Podcasts about devsecops

  • 615PODCASTS
  • 4,013EPISODES
  • 47mAVG DURATION
  • 5WEEKLY NEW EPISODES
  • Jul 29, 2025LATEST

POPULARITY

20172018201920202021202220232024

Categories



Best podcasts about devsecops

Show all podcasts related to devsecops

Latest podcast episodes about devsecops

ITSPmagazine | Technology. Cybersecurity. Society
Supply Chain Transparency Isn't Just Technical—It's a Business Imperative | A LevelBlue Brand Story with Theresa Lanowitz

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Jul 29, 2025 36:18


As digital infrastructure becomes increasingly interwoven with third-party code, APIs, and AI-generated components, organizations are realizing they can't ignore the origins—or the risks—of their software. Theresa Lanowitz, Chief Evangelist at LevelBlue, joins Sean Martin and Marco Ciappelli to unpack why software supply chain visibility has become a top concern not just for CISOs, but for CEOs as well.Drawing from LevelBlue's Data and AI Accelerator Report, part of their annual Futures Report series, Theresa highlights a striking correlation: 80% of organizations with low software supply chain visibility experienced a breach in the past year, while only 6% with high visibility did. That data underscores the critical role visibility plays in reducing business risk and maintaining operational resilience.More than a technical concern, software supply chain risk is now a boardroom topic. According to the report, CEOs have the highest awareness of this risk—even more than CIOs and CISOs—because of the direct impact on brand reputation, stock value, and partner trust. As Theresa puts it, software has become the “last mile” of digital business, and that makes it everyone's problem.The conversation explores why now is the time to act. Government regulations are increasing, adversarial attacks are intensifying, and organizations are finally beginning to connect software vulnerabilities with business outcomes. Theresa outlines four critical actions: leverage CEO awareness, understand and prioritize vulnerabilities, invest in modern security technologies, and demand transparency from third-party providers.Importantly, cybersecurity culture is emerging as a key differentiator. Companies that embed security KPIs across all business units—and align security with business priorities—are not only more secure, they're also more agile. As software creation moves faster and more modular, the organizations that prioritize visibility and responsibility throughout the supply chain will be best positioned to adapt, grow, and protect their operations.Learn more about LevelBlue: https://itspm.ag/levelblue266f6cNote: This story contains promotional content. Learn more.Guest: Theresa Lanowitz, Chief Evangelist of AT&T Cybersecurity / LevelBlue [@LevelBlueCyber]On LinkedIn | https://www.linkedin.com/in/theresalanowitz/ResourcesTo learn more, download the complete findings of the LevelBlue Threat Trends Report here: https://itspm.ag/levelbyqdpTo download the 2025 LevelBlue Data Accelerator: Software Supply Chain and Cybersecurity report, visit: https://itspm.ag/lbdaf6iLearn more and catch more stories from LevelBlue: https://www.itspmagazine.com/directory/levelblueLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

The Cybertraps Podcast
AI Standards and Cybersecurity Education for Kids with Sam Bourgeois

The Cybertraps Podcast

Play Episode Listen Later Jul 28, 2025 28:09 Transcription Available


In this episode, host Jethro Jones discusses the crucial topic of AI and cybersecurity with Sam Bourgeois, an experienced IT director with a background in private industry and education. The conversation covers the importance of AI standards, the ethical implications of AI use, and the need for cybersecurity awareness among young people. Sam introduces 'Make It Secure Academy,' an innovative platform aimed at educating students about cybersecurity through interactive and engaging methods. The episode emphasizes the critical need to incorporate these lessons into everyday education to protect children in an increasingly digital world.Cybertraps PodcastAI Standards, AI Ethics, and Cybersecurity for kids.Working for a company that has an International footprint How to support someone who wants to bring on tools. Guardrails, not blockade. NISTRegulations around AIIs it worthwhile for kids to learn standards about AI usage. A student should know and recognize there are correct and incorrect ways to use AI. With great power comes great responsibility. MakeITsecure academyOnce data is exposed, they're being watched and tracked all the timeKids will turn 18 with data exposed for years. How to teach kids without it being a gotcha! On a mission to protect every kid, one kid at a time. About Sam BourgeoisSam is the leader of a large managed services provider in the US serving global customers ranging from defense to education. He is the Sr. Dir. of Technology and Cybersecurity and leads the visioning of new products and services, oversees DEVSECOPs teams and serves as the cyber leader of the organization and many clients. He has deep telecommunication, IT, education, and corporate training industry experiences, and is passionate about serving those in need whether it's in Rotary or non-profit board membership. Socials: @makeitsecurellc = insta, Fbhttps://www.linkedin.com/company/102108099Webpresence LLC - https://www.makeitsecurellc.com/home501c3 - https://www.make-it-secure.org/LMS - https://makeitsecure.academy/Intro to the LMS and Courses - https://youtu.be/xEyFXhe6Z3E  We're thrilled to be sponsored by IXL. IXL's comprehensive teaching and learning platform for math, language arts, science, and social studies is accelerating achievement in 95 of the top 100 U.S. school districts. Loved by teachers and backed by independent research from Johns Hopkins University, IXL can help you do the following and more:Simplify and streamline technologySave teachers' timeReliably meet Tier 1 standardsImprove student performance on state assessments

Transformative Principal
AI Standards and Cybersecurity Education for Kids with Sam Bourgeois

Transformative Principal

Play Episode Listen Later Jul 27, 2025 28:54 Transcription Available


In this episode, host Jethro Jones discusses the crucial topic of AI and cybersecurity with Sam Bourgeois, an experienced IT director with a background in private industry and education. The conversation covers the importance of AI standards, the ethical implications of AI use, and the need for cybersecurity awareness among young people. Sam introduces 'Make It Secure Academy,' an innovative platform aimed at educating students about cybersecurity through interactive and engaging methods. The episode emphasizes the critical need to incorporate these lessons into everyday education to protect children in an increasingly digital world.Cybertraps PodcastAI Standards, AI Ethics, and Cybersecurity for kids.Working for a company that has an International footprint How to support someone who wants to bring on tools. Guardrails, not blockade. NISTRegulations around AIIs it worthwhile for kids to learn standards about AI usage. A student should know and recognize there are correct and incorrect ways to use AI. With great power comes great responsibility. MakeITsecure academyOnce data is exposed, they're being watched and tracked all the timeKids will turn 18 with data exposed for years. How to teach kids without it being a gotcha! On a mission to protect every kid, one kid at a time. About Sam BourgeoisSam is the leader of a large managed services provider in the US serving global customers ranging from defense to education. He is the Sr. Dir. of Technology and Cybersecurity and leads the visioning of new products and services, oversees DEVSECOPs teams and serves as the cyber leader of the organization and many clients. He has deep telecommunication, IT, education, and corporate training industry experiences, and is passionate about serving those in need whether it's in Rotary or non-profit board membership. Socials: @makeitsecurellc = insta, Fbhttps://www.linkedin.com/company/102108099Webpresence LLC - https://www.makeitsecurellc.com/home501c3 - https://www.make-it-secure.org/LMS - https://makeitsecure.academy/Intro to the LMS and Courses - https://youtu.be/xEyFXhe6Z3E  Join the Transformative Mastermind Today and work on your school, not just in it. Apply today. We're thrilled to be sponsored by IXL. IXL's comprehensive teaching and learning platform for math, language arts, science, and social studies is accelerating achievement in 95 of the top 100 U.S. school districts. Loved by teachers and backed by independent research from Johns Hopkins University, IXL can help you do the following and more:Simplify and streamline technologySave teachers' timeReliably meet Tier 1 standardsImprove student performance on state assessments

InfosecTrain
Future-Proof DevSecOps with AI: Automation, Security & 2025 Trends

InfosecTrain

Play Episode Listen Later Jul 26, 2025 24:50


What happens when DevSecOps meets artificial intelligence? You're looking at the future of secure, intelligent, and lightning-fast software development.In this episode, we unpack how AI is transforming DevSecOps pipelines—making threat detection smarter, compliance automatic, and security scans faster than ever. Whether you're a developer, security pro, or tech leader, this conversation is packed with insights into the tools and strategies shaping 2025.

