Podcasts about devsecops

Hello San Francisco - we're arrived for Microsoft Ignite 2025! The #CloudRealities podcast team has landed this week in San Francisco, we're bringing you the best updates right from the heart of the event. Join us to connect AI at scale, cloud modernization, and secure innovation—empowering organizations to become AI-first. Plus, we'll keep you updated on all the latest news and juicy gossip. Dave, Esmee, and Rob wrap up their Ignite 2025 series with Yina Arenas, CVP of Microsoft Foundry, to discuss why Foundry is the go-to choice for enterprises and how it champions responsible development and innovation.  TLDR00:40 – Introduction to Yina Arenas01:14 – How the team is doing, keynote highlights, and insights from the Expo floor02:50 – Deep dive with Yina on the evolution of Cloud Foundry29:24 – Favourite IT-themed movie, human interaction, and our society31:56 – Personal (and slightly juicy) reflections on the week37:30 – Team reflections on Ignite 2025, including an executive summary per guest and appreciation for Dennis Hansen50:54 – The team's favorite IT-themed movies59:30 – Personal favorite restaurantGuestYina Arenas: https://www.linkedin.com/in/yinaa/ HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/ SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/ 'Cloud Realities' is an original podc

Hello San Francisco - we're arrived for Microsoft Ignite 2025! The #CloudRealities podcast team has landed this week in San Francisco, we're bringing you the best updates right from the heart of the event. Join us to connect AI at scale, cloud modernization, and secure innovation—empowering organizations to become AI-first. Plus, we'll keep you updated on all the latest news and juicy gossip. Dave, Esmee, and Rob continue their conversation with Alistair Speirs, GM of Global Infrastructure for Microsoft's Azure Business Group, exploring how to build and scale the AI and Cloud datacenters of the future worldwide—while also addressing sovereignty requirements.  TLDR00:40 – Introduction to Alistair Speirs04:42 – Keynote highlights and Expo floor insights06:50 – Deep dive conversation with Alistair36:36 – Favorite IT-themed movie, using your brain as compute storage, and why people still matter GuestAlistair Speirs: https://www.linkedin.com/in/alistair/ HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/ SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/ 'Cloud Realities' is an original podcast from Capgemini

Hello San Francisco - we're arrived for Microsoft Ignite 2025! The #CloudRealities podcast team has landed this week in San Francisco, we're bringing you the best updates right from the heart of the event. Join us to connect AI at scale, cloud modernization, and secure innovation—empowering organizations to become AI-first. Plus, we'll keep you updated on all the latest news and juicy gossip.  Dave, Esmee and Rob, continue their discussion with John Link, Partner Product Manager at Microsoft, exploring Frontier organizations and how AI and quantum are reshaping R&D, all within the context of Microsoft Discovery. TLDR00:58 – Introduction to John Link (and some fun food spellings)03:55 – Keynote highlights and Expo floor insights06:42 – Deep dive conversation with John25:00 – Favorite IT-themed movie, thoughts on brain implants, and the simulation theory GuestJohn Link: https://www.linkedin.com/in/johnmlink/ HostsDave Chapman:  https://www.linkedin.com/in/chapmandr/Esmee van de Giessen:  https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan:  https://www.linkedin.com/in/rob-kernahan/ ProductionMarcel van der Burg:  https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman:  https://www.linkedin.com/in/chapmandr/ SoundBen Corbett:  https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:   https://www.linkedin.com/in/louis-corbett-087250264/ 'Cloud Realities' is an original podcast from Capgemini

Hello San Francisco - we're arrived for Microsoft Ignite 2025! The #CloudRealities podcast team has landed this week in San Francisco, we're bringing you the best updates right from the heart of the event. Join us to connect AI at scale, cloud modernization, and secure innovation—empowering organizations to become AI-first. Plus, we'll keep you updated on all the latest news and juicy gossip. Dave and Esmee continue their conversation with Rob Lefferts, CVP Threat Protection about the key security announcements and explore how we leverage agents to protect, defend, and respond at AI speed.  TLDR00:50 – Introduction to Rob Lefferts01:40 – Keynote highlights and insights from the Expo floor03:19 – In-depth conversation with Rob on why security is critical in the era of AI22:53 – Favorite IT-themed movie linked to the Asimov's principles and the Louvre password  GuestRob Lefferts: https://www.linkedin.com/in/rob-lefferts/ HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/ SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/ 'Cloud Realities' is an original podcast from Capgemini

Hello San Francisco - we're arrived for Microsoft Ignite 2025!The #CloudRealities podcast team has landed this week in San Francisco, we're bringing you the best updates right from the heart of the event. Join us to connect AI at scale, cloud modernization, and secure innovation—empowering organizations to become AI-first. Plus, we'll keep you updated on all the latest news and juicy gossip. Dave, Esmee and Rob kick off with Rob Cromwell, CVP of Engineering and explore the exciting evolution of Copilot and share insights on what's coming next. TLDR 00:50 – Back in San Francisco 02:45 – Highlights from the first keynote 11:08 – Intro and chat with Rob Cromwell 30:40 – Tackling tech and authentication challenges 32:28 – Favorite IT-related film and a glimpse into the near future GuestRob Cromwell: https://www.linkedin.com/in/robcromwell/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

Hello San Francisco - we're arrived for Microsoft Ignite 2025! The #CloudRealities podcast team has landed this week in San Francisco, we're bringing you the best updates right from the heart of the event. Join us to connect AI at scale, cloud modernization, and secure innovation—empowering organizations to become AI-first. Plus, we'll keep you updated on all the latest news and juicy gossip. Dave, Esmee, and Rob continue their conversation with Jonathan Hunt, CVP of Business Solutions at Microsoft, diving into the differences between AI-driven business solutions and traditional business applications, and exploring how customers can learn where—and how—to get started with AI.  TLDR00:35 – Introduction and conversation with Jonathan Hunt, plus updates from the event floor22:15 – Favorite IT-themed movie starring Arnold SchwarzeneggerGuestJonathan Hunt: https://www.linkedin.com/in/jonathan-hunt1/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/ SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/ 'Cloud Realities' is an original podcast from Capgemini

