audio Podcast Edited (00:04) - Intro (01:24) - KubeCon 2025 EU Overview (03:24) - Platform Engineering and AI Trends (07:03) - AI and Machine Learning in Kubernetes (15:38) - Project Pavilions at KubeCon (17:05) - FinOps and Cost Optimization (20:39) - HAProxy and AI Gateways (24:00) - Proxy Intelligence and Network Layer Optimization (26:52) - Developer Experience and Organizational Challenges (29:23) - Platform Engineering and Cognitive Load (35:54) - End of Life for CNCF Projects You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com
[AAA] In 'Access All Areas' shows we go behind the scenes with the crew and their friends as they dive into complex challenges that organisations face—sometimes getting a little messy along the way. This week, in what may or may not be our 100th episode, Dave, Esmee and Rob talk to James Wilson, AI Ethicist and Lead Gen AI Architect and Philip Harker, Advisory Lead, Insights and Data at Capgemini UK, about exploring the deep importance of ethics as we move forward into the intelligence age. TLDR00:42 Is this really our 100th episode or not?04:38 What is a team AAA episode and welcoming James and Philip06:12 Rob sets the stage, why AI Ethics matters09:42 In-depth chat with James and Philip59:11 Exploring AI and quantum as innovation boosters1:06:00 A quiet weekend and Safe AI for KidsGuestsJames Wilson: https://www.linkedin.com/in/james-wilson-1938a1/Philip Harker: https://www.linkedin.com/in/philip-harker-243300/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett: https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini
No episódio 169 do Kubicast, batemos um papo com Rafael Ferreira sobre um tema fundamental, mas muitas vezes negligenciado: a arte de conversar. Sim, a gente conversou sobre conversar! De forma descontraída e bem-humorada, destrinchamos como a comunicação impacta nossas carreiras, nosso networking e até o modo como nos vestimos em eventos tech.Falamos sobre gifs em palestras, sobre a "cara de pau" que ajuda a romper bolhas, e sobre como não adianta ser o melhor se ninguém souber disso. O Rafael compartilhou aprendizados de eventos, bastidores do Low Ops e sua jornada até virar MVP da Microsoft. Spoiler: ele usou o podcast como estratégia de networking. E funcionou.Participe do nosso programa de acesso antecipado de Imagens Zero CVE: getup.io/zerocveO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.
We are happy to have Kayra Otaner as a special guest on the Absolute AppSec podcast. Kayra (kayraotaner on LinkedIn and X/twitter), the current Director of DevSecOps at Roche, brings over 15 years of cybersecurity leadership experience from New York and Wall Street. He's led DevSecOps and DevOps teams across a variety of organizations, including ADP, Voice, and adMarketplace, and has served as a trusted CTO advisor for Trendyol. His background also includes cybersecurity consulting for the Turkish Navy, where he helped develop a defense solution that was later deployed in NATO's Locked Shields cyber defense war games in Tallinn. Kayra is a frequent speaker at international DevSecOps conferences and serves on the Business and Computer Science Advisory Board at Middlesex County College in New Jersey. During this episode of the podcast Kayra discusses his journey into information security and spurs on his recent thoughts on authenticating open source developers through models similar to TSA PreCheck.
On this episode of The Defense Unicorns Podcast, host Rebecca Lively sits down with Brandt Keller, software engineer and CNCF ambassador, to explore what happens when a former Marine brings his frontline mindset to DevSecOps. Brandt's story is one of relentless problem-solving, especially in disconnected, air-gapped environments where “cloud-native” has to mean something entirely different.Brandt unpacks how open source can be both a lifeline and a liability in government systems, and why just consuming it isn't enough—real security means showing up, contributing, and understanding what's under the hood. He shares his perspective on trust, transparency, and why the U.S. government's lack of contribution to critical tools like Kubernetes might be the real risk. The conversation also explores the cultural shift required to embrace open ecosystems in highly regulated spaces.From debates over supply chain security and SBOMs to the practical challenges of deploying software in classified settings, this episode offers a grounded, behind-the-scenes look at what it takes to build tools that truly work at the tactical edge. Key Quote:“ When you try to take something that is not airgap friendly and make it airgap friendly, you quickly find out that you made a lot of assumptions about how this thing would be used and where, and kind of the underlying infrastructure and when you try to work back for them that it's, it, it's difficult. It's not something you can't overcome. It's not insurmountable, but it is difficult. But you also find out that there's just a lot of areas for. Resiliency that you didn't also plan for, that applied to connected environments. And so this is where I've kind of been diving into this more and more lately to try and to describe, and build some knowledge to around why this is important for kind of building any application today. It may be a little niche to go to the extreme of air gap, but I believe like there's still some of these underlying cloud native fundamentals that is like, if you start with the ability for knowing how your architecture adapts to varying levels of connectivity, then you're probably building a stronger, more resilient system overall.”Brandt KellerTime Stamps:(03:19) The Defense Sector and Career Path(06:15) Becoming a Cloud Native Computing Foundation Ambassador(09:48) Open Source Contributions and the Challenges(14:14) Government and the lack of Open Source(32:53) Kubernetes and Foreign Contributions(37:24) The Importance of Air Gap in Cloud Native Tools(53:16) Lightning Round Links:Connect with Brandt KellerConnect with Rebecca LivelyLearn More About Defense Unicorns
