Podcasts about rugged devops

The RSA Conference is just a month away. Once again RSAC promises to be the place where the world gathers around security. With upwards of 50,000 people attending, it is big by anyone's standard. If you haven't already registered, here is a code for $100 dollars off a full conference pass (all sessions), 1U9DEVOPSFD or get a free expo pass, 1U9DEVOPSXP DevSecOps will be center stage this year, literally. Shannon Lietz, the found of DevSecOps.org will be keynoting as well as leading a week long track on DevSecOps. Appearing with Shannon, is another leader of the DevSecOps community, James Wickett. James is the founder of the Rugged DevOps movement and a key member of the Signal Science team. Both James and Shannon are our guests in this DevOps Chat. Part 1 of this chat where with just Shannon is also available. In addition to the DevSecOps track all week, there is also the 5th annual DevOps Connect: DevSecOps Days on Monday, March 4th at Moscone, as part of RSAC. www.devopsconnect.com/event/devops-c…ays-rsac-2019/ www.devsecopsdays.com/2019-devsecops…s-sanfrancisco

The RSA Conference is just a month away. Once again RSAC promises to be the place where the world gathers around security. With upwards of 50,000 people attending, it is big by anyone's standard. If you haven't already registered, here is a code for $100 dollars off a full conference pass (all sessions), 1U9DEVOPSFD a free expo pass, 1U9DEVOPSXP DevSecOps will be center stage this year, literally. Shannon Lietz, the found of DevSecOps.org will be keynoting as well as leading a week long track on DevSecOps. Shannon is our guest in this DevOps Chat. Part 2 of this chat where we are joined by Rugged DevOps founder, James Wickett will follow this chat next. In addition to the DevSecOps track, there is also the 5th annual DevOps Connect: DevSecOps Days on Monday, March 4th at Moscone, as part of RSAC. https://www.devopsconnect.com/event/devops-connect-devsecops-days-rsac-2019/ https://www.devsecopsdays.com/2019-devsecopsdays-sanfrancisco

James Wickett is the man to go to for DevSecOps. The founder of the Rugged DevOps movement which has merged into the DevSecOps group, James is one of the most knowledgeable people on the subject of DevSecOps. In this DevOps Chat James shares his views on what is on the horizon for DevSecOps and what are the most important things we can do to make our teams more secure. Have a listen as James gives us his take. Also look for the video of this interview on DevOps.com

In this interview, Senior DevOps Program Manager Donovan Brown interviews Partner PM Manager Sam Guckenheimer about Rugged DevOps and DevOps Anti-patterns.Blog: DonovanBrown.comFollow @DonovanBrown Follow @SamGuckenheimer

In this interview, Senior DevOps Program Manager Donovan Brown interviews Partner PM Manager Sam Guckenheimer about Rugged DevOps and DevOps Anti-patterns.Blog: DonovanBrown.comFollow @DonovanBrown Follow @SamGuckenheimer

You just have to accept it. The hackers are going to get in. The question is, what are you going to do once they are in? In preparation for Sam Guckenheimer's session at Rugged DevOps, RSA Conference 2016, I spoke with Sam about his work at Microsoft and how his team is working on Security War Games to keep things in check. About Sam Guckenheimer Sam Guckenheimer is Product Owner for the Microsoft Visual Studio Cloud Services, including VS Team Services and Team Foundation Server. He focuses on DevOps, Agile and Application LifeCycle Management (ALM). His most recent talk: From Box to Cloud at Gartner AADI 2015 is available at https://gartner.mediasite.com/Mediasite/Play/a246d6f2d86f47dab8fc4ee49887b5f81d. Sam is the author of three books, most recently Visual Studio Team Foundation Server 2012: Adopting Agile Software Practices: From Backlog to Continuous Feedback. Prior to joining Microsoft in 2003, Sam was Director of Product Line Strategy at Rational Software Corporation, now the Rational Division of IBM. Sam lives in the Seattle area with his wife and three children in a sustainable house they built that has been described in articles in Metropolitan Home and Pacific Northwest magazine.

