Podcasts about herget

In tonight's episode, we'll introduce Brian—an OG BSB fan with roots in Colorado, Montana, and Nevada. He'll share his story of becoming a fan, his favorite Rockies moments, and his top players, from Dante Bichette to Carlos González. Then, we dive deep into the latest Rockies news: Player Insights: We break down the Herget signing and the 2024 draft picks, predicting who might make the fastest MLB impact, plus a look at our 2025 starting rotation and bullpen. Roster Moves: We discuss potential trades, including whether Cal or Austin could be on the move, and reflect on the return of Senzatela and Márquez from the IL. Tune in for Rockies banter, insider analysis, and plenty of hot takes! Don't forget to subscribe and follow to stay updated with all things Rockies. Support us by Supporting our Sponsors Buy us a taco? https://buymeacoffee.com/roadtoblakest Daly Controls, LLC - www.dalycontrolsllc.com Grant Hankins - https://x.com/GHankins25 Need a new glove? Use the link to get 10% off any new glove from The J.L.Glove Company. When you use the link below, you get the discount and we receive cash. WE ALL WIN! The J.L. Glove Link: https://jlgloveco.com/?rave=CGT2B37GN2FCODF7 --- Support this podcast: https://podcasters.spotify.com/pod/show/blake-street-banter/support

Auch im Oktober gibt es einiges zu berichten! Unsere Kollegin Alexandra Herget hat ermutigende News im Gepäck. Denn kürzlich hat der Bundestag sich mit einer deutlichen Mehrheit für die Einführung des Lieferkettensorgfaltsgesetzes gestimmt. Ein tolles Zeichen für die Unternehmen, die sich bereits heute für Nachhaltigkeit einsetzen. Ebenso, wie die aktuelle Auszeichnung für Nachhaltigkeitsmanager:innen, die im Oktober in Hamburg an 21 engagierte Personen verliehen wurde. Doch leider vergeht auch kein Monat, in denen es nicht doch Nachrichten gibt, die wir lieber nicht verkünden möchten. Hört selbst rein, in die aktuelle Folge unseres Corporate Sustainability Briefings.

Unser Corporate Sustainability Briefing für September ist nichts für schwache Nerven. Denn dieses Mal reihen sich Nachrichten aneinander, die eigentlich eher etwas für unsere Kategorie “Fail des Monats” wären. Wir hoffen sehr, dass es bei der ein oder anderen Ankündigung noch eine Kehrtwende geben kann. Doch hört mehr in unserem Gespräch mit Alexandra Herget. Und, versprochen, es gibt auch gute Nachrichten aus dem Nachhaltigkeitsuniversum.

Sounds reliever Kevin Herget joins Jeff Hem on the pregame show to discuss his season, how he stays ready for a call-up to the Brewers, how he approaches the uncertainty of a coming offseason as a veteran pitcher, and his first few months of fatherhood.

Trotz Sommerpause hat unsere Kollegin Alexandra Herget wieder einen bunten Blumenstrauß an Nachrichten mitgebracht. Unser Corporate Sustainability Briefing für August startet mit einem informativen Tipp für alle Nachhaltigkeitsverantwortlichen, die gerade mit der CSRD beschäftigt sind. Die Europäische Kommission hat 90 FAQs beantwortet und - zugegeben - es ist kein leichter Stoff, aber sehr lehrreich. Und auch die EFRAG liefert uns ein paar schöne Insights, wo es schon rund läuft in der Nachhaltigkeitsberichtserstattung und wo noch Ausbaupotenzial zu finden ist. Der Fail des Monats liefert dieses Mal die Ampelregierung, während wir beim YAY des Monats das Gendersternchen, studienbelegt, feiern können.

In this episode of the Arkansas Inc. Podcast, Gearhead Outfitters owner Ted Herget discusses entrepreneurship, outdoor recreation, and doing business in Arkansas.

Tune in to hear about the evolution of Gearhead Outfitters and how the power couple, Amanda and Ted Herget, have grown their brand.

Ein Monat ist vergangen und in der Nachhaltigkeit gibt es wieder einige Neuigkeiten. In unserem neuen Format CEO2-neutral Corporate Sustainability Briefing gibt unsere Kollegin Alexandra Herget von PHAT CONSULTING einen Überblick über die wichtigsten Themen und was diese für euch als Unternehmen bedeuten. Diesen Monat mit dem Nachhaltigkeitsbericht von Google, der EU-Entwaldungsverordnung und neuen Temperaturrekorden. Im Fail und Yay des Monats schaffen wir es, Taylor Swift und den Papst unterzubringen. Na, wenn das kein Teaser ist …

Wir starten mit einem neuen monatlichen News-Format: dem CEO2-neutral Corporate Sustainability Briefing (CSB). Hier möchten wir euch die relevantesten News aus dem Nachhaltigkeitsuniversum mitbringen, die für euch als Unternehmen relevant sind. Aufbereitet von unseren Kolleg:innen von PHATSustainability, der Nachhaltigkeitsberatung von PHAT und kommentiert von Alexandra Herget. Wir freuen uns auf euer Feedback und eure Meinung zu den aktuellen Themen des Monats. Heute mit der CSDDD, der österreichischen Umweltministerin Leonore Gewessler und Bundeswirtschaftsminister Robert Habeck und Susann Schubert von uvex.

Welcome to our second guest takeover episode! If you don't already know, I am out on maternity leave, and one of the things I set up for my leave is guest takeover episodes. These episodes will be sprinkled in over the next few months and feature some of my favorite experts in the online space. Janice Cook, today's guest takeover host, and returning guest, is here to share why the podcast schedules we spend so much time creating sometimes break down, leaving us feeling a little scattered and often leading to inconsistencies over time. Better yet, Janice shares how to overcome or avoid these potholes so that you can stay on track with your podcast schedule and keep showing up for your audience.And if you need support with your podcast systems and want templates for things like guest booking, production checklists, and more, definitely come join us over in the Podcasting for Educators Prep School.⭐️ Resources Mentioned:Follow me on Instagram @podcastingforeducators

Sounds reliever Kevin Herget sits down with Jeff Hem on the pregame show to discuss his great to start to the season, the evolution of his great changeup, and his amazing baseball journey that's gone from 39th-round pick out of a D-III university to reaching the big leagues three years in a row across three different organizations.

Ben Criddle talks BYU sports every weekday from 3 to 7 pm.Today's Co-Hosts: Ben Criddle (@criddlebenjamin)Subscribe to the Cougar Sports with Ben Criddle podcast:Apple Podcastshttps://itunes.apple.com/us/podcast/cougar-sports-with-ben-criddle/id99676

Glücksspiele – das hat nichts mit „Mensch ärgere dich nicht“ oder „Memory“ zu tun, das lernt Alina, als ihre Mutter ihren Papa eines Tages vor die Tür setzt. So schockiert Alina zunächst ist, begreift sie doch, dass das nötig war. Zumindest, als ihr endlich jemand erklärt, was eigentlich los ist. Das Hörbuch, mit kindlich überzeugender Stimme von Edith Stehfest gelesen, erklärt das Thema Glücksspielsucht einfach und doch ohne zu beschönigen. Ein überzeugendes Plädoyer dafür, Kindern Probleme nicht zu verheimlichen.

In this edition of The Way Out I'm beyond honored to bring you my interview with President of Operations of South Metro Community Services and person in long-term recovery, Ashlee Herget. South Metro Community Services, is a 501 (C3) Nonprofit Recovery Community Organization. They strive to connect individuals with substance use disorder to vital resources tailored to each persons unique needs, and they fight to empower autonomy and decrease stigma. Ashlee shares a bit about her journey to and through recovery this point, and if you you'd like to hear her entire story, I highly encourage you to check out episode 184 for Co-host Jason's outstanding interview with Ashlee, both of whom I am a complete and unabashed fan. What makes up the lion's share of what turned out to be a truly stellar discussion is illuminating what a Recovery Community Organization or RCO is, how they fit into the Recovery services landscape, what specific services South Metro Community Services provides the Recovery community, and perhaps most importantly why it all matters. At their core, RCO's fill a crucial gap in the recovery services landscape, specifically addressing the needs of individuals with substance use disorder that are not addressed by the treatment industry. Often this happens before treatment, such as to help get folks into treatment or after folks leave treatment but RCO's provide services at any point in a persons recovery journey. To invoke Ashlee's analogy that she uses to explain what an RCO is, South Metro Community Services serves as a vital bridge for those with substance use disorder with services like Peer Recovery Coaching, Tattoo Removal, and a clothing boutique, all at no cost along with community services like Naloxone training. Whether you find yourself in place where you could benefit from services like these or you in a position where you can support the tremendous work South Metro Community Services, you won't want to miss a minute of the phenomenal Recovery rap session with the one and only Ashlee Herget that's about to unfold before your very ears so listen up. Connect with South Metro Community Services: Phone: 952-955-9399 https://smcsmn.org/ Facebook: https://www.facebook.com/profile.php?id=100077939390428 Instagram: smcs.recovery Titok: smcs.recovery Song that symbolizes the work Ashlee does with SMCS: What it do by E-Dubble - https://youtu.be/MlfzZHeHBUI Best piece of Recovery Advice: Believe in yourself, dream bigger! Don't forget to check out “The Way Out Playlist” available only on Spotify. Curated by all our wonderful guests on the podcast! https://open.spotify.com/playlist/6HNQyyjlFBrDbOUADgw1Sz (c) 2015 - 2023 The Way Out Podcast | All Rights Reserved Theme Music: “all clear” (https://ketsa.uk/browse-music/) by Ketsa (https://ketsa.uk) licensed under CC BY-NC-ND 4.0 (https://creativecommons.org/licenses/by-nc-nd) --- Send in a voice message: https://podcasters.spotify.com/pod/show/the-way-out-podcast/message

Bevor man sich versieht, ist es geschehen: Die Finger des Maschinenbedieners geraten zwischen die Walzen eines Walzwerks. Jetzt heißt es für die Umstehenden, schnell zu handeln und Notfallmaßnahmen einzuleiten, um die Folgen für das Unfallopfer möglichst gering zu halten. Doch in vielen Unternehmen sind die Mitarbeiter unzureichend auf solche Unfälle vorbereitet, weiß Arno H. Herget vom Maschinenbauunternehmen Deguma, das sich auf Maschinen für die Gummi und Kunststoff verarbeitende Industrie spezialisiert hat – einer der Gründe war, warum Deguma entsprechende Sicherheitstrainings anbietet. Welche Herausforderungen Walzwerke an die Maschinensicherheit stellen, wie sie sich sicher machen lassen und was im Notfall zu tun ist, sagt Arno H. Herget in diesem Podcast Maschinensicherheit des Fachmagazins konstruktionspraxis im Gespräch mit konstruktionspraxis-Redakteur Jan Vollmuth.

Jan Herget, CEO of Czech Tourism, now newly renamed Visit Czechia, talks with James Shillinglaw of Insider Travel Report at the annual trade event for Czech tour operators and suppliers in Brno last month. Herget details why the Czech Republic changed its name for tourism marketing, how the country's tourism infrastructure is improving, and why visitors should now venture far beyond Prague to such places as Brno and Moravia to explore Czechia's tourism riches. For more information, visit www.visitczechia.com. If interested, the original video of this podcast can be found on the Insider Travel Report Youtube channel or by searching for the podcast's title on Youtube.

Blíží se hlavní turistická sezona, kdy Češi opět vyrazí nejen k moři ale taky po České republice. Zatímco turisté ze zahraničí volí spíše lepší hotely, tuzemští návštěvníci jako první vykoupí chalupy a kempy. Mluvil o tom v dnešním Press klubu na Frekvenci 1 šéf státní agentury CzechTourism Jan Herget. Helena Šulcová se ho ptala taky na to, kolik si za letošní dovolenou připlatíme. Poslechněte si celý pořad.

Turistům se při povídání o Česku nejvíce vybaví metropole Praha nebo známí fotbalisté Pavel Nedvěd, Milan Baroš nebo Petr Čech. Ředitel agentury CzechTourism Jan Herget v dopoledním vysílání Rádia ZET dodává, že cizinci si hlavní město velmi pochvalují. To, co zahraniční návštěvníci na České republice obdivují ale také záleží na tom, odkud jsou. „Němci milují pivo, Korejci červené střechy a Rusové obdivovali české lázně,“ popisuje Herget. V rozhovoru také mluvil o tom, jak se cestovní ruch vrací k životu po pandemii covidu. Loňský rok byl podle něj poměrně pozitivní, chyběli ale turisté, kteří v Česku utrácejí nejvíc peněz. 