GRC (Governance, Risk, and Compliance) and DevSecOps (Development, Security, and Operations) are complementary frameworks that aim to ensure secure and compliant software development. Our guest today is Brandon Karpf, friend of the show, founder of T-Minus Space Daily, and cybersecurity expert. Brandon explains why integrated GRC and DevSecOps are non-negotiables for space startups. Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. T-Minus Crew Survey We want to hear from you! Please complete our 4 question survey. It'll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
At OWASP AppSec Global in Barcelona, the focus is clear: building secure software with and for the community. But it's not just about code or compliance. As Avi Douglen, OWASP Foundation board member, describes it, this gathering is a “hot tub” experience in contrast to the overwhelming scale of mega conferences. It's warm, immersive, and welcoming—designed for people who want to contribute, connect, and create.OWASP is more than just another security organization. It's a community-driven foundation that enables builders, breakers, defenders, and leaders to come together in pursuit of secure product development. This year's conference reflects that same inclusive energy. Whether you're a software engineer, architect, DevOps professional, security champion, or product manager, the sessions and networking spaces are built to meet you where you are—and help you grow.Beyond the BuzzwordsUnsurprisingly, AI will have a strong presence this year. But the conversations aren't limited to hype. Two flagship OWASP projects now focus on AI and LLMs—one on securing applications that use AI, the other on building secure AI systems themselves. Talks will unpack familiar problems in new contexts, like prompt injection mirroring the dynamics of older injection vulnerabilities. In other words: the technology shifts, but the core principles remain relevant.Diverse Tracks, Real ConversationsAttendees can engage across five curated tracks: builders, breakers, defenders, managers & culture, and project showcases. Topics range from threat modeling and DevSecOps to scaling security programs and fostering team culture. A dedicated training program, including hands-on sessions in secure coding and security champions, ensures practical takeaways—not just theory.Plus, the event embraces connection. A newcomer orientation, Women in AppSec gathering, hallway chats, evening socials, and even speed mentoring sessions all contribute to a vibrant, accessible experience where everyone—from seasoned leaders to curious newcomers—can find their place.A Truly Global CommunityWith participants flying in from all corners of the world, OWASP AppSec Global lives up to its name. The conversations, relationships, and tools that emerge from this event ripple far beyond Barcelona. If you build, secure, or manage software, this is one conference where showing up matters—not just for what you'll learn, but for who you'll meet.__________________________________Guest: Avi Douglen | Global Board of Directors at OWASP Foundation & Founder and CEO at Bounce Securityhttps://www.linkedin.com/in/avidouglen/Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsManicode Security: https://itspm.ag/manicode-security-7q8i____________________________ResourcesLearn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spain____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
Understanding the true environmental cost of digital innovation is crucial for governments aiming to embed sustainability into their digital delivery processes. Governments are embedding sustainability into the heart of digital delivery. Can governments ensure that their digital advancements contribute positively to the environment while maintaining efficiency and effectiveness in their services?This week, Dave, Esmee, and Rob talk to Liam Walsh, Chief Architect, and Paul Mukherjee, CTO at the UK Department for Environment, Food and Rural Affairs (Defra), to explore how the UK government is embedding sustainability into the heart of digital delivery—and holding tech suppliers accountable.TLDR00:32 Introduction of Liam Walsh and Paul Mukherjee01:47 Rob is not confused but Marcel has frustrations with the slow pace of AI implementation05:50 Discussion with Liam and Paul on integrating sustainability within government operations31:17 The significance of Fusion Teams36:18 Attending a gig and reading AI books in front of the caravanGuestsLiam Walsh: https://www.linkedin.com/in/liamjameswalsh/Paul Mukherjee: https://www.linkedin.com/in/paulmukherjee/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett: https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini
Guest: Diana Kelley, CSO at Protect AI Topics: Can you explain the concept of "MLSecOps" as an analogy with DevSecOps, with 'Dev' replaced by 'ML'? This has nothing to do with SecOps, right? What are the most critical steps a CISO should prioritize when implementing MLSecOps within their organization? What gets better when you do it? How do we adapt traditional security testing, like vulnerability scanning, SAST, and DAST, to effectively assess the security of machine learning models? Can we? In the context of AI supply chain security, what is the essential role of third-party assessments, particularly regarding data provenance? How can organizations balance the need for security logging in AI systems with the imperative to protect privacy and sensitive data? Do we need to decouple security from safety or privacy? What are the primary security risks associated with overprivileged AI agents, and how can organizations mitigate these risks? Top differences between LLM/chatbot AI security vs AI agent security? Resources: “Airline held liable for its chatbot giving passenger bad advice - what this means for travellers” “ChatGPT Spit Out Sensitive Data When Told to Repeat ‘Poem' Forever” Secure by Design for AI by Protect AI “Securing AI Supply Chain: Like Software, Only Not” OWASP Top 10 for Large Language Model Applications OWASP Top 10 for AI Agents (draft) MITRE ATLAS “Demystifying AI Security: New Paper on Real-World SAIF Applications” (and paper) LinkedIn Course: Security Risks in AI and ML: Categorizing Attacks and Failure Modes