InfosecTrain
DevSecOps in 2025: Top Trends, Tools & Future-Proof Strategies

InfosecTrain

Play Episode Listen Later Jul 21, 2025 26:57


Curious about how DevSecOps is transforming in 2025? This episode explores the future of secure development, spotlighting the trends, tools, and innovations that are redefining how teams build and protect software.From AI-powered security automation to the rise of Zero Trust pipelines, we cover the must-know shifts shaping modern DevSecOps. Whether you're a developer, security engineer, or tech leader, this session offers future-ready insights and actionable takeaways to strengthen your DevSecOps strategy.

Cloud Realities
CR106: Changing nature of large scale apps with Timo Elliott SAP

Cloud Realities

Play Episode Listen Later Jul 17, 2025 62:41


The rise of structure software fueled globalization by streamlining operations across borders. Now, Cloud and AI are accelerating this momentum, enabling faster innovation, smarter decision-making, and scalable growth. By modernizing ERP with intelligent technologies, organizations can stay agile, competitive, and ready for the next wave of global transformation.This week, Dave, Esmee and Rob talk to Timo Elliott, Innovation Evangelist at SAP, to explore how SAP is driving globalization—and how organizations can accelerate innovation through the power of Cloud and AI. TLDR00:55 Introduction of Timo Elliott02:40 Rob shares his confusion about misleading online ads08:06 In-depth conversation with Timo46:32 Rethinking control in enterprise systems1:00:00 Brunch at a Paris café or joining an event?GuestTimo Elliott: https://www.linkedin.com/in/timoelliott/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

Getup Kubicast
#176 - IA + DevOps & Machine Learning

Getup Kubicast

Play Episode Listen Later Jul 17, 2025 61:25


Recebemos o Daniel Romeiro — mais conhecido como Infoslack — para mergulhar de cabeça no universo em ebulição de Inteligência Artificial, DevOps e Machine Learning. Neste episódio, exploramos como filtrar o ruído do hype com uma abordagem de filtro reverso e discutimos os bastidores do deploy de modelos de Machine Learning em produção.Trocamos experiências sobre observabilidade avançada em pipelines de IA e compartilhamos insights sobre como acumular habilidades DevOps ao longo da carreira, sem jamais perder o pé no chão. Entre uma piada e outra, analisamos também o impacto dos testes A/B em tempo real e a complexidade de gerenciar artefatos de IA em escala.Por fim, refletimos sobre as perspectivas futuras: qual será o próximo grande passo para SREs que querem continuar relevantes em um cenário dominado por IA generativa? Nós conversamos sobre como arquiteturas mal planejadas podem se tornar gargalos de latência e apresentamos estratégias para garantir alta disponibilidade mesmo quando as APIs externas decidem ficar fora do ar.Links Importantes:- Daniel Romeiro - https://www.linkedin.com/in/infoslack/- João Brito - https://www.linkedin.com/in/juniorjbn- Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflMParticipe de nosso programa de acesso antecipado e tenha um ambiente mais seguro em instantes!https://getup.io/zerocveO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

Cloud Realities
CR0105: How little we still understand about GreenOps with James Hall, Green Pixie

Cloud Realities

Play Episode Listen Later Jul 10, 2025 32:39


GreenOps is a cultural transformation that empowers developers to turn emissions data into meaningful action, bridging the communication gap with ESG teams and exposing the critical truth that cloud cost and carbon cost are not the same, which fundamentally reshapes how we approach sustainable IT.This week, Dave, Esmee and Rob talk to James Hall, Head of GreenOps at Green Pixie, to unpack the real state of GreenOps today—and why we've only just scratched the surface.  TLDR 01:57 Rob is confused about AGI 06:11 Cloud conversation with James Hall 22:10 Esmee as media archeologist, found GreenOps is 50 years old 30:46 Having some drinks in the summer Guest James Hall: https://www.linkedin.com/in/james-f-hall/ Hosts Dave Chapman: https://www.linkedin.com/in/chapmandr/ Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/ Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/Production Marcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/ Dave Chapman: https://www.linkedin.com/in/chapmandr/ Sound Ben Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/ Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

Getup Kubicast
#175 - DevOps VS SRE - com Luriel Santana

Getup Kubicast

Play Episode Listen Later Jul 10, 2025 57:51


No episódio 175 do Kubicast, recebemos o especialista Luriel Santana para um duelo de ideias entre DevOps e Site Reliability Engineering (SRE). Entre cafés e risadas, mergulhamos em discussões sobre cultura organizacional, automação de infraestrutura, métricas de confiabilidade e práticas de campo que vão desde data centers em Angola até pipelines modernos em nuvem.1. O Panorama: DevOps e SRE no MercadoDesde seu surgimento, o movimento DevOps trouxe um sopro de velocidade e integração entre equipes de desenvolvimento e operações. Já o SRE, idealizado pelo Google, elevou o patamar ao introduzir métricas claras (SLIs, SLOs e SLAs) e processos de gestão de erros. Nesta batalha, não há um “vencedor único”: DevOps acelera a entrega; SRE garante que ela aconteça sem interrupções.2. Lições de Campo em AngolaLuriel compartilhou conosco suas aventuras em data centers físicos, rodando Linux e configurando roteadores Cisco numa das regiões mais desafiadoras do continente africano. A mensagem foi clara: sem automação mínima, manter servidores operando em condições extremas vira gargalo. Foi ali que aprendemos a importância de Infrastructure as Code e do versionamento de configurações.3. Cultura vs FerramentalFrequentemente, equipes se apaixonam por ferramentas e esquecem a cultura. Discutimos como pipelines de CI/CD, contêineres e orquestração Kubernetes só fazem sentido quando há um mindset de colaboração e responsabilidade compartilhada. Do contrário, viram apenas mais uma “caixinha de truques” sem resultados consistentes.4. Métricas de Confiabilidade: SLOs e SLIs na PráticaA gente explorou exemplos de SLOs para aplicações críticas e viu que definir limites aceitáveis de erro é tanto arte quanto ciência. Falamos dos trade‑offs entre velocidade e estabilidade, e de como o roteamento de incidentes pode se apoiar em dashboards bem configurados — sem esquecer dos alertas que evitam alert fatigue.5. Pandemia e Adoção AceleradaA crise global empurrou muitas empresas para a nuvem e para práticas de automação. Discutimos como o trabalho remoto reforçou a necessidade de automação e infraestrutura resiliente, e refletimos sobre cases de pipelines que nasceram em questão de dias para suportar picos inesperados.Conclusão e Próximos PassosSaímos deste episódio com uma certeza: DevOps e SRE não são antagonistas, mas sim parceiros na jornada de entregar software com velocidade e confiabilidade. Se você está começando, comece definindo seus SLIs. Para os veteranos, a dica é revisitar processos e investir em cultura.Links e Recomendações:Conecte-se com Luriel Santana no LinkedIn: https://www.linkedin.com/in/lurielsantana/João Brito - https://www.linkedin.com/in/juniorjbnAssista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflMSaiba mais sobre o DevOps Days Feira de Santana: https://www.devopsdays.org/events/2025-feira-de-santana/Confira o Canal Pro Evolua: https://www.youtube.com/c/ProEvoluaDescubra o Projeto Zero CVE (Getup): https://getup.io/zerocveParticipe de nosso programa de acesso antecipado e tenha um ambiente mais seguro em instantes! https://getup.io/zerocve