Im Podcast c't uplink sprechen wir zuerst über ein Titelthema der c't 7/2023: günstige Smartphones und Featurephones. Wir haben Android-Smartphones von 150 bis 220 Euro getestet und Telefone unter 100 Euro -- die so genannten Featurephones. Die c't-Redakteure Robin Brand und Steffen Herget erklären, welche Erwartungen die Telefone erfüllen und wofür doch etwas mehr Geld notwendig ist. Im zweiten Teil berichten wir über Smartphone-Neuheiten für 2023: rollbare Displays, Satelliten-Smartphones und neue High-End-Handys. Die Kollegen Robin Brand, Daniel Herbig und Steffen Herget haben die Fachmesse Mobile World Congress (MWC) in Barcelona besucht und berichten von ihren Entdeckungen. Zum Smartphone-Test traten fünf Android-Geräte zwischen 150 und 220 Euro an. Sie punkten mit langen Laufzeiten, einige zudem mit gutem Display und einer langen Versorgung mit Sicherheitsupdates. Wo die Geräte an ihre Grenzen kommen, und welche Aufgaben sie gut erledigen, erläutern wir im Podcast. Zudem haben wir sechs Featurephones getestet. Sparen auf jeden Fall Geld, doch wie bedient man sie und was können sie? Einige laufen unter KaiOS, einem Mobilbetriebssystem, für das es sogar nachinstallierbare Apps gibt. Wir diskutieren, ob solche Geräte beispielsweise für Senioren geeignet sind, für Kinder, oder als Zweitgerät. Auf dem MWC haben die Kollegen ein Smartphone mit rollbarem Display von Lenovo begutachtet. Wir erklären, was da genau rollt und ob das Roll-Phone eine sinnvolle Alternative zu den bisherigen Falt-Smartphones darstellen könnte. Handyhersteller Bullit Group und Chiphersteller Mediatek haben einen kleinen Satellten-Empfänger gezeigt, mit dem per Bluetooth jedes Handy per Satellit Kontakt aufnehmen kann. Eine zweite neue Handy-Satellitenanbindung zeigte Qualcomm in einem neuen Snapdragon-SoC. Wir erklären die Unterschiede der Konzepte und vergleichen mit Apples Satellitenanbindung des iPhone 14 -- und geben einen Ausblick auf 5G-Satellitenkommunikation. Das neue High-End-Smartphone Xiaomi 13 will mit besonders guter Kamera in Zusammenarbeit mit Leica punkten. c't hatten vorab mit den Entwicklern geredet und auch den Haupt-Konkurrent Samsung Galaxy S23 im Fotolabor, sodass wir eine erste Einschätzung wagen können. Und schließlich haben die Kollegen auf dem MWC ein reparierbares Smartphone von Nokia gesehen -- und Foldables vermisst. In unserem YouTube-Kanal finden Sie diese Folge zweigeteilt, die Featurephones/Billigsmartphones (Folge 47.4b) seit Samstag Morgen, die MWC-News (Folge 47.4a) seit Donnerstag. ***SPONSOR-HINWEIS*** CyberArk (NASDAQ: CYBR) ist das weltweit führende Unternehmen im Bereich Identity Security. Mit dem Privileged Access Management als Kernkomponente bietet CyberArk eine umfassende Sicherheit für jede – menschliche oder nicht-menschliche – Identität über Business-Applikationen, verteilte Arbeitsumgebungen, Hybrid-Cloud-Workloads und DevOps-Lifecycles hinweg. www.cyberark.de ***SPONSOR-HINWEIS ENDE***

Im Podcast c't uplink sprechen wir zuerst über ein Titelthema der c't 7/2023: günstige Smartphones und Featurephones. Wir haben Android-Smartphones von 150 bis 220 Euro getestet und Telefone unter 100 Euro -- die so genannten Featurephones. Die c't-Redakteure Robin Brand und Steffen Herget erklären, welche Erwartungen die Telefone erfüllen und wofür doch etwas mehr Geld notwendig ist. Im zweiten Teil berichten wir über Smartphone-Neuheiten für 2023: rollbare Displays, Satelliten-Smartphones und neue High-End-Handys. Die Kollegen Robin Brand, Daniel Herbig und Steffen Herget haben die Fachmesse Mobile World Congress (MWC) in Barcelona besucht und berichten von ihren Entdeckungen. Zum Smartphone-Test traten fünf Android-Geräte zwischen 150 und 220 Euro an. Sie punkten mit langen Laufzeiten, einige zudem mit gutem Display und einer langen Versorgung mit Sicherheitsupdates. Wo die Geräte an ihre Grenzen kommen, und welche Aufgaben sie gut erledigen, erläutern wir im Podcast. Zudem haben wir sechs Featurephones getestet. Sparen auf jeden Fall Geld, doch wie bedient man sie und was können sie? Einige laufen unter KaiOS, einem Mobilbetriebssystem, für das es sogar nachinstallierbare Apps gibt. Wir diskutieren, ob solche Geräte beispielsweise für Senioren geeignet sind, für Kinder, oder als Zweitgerät. Auf dem MWC haben die Kollegen ein Smartphone mit rollbarem Display von Lenovo begutachtet. Wir erklären, was da genau rollt und ob das Roll-Phone eine sinnvolle Alternative zu den bisherigen Falt-Smartphones darstellen könnte. Handyhersteller Bullit Group und Chiphersteller Mediatek haben einen kleinen Satellten-Empfänger gezeigt, mit dem per Bluetooth jedes Handy per Satellit Kontakt aufnehmen kann. Eine zweite neue Handy-Satellitenanbindung zeigte Qualcomm in einem neuen Snapdragon-SoC. Wir erklären die Unterschiede der Konzepte und vergleichen mit Apples Satellitenanbindung des iPhone 14 -- und geben einen Ausblick auf 5G-Satellitenkommunikation. Das neue High-End-Smartphone Xiaomi 13 will mit besonders guter Kamera in Zusammenarbeit mit Leica punkten. c't hatten vorab mit den Entwicklern geredet und auch den Haupt-Konkurrent Samsung Galaxy S23 im Fotolabor, sodass wir eine erste Einschätzung wagen können. Und schließlich haben die Kollegen auf dem MWC ein reparierbares Smartphone von Nokia gesehen -- und Foldables vermisst. In unserem YouTube-Kanal finden Sie diese Folge zweigeteilt, die Featurephones/Billigsmartphones (Folge 47.4b) seit Samstag Morgen, die MWC-News (Folge 47.4a) seit Donnerstag. ***SPONSOR-HINWEIS*** CyberArk (NASDAQ: CYBR) ist das weltweit führende Unternehmen im Bereich Identity Security. Mit dem Privileged Access Management als Kernkomponente bietet CyberArk eine umfassende Sicherheit für jede – menschliche oder nicht-menschliche – Identität über Business-Applikationen, verteilte Arbeitsumgebungen, Hybrid-Cloud-Workloads und DevOps-Lifecycles hinweg. www.cyberark.de ***SPONSOR-HINWEIS ENDE***

Jahrelange Erfahrung im Hotel- und Gastgewerbe war die Inspiration: 2018 entschloss sich Alexandra Herget zusammen mit ihrer Mitgründerin Franziska Almrath die Branche auf einen nachhaltigen Weg zu bringen. Dabei stellten sie und Franziska fest, dass es nicht etwa an nachhaltigen Angeboten für die Hotel- und Gastro-Branche mangelte, sondern an Sichtbarkeit - die Plattform TUTAKA war die Lösung. Von ihrer Gründungsgeschichte, ihrer Nachhaltigkeitsberatung und dem Status Quo berichtet Alexandra Herget im FEMALE in RETAIL Podcast mit Verena Lindner. Denn neben ihrem Marktplatz bauten die Gründerinnen auch eine Nachhaltigkeitsberatung auf: die TUTAKA Agency ist in PHAT CONSULTING integriert und ein voller Erfolg. Zugunsten dieser haben Alexandra Herget und Franziska Almrath den Handel inzwischen sogar vollständig eingestellt. In der Folge mit Alexandra Herget und Verena Lindner lernst Du:

About ClintonClinton Herget is Field CTO at Snyk, the leader is Developer Security. He focuses on helping Snyk's strategic customers on their journey to DevSecOps maturity. A seasoned technnologist, Cliton spent his 20-year career prior to Snyk as a web software developer, DevOps consultant, cloud solutions architect, and engineering director. Cluinton is passionate about empowering software engineering to do their best work in the chaotic cloud-native world, and is a frequent conference speaker, developer advocate, and technical thought leader.Links Referenced: Snyk: https://snyk.io/ duckbillgroup.com: https://duckbillgroup.com TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is brought to us in part by our friends at Pinecone. They believe that all anyone really wants is to be understood, and that includes your users. AI models combined with the Pinecone vector database let your applications understand and act on what your users want… without making them spell it out.Make your search application find results by meaning instead of just keywords, your personalization system make picks based on relevance instead of just tags, and your security applications match threats by resemblance instead of just regular expressions. Pinecone provides the cloud infrastructure that makes this easy, fast, and scalable. Thanks to my friends at Pinecone for sponsoring this episode. Visit Pinecone.io to understand more.Corey: This episode is bought to you in part by our friends at Veeam. Do you care about backups? Of course you don't. Nobody cares about backups. Stop lying to yourselves! You care about restores, usually right after you didn't care enough about backups.  If you're tired of the vulnerabilities, costs and slow recoveries when using snapshots to restore your data, assuming you even have them at all living in AWS-land, there is an alternative for you. Check out Veeam, thats V-E-E-A-M for secure, zero-fuss AWS backup that won't leave you high and dry when it's time to restore. Stop taking chances with your data. Talk to Veeam. My thanks to them for sponsoring this ridiculous podcast.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. One of the fun things about establishing traditions is that the first time you do it, you don't really know that that's what's happening. Almost exactly a year ago, I sat down for a previous promoted guest episode much like this one, With Clinton Herget at Snyk—or Synic; however you want to pronounce that. He is apparently a scarecrow of some sorts because when last we spoke, he was a principal solutions engineer, but like any good scarecrow, he was outstanding in his field, and now, as a result, is a Field CTO. Clinton, Thanks for coming back, and let me start by congratulating you on the promotion. Or consoling you depending upon how good or bad it is.Clinton: You know, Corey, a little bit of column A, a little bit of column B. But very glad to be here again, and frankly, I think it's because you insist on mispronouncing Snyk as Synic, and so you get me again.Corey: Yeah, you could add a couple of new letters to it and just call the company [Synack 00:01:27]. Now, it's a hard pivot to a networking company. So, there's always options.Clinton: I acknowledge what you did there, Corey.Corey: I like that quite a bit. I wasn't sure you'd get it.Clinton: I'm a nerd going way, way back, so we'll have to go pretty deep in the stack for you to stump me on some of this stuff.Corey: As we did with the, “I wasn't sure you'd get it.” See that one sailed right past you. And I win. Chalk another one up for me and the networking pun wars. Great, we'll loop back for that later.Clinton: I don't even know where I am right now.Corey: [laugh]. So, let's go back to a question that one would think that I'd already established a year ago, but I have the attention span of basically a goldfish, let's not kid ourselves. So, as I'm visiting the Snyk website, I find that it says different words than it did a year ago, which is generally a sign that is positive; when nothing's been updated including the copyright date, things are going really well or really badly. One wonders. But no, now you're talking about Snyk Cloud, you're talking about several other offerings as well, and my understanding of what it is you folks do no longer appears to be completely accurate. So, let me be direct. What the hell do you folks do over there?Clinton: It's a really great question. Glad you asked me on a year later to answer it. I would say at a very high level, what we do hasn't changed. However, I think the industry has certainly come a long way in the past couple years and our job is to adapt to that Snyk—again, pronounced like a pair of sneakers are sneaking around—it's a developer security platform. So, we focus on enabling the people who build applications—which as of today, means modern applications built in the cloud—to have better visibility, and ultimately a better chance of mitigating the risk that goes into those applications when it matters most, which is actually in their workflow.Now, you're exactly right. Things have certainly expanded in that remit because the job of a software engineer is very different, I think this year than it even was last year, and that's continually evolving over time. As a developer now, I'm doing a lot more than I was doing a few years ago. And one of the things I'm doing is building infrastructure in the cloud, I'm writing YAML files, I'm writing CloudFormation templates to deploy things out to AWS. And what happens in the cloud has a lot to do with the risk to my organization associated with those applications that I'm building.So, I'd love to talk a little bit more about why we decided to make that move, but I don't think that represents a watering down of what we're trying to do at Snyk. I think it recognizes that developer security vision fundamentally can't exist without some understanding of what's happening in the cloud.Corey: One of the things that always scares me is—and sets the spidey sense tingling—is when I see a company who has a product, and I'm familiar—ish—with what they do. And then they take their product name and slap the word cloud at the end, which is almost always codes to, “Okay, so we took the thing that we sold in boxes in data centers, and now we're making a shitty hosted version available because it turns out you rubes will absolutely pay a subscription for it.” Yeah, I don't get the sense that at all is what you're doing. In fact, I don't believe that you're offering a hosted managed service at the moment, are you?Clinton: No, the cloud part, that fundamentally refers to a new product, an offering that looks at the security or potentially the risks being introduced into cloud infrastructure, by now the engineers who were doing it who are writing infrastructure as code. We previously had an infrastructure-as-code security product, and that served alongside our static analysis tool which is Snyk Code, our open-source tool, our container scanner, recognizing that the kinds of vulnerabilities you can potentially introduce in writing cloud infrastructure are not only bad to the organization on their own—I mean, nobody wants to create an S3 bucket that's wide open to the world—but also, those misconfigurations can increase the blast radius of other kinds of vulnerabilities in the stack. So, I think what it does is it recognizes that, as you and I think your listeners well know, Corey, there's no such thing as the cloud, right? The cloud is just a bunch of fancy software designed to abstract away from the fact that you're running stuff on somebody else's computer, right?Corey: Unfortunately, in this case, the fact that you're calling it Snyk Cloud does not mean that you're doing what so many other companies in that same space do it would have led to a really short interview because I have no faith that it's the right path forward, especially for you folks, where it's, “Oh, you want to be secure? You've got to host your stuff on our stuff instead. That's why we called it cloud.” That's the direction that I've seen a lot of folks try and pivot in, and I always find it disastrous. It's, “Yeah, well, at Snyk if we run your code or your shitty applications here in our environment, it's going to be safer than if you run it yourself on something untested like AWS.” And yeah, those stories hold absolutely no water. And may I just say, I'm gratified that's not what you're doing?Clinton: Absolutely not. No, I would say we have no interest in running anyone's applications. We do want to scan them though, right? We do want to give the developers insight into the potential misconfigurations, the risks, the vulnerabilities that you're introducing. What sets Snyk apart, I think, from others in that application security testing space is we focus on the experience of the developer, rather than just being another tool that runs and generates a bunch of PDFs and then throws them back to say, “Here's everything you did wrong.”We want to say to developers, “Here's what you could do better. Here's how that default in a CloudFormation template that leads to your bucket being, you know, wide open on the internet could be changed. Here's the remediation that you could introduce.” And if we do that at the right moment, which is inside that developer workflow, inside the IDE, on their local machine, before that gets deployed, there's a much greater chance that remediation is going to be implemented and it's going to happen much more cheaply, right? Because you no longer have to do the round trip all the way out to the cloud and back.So, the cloud part of it fundamentally means completing that story, recognizing that once things do get deployed, there's a lot of valuable context that's happening out there that a developer can really take advantage of. They can say, “Wait a minute. Not only do I have a Log4Shell vulnerability, right, in one of my open-source dependencies, but that artifact, that application is actually getting deployed to a VPC that has ingress from the internet,” right? So, not only do I have remote code execution in my application, but it's being put in an enclave that actually allows it to be exploited. You can only know that if you're actually looking at what's really happening in the cloud, right?So, not only does Snyk cloud allows us to provide an additional layer of security by looking at what's misconfigured in that cloud environment and help your developers make remediations by saying, “Here's the actual IAC file that caused that infrastructure to come into existence,” but we can also say, here's how that affects the risk of other kinds of vulnerabilities at different layers in the stack, right? Because it's all software; it's all connected. Very rarely does a vulnerability translate one-to-one into risk, right? They're compound because modern software is compound. And I think what developers lack is the tooling that fits into their workflow that understands what it means to be a software engineer and actually helps them make better choices rather than punishing them after the fact for guessing and making bad ones.Corey: That sounds awesome at a very high level. It is very aligned with how executives and decision-makers think about a lot of these things. Let's get down to brass tacks for a second. Assume that I am the type of developer that I am in real life, by which I mean shitty. What am I going to wind up attempting to do that Snyk will flag and, in other words, protect me from myself and warn me that I'm about to commit a dumb?Clinton: First of all, I would say, look, there's no such thing as a non-shitty developer, right? And I built software for 20 years and I decided that's really hard. What's a lot easier is talking about building software for a living. So, that's what I do now. But fundamentally, the reason I'm at Snyk, is I want to help people who are in the kinds of jobs that I had for a very long time, which is to say, you have a tremendous amount of anxiety because you recognize that the success of the organization rests on your shoulders, and you're making hundreds, if not thousands of decisions every day without the right context to understand fully how the results of that decision is going to affect the organization that you work for.So, I think every developer in the world has to deal with this constant cognitive dissonance of saying, “I don't know that this is right, but I have to do it anyway because I need to clear that ticket because that release needs to get into production.” And it becomes really easy to short-sightedly do things like pull an open-source dependency without checking whether it has any CVEs associated with it because that's the version that's easiest to implement with your code that already exists. So, that's one piece. Snyk Open Source, designed to traverse that entire tree of dependencies in open-source all the way down, all the hundreds and thousands of packages that you're pulling in to say, not only, here's a vulnerability that you should really know is going to end up in your application when it's built, but also here's what you can do about it, right? Here's the upgrade you can make, here's the minimum viable change that actually gets you out of this problem, and to do so when it's in the right context, which is in you know, as you're making that decision for the first time, right, inside your developer environment.That also applies to things like container vulnerabilities, right? I have even less visibility into what's happening inside a container than I do inside my application. Because I know, say, I'm using an Ubuntu or a Red Hat base image. I have no idea, what are all the Linux packages that are on it, let alone what are the vulnerabilities associated with them, right? So, being able to detect, I've got a version of OpenSSL 3.0 that has a potentially serious vulnerability associated with it before I've actually deployed that container out into the cloud very much helps me as a developer.Because I'm limiting the rework or the refactoring I would have to do by otherwise assuming I'm making a safe choice or guessing at it, and then only finding out after I've written a bunch more code that relies on that decision, that I have to go back and change it, and then rewrite all of the things that I wrote on top of it, right? So, it's the identifying the layer in the stack where that risk could be introduced, and then also seeing how it's affected by all of those other layers because modern software is inherently complex. And that complexity is what drives both the risk associated with it, and also things like efficiency, which I know your audience is, for good reason, very concerned about.Corey: I'm going to challenge you on aspect of this because on the tin, the way you describe it, it sounds like, “Oh, I already have something that does that. It's the GitHub Dependabot story where it winds up sending me a litany of complaints every week.” And we are talking, if I did nothing other than read this email in that day, that would be a tremendously efficient processing of that entire thing because so much of it is stuff that is ancient and archived, and specific aspects of the vulnerabilities are just not relevant. And you talk about the OpenSSL 3.0 issues that just recently came out.I have no doubt that somewhere in the most recent email I've gotten from that thing, it's buried two-thirds of the way down, like all the complaints like the dishwasher isn't loaded, you forgot to take the trash out, that baby needs a change, the kitchen is on fire, and the vacuuming, and the r—wait, wait. What was that thing about the kitchen? Seems like one of those things is not like the others. And it just gets lost in the noise. Now, I will admit to putting my thumb a little bit on the scale here because I've used Snyk before myself and I know that you don't do that. How do you avoid that trap?Clinton: Great question. And I think really, the key to the story here is, developers need to be able to prioritize, and in order to prioritize effectively, you need to understand the context of what happens to that application after it gets deployed. And so, this is a key part of why getting the data out of the cloud and bringing it back into the code is so important. So, for example, take an OpenSSL vulnerability. Do you have it on a container image you're using, right? So, that's question number one.Question two is, is there actually a way that code can be accessed from the outside? Is it included or is it called? Is the method activated by some other package that you have running on that container? Is that container image actually used in a production deployment? Or does it just go sit in a registry and no one ever touches it?What are the conditions required to make that vulnerability exploitable? You look at something like Spring Shell, for example, yes, you need a certain version of spring-beans in a JAR file somewhere, but you also need to be running a certain version of Tomcat, and you need to be packaging those JARs inside a WAR in a certain way.Corey: Exactly. I have a whole bunch of Lambda functions that provide the pipeline system that I use to build my newsletter every week, and I get screaming concerns about issues in, for example, a version of the markdown parser that I've subverted. Yeah, sure. I get that, on some level, if I were just giving it random untrusted input from the internet and random ad hoc users, but I'm not. It's just me when I write things for that particular Lambda function.And I'm not going to be actively attempting to subvert the thing that I built myself and no one else should have access to. And looking through the details of some of these things, it doesn't even apply to the way that I'm calling the libraries, so it's just noise, for lack of a better term. It is not something that basically ever needs to be adjusted or fixed.Clinton: Exactly. And I think cutting through that noise is so key to creating developer trust in any kind of tool that scanning an asset and providing you what, in theory, are a list of actionable steps, right? I need to be able to understand what is the thing, first of all. There's a lot of tools that do that, right, and we tend to mock them by saying things like, “Oh, it's just another PDF generator. It's just another thousand pages that you're never going to read.”So, getting the information in the right place is a big part of it, but filtering out all of the noise by saying, we looked at not just one layer of the stack, but multiple layers, right? We know that you're using this open-source dependency and we also know that the method that contains the vulnerability is actively called by your application in your first-party code because we ran our static analysis tool against that. Furthermore, we know because we looked at your cloud context, we connected to your AWS API—we're big partners with AWS and very proud of that relationship—but we can tell that there's inbound internet access available to that service, right? So, you start to build a compound case that maybe this is something that should be prioritized, right? Because there's a way into the asset from the outside world, there's a way into the vulnerable functions through the labyrinthine, you know, spaghetti of my code to get there, and the conditions required to exploit it actually exist in the wild.But you can't just run a single tool; you can't just run Dependabot to get that prioritization. You actually have to look at the entire holistic application context, which includes not just your dependencies, but what's happening in the container, what's happening in your first-party, your proprietary code, what's happening in your IAC, and I think most importantly for modern applications, what's actually happening in the cloud once it gets deployed, right? And that's sort of the holy grail of completing that loop to bring the right context back from the cloud into code to understand what change needs to be made, and where, and most importantly why. Because it's a priority that actually translates into organizational risk to get a developer to pay attention, right? I mean, that is the key to I think any security concern is how do you get engineering mindshare and trust that this is actually what you should be paying attention to and not a bunch of rework that doesn't actually make your software more secure?Corey: One of the challenges that I see across the board is that—well, let's back up a bit here. I have in previous episodes talked in some depth about my position that when it comes to the security of various cloud providers, Google is number one, and AWS is number two. Azure is a distant third because it figures out what Crayons tastes the best; I don't know. But the reason is not because of any inherent attribute of their security models, but rather that Google massively simplifies an awful lot of what happens. It automatically assumes that resources in the same project should be able to talk to one another, so I don't have to painstakingly configure that.In AWS-land, all of this must be done explicitly; no one has time for that, so we over-scope permissions massively and never go back and rein them in. It's a configuration vulnerability more than an underlying inherent weakness of the platform. Because complexity is the enemy of security in many respects. If you can't fit it all in your head to reason about it, how can you understand the security ramifications of it? AWS offers a tremendous number of security services. Many of them, when taken in some totality of their pricing, cost more than any breach, they could be expected to prevent. Adding more stuff that adds more complexity in the form of Snyk sounds like it's the exact opposite of what I would want to do. Change my mind.Clinton: I would love to. I would say, fundamentally, I think you and I—and by ‘I,' I mean Snyk and you know, Corey Quinn Enterprises Limited—I think we fundamentally have the same enemy here, right, which is the cyclomatic complexity of software, right, which is how many different pathways do the bits have to travel down to reach the same endpoint, right, the same goal. The more pathways there are, the more risk is introduced into your software, and the more inefficiency is introduced, right? And then I know you'd love to talk about how many different ways is there to run a container on AWS, right? It's either 30 or 400 or eleventy-million.I think you're exactly right that that complexity, it is great for, first of all, selling cloud resources, but also, I think, for innovating, right, for building new kinds of technology on top of that platform. The cost that comes along with that is a lack of visibility. And I think we are just now, as we approach the end of 2022 here, coming to recognize that fundamentally, the complexity of modern software is beyond the ability of a single engineer to understand. And that is really important from a security perspective, from a cost control perspective, especially because software now creates its own infrastructure, right? You can't just now secure the artifact and secure the perimeter that it gets deployed into and say, “I've done my job. Nobody can breach the perimeter and there's no vulnerabilities in the thing because we scanned it and that thing is immutable forever because it's pets, not cattle.”Where I think the complexity story comes in is to recognize like, “Hey, I'm deploying this based on a quickstart or CloudFormation template that is making certain assumptions that make my job easier,” right, in a very similar way that choosing an open-source dependency makes my job easier as a developer because I don't have to write all of that code myself. But what it does mean is I lack the visibility into, well hold on. How many different pathways are there for getting things done inside this dependency? How many other dependencies are brought on board? In the same way that when I create an EKS cluster, for example, from a CloudFormation template, what is it creating in the background? How many VPCs are involved? What are the subnets, right? How are they connected to each other? Where are the potential ingress points?So, I think fundamentally, getting visibility into that complexity is step number one, but understanding those pathways and how they could potentially translate into risk is critically important. But that prioritization has to involve looking at the software holistically and not just individual layers, right? I think we lose when we say, “We ran a static analysis tool and an open-source dependency scanner and a container scanner and a cloud config checker, and they all came up green, therefore the software doesn't have any risks,” right? That ignores the fundamental complexity in that all of these layers are connected together. And from an adversaries perspective, if my job is to go in and exploit software that's hosted in the cloud, I absolutely do not see the application model that way.I see it as it is inherently complex and that's a good thing for me because it means I can rely on the fact that those engineers had tremendous anxiety, we're making a lot of guesses, and crossing their fingers and hoping something would work and not be exploitable by me, right? So, the only way I think we get around that is to recognize that our engineers are critical stakeholders in that security process and you fundamentally lack that visibility if you don't do your scanning until after the fact. If you take that traditional audit-based approach that assumes a very waterfall, legacy approach to building software, and recognize that, hey, we're all on this infinite loop race track now. We're deploying every three-and-a-half seconds, everything's automated, it's all built at scale, but the ability to do that inherently implies all of this additional complexity that ultimately will, you know, end up haunting me, right? If I don't do anything about it, to make my engineer stakeholders in, you know, what actually gets deployed and what risks it brings on board.Corey: This episode is sponsored in part by our friends at Uptycs. Attackers don't think in silos, so why would you have siloed solutions protecting cloud, containers, and laptops distinctly? Meet Uptycs - the first unified solution that prioritizes risk across your modern attack surface—all from a single platform, UI, and data model. Stop by booth 3352 at AWS re:Invent in Las Vegas to see for yourself and visit uptycs.com. That's U-P-T-Y-C-S.com. My thanks to them for sponsoring my ridiculous nonsense.Corey: When I wind up hearing you talk about this—I'm going to divert us a little bit because you're dancing around something that it took me a long time to learn. When I first started fixing AWS bills for a living, I thought that it would be mostly math, by which I mean arithmetic. That's the great secret of cloud economics. It's addition, subtraction, and occasionally multiplication and division. No, turns out it's much more psychology than it is math. You're talking in many aspects about, I guess, what I'd call the psychology of a modern cloud engineer and how they think about these things. It's not a technology problem. It's a people problem, isn't it?Clinton: Oh, absolutely. I think it's the people that create the technology. And I think the longer you persist in what we would call the legacy viewpoint, right, not recognizing what the cloud is—which is fundamentally just software all the way down, right? It is abstraction layers that allow you to ignore the fact that you're running stuff on somebody else's computer—once you recognize that, you realize, oh, if it's all software, then the problems that it introduces are software problems that need software solutions, which means that it must involve activity by the people who write software, right? So, now that you're in that developer world, it unlocks, I think, a lot of potential to say, well, why don't developers tend to trust the security tools they've been provided with, right?I think a lot of it comes down to the question you asked earlier in terms of the noise, the lack of understanding of how those pieces are connected together, or the lack of context, or not even frankly, caring about looking beyond the single-point solution of the problem that solution was designed to solve. But more importantly than that, not recognizing what it's like to build modern software, right, all of the decisions that have to be made on a daily basis with very limited information, right? I might not even understand where that container image I'm building is going in the universe, let alone what's being built on top of it and how much critical customer data is being touched by the database, that that container now has the credentials to access, right? So, I think in order to change anything, we have to back way up and say, problems in the cloud or software problems and we have to treat them that way.Because if we don't if we continue to represent the cloud as some evolution of the old environment where you just have this perimeter that's pre-existing infrastructure that you're deploying things onto, and there's a guy with a neckbeard in the basement who is unplugging cables from a switch and plugging them back in and that's how networking problems are solved, I think you missed the idea that all of these abstraction layers introduced the very complexity that needs to be solved back in the build space. But that requires visibility into what actually happens when it gets deployed. The way I tend to think of it is, there's this firewall in place. Everybody wants to say, you know, we're doing DevOps or we're doing DevSecOps, right? And that's a lie a hundred percent of the time, right? No one is actually, I think, adhering completely to those principles.Corey: That's why one of the core tenets of ClickOps is lying about doing anything in the console.Clinton: Absolutely, right? And that's why shadow IT becomes more and more prevalent the deeper you get into modern development, not less and less prevalent because it's fundamentally hard to recognize the entirety of the potential implications, right, of a decision that you're making. So, it's a lot easier to just go in the console and say, “Okay, I'm going to deploy one EC2 to do this. I'm going to get it right at some point.” And that's why every application that's ever been produced by human hands has a comment in it that says something like, “I don't know why this works but it does. Please don't change it.”And then three years later because that developer has moved on to another job, someone else comes along and looks at that comment and says, “That should really work. I'm going to change it.” And they do and everything fails, and they have to go back and fix it the original way and then add another comment saying, “Hey, this person above me, they were right. Please don't change this line.” I think every engineer listening right now knows exactly where that weak spot is in the applications that they've written and they're terrified of that.And I think any tool that's designed to help developers fundamentally has to get into the mindset, get into the psychology of what that is, like, of not fundamentally being able to understand what those applications are doing all of the time, but having to write code against them anyway, right? And that's what leads to, I think, the fear that you're going to get woken up because your pager is going to go off at 3 a.m. because the building is literally on fire and it's because of code that you wrote. We have to solve that problem and it has to be those people who's psychology we get into to understand, how are you working and how can we make your life better, right? And I really do think it comes with that the noise reduction, the understanding of complexity, and really just being humble and saying, like, “We get that this job is really hard and that the only way it gets better is to begin admitting that to each other.”Corey: I really wish that there were a better way to articulate a lot of these things. This the reason that I started doing a security newsletter; it's because cost and security are deeply aligned in a few ways. One of them is that you care about them a lot right after you failed to care about them sufficiently, but the other is that you've got to build guardrails in such a way that doing the right thing is easier than doing it the wrong way, or you're never going to gain any traction.Clinton: I think that's absolutely right. And you use the key term there, which is guardrails. And I think that's where in their heart of hearts, that's where every security professional wants to be, right? They want to be defining policy, they want to be understanding the risk posture of the organization and nudging it in a better direction, right? They want to be talking up to the board, to the executive team, and creating confidence in that risk posture, rather than talking down or off to the side—depending on how that org chart looks—to the engineers and saying, “Fix this, fix that, and then fix this other thing.” A, B, and C, right?I think the problem is that everyone in a security role or an organization of any size at this point, is doing 90% of the latter and only about 10% of the former, right? They're acting as gatekeepers, not as guardrails. They're not defining policy, they're spending all of their time creating Jira tickets and all of their time tracking down who owns the piece of code that got deployed to this pod on EKS that's throwing all these errors on my console, and how can I get the person to make a decision to actually take an action that stops these notifications from happening, right? So, all they're doing is throwing footballs down the field without knowing if there's a receiver there, right, and I think that takes away from the job that our security analysts really shouldn't be doing, which is creating those guardrails, which is having confidence that the policy they set is readily understood by the developers making decisions, and that's happening in an automated way without them having to create friction by bothering people all the time. I don't think security people want to be [laugh] hated by the development teams that they work with, but they are. And the reason they are is I think, fundamentally, we lack the tooling, we lack—Corey: They are the barrier method.Clinton: Exactly. And we lacked the processes to get the right intelligence in a way that's consumable by the engineers when they're doing their job, and not after the fact, which is typically when the security people have done their jobs.Corey: It's sad but true. I wish that there were a better way to address these things, and yet here we are.Clinton: If only there were better way to address these things.Corey: [laugh].Clinton: Look, I wouldn't be here at Snyk if I didn't think there were a better way, and I wouldn't be coming on shows like yours to talk to the engineering communities, right, people who have walked the walk, right, who have built those Terraform files that contain these misconfigurations, not because they're bad people or because they're lazy, or because they don't do their jobs well, but because they lacked the visibility, they didn't have the understanding that that default is actually insecure. Because how would I know that otherwise, right? I'm building software; I don't see myself as an expert on infrastructure, right, or on Linux packages or on cyclomatic complexity or on any of these other things. I'm just trying to stay in my lane and do my job. It's not my fault that the software has become too complex for me to understand, right?But my management doesn't understand that and so I constantly have white knuckles worrying that, you know, the next breach is going to be my fault. So, I think the way forward really has to be, how do we make our developers stakeholders in the risk being introduced by the software they write to the organization? And that means everything we've been talking about: it means prioritization; it means understanding how the different layers of the stack affect each other, especially the cloud pieces; it means an extensible platform that lets me write code against it to inject my own reasoning, right? The piece that we haven't talked about here is that risk calculation doesn't just involve technical aspects, there's also business intelligence that's involved, right? What are my critical applications, right, what actually causes me to lose significant amounts of money if those services go offline?We at Snyk can't tell that. We can't run a scanner to say these are your crown jewel services that can't ever go down, but you can know that as an organization. So, where we're going with the platform is opening up the extensible process, creating APIs for you to be able to affect that risk triage, right, so that as the creators have guardrails as the security team, you are saying, “Here's how we want our developers to prioritize. Here are all of the factors that go into that decision-making.” And then you can be confident that in their environment, back over in developer-land, when I'm looking at IntelliJ, or, you know, or on my local command line, I am seeing the guardrails that my security team has set for me and I am confident that I'm fixing the right thing, and frankly, I'm grateful because I'm fixing it at the right time and I'm doing it in such a way and with a toolset that actually is helping me fix it rather than just telling me I've done something wrong, right, because everything we do at Snyk focuses on identifying the solution, not necessarily identifying the problem.It's great to know that I've got an unencrypted S3 bucket, but it's a whole lot better if you give me the line of code and tell me exactly where I have to copy and paste it so I can go on to the next thing, rather than spending an hour trying to figure out, you know, where I put that line and what I actually have to change it to, right? I often say that the most valuable currency for a developer, for a software engineer, it's not money, it's not time, it's not compute power or anything like that, it's the right context, right? I actually have to understand what are the implications of the decision that I'm making, and I need that to be in my own environment, not after the fact because that's what creates friction within an organization is when I could have known earlier and I could have known better, but instead, I had to guess I had to write a bunch of code that relies on the thing that was wrong, and now I have to redo it all for no good reason other than the tooling just hadn't adapted to the way modern software is built.Corey: So, one last question before we wind up calling it a day here. We are now heavily into what I will term pre:Invent where we're starting to see a whole bunch of announcements come out of the AWS universe in preparation for what I'm calling Crappy Cloud Hanukkah this year because I'm spending eight nights in Las Vegas. What are you doing these days with AWS specifically? I know I keep seeing your name in conjunction with their announcements, so there's something going on over there.Clinton: Absolutely. No, we're extremely excited about the partnership between Snyk and AWS. Our vulnerability intelligence is utilized as one of the data sources for AWS Inspector, particularly around open-source packages. We're doing a lot of work around things like the code suite, building Snyk into code pipeline, for example, to give developers using that code suite earlier visibility into those vulnerabilities. And really, I think the story kind of expands from there, right?So, we're moving forward with Amazon, recognizing that it is, you know, sort of the de facto. When we say cloud, very often we mean AWS. So, we're going to have a tremendous presence at re:Invent this year, I'm going to be there as well. I think we're actually going to have a bunch of handouts with your face on them is my understanding. So, please stop by the booth; would love to talk to folks, especially because we've now released the Snyk Cloud product and really completed that story. So, anything we can do to talk about how that additional context of the cloud helps engineers because it's all software all the way down, those are absolutely conversations we want to be having.Corey: Excellent. And we will, of course, put links to all of these things in the [show notes 00:35:00] so people can simply click, and there they are. Thank you so much for taking all this time to speak with me. I appreciate it.Clinton: All right. Thank you so much, Corey. Hope to do it again next year.Corey: Clinton Herget, Field CTO at Snyk. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with an angry comment telling me that I'm being completely unfair to Azure, along with your favorite tasting color of Crayon.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