At Knowledge 2025, the spotlight is on big announcements and bold innovations—but we're taking you behind the scene!. In this two-part special, we dive into the engine driving ServiceNow's evolution, with exclusive conversations you won't hear on the main stage.In Part 2, Dave, Esmee, and Rob speak with Amanda Joslin, Senior Director of Platform and AI Innovation Product Management at ServiceNow, about the latest announcements from Knowledge 2025. They discuss how AI is being embedded directly into workflows and customer experiences through proactive, intelligent automation. TLDR02:09 Introduction of Amanda Joslin and Knowledge 202502:48 Rob is confused about seating at large conferences09:45 Conversation with Amanda Joslin on the main announcements at Knowledge 2025 and the ServiceNow platform52:20 Kill the Backlog and moving toward a zero-backlog operating model57:32 Jamaica, sunshine, and the sea GuestAmanda Joslin: https://www.linkedin.com/in/amandajoslin/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett: https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini
At Knowledge 2025, the spotlight is on big announcements and bold innovations—but we're taking you behind the scene!. In this two-part special, we dive into the engine driving ServiceNow's evolution, with exclusive conversations you won't hear on the main stage.In Part 1, Dave, Esmee, and Rob sit down with Karel van der Poel, SVP of Products at ServiceNow, to reflect on a decade of growth. They explore what it really takes to drive meaningful innovation—not just scattered ideas, but a clear vision, the ability to scale, and a focus on lasting impact.TLDR00:54 Welcome to Knowledge 2025: Inside ServiceNow's flagship conference05:30 Rob is confused about the tension between Big Tech, Big Government, and Innovation 12:22 Conversation with Karel van der Poel, scaling innovation at ServiceNow 51:30 Designing trust and what it takes to build AI agents people rely on 59:40 From platforms to the open seaGuestKarel van der Poel: https://www.linkedin.com/company/andersindset/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett: https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini
Kubernetes revolutionized the way software is built, deployed, and managed, offering engineers unprecedented agility and portability. But as Edera co-founder and CEO Emily Long shares, the speed and flexibility of containerization came with overlooked tradeoffs—especially in security. What started as a developer-driven movement to accelerate software delivery has now left security and infrastructure teams scrambling to contain risks that were never part of Kubernetes' original design.Emily outlines a critical flaw: Kubernetes wasn't built for multi-tenancy. As a result, shared kernels across workloads—whether across customers or internal environments—introduce lateral movement risks. In her words, “A container isn't real—it's just a set of processes.” And when containers share a kernel, a single exploit can become a system-wide threat.Edera addresses this gap by rethinking how containers are run—not rebuilt. Drawing from hypervisor tech like Xen and modernizing it with memory-safe Rust, Edera creates isolated “zones” for containers that enforce true separation without the overhead and complexity of traditional virtual machines. This isolation doesn't disrupt developer workflows, integrates easily at the infrastructure layer, and doesn't require retraining or restructuring CI/CD pipelines. It's secure by design, without compromising performance or portability.The impact is significant. Infrastructure teams gain the ability to enforce security policies without sacrificing cost efficiency. Developers keep their flow. And security professionals get something rare in today's ecosystem: true prevention. Instead of chasing billions of alerts and layering multiple observability tools in hopes of finding the needle in the haystack, teams using Edera can reduce the noise and gain context that actually matters.Emily also touches on the future—including the role of AI and “vibe coding,” and why true infrastructure-level security is essential as code generation becomes more automated and complex. With GPU security on their radar and a hardware-agnostic architecture, Edera is preparing not just for today's container sprawl, but tomorrow's AI-powered compute environments.This is more than a product pitch—it's a reframing of how we define and implement security at the container level. The full conversation reveals what's possible when performance, portability, and protection are no longer at odds.Learn more about Edera: https://itspm.ag/edera-434868Note: This story contains promotional content. Learn more.Guest: Emily Long, Founder and CEO, Edera | https://www.linkedin.com/in/emily-long-7a194b4/ResourcesLearn more and catch more stories from Edera: https://www.itspmagazine.com/directory/ederaLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, emily long, containers, kubernetes, hypervisor, multi-tenancy, devsecops, infrastructure, virtualization, cybersecurity, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
Does Open-Source AI Create a False Sense of Security?Listen to Suryaprakash Nalluri, an accomplished application security leader, discuss the shifting landscape of application security, challenges with open-source software, and the critical role of DevSecOps in modern development. + + +Find more episodes on YouTube or wherever you listen to podcasts, as well as at netspi.com/agentofinfluence.