Security Cleared Jobs: Who's Hiring & How
Semper Valens Solutions: Valuing Every Candidate

Security Cleared Jobs: Who's Hiring & How

Play Episode Listen Later Jul 9, 2025 20:51 Transcription Available


Semper Valens Solutions designs DevSecOps infrastructure for DISA, develops cyber weapons systems for the Air Force, supports the Army's deployment of force protection platforms and C2 systems, plus does non-cleared work for DHA, VA, and the FBI. Company COO Nick Brown shares the importance of treating candidates well in the hiring process, doing more than just applying for the position, and how the company deals with the challenges of return to office. 4:20 Most positions are Secret to TS/SCI. Locations include San Antonio, Aberdeen, MD, Fort Belvoir, and Fort Huachuca, among others.5:47 Semper Valens means always strong.9:02 How the company works to build company cohesion and culture.Find complete show notes at: https://clearedjobs.net/semper-valens-solutions-valuing-every-candidate-podcast/_ This show is brought to you by ClearedJobs.Net. Have feedback or questions for us? Email us at rriggins@clearedjobs.net. Sign up for our cleared job seeker newsletter. Create a cleared job seeker profile on ClearedJobs.Net. Engage with us on LinkedIn, Facebook, Instagram, X, or YouTube. _

TestGuild Performance Testing and Site Reliability Podcast
AI, IoT, and the Future of DevSecOps with Hariharan Ragothaman

TestGuild Performance Testing and Site Reliability Podcast

Play Episode Listen Later Jul 9, 2025 28:28


In this episode of the DevOps Toolchain podcast, we dive deep into the evolving intersection of AI, IoT, and embedded systems with special guest Hariharan Ragothaman who's a seasoned technologist and DevSecOps expert. Try out Insight Hub free for 14 days now: https://testguild.me/insighthub Hariharan shares how he went from programming in BASIC as a kid to leading cutting-edge AI server validation today. We explore the mindset shifts needed when moving from embedded systems to cloud-native architectures, and why having a security-first approach isn't just optional anymore — it's essential. We also discuss: ✅ The growing role of AI in embedded systems and IoT — and what that means for testers and engineers. ✅ Practical strategies for building a security mindset (even if you don't think of yourself as a “security person”). ✅ Favorite tools and techniques for shifting security left, including real-world examples and open-source tips. ✅ The balance between technical depth and leadership skills in an AI-powered future. ✅ Hariharan's personal approach to staying ahead of the curve, from continuous learning habits to favorite books and tools. Whether you're deep in DevSecOps, testing embedded devices, or just curious about where AI and IoT are taking us next, this episode is packed with actionable advice and fresh perspectives to help you stay ahead.

Tech Disruptors
Snyk CEO Talks About Security for Coding Tools

Tech Disruptors

Play Episode Listen Later Jul 8, 2025 42:09


The current phase of software development is probably the most insecure era ever — there's so much more application and code that's vulnerable, according to Snyk CEO Peter McKay. “It was a struggle for security teams to keep up with the pace of software development prior to generative AI, and now with generative and copilot and Windsurf and all the tools that are out there, you know, they're moving even faster and security is struggling to keep up.” McKay joins Bloomberg Intelligence's head of technology research, Mandeep Singh, to discuss the application of large-language models for securing the use of tools, including Cursor and Github copilots. He also talks about the addressable market for DevSecOps (the development, security and operations approach), potential automation driven by AI and Snyk's acquisitions for both talent and product features as the attack surface expands in cybersecurity.

Cloud Realities
CR104 Quantumania part 2 with Catherine Vollgraff Heidweiller and James Goeders, Google Quantum AI

Cloud Realities

Play Episode Listen Later Jul 3, 2025 63:09


Quantum computing in 2025 is rapidly advancing toward commercialization, with breakthroughs in algorithms, scalable hardware, and cloud-based quantum services driving real-world applications across finance, healthcare, logistics, and cybersecurityThis week, Dave, Esmee, and Rob dive into the cutting edge of quantum computing with Catherine Vollgraff Heidweiller, Quantum AI PM at Google, and James Goeders, Head of Product for Google Quantum AI, exploring how far we've come since our June 2023 Quantumania! episode and what to expect from Willow—the bold fusion of quantum, AI, digital integration, deployment, and the broader tech ecosystem.TLDR00:46 Meet Catherine and James – intros and backgrounds02:22 Rob is confused about students using AI09:40 Deep dive with Catherine and James on the current state and future of Quantum48:01 Quantum isn't just tech—it's a whole new way of thinking1:01:37 Seize the moment and bringing external users onto quantum hardwareGuestCatherine Vollgraff Heidweiller: https://www.linkedin.com/in/cmv-vollgraffheidweiller/James Goeders: https://www.linkedin.com/in/james-goeders-8876a7164/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

Getup Kubicast
#174 - ObservIAbilidade com Luccas Quadros

Getup Kubicast

Play Episode Listen Later Jul 3, 2025 49:49


No episódio 174 do Kubicast, nós convidamos Lucas Quadros, desenvolvedor de software no time de IAI e Machine Learning da Grafana, para mergulharmos no universo da observabilidade. Em uma conversa técnica e bem-humorada, exploramos como logs e processamento de linguagem natural (NLP) se cruzam para transformar dados brutos em insights acionáveis e sobre a evolução de algoritmos de detecção de anomalias em séries temporais.Avançamos na discussão sobre IA generativa aplicada ao monitoramento: desde a criação de dashboards dinâmicos até a configuração inteligente de alertas e SLOs. Falamos ainda sobre a arquitetura de agentes de observabilidade capazes de navegar em enormes quantidades de métricas, traces e logs, ajudando a acelerar investigações de incidentes.Para fechar, debatemos aspectos de segurança e as trocas de conhecimento por meio de protocolos MCP que conectam LLMs aos nossos repositórios, dashboards e runbooks. Comentamos casos de uso, desafios de privacidade de dados e perspectivas para o futuro da automação em observabilidade.Links Importantes:- Luccas Quadros - Não tem rede social!!!- AIOps no KCD RJ - https://youtu.be/WTWmOybEOK4?si=QujwWRx8QxpOY43g- João Brito - https://www.linkedin.com/in/juniorjbn- Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflMParticipe de nosso programa de acesso antecipado e tenha um ambiente mais seguro em instantes!https://getup.io/zerocveO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