Neste Kubicast, recebemos o Chico (Francisco Rodrigues) e o França, da Qive, para um papo técnico e divertido sobre como instrumentamos uma aplicação legada em PHP com OpenTelemetry e destravamos visibilidade de ponta a ponta. Contamos como foi a descoberta, o desenho da arquitetura e as primeiras vitórias: da auto‑instrumentação às correções cirúrgicas que derrubaram a latência no p95 e eliminaram instabilidades intermitentes.Falamos de decisões práticas: por que escolher OpenTelemetry em um monólito Zend antigo, como alinhar a coleta com o ecossistema Grafana (Tempo, Loki, dashboards, alertas) e qual o impacto real em consumo de CPU/memória versus os ganhos na operação. Também abrimos o jogo sobre trade‑offs de transporte (gRPC/Protobuf), overhead na request e como padronizamos spans para tornar o tracing “quase APM”, mas com stack aberta.De quebra, exploramos experiência do time (SRE e Eng. de Software) para acelerar adoção, self‑service e developer experience. Se você quer entender auto‑instrumentação em PHP, custos/benefícios, stack de observabilidade com Grafana e boas práticas de tracing distribuído, este episódio é para você.Links Importantes: - Marcelo França - https://www.linkedin.com/in/marceloluizfranca - Francisco Rodrigues - https://www.linkedin.com/in/fcoedno - Artigo inspirador - https://medium.com/engenharia-arquivei/instrumente-sua-aplica%C3%A7%C3%A3o-php-com-opentelemetry-cb3460a64d04 - Conheça a Qive - https://qive.com.br/institucional/ - Opentelemetry PHP - https://opentelemetry.io/docs/languages/php/ - João Brito - https://www.linkedin.com/in/juniorjbn/O Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

Security is no longer optional—it's built into every stage of modern software development. In this episode, we break down the real difference between DevSecOps and Rugged DevOps, two powerful approaches reshaping how organizations defend against evolving cyber threats. From automation and early vulnerability detection to resilience and chaos engineering, learn how each methodology shapes the future of secure software delivery.

AI is accelerating software delivery, but it's also introducing new security risks that most developers and automation engineers never see coming. In this episode, we explore how AI-generated code can embed vulnerabilities by default, how "vibe coding" is reshaping developer workflows, and what teams must do to secure their pipelines before bad code reaches production. You'll learn how to prompt more securely, how guardrails can stop vulnerabilities at generation time, how to prioritize real risks instead of false positives, and how AI can be used to protect your applications just as effectively as attackers use it to exploit them. Whether you're using Cursor, Copilot, Playwright MCP, or any AI tool in your automation workflow, this conversation gives you a clear roadmap for staying ahead of AI-driven vulnerabilities — without slowing down delivery. Featuring Sarit Tager, VP of Product for Application Security at Palo Alto Networks, who reveals real-world insights on securing AI-generated code, understanding modern attack surfaces, and creating a future-proof DevSecOps strategy.

Policy-as-Code is reshaping how modern teams enforce security and compliance. In this episode, we break down how organizations are replacing manual checks with automated, code-driven policies that integrate directly into CI/CD pipelines. If you're working with cloud, DevOps, or DevSecOps, this is a must-listen session to understand how PaC boosts consistency, scalability, and audit readiness.

In 2026, governments across Asia grapple with escalating cybersecurity challenges amid rapid digital transformation and geopolitical tensions. AI-powered threats, including sophisticated phishing and deepfakes, pose significant risks, with IDC forecasting that 76.5% of Asia/Pacific enterprises lack confidence in detecting such attacks. Ransomware continues to evolve, targeting critical infrastructure, while supply chain vulnerabilities expose sensitive data—Gartner predicts 45% of global organisations will face software supply chain attacks by 2025, a trend persisting into 2026. Cloud adoption amplifies hybrid environment breaches, compounded by espionage-driven incursions, as Verizon reports 25% of APAC cyberattacks motivated by spying, with public administration the most targeted sector. Regulatory mandates demand robust compliance, straining resources in an era of legacy systems and talent shortages.In this PodChats for FutureCISO, Aaron Bugal, Field CISO, APJ, Sophos, walks us through some of the coming cybersecurity issues government CISOs as well as those in the private sector, will find important in 2026.1.       How can government CISOs effectively measure and improve their cybersecurity resilience, moving beyond compliance-based checklists to ensure the continuous delivery of essential citizen services during an attack?2.       What strategies, have proven, most effective for securing legacy systems that remain critical to national operations, given they cannot be immediately replaced?3.       With Gartner highlighting that by 2026, 50% of C-level executives will have performance requirements tied to cybersecurity risk, how can government CISOs best align their security metrics with national-level outcomes? 4.       How can CISOs proactively defend against state-aligned (sponsored) actors who are increasingly targeting digital public services and critical infrastructure for espionage and disruption?5.       Name one CISO strategy for managing third-party and supply chain risk, particularly as organisations, both private and public, rely on an ecosystem of partners to deliver complex, cloud-native government services?6.       Given IDC's prediction that by 2026, 70% of organisations will consider environmental sustainability in their cloud purchase decisions, how can CISOs balance security, sovereignty, and sustainability in their technology procurements?7.       How are government CISOs addressing the critical cybersecurity skills gap, and what new models for talent acquisition and retention must be developed to compete with the private sector? a.       How to avoid burnout?8.       To what extent have CISOs integrated security into the entire application lifecycle (DevSecOps) for their national digital identity and other citizen-facing platforms?9.       Name a governance and technical framework for the safe and ethical adoption of AI, both to enhance a government's cyber defences and to mitigate its potential malicious use by threat actors?10.   How are government CISOs collaborating with regional counterparts and international bodies to share threat intelligence and establish coordinated response protocols for cross-border cyber incidents?11.   What is that one final advice for government CISOs as their update their cybersecurity strategies for 2026?