Amanda Herget is the co-owner of Gearhead Outfitters. She tells us the story of Gearhead, starting with her husband Ted's first store on Flint Street in Jonesboro. Amanda takes us through the journey that took them from one store in Arkansas to now 18 stores across the country. Gearhead's mission is to help customers live active, fulfilling lives by providing quality outdoor-inspired products, backed by deep expertise and remarkable service.To learn more about Gearhead and the areas they serve, you can visit them online at https://gearheadoutfitters.com/.

"Zum Lernen braucht's die Schule nicht!" sagt Svenja Herget. Sie ist nicht nur Pädagogin, Sonderschullehrerin, Waldorflehrerin sondern auch Gründerin der Initiative "Homeschooling wagen - für eine unbeschwerte Kindheit ab 2020." Hier unterstützt sie Eltern darin, wie diese ihre Kinder im Distanzunterricht oder schließlich auch im Homeschooling von zu Hause "beschulen" können - ganz ohne Druck und mit Freude und Spaß am gemeinsamen Lernen. Als Adoptiv- und Pflegemutter von vier Kindern begleitete sie diese selbst im Erziehungsurlaub intensiv zu mehreren Abschlüssen (Qualifizierter Hauptschulabschluss, Mittlere Reife und Abitur) und inspiriert heute Eltern mit konkreten praktischen Ideen zur Umsetzung, gemeinsamen Online-Treffs, Austausch, Inspirationen und berät bei der Bildung von Lerngruppen. Im Interview "Homeschooling wagen" reden wir darüber, - Welche Herausforderungen, Sorgen und Ängste Eltern haben "Distanzunterricht" zu Hause zu gewährleisten - Wie Eltern konkret mit Kindern gemeinsam zu Hause lernen und wachsen können - Welche Chancen "homeschooling" mit sich bringt - gerade im Hinblick auf die Corona-Pandemie Mehr über Svenja Herget findest du hier auf ihrer Website: https://homeschooling-wagen.org/ Svenjas Telegram-Account: https://t.me/homeschoolingwagen

Herget, Jürgenwww.deutschlandfunkkultur.de, Studio 9Direkter Link zur Audiodatei

Today's guest Mirinda Carfrae is a 4x World Champion. Siri coached Rinny from 2005-2012 and then again 2013-2019. Mirinda is one of the most consistent athletes at the Hawaii Ironman Workd Championships She came in 1st 3x, 2nd 3x, and 3rd 1x. She holds the course run record there still.Rinny is married to Timothy O'Donnell one of the top male professional athletes in the worldsMom to Izzy and Finn. Mirinda speaks of the 3 things she believes has led to her amazing success in the sport1. A deep why2. Belief3. An incredible team around herGet some tips on living life at the highest levels from this extraordinary human being.

Mají Pražané očekávat tradiční nápor turistů, nebo bude metropole i letos v létě vylidněná? A jak jsou na tom podnikatelé navázaní na turismus? Nejen o tom v dalším vydání E15 Castu mluvil Nikita Poljakov s ředitelem agentury Czech Tourism Janem Hergetem. www.e15.cz

Hostem 2. dílu Mediálky je člověk, který představuje Českou republiku zahraničním i tuzemským turistům jako lákavou destinaci cestovního ruchu. S Janem Hergetem, ředitelem agentury CzechTourism, jsme se bavili o tom, jak se dělá marketing pro turismus, o velmi úspěšném projektu Kudy z nudy, o odlivu pracovních sil z cestovního ruchu i o tom, jak se covid dotkl turismu v Česku.

Alexandra Herget co-gründete 2018 tutaka als Plattform für nachhaltiges Gastgeber:innentum und mit der Vision ein frauengeführtes Unternehmen zu sein, das auch mit Familie einhergeht. Heute ist sie schwanger mit Kind Nummer 2 und hat es geschafft diese Vision in die Realität umzusetzen? Welche Organisation und welche Herausforderungen stecken dahinter, ihr Business mit Baby zu vereinen? Wie reagierte ihre Co-Gründerin und wie steht es um ihren ‚Strukturwunsch feat. Spontanität' und der Ressource 'Zeit'? Empfindet sie Stress? Und was hat sie aus Baby Nummer 1 gelernt, was sie bei Baby Nummer 2 womöglich anders machen möchte. Gehören Kompromisse dazu? Viel Spaß mit THE MOMPANY und Alexandra Herget von tutaka! . . .

Marc Adams, Business Profitability & Growth Advisor is joined by Rob Herget, founder and President of BoostUrBusiness.com. Rob is amazing because he had a thriving business, sold it and built another (still thriving business) but with a philanthropic edge. So at age 50 Bob reinvents himself! Rob's website https://boosturbusiness.com helps you grow your business through various means. He equates success with passion. “Money is money, but personal happiness far outweighs money any way you look at it.” Rob talks about goals! The life/goal lesson he learned from Bob Proctor – make your goals so big that you can't figure out how to achieve them… If you do that, your goals become more than ‘just about you' it starts to encompass others! Rob has a beautiful way of gauging progress, pay attention to his success model based on the horizon. It really can help reduce frustration if you find that you're not growing at the pace you wish! Rob is truly an inspiration and after listening to his positive viewpoint on business and growth you will continue to press forward! PS: To share his appreciation for simply joining us today, Rob has a free gift for you… Monkeydough.com/travelclub!