DevOps and Docker Talk
AI Agents Running Containers

DevOps and Docker Talk

Play Episode Listen Later Jul 1, 2025 55:14


The Daytona founders - Ivan Burazin and Vedran Jukic - discuss their pivot to an AI agent cloud. We dig into the new infrastructure requirements of developing agents that need their own sandboxes to operate in.A year ago, we had them on to talk about Daytona giving us remote development environments for humans, and they have now pivoted the company to focusing on providing cloud hosting environments for AI agents to operate.I suspect this is something we're all gonna eventually need to tackle as we work to automate more of our software engineering. So we spend time breaking down the concepts and the real world needs of humans developing agents, and then the needs of AI that require places to run their own tools in code.Check out the video podcast version here https://youtu.be/l8LBqDUwtV8Creators & Guests Cristi Cotovan - Editor Bret Fisher - Host Beth Fisher - Producer Ivan Burazin - Guest Vedran Jukic - Guest You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com (00:00) - Intro (06:08) - Daytona's Sandbox Technology (12:57) - Practical Applications and Use Cases (14:29) - Security and Isolation in AI Agents (17:59) - Start Up Times for Sandboxing and Kubernetes (22:51) - Daytona vs Lambda (31:06) - Rogue Models and Isolation (34:54) - Humanless Operations and the Future of DevOps (47:17) - SDK vs MCP (50:15) - Human in the Loop (51:13) - Daytona: Open Source vs Product Offering

Resilient Cyber
Resilient Cyber w/ AJ Yawn - Transforming Compliance Through GRC Engineering

Resilient Cyber

Play Episode Listen Later Jun 30, 2025 35:53


In this episode, we sat down with AJ Yawn, Author of the upcoming book GRC Engineering for AWS and Director of GRC Engineering at Aquia, to discuss how GRC engineering can transform compliance.We discussed the current pain points and challenges in Governance, Risk, and Compliance (GRC), how GRC has failed to keep up with software development and the threat landscape, and how to leverage cloud-native services, AI, and automation to bring GRC into the digital era.We dove into:What the phrase “GRC Engineering” means and how it differs from traditional Governance, Risk and ComplianceWhat some of the major issues are with traditional compliance in the age of DevSecOps, Cloud, API's, Automation and now AISpecific examples of GRC Engineering, including the use of automation, API's and cloud-native services to streamline security control implementation, assessment and reportingThe promise and potential of AI in GRC, and how AJ is using various models for control assessments, artifact creation and more, and how GRC practitioners should be leveraging AI as a force multiplierAJ's new book “GRC Engineering For AWS: A Hands-On Guide to Governance, Risk and Compliance Engineering”

More Perspective Podcast
Episode 1: The Evolution of API Security, Shift Left Security and DevSecOps Integration

More Perspective Podcast

Play Episode Listen Later Jun 30, 2025 16:54


ePlus Security + F5 API Security Podcast Series where ePlus' David Tumlin and F5's Chuck Herrin share why visibility is the foundation of modern security—and how together, ePlus & F5 are helping organizations manage the real challenges of API security in today's hybrid, multi-cloud world.

Motley Fool Money
GitLab CFO on Remote Culture Success, AI Integration

Motley Fool Money

Play Episode Listen Later Jun 28, 2025 58:41


Brian Robbins is the CFO of GitLab, a DevSecOps platform that supports software innovation. He joins Motley Fool CEO, Tom Gardner, plus Chief Investment Officer Andy Cross and AI Engineer Karl Juhl for a conversation about: - How GitLab scaled for remote culture - How technology and AI have shifted over the years - GitLab's plan to handle the evolving cloud and DevOps landscape. Companies mentioned: GTLB Hosts: Tom Gardner, Andy Cross, Karl Juhl Guest: Brian Robbins Engineer: Bart Shannon Advertisements are sponsored content and provided for informational purposes only. The Motley Fool and its affiliates (collectively, "TMF") do not endorse, recommend, or verify the accuracy or completeness of the statements made within advertisements. TMF is not involved in the offer, sale, or solicitation of any securities advertised herein and makes no representations regarding the suitability, or risks associated with any investment opportunity presented. Investors should conduct their own due diligence and consult with legal, tax, and financial advisors before making any investment decisions. TMF assumes no responsibility for any losses or damages arising from this advertisement. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cloud Realities
CRSP06 Bonus Telecom special: Big Frontiers of the Telecoms Industry, Vivek Badrinath, GSMA

Cloud Realities

Play Episode Listen Later Jun 26, 2025 49:41


The telecom industry is undergoing a fundamental transformation. This shift is creating new business opportunities and services but also brings significant challenges in transformation and modernization. In this special bonus episode, building on our Reimagining Telecoms mini-series, we dive into the current opportunities shaping today's dynamic telco landscape.This week, Dave, Esmee and Rob talk to Vivek Badrinath,  Director General of the GSMA about the current opportunities shaping today's dynamic telco landscape and the role of GSMA. TLDR01:38 Introduction to Vivek and the bonus episode03:48 In-depth conversation with Vivek Badrinath42:13 Can empathy become a strategic KPI in telecom?47:20 Event in Uzbekistan and doubling down on the digital ecosystem GuestVivek Badrinath: https://www.linkedin.com/in/vivekbadrinath/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/with Praveen Shankar: https://www.linkedin.com/in/praveen-shankar-capgemini/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

Getup Kubicast
#173 - Sistemas Distribuídos na Selva - TrilhaInfo

Getup Kubicast

Play Episode Listen Later Jun 26, 2025 55:56


Neste episódio selvagem do Kubicast, nos embrenhamos na mata fechada dos sistemas distribuídos ao lado de Flávio Mendes, criador do Trilhainfo. De uma floresta irlandesa direto para sua timeline, o Flávio trouxe um papo afiado sobre arquitetura de sistemas, desafios reais e boas práticas para não cair nas armadilhas do overengineering.Conversamos sobre como evoluir de um monolito para microsserviços sem perder o fôlego, quais as pegadinhas comuns ao lidar com sistemas distribuídos em produção, e como manter a sanidade num ambiente crítico com SLAs apertados. Tudo com bom humor, exemplos práticos e aquele clima descontraído que você já conhece.Se você trabalha com arquitetura, cloud, engenharia ou está pensando em escalar seu sistema, esse papo é para você.Links Importantes:- Flávio Mendes- TrilhaInfo - João Brito- Assista ao FilmeTEArapiaParticipe de nosso programa de acesso antecipado e tenha um ambiente mais seguro em instantes!https://getup.io/zerocveO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

Go To Market Grit
GitLab's CEO on Why the Next Great Developer Might Not Write Code | Bill Staples

Go To Market Grit

Play Episode Listen Later Jun 23, 2025 65:16


Bill Staples has spent 30 years redefining how the world writes, ships, and secures code.On this week's Grit, the GitLab CEO shares what it takes to lead a public, all-remote DevSecOps company trusted by more than half of the Fortune 100. He breaks down the discipline of managing energy instead of hours, why weekly operating cadences beat quarterly plans, and how AI will 10× software engineers by auto-debugging code and closing security gaps.Guest: Bill Staples, CEO of GitLabChapters:00:00 Trailer00:42 Introduction02:34 True joy in life08:16 Winning teams13:53 When the energy isn't there18:00 Super ambitious21:01 It's not just technology29:27 Elevating quality and standard41:36 Lifelong collaborator51:22 Competent intelligence54:22 Structuring goals and time1:03:59 Who GitLab is hiring1:04:17 What “grit” means to Bill1:04:54 OutroLinks:Connect with BillLinkedInConnect with JoubinXLinkedInEmail: grit@kleinerperkins.comLearn more about Kleiner Perkins

Govcon Giants Podcast
2.5 YEARS Just to Win ONE Government Contract? The Ugly Truth They Won't Tell You!