Digital intelligence is reshaping how organizations work, and success depends on integrating multiple domains, using real-time analytics, and ensuring strong cyber protections as data grows and risks increase  This week, Dave, Esmee, and Rob talk with Chris Carter, Director - Key Accounts and Australia at BAE Systems Digital Intelligence, to explore the fast-moving world of digital intelligence, data, and analytics and dive into the complexities of the work, how rapidly the landscape is evolving, and the major challenges organizations face today.  TLDR:00:41 Introduction of Chris Carter03:00 Rob is confused by the idea of renting out brain capacity for compute power07:13 Chris discusses the fusion of data, AI, and human judgment in complex environments34:30 Are we giving enough attention to human cognitive capacity?42:34 Rugby tickets with the family  GuestChris Carter: https://www.linkedin.com/in/chriscarter3/ HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/ ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/ SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/ 'Cloud Realities' is an original podcast from Capgemini 

Do you actually need a Release Engineer to manage Salesforce DevOps? Ana Moreno joins Jack to share her incredible (and truly accidental) journey from the world of art history to the heart of tech. Before they dive into release management, Jack derails the conversation to hear all about the fascinating world of art fraud, including tales of Man Ray's lost negatives and fake Victorian photographs.Once back on track, Ana pulls back the curtain on what it really takes to manage a complex, high-stakes Salesforce release process at a company that lives and breathes DevOps.Tune in to learn:- What the day-to-day life of a dedicated Release Engineer actually looks like.- How GitLab manages weekly Salesforce releases with a 30+ person team across five pods.- Strategies for handling merge conflicts as a "necessary evil."- Ana's top advice for teams looking to overhaul their process (Hint: It's not just about buying a tool).- The practical role AI is playing in their DevOps cycle today.About DevOps Diaries: Salesforce DevOps Advocate Jack McCurdy chats to members of the Salesforce community about their experience in the Salesforce ecosystem. Expect to hear and learn from inspirational stories of personal growth and business success, whilst discovering all the trials, tribulations, and joy that comes with delivering Salesforce for companies of all shapes and sizes. New episodes bi-weekly on YouTube as well as on your preferred podcast platform.Podcast produced and sponsored by Gearset. Learn more about Gearset: https://grst.co/4iCnas2Subscribe to Gearset's YouTube channel: https://grst.co/4cTAAxmLinkedIn: https://www.linkedin.com/company/gearsetX/Twitter: https://x.com/GearsetHQFacebook: https://www.facebook.com/gearsethqAbout Gearset: Gearset is the leading Salesforce DevOps platform, with powerful solutions for metadata and CPQ deployments, CI/CD, automated testing, sandbox seeding and backups. It helps Salesforce teams apply DevOps best practices to their development and release process, so they can rapidly and securely deliver higher-quality projects. Get full access to all of Gearset's features for free with a 30-day trial: https://grst.co/4iKysKWChapters:00:00 Welcome Ana Moreno, Salesforce Release Engineer at GitLab02:36 Ana's journey: The "Accidental Admin"03:30 From art history to tech09:33 Let's talk about art fraud!15:14 From Admin to Release Engineer22:35 What does a Release Engineer actually do all day?25:48 Inside GitLab's weekly Salesforce release cycle28:09 The challenge of managing 1,000+ Apex tests33:07 Taming the "necessary evil" of merge conflicts38:41 Key advice for teams overhauling their DevOps process46:12 The real-world future of AI in the DevOps pipeline50:57 Ana's Final Mantra

A gente sentou com um trio do Mercado Livre para abrir a caixa-preta do Fury, a plataforma que sustenta milhares de serviços e times. Falamos sobre como transformar Kubernetes em um produto de plataforma consumível, com autonomia para os times e guardrails que não viram algemas. Sim, é sobre Platform Engineering de verdade, com aprendizados que doem no bolso e no pager.Entramos em detalhes de experiência do desenvolvedor (DX), SDKs, templates e Golden Path no Backstage, além das escolhas que tornaram o Fury utilizável por centenas de times sem precisar “fazer kubectl em produção”. Também discutimos arquitetura multi-cloud, clusters por criticidade, autoscaling (Karpenter/KEDA) e como democratizar observabilidade sem expor todo mundo ao PromQL às 3 da manhã.Para fechar com chave de ouro, falamos de governança e segurança no dia a dia (DevSecOps na prática), SLIs/SLOs e o dilema entre padronização e liberdade. Tem história de guerra, roadmap, trade-offs e até as dicas de carreira dos convidados. Todos os links citados (Backstage, ArgoCD/GitOps, Karpenter, KEDA e materiais sobre Platform Engineering) estão na seção de DESTAQUES abaixo para você explorar.Links:Saiba mais sobre o Fury - https://medium.com/mercadolibre-tech/subpage/79a519305008Julia Pedroza - https://www.linkedin.com/in/julianunesp/Juliano Martins - https://www.linkedin.com/in/julianommartins/Marcelo Quadros - https://www.linkedin.com/in/quadros-marcelo/João Brito - https://www.linkedin.com/in/juniorjbn/O Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

Most organizations have security champions. Few have a real security culture.In this episode of AppSec Contradictions, Sean Martin explores why AppSec awareness efforts stall, why champion programs struggle to gain traction, and what leaders can do to turn intent into impact.

 In this second episode of the special AI mini-series, we now explore the human side of transformation, where technology meets purpose and people remain at the center. From future jobs and critical thinking to working with C-level leaders, how human intervention and high-quality data drive success in an AI-powered world.This week, Dave, Esmee, and Rob talk to Indhira Mani, CDO at Intact Insurance UK, about the Love for data, insights on leadership, resilience, and preparing the next generation for what's next.    TLDR:01:30 Introduction of Indhira Mani and Scotch whisky05:45 Explaining the State of AI mini-series with Craig07:12 Conversation with Indi about her boyfriend called Data 38:33 Umbrella Sharing in Japan and the trust on AI45:15 The British Insurance Award and Women in Tech finalist GuestIndhira Mani: https://www.linkedin.com/in/indhira-mani-data/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/with co-host Craig Suckling: https://www.linkedin.com/in/craigsuckling/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/ SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/ 'Cloud Realities' is an original podcast from Capgemini

Most organizations have security champions. Few have a real security culture.In this episode of AppSec Contradictions, Sean Martin explores why AppSec awareness efforts stall, why champion programs struggle to gain traction, and what leaders can do to turn intent into impact.