About ClintonClinton Herget is Principal Solutions Engineer at Snyk, where he focuses on helping our large enterprise and public sector clients on their journey to DevSecOps. A seasoned technologist, Clinton spent his 15+ year career prior to Snyk as a web software engineer, DevOps consultant, cloud solutions architect, and technical director in the systems integrator space, leading client delivery of complex agile technology solutions. Clinton is passionate about empowering software engineers and is a frequent conference speaker, developer advocate, and everything-as-code evangelist.Links:Try Snyk for free today at:https://app.snyk.io/login?utm_campaign=Screaming-in-the-Cloud-podcast&utm_medium=Partner&utm_source=AWS TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by my friends at ThinkstCanary. Most companies find out way too late that they've been breached. ThinksCanary changes this and I love how they do it. Deploy canaries and canary tokens in minutes and then forget about them. What's great is the attackers tip their hand by touching them, giving you one alert, when it matters. I use it myself and I only remember this when I get the weekly update with a “we're still here, so you're aware” from them. It's glorious! There is zero admin overhead  to this, there are effectively no false positives unless I do something foolish. Canaries are deployed and loved on all seven continents. You can check out what people are saying at canary.love. And, their Kub config canary token is new and completely free as well. You can do an awful lot without paying them a dime, which is one of the things I love about them. It is useful stuff and not an, “ohh, I wish I had money.” It is speculator! Take a look; that's canary.love because it's genuinely rare to find a security product that people talk about in terms of love. It really is a unique thing to see. Canary.love. Thank you to ThinkstCanary for their support of my ridiculous, ridiculous non-sense.  Corey: Writing ad copy to fit into a 30 second slot is hard, but if anyone can do it the folks at Quali can. Just like their Torque infrastructure automation platform can deliver complex application environments anytime, anywhere, in just seconds instead of hours, days or weeks. Visit Qtorque.io today and learn how you can spin up application environments in about the same amount of time it took you to listen to this ad.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. This promoted episode features Clinton Herget, who's a principal solutions engineer at Snyk. Or ‘Snick.' Or ‘Cynic.' Clinton, thank you for joining me, how the heck do I pronounce your company's name?Clinton: That is always a great place to start, Corey, and we like to say it is ‘sneak' as in sneaking around or a pair of sneakers. Now, our colleagues in the UK do like to say ‘Snick,' but that is because they speak incorrectly. We will accept it; it is still wrong. As long as you're not saying ‘Sink' because it really has nothing to do with plumbing and we prefer to avoid that association.Corey: Generally speaking, I try not to tell other people how to run their business, but I will make an exception here because I can't take it anymore. According to CrunchBase, your company has raised $1.4 billion. Buy a vowel for God's sake. How much could it possibly cost for a single letter that clarifies all of this? My God.Clinton: Yeah, but then we wouldn't spend the first 20 minutes of every sales conversation talking about how to pronounce the company name and we would need to fill that with content. So, I think we're just going to stay the course from here on out.Corey: I like that. So, you're a principal solutions engineer. First, what does that do? And secondly, I've known an awful lot of folks who I would consider problem engineers, but they never self-describe that way. It's always solutions-oriented?Clinton: Well, it's because I worked for Snyk, and we're not a problems company, Corey, we're a solutions company.Corey: I like that.Clinton: It's an interesting role, right, because I work with some of our biggest customers, a lot of our strategic partners here in North America, and I'm kind of the evangelist that comes out and says, “Hey, here's what sucks about being a developer. Here's how we could maybe be better.” And I want to connect with other engineers to say, “Look, I share your pain, there might be an easier way, if you, you know, give me a few minutes here to talk about Snyk.”Corey: So, I've seen Snyk around for a while. I've had a few friends who worked there almost since the beginning and they talk about this thing—this was before, I believe, you had the Dobermann logo back in the early days—and I keep periodically seeing you folks in a variety of different contexts and different places. Often I'll be installing something from Docker Hub, for example, and it will mention that, oh, there's a Snyk scan thing that has happened on the command line, which is interesting because I, to the best of my knowledge, don't pay Docker for things that I do because, “No, I'm going to build it myself out of popsicle sticks,” is sort of my entire engineering ethos. But I keep seeing you in different cases where as best I am aware, I have never paid you folks for services. What is it you do as a company because you're one of those folks that I just keep seeing again and again and again, but I can't actually put my finger on what it is you do.Clinton: Yeah, you know, most people aren't aware that popsicle sticks are actually a CNCF graduated project. So, you know, that's that—Corey: Oh, and they're load-bearing in almost every piece of significant technical debt over the last 50 years.Clinton: Absolutely. Look at your bill of materials; it's there. Well, here's where I can drop in the other fun fact about Snyk's name, it's actually an acronym, right, stands for So, Now You Know. So, now you know that much, at least. Popsicle sticks, key component to any containerized infrastructure. Look, Snyk is a developer security company, right? And people hear that and go, “I'm sorry, what? I'm a developer; I don't give a shit about security.” Or, “I'm a security person”—Corey: Usually they don't say that out loud as often as you would hope, but it's like, “That's not true. I say that I care about security an awful lot.” It's like, “Yeah, you say that. Therein lies the rub.”Clinton: Until you get a couple of drinks in them at the party at re:Invent and then the real stuff comes out, right? No, Snyk is always been historically committed to the open-source community. We want to help open-source developers every bit as much as, you know, we're helping the engineers at our top-tier customers. And that's because fundamentally, open-source is inextricably linked to the way software is developed today, right? There is nobody not using open-source.And so we, sort of, have to be supporting those communities at the same time. And that fundamentally is where the innovation is happening. And you know, my sales guys hate when I say this, right, but you can get an amazing amount of value out of Snyk by using the freemium solution, using the open-source tooling that we've put out in the community, you get full access to our vulnerability database, which is updated every day, and if you're working on public projects, that's going to be free forever, right? We're fundamentally committed to making that work. If you're an enterprise that happens to have money to spend, I guess we'll take that too, right, but my job is really talking to developers and figuring out, you know, how can we reduce the amount of pain in your life through better security tooling?Corey: The challenging part is that your business, although I confess is significantly larger than my business, we're sort of on some level solving the same problem. And that sounds odd to say because I focus on fixing AWS bills and you're focused on improving developer security. But I'm moving up about six levels to the idea that there are only two big problems in the world of technology, in the world of companies for that matter. And the problem that we're solving is the worst one of the two. And that is reducing risk exposure.It is about eliminating downside. It's cost optimization, it's security tooling, it is insurance, et cetera, et cetera, et cetera. And the other problem, the one that I've always found, that is the thing that will get people actually excited rather than something they feel obligated to do is speeding up time to market, improving feature velocity, being able to deliver the right things sooner. That's the problem companies are biasing towards investing in extremely heavily. They'll convene the board to come up with an answer there.That said, you stray closer into that problem space than most security companies that I'm aware of just because you do in fact, speed up the developer process. It let people move faster, but do it safely at least is my general understanding. If I'm completely wrong on this, and, “Nope, we are purely risk mitigation, then this is going to look fairly silly, but it wouldn't be the first time I put my foot in my mouth.”Clinton: Yeah, Corey, it sounds like you really read the first three words of the website, right? “Develop fast. Stay secure.” And I think that fundamentally gets at the traditional alignment, where security equals slow, right, because risk mitigation is all about preventing problematic things from going into production. But only doing that as a stop gate at the end of the process, right, by essentially saying we assume all developers are bad and want to do bad things, and so we're going to put up this big gate and generate an 1100 page PDF, and then throw it back to them and say, “Now, go figure out all of the bad things you did and how to fix them. And by the way, you're already overshooting your delivery target.” Right? So, there's no way to win in that traditional model unless you're empowering developers earlier with the right context they need to actually write more secure code to begin with, rather than remediating after the fact when those fixes are actually most expensive.Corey: It's the idea of the people who want to slow down and protect things and not break are on the operation side of the world, and then you have developers who want to ship things. And you have that natural tension, so we're going to smash them together and call it DevOps, which at least if nothing else, leads to interesting stories on stages. Whether it actually leads to lasting cultural transformation is another thing entirely. And then someone said, “Well, what about security?” And the answer is, “We have a security department?” And the answer is, “Yeah, you know, those grumpy people that say no all the time whenever we ask if we could do anything.” “Oh, that security department. I ignore them and go around them instead.” And it's, “All right, well, we need help on that so we're going to smash them in, too.” Welcome to DevSecOps, which is basically buzzword-driven cultural development. And here we are. But there is something to be said for you can no longer be the Department of No. I would argue that you couldn't do that successfully previously, but at least now we're a little more aware of it.Clinton: I think you could certainly do that when you were deploying software a couple times a year, right? Because you could build in all of the time to very expensively and time consumingly fix things after the fact, right? We're no longer in that world. I think when you're deploying every few seconds or a few minutes, what you need is tooling that, first of all, runs at that speed, that gives developers insights into what risk are they bringing on board with that application once it will be deployed, but then also give them the context they actually need to fix things, right? I mean, regardless of where those vulnerabilities are found, it still ultimately is a line of code that has to be written by a developer and committed and pushed through a pipeline to make it back into production.And that's true, whether we're talking about application security and proprietary code, we're talking about vulnerabilities in open-source, vulnerabilities in the container, infrastructure as code. I mean, it used to be that a network vulnerability was fixed by somebody going into the data center, unplugging a Cat 5 cable and plugging it in somewhere else, right? I mean, that was the definition of network security. It was a hardware problem. Now, networking is software-defined. I mean [laugh]—Corey: Oh, the firewall I trust is basically a wire cutter. Yeah, cut through the entire cable, and that is the only secure firewall. And it's like, oh, no, no, there are side-channel attacks. It's not completely going to solve things for you. Yeah.Clinton: You know, without naming names, there are certainly vendors in the security space that still consider mitigation to be shutting down access to a workload, right. Like, let's remediate by taking this off of the internet and allowing it to no longer be accessible.Corey: I don't think it's come from a security standpoint, but that does feel like it's a disturbing proportion of Google's product strategy.Clinton: [laugh]. Absolutely. But you know, I do think maybe we can take the forward-looking step of saying there are ways to fix issues while keeping applications online at the same time. For example, by arming engineers with the security intelligence they need when they're making decisions about what goes into those applications. Because those wire cutters now, that's a line in a YAML file, right?That's a Kubernetes deployment, that's a CloudFormation template, and that is living in code in the same repo with everything else, with all of the other logic. And so it's fundamentally indistinguishable at the point where all security is really now developer security, except the security tooling available doesn't speak to the developer, it doesn't integrate into their workflow, it doesn't enable them to make remediations, it's still slapping them on the wrist. And this is why I think when you talk about—to invoke one of the most overused buzzwords in the security industry—when you talk about shifting left, that's really only half the story. I mean, if you're taking a traditional solution that's designed to slow things down, and shifting that into the developer workflow, you're just slowing them down earlier, right? You're not enabling them with better decision-making capacity so they can say, “Oh, I now understand the risks that I'm bringing on board by not sanitizing a string before I dump it into a SQL, you know, query. But now I understand that better because Snyk is giving me that information at the right time when I don't have to context switch out of it, which is, as I'm writing that line of code to begin with.”Corey: When I look at your website—and I'm really, really hoping that your marketing folks don't turn me into a liar on this one between the time we have recorded this and the time it sees the light of day in a week or so—it's notable because you are a security vendor, but you almost wouldn't know that from your website. And that is a compliment because at no point, start to finish, on the landing page at snyk.io do I see anything that codes to, “Hackers are coming to kill you. Give us money immediately to protect yourself.”You're not slinging FUD. You're talking entirely about how to improve velocity. The closest it gets to even mentioning security stuff is, “Ship on time with peace of mind.” That is as close as it gets to talking about security stuff. There is no fear based on this, and you don't treat people like children and say, “Security is extremely important.” “Thank you, Professor, I really appreciate that helpful tip.”Clinton: Yeah, you know, again, I think we take the very controversial approach that developers are not bad people who want to make applications less secure, right? And I think again, when you go into that 40-year trajectory of that constant tension between the engineering and the security sides of the house, it really involves certain perceptions about what those other people are like: security are bad and want to shut everything down; developers are, you know, wild cowboys who don't care about standardization and are just introducing a bunch of risk, right? Where Snyk comes in is fundamentally saying, “Hey, we can actually all live together in a world where we recognize there's pain on both sides?” And look, Corey, I'm coming to you after essentially waking up every day for 20 years and writing code of some kind or other, and I can tell you, developers are already scared enough, man. It is a fearful and anxiety ridden experience to know that you're not completely in command of what happens to that application once it leaves your IDE, right?You know at some point you're going to get that PDF dumped on you; you're going to have a build block, you're going to have a bug report come in from a very important customer at three o'clock in the morning and you're going to have to do something about it. I think every software engineer in the world carries that fear around with them. They don't have to be told you have the capacity to do bad stuff here and you should be better at it. What they need is somebody to tell them here's how to do things better, right? Here's not necessarily even why a cross-site scripting attack is dangerous—although we can certainly educate you on that as well—but here's what you need to do to remediate it. Here's how other developers have fixed that in applications that look like yours.And if you get that intelligence at the right point, then it becomes truly—to go back to your original question—it becomes about solutions rather than about problems, right? The last thing we ever want to do is adopt that traditional approach of saying, “You did a bad thing. It's your fault. You have to go figure out what to do. And then by the way, you have to do all the refactoring on top of that because we didn't tell you you did the bad thing until three weeks later when that traditional SaaS tool finally finished running.”Corey: Exactly. It's a question of how much can you reduce that feedback loop? If I get pinged 60 seconds after I commit code that there's a problem with it, great. I still have that in my head. Mostly. I hope. But if it's six months later it's, “Who even wrote this?” And I pull up git blame and, “Ah, crap, it was me. What was I possibly thinking back then?” It's about being able to move rapidly and fix things, I guess, as early in the process as possible, the whole shift-left movement. That's important. That's valuable.Clinton: Yeah, the context switching is so expensive, right, because the minute you switch away from that file, you're reading some documentation. You're out of that world. Most of the developer's time is spent getting into and out of different contexts. Once you're in there, I mean, you could rattle off 40 lines of code in a sitting and actually clear a ticket and you feel really good about yourself, right? The next day, when that comes back from QA saying you did something wrong here, that's the painful part of having to get back in.And by the time you've already done that, you've doubled the amount of time you've spent on that feature. So, it's all about integrating the right intelligence in the right context at the right time, and doing so in such a way that we're not throwing around blame, that we're not saying, “You should have known better.” We're saying, “We want to help you do this better because, you know, ultimately, you're going to write another SQL query. That's okay. We hope that maybe this will inspire you to sanitize those strings properly, and we're going to give you some suggestions on how to do that.”Corey: Yeah. Developer time is way more expensive than the infrastructure. That is, I think, a little understood facet of how this works from an engineering perspective because an awful lot of us came up in this industry considering our time to be free. Because we were doing this as a hobby in some cases, it was. When I was in my dorm room back many years ago, as I was basically in the process of being expelled from boarding school, it was very clearly my time was not worth a whole hell of a lot to anyone at that point.Speaking of expensive things, I want to talk for a minute about your pricing. And what I like about this is, let me be clear here. I am a big fan of taking shortcuts wherever I can, and one of the shortcuts I love doing—and I don't know if I've talked about it on this show before—is when I'm talking to a company and I need to figure out do they know what they're doing or are they clowns, I cheat and I go to the pricing page. And there are two big things that I look for, and you have them both.The first is that over on the far left side of the spectrum, it's do you have a free option? And yes, you do. And, “Click here to get started immediately.” Great because it's three in the morning, I