On this episode of The Defense Unicorns Podcast, host Rebecca Lively chats with Case Wylie, Software Engineering Lead, about building security-minded software that keeps up with developer velocity. From his early days at Red Hat to architecting open-source tools at Defense Unicorns, Case shares how Pepr—a TypeScript-based operator framework—is redefining how Kubernetes clusters are secured and managed in airgapped environments. It's not just about enforcing policy; it's about enabling developers to move faster, safer, and smarter.Through real-world metaphors (ever been to a nightclub with strict bouncers?), Case breaks down the roles of admission controllers, operator frameworks, and how Pepr works seamlessly with GitOps without adding friction. He explains why Pepr isn't just a tool, but part of a broader movement to standardize security postures, reduce configuration drift, and empower app teams to focus on delivering real value. With a human-first API and open-source DNA, Pepr is built to be accessible to all, not just Kubernetes power users.If you're curious about what it takes to scale secure software in complex, mission-critical environments—or just want a fresh, practical take on DevSecOps—this episode delivers. Case also shares his philosophy on open-source collaboration and what it means to build tools that truly stand the test of scale and scrutiny.Key Quote:“Pepr will always be open source and the reason why it's open source is because frankly, open source software, when your software is open source, you expose the application or the software or the platform, whatever it is to exponentially more eyes and more eyes over time and then more people start adopting it and using it and saying like, ‘Hey, you know what? I do have this simple thing I always have to do in my cluster. Maybe I try Pepr for that.' Right? And then they do it with a simple task, and then they say, ‘Hey, you know what? It would be great if Pepr could do this thing. And they put in a feature request. Then we develop that feature request, or they develop it, and they submit a PR to Pepr. And now Pepr as a whole is better because now you're using it. I'm using it. They're using it. The more people that use it, the better.”Case WylieTime Stamps:(02:44) Introduction to UDS and Pepr(05:59) The Importance of Air-Gapped Environments(11:40) Understanding Kubernetes Admission Control(16:05) Comparing Pepr with Other Tools(22:00) Why Pepr Uses TypeScript(34:03) The Benefits of Open Source for Pepr(43:31) Lightning RoundLinks:Connect with Casey WylieConnect with Rebecca LivelyLearn More About Defense Unicorns
In this closing update for the day from the RSAC conference show floor, Sean Martin and Marco Ciappelli reflect on the energy, conversations, and technology shaping cybersecurity today—and what's coming next. With dozens of interviews under their belts, the duo shares what's standing out across sessions and show-floor discussions.Resilience has become a key destination, with innovation—especially around AI and quantum technologies—paving the way forward. Conversations touch on how security leaders are adjusting to new threat models, merging traditional disciplines like AppSec and DevSecOps with emerging areas such as vibe coding and container security. There's a clear sense that the dialogue has shifted: zero trust isn't just a topic; it's embedded across many conversations. AI is no longer speculative—it's embedded in discussions about GRC, automation, and security architecture.Sean brings a technical and operational lens, while Marco plans to explore the societal implications in future conversations—something noticeably less discussed this year, but still deeply relevant. With more content being edited and released over the next few days, the team invites listeners to stay tuned for articles, panels, and post-conference reflections.From San Francisco to London, Vegas, and maybe even Australia—this conversation is just getting started.___________Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974Akamai: https://itspm.ag/akamailbwcBlackCloak: https://itspm.ag/itspbcwebSandboxAQ: https://itspm.ag/sandboxaq-j2enArcher: https://itspm.ag/rsaarchwebDropzone AI: https://itspm.ag/dropzoneai-641ISACA: https://itspm.ag/isaca-96808ObjectFirst: https://itspm.ag/object-first-2gjlEdera: https://itspm.ag/edera-434868___________ResourcesLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage___________KEYWORDSsean martin, marco ciappelli, rsac 2025, quantum, ai, grc, devsecops, zero trust, appsec, resilience, event coverage, on location, conference___________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