Govcon Giants Podcast

Play Episode Listen Later Jun 23, 2025 7:13


Welcome to a new episode of The Daily Windup! Today, I had the pleasure of speaking with Yolanda Clark, CEO of Powder River Industries, a small business that has successfully navigated the world of defense contracts and specialized in DevSecOps and infrastructure as code services. Yolanda shared her journey of bringing stability to her business by establishing headquarters in Wyoming while her spouse serves in the military. In our conversation, Yolanda explained the intricacies of DevSecOps, clarifying that it involves coding within secure environments, ensuring software compliance with cyber requirements from day one. We also discussed the differences between FedRAMP and their services, with Yolanda highlighting how they provide support at a specific point within the lifecycle for their defense customers. Listen now to learn more!

Identity At The Center
#356 - Mr. NHI, Lalit Choda, on Securing the Exploding World of NHI

Identity At The Center

Play Episode Listen Later Jun 23, 2025 64:31


Join Jim McDonald and Jeff Steadman on the Identity at the Center podcast as they welcome Lalit Choda, founder and CEO of the Non-Human Identity Management Group. Lalit, also known as "Mr. NHI," shares his journey from investment banking to becoming a leading expert in non-human identities. This episode delves into the critical and often overlooked world of NHI, exploring why it's such a hot topic now, the challenges practitioners face in managing these identities, and how to approach the problem from a risk-based perspective. Lalit discusses the limitations of traditional PAM and IGA tools for NHI, the importance of foundational controls, and the alarming implications of AI on non-human identity management. Plus, hear a fun segment about vinyl records and some surprising finds!Chapter Timestamps:00:00:00 - Introduction to Lalit Choda and the NHI Community00:02:31 - Welcome to the Identity at the Center Podcast & IdentiVerse Discussion00:06:18 - Lalit Choda's Identity Origin Story: From Mr. SOX to Mr. NHI00:12:03 - Why Non-Human Identities Are a Big Deal Right Now00:15:37 - Defining NHI and the Practitioner's Framework00:19:13 - The Scale and Challenges of NHI Management00:23:01 - New Types of NHI and Tooling Limitations00:27:12 - The Lack of a Single Source of Truth for NHI00:33:57 - Prioritizing NHI Management and the Role of PAM00:38:58 - A Risk-Based Approach to NHI and Foundational Controls00:48:15 - What Scares Lalit Most About NHI (and AI)00:50:54 - Lalit's Impressive Vinyl Collection00:56:38 - Jim and Jeff's First, Best, and Favorite Albums01:01:15 - The Intersection of Music and Non-Human Identities01:02:00 - Wrapping Up & Where to Find More InformationConnect with Lalit: https://www.linkedin.com/in/lalit-choda-5b924120/Non-Human Identity Management Group: https://www.nhimg.org/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at http://idacpodcast.comKeywords:Lalit Choda, Non-Human Identity, NHI, Machine Identity, Workload Identity, Identity Management, Cybersecurity, PAM, IGA, Privilege Access Management, Identity Governance and Administration, Secrets Management, Cloud Security, AI, Artificial Intelligence, DevSecOps, Risk-Based Approach, Identity Security, Service Accounts, Identity at the Center, IDAC, Jeff Steadman, Jim McDonald, IdentiVerse, Vinyl Collection, Podcast, Mr. NHI#idac #nonhumanidentity #machineidentity #cybersecurity #identityaccessmanagement #IAM #infosec #digitalidentity #workloadsecurity #devsecops #cloudsecurity #privilegedaccessmanagement #identitygovernance #zerotrust #nhi #mrnhi

Cloud Realities
CR103: Cloud on the rocks [AAA]: Transformation into a product-driven enterprise

Cloud Realities

Play Episode Listen Later Jun 19, 2025 62:03


[AAA] In 'Access All Areas' shows we go behind the scenes with the crew and their friends as they dive into complex challenges that organizations face—sometimes getting a little messy along the way.This week, we address the ‘big rocks' that can obstruct or delay successful outcomes in organizational transformations. Dave, Esmee, and Rob are joined by Jasmin Booth, Head of Product Delivery to discuss the transformation to being a (digital) product based organization.TLDR05:22 Access All Areas: This third episode focuses on the products we build that drive outcomes.06:52 Conversation with Jasmin about our digital products37:06 What makes it better to be in a product centric organization? 54:00 Conclusion of the seven Big Rocks and how to smash them59:00 Going on the Blue Bell railway HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/with Jasmin Booth: https://www.linkedin.com/in/jasminbooth15/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

The CyberWire
Scam operations disrupted across Asia.

The CyberWire

Play Episode Listen Later Jun 12, 2025 34:04


Interpol's Operation Secure dismantles a major cybercrime network, and Singapore takes down scam centers. GitLab patches multiple vulnerabilities in its DevSecOps platform. Researchers unveil a covert method for exfiltrating data using smartwatches. EchoLeak allows for data exfiltration from Microsoft Copilot. Journalists are confirmed targets of Paragon's Graphite spyware. France calls for comments on tracking pixels. Fog ransomware operators deploy an unusual mix of tools. Skeleton Spider targets recruiters by posing as job seekers on LinkedIn and Indeed. Erie Insurance suffers ongoing outages following a cyberattack. Our N2K Lead Analyst Ethan Cook shares insights on Trump's antitrust policies. DNS neglect leads to AI subdomain exploits. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we share a selection from today's Caveat podcast where Dave Bittner and Ben Yelin are joined by N2K's Lead Analyst, Ethan Cook, to take a Policy Deep Dive into “The art of the breakup: Trump's antitrust surge.” You can listen to the full episode here and find new episodes of Caveat in your favorite podcast app each Thursday.   Selected Reading Interpol takes down 20,000 malicious IPs and domains (Cybernews) Singapore leads multinational operation to shutter scam centers tied to $225 million in thefts (The Record) GitLab patches high severity account takeover, missing auth issues (Bleeping Computer) SmartAttack uses smartwatches to steal data from air-gapped systems (Bleeping Computer) Critical vulnerability in Microsoft 365 Copilot AI called EchoLeak enabled data exfiltration (Beyond Machines) Researchers confirm two journalists were hacked with Paragon spyware (TechCrunch) Tracking pixels: CNIL launches public consultation on its draft recommendation (CNIL) Fog ransomware attack uses unusual mix of legitimate and open-source tools (Bleeping Computer) FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters (The Record) Erie Insurance confirms cyberattack behind business disruptions (Bleeping Computer) Why Was Nvidia Hosting Blogs About 'Brazilian Facesitting Fart Games'? (404 Media)  Secure your public DNS presence from subdomain takeovers and dangling DNS exploits (Silent Push) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cloud Realities
CR102: Tattoos, Tech, and Teams, what ink means in the age of AI with Jitske Kramer, Corporate Anthropologist

Cloud Realities

Play Episode Listen Later Jun 12, 2025 56:30


Every organization is built on people, structures, and culture. But culture isn't static—it evolves with every interaction, ambition, and shift in circumstance. As IT drives business transformation, new technologies reshape how people connect and collaborate. In this ever-changing landscape, a strong, adaptive culture is the key to lasting success. This week, Dave, Esmee and Rob talk to Jitske Kramer, Corporate Anthropologist about what technology is doing to cultures and human systems and how AI can mess with the narrative. TLDR00:50  Introduction of Jitske Kramer and her book Navigating Tricky Times02:05  Rob shares his confusion about saying “thank you” to AI07:25  In-depth conversation with Jitske Kramer11:30  Visual communication via tattoos even at AWS re:Invent25:00 Corporate framing and what's going on within organizations today46:22  Exploring the contrast between the natural pace of human transformation and the rapid acceleration of technology54:14  Editing the documentary Patterns of Life55:56  Esmee's 2x Outro speed surprises everyone!Guest:Jitske Kramer: https://www.linkedin.com/in/jitskekramer/https://jitskekramer.substack.com/Tricky Times event: https://tricky-times.com/events/navigating-tricky-times-leading-through-the-messy-middle-of-change/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/ SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/ 'Cloud Realities' is an original podcast from Capgemini

Getup Kubicast
#172 - AppSec no iFood com André e Matheus

Getup Kubicast

Play Episode Listen Later Jun 12, 2025 59:33


Segurança em aplicações não é coisa de outro mundo. Neste episódio do Kubicast, recebemos André Esteves e Matheus Farias, duas feras do iFood que vivem o dia a dia da Application Security (AppSec) na veia! Com muito bom humor e bastante casca de produção, eles compartilham a rotina, os desafios e os aprendizados de quem realmente coloca a mão na massa para proteger sistemas em larga escala.A conversa vai de OWASP Top 10 à política de travamento de PRs, passando por burp suite, cultura dev, roles de segurança, hardening de imagens base com zero CVEs e o papel crucial dos soft skills para quem quer entrar na área. Se você acha que segurança é só sobre hacker de hoodie e terminal verde piscando, esse papo vai te mostrar a real!Links Importantes:- Andre Esteves - https://www.linkedin.com/in/andreestevespaiva/- Matheus Farias - https://www.linkedin.com/in/eu-matheus-farias-devsecops/- João Brito - https://www.linkedin.com/in/juniorjbn- Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflMParticipe de nosso programa de acesso antecipado e tenha um ambiente mais seguro em instantes!https://getup.io/zerocveO Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

GovCast
AWS Summit 2025: Innovation Accelerates IT Delivery at DOD

GovCast

Play Episode Listen Later Jun 11, 2025 11:56


Technology and software development can take years to field capabilities that may no longer meet mission needs once they reach the finish line. Some department compliance practices can add 12-18 months for authorization. At the AWS Summit in Washington, D.C., Marine Corps Community Services Digital Program Manager David Raley said that his office is accelerating the development and approval processes for mission capability. Raley highlighted solutions like AWS GovCloud and a certified DevSecOps platform that help reduce authorization times from a year to 15 minutes. Raley also talked about the ways DOD is advancing zero trust implementation and security in cloud-native environments.

Relating to DevSecOps
Episode 079: CISOver It: When Dashboards Replace Direction

Relating to DevSecOps

Play Episode Listen Later Jun 10, 2025 37:00


Send us a textIn this episode of Relating to DevSecOps, Ken and Mike discuss the challenges faced by CISOs in today's security landscape, particularly the struggle to balance immediate security needs with long-term preventative strategies. They explore the disconnect between security leadership and practitioners, the urgency of addressing security issues, and the importance of understanding the root causes of vulnerabilities. The conversation emphasizes the need for CISOs to engage more deeply with their teams and to focus on effective, context-driven security solutions rather than simply reacting to the latest threats.

S7aba Podcast
S4E17 - DevSecOps

S7aba Podcast

Play Episode Listen Later Jun 9, 2025 19:39


DevSecOps: الأمان ماشي اختيار، راه ضرورة، خاصة في الخدمات العمومية اللي كتخدم الملايين ديال المغاربة.

DevOps and Docker Talk
Heroku + MCP = The Fastest Way to Run AI Agents in the Cloud

DevOps and Docker Talk

Play Episode Listen Later Jun 6, 2025 41:23


Julián Duque from Heroku joins me to explain and demo their new AI platform.Check out the video podcast version here https://youtu.be/BGqlLZHdRDsCreators & Guests Cristi Cotovan - Editor Bret Fisher - Host Beth Fisher - Producer Julián Duque - Guest You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com (00:00) - Introduction (05:12) - Deep Dive into Heroku's AI Capabilities (14:23) - Heroku MCP server (28:27) - Describing MCP Tool Interactions (30:48) - DevOps Automation with Heroku MCP server (37:02) - Heroku AI and Future Prospects

AWS - Conversations with Leaders
Building a Better Security Team: Emotional Intelligence in DevSecOps

AWS - Conversations with Leaders

Play Episode Listen Later Jun 5, 2025 22:10


Discover how emotional intelligence is revolutionizing cybersecurity leadership in this episode of AWS Executive Insights, featuring Hart Rossman, VP of Global Services Security. Beyond technical expertise, security leaders must cultivate empathy, emotional regulation, and interpersonal skills within their workforce in order to avoid burnout, reduce human errors, and realize greater productivity. Learn how AWS is transforming traditional DevSecOps team management by integrating emotional intelligence training with incident response capabilities, leading to faster resolution times and more resilient security operations. Rossman also discusses how empathy and psychological safety are becoming critical differentiators in building high-performance security teams. This conversation is essential for any leaders looking to elevate their teams' effectiveness through enhanced emotional intelligence and cultural transformation. Watch now to uncover the critical connection between EQ and security excellence.

Cloud Realities
CRSP05: Reimagining telecom industry pt.5 - Growth with Nik Willetts, TM Forum

Cloud Realities

Play Episode Listen Later Jun 5, 2025 38:43


The telecom industry is undergoing a fundamental transformation. This shift is creating new business opportunities and services but also brings significant challenges in transformation and modernization. In a new five-part mini-series, Reimagining Telecoms, we will explore these challenges through five distinct lenses: Growth, Networks, Simplification, Data & AI, and Regulation, uncovering lessons and insights relevant to telecom organizations and beyond. This week, in the final episode of the mini-series, Dave, Esmee, and Rob talk to Nik Willetts, CEO of TM Forum, to discuss growth—the telco industry's biggest challenge—and how it intersects with Hyperscalers, innovation, and shaping the industry's future. TLDR01:05 Introduction of Nik and an update on the mini-series03:41 Main conversation with Nik Willetts29:10 Navigating the balance between collaboration and competition34:57 Looking ahead to DTW Ignite, the Dolomites, and Brunello wine, served by sommelier Rob GuestNik Willetts: https://www.linkedin.com/in/nikwilletts/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/with Praveen Shankar: https://www.linkedin.com/in/praveen-shankar-capgemini/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

Packet Pushers - Full Podcast Feed
D2DO274: Firefly's State of IaC Report for 2025, aka ClickOps Is a Disgrace (Sponsored)

Packet Pushers - Full Podcast Feed

Play Episode Listen Later Jun 4, 2025 39:23


Firefly is a cloud infrastructure automation platform that helps cloud teams, DevOps, SRE, platform engineering, DevSecOps, and other groups manage their entire cloud as code. Firefly helps to manage cloud complexity and produce consistent and efficient cloud platforms with code. To help Firefly better understand their customers and industry trends around Infrastructure as Code (IaC),... Read more »

Packet Pushers - Fat Pipe
D2DO274: Firefly's State of IaC Report for 2025, aka ClickOps Is a Disgrace (Sponsored)

Packet Pushers - Fat Pipe

Play Episode Listen Later Jun 4, 2025 39:23


Firefly is a cloud infrastructure automation platform that helps cloud teams, DevOps, SRE, platform engineering, DevSecOps, and other groups manage their entire cloud as code. Firefly helps to manage cloud complexity and produce consistent and efficient cloud platforms with code. To help Firefly better understand their customers and industry trends around Infrastructure as Code (IaC),... Read more »

DevOps and Docker Talk
Is AI ready for DevOps?

DevOps and Docker Talk

Play Episode Listen Later Jun 4, 2025 27:10


Launching our new Podcast: https://agenticdevops.fmBret and Nirmal are at KubeCon London and record their ideas about how AI Agents will change DevOps, platform engineering, SRE, automation, troubleshooting, and more.Creators & Guests Cristi Cotovan - Editor Bret Fisher - Host Beth Fisher - Producer Nirmal Mehta - Host You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Software Engineering Institute (SEI) Podcast Series
Making Process Respectable Again: Advancing DevSecOps in the DoD Mission Space

Software Engineering Institute (SEI) Podcast Series

Play Episode Listen Later Jun 4, 2025 44:26


Warfighters in the Department of Defense (DoD) operate in high-stakes environments where security, efficiency, and speed are critical. In such environments DevSecOps has become crucial in the drive toward modernization and overall mission success. A recent study led by researchers at the Carnegie Mellon University Software Engineering Institute (SEI) examined the state of DevSecOps within the Department of Defense. In this podcast, Eileen Wrubel, the SEI's Transforming Software Acquisition Policy and Practice technical director, sits down with George Lamb, director for DoD Cloud and Software Modernization in the Information Enterprise Office of the DoD CIO, which is responsible for the DoD Software Modernization Strategy and its associated implementation plan, and Bill Nichols, lead of the SEI's Software Engineering Measurement and Analysis work. They discuss DevSecOps successes in the DoD and opportunities for scaling its impact.

Day 2 Cloud
D2DO274: Firefly's State of IaC Report for 2025, aka ClickOps Is a Disgrace (Sponsored)

Day 2 Cloud

Play Episode Listen Later Jun 4, 2025 39:23


Firefly is a cloud infrastructure automation platform that helps cloud teams, DevOps, SRE, platform engineering, DevSecOps, and other groups manage their entire cloud as code. Firefly helps to manage cloud complexity and produce consistent and efficient cloud platforms with code. To help Firefly better understand their customers and industry trends around Infrastructure as Code (IaC),... Read more »

ITSPmagazine | Technology. Cybersecurity. Society
Turning AppSec into a Workflow, Not a Roadblock – Building Security Programs That Teams Actually Want to Use | An OWASP AppSec Global 2025 Conversation with Spyros Gasteratos | On Location Coverage with Sean Martin and Marco Ciappelli

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later May 29, 2025 17:28


During the upcoming OWASP Global AppSec EU in Barcelona, Spyros Gasteratos, long-time OWASP contributor and co-founder of Smithy, to explore how automation, collaboration, and community resources are shaping the future of application security. Spyros shares the foundation of his talk at OWASP AppSec Global: building a DevSecOps program from scratch using existing community tools—blending technical guidance with a celebration of open-source achievements.Spyros emphasizes that true progress in security stems not from an ever-growing stack of tools, but from aligning the humans behind them. According to him, security failures often stem from fragmented information and misaligned incentives across teams. His solution? Bring the teams together with a shared, streamlined flow of information and automate wherever possible to reduce wasted cycles and miscommunication.At the core of Spyros' philosophy is the need to turn AppSec from a blocker into a builder. Rather than overwhelming developers with endless bug reports, or security leaders with red dashboards, programs need to reflect the actual risk appetite of the business—prioritizing issues dynamically based on impact, timing, and operational goals. He challenges the one-size-fits-all approach, advocating instead for tagging systems that defer certain risks and encode organizational priorities in automation logic.A major part of that transformation lies in Smithy, the platform he's helping build. It's designed to be “Zapier for security”—an automation engine rooted in open-source standards that allows for custom workflows without creating a tangle of fragile scripts. The idea is to let teams focus on what's unique to them, while relying on battle-tested components for the rest.Looking ahead, Spyros doesn't buy into the doom-and-gloom narrative about AI limiting developer creativity. On the contrary, he argues that AI-enabled coding frees up cognitive space for better architecture and secure design thinking. In his view, creativity doesn't die—it just shifts from syntax to strategy.This episode is more than a discussion—it's a blueprint for how teams can rally around a common goal, and how OWASP's community can be the catalyst. Tune in to hear how open-source, automation, and human alignment are redefining AppSec from the ground up.GUEST: Spyros Gasteratos | OpenCRE co-lead and Founder of smithy.security | https://www.linkedin.com/in/spyr/HOST: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.comSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESSpyros' Session: A completely pluggable DevSecOps programme, for free, using community resources (https://owasp2025globalappseceu.sched.com/event/1whCB/a-completely-pluggable-devsecops-programme-for-free-using-community-resources)Learn more and catch more stories from OWASP Global AppSec EU 2025 Conference coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Cloud Realities
CR101: The legacy of three centuries of innovation with Sandeep Seeripat, CIO at Twinings

Cloud Realities

Play Episode Listen Later May 29, 2025 56:40


Traditional businesses are transforming to enhance consumer engagement and operational efficiency by integrating advanced technologies, helping them stay competitive in the digital age; how can technology best support this transformation?This week, Dave, Esmee and Rob talk to Sandeep Seeripat, CIO at Twinings about how the 300-year-old tea company is undergoing a business transformation. They explore strategies to enhance consumer engagement and operational efficiency, and how Twinings is repositioning itself in the digital world.TLDR00:40 Introduction of Sandeep Seeripat04:03 Rob is confused about by the AI's overly sycophantic behavior07:20 Conversation with Sandeep about three Centuries of Innovation at Twinings43:18 What if brands created with the sensitivity of an artist?53:25 Capture that perfect picture in South AfricaGuestSandeep Seeripat: https://www.linkedin.com/in/sandeepseeripat/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

Software Engineering Institute (SEI) Podcast Series

Deploying cloud-centric technologies such as Kubernetes in edge environments poses challenges, especially for mission-critical defense systems. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Patrick Earl, Doug Reynolds, and Jeffrey Hamed, all DevOps engineers in the SEI's Software Solutions Division, sit down with senior reesearcher Jose Morales to discuss a recent case study involving the deployment of a hypervisor onto edge devices in a resource-constrained environment.

DevOps and Docker Talk
What you missed at KubeCon

DevOps and Docker Talk

Play Episode Listen Later May 24, 2025 39:21


At KubeCon EU 2025 in London, Nirmal and I discussed the important (and not-so-important) things you might have missed. There's also a video version of this show on YouTube.Creators & Guests Cristi Cotovan - Editor Beth Fisher - Producer Bret Fisher - Host Nirmal Mehta - Host (00:00) - DDT Audio Podcast Edited (00:04) - Intro (01:24) - KubeCon 2025 EU Overview (03:24) - Platform Engineering and AI Trends (07:03) - AI and Machine Learning in Kubernetes (15:38) - Project Pavilions at KubeCon (17:05) - FinOps and Cost Optimization (20:39) - HAProxy and AI Gateways (24:00) - Proxy Intelligence and Network Layer Optimization (26:52) - Developer Experience and Organizational Challenges (29:23) - Platform Engineering and Cognitive Load (35:54) - End of Life for CNCF Projects You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Cloud Realities
CR100: Intelligence age ethics (in 2025) with James Wilson and Philip Harker [AAA]

Cloud Realities

Play Episode Listen Later May 22, 2025 71:13


[AAA] In 'Access All Areas' shows we go behind the scenes with the crew and their friends as they dive into complex challenges that organisations face—sometimes getting a little messy along the way. This week, in what may or may not be our 100th episode, Dave, Esmee and Rob talk to James Wilson, AI Ethicist and Lead Gen AI Architect and Philip Harker, Advisory Lead, Insights and Data at Capgemini UK, about exploring the deep importance of ethics as we move forward into the intelligence age.  TLDR00:42 Is this really our 100th episode or not?04:38 What is a team AAA episode and welcoming James and Philip06:12 Rob sets the stage, why AI Ethics matters09:42 In-depth chat with James and Philip59:11 Exploring AI and quantum as innovation boosters1:06:00 A quiet weekend and Safe AI for KidsGuestsJames Wilson: https://www.linkedin.com/in/james-wilson-1938a1/Philip Harker: https://www.linkedin.com/in/philip-harker-243300/HostsDave Chapman: https://www.linkedin.com/in/chapmandr/Esmee van de Giessen: https://www.linkedin.com/in/esmeevandegiessen/Rob Kernahan: https://www.linkedin.com/in/rob-kernahan/ProductionMarcel van der Burg: https://www.linkedin.com/in/marcel-vd-burg/Dave Chapman: https://www.linkedin.com/in/chapmandr/SoundBen Corbett: https://www.linkedin.com/in/ben-corbett-3b6a11135/Louis Corbett:  https://www.linkedin.com/in/louis-corbett-087250264/'Cloud Realities' is an original podcast from Capgemini

Absolute AppSec
Episode 286 - Kayra Otaner - Authenticating Open Source Developers

Absolute AppSec

Play Episode Listen Later May 20, 2025


We are happy to have Kayra Otaner as a special guest on the Absolute AppSec podcast. Kayra (kayraotaner on LinkedIn and X/twitter), the current Director of DevSecOps at Roche, brings over 15 years of cybersecurity leadership experience from New York and Wall Street. He's led DevSecOps and DevOps teams across a variety of organizations, including ADP, Voice, and adMarketplace, and has served as a trusted CTO advisor for Trendyol. His background also includes cybersecurity consulting for the Turkish Navy, where he helped develop a defense solution that was later deployed in NATO's Locked Shields cyber defense war games in Tallinn. Kayra is a frequent speaker at international DevSecOps conferences and serves on the Business and Computer Science Advisory Board at Middlesex County College in New Jersey. During this episode of the podcast Kayra discusses his journey into information security and spurs on his recent thoughts on authenticating open source developers through models similar to TSA PreCheck.

T-Minus Space Daily
GRC and DevSecOps are non-negotiable for space startups.

T-Minus Space Daily

Play Episode Listen Later May 17, 2025 24:47


GRC (Governance, Risk, and Compliance) and DevSecOps (Development, Security, and Operations) are complementary frameworks that aim to ensure secure and compliant software development. Our guest today is Brandon Karpf, friend of the show, founder of T-Minus Space Daily, and cybersecurity expert. Brandon explains  why integrated GRC and DevSecOps are non-negotiables for space startups.  Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. T-Minus Crew Survey We want to hear from you! Please complete our 4 question survey. It'll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

ITSPmagazine | Technology. Cybersecurity. Society
Building, Breaking, Defending: Inside a Global AppSec Movement | OWASP AppSec Global 2025 Pre-Event Conversation with Avi Douglen | On Location Coverage with Sean Martin and Marco Ciappelli

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later May 15, 2025 22:32


At OWASP AppSec Global in Barcelona, the focus is clear: building secure software with and for the community. But it's not just about code or compliance. As Avi Douglen, OWASP Foundation board member, describes it, this gathering is a “hot tub” experience in contrast to the overwhelming scale of mega conferences. It's warm, immersive, and welcoming—designed for people who want to contribute, connect, and create.OWASP is more than just another security organization. It's a community-driven foundation that enables builders, breakers, defenders, and leaders to come together in pursuit of secure product development. This year's conference reflects that same inclusive energy. Whether you're a software engineer, architect, DevOps professional, security champion, or product manager, the sessions and networking spaces are built to meet you where you are—and help you grow.Beyond the BuzzwordsUnsurprisingly, AI will have a strong presence this year. But the conversations aren't limited to hype. Two flagship OWASP projects now focus on AI and LLMs—one on securing applications that use AI, the other on building secure AI systems themselves. Talks will unpack familiar problems in new contexts, like prompt injection mirroring the dynamics of older injection vulnerabilities. In other words: the technology shifts, but the core principles remain relevant.Diverse Tracks, Real ConversationsAttendees can engage across five curated tracks: builders, breakers, defenders, managers & culture, and project showcases. Topics range from threat modeling and DevSecOps to scaling security programs and fostering team culture. A dedicated training program, including hands-on sessions in secure coding and security champions, ensures practical takeaways—not just theory.Plus, the event embraces connection. A newcomer orientation, Women in AppSec gathering, hallway chats, evening socials, and even speed mentoring sessions all contribute to a vibrant, accessible experience where everyone—from seasoned leaders to curious newcomers—can find their place.A Truly Global CommunityWith participants flying in from all corners of the world, OWASP AppSec Global lives up to its name. The conversations, relationships, and tools that emerge from this event ripple far beyond Barcelona. If you build, secure, or manage software, this is one conference where showing up matters—not just for what you'll learn, but for who you'll meet.__________________________________Guest: Avi Douglen | Global Board of Directors at OWASP Foundation & Founder and CEO at Bounce Securityhttps://www.linkedin.com/in/avidouglen/Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine:  https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsManicode Security: https://itspm.ag/manicode-security-7q8i____________________________ResourcesLearn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spain____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Cloud Security Podcast by Google
EP224 Protecting the Learning Machines: From AI Agents to Provenance in MLSecOps

Cloud Security Podcast by Google

Play Episode Listen Later May 12, 2025 30:40


Guest: Diana Kelley, CSO at Protect AI  Topics: Can you explain the concept of "MLSecOps" as an analogy with DevSecOps, with 'Dev' replaced by 'ML'? This has nothing to do with SecOps, right? What are the most critical steps a CISO should prioritize when implementing MLSecOps within their organization? What gets better  when you do it? How do we adapt traditional security testing, like vulnerability scanning, SAST, and DAST, to effectively assess the security of machine learning models? Can we? In the context of AI supply chain security, what is the essential role of third-party assessments, particularly regarding data provenance? How can organizations balance the need for security logging in AI systems with the imperative to protect privacy and sensitive data? Do we need to decouple security from safety or privacy? What are the primary security risks associated with overprivileged AI agents, and how can organizations mitigate these risks?  Top differences between LLM/chatbot AI security vs AI agent security?  Resources: “Airline held liable for its chatbot giving passenger bad advice - what this means for travellers” “ChatGPT Spit Out Sensitive Data When Told to Repeat ‘Poem' Forever” Secure by Design for AI by Protect AI “Securing AI Supply Chain: Like Software, Only Not” OWASP Top 10 for Large Language Model Applications OWASP Top 10 for AI Agents  (draft) MITRE ATLAS “Demystifying AI Security: New Paper on Real-World SAIF Applications” (and paper) LinkedIn Course: Security Risks in AI and ML: Categorizing Attacks and Failure Modes