need to get something done, I'm under a deadline, I do not have time for a conversation with sales, and as an engineer, I absolutely don't want to deal with that type of sales process because it feels weird to go and ask my boss to go ahead and sign off on something because I feel like my spending authority is capped at $20. Now that I have a little more context, I understand exactly why [laugh] my spending authority was capped at $20 back when I was an engineer.Clinton: Yeah, exactly right. And so it's not only that commitment to ensuring every software engineer in the world can have access to Snyk immediately by making one click because, you know, ultimately, we're committed to that community, right? There's 3 million developers using Snyk currently. That's about 10% of all engineers in the world. We're very proud of that number.We expect that to continue to grow and I think it shows that there is need out there, right? And if we can enable every engineer who's up at 3 a.m. faced with some security prospect to say, you know, it is as simple as getting a free account and getting a vulnerability report, getting the remediation advice, being able to sleep easier. I think we're successful as a company, regardless of what the bottom line is. But when you look at how to scale that into the enterprise, the way security solutions are priced, I mean, it's like throwing a bunch of wet noodles at the wall and seeing what sticks, right?Corey: Yes. And that's the other piece of your pricing that I like is a lot of people are going to be listening to that, what I'm saying right now about, “Oh, well, we have a free tier. Why do you think we're clowns?” It's, “Ah. Because the other end is just as important if not more so, which is there has to be an enterprise tier, and the price for that has got to be, ‘Click here to have a conversation.'” And the reason behind that is if you work in procurement, which is very often who's going to be reaching out on something like this, you are going to need custom contracts; you are going to want a long-term enterprise deal, and if the top tier is X dollars per thing that's already there, it reeks of unsophisticated vendor to a buyer in that position, and it makes the people a big blue chip companies think, “Oh, they don't know how to deal with someone at our scale.” Pricing his messaging, and I think people lose sight of that. You absolutely say the right things on both ends. I look at this, and there's nothing I would change or improve about your pricing page, which to be honest, is really rare.Clinton: I'm not sure all of our sales leaders would agree with you there, but I will pass that feedback along. Well, and the other thing I would add to that is, what everyone who's in a pricing conversation wants is predictability about what is this going to be in the future, right? And so we base our pricing on how many developers are in your organization, right? That's probably a number you know; that's probably a number that you can predict over time. We're not going to say, “How many CPUs are we using, right? What's the footprint of the cloud resources we're deploying to scan your stuff?” These are all things that you have very little control over and there is alchemy there that introduces a financial risk into that situation. And we're all about risk mitigation at scale, right?Corey: You don't pop up halfway through a cycle of, “Oh, you've gone on a hiring spree. Time to go ahead and pay us a bunch more money you didn't plan for or budget for.” I've had vendors pop up a quarter after I signed a deal—repeatedly—and it drives me up a wall because back in my engineering days, it was, great, now I have to spend time on this that I hadn't planned for; I have to go to my boss and ask for more money, never a great conversation, and as a cherry on top, I get to look like I don't know how to manage vendors for crap. It's just everyone is angry about those conversations. And even the salespeople reaching out had the decency to act a little sheepish about having to have that conversation with me.Clinton: The best ones do, at least. Well, and on top of that, you know, maybe that tool has been capped so that now your bills are breaking because you went one over your cap, right? So, I—Corey: Yeah. I love it. When I fail in production. That's my favorite thing. It's like, “All right, we're going to wind up not scanning for security stuff anymore. And if you go five beyond your cap, we're going to start introducing vulnerabilities.” It's, “That's awesome. Just, great plan.” But I'm kidding. I'm kidding. I want to be very clear, I have never heard a whisper of an actual vendor doing that, on purpose anyway.Clinton: Exactly. Right. And you know, look. We want to make it as easy as possible, and that's why, for example, we're on AWS Marketplace. You can use your existing EDP program to, you know, buy Snyk, just as—Corey: At 50% of your spend on Snyk then winds up counting toward your spend commit, which is always an interesting approach that some people are like, “Ooh. So, we can wind up transferring the money that we're spending on a vendor to count toward our commit?” But in many cases, it's how much are you spending on other third-party vendors in this space because you're getting excited about a few tens of thousands in most cases, and you have a $50 million annual [laugh] commit. What are you doing there, buddy? That's like trying to become a millionaire via credit card points. It doesn't usually pan out that way.Clinton: Fair enough. Yeah. And then look, we're very proud of that partnership with Amazon. And look if hey, if they can lock some of our customers into $15 million a year spend contracts, we'll take a few pennies on that, right?Corey: Oh, yeah, as a vendor, you'd be silly not too. It makes sense. But you're doing significantly more than that. As of this week being re:Invent week, you are—well, tell me about it.Clinton: Yeah, Corey, we are thrilled to announce this week that AWS is now integrating with Snyk's vulnerability database within Amazon Inspector. And this is going to bring the best-of-breed security intelligence with a curated vulnerability database, including all of our proprietary research around things like exploit maturity, reachability, vulnerable conditions, social trends on vulnerabilities, all available within Amazon Inspector to any developer utilizing it. We also have an AWS code pipeline integration that makes it easy for anyone utilizing AWS for your CI/CD to get immediate feedback on vulnerabilities in your applications as they move through that pipeline. And remember, we're never just going to say, “We've identified a vulnerability. Now, you need to figure out what to do with it.” We're always going to integrate the remediation advice because our audience at the end of the day is the developer whose job it is to make the fix and who has such a wide variety of responsibility these days, the best we can do is say to them, not just, “We found something wrong,” but, “Here's the solution that we think you should implement to get that secure code back out into production.”Corey: This episode is sponsored by our friends at CloudAcademy. That's right, they have a different lab challenge up for you called, “Code Red: Repair an AWS Environment with a Linux Bastion Host.” What does it do? Well, its going to assess your ability to troubleshoot AWS networking and security issues in a production like environment. Well, kind of, its not quite like production because some exec is not standing over your shoulder, wetting themselves while screaming. But..ya know, you can pretend in fact I'm reasonably certain you can retain someone specifically for that purpose should you so choose. If you are the first prize winner who completes all four challenges with the fastest time, you'll win a thousand bucks. If you haven't started yet you can still complete all four challenges between now and December 3rd to be eligible for the grand prize. There's only a few days left until the whole thing ends, so I would get on it now. Visit cloudacademy.com/corey. That's cloudacademy.com/C-O-R-E-Y, for god's sake don't drop the “E” that drives me nuts, and thank you again to Cloud Academy for not only promoting my ridiculous non sense but for continuing to help teach people how to work in this ridiculous environment.Corey: First, congratulations. It's neat to have a first-party integration like that with an AWS service, as opposed to, you know, their somewhat storied approach of, “Hey, it's an open-source project. We're just going to implement something that's API compatible ourselves, and irritate people.” Now, to be clear, my problem is not that you should expect to build anything and not face competition. My concern is a little bit more along the lines of, “Huh. Why is that same company always the first in line to compete with something.” Which is neither here nor there.Security is also one of those areas where I think competition is important. You want it continual background level of investment in the space because this stuff is super important. What I like about Snyk and a number of companies in this space is I know exactly where you stand. Let's contrast that for a second with AWS. You're integrating with Inspector, which is a great service, but you're not, I don't believe, integrating with their other security services such as [big breath in] Amazon Detective, the Audit Manager—if you want to consider that one of them—Amazon Macie, AWS Firewall Manager, AWS Shield, the Network Firewall, IoT Device Defender, CloudTrail, Config.Amazon Inspector is in one you're there, but not really Security Hub, or GuardDuty, or IAM itself. And I look at all of these services—I mean, IAM is free, of course, but the rest are very much not—and I do some basic arithmetic and I'm starting to realize that if I can figure all the various AWS security services together and what that's going to cost me, it turns out the answer is more than the data breach. So, on some level, it's one of those—at what point is it so confusing and it starts to look like a cross-sell deal between all of the different services, and turn them all on because you could ever have too much security, we still have to ship things eventually. And their security messaging has been extraordinarily confused for a long time. At some level, the fact that you are now integrating with them on the Inspector side means that for the first time, I think I understand what Inspector does now, which is more than a little messed up. But here we are.Clinton: Indeed. Well, the first thing I would say on that is, you know, stay tuned. As we move into the new year. I think you're going to see a lot more announcements both, you know, on the AWS side, but also kind of industry-wide and terms of integration with Snyk. That Vulnerability Database feed also, as you mentioned earlier, in use in Docker Hub, so anyone with Containers and Docker Hub can get advantage by scanning with our Snyk container tool.We have other integrations with Red Hat, for example. And there are actually many other companies utilizing that DB feed to, again, get access to that best in breed vulnerability data. When you talk about that model of, you know, being outcompeted on the security front, I think that's more difficult to do when you're actually talking about data, right? Like tooling, on some level—and I might get in trouble for saying this—but tooling is commodity, right? Somebody tomorrow is going to come out with a better tool to do a thing a little bit faster in a little bit more intuitive way. What can't be easily replicated is the data and intelligence behind that, right? And so that's why—Corey: Yeah, the secret sauce that makes you folks work is not the fact of, “Ah, we can fire off or catch a web hook, and then run the following command against the codebase.” That is—sure it's handy and it's useful and you're good at that, but that is not the reason that people become your customer.Clinton: Exactly right. Look, there's a lot of tools that can resolve the dependency tree within your open-source application, right? We can do that as well. We leverage a lot of open-source to do that, you know, we're very open with that. As I mentioned earlier, a lot of Snyk tooling is available on GitHub, you can see how it works, that code is public.Really the value we're providing is in that curated security research that our dedicated team is working on day in and day out and verifying public security data that's out in CVEs. Is this actually accurate? Do we agree with the severity rating? Might there be other factors that could modify that severity rating? What happens when you are scanning an application that might have some vulnerable conditions versus others? Don't you want to prioritize those vulnerabilities differently? What happens at runtime, right? If you're deploying an application to an EC2 instance with an OpenSSH ingress into your security group, that's going to make certain vulnerabilities a lot bigger risk than if you've got your IAC configured correctly, right? So, the really the overall mission of Snyk as we move into this broader, kind of, ASPM application, you know, security posture management space, is to say, how many different signals across the SDLC can we combine in intuitive ways for the developer to understand that risk at the right time with the right context and armed with the remediation advice to make a better decision as they're writing their code, you know, rather than after the fact? If I could sum it all up, kind of, that's the vision of where we are both today and ultimately where we're going.Corey: There also needs to be an understanding of who the customer is. If I go through the launch wizard and spin up in a brand new account, my first EC2 instance, and I spin up an instance by going through the wizard, the first thing it does is yell at me. Because, “Ah, that SSH port is open to the world.” Which you need to get into it, once it's there. So, it sets that up for me and yells at me all in the same breath. And it's, this is not a promising start; I kind of need that to get into it.Conversely, if you're not someone learning this stuff for the first time, and you're, oh I don't know, a production engineer at a bank, you care quite a bit differently in that use case about things like OpenSSH groups, it's security posture, et cetera, et cetera. An awful lot of the tooling is, “Ah, you're failing this benchmark, and this benchmark, and this benchmark,” from CIS and the rest of all these rules of, oh, you're not encrypting your data at rest. Well, it's in an AWS data center environment. Yeah, if someone could break in and steal the drives from multiple facilities and somehow recombine them together and get out alive, yeah, that's really not my threat model.But it's easy to turn it on and check a box and make an auditor go away. But that's not where I would spend the bulk of my energies if I'm trying to improve my security posture. And it turns into rote checklists super easily. The thing I've always appreciated about the stuff that you're tooling in the open-source world has highlighted is it's not nonsense. And I really can't understate just how valuable that is.Clinton: Absolutely. And that comes from a combination of signals across that SDLC, from the open-source, from the container, from the proprietary code, from the IAC, but then also what's happening at runtime, right? Like, how are those containers actually deployed onto EKS? What ports are open? What running binaries are on the container that might influence, you know, what packages you choose to upgrade, versus not?All of that matters, and what—you know, the issue I think now is getting that visibility to the developer at the right time so that they can make it actionable. And the thing about infrastructure as code, that I think that's really interesting and not super well understood is a lot of those defaults are really insecure. And developers have no idea, right? Like, they might not be aware that if you don't define that encryption for your S3 bucket, it'll happily deploy unencrypted, right? Yes, that's a compliance problem, but that's also potentially exacerbator have other vulnerabilities that might be in that application.But you only see those when you can combine and have a single pane of glass that gives you the runtime signaling plus everything that's happening in the application, armed with the correct information to actually remediate that at the time, and say, “Don't you think you wanted to add, you know, AES encryption to this bucket? Don't you think you wanted to close down port 22?” And also, combine that with your internal business logic, right? Like maybe for an internal only application that never transits beyond your VPC perimeter, sure, it's fine to have port 22 open, right? There's just going to be people within your zero-trust environment authenticating to it. But for your production web application, that might be a different story.Corey: There are other concerns, too. For example, I'm sitting here complaining about the idea of encrypting at rest in an AWS environment, but if you've signed customer contracts that state that you're doing it, you'd better freaking do it, as opposed to, “Well, I know what the actual security risk is and it's no big deal.” Yeah, don't make that decision. If you are contractually obligated to do a thing. Don't YOLO it; do what you say you're going to do. That's that whole integrity thing.Clinton: Oh, sure. And look in a battle between security and compliance. Compliance always wins, right? But from a developer perspective, I don't know that we on the front lines writing code actually differentiate, right? That certainly is a matter for the people defining the policies and, you know, creating their gating mechanisms in CI to figure out.What I want to know as a developer is, is my build going to succeed, right? Or am I going to get shut down and get the nastygram that says, you know, “We couldn't launch this for x, y, and z reason.” Now, everybody on my team hates me, my lead dev is on me, now there's a bunch of merge conflicts because my branch is behind. I want to get that out into production, but in order to do that, I need information on how are all these signals going to be compiled together in a way that, you know, creates that red light or green light on the risk dashboard later on. But up until I think, you know, relatively recently, I don't have visibility into that except to launch the commit, you know, start the build and see what happens, and then I have that context-switching problem, right, because it's hours or days later, that I finally get that signal back.So yes, I think we have a compliance story to tell from the Snyk perspective as well. A lot of those same issues, you know, we're detecting, especially with regard to infrastructure as code, but it ultimately is up to various parts of the organization to work together and say, “What balance do we want to strike between security and velocity,” right? Understanding that those are not mutually opposed. What we need is tooling and more importantly a culture that takes both into account and allows us to develop securely and fast at the same time.Corey: I want to thank you so much for taking the time to speak with me about all this. If people want to learn more, where can they find you? And for God's sake, please don't say in your booth at re:Invent.Clinton: [laugh]. I will not be at re:Invent this year. I've had a little bit too much of the Vegas Strip here recently.Corey: No, I hear you. Right now, the people going are those whose employers find them expendable, which is why I'm there.Clinton: I wouldn't say that Corey. I think you'll do great, and you know, just make sure to bank all your vacation for a couple weeks after. Look, come to snyk.io start a conversation, but more importantly, just start using it, right?I don't want to give you the sales pitch; I want you to see the value in the tooling, and the easiest way to do that as an engineer is just to start using it. And if there is value there, you want to bring it to your enterprise. I would love to have that conversation and move forward. But engineer to engineer, like, figure out if this is going to work for you: does it make your life easier? Does it reduce the pain and anxiety you feel before making that commit into the production branch? And if so, then yeah, we'd love to talk.Corey: I will, of course, put links to that in the [show notes 00:33:22]. Thank you so much for speaking to me today. I really appreciate it.Clinton: Thank you, Corey. Glad to do it.Corey: Clinton Herget, principal solutions engineer at Snyk. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice along with an angry comment yelling at Snyk about how they're a terrible company because they continually refuse to patronize your side business down at the Vowel Emporium.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