TechnoVision 2025 by Capgemini helps business leaders and technologists understand and prioritize emerging technologies. It provides a clear view of tech trends, guiding decision-makers to enhance organizational effectiveness. TechnoVision acts as a beacon in the evolving technology landscape.In this very special episode, Dave, Esmee, and Rob talk in detail with the Capgemini Data-Powered Innovation Jam podcast team, featuring Ron Tolido, CTO and CIO Insight & Data Global; Weiwei Feng, Global Tech Lead AI & Generative AI; and Robert Engels, Head Global AI Lab. They explore the seven containers in TechnoVision 2025, which organizes current trends into distinct areas that shape how businesses will innovate, operate, and expand.TLDR00:50 Teaming between the Cloud Realties hosts and the Data-Powered Innovation Jam podcast team05:52 Introduction by Ron Tolido, what's new in TechnoVision 2025 and the 7 main containers 12:25 Invisible Infostructure by Rob Kernahan21:32 Applications Unleashed by Ron Tolido37:30 Thriving on Data by Robert "Dr. Bob" Engels47:36 Process on the Fly by Weiwei Feng1:02:40 We Collaborate by Dave Chapman1:13:27 You Experience by Esmee van de Giessen1:26:39 Balance by Design by Ron Tolido1:28:06 Overall conclusionGuestsRon Tolido: https://www.linkedin.com/in/rtolido/Robert (Dr. Bob) Engels: https://www.linkedin.com/in/robertengels/Weiwei Feng: https://www.linkedin.com/in/weiwei-feng-a2417795/Data-Powered Innovation Jam podcast https://www.capgemini.com/insights/research-library/data-powered-innovation-jam-podcast/TechnoVision 2025https://www.capgemini.com/insights/research-library/technovision-2025/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett: https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini
Episode Summary: Application Paranoia S6EP1In the Season 6 premiere of Application Paranoia, hosts Colin Bell, Rob Cuddy, and Kris Duer kick off a new theme: debunking the top 10 myths about application security—one myth per episode.They warm up with some lighthearted commentary on new workplace trends like “coffee badging” and the rise of “corp core” attire before diving into a fascinating conversation with Kinny Chan, Chief Commercial Officer at Trust Stamp.Kinny shares his unique career journey from law to the cutting edge of digital identity and privacy, explaining how electronic discovery evolved from paper documents to complex digital evidence, and the challenges of handling sensitive data in litigation.The discussion then pivots to the core topic of digital identity in an age where emails, chats, and advanced AI can fake voices and images. Kinny highlights the critical role of biometrics—like facial, palm, and gait recognition—while unpacking the challenges of ensuring liveness and authenticity.The conversation tackles the limitations of current authentication methods (passwords, devices, biometrics), the risks of centralized identity systems, and the promise of decentralized solutions for greater privacy and control. Kinny also introduces Trust Stamp's innovative approach of using biometric tokens and data shards to enhance both security and user privacy.For listeners seeking practical advice, the episode covers essential tips for protecting your digital identity: monitoring your credit report to combat synthetic identity fraud, using unique email addresses, and educating children and grandparents about the dangers of deepfakes and the importance of verification.The episode concludes with Kinny's emphasis on using a combination of something you know, something you have, and something you are for strong authentication—and the urgent need to keep evolving digital identity protections as technology rapidly advances.Key Takeaways:Digital identity is increasingly complex due to new technologies and AI.Biometrics offer promise but also introduce new challenges.Decentralized identity solutions may offer better privacy and control.Practical tips: monitor credit reports, use unique emails, and educate about deepfakes and verification.
Send us a textIn this must-listen episode of Relating to DevSecOps, Ken welcomes the ever-inspiring Tanya Janca, aka SheHacksPurple—author, AppSec expert, and champion of making security usable. Together, they dig into why so many application security policies fail, why developers ignore them, and how to make them actually work. Tanya shares real-world experiences from both dev and security perspectives, plus her journey from being ignored to lobbying governments for change.From communication failures and TL;DR policy pages to leveraging wikis and code reuse, this episode is a practical masterclass in creating impactful, developer-friendly security standards.