After John Willis' keynote session next week at Rugged DevOps during RSA Conference 2016, he says he's going to grab a front row seat because he's so excited about the line up. In this interview, I talk with John about his relationship with Josh Corman and how they started working together. We talk about security as part of the software supply chain, the part Docker plays in the reference architecture picture for enterprise DevOps and how the developer world has changed in the past 5 years. About John Willis John Willis has worked in the IT management industry for more than 35 years. Currently he is an Evangelist at Docker Inc. Prior to Docker Willis was the VP of Solutions for Socketplane (sold to Docker) and Enstratius (sold to Dell). Prior to to Socketplane and Enstratius Willis was the VP of Training & Services at Opscode where he formalized the training, evangelism, and professional services functions at the firm. Willis also founded Gulf Breeze Software, an award winning IBM business partner, which specializes in deploying Tivoli technology for the enterprise. John has authored six IBM Redbooks for IBM on enterprise systems management and was the founder and chief architect at Chain Bridge Systems.

Josh Corman (Sonatype, Rugged DevOps, I am the Cavalry) joins John and Damon for a chat about why security means more than preventing theft and can't be separated from quality, why the software supply chain can literally be about life or death, wanting to be a superhero, burnout, and more. Show notes at http://devopscafe.org

Show Notes: http://securityweekly.com/wiki/index.php/Episode301 Answers to Allison's Puzzle Contest, Paul's Stories: 100,000 Vulnerabilities - Security vulnerabilities measured in numbers is sometimes a scary thing. At some level there you can prove strength or weakness in numbers. If you count vulnerabilities, for better or worse, how are you qualifying them? Severity? Exploitability? Ubiquity? All those things, and more, can impact your view on the matter, in fact it can make it matter, or not. The point being, try not to play the numbers game. There is a "shit ton" of vulnerabilities out there, and what we do to prevent them from happening in the first place and how we deal with them in the real world is what matters. Schneier on Security: CSOs/CISOs Wanted: Cloud Security Questions - This is one topic which we did not debate, that is the cloud. I think, like security vs. obscurity, its a simple solution on the surface. For example, if you care about your data, don't store it in the cloud. Similarly, if you care about the security of anything, don't just obscure it, secure it. Wow, that sounds even cheesier than I thought. Secret account in mission-critical router opens power plants to tampering | Ars Technica - This speaks to the continued lack of awareness in device manufacturers when it comes to security. I'm baffled that they have not solved the problem. The common problems they have, such as easily exploitable vulnerabilities, are easy to fix. It requires two things: Awarenesss training for developers and QA (ala Rugged/DevOps) and regular security assessments. In the grand scheme of things, it doesn't cost all that much. In the end, you produce a better product. Hopefully the market has changed, and customers value security as one component of a great product. Or maybe I live in a dream world... The Social-Engineer Toolkit (SET) v3.7 Street Cred has been released. « - Java 0-Day is in SET. Coupled with the other Java payloads, this ensures your phishing success. On the defense side, I disagree with everyone saying "Disable Java" or "Disable Flash". There is going to be users that require this technology. Those are the users we will target. Sure, it reduces your attack surface, and that does help. But I believe what people miss the boat is just how deep "security" needs to go. Its more than layers. Its more than awareness and technology. Its about doing all sorts of things to keep your organization resilient to attacks, and having a plan to deal with successful attacks and minimize damage. Cracking Story – How I Cracked Over 122 Million SHA1 and MD5 Hashed Passwords « Thireus' Bl0g - Nice crack...ing. BYOD creates generation of workaholics - Saying that BYOD adds 20 hours to your work week is ridiculous. How much work can you really get done on your smartphone? If your spending that much time in email or some such thing, you need to re-evaluate your strategy. Devices and technology should make you more productive or your doing it wrong. However, it does increase the threat landscape. 3 security mistakes your management is making now - I have to say, and this usually never happens, I agree with Roger, at least on the first point of testing vendor products. I think a lot of people get this wrong. It goes deeper than what Roger stated. Sure, you should test out products before you buy them, and even use them on real production networks. Also, you have to understand your problems, develop requirements, and research the right way to test, install and configure the said products. Many don't do this and end up with the wrong products for the wrong reasons. Along these lines, products that work for others may not work for you, so don't put too much stake in what works for others. I also agree that priorities couldn't be more wrong. Attacker are successfully phishing you, so lets buy an IPS and firewall. WTF? The whole thing about "drift" is bit puzzling, but I think it just needs better clarification. Configuration management is important. The first thing most do wrong is never define a secure configuration. If you've made it that far, most don't do much to keep the systems in a secure state. The toughest organizations to break into are ones that have a secure config and work to keep systems that way. [papers - How to Use PyDbg as a Powerful Multitasking Debugger] - Love the Python debugger, just sayin'.