Dr. Lenore Herget joins me for to talk about her work as a PT, DPT at Massachusetts General Hospital Sports Medicine. Lenore treats concussed athletes from high school to pro; she is a member of the New England Patriots Medical Staff and serves as the Concussion Rehabilitation Consultant to the Boston Bruins, Boston Red Sox, New England Revolution, Home Base Program and the Mass General Sports Concussion Clinic. As mentioned in episode 103, Lenore will be instructing "Physical Therapy Examination" in the Concussion Corner Academy Course. We also talk about visuo-vestibular treatment, and the importance of the cervical spine during examination and treatment of concussion. Please consider supporting Concussion Talk Podcast on Patreon!

Autor: Zurheide, Jürgen Sendung: Interview Hören bis: 19.01.2038 04:14

Brasserie: Zeit umzudenken: Kultkom-Pressesprecher Veit Herget bei Julia Slot

-

Jordan discusses the unique challenges and opportunities of leading Portneuf Medical Center. Tune in to hear how Portneuf is also elevating the Pocatello community.

Die deutsche Nationalmannschaft ist mit einer 0:1-Niederlage gegen Weltmeister Frankreich in die Europameisterschaft gestartet. Bei der Beurteilung der Leistung gehen die Meinungen auseinander. Es hätte besser sein können. Aber schlecht war es auch nicht. Wie es mein heutiger Gast sieht, hört ihr in der neuen Ausgabe von "Bosses Bundesliga Blog". Matthias Herget hat 1988 mit Deutschland im eigenen Land an der EM teilgenommen und ist im Halbfinale gegen die Niederlande beim 1:2 ausgeschieden. Mit ihm spreche ich auch über die Zukunft des KFC Uerdingen. Denn Herget hat mit dem Vorgängerverein Bayer Uerdingen große Erfolge gefeiert und macht sich Sorgen um die Zukunft des Fußballs in Krefeld-Uerdingen.

Die deutsche Nationalmannschaft ist mit einer 0:1-Niederlage gegen Weltmeister Frankreich in die Europameisterschaft gestartet. Bei der Beurteilung der Leistung gehen die Meinungen auseinander. Es hätte besser sein können. Aber schlecht war es auch nicht. Wie es mein heutiger Gast sieht, hört ihr in der neuen Ausgabe von "Bosses Bundesliga Blog". Matthias Herget hat 1988 mit Deutschland im eigenen Land an der EM teilgenommen und ist im Halbfinale gegen die Niederlande beim 1:2 ausgeschieden. Mit ihm spreche ich auch über die Zukunft des KFC Uerdingen. Denn Herget hat mit dem Vorgängerverein Bayer Uerdingen große Erfolge gefeiert und macht sich Sorgen um die Zukunft des Fußballs in Krefeld-Uerdingen.

Die deutsche Nationalmannschaft ist mit einer 0:1-Niederlage gegen Weltmeister Frankreich in die Europameisterschaft gestartet. Bei der Beurteilung der Leistung gehen die Meinungen auseinander. Es hätte besser sein können. Aber schlecht war es auch nicht. Wie es mein heutiger Gast sieht, hört ihr in der neuen Ausgabe von "Bosses Bundesliga Blog". Matthias Herget hat 1988 mit Deutschland im eigenen Land an der EM teilgenommen und ist im Halbfinale gegen die Niederlande beim 1:2 ausgeschieden. Mit ihm spreche ich auch über die Zukunft des KFC Uerdingen. Denn Herget hat mit dem Vorgängerverein Bayer Uerdingen große Erfolge gefeiert und macht sich Sorgen um die Zukunft des Fußballs in Krefeld-Uerdingen....

Die deutsche Nationalmannschaft ist mit einer 0:1-Niederlage gegen Weltmeister Frankreich in die Europameisterschaft gestartet. Bei der Beurteilung der Leistung gehen die Meinungen auseinander. Es hätte besser sein können. Aber schlecht war es auch nicht. Wie es mein heutiger Gast sieht, hört ihr in der neuen Ausgabe von "Bosses Bundesliga Blog". Matthias Herget hat 1988 mit Deutschland im eigenen Land an der EM teilgenommen und ist im Halbfinale gegen die Niederlande beim 1:2 ausgeschieden. Mit ihm spreche ich auch über die Zukunft des KFC Uerdingen. Denn Herget hat mit dem Vorgängerverein Bayer Uerdingen große Erfolge gefeiert und macht sich Sorgen um die Zukunft des Fußballs in Krefeld-Uerdingen....

Die deutsche Nationalmannschaft ist mit einer 0:1-Niederlage gegen Weltmeister Frankreich in die Europameisterschaft gestartet. Bei der Beurteilung der Leistung gehen die Meinungen auseinander. Es hätte besser sein können. Aber schlecht war es auch nicht. Wie es mein heutiger Gast sieht, hört ihr in der neuen Ausgabe von "Bosses Bundesliga Blog". Matthias Herget hat 1988 mit Deutschland im eigenen Land an der EM teilgenommen und ist im Halbfinale gegen die Niederlande beim 1:2 ausgeschieden. Mit ihm spreche ich auch über die Zukunft des KFC Uerdingen. Denn Herget hat mit dem Vorgängerverein Bayer Uerdingen große Erfolge gefeiert und macht sich Sorgen um die Zukunft des Fußballs in Krefeld-Uerdingen....

Die deutsche Nationalmannschaft ist mit einer 0:1-Niederlage gegen Weltmeister Frankreich in die Europameisterschaft gestartet. Bei der Beurteilung der Leistung gehen die Meinungen auseinander. Es hätte besser sein können. Aber schlecht war es auch nicht. Wie es mein heutiger Gast sieht, hört ihr in der neuen Ausgabe von "Bosses Bundesliga Blog". Matthias Herget hat 1988 mit Deutschland im eigenen Land an der EM teilgenommen und ist im Halbfinale gegen die Niederlande beim 1:2 ausgeschieden. Mit ihm spreche ich auch über die Zukunft des KFC Uerdingen. Denn Herget hat mit dem Vorgängerverein Bayer Uerdingen große Erfolge gefeiert und macht sich Sorgen um die Zukunft des Fußballs in Krefeld-Uerdingen....

MAY IS MENTAL HEALTH AWARENESS MONTH, CHIEF HERGET TRANSPARENTLY DISCUSSES HIS EXPERIENCE WITH MENATL HEALTH WHILE SERVING IN THE NAVY.

Der Münchener Rechts­an­walt Dr. Harald von Herget wurde im März 2021 in den Bundesvorstand der Basis gewählt. Als Medien- und Kommunikationsbeauftragter, gibt der Fachanwalt für gewerblichen Rechtsschutz in dieser Podcastfolge, einen Einblick in seine neue ehrenamtliche Arbeit. Inspiriert von Helmut Schmidt und der Verantwortungsethik, ist es für ihn zu einer Leidenschaft geworden, sich für das Recht in Politik und alle weiteren Lebensbereiche einzusetzen. Sein Lösungsansatz Ansatz ist dabei glasklar und er ist der Auffassung, dass Alle die für Einigkeit, statt gesellschaftliche Spaltung stehen, sich zusammenschließen mögen um dieses Land zu reformieren. Unsere Politik braucht eine neue Basis. Eine transparente, eine gerechte, eine ethische Basis. https://diebasis-partei.de diebasis auf youtube: https://www.youtube.com/channel/UCN_VDT9sfpp43culPLOjIbQ

Zach has his buddy Jake Herget on the show to discuss the NCAA Championship, MLB, and The Masters. You will not want to miss this conversation!

Propad spotřeby cestovního ruchu v letošním roce může dosáhnout téměř sta miliard korun. Celková ztráta se započtením poklesů tržeb v navazujících odvětvích dokonce až dvou set miliard. Vyplývá to z expertních propočtů, které pro Českou centrálu cestovního ruchu zpracovala společnost Economic Impact. CzechTourism bude svoji pomoc směřovat především do digitalizace a efektivní marketingové podpory regionů a podnikatelů v cestovním ruchu.

Propad spotřeby cestovního ruchu v letošním roce může dosáhnout téměř sta miliard korun. Celková ztráta se započtením poklesů tržeb v navazujících odvětvích dokonce až dvou set miliard. Vyplývá to z expertních propočtů, které pro Českou centrálu cestovního ruchu zpracovala společnost Economic Impact. CzechTourism bude svoji pomoc směřovat především do digitalizace a efektivní marketingové podpory regionů a podnikatelů v cestovním ruchu.

Nach dem Abitur hat Dennis Herget ein Duales Studium im Bereich BWL bei der Tech-Kette Media Markt angefangen und 2011 erfolgreich abgeschlossen und danach den Schritt in die große Metropole gewagt, um als Personalberater tätig zu werden. Seit 2012 betreut er, in der Rolle des Personalberaters bei Computer Futures, Kunden und Kandidaten (Fach- und Führungskräfte) gleichermaßen im Rahmen der Festanstellung. Seine Themenfelder sind dabei, wie auch bei seinen Kollegen, sehr spezifisch aufgesetzt: Business Intelligence, Data Warehouse, Data Analytics & Data Science. Mit Kai bespricht Dennis den Ablauf der Personalgewinnung von Seiten der Bewerber als auch der Unternehmen. Er gibt Einblicke in die Kosten, die dabei für Unternehmen entstehen, wo er die Interessenten findet und verrät uns, welche Branche eigentlich am besten zahlt. Was ist derzeit der gefragteste Job und welche notwendigen Qualifikationen sind hier gefragt? Außerdem bekommen wir spannende Karriere-Empfehlungen für jedes berufliche Level - ob Studienabgänger oder Senior - und erfahren, ob es gut ist lieber nur 2 oder 20 Jahre im gleichen Unternehmen zu bleiben.

Hostem Press klubu byl šéf státní agentury pro podporu cestovního ruchu Czech Tourism Jan Herget. Kde bude o prázdninách volno? Jak fungují vouchery do lázní? O tom byla v rozhovoru řeč.

„Češi teď mají obrovský zájem o cestování v tuzemsku. Na portálu kudyznudy.cz jim ukážeme nová turisticky neobjevená atraktivní místa.“ – míní šéf CzechTourismu Jan Herget.

„Češi teď mají obrovský zájem o cestování v tuzemsku. Na portálu kudyznudy.cz jim ukážeme nová turisticky neobjevená atraktivní místa.“ – míní šéf CzechTourismu Jan Herget.

816 Basketball presents The Greatest Games Podcast. Join us for Episode 13 as Coach Steven Herget of Leonia High School in Leonia, NJ talks with us about his greatest game.   Learn about his journey as an outstanding prep player in Bergen County to becoming one of the youngest head coaches in the area. Steven brings great compassion, competitiveness and maturity to the gym.   Share, subscribe and leave us a 5 star review if you enjoy! Give us a follow on social media:  @816Basketball on Twitter and Instagram!