We're on the road to RSAC 2025 — or maybe on a quantum-powered highway — and this time, Sean and I had the pleasure of chatting with someone who's not just riding the future wave, but actually building it.Marc Manzano, General Manager of the Cybersecurity Group at SandboxAQ, joined us for this Brand Story conversation ahead of the big conference in San Francisco. For those who haven't heard of SandboxAQ yet, here's a quick headline: they're a spin-out from Google, operating at the intersection of AI and quantum technologies. Yes — that intersection.But let's keep our feet on the ground for a second, because this story isn't just about tech that sounds cool. It's about solving the very real, very painful problems that security teams face every day.Marc laid out their mission clearly: Active Guard, their flagship platform, is built to simplify and modernize two massive pain points in enterprise security — cryptographic asset management and non-human identity management. Think: rotating certificates without manual effort. Managing secrets and keys across cloud-native infrastructure. Automating compliance reporting for quantum-readiness. No fluff — just value, right out of the box.And it's not just about plugging a new tool into your already overloaded stack. What impressed us is how SandboxAQ sees themselves as the unifying layer — enhancing interoperability across existing systems, extracting more intelligence from the tools you already use, and giving teams a unified view through a single pane of glass.And yes, we also touched on AI SecOps — because as AI becomes a standard part of infrastructure, so must security for it. Active Guard is already poised to give security teams visibility and control over this evolving layer.Want to see it in action? Booth 6578, North Expo Hall. Swag will be there. Demos will be live. Conversations will be real.We'll be there too — recording a deeper Brand Story episode On Location during the event.Until then, enjoy this preview — and get ready to meet the future of cybersecurity.⸻Keywords:sandboxaq, active guard, rsa conference 2025, quantum cybersecurity, ai secops, cryptographic asset management, non-human identity, cybersecurity automation, security compliance, rsa 2025, cybersecurity innovation, certificate lifecycle management, secrets management, security operations, quantum readiness, rsa sandbox, cybersecurity saas, devsecops, interoperability, digital transformation______________________Guest: Marc Manzano,, General Manager of the Cybersecurity Group at SandboxAQMarc Manzano on LinkedIn
Cybersecurity lingo can be overwhelming, but once you get the hang of the essentials, staying secure becomes much easier.In this episode, host Jara Rowe sits down with Marie Joseph, Senior Security Advisor at Trava, to break down key terms like vCISO, PII, and cybersecurity maturity models. They also differentiate between terms like hacker vs. threat actor and firewall vs. antivirus by highlighting the nuances that matter most. Plus, Marie reveals why continuous compliance is crucial, and how concepts like attack surface and risk tolerance fit into the bigger picture of your security strategy.Key takeaways:Essential cybersecurity terms and definitions: vCISO, PII, and more The importance of understanding and managing your attack surfaceWhy cybersecurity compliance can't be a one-time effortEpisode highlights:(00:00) Today's topic: Understanding cybersecurity terms(01:47) What is a vCISO, and why it benefits small businesses(02:54) Definition of PII, BCP, SIEM, DevSecOps, and BCRA (08:40) Hackers vs. threat actors Explained(10:28) Why businesses need an antivirus and a firewall(13:37) Patch management and cybersecurity attack surfaces(16:04) Continuous cybersecurity compliance(21:27) Recapping cybersecurity essentialsConnect with the host:Jara Rowe's LinkedIn - @jararoweConnect with the guest:Marie Joseph's LinkedIn - @marie-joseph-a81394143Connect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blogLinkedIn - @travasecurityYouTube - @travasecurity
Docker launched "Docker Model Runner" to run LLMs through llama.cpp with a single "docker model" command. In this episode Bret details examples and some useful use cases for using this way to run LLMs. He breaks down the internals. How it works, when you should use it or not use it; and, how to get started using Open WebUI for a private ChatGPT-like experience.★Topics★Model Runner DocsHub ModelsOCI ArtifactsOpen WebUIMy Open WebUI Compose fileCreators & Guests Cristi Cotovan - Editor Beth Fisher - Producer Bret Fisher - Host (00:00) - Intro (00:46) - Model Runner Elevator Pitch (01:28) - Enabling Docker Model Runner (04:28) - Self Promotion! Is that an ad? For me? (05:03) - Downloading Models (07:11) - Architectrure of Model Runner (10:49) - ORAS (11:09) - What's next for Model Runner? (12:13) - Troubleshooting You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com