Шоты №43. Безопасность по умолчанию: эволюция DevOps в DevSecOps. Дмитрий Горохов, Антон Конопак Оставайтесь на связи Пишите нам: info@linkmeup.ru Канал в телеграме: t.me/linkmeup_podcast Канал на youtube: youtube.com/c/linkmeup-podcast Подкаст доступен в iTunes, Google Подкастах, Яндекс Музыке, Castbox Сообщество в вк: vk.com/linkmeup Группа в фб: www.facebook.com/linkmeup.sdsm Добавить RSS в подкаст-плеер. Пообщаться в общем чате в тг: https://t.me/linkmeup_chat Поддержите проект:

In this episode of De Nederlandse Kubernetes Podcast, we talk with Jim Bugwadia, founder and CEO of Nirmata, and Shuting Zhao, Staff Engineer and one of the maintainers of Kyverno — the CNCF project for Kubernetes policy management.Jim and Shuting share how Kyverno was born from Nirmata's commercial work and has since become one of the most widely adopted open source projects in Kubernetes governance, with over 3.4 billion image pulls.We explore the real question: Why does Kubernetes need policies if it's already declarative? Jim explains how policy as code helps developers, operators, and security teams collaborate on cluster configuration at scale — from pod security to resource quotas, network policies, and automation.Shuting dives deeper into how Kyverno enables granular control, policy exceptions, and flexible enforcement modes — from audit to enforce. They discuss how large organizations use policy automation to improve compliance, security, and even cost efficiency, citing use cases like Adidas saving 50% in dev/test environments using policy-driven resource management.We also touch on:

Josh Arzt is a Senior Solutions Architect with 25+ years of experience modernizing systems, solving complex problems, and delivering scalable cloud solutions. He is an expert in software engineering, DevSecOps, serverless architectures, and cloud migrations. He is a certified professional with a strong publication record in IT and applied mathematics.   His professional career began in the early 2000s, when he discovered .NET and all it had to offer in its early days. Using that framework, paired with his maturation in software architecture, helped shape how he approaches challenges — with curiosity, precision, and a focus on making technology practical and reliable. Along the way, he's led teams, modernized systems, written his own software in performance metrics, and helped organizations adapt to change, but what he values most is working with people: mentoring engineers, collaborating across disciplines, and finding ways to connect technical work to real human impact. He brings both experience and perspective — the ability to see the big picture while never losing sight of the craft that drew him to this field in the first place.   Josh is also a 2025-2026 board election candidate for .NET Foundation.   Topics of Discussion: [2:40] Josh talks about the .NET Foundation and its importance. [7:08] A self-described dorky child, Josh recounts his early days in IT, starting with building computers as a child. [9:33] Josh describes his transition from IT support to software development, driven by his interest in problem-solving. [15:55] Josh discusses the evolution of .NET, from its early days to the current state. [30:40] The importance of choosing the right tool for the job, regardless of the programming language. [32:42] The challenges of managing tech debt and the importance of sustainability in software development. [37:28] Josh shares his positive experiences with the .NET community and the support they provide. [38:08] How thoughtful and consistent feedback shapes the evolution of the .NET ecosystem. [40:02] Continuous learning and adaptation in the field of software development.   Mentioned in this Episode: Clear Measure Way Architect Forum Software Engineer Forum Joshua Arzt LinkedIn Technical Babble — XCalibur Systems Xcalibur37 GitHub User Xcalibur Stack Overflow     Want to Learn More? Visit AzureDevOps.Show for show notes and additional episodes.

Technology can scale almost everything—except human experience. In a world driven by efficiency, what does it mean to design for how people truly feel? It's about transforming user interactions into ongoing insight and innovation, rooted in empathy and understanding.  This week, Dave, Esmee and Rob talk to Kevin Magee, Chief Technology Officer at All human about helping organizations transform customer experiences with a focus on design, engineering, and what is called "digital performance."  TLDR:00:41 Introduction of Kevin Magee with Guinness or sparkling water?03:23 Rob wonders, is Apple really opening up its ecosystem?11:40 Deep dive with Kevin into design, engineering, and digital performance36:30 How tools built for one purpose can transform entire systems48:35 Weekend city breaks and pursuing a master's in psychology  GuestKevin Magee: https://www.linkedin.com/in/kevinmagee/ HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/ ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/ SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/ 'Cloud Realities' is an original podcast from Capgemini

Aproveitamos a AWS fora do ar e o linkedin cheio de especialistas para falar um pouco sobre DevOps e SRE: o que realmente falhou, como dependências globais amplificam incidentes e por que comunicação e telemetria mudam o jogo quando o provedor está cambaleando. Falamos de estratégias de resiliência multi‑região, desenho de failure domains e decisões pragmáticas de RTO/RPO. Discutimos feature flags para degradar funcionalidades com graça, circuit breakers e backoff nos clientes, priorização de runbooks e exercícios de caos que realmente medem MTTR. Também passamos por impactos colaterais em serviços gerenciados (EKS, IAM, KMS, DynamoDB), observabilidade em modo de guerra e os limites do “gerenciado”.Fechamos com lições acionáveis para times de produto e plataforma: desde budget de disponibilidade e custos até testes de recuperação orientados a cenários. Dois tópicos‑chave que destacamos: resiliência multi‑região na prática e como treinar a organização para incidentes de baixa probabilidade e alto impacto.Por fim, damos um giro de lições aprendidas para equipes de produto e plataforma: feature flags para fallback de integrações, rotas alternativas para planos de controle, circuit breakers em clientes, e playbooks para comunicação com stakeholders. Dois tópicos que merecem atenção especial neste papo: resiliência multi-região na prática e como preparar sua organização para incidentes “quase improváveis”.#Links Importantes:- Lucas Azevedo - https://www.linkedin.com/in/lazevedo-devops/- Comunidade DevOps no Discord - https://discord.com/invite/k6wPagw4tV- João Brito - https://www.linkedin.com/in/juniorjbn/- Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflM## Hashtags#DevOps #SRE #AWS #Outage #DNS #DynamoDB #AltaDisponibilidade #Resiliencia #Observabilidade #ChaosEngineering #IncidentResponse #Runbooks #FeatureFlags #CircuitBreaker #RTO #RPO #Kubernetes #DevSecOps #Kubicast #Containers #GetupO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

Organizations pour millions into protecting running applications—yet attackers are targeting the delivery path itself.This episode of AppSec Contradictions reveals why CI/CD and cloud pipelines are becoming the new frontline in cybersecurity.

Send us a textIn this candid and cathartic episode, Ken and Mike unpack the chaos that is Q4 for security professionals. From budget burnouts to end-of-year pentesting sprints, they explore why the final months of the year feel like a perfect storm for stress. Tune in as they share hard-earned lessons, practical advice for maintaining your sanity, and some gentle reminders that not everything needs to ship before Christmas. Whether you're a tired vendor, an overwhelmed engineer, or just trying to make it to PTO, this episode is for you.

Organizations pour millions into protecting running applications—yet attackers are targeting the delivery path itself.This episode of AppSec Contradictions reveals why CI/CD and cloud pipelines are becoming the new frontline in cybersecurity.

The skills we teach today will decide the world we live in tomorrow but the digital skills gap is something we've been dealing with for decades, but it's growing faster than ever, it starts with kids and stretches all the way into late IT careers, and now we're finally taking a more connected, lifelong approach to closing it. This week, Dave, Esmee, and Rob speak with Mike Nayler, Director, National Security, Defense & Public Safety at AWS about the digital skills gap and explore how tech companies can help close it. TLDR:00:45 Introduction of Mike Nayler and the pros and cons of enterprise architects, based on a survey03:30 Rob is confused about AI replacing prompt engineers07:55 Conversation with Mike on the digital skills gap25:15 The real gap is between institutions and the people they aim to serve33:24 Mike heading back to school and writing essays againGuest Mike Nayler: https://www.linkedin.com/in/nayler/ HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/ ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/ SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/ 'Cloud Realities' is an original podcast from Capgemini

Se você acha que segurança em nuvem é só ligar um CSPM e ser feliz, neste episódio a gente mostra que a história é bem mais cabeluda e divertida. Recebemos o Leandro Venâncio para destrinchar desde responsabilidade compartilhada e Zero Trust até o que realmente funciona no dia a dia de clusters Kubernetes sob fogo cruzado. Falamos de cultura, automação e das ciladas que a gente só aprende depois de tomar uns tombos.Partimos do básico bem-feito (identidade, redes e criptografia) e avançamos para governança com políticas (Kyverno/Gatekeeper), esteira com SAST/DAST/SCA, SBOM decente e segredos administrados em KMS/External Secrets. Amarramos com observabilidade, resposta a incidentes e como priorizar risco sem virar refém de dashboards. Spoiler: custo, compliance e performance entram no mesmo bolo e não dá pra fingir que não existem.Entre as pautas, destacamos: como aplicar Zero Trust em workloads efêmeros; por que "shift left" sem operações maduras mais atrapalha que ajuda; e onde CNAPP, CSPM e admission controllers se encontram. E claro, casos reais — porque a teoria é linda, mas a produção é quem manda.#Links Importantes:- Leandro Venâncio - https://www.linkedin.com/in/leandro-venancio/- LowOps cast com Rafael Ferreira - https://www.youtube.com/live/SC6a11HClX4- João Brito - https://www.linkedin.com/in/juniorjbn/- Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflMO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

The concept of DevSecOps has been around long enough that it's now firmly established in most federal agencies, but using it to produce secure software on a regular basis takes careful planning. Darren Death is the Chief Information Security Officer at the Export Import Bank, and Madhuri Sammid is the Deputy Associate Chief Information Officer at the Bureau of Safety and Environmental Enforcement. They talked with Federal News Network's Jared serbu As part of our 2025 Cyber Leaders Exchange.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

In 'Access All Areas' shows we go behind the scenes with the crew and their friends as they dive into complex challenges that organisations face—sometimes getting a little messy along the way. We're launching a special AI mini-series exploring how artificial intelligence is reshaping industries. Each episode dives into key themes like scaling AI, societal impact, leadership, sustainability, and the challenges ahead. Join us for fresh insights and bold conversations on the future of intelligent systems.  This week, Dave, Esmee, and Rob kick off the AI mini-series with Craig Suckling, CAIO at Capgemini and co-host of this special edition. The episode is inspired by “Riding the AI Whirlwind,” Gartner's 2025 strategic predictions report, which urges organizations to act boldly on AI's potential while managing risks like rising costs and privacy concerns  TLDR:00:40 – Introduction of Craig Suckling and launch of the AI mini-series02:38 – Summary of three key insights and strategic recommendations from Gartner's “Riding the AI Whirlwind” report23:03 – Strategic planning assumptions: what they mean for business and tech leaders41:40 – Sam Altman's top three concerns about the future of AI49:35 – What key topics remain unaddressed?51:00 – What to expect from the AI mini-series featuring industry leadersHostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/with co-host Craig Suckling: https://www.linkedin.com/in/craigsuckling/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/ SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/ 'Cloud Realities' is an original podcast from Capgemini

Abrimos o episódio colocando a mão na massa: como desenhar uma experiência de desenvolvedores (DevX) que realmente reduz lead time e aumenta throughput de entregas. Com a presença do Luiz Henrique e da Larissa Vitoriano, exploramos o que o time do iFood aprendeu ao escalar plataformas internas, padronizar fluxos de entrega e melhorar a autonomia das squads sem perder governança.Também entramos no universo de Developer Relations (DevREL) — não como “marketing técnico”, mas como ponte entre produto, plataforma e comunidade. Falamos de como priorizar feedback produtivo, quais métricas evitam vaidade e como alinhar backlog de plataforma com as dores reais de quem está codando todos os dias.Pra fechar, discutimos IA “na vida real”: onde modelos (tradicionais e LLMs) já estão gerando valor no ciclo de desenvolvimento, como observabilidade e custo entram na equação e os limites práticos de adoção — desde MLOps, finops de inferência, até segurança e privacidade.Links Importantes:- Larissa Vitoriano - https://www.linkedin.com/in/larissavitoriano/- Luiz Henrique - https://www.linkedin.com/in/luizhenrique1987/- Blog do IFood Tech - https://medium.com/ifood-tech- João Brito - https://www.linkedin.com/in/juniorjbn/- Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflMHashtags#DevX #DevREL #IA #MLOps #Plataformas #Observabilidade #FinOps #SRE #CulturaDev #Produtividade #Kubernetes #DevOps #DevSecOps #Kubicast #Containers #GetupO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com The impact of AI in software development in the federal government is so pervasive that, in July of 2025, the President of the United States released a White House AI Action Plan. Today, we sat down with Bob Stevens from GitLab to put this development into perspective, examine some use cases, and suggest methods that federal agencies can use to prepare for this technological shift. What precipitated the initiative is the recognition that change is occurring so rapidly in the world of software development that the federal government must adapt more quickly than in the past, or it will be vulnerable to cyberattacks. Stevens notes that the federal government has been targeting modernization, producing software faster, and being more efficient, for a decade. AI will help them get there, with some possible cost reduction. For example, in the past, a vulnerability may have taken weeks to discover. Utilizing AI allows federal software developers to reduce that discovery to minutes. That ties in with one essential element in the White House initiative: security. In fact, one of the pillars of the Action Plan is titled “Promoting Secure-by-Design AI Technologies and Applications.” Stevens has been involved in federal software development for decades and thinks that a platform approach best serves the essential objectives of this Action Plan. The conversation concludes with the potential for AI to streamline government processes and improve operational efficiency. If you are interested in learning more about the economics of this approach, you can download The Economics of Software Innovations: $750 billion Opportunity at a Crossroads.

How do you perform incident response on a Kubernetes cluster when you're not even on the same network? In this episode, Damien Burks, Senior Security engineer breaks down the immense challenges of container security and why most commercial tools are failing at automated response.While many CNAPPs provide runtime detection, they lack a "sophisticated approach to automating incident response or containment" in complex environments like private EKS . He shares his hands-on experience building a platform that uses a dynamically deployed Lambda function to achieve containment of a compromised EKS node in just 10 minutes, a process that would otherwise take hours of manual work and approvals .This is a guide for any DevSecOps or cloud security professional tasked with securing containerized workloads. The conversation also covers a layered prevention strategy, the evolving role of the cloud security engineer, and career advice for those looking to enter the field.Guest Socials -⁠ ⁠⁠⁠⁠Damien's LinkedinPodcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security PodcastQuestions asked:(00:00) Introduction(02:15) Who is Damien Burks?(03:20) The State of Cloud Incident Response in 2025(05:15) Why There is No Sophisticated, Automated IR for Kubernetes(06:20) A Deep Dive into Kubernetes Incident Response(07:30) The Unique Challenge of a Private EKS Cluster(12:15) A Layered Approach to Prevention in a DevSecOps Culture(17:00) How to Automate Containment in a Private EKS Cluster(17:40) From Hours to 10 Minutes: The Impact of Automation(22:00) The Evolving & Complex Role of the Cloud Security Engineer(25:40) Do We Have Too Much Visibility or Not Enough?(29:00) Career Path: The Value of Learning to Code for DevSecOps(35:00) Damien's Hot Take: "Multi-Cloud Just Means Chaos"(44:20) Career Advice for Traditional IR Professionals Moving to Cloud(47:50) Final Questions: Video Games, Life's Journey, and GumboResources spoke about during the interviewDamien's Website

Episode 4: Security as Code In this episode of the ePlus Security + F5 API Security Podcast, David Tumlin and Chuck Herrin dive into the future of “security as code,” where automation, AI, and DevSecOps converge to protect dynamic, ephemeral environments.  From real-time threat validation to AI-assisted policy tuning, this is a must-listen for anyone building or securing modern apps.

Bret is joined by Philip Andrews and Dan Muret of Cast AI to discuss pod live migration between nodes in a Kubernetes cluster.

The evolving role of technology in modern defense environments, highlighting innovations in communications, automation, and open-source frameworks. Drawing from personal experience, the conversation emphasizes how real-world conflicts are reshaping how tech is deployed, adopted, and understood across military operations.  This week, Dave, Esmee, and Rob speak with Ben Sparke, Enterprise Azure Cloud & AI Specialist for UK Defence at Microsoft, about  how his military background informs a human-centered approach to technology in the evolving defence sector—highlighting the shift from mission-driven to tech-driven innovation.  TLDR:00:37 – Introduction of Ben Sparke and face-to-face podcasting02:40 – Rob gets confused about Digital Twins representing you in court08:15 – Tech's evolving role in defence, with Ben 34:41 – Why improvisation and human adaptability matter 43:30 – Ben's hundred-mile bike race over the weekend  Guest Ben Sparke: https://www.linkedin.com/in/ben-sparke/ HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/ ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/ SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/ 'Cloud Realities' is an original podcast from Capgemini 

In this issue of the Future of Cyber newsletter, Sean Martin digs into a topic that's quietly reshaping how software gets built—and how it breaks: the rise of AI-powered coding tools like ChatGPT, Claude, and GitHub Copilot.These tools promise speed, efficiency, and reduced boilerplate—but what are the hidden trade-offs? What happens when the tools go offline, or when the systems built through them are so abstracted that even the engineers maintaining them don't fully understand what they're working with?Drawing from conversations across the cybersecurity, legal, and developer communities—including a recent legal tech conference where law firms are empowering attorneys to “vibe code” internal tools—this article doesn't take a hard stance. Instead, it raises urgent questions:Are we creating shadow logic no one can trace?Do developers still understand the systems they're shipping?What happens when incident response teams face AI-generated code with no documentation?Are AI-generated systems introducing silent fragility into critical infrastructure?The piece also highlights insights from a recent podcast conversation with security architect Izar Tarandach, who compares AI coding to junior development: fast and functional, but in need of serious oversight. He warns that organizations rushing to automate development may be building brittle systems on shaky foundations, especially when security practices are assumed rather than applied.This is not a fear-driven screed or a rejection of AI. Rather, it's a call to assess new dependencies, rethink development accountability, and start building contingency plans before outages, hallucinations, or misconfigurations force the issue.If you're a CISO, developer, architect, risk manager—or anyone involved in software delivery or security—this article is designed to make you pause, think, and ideally, respond.

My guest today is Michael Ferranti, VP of Marketing at Unleash. In this conversation Michael recounts his journey from the banking sector to the tech world starting during the 2008 financial crisis. He explains how the launch of Amazon's cloud services led him to join Rackspace, a leading hosting provider at the time. Michael emphasizes the importance of culture in a company's success and delves into his career in developer tools, touching upon the shifts in cloud computing, containerization, and microservices architecture, up to the current generative AI revolution. He discusses the differences between building software for financial services and for developers, stressing the necessity of upskilling to maintain credible conversations with target audiences. Key insights shared include best practices for feature management, emphasizing the importance of small batch sizes in DevOps, and the critical need for empathy and strong mission alignment in work culture. Michael concludes with career advice for those looking to enter or advance in software marketing, highlighting the importance of curiosity and adaptability in the fast-evolving tech landscape.00:00 Introduction and Welcome00:09 Michael's Journey into Tech01:29 Early Career at Rackspace03:28 Transition to Developer Tools04:31 Differences Between BFSI and Developer Domains05:42 Understanding Developer Needs10:04 Feature Management and Testing in Production13:10 Balancing Technical and Business Requirements29:30 Building a Strong Company Culture34:45 Staying Updated with Industry Trends38:17 Career Tips for Aspiring Marketers42:15 Conclusion and Final Thoughtshttps://www.linkedin.com/in/ferrantim/Michael Ferranti is a seasoned enterprise technologist and product strategist with deep experience in the developer tools and cloud-native ecosystems. Across companies like Portworx, Teleport, and now Unleash, Michael has consistently been at the forefront of how modern engineering teams build, release, and secure software at scale.He's led product and marketing teams through high-growth phases, acquisitions, and major category creation efforts—often sitting at the intersection of infrastructure innovation and developer experience. At Portworx, he helped define the Kubernetes-native storage and backup category. At Teleport, he worked on reimagining secure infrastructure access by replacing legacy VPNs and PAM tools with developer-first identity-based access. At Unleash, he's helping redefine how teams manage feature delivery with open-source roots and enterprise-grade scale.Michael speaks the language of engineering leaders because he's worked side-by-side with them for over a decade. His approach to go-to-market is grounded in understanding real user workflows, developer psychology, and the shifting realities of enterprise architectures—from Kubernetes to DevSecOps to open-source adoption models.

Before Siri had sass and Alexa started judging your music taste, the original virtual assistant was quietly revolutionizing the '90s—powered by many patents and a whole lot of foresight. Now, as AI goes from buzzword to boss, we ask, will it transform your job, your home… or just steal your knowledge?  This week, Dave, Esmee and Rob speak with Kevin Surace, Futurist, Inventor & "Father" of the Virtual Assistant, about exploring the evolution of AI, what the future might hold, and how disruptive innovation can shake up your organization in ways you might not expect.   TLDR: 00:40 – Introduction of Kevin Surace 05:12 – Rob gets confused by Google Maps reviews and selfies 08:15 – Deep dive into the evolution of AI with Kevin 52:00 – How intelligent agents can help manage digital noise and support mental well-being 1:07:30 – Wrapping up the book the Joy Success Cycle and heading to a concert  GuestKevin Surace: https://www.linkedin.com/in/ksurace/ HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/ ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/ SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/ 'Cloud Realities' is an original podcast from Capgemini 

Bem-vindos a mais um Kubicast! Neste episódio, recebemos Victor Carvalho para destrinchar o Talos Linux como base enxuta e segura para rodar Kubernetes. Nós comparamos a proposta minimalista do Talos com distros generalistas, e debatemos por que um SO "Kubernetes-first" reduz superfície de ataque e acelera a vida de quem opera clusters no dia a dia.Falamos de segurança no detalhe: kernel hardenizado (KSP), SELinux funcionando de verdade com Kubernetes, criptografia de disco com chaves via TPM/KMS, e o modelo API-driven (sem SSH) que muda a forma como operamos nós. Também discutimos operação e upgrades, incluindo o uso do Talos Factory e de Terraform para padronizar imagens, além de estratégias para controlar endpoints e certificados.Fechamos com experiências reais: comparativos de tempo de provisioning, requisitos mínimos, rede (Flannel vs Cilium), dores comuns (certificados/TLS, IP flutuante) e boas práticas de produção — aquela mistura de técnica com bom humor que só a nossa bancada entrega.Links Importantes:- Victor Cardoso - https://www.linkedin.com/in/victorbmcarvalho/- João Brito - https://www.linkedin.com/in/juniorjbn/- Site oficial do Talos Linux - https://talos.dev- Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflMHashtags#Talos #TalosLinux #Kubernetes #DevOps #DevSecOps #Kubicast #Containers #Getup #K8s #SELinux #KSP #Terraform #Proxmox #Flannel #Cilium #ZeroTrust #Imutabilidade #Homelab #Observabilidade #SBOMO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

SBOMs were supposed to be the ingredient label for software—bringing transparency, faster response, and stronger trust. But reality shows otherwise. Fewer than 1% of GitHub projects have policy-driven SBOMs. Only 15% of developer SBOM questions get answered. And while 86% of EU firms claim supply chain policies, just 47% actually fund them.So why do SBOMs stall as compliance artifacts instead of risk-reduction tools? And what happens when they do work?In this episode of AppSec Contradictions, Sean Martin examines:Why SBOM adoption is laggingThe cost of static SBOMs for developers, AppSec teams, and business leadersReal-world examples where SBOMs deliver measurable valueHow AISBOMs are extending transparency into AI models and dataCatch the full companion article in the Future of Cybersecurity newsletter for deeper analysis and more research.

AI is enabling developers and non-developers (product managers, solutions engineers) to write more lines of code than even before. Businesses are under pressure to ship these AI built products to stay competitive while still meeting regulatory requirements. Can AI solve this problem? In this talk, we will explore the opportunities and pitfalls to use AI agents for DevSecOps. About the speaker: Sanket Naik is the founder and CEO at Palosade, building a purpose-built AI platform enabling enterprises to automate their security program and unleash their business potential. He enjoys giving back to startups through investing and advisory roles. Before Palosade, he was the SVP of engineering for Coupa. In this role, he built the cloud and cybersecurity organization, over 12 years, from the ground up through an initial public offering followed by significant global growth. He has also held engineering roles at HP and Qualys.Sanket holds a BS in electronics engineering from the University of Mumbai and an MS in CS from Purdue University with research at the multi-disciplinary CERIAS cybersecurity center.

SBOMs were supposed to be the ingredient label for software—bringing transparency, faster response, and stronger trust. But reality shows otherwise. Fewer than 1% of GitHub projects have policy-driven SBOMs. Only 15% of developer SBOM questions get answered. And while 86% of EU firms claim supply chain policies, just 47% actually fund them.So why do SBOMs stall as compliance artifacts instead of risk-reduction tools? And what happens when they do work?In this episode of AppSec Contradictions, Sean Martin examines:Why SBOM adoption is laggingThe cost of static SBOMs for developers, AppSec teams, and business leadersReal-world examples where SBOMs deliver measurable valueHow AISBOMs are extending transparency into AI models and dataCatch the full companion article in the Future of Cybersecurity newsletter for deeper analysis and more research.

Can AI really help us build more secure software? What's working in practice right now, and where do the tools still fall short? Mattias and Paulina share their views.  We are always happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners. DevSecOps Talks podcast LinkedIn page DevSecOps Talks podcast website DevSecOps Talks podcast YouTube channel

Software developers combine Artificial Intelligence with IT Operations and have produced a new acronym called AIOps. Today, we explored some of the best practices for making software development more productive with AIOps.   Legacy systems are an excellent application for AIOps, but Kevin Walsh from the GAO notes that it may be more economical to maintain legacy systems in place.   Christopher Clark from the U.S. Marine Corps suggests listening to users through starting AI Task Forces. They can help identify the use cases that would validate the expense of moving to AIOps.   One obvious win might be minimal risk, high-impact activities. Clark mentions preventative maintenance as a potential target. ROI from reducing costs can be apparent. Furthermore, a help desk can pose a negligible risk and have a relatively high impact on servicing needs of Marines.   One likely candidate for applied AIOps is managing the changes in a code set that takes place. BMC's Katie Tierney states that in a typical DevSecOps environment, there could be thousands of changes a day, which exceeds human capability.   The overview is apparent:  ensure appropriate oversight, governance, and transparency measures are in place when deploying agentic AI systems.        

 We're back! In this Season 5 premiere, the team reunites after their summer break to kick off an exciting new chapter. Join us as we catch up, share bold predictions for the year ahead, and explore big questions, like whether 2026 will be the year of the autonomous organization. Expect candid reflections, lively discussion, and a sneak peek at what's coming up this season.  We are very keen this season to establish a feedback loop with listeners, so will be doing shows exploring listener questions and challenges - something we are really looking forward to.  Please get in touch with us, via LinkedIn, Substack or cloudrealities@capgemini.com, if you have questions or challenges for us, we'd love to hear from you!TLDR: 00:20 – We're back! 00:35 – Catching up on what we did during the summer break 10:48 – Planning ahead until Christmas: Microsoft Ignite, AWS re:Invent, an AI mini-series and cool guests 20:27 – Tech talk: iPhone 17, deep democracy training, and the human impact of innovation 32:10 – Will autonomous organizations powered by agents emerge within 12–18 months? 40:45 – Reflections inspired by Jaws, climbing adventures, and Bruce Springsteen  HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/ ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/ SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/ 'Cloud Realities' is an original podcast from Capgemini 

In episode 154 of Cybersecurity Where You Are, Sean Atkinson discusses incident response in DevSecOps, exploring challenges and solutions in modern software development. He emphasizes the importance of integrating security into development processes and speaks about common issues like alert fatigue and software supply chain vulnerabilities. Here are some highlights from our episode:01:32. Common challenges with modern software development03:54. High-speed and continuous deployment07:08. Incident correlation with cloud deployment strategies10:00. Software supply chain vulnerabilities12:45. Alert fatigue and false positives14:30. Testing and automation as enablers of real-time anomaly detection17:40. The responsibility of incident responders to understand what they see18:58. Automated control and a projectized approach to implementing zero trust21:26. Oversight and governance with artificial intelligence and machine learning23:24. Continuous improvement and early detection28:08. Continuous monitoring and logging, automation, and incident response drills30:03. Moving down a path of helping incident responders become culturally awareResourcesCloud Security and the Shared Responsibility ModelCIS Software Supply Chain Security GuideAn Introduction to Artificial IntelligenceDefense-in-Depth: A Necessary Approach to Cloud SecurityEpisode 63: Building Capability and Integration with SBOMsEpisode 44: A Zero Trust Framework Knows No EndLeveraging Generative Artificial Intelligence for Tabletop Exercise DevelopmentIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Dave, Esmee, and Rob are strapping in for another season of bold, brain-bending conversations—and they're bringing the flux capacitor with them from Back to the Future.Season 5 beams in global leaders and innovators who challenge how we think about technology, business, and humanity. From AI disruption to digital sovereignty, from leadership to culture—this season's guests are ready to shake things up.Our first full episode drops on September 25, but before we hit 88 miles per hour, here's a quick trailer to set the timeline straight, or at least bend it a little.HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

Threat modeling is often called the foundation of secure software design—anticipating attackers, uncovering flaws, and embedding resilience before a single line of code is written. But does it really work in practice?In this episode of AppSec Contradictions, Sean Martin explores why threat modeling so often fails to deliver:It's treated as a one-time exercise, not a continuous processResearch shows teams who put risk first discover 2x more high-priority threatsYet fewer than 4 in 10 organizations use systematic threat modeling at scaleDrawing on insights from SANS, Forrester, and Gartner, Sean breaks down the gap between theory and reality—and why evolving our processes, not just our models, is the only path forward.

AI is everywhere in application security today — but instead of fixing the problem of false positives, it often makes the noise worse. In this first episode of AppSec Contradictions, Sean Martin explores why AI in application security is failing to deliver on its promises.False positives dominate AppSec programs, with analysts wasting time on irrelevant alerts, developers struggling with insecure AI-written code, and business leaders watching ROI erode. Industry experts like Forrester and Gartner warn that without strong governance, AI risks amplifying chaos instead of clarifying risk.This episode breaks down:• Why 70% of analyst time is wasted on false positives• How AI-generated code introduces new security risks• What “alert fatigue” means for developers, security teams, and business leaders• Why automating bad processes creates more noise, not less 

Our guest today is Akansha Shukla, an information security professional with over 10 years of experience in application security, DevSecOps, and API security. We're discussing why API security remains one of the least mature areas of AppSec today and exploring the challenges developers face when securing APIs. Akansha shares her insights on incorporating APIs into threat modeling exercises, the ongoing struggles with API discovery and inventory management, and the authorization challenges highlighted in the OWASP API Security Top 10. The conversation also touches on whether "shift left" is truly dead and why we still haven't solved basic security problems like input validation despite having the frameworks to address them.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~