S Janem Hergetem, ředitelem agentury CzechTourism o tom:* jaké jsou jeho odhady, kdy se "otevřou hranice" pro zahraniční turisty* jestli v letošním roce budou Česi více cestovat po Čechách* co chystá CzechTourism, aby podpořil domácí cestovní ruch Support the show (https://www.facebook.com/groups/2325283764213733/)

This week Jason's got an interview that all you ladies out there will especially relate to with Ashlee Herget. Don't tune out just yet though gents; I related to Ashlee's story in a way I didn't expect and though I know I shouldn't be surprised by now; the universal struggles that unite our collective experience as people in, or contemplating recovery show up early and often in Ashlee's story. Just shy of 3 years clean and sober, Ashlee brings her story to us in a disarmingly frank and vulnerable retelling of her journey to recovery rife with fits of inadequacy; shame, family turmoil and knock down drag out bouts of addiction and alcoholism – all from the female perspective. So to all you ladies out there bringn' your sober on the daily, this one's for you and for every single one of us there's a whole lot recovery wisdom and insight about to be heard regardless of what gender you happen to identify with so Listen Up. Book recommendations: Jesus Calling- by Sarah Young https://www.jesuscalling.com/books/jesus-calling/ The Body Keeps the Score- by Bessel van de Kolk https://www.penguinrandomhouse.com/books/313183/the-body-keeps-the-score-by-bessel-van-der-kolk-md/ Best advice: "You hit the bottom when you stop digging" "Nothing is too damaged that recovery can't fix" Contact info Ashlee.herget@minnesotarecovery.org --- Send in a voice message: https://anchor.fm/the-way-out-podcast/message

You could say Aletheia Hunn left a corporate career for a month in India to learn yoga and never looked back. But that would be leaving out all the juicy details – including the often overlooked tough (but necessary) bits along the way to figuring out what lights us up. She spent a decade working for big health charities until following her urge to create something on her own that could incorporate her passion for more of a “yogic” approach to life. Her business, Founded Wellness, now supports people to find more wellbeing in the workplace. She says that “experiencing joy is also a practice” and part of our wellbeing.What we talked about:•How exposure to entrepreneurship early in Aletheia’s career planted the seed for wanting to create something of her own one day•Why allowing all of our emotions to happen actually helps us move forward•How Aletheia starting to tune into what she really enjoyed doing (and how it helped her make better decisions)•How to know when you’re ready for something new•Aletheia’s love for travel and what it’s given herGet full show notes and more information here: https://thedaisypatch.co.uk/podcast

124: Alexandra Herget ist eine der beiden Gründerinnen von Tutaka. TUTAKA steht für nachhaltiges Gastgebertum. Das Hamburger Unternehmen wurde im Sommer 2018 von Franziska Altenrath und Alexandra Herget gegründet und verfolgt einen ganzheitlichen Ansatz: Auf einem digitalen Marktplatz finden Hoteliers, Gastronomen und Veranstalter ein breites Sortiment an ecoistischen und innovativen Produkten und Dienstleistern. Logisch, dass auch das Hotelgewerbe nachhaltig denkt und handelt, oder?! Leider ist das bisher noch nicht überall so. Den beiden Frauen, hat “MAN” am Anfang immer wieder gesagt, dass ihre Idee nicht funktionieren wird. Doch sie sind am Ball geblieben und haben einen Weg gefunden. Diese Folge ist für Dich, wenn Du jemals nur 1% ans Aufgeben gedacht hast! Danke wie immer, dass Du den Podcast hörst und mir erlaubst, ein Teil Deiner Welt zu sein. Links zu Tutaka: https://www.instagram.com/tutaka.island/ https://www.facebook.com/tutaka.island/ Wichtige Links: Female Power Gründerinnen Gruppe: https://www.facebook.com/groups/jeaninehurte/ Kostenlose Tipps für Dich: https://www.jeaninehurte.com

Ludger Herget mietet mit seinem Co-Founder gewerbliche Flächen in Berlin an und gestaltet flexible Wohn-Arbeits-Event-Unterkünfte. Je nach Bedarf sind seine Unterkünfte unterschiedlich nutzbar.  Seine Gäste Zielgruppe: Arbeitsteams von ca. 4 Personen, die für ein paar Tage beruflich in Berlin sind und wohnen mit Arbeit verbinden möchten.  Bei Leerstand bietet er die wandelbare Fläche für Kunstausstellungen, oder Workshops benachbarter Firmen an. Durch diese offenen Türen kommt er mit Nachbarn in Kontakt und fördert die Akzeptanz, bietet jungen Künstlern eine Bühne und erfüllt die strengen Vorgaben Berliner Behörden.    Darüber hinaus engagiert sich Ludger sehr und gründete für Gastgeber das Netzwerk "Better Hosting Berlin". Berliner Gastgeber können sich hier austauschen, gegenseitig unterstützen und noch professioneller werden.    Diese Folge hat es in sich. Es geht nicht nur um AirBnb und Co. Es geht viel mehr um Mut, Kreativität, Anders Denken, Gäste Erlebnisse, lokales Engagement, Community Aufbau. Es weht frischer Hauptstadt-Wind durch diese Folge, gespickt mit zukunftsweisenden Ideen. Viel Vergnügen!   Alle Wege zu Ludger:  Better Hosting Facebook: https://www.facebook.com/groups/betterhostingberlin/ Persönliche Treffen Better Hosting Berlin:  http://meetu.ps/c/3SM2q/v6kHQ/d  https://www.facebook.com/oomph.apartments/ Instagram: Work&Living https://work-and-living.de/ Email: Ludger@work-and-living.de    

Website: http://www.katrinherget.at Instagram: Katrin Daniel DU willst mich Supporten dann klicke auf diesen Link: https://www.patreon.com/gainsforyourbrain https://gains-for-your-brain.jimdosite.com Website TikTok LinkedIn YouTube Mein Equipment: Mikrofon: https://amzn.to/2vnlTTr * Kamera: https://amzn.to/2vs2gcD * Speichermedium: https://amzn.to/39ns4FC * Laptop: https://amzn.to/39tGfZZ * Adapter: https://amzn.to/3bsYd0q * (*) Alle amzn.to Links sind sind Amazon Affiliate Links. Werden Käufe über diese Links getätigt, erhält der Linkersteller eine Provision von Amazon. Der Preis für den Käufer (euch) ändert sich dadurch natürlich nicht. :)

Ep 118 | 12/14/18 Eric Herget was born in Paragould and attended Catholic High School in Little Rock, Arkansas. Eric has a bachelor's degree in marketing from the University of Arkansas at Little Rock. Eric's father may have taught him the most important lesson of business. "You have to give to the community," Herget said. You have to work hard for the community you live in." That philosophy led him to success in business - such as when he finally nailed down the account for a Fortune 200 utility company after seven years. Last year Herget purchased Terry's Finer Foods and recently renamed it Heights Corner Market. Read more: https://www.flagandbanner.com/radio-show/eric-herget-episode-118.asp

Povestioara lui Chiț și Ronț este una plina de aventuri, aventurile unui naufragiu cu peripetii. Deși au păreri diferite, cei doi sunt cei mai buni prieteni. --- Support this podcast: https://anchor.fm/Treasure-Monkey/support

Dr. Herget is a Senior Physical Therapist, Board Certified Sports Clinical Specialist, Certified Strength and Conditioning Specialist, Certified Clinical Instructor and Certified Emergency Medical Responder at the MGH Sports Medicine Center. She is a member of the New England Patriots Medical Staff and serves as the Concussion Rehabilitation Consultant to the Boston Bruins, Boston Red Sox, New England Revolution, Home Base Program and the MGH Sports Concussion Clinic. She received her Bachelor of Arts degree in Theatre and Psychology from Wheaton College in 2000, her Masters in Education degree from SUNY in 2005, her post baccalaureate pre-med certificate from Hunter College in 2006 and her Doctor of Physical Therapy degree from MGH Institute of Health Professions in 2009.Dr Herget’s practice includes rehabilitating athletes who have sustained a sports concussion, most specifically evaluating and treating high school through professional level athletes with concussions and assisting in their safe return to play. Her clinical expertise is in the cervicogenic contributions and visuo-vestibular treatment of athletes and military personnel who sustain concussions as well as the progression of exercise through exertional protocols. Her research has focused on management of athletes with post-concussion syndrome and the efficacy of pre-season and post-season visuo-vestibular testing to aid in return to play decision making, alternative exercise testing protocols, atypical mTBI presentations and considerations in the military population as well as managing care for the female athlete triad diagnosis. She has lectured nationally on the topics of concussion and the non-acute management of athletes with post-concussive syndrome Additionally; Dr. Herget focuses her orthopaedic practice on the biomechanical assessment and management of lower quarter injuries.www.twitter.com/lenorehergetFind Dr. Herget at MGH Sports Concussion Clinic http://www.massgeneral.org/children/services/treatmentprograms.aspx?id=1689

Dr. Herget is a Senior Physical Therapist, Board Certified Sports Clinical Specialist, Certified Strength and Conditioning Specialist, Certified Clinical Instructor and Certified Emergency Medical Responder at the MGH Sports Medicine Center. She is a member of the New England Patriots Medical Staff and serves as the Concussion Rehabilitation Consultant to the Boston Bruins, Boston Red Sox, New England Revolution, Home Base Program and the MGH Sports Concussion Clinic. She received her Bachelor of Arts degree in Theatre and Psychology from Wheaton College in 2000, her Masters in Education degree from SUNY in 2005, her post baccalaureate pre-med certificate from Hunter College in 2006 and her Doctor of Physical Therapy degree from MGH Institute of Health Professions in 2009.Dr Herget’s practice includes rehabilitating athletes who have sustained a sports concussion, most specifically evaluating and treating high school through professional level athletes with concussions and assisting in their safe return to play. Her clinical expertise is in the cervicogenic contributions and visuo-vestibular treatment of athletes and military personnel who sustain concussions as well as the progression of exercise through exertional protocols. Her research has focused on management of athletes with post-concussion syndrome and the efficacy of pre-season and post-season visuo-vestibular testing to aid in return to play decision making, alternative exercise testing protocols, atypical mTBI presentations and considerations in the military population as well as managing care for the female athlete triad diagnosis. She has lectured nationally on the topics of concussion and the non-acute management of athletes with post-concussive syndrome Additionally; Dr. Herget focuses her orthopaedic practice on the biomechanical assessment and management of lower quarter injuries.www.twitter.com/lenorehergetFind Dr. Herget at MGH Sports Concussion Clinic http://www.massgeneral.org/children/services/treatmentprograms.aspx?id=1689

This is Part 1 of a 7-part series on Cognitive Aging. Sara Kofman, Public Policy Director, and Jenny Herget, Program Coordinator, both of the Alzheimer's Association-Oregon Chapter, walk us through Alzheimer's disease, the early warning signs, prevalence, research, advocacy, and the various care and support resources available to Oregonians.

This is Part 1 of a 7-part series on Cognitive Aging. Sara Kofman, Public Policy Director, and Jenny Herget, Program Coordinator, both of the Alzheimer's Association-Oregon Chapter, walk us through Alzheimer's disease, the early warning signs, prevalence, research, advocacy, and the various care and support resources available to Oregonians.

Born December 21st, 1990; Matthew Ryan Herget is an emerging self-taught artist from Miami, FL.  After attending University for two years, Herget opted to leave formal education to pursue his personal calling in life; to live as a contemporary explorer.  Herget's work is what he calls, a "constant collaboration" between himself at all points in his life. The evolution of his work mimics the evolution of his own self - a student of life, the mind, nature, and spirituality; Herget continues to explore anew without losing the childlike confidence that propelled him to the person he is today. Earlier paintings consist of juxtapositions of visual metaphors that tend to represent overcoming personal fears and limitations. These juxtapositions mix serious tones with playful imagery: an ode to finding who he is while at the same time never forgetting where he was.  Newer paintings jump in and out of the boundaries of form and abstraction. Occasionally paintings are figurative while others take the shape of full on abstraction: a reflection of where Matthew is currently in his personal journey. Matthew's process in the studio is that of high-energy and adventure. Paintings usually begin with no set concept and evolve into a dialogue of mark-making and feeling between the painter and painting. Dozens of paintings are often worked on at the same time and rotated throughout the studio. His painting style relies heavily on instinct, risk, and uncertainty. Things that are learned today may be dropped tomorrow in an effort to consistently keep oneself open to change and discovery. Herget's main focus is making the process the reward, and to allowing that process and inner voice to mold and evolve what comes of the process, as it pleases.  “Each piece is a journey in-and-of itself. I’m constantly trying to take it somewhere that I haven’t been before. The way I paint is kind of a metaphor for who I am, and why I’m here. It’s not about taking it to a point where you can see something; it’s about bringing it to a place where you can feel something. We all have a space suit on; whether it sits in the closet or goes to the moon is a choice we get to make. It’s a constant mission of finding ourselves. I think that pursuit is nurtured by consistently pushing ourselves further than we did yesterday. That’s how we change, grow, and evolve. That’s what these paintings are about. It’s pretty simple, but means a lot to me." Matthew Ryan Herget currently works out of Los Angeles, CA.  Topics Discussed In This Episode: Psychedelics opening up mental portals His adventures traveling Artist For Peace And Justice in Haiti Meditation and spirituality His love for Eckhart Tolle books Finding purpose as our work as an artist Learning from the ways animals interact www.artistdecoded.com www.instagram.com/artistdecoded www.twitter.com/yoshinostudios

Chef Shuttle owner and founder Ryan Herget stops by to chat about his hugely popular restaurant delivery business. Herget discusses how restaurants sign up, how Chef Shuttle helps bring them new customers and how his business model actually works. We also talk about his expansion into Northwest Arkansas and Tennessee, and why restaurant delivery isn't all Herget has his eye on.