⬥GUEST⬥Izar Tarandach, Sr. Principal Security Architect for a large media company | On LinkedIn: https://www.linkedin.com/in/izartarandach/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥In this episode of Redefining CyberSecurity, host Sean Martin sits down with Izar Tarandach, Senior Principal Security Architect at a major entertainment company, to unpack a concept gaining traction across some developer circles: vibe coding.Vibe coding, as discussed by Izar and Sean, isn't just about AI-assisted development—it's about coding based on a feeling or a flow, often driven by prompts to large language models (LLMs). It's being explored in organizations from startups to large tech companies, where the appeal lies in speed and ease: describe what you want, and the machine generates the code. But this emerging approach is raising significant concerns, particularly in security circles.Izar, who co-hosts the Security Table podcast with Matt Coles and Chris Romeo, calls attention to the deeper implications of vibe coding. At the heart of his concern is the risk of ignoring past lessons. Generating code through AI may feel like progress, but without understanding what's being written or how it fits into the broader architecture, teams risk reintroducing old vulnerabilities—at scale.One major issue: the assumption that code generated by AI is inherently good or secure. Izar challenges that notion, reminding listeners that today's coding models function like junior developers—they may produce working code, but they're also prone to mistakes, hallucinations, and a lack of contextual understanding. Worse yet, organizations may begin to skip traditional checks like code reviews and secure development lifecycles, assuming the machine already got it right.Sean highlights a potential opportunity—if used wisely, vibe coding could allow developers to focus more on outcomes and user needs, rather than syntax and structure. But even he acknowledges that, without collaboration and proper feedback loops, it's more of a one-way zone than a true jam session between human and machine.Together, Sean and Izar explore whether security leaders are aware of vibe-coded systems running in their environments—and how they should respond. Their advice: assume you already have vibe-coded components in play, treat that code with the same scrutiny as anything else, and don't trust blindly. Review it, test it, threat model it, and hold it to the same standards.Tune in to hear how this new style of development is reshaping conversations about security, responsibility, and collaboration in software engineering.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring LinkedIn Post — https://www.linkedin.com/posts/izartarandach_sigh-vibecoding-when-will-we-be-able-activity-7308105048926879744-fNMSSecurity Table Podcast: Vibe Coding: What Could Possibly Go Wrong? — https://securitytable.buzzsprout.com/2094080/episodes/16861651-vibe-coding-what-could-possibly-go-wrongWebinar: Secure Coding = Developer Power, An ITSPmagazine Webinar with Manicode Security — https://www.crowdcast.io/c/secure-coding-equals-developer-power-how-to-convince-your-boss-to-invest-in-you-an-itspmagazine-webinar-with-manicode-security-ad147fba034a⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast:
This year is the year that AI moves from the individual assistant to the collective and autonomous - from co-pilots to agent to agent integration. But what do we know of its collective impact and how does humanity fit in?This week's Easter Special, Dave, Esmee and Rob talk to Anders Indset, about his work (Ex Machina and the Singularity Paradox), capability of infinite progress, humane capitalism, where might the human find themselves in an AGI world and does the intersection of quantum and AI make the chance of us living in a simulation more likely…TLDR01:34 Introduction of Anders Indset03:50 Rob is confused about hackers starting to create saleable products08:12 Conversation with Anders Indset49:50 Who do we see as future leaders in our team?59:15 Conference in Austria about values in Europe and the future of Europe
Hello Las Vegas — we've arrived for Google Cloud Next 2025!Arthur C. Clarke's third law, "Any sufficiently advanced technology is indistinguishable from magic"Hot drop coming through! The #CloudRealities podcast team has landed in electric Las Vegas—and you know what they say: what happens in Vegas normally stays in Vegas... but in this case, we're bringing 8 incredible conversations in the coming days with inspiring guests who are shaping the future of cloud, data, and AI.On the last day, we have two separate episodes lined up to explore how AI is affecting the macro scale and impacting leadership transformation.In this conversation, Dave, Esmee, and Rob talk with Gina Fratarcangeli, Managing Director, NA GSI Leader at Google Cloud about The shifting landscape of Digital and AI technologies among Fortune 500 companies.TLDR00:20 Introduction of Gina Fratarcangeli03:20 Key announcements from the Google Cloud Next Keynote05:56 Main conversation with Gina Fratarcangeli about Fortune 500 companies and their journey towards digital transformation and AI22:01 Who's your favorite magician?GuestGina Fratarcangeli: https://www.linkedin.com/in/gina-fratarcangeli/ HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett: https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini
Hello Las Vegas — we've arrived for Google Cloud Next 2025!Arthur C. Clarke's third law, "Any sufficiently advanced technology is indistinguishable from magic"Hot drop coming through! The #CloudRealities podcast team has landed in electric Las Vegas—and you know what they say: what happens in Vegas normally stays in Vegas... but in this case, we're bringing 8 incredible conversations in the coming days with inspiring guests who are shaping the future of cloud, data, and AI.On the last day, we have two separate episodes lined up to explore how AI is affecting the macro scale and impacting leadership transformation.In the last conversation of the event, Dave, Andy, and Rob talk with Lee Moore, VP Global Google Cloud Consulting at Google Cloud about Leading Cloud Transformation with Strategic Vision.TLDR00:50 Introduction of Lee Moore07:00 Final key announcements from the Google Cloud Next Keynote11:05 Main conversation with Lee Moore about cloud and AI-driven transformation and Intentional leadership 36:31 Who's your favorite magician and tying all the magic together of a fantastic week!!GuestLee Moore: https://www.linkedin.com/in/lee-t-moore/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Guest host Andy Appleby: https://www.linkedin.com/in/andyapplebycapgeminiglobalinfrastructureservices/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett: https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini
Hello Las Vegas — we've arrived for Google Cloud Next 2025!Arthur C. Clarke's third law, "Any sufficiently advanced technology is indistinguishable from magic"Hot drop coming through! The #CloudRealities podcast team has landed in electric Las Vegas—and you know what they say: what happens in Vegas normally stays in Vegas... but in this case, we're bringing 8 incredible conversations in the coming days with inspiring guests who are shaping the future of cloud, data, and AI.On the second day, we have three separate episodes lined up to deep dive into industries such as insurance, telecom, and retail, all linked to AI, data, and innovation.In this conversation, Dave, Esmee, and Rob talk with Meg Tucker, Director of Insurance at Google Cloud about Fueling Insurance Evolution with AI.TLDR00:26 Introduction of Meg Tucker02:36 Key announcements from the Google Cloud Next Keynote07:26 Main conversation with Meg Tucker about the Insurance Evolution based on AI29:30 Who's your favorite magician?GuestMeg Tucker: https://www.linkedin.com/in/megtuckerla/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett: https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini
Hello Las Vegas — we've arrived for Google Cloud Next 2025!Arthur C. Clarke's third law, "Any sufficiently advanced technology is indistinguishable from magic"Hot drop coming through! The #CloudRealities podcast team has landed in electric Las Vegas—and you know what they say: what happens in Vegas normally stays in Vegas... but in this case, we're bringing 8 incredible conversations in the coming days with inspiring guests who are shaping the future of cloud, data, and AI.On the second day, we have three separate episodes lined up to deep dive into industries such as insurance, telecom, and retail, all linked to GenAI, data, and innovation.In this conversation, Dave, Esmee, and Rob talk with Kapil Dabi, America's Director & Market Lead, Retail at Google Cloud about Unlocking Retail Potential with AI and Data. TLDR00:24 Introduction of Kapil Dabi03:00 Key announcements from the Google Cloud Next Keynote and Retail market strategies09:50 Main conversation with Kapil Dabi about how to unlock retail potential with AI and Data26:10 Who's your favorite magician?GuestKapil Dabi: https://www.linkedin.com/in/kapildabi/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett: https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini
Hello Las Vegas — we've arrived for Google Cloud Next 2025!Hot drop coming through! The #CloudRealities podcast team has landed in electric Las Vegas—and you know what they say: what happens in Vegas normally stays in Vegas... but in this case, we're bringing 8 incredible conversations in the coming days with inspiring guests who are shaping the future of cloud, data, and AI.On the second day, we have three separate episodes lined up to deep dive into industries such as insurance, telecom, and retail, all linked to GenAI, data, and innovation.In this conversation, Dave, Andy, and Rob talk with Jen Hawes-Hewitt, Head of Global Solution Partner Programs, Global Telecom Industry at Google Cloud about Accelerating Innovation in Telecom with AI and GenAI.TLDR01:04 Introduction of Jen Hawes-Hewitt and guest host Andy Appleby04:06 Key announcements from the Google Cloud Next Keynote09:39 Main conversation with Jen Hawes-Hewitt31:58 Who's your favorite magician?GuestJen Hawes-Hewitt: https://www.linkedin.com/in/jenhaweshewitt/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Guest host Andy Appleby: https://www.linkedin.com/in/andyapplebycapgeminiglobalinfrastructureservices/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett: https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini
Hello Las Vegas — we've arrived for Google Cloud Next 2025!Arthur C. Clarke's third law, "Any sufficiently advanced technology is indistinguishable from magic"Hot drop coming through! The #CloudRealities podcast team has landed in electric Las Vegas—and you know what they say: what happens in Vegas normally stays in Vegas... but in this case, we're bringing 8 incredible conversations in the coming days with inspiring guests who are shaping the future of cloud, data, and AI.On the first day, we have 3 separate episodes lined up to discuss Google AI strategy & vision, practical implementations, and exciting use cases.In the third conversation, Dave, Esmee, and Rob talk with Jim Anderson, VP, NA Partner Ecosystem & Channels at Google, on how customers are using Cloud, AI/ML, and Data Analytics to power digital transformation. From real-world success stories to the trends shaping the year ahead—this one's packed with actionable insights.TLDR00:23 Introduction of Jim Anderson04:17 Key announcements from the Google Cloud Next Keynote06:44 Main conversation with Jim Anderson about Driving Digital Transformation with Customers 24:50 Who's your favorite magician?GuestJim Anderson: https://www.linkedin.com/in/jimmya/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett: https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini