Podcasts about shift left

When it comes to securing software, most developers feel like they're playing catch-up instead of setting the rules.Tanya Janca (SheHacksPurple), author of "Alice and Bob Learn Secure Coding," brings her 28 years of IT and security expertise—spanning counter-terrorism to enterprise training—to Dev Interrupted. She unpacks the common pitfalls teams face when security is treated as an afterthought, highlighting the developer frustration of being held accountable for security without the tools or knowledge needed to succeed.Explore how transforming security from a final gate into an ongoing practice saves money, reduces conflict, and builds better software through clear requirements and true developer empowerment. Tanya provides concrete advice for developers and leaders on creating internal knowledge libraries, fostering continuous learning habits, and critically evaluating AI-generated code to ensure it meets security standards. Speaking of AI's growing role, we're curious how it's reshaping workflows across the industry. Share your own experiences with AI adoption by taking our quick survey to discover your spot on the adoption graph (and what you can do to level up).Check out:Beyond Copilot: Gaining the AI AdvantageSurvey: Discover Your AI Collaboration StyleFollow the hosts:Follow BenFollow AndrewFollow today's guest(s):Website: SheHacksPurpleLinkedIn: Tanya JancaBook: Alice and Bob Learn Secure CodingReferenced in today's show:Shopify CEO says staffers need to prove jobs can't be done by AI before asking for more headcountAnthropic flips the script on AI in education: Claude's Learning Mode makes students do the thinkingCelebrate 50 years of Microsoft with the company's original source codeSupport the show: Subscribe to our Substack Leave us a review Subscribe on YouTube Follow us on Twitter or LinkedIn Offers: Learn about Continuous Merge with gitStream Get your DORA Metrics free forever

On this episode of The Tech Trek, we're diving deep into the intersection of engineering, product, and business thinking with Vineet Goel — Co-Founder and Chief Product & Technology Officer at Parafin, a fast-growing fintech startup powering small businesses on platforms like DoorDash, Amazon, and Walmart.We unpack what it really means to build a company where engineers are product thinkers, why bringing in product managers too early can backfire, and how AI is reshaping what it means to write code — and who's best positioned to thrive in this new world.Vineet shares how Parafin scaled with just two PMs to 25 engineers, why every engineer shadows customer support calls, and how GenAI might collapse the wall between product and engineering entirely.Whether you're an engineer, product leader, founder, or just curious where the future of tech orgs is headed — this conversation is packed with insights you won't want to miss.

No episódio 163 do Kubicast, conversamos com o especialista em segurança Robson, que compartilha experiência prática sobre como integrar segurança desde o início do ciclo de desenvolvimento. Abordamos temas essenciais como DevOps, DevSecOps, desenvolvimento seguro, segurança na nuvem, e as melhores práticas para ambientes  Kubernetes e Cloud Native.Confira os principais temas abordados neste episódio:  Desafios e Certificações em SegurançaIntegração entre Desenvolvimento, Operações e SegurançaSAST, DAST e Ferramentas Open SourceModelagem de Ameaças e Estratégias de MitigaçãoSegmentação de Rede e Políticas de Segurança no KubernetesRecomendações Práticas e Cultura de ResiliênciaEncerramento e Convite para a ComunidadeComente abaixo suas dúvidas e experiências, curta e compartilhe este vídeo para ajudar nossa comunidade a crescer. Para saber mais, confira os links dos recursos e certificações mencionados no vídeo.**Links Úteis:**  https://linkedin.com/company/getupcloudhttps://www.linkedin.com/in/juniorjbn/https://www.linkedin.com/in/medrobson80/Inscreva-se para mais conteúdos sobre #DevOps, #DevSecOps, #Kubernetes, #CloudNative, #Containers e #Segurança!O Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

In episode 129 of Cybersecurity Where You Are, Sean Atkinson discusses best practices for embedding cybersecurity in project management. Here are some highlights from our episode:01:34. Elements for connecting the dots between cybersecurity risk assessment and project risk assessment03:06. How our conceptualization of a project changes under a zero trust implementation04:02. What security may look like in a Waterfall vs. Agile approach to project management06:26. The importance of resources and stakeholders in managing any project08:34. Scope creep and other challenges of embedding cybersecurity in project management15:45. How continuous monitoring and other best practices can help us to overcome these hurdles25:30. How cybersecurity can inform projects involving generative artificial intelligenceResourcesEpisode 105: Context in Cyber Risk QuantificationQuantitative Risk Analysis: Its Importance and ImplicationsHow Risk Quantification Tests Your Reasonable Cyber DefenseEpisode 44: A Zero Trust Framework Knows No EndHow to Construct a Sustainable GRC Program in 8 StepsEpisode 33: The Shift-Left of IoT Security to VendorsEpisode 120: How Contextual Awareness Drives AI GovernanceIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In this episode, Amir is joined by Sachin Nene to explore what it really takes to thrive as a modern CTO. Sachin shares actionable strategies for balancing vision and execution, managing relationships with CEOs and fellow executives, and staying relatable and credible with engineering teams. They dive deep into the challenges of expectation management, engineering metrics, and how AI tools like LLMs are reshaping the future of engineering leadership.Whether you're already in a leadership role or aspiring to step up, this conversation is packed with practical insights tailored for today's fast-moving tech landscape.Key Takeaways:The CTO as a Strategic Subcontractor: Sachin redefines the CTO role as the "subcontractor" within the C-suite — fully responsible for delivery without burdening non-technical peers with unnecessary details.Balancing Vision & Execution: Effective CTOs master both managing expectations upwards and maintaining technical credibility downward, acting as the glue between business goals and engineering execution.Building Trust with Engineering Teams: Staying relatable means understanding current trends (like LLMs), engaging in technical brainstorming, and being able to advocate for the team at any level.Avoid Over-Optimizing Metrics: Sachin warns against over-indexing on engineering metrics (e.g., DORA metrics) when they risk detaching teams from meaningful business impact.Future-Proof Engineering Leadership: With AI's influence growing, CTOs must rethink hiring profiles and team structures, moving toward polyglot engineers who can flex between product, business, and technical hats.Timestamped Highlights:[00:00] Introduction & Overview: Sachin's journey from Upside CTO to launching fractional CTO services.[01:00] CTO Relationship with C-suite: Why the CTO operates differently from other executives, and why it's akin to a subcontracted role.[03:00] Balancing Business & Technical Leadership: How Sachin keeps one foot in business strategy and one in technical leadership.[07:00] Staying Relatable to Engineering Teams: Practical ways to stay connected—personal research, whiteboarding sessions, and knowing when to step into the technical weeds.[10:00] Translating Strategy into Metrics: The difficulty of measuring engineering success without losing sight of broader goals.[14:00] Dangers of Over-Optimizing Metrics: The risk of becoming overly process-driven and detached from actual business outcomes.[16:00] Technology-Driven Revenue Opportunities: How a CTO ensures technology investments align with business shifts, particularly in SaaS models.[19:00] Preparing for the AI Shift: Why LLMs and AI tools require a new type of engineering team and leadership approach.[22:00] The Shift Left in Engineering: Why tomorrow's engineers need to think more like product managers and business leaders.Featured Quote:"The ideal CTO is the king or queen of expectation management—balancing business impact with technical trust, without getting lost in jargon or micromanagement." — Sachin NeneLinks:Connect with Sachin on LinkedIn: https://www.linkedin.com/in/sachinnene/Learn more at sachinnene.comCall to Action:

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Today, we sit down with Karthik Natarajan, Solutions Engineering Manager, U.S. Public Sector, for SNYK. SNYK has garnered a formidable reputation in the commercial sector by helping to identify and fix vulnerabilities in code, open-source dependencies, and container images. Karthik Natarajan acknowledges that no code can be 100% secure; however, one way to improve by a magnitude is to incorporate the “Shift Left” approach. This phrase has been around for twenty years but has recently gained momentum. The concept of shift left moves testing and performance evaluation to an earlier part of the software development lifecycle. But SNYK goes further by applying AI to look at open-source dependencies. When infrastructure transitions to “infrastructure as code,” vulnerabilities may be included. SNYK also looks for vulnerabilities in infrastructure code. The interview ends with Karthik explaining that SNYK's success is due to it being written for cloud applications- it is cloud native.  Also, they judiciously use AI and rigorously check corrections to code that may introduce trouble.    

APIs are a fundamental part of modern software systems and enable communication between services, applications, and third-party integrations. However, their openness and accessibility also make them a prime target for security threats, and this makes APIs a growing focus on software teams. StackHawk is a company that scans and monitors source code to obtain the The post StackHawk and Shift-Left API Security with Scott Gerlach appeared first on Software Engineering Daily.

APIs are a fundamental part of modern software systems and enable communication between services, applications, and third-party integrations. However, their openness and accessibility also make them a prime target for security threats, and this makes APIs a growing focus on software teams. StackHawk is a company that scans and monitors source code to obtain the The post StackHawk and Shift-Left API Security with Scott Gerlach appeared first on Software Engineering Daily.

'Shift Left' feels like a cliché at this point, but it's often difficult to track tech and security movements if you aren't interacting with practitioners on a regular basis. Some areas of tech have a longer tail when it comes to late adopters and laggards, and application security appears to be one of these areas. In this interview, Jenn Gile catches us up on AppSec trends. Segment Resources: Microsoft Defender for Cloud Natively Integrates with Endor Labs 2024 Dependency Management Report How to pick the right SAST tool Show Notes: https://securityweekly.com/esw-395

'Shift Left' feels like a cliché at this point, but it's often difficult to track tech and security movements if you aren't interacting with practitioners on a regular basis. Some areas of tech have a longer tail when it comes to late adopters and laggards, and application security appears to be one of these areas. In this interview, Jenn Gile catches us up on AppSec trends. Segment Resources: Microsoft Defender for Cloud Natively Integrates with Endor Labs 2024 Dependency Management Report How to pick the right SAST tool Show Notes: https://securityweekly.com/esw-395

In this episode, we interview Dylan Thomas, senior director of product engineering at OpenText Cybersecurity, about the evolution from shift left to shift everywhere.At the end of 2024, he predicted: "In 2025, DevSecOps will continue evolving beyond the ‘shift-left' paradigm, embracing a more mature ‘shift everywhere' approach. This shift calls on organizations to apply the right tools at the right stages of the DevSecOps cycle, improving efficiency and effectiveness in security practices. Lightweight analysis in IDEs will help developers catch issues early, while automation integrated into pull requests and CI/CD pipelines will ensure a cohesive ‘integrate once' approach for core functions such as SAST, SCA, and increasingly DAST, particularly for API security testing."We interviewed him about his predictions, and talked about: What shift everywhere isWhy people are wanting to transition to this new approachHow to get started with shift everywhere

Automatisierung durch KI oder Expertise durch Wissen? Die Zukunft des B2B-Service liegt in der Balance: Effizienz durch KI und nachhaltiger Wissensaufbau für kundennahen, spezialisierten Support.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com “Efficiency” seems like the new buzzword for federal technology in the next few years. When writing software sense, efficiency can mean writing code once and moving on to regular maintenance. However, we see security initiatives being mandated that cause developers to go back to previous stable systems and add code alterations to comply with new cyber threats. Even beginner efficiency experts will tell you the time and cost of operating in this manner can be expensive. Further, recording can add new bugs and risks, making the system more complex. Federal technology leaders from CISA have not lost sight of this. They have a “Secure by Design” initiative that addresses this issue. As in many tech concerns, the concern is how to accomplish this noble task. Today, we sit down with Nathan Jones from Sonar. He offers a solution that seeks to “shift left” the whole concept of security by design. His company provides systems that can review code to ensure its compliance. Further, he expands on an approach that can collaborate with developers while they write code. Nathan Jones gives listeners details about how Sonar's Qube can be deployed on a server, in the cloud, or with IDE. The benefits are ample: lower maintenance, minimizing risk, and allowing a focus on innovation rather than rewriting code.  

Many IC design teams struggle with tight deadlines and limited resources. The industry is constantly searching for new ways to improve efficiency without compromising design quality. While they might find tools that run incrementally faster, the real gains come from adjustments to the design flow – including what we call ‘shift-left' strategies that pull signoff-quality verification into the design implementation stage. Join our host, Eric Singer, for a compelling interview with David Abercrombie, Product Management Director of Artificial Intelligence & Licensing Applications at Siemens EDA.

The efficiency department hasn't arrived yet, but many agencies try and optimize costs already. A case in point the Office of Personnel Management. When thinking of new technology projects, OPM officials are trying to get a handler on potential costs earlier. I got more detail when I spoke with OPM's deputy chief information officer, Melvin Brown. Learn more about your ad choices. Visit podcastchoices.com/adchoices

In this episode of Resilient Cyber I will be chatting with industry leaders Tyler Shields and James Berthoty on the topic of "Shift Left".This includes the origins and early days of the shift left movement, as well as some of the current challenges, complaints and if the shift left movement is losing its shine.We dive into a lot of topics such as:Tyler and Jame's high-level thoughts on shift left and where it may have went wrong or run into challengesTyler's thoughts on the evolution of shift left over the last several decades from some of his early Pen Testing roles and working with early legacy applications before the age of Cloud, DevOps and MicroservicesJames' perspective, having started in Cyber in the age of Cloud and how his entire career has come at shift left from a bit of a different perspectiveThe role that Vendors, VC's and products play and why the industry only seems to come at this from the tool perspectiveWhere we think the industry is headed with similar efforts such as Secure-by-Design/Default and its potential as well as possible challenges

Wann sind Unternehmen auf der sicheren Seite, wenn es um die Entwicklung von digitalen Produkten geht? In dieser Episode spricht unser Host mit Jasmin Mair, Global Product Security Managerin bei Leica Microsystems, über die Bedeutung von Offenheit und Transparenz in der Sicherheitsbranche. Sie beleuchten, warum es so wichtig ist, Vorfälle transparent zu machen, und wie verantwortungsbewusste Offenlegung ("responsible disclosure") Unternehmen dabei unterstützt, sich besser zu schützen. Außerdem geht es um den Secure Software Development Life Cycle (SDLC) und Konzepte wie Shift Left und Secure by Design. Was bedeutet es, wenn Penetrationstests frühzeitig – also nach links – in den Entwicklungsprozess integriert werden? Und welche Vorteile bringt das mit sich? Ein weiterer spannender Aspekt: Threat Modeling. Oft als rein technische Entwickleraufgabe gesehen, wird in dieser Folge diskutiert, wie auch andere Abteilungen, wie z.B. der Vertrieb, in den Prozess eingebunden werden können – und warum es so einen Spaß machen kann, in die Rolle des Angreifenden zu schlüpfen und zu überlegen: Was könnte der Angreifer tun (wollen)?

Professor Martin Curley, a well-known and respected figure in the world of digital health and innovation, joins VistaTalks Host Simon Hodgkins. With an illustrious career spanning over three decades in IT and healthcare, Professor Curley is known for his forward-thinking initiatives in transforming healthcare systems worldwide. Currently a Professor of Innovation at Maynooth University, Curley brings a wealth of experience from his leadership roles at Intel, Mastercard, and the Health Service Executive (HSE) in Ireland. His expertise, as demonstrated in this insightful conversation, aims to redefine the future of global healthcare—something that could have profound implications for us all.

In this episode of the Podcast for Cultural Reformation, Pastor Nate Wright and Dr. Jeffrey Ventrella explore the intricate relationship between American constitutionalism and Christianity. They ask the question: "Is the Constitution Dead?" They discuss the historical foundations of America, the role of religion in the founding, the impact of rationalism, and the current state of constitutionalism in a nation that has largely rejected its Christian roots. Dr. Ventrella emphasizes the importance of Christians engaging in cultural and institutional power to effect change, advocating for a long-term, incremental approach to renewal and transformation. Episode Resources: TruthXchange: https://truthxchange.com/; Think Christianly about politics with the help of Dr. Boot's latest book "Ruler of Kings": https://ezrapress.ca/products/ruler-of-kings-toward-a-christian-vision-of-government; CHAPTERS:00:00 Opening: Introduction to American Constitutionalism00:30 Intro00:51 Welcome03:05 The Foundations of America: A Historical Perspective11:31 American Idea of the Separation of Church & State16:30 The Impact of Modernism/Rationalism on American Ideals20:37 Evolution and the Mutation of Law & Society24:33 Christianity's Influence on American Governance29:48 The Importance of a Biblical Anthropology in the U.S. Founding33:00 Current State of American Constitutionalism38:19 Why Do Insitutions Tend to Bloat and Shift Left?42:09 Christian Culture & Institutional Power44:27 Why Fight for American Constitutionalism?51:22 TruthXchange Information53:25 Conclusion & Mission of God Conference Information54:14 Outro UPCOMING CONFERENCES:Join us this October 31- November 2 @ The Presence of Christ Conference at Trinity Bible Chapel in Kitchener/Waterloo: https://mytrinitybiblechapel.churchcenter.com/registrations/events/2343549; The Mission of God Conferences: UK | Sat, 2 Nov 2024 10:00 - 17:30 GMT @ Birmingham City Centre: https://www.eventbrite.co.uk/e/mission-of-god-conference-2024-tickets-932486039847; Canada - Ontario | Saturday, Nov. 30, 2024, 9:00 EST @ Harvest Bible Church Windsor: https://brushfire.com/ezrainstitute/missionofgod2024-ontario/587020/details; Alberta | Saturday, Dec. 7, 2024, 9:00 MST@ Fairview Baptist Church: https://brushfire.com/ezrainstitute/missionofgod2024-alberta/587306. The WAIT is OVER!!! Pre-order your copy of the NEW updated and expanded version of Dr. Boot's Mission of God with a brand-new study guide! Get it here: https://ezrapress.ca/products/mission-of-god-10th-anniversary-edition; Got Questions? Would you like to hear Dr. Boot answer your questions? Let us know in the comments or reach out to us at https://www.ezrainstitute.com/connect/contact/; For Ezra's many print resources and to join our newsletter, visit: https://ezrapress.com. Stay up-to-date with all things Ezra Institute: https://www.ezrainstitute.com;Subscribe to Ezra's YouTube Channel: https://www.youtube.com/channel/UCPVvQDHHrOOjziyqUaN9VoA?sub_confirmation=1;Fight Laugh Feast Network: https://pubtv.flfnetwork.com/tabs/audio/podcasts/8297;Apple Podcasts: https://podcasts.apple.com/ca/podcast/ezra-institute-podcast-for-cultural-reformation/id1336078503;Spotify Podcast: https://open.spotify.com/show/0dW1gDarpzdrDMLPjKYZW2?si=bee3e91ed9a54885. Wherever you find our content, please like, subscribe, rate, or review it; it truly does help.

In this episode of the Podcast for Cultural Reformation, Pastor Nate Wright and Dr. Jeffrey Ventrella explore the intricate relationship between American constitutionalism and Christianity. They ask the question: "Is the Constitution Dead?" They discuss the historical foundations of America, the role of religion in the founding, the impact of rationalism, and the current state of constitutionalism in a nation that has largely rejected its Christian roots. Dr. Ventrella emphasizes the importance of Christians engaging in cultural and institutional power to effect change, advocating for a long-term, incremental approach to renewal and transformation. Episode Resources: TruthXchange: https://truthxchange.com/; Think Christianly about politics with the help of Dr. Boot's latest book "Ruler of Kings": https://ezrapress.ca/products/ruler-of-kings-toward-a-christian-vision-of-government; CHAPTERS:00:00 Opening: Introduction to American Constitutionalism00:30 Intro00:51 Welcome03:05 The Foundations of America: A Historical Perspective11:31 American Idea of the Separation of Church & State16:30 The Impact of Modernism/Rationalism on American Ideals20:37 Evolution and the Mutation of Law & Society24:33 Christianity's Influence on American Governance29:48 The Importance of a Biblical Anthropology in the U.S. Founding33:00 Current State of American Constitutionalism38:19 Why Do Insitutions Tend to Bloat and Shift Left?42:09 Christian Culture & Institutional Power44:27 Why Fight for American Constitutionalism?51:22 TruthXchange Information53:25 Conclusion & Mission of God Conference Information54:14 Outro UPCOMING CONFERENCES:Join us this October 31- November 2 @ The Presence of Christ Conference at Trinity Bible Chapel in Kitchener/Waterloo: https://mytrinitybiblechapel.churchcenter.com/registrations/events/2343549; The Mission of God Conferences: UK | Sat, 2 Nov 2024 10:00 - 17:30 GMT @ Birmingham City Centre: https://www.eventbrite.co.uk/e/mission-of-god-conference-2024-tickets-932486039847; Canada - Ontario | Saturday, Nov. 30, 2024, 9:00 EST @ Harvest Bible Church Windsor: https://brushfire.com/ezrainstitute/missionofgod2024-ontario/587020/details; Alberta | Saturday, Dec. 7, 2024, 9:00 MST@ Fairview Baptist Church: https://brushfire.com/ezrainstitute/missionofgod2024-alberta/587306. The WAIT is OVER!!! Pre-order your copy of the NEW updated and expanded version of Dr. Boot's Mission of God with a brand-new study guide! Get it here: https://ezrapress.ca/products/mission-of-god-10th-anniversary-edition; Got Questions? Would you like to hear Dr. Boot answer your questions? Let us know in the comments or reach out to us at https://www.ezrainstitute.com/connect/contact/; For Ezra's many print resources and to join our newsletter, visit: https://ezrapress.com. Stay up-to-date with all things Ezra Institute: https://www.ezrainstitute.com;Subscribe to Ezra's YouTube Channel: https://www.youtube.com/channel/UCPVvQDHHrOOjziyqUaN9VoA?sub_confirmation=1;Fight Laugh Feast Network: https://pubtv.flfnetwork.com/tabs/audio/podcasts/8297;Apple Podcasts: https://podcasts.apple.com/ca/podcast/ezra-institute-podcast-for-cultural-reformation/id1336078503;Spotify Podcast: https://open.spotify.com/show/0dW1gDarpzdrDMLPjKYZW2?si=bee3e91ed9a54885. Wherever you find our content, please like, subscribe, rate, or review it; it truly does help.

In this episode of the Podcast for Cultural Reformation, Pastor Nate Wright and Dr. Jeffrey Ventrella explore the intricate relationship between American constitutionalism and Christianity. They ask the question: "Is the Constitution Dead?" They discuss the historical foundations of America, the role of religion in the founding, the impact of rationalism, and the current state of constitutionalism in a nation that has largely rejected its Christian roots. Dr. Ventrella emphasizes the importance of Christians engaging in cultural and institutional power to effect change, advocating for a long-term, incremental approach to renewal and transformation. Episode Resources: TruthXchange: https://truthxchange.com/; Think Christianly about politics with the help of Dr. Boot's latest book "Ruler of Kings": https://ezrapress.ca/products/ruler-of-kings-toward-a-christian-vision-of-government; CHAPTERS:00:00 Opening: Introduction to American Constitutionalism00:30 Intro00:51 Welcome03:05 The Foundations of America: A Historical Perspective11:31 American Idea of the Separation of Church & State16:30 The Impact of Modernism/Rationalism on American Ideals20:37 Evolution and the Mutation of Law & Society24:33 Christianity's Influence on American Governance29:48 The Importance of a Biblical Anthropology in the U.S. Founding33:00 Current State of American Constitutionalism38:19 Why Do Insitutions Tend to Bloat and Shift Left?42:09 Christian Culture & Institutional Power44:27 Why Fight for American Constitutionalism?51:22 TruthXchange Information53:25 Conclusion & Mission of God Conference Information54:14 Outro UPCOMING CONFERENCES:Join us this October 31- November 2 @ The Presence of Christ Conference at Trinity Bible Chapel in Kitchener/Waterloo: https://mytrinitybiblechapel.churchcenter.com/registrations/events/2343549; The Mission of God Conferences: UK | Sat, 2 Nov 2024 10:00 - 17:30 GMT @ Birmingham City Centre: https://www.eventbrite.co.uk/e/mission-of-god-conference-2024-tickets-932486039847; Canada - Ontario | Saturday, Nov. 30, 2024, 9:00 EST @ Harvest Bible Church Windsor: https://brushfire.com/ezrainstitute/missionofgod2024-ontario/587020/details; Alberta | Saturday, Dec. 7, 2024, 9:00 MST@ Fairview Baptist Church: https://brushfire.com/ezrainstitute/missionofgod2024-alberta/587306. The WAIT is OVER!!! Pre-order your copy of the NEW updated and expanded version of Dr. Boot's Mission of God with a brand-new study guide! Get it here: https://ezrapress.ca/products/mission-of-god-10th-anniversary-edition; Got Questions? Would you like to hear Dr. Boot answer your questions? Let us know in the comments or reach out to us at https://www.ezrainstitute.com/connect/contact/; For Ezra's many print resources and to join our newsletter, visit: https://ezrapress.com. Stay up-to-date with all things Ezra Institute: https://www.ezrainstitute.com;Subscribe to Ezra's YouTube Channel: https://www.youtube.com/channel/UCPVvQDHHrOOjziyqUaN9VoA?sub_confirmation=1;Fight Laugh Feast Network: https://pubtv.flfnetwork.com/tabs/audio/podcasts/8297;Apple Podcasts: https://podcasts.apple.com/ca/podcast/ezra-institute-podcast-for-cultural-reformation/id1336078503;Spotify Podcast: https://open.spotify.com/show/0dW1gDarpzdrDMLPjKYZW2?si=bee3e91ed9a54885. Wherever you find our content, please like, subscribe, rate, or review it; it truly does help.

Traditionally, security checks and testing are performed towards the end of the software development lifecycle. However, discovering vulnerabilities at that stage can be costly and time-consuming. This observation has led to the shift-left movement, which advocates for implementing security testing earlier in the software development process. HoundDog AI is a startup focused on software to The post Shift-Left Security and Code Scanning with Amjad Afanah and Sudipta Mukherjee appeared first on Software Engineering Daily.

Traditionally, security checks and testing are performed towards the end of the software development lifecycle. However, discovering vulnerabilities at that stage can be costly and time-consuming. This observation has led to the shift-left movement, which advocates for implementing security testing earlier in the software development process. HoundDog AI is a startup focused on software to The post Shift-Left Security and Code Scanning with Amjad Afanah and Sudipta Mukherjee appeared first on Software Engineering Daily.

Have you seen how AI can help you with ETL testing? How do you create a simple and effective end-to-end (E2E) test architecture using Playwright. Is shift-left Dead? Find out in this episode of the Test Guild New Shows for the week of July 7th  So, grab your favorite cup of coffee or tea, and let's do this. Time News Title Rocket Link 0:28 AI to Simplify and Speed Up ETL Testing https://testguild.me/ra3dka 1:22 Ally cypress plugin https://testguild.me/pk181h 2:17 AI tool test case creator https://testguild.me/qqve0f 2:58 AI  Power Automate https://testguild.me/z7kf55 3:56 Test Architecture with Playwright https://testguild.me/a7id3u 5:26 Playwright v1.45 is out https://testguild.me/cd3g5u 6:24 Shift Left is dead https://testguild.me/7ap7ar 7:33  App Security I to Cloud SecOps https://testguild.me/ug7h8o

When Docker restructured, the company went back to its roots: super-serving developers. CTO Justin Cormack says that's why the company is developer-obsessed, not customer-obsessed: “We really wanted to focus on the fact that it's the developer who loves Docker. It's the developer who is going to be using Docker every day…” Over the past decade, Docker exploded in popularity as companies moved to cloud and adopted software containers as they did... but the company struggled as a business and, five years ago, made massive changes: “When we restructured people were like, `Well, I kind of hope this works, but I doubt it will.`” Well, it's working. Docker is now bigger than ever and growing.On this episode of CRAFTED... We'll discuss developer productivity, how Docker continues to build new products to improve it, and why so many organizations are in an awkward phase, with too many responsibilities being put onto the developer. We'll also look beyond the container to new vectors of growth, including helping companies put GenAI to production. Plus, Justin will share tips for developers on how they can better communicate their needs. And what CFO-types can do in return: “the one thing they can do is actually listen to the developers!”***Key Moments:[3:13] Why Docker needed to restructure and refocus and why the turnaround has been a success[04:52] Why Docker is “developer-obsessed” not “customer-obsessed” [6:13] Docker's explosive growth in its early years: containers, the cloud and microservices[08:48] Docker's Successful Restructuring and Product Development[11:22] “Shift Left” and why this trend of putting more responsibility onto developers earlier and earlier in development is great, but also can put too much pressure on developers, who need to be supported[13:53] How Justin and team prioritize Docker's roadmap [16:48] AI: How Docker is helping its client build RAG and other GenAI apps, and the tricky infrastructure needed to support them[19:38] Developer productivity and the importance of the inner loop[27:01] Developers love their laptops! And why Windows machines have become so popular[30:40] How to talk so your CFO will listen and the rise of business-focused engineers***CRAFTED. is brought to you in partnership with Docker, which helps developers build, share, run and verify applications anywhere – without environment confirmation or management. More than 20 million developers worldwide use Docker's suite of development tools, services and automations to accelerate the delivery of secure applications. CRAFTED. is produced by Modern Product Minds, where CRAFTED. host Dan Blumberg and team can help you take a new product from zero to one... and beyond. We specialize in early stage product discovery, growth, and experimentation. Learn more at modernproductminds.com Subscribe to CRAFTED., follow the show, and sign up for the newsletter

Shifting left in product design empowers teams to make informed decisions early in the development process, significantly impacting cost, manufacturability, and sustainability. Using a digital copilot, designers can access expert insights and real-time data, enhancing their ability to create more efficient and effective products, thereby reducing downstream risks and accelerating time to market.

The privacy job market is booming, but landing your dream role requires more than just technical know-how. Without a clear roadmap and the right skills, your career aspirations can quickly get lost in the shuffle.Join us for an exclusive interview with Heather, a seasoned professional who will reveal the insider secrets to launching a successful career in privacy.In this episode, you'll discover:Proven strategies to outshine the competition and land your first privacy jobCreative ways to build a relevant portfolio and gain experience before getting hiredThe essential soft skills that will set you apart and accelerate your career growthTune in now and take the first step toward your dream job.Heather F. has had an extensive career in data privacy, advising organisations of all sizes on cutting-edge issues. She is currently the Head of Privacy and Product Counsel at Signifyd, where she manages and leads initiatives related to privacy evangelism, "Shift Left" implementation, data compliance and industry collaboration. Prior to joining Signifyd, Heather held leadership roles at global corporate enterprises such as Macy's Inc and American Express. Heather has served on advisory boards for FPF, IAPP's Privacy Section Bar and IAPP's Publications Advisory Board. She is a Certified Information Privacy Professional (CIPP/US), and admitted to practise law in New Jersey & New York. Outside of privacy, Heather enjoys leading guided meditations at New York Loves Yoga.Follow Jamal on LinkedIn: https://www.linkedin.com/in/kmjahmed/Follow Heather on LinkedIn: https://www.linkedin.com/in/heatherfederman/Subscribe to the Privacy Pros Academy YouTube Channel► https://www.youtube.com/c/PrivacyPros

When product development teams build new software tools and systems, they like to start with the end in mind by nudging quality assurance and security scanning closer to the early stages of the process. Paul Connaghan, Principal Application Security Consultant at RiverSafe in London, UK, says this “shift left” approach goes straight to the heart … The post 131 / Shift Left: Integrating a Security Mindset Early in the Software Development Life Cycle, with Paul Connaghan appeared first on ITX Corp..

In this week's episode of The Future of Security Operations podcast, Thomas is joined by Matt Johansen. Matt is a security veteran who has helped defend startups, the biggest financial companies in the world, and everything in between. Alongside his day job as Head of Software Security at Reddit, he teaches companies how to protect against cyber attacks, and coaches entrepreneurs and CISOs that need help with infrastructure, application, cloud, and security policies. He also writes Vulnerable U, a weekly newsletter that talks about embracing the power of vulnerability for growth. Thomas and Matt discuss: - Moving from a large security team at Bank of America to a small one at Reddit - Embracing scrappiness and doing more with less - Overcoming sunk-cost fallacy - Why the 2014 Sony hack was a pivotal time for AppSec - Running the threat research centre at White Hat - What he looks for when hiring in AppSec, the SOC and beyond - His decision to start creating content about mental health in security - Moving past imposter syndrome - Renouncing superhero culture - Paved paths and guardrails, and what comes next after "shift left" - Lessons learned from Reddit's 2023 security incident - The power of automating incident response   The Future of Security Operations is brought to you by Tines, the smart, secure workflow builder that powers some of the world's most important workflows. https://www.tines.com/solutions/security   Where to find Matt Johansen: Vulnerable U newsletter: https://vulnu.mattjay.com/ Twitter: https://twitter.com/mattjay LinkedIn: https://www.linkedin.com/in/matthewjohansen/ TikTok: https://www.tiktok.com/@vulnerable_matt Reddit: https://www.redditinc.com/ mattjay.com: https://www.mattjay.com     Where to find Thomas Kinsella:  Twitter/X: https://twitter.com/thomasksec LinkedIn: https://www.linkedin.com/in/thomas-kinsella/ Tines: https://www.tines.com/   Resources mentioned: The Tech Professional's Guide to Mindfulness by Matt Johansen: https://www.mattjay.com/blog/the-tech-professionals-guide-to-mindfulness Matt's piece on developer experience in the Vulnerable U newsletter: https://vulnu.mattjay.com/p/vulnu-003-courage-quit Reddit's post on a February 2023 incident: https://www.reddit.com/r/reddit/comments/10y427y/we_had_a_security_incident_heres_what_we_know/ Collaborative Incident Response Best Practices: Don't Rely on Superheroes by Matt Johansen: https://www.mattjay.com/blog/superhero-incident-response Threat modeling depression by Matt Johansen: https://www.mattjay.com/blog/threat-model-depression   In this episode: [02:14] Going from long-time Reddit user to employee [04:50] Running AppSec at Reddit [07:30] Being the internet's punching bag and boxing gloves [10:30] Building a team from scratch at White Hat and lessons learned from the 2014 Sony hack [15:10] Matt's approach to hiring [21:15] His decision to create content about mental health in security [23:20] Turning his Twitter network into his IRL network [27:55] Moving past imposter syndrome [30:00] Tools for safeguarding your mental health in incident response [36:20] Preserving work-life balance for his teams at Reddit [39:15] Moving past "shift left", and paved path to production and guardrails [47:40] Lessons learned from a February 2023 incident at Reddit [51:20] Renouncing superhero culture [52:20] Automating incident response [54:12] Connect with Matt  

Den Softwareentwicklungs-Prozess beschleunigen, indem mehr Arbeit auf die Entwickler abgewälzt wird?2024 ist das Jahr der Effizienz. Überall wird nachgesehen, was noch schneller und besser laufen kann. So auch bei der Softwareentwicklung. Denn dort ist allzeit bekannt: Umso später ein Fehler aufgedeckt wird, desto teurer ist seine Behebung. Deswegen wurde früh damit angefangen, nicht nach der Softwareentwicklung das Programm zu testen, sondern schon während der Entwicklung die Tests zu schreiben. Der Test-Prozess wurde in der Zeitleiste nach Links geschoben. In der Industrie nennt man diesen Vorgang “Shift Left”.Doch bei Tests ist es nicht geblieben. DevOps verlagert die Operations nach Links. Cloud die Definition von Infrastruktur als Code (und somit in die Softwareentwicklung). Security nimmt ebenfalls einen wichtigen Standpunkt in der modernen Welt ein. Metriken, strukturierte Logs und weitere Signale für Observability sind ein fester Bestandteil der Softwareentwicklung. Doch wie viel Prozesse sollen (und können) dennoch nach Links verschoben werden? Wie viele Aufgaben soll eine einzige Entwicklerin erledigen? Ist nicht einfach mal gut?Bonus: Alles mit Ops - DevOps / MLOps / CloudOps / AIOps / DataOps / SecOps / DevSecOps / HROps LegalOps BizOps LLMOps ChatOps NoOps**** Diese Episode wird gesponsert vom Open-Source Förderprogramm Media Tech LabBewirb dich jetzt und erhalte bis zu 50.000€ Fördersumme für dein Open-Source Projekt https://engineeringkiosk.dev/medialab****Das schnelle Feedback zur Episode:

In this episode of CISO Tradecraft, host G Mark Hardy converses with Cassie Crossley, author of the book on software supply chain security. Hardy explores the importance of cybersecurity, the structure of software supply chains, and the potential risks they pose. Crossley shares her expert insights on different software source codes and the intricacies of secure development life cycle. She highlights the significance of Software Bill of Materials (SBOM) and the challenges in maintaining the integrity of software products. The discussion also covers the concept of counterfeits in the software world, stressing the need for continuous monitoring and a holistic approach towards cybersecurity. Link to the Book: https://www.amazon.com/Software-Supply-Chain-Security-End/dp/1098133706?&_encoding=UTF8&tag=-0-0-20&linkCode=ur2 Transcripts: https://docs.google.com/document/d/1SJS2VzyMS-xLF0vlGIgrnn5cOP8feCV9 Chapters 00:00 Introduction 01:44 Discussion on Software Supply Chain Security 02:33 Insights into Secure Development Life Cycle 03:20 Understanding the Importance of Supplier Landscape 05:09 The Role of Security in Software Supply Chain 07:29 The Impact of Vulnerabilities in Software Supply Chain 09:06 The Importance of Secure Software Development Life Cycle 14:13 The Role of Frameworks and Standards in Software Supply Chain Security 17:39 Understanding the Importance of Business Continuity Plan 20:53 The Importance of Security in Agile Development 24:01 Understanding OWASP and Secure Coding 24:20 The Importance of API Security 24:50 The Concept of Shift Left in Software Development 25:20 The Role of Culture in Software Development 25:52 Exploring Different Source Code Types 26:19 The Rise of Low Code, No Code Platforms 28:53 The Potential Risks of Generative AI Source Code 34:24 Understanding Software Bill of Materials (SBOM) 41:07 The Challenge of Spotting Counterfeit Software 41:36 The Importance of Integrity Checks in Software Development 45:45 Closing Thoughts and the Importance of Cybersecurity Awareness

How many times have you heard you should "shift left" in the last few years? What does "shift left" even mean? Even if it had meaning once, does it still have any meaning today? Should we abandon the concept, or just the term? Listen in as Chris Romeo joins Tom Ammon and Russ White to talk about the origin, meaning, and modern uselessness of the term "shift left."

This week we're going deep on security and what it takes to shift left, seriously. Adam is joined by Justin Garrison (co-host of Ship It), plus two members of the BoxyHQ team — Deepak Prabhakara, Co-founder & CEO and Schalk Neethling, Community Manager and DevRel as well as fellow Changelog Slack member. We discuss how to shift left, the role of the developer and the burden of security, the importance of tooling, the difference between authentication and authorization, and a mindset change for when security takes place — it's a matter of “when” not “who.”

This week we're going deep on security and what it takes to shift left, seriously. Adam is joined by Justin Garrison (co-host of Ship It), plus two members of the BoxyHQ team — Deepak Prabhakara, Co-founder & CEO and Schalk Neethling, Community Manager and DevRel as well as fellow Changelog Slack member. We discuss how to shift left, the role of the developer and the burden of security, the importance of tooling, the difference between authentication and authorization, and a mindset change for when security takes place — it's a matter of “when” not “who.”

Continuous Integration: Ein muss für jedes Software-ProjektDie kontinuierliche Integration, wie z.B. das Herunterladen von Dependencies, das Kompilieren der Applikation sowie das Ausführen von Unit- oder Integrationstests, ist ein “alter Hut” für viele Software Engineers. Doch die wenigsten wissen, was eigentlich wirklich dahintersteckt. Denn es ist viel mehr als “nur” ein paar Tests auszuführen.Woher kommt der Begriff Continuous Integration (CI)? Was sind die Kern-Prinzipien von CI? Wie sieht eine gute CI-Pipeline eigentlich aus? Inwieweit hat sich das Konzept von CI sowie die Tools in den letzten 17 Jahren entwickelt? Was bedeuten die Buzzwords Dev-Pipeline-Parity, Shift-left, CI-Theatre, Dev Done und Done Done eigentlich? Welchen Business-Value liefert CI und warum sollte auch das Management dafür sorgen, dass der Build immer Grün ist? Und wie sieht CI eigentlich außerhalb von Web, Cloud und Mobile aus? Zum Beispiel in Industrien wie Automotive und IoT?All diese Fragen werden von unserem Gast, Michael Lihs, Infrastructure Consultant bei Thoughtworks, beantwortet.Bonus: Deine Strava-Aktivität sagt viel über dein Leben aus.**** Diese Episode wird gesponsert von www.aboutyou.deABOUT YOU gehört zu den größten Online-Fashion Shops in Europa und ist immer auf der Suche nach Tech-Talenten - wie zum Beispiel einem (Lead) DevOps/DataOps Engineer Google Cloud Platform oder einem Lead Platform Engineer. Alle Stellen findest auch unter https://corporate.aboutyou.de/en/our-jobs ****Das schnelle Feedback zur Episode:

We present a panel discussion with software leaders from Contrast Security and Tenable sharing guidance and best practices for security in DevOps practices. Panelists are:Mike Clausen - Director of Product Management, Contrast SecurityPhillip Hayes - Director Information Security, TenableTemi Adebambo - Head of Security Solutions Architecture, AWSTopics Include:The significance of introducing security into the DevOps processes for Modern ArchitecturesBalancing need for speed & agility with need for securityCommon challenges in security in DevOpsWhat does “Shift Left” mean to the panelists?Considerations & guidance for “shifting left”Best Practices for security testing & vulnerability managementSuggested metrics for organizational leaders

We are joined by incredible guests Mikhail Chechik and Marcus Hallberg as they help us define DevSecOps and emphasize the importance of a security mindset throughout the development process. These two incredible folks explore common misconceptions about shifting left and discuss the challenges of triaging and validating vulnerabilities early in the development lifecycle. We enter in the wild world of this wonderful shifting buzzword and how it applies to incident response, design, people, and the general development process.

The practice of "shift left," which involves moving security concerns to the code level and increasing developers' responsibility for security, is facing a backlash, with both developers and security professionals expressing concerns. Peter Klimek, director of technology at Imperva, discusses the reasons behind this backlash in this episode.Some organizations may have exhausted the benefits of shift left, while the main challenge for many isn't finding vulnerabilities but finding time to address them. Security attacks are now targeting business logic vulnerabilities rather than dependencies, which shift left tools are better at identifying. These business logic vulnerabilities are often tied to authorization decisions, making them harder to address through code-level tools. Additionally, attacks increasingly focus on the frontend, such as API development and cart attacks.Klimek emphasizes the need for development and security teams to collaborate and advocates for using DORA metrics to assess the impact of security efforts on the development pipeline. Some organizations may reach a point where the tools added to the development lifecycle become counterproductive, he notes. DORA metrics can help determine when this occurs and provide valuable insights for security teams.Learn more from The New Stack about Developer Security and Imperva:Why Your APIs Aren't Safe — and What to Do about ItWhat Developers Need to Know about Business Logic AttacksAre Your Development Practices Introducing API Security Risks?

This week, I sat down with Vaibhav Antil ('Vee'), Co-founder & CEO at Privado, a privacy tech platform that's leverages privacy code scanning & data mapping to bridge the privacy engineering gap.  Vee shares his personal journey into privacy, where he started out in Product Management and saw need for privacy automation in DevOps. We discuss obstacles created by the rapid pace of engineering teams and a lack of a shared vocabulary with Legal / GRC. You'll learn how code scanning enables privacy teams to move swiftly and avoid blocking engineering. We then discuss the future of privacy engineering, its growth trends, and the need for cross-team collaboration. We highlight the importance of making privacy-by-design programmatic and discuss ways to scale up privacy reviews without stifling product innovation. Topics Covered:How Vee moved from Product Manager to Co-Founding Privado, and why he focused on bringing Privacy Code Scanning to market.What it means to "Bridge the Privacy Engineering Gap" and 3 reasons why Vee believes the gap exists.How engineers can provide visibility into personal data collected and used by applications via Privacy Code Scans.Why engineering teams should 'shift privacy left' into DevOps.How a Privacy Code Scanner differs from traditional static code analysis tools in security.How Privado's Privacy Code Scanning & Data Mapping capabilities (for the SDLC) differ from personal data discovery, correlation, & data mapping tools (for the data lifecycle).How Privacy Code Scanning helps engineering teams comply with new laws like Washington State's 'My Health My Data Act.'A breakdown of  Privado's FREE "Technical Privacy Masterclass."Exciting features on Privado's roadmap, which support its vision to be the platform for collaboration between privacy operations & engineering teams.Privacy engineering  trends and Vee's predictions for the next two years. Privado Resources Mentioned:Free Course: "Technical Privacy Masterclass" (led by Nishant Bhajaria)Guide: Introduction to Privacy Code ScanningGuide: Code Scanning Approach to Data MappingSlack: Privado's Privacy Engineering CommunityOpen Source Tool: Play Store Data Safety Report BuilderGuest Info:Connect with Vee on LinkedInCheck out Privado's website Privado.ai Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.Shifting Privacy Left Media Where privacy engineers gather, share, & learnDisclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.Copyright © 2022 - 2024 Principled LLC. All rights reserved.

In this episode of Kubernetes Bytes, Ryan and Bhavin sit down with Michael o'leary and Ibett A to talk about how developers can build multi-cloud secure architectures using Kubernetes and the principles of Shift Left and DevSecOps. Check out the KubernetesBytes website: https://www.kubernetesbytes.com/ Join the Kubernetes Bytes slack using: https://bit.ly/k8sbytes Ads: Ready to shop better hydration, use "kubernetesbytes" to save 20% off anything you order.Timestamps: 00:00 Interview with Michael o'leary 18:50 Interview with Ibett AShow links: Boston Kubernetes Meetup - https://www.meetup.com/boston-kubernetes-meetup/

In this Brand Story episode, hosts Marco and Sean have a thought-provoking discussion with Peter Klimek from Imperva about the concept of "shift left" in application security. Have we gone too far?The conversation revolves around the challenges and benefits of identifying vulnerabilities earlier in the software development lifecycle and the need for collaboration between development and security teams. Peter emphasizes the importance of finding a balance between tools and human expertise in addressing vulnerabilities. He highlights the common issue of organizations having a backlog of vulnerabilities that need to be fixed, rather than a problem of finding vulnerabilities—it's "easy" to find them, harder to fix them all.The conversation also touches on the measurement of closure velocity and the significance of development team velocity as a core metric in application security. They discuss the role of APIs, platform engineering, and infrastructure as code in improving collaboration, automation, and trust in systems.Peter draws a parallel between guardrails on a highway and the need for guardrails in application security, emphasizing the importance of providing development teams with time to address critical vulnerabilities. They also explore the challenges of coordinating multiple teams and the role of operations in orchestrating the development and security processes.The need for a defensive mindset and the importance of leveraging the guardrails Peter noted to prevent fatal vulnerabilities is also discussed as they emphasize the significance of collaboration, measurement, and a balance between development and security teams in implementing shift left practices effectively.The episode provides valuable insights into the nuances, challenges, and benefits of integrating shift left practices into application security, while emphasizing the need for collaboration, balance, and the ethical use of tools.Note: This story contains promotional content. Learn more.Guest: Peter Klimek, Director of Technology - Office of the CTO at Imperva [@Imperva]On LinkedIn | https://www.linkedin.com/in/peter-klimek-37588962/ResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988DevOps Research and Assessment (DORA): https://dora.dev2023 Imperva Bad Bot Report: https://itspm.ag/impervv0sg47.4% of internet traffic wasn't human in 2022! Get the research from @Imperva to learn how bots are taking over the internet.The Impact Of Log4j Since Its Disclosure | Steps Businesses Can Take To Maintain Software Supply Chain Security:Part 1: https://redefining-cybersecurity.simplecast.com/episodes/the-impact-of-log4j-since-its-disclosure-steps-businesses-can-take-to-maintain-software-supply-chain-security-part-1-of-2-an-imperva-story-with-gabi-stapelPart 2: https://redefining-cybersecurity.simplecast.com/episodes/why-protecting-your-business-data-is-more-like-securing-a-museum-than-a-bank-demystifying-data-protection-an-imperva-story-with-terry-ray-07mq5xex-q5rc-fw8From Enrolling In College To Gambling, Traveling, And Shopping, Evasive Bad Bots Are A Major Source Of Online Fraud | The Bad Bot Report 2022 | An Imperva Brand Story With Ryan Windham:Part 1: https://redefining-cybersecurity.simplecast.com/episodes/from-enrolling-in-college-to-gambling-traveling-and-shopping-evasive-bad-bots-are-a-major-source-of-online-fraud-the-bad-bot-report-2022-part-1-an-imperva-story-with-ryan-windhamPart 2: https://redefining-cybersecurity.simplecast.com/episodes/from-enrolling-in-college-to-gambling-traveling-and-shopping-evasive-bad-bots-are-a-major-source-of-online-fraud-the-bad-bot-report-2022-part-2-an-imperva-story-with-ryan-windhamCatch more stories from Imperva at https://www.itspmagazine.com/directory/impervaAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Welcome to another episode of the DevOps Toolchain podcast! In today's episode titled "Shift Left DevOps Testing," we will dive into shifting testing to the left and its significance in the DevOps and Agile methodologies. Our guest, Vishnu Nair, is a QA advocate with extensive experience designing and writing test cases across various technologies. Alongside him is Geetanjali, a seasoned technology lead with a wealth of experience in automation testing. Both guests have hands-on experience implementing DevOps and DevOps testing in a complex enterprise setting. Together, they will share real-world experiences and insights on implementing DevOps successfully and elevating your testing practices. Join us as we explore the different aspects of shift-left DevOps testing and learn how it can enhance your development process. Take advantage of this episode, which is packed with valuable insights and practical tips! 

In episode 60 of Cybersecurity Where You Are, co-host Sean Atkinson is joined by Kathleen Moriarty, CTO at the Center for Internet Security (CIS); Ben Carter, Internet of Things (IoT) specialist at CIS; and Kaitlin Drape, Research and Innovation Process Lead at CIS. Together, they discuss a white paper they recently released that guides IoT vendors on how to build security into their products by default and by design. Kathleen, Ben, and Kaitlin begin by reflecting on why they created such a document in the first place. After explaining some of what went into drafting the white paper, they look to the future and note how IoT frameworks such as theirs helps to shift left IoT security toward purchasing decisions.ResourcesFollow Kathleen and Ben on LinkedInEmbedded IoT Security: Helping Vendors in the Design ProcessEpisode 33: The Shift-Left of IoT Security to VendorsCIS Controls v8 Internet of Things & Mobile Companion GuidesMaking Security Simpler for Organizations Big and SmallIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Ken and Mike dive into the exciting world of modern application and cloud security, with a keen focus on the challenges posed by legacy systems. They explore the hurdles faced when dealing with older applications written in stalwart languages like Java, .NET, Rails, and Python, and shed light on the complexities of addressing security issues in these systems. Join them as they discuss everything from slow performance and resistance to change to the intricate nature of large monolithic applications.In addition, they tackle the concept of security absolutism and highlight the significance of finding a balance between security and functionality in business operations. They explore the idea that security may sometimes be viewed as a revenue protection function, emphasizing the importance of long-term strategies and the holistic consideration of financial implications as a helpful factor when evaluating risks

This week we discuss the launch of Threads, the battle for Enterprise Linux and Coté tries HEY again. Plus, plenty of thoughts on packing for a long weekend. Watch the YouTube Live Recording of Episode (https://www.youtube.com/watch?v=7aW-9Zv1maQ) 423 (https://www.youtube.com/watch?v=7aW-9Zv1maQ) Runner-up Titles Capitalizing on Competitors Bring the Go Bag There are no backpacks in Gucci ads No bad vibes Rundown Threads Threads, Instagram's ‘Twitter Killer,' Has Arrived (https://www.nytimes.com/2023/07/05/technology/threads-app-meta-twitter-killer.html) Special Episode: Meta's Twitter Rival Arrives, with Adam Mosseri (https://www.nytimes.com/2023/07/06/podcasts/special-episode-metas-twitter-rival-arrives-with-adam-mosseri.html) Facebook's Threads is so depressing (https://jogblog.substack.com/p/facebooks-threads-is-so-depressing) Twitter, Threads, and the Great Social Implosion (https://staysaasy.com/product/2023/07/07/twitter-threads-social-implosion.html) Instagram's Threads app reaches 100 million users within just five days (https://techcrunch.com/2023/07/10/instagrams-threads-app-reaches-100-million-users-in-just-five-days/) How Threads' privacy policy compares to Twitter's (and its rivals') (https://arstechnica.com/security/2023/07/how-threads-privacy-policy-compares-to-twitters-and-its-rivals/) Instagram's Twitter rival is the latest in Meta's parade of copycat apps (https://www.axios.com/2023/07/06/metas-copycat-machine-threads?utm_source=newsletter&utm_medium=email&utm_campaign=newsletter_axiosmediatrends&stream=top) Linux Red Hat's open source rot began when IBM walked (https://www.theregister.com/2023/07/07/red_hat_open_source/) Keep Linux Open and Free—We Can't Afford Not To (https://www.oracle.com/news/announcement/blog/keep-linux-open-and-free-2023-07-10/) SUSE Preserves Choice in Enterprise Linux by Forking RHEL with a $10+ Million Investment (https://www.suse.com/news/SUSE-Preserves-Choice-in-Enterprise-Linux/) History Never Repeats. But Sometimes It Rhymes. (https://ciq.com/blog/history-never-repeats-but-sometimes-it-rhymes/) Oracle slams IBM's Red Hat over RHEL paywall (https://www.theregister.com/2023/07/10/oracle_ibm_rhel_code/?td=rt-3a) Automation at Scale: Migrating 200K Machines from CentOS 7 to RHEL 9 (https://engineering.salesforce.com/automation-at-scale-migrating-200000-machines-from-centos-7-to-rhel-9/) Shifting "Shift Left (and leave)" versus "Shift Left (and stay)" (https://newsletter.cote.io/p/shift-left-and-leave-versus-shift?utm_source=post-email-title&publication_id=50&post_id=134452721&isFreemail=true&utm_medium=email) Richard Seroter on shifting down vs. shifting left (https://cloud.google.com/blog/products/application-development/richard-seroter-on-shifting-down-vs-shifting-left) Matt's packing list (https://drive.google.com/file/d/1VTSZKJ9FQsW70spJtSHwN7TkuFqQdEux/view?usp=share_link) Gmail brings in Calendly-style availability sharing from Google Calendar (https://techcrunch.com/2023/07/12/gmail-brings-in-calendly-style-availability-sharing-from-google-calendar/) Relevant to your Interests DigitalOcean acquires cloud computing startup Paperspace for $111M in cash (https://techcrunch.com/2023/07/06/digitalocean-acquires-cloud-computing-startup-paperspace-for-111m-in-cash/) Snowflake vs. Databricks (https://open.substack.com/pub/aspiringforintelligence/p/snowflake-vs-databricks?r=2l9&utm_campaign=post&utm_medium=web) WebAssembly runtimes will replace container-based runtimes by 2030 (https://changelog.com/posts/webassembly-runtimes-will-replace-container-runtimes-by-2030) Jordan Schneider is at SEMICON JULY 11-12 on Twitter (https://twitter.com/jordanschnyc/status/1678128857763950593?s=46&t=-2GRjYw3L96Jh3hL9tDPcg) Court filing shows Microsoft Azure generated lower-than-expected $34B in revenue in 2022 (https://siliconangle.com/2023/06/29/court-filing-shows-microsoft-azure-generated-lower-expected-34b-revenue-2022/?ck_subscriber_id=512840665) Smart guy from Google decides not to compete with Apple Vision (https://twitter.com/marklucovsky/status/1678465552988381185) 87% Missing: the Disappearance of Classic Video Games | Video Game History Foundation (https://gamehistory.org/87percent/) IBM watsonx (https://www.ibm.com/watsonx) ChatGPT's explosive growth shows first decline in traffic since launch (https://www.reuters.com/technology/booming-traffic-openais-chatgpt-posts-first-ever-monthly-dip-june-similarweb-2023-07-05/) Cloud Native Computing Foundation Reaffirms #Istio Maturity with Project (https://twitter.com/CloudNativeFdn/status/1679143862256951297?s=20) Early Google exec Urs Holzle to step down from executive management role amid cloud shakeup (https://www.cnbc.com/2023/07/12/google-cloud-shakeup-urs-holzle-to-step-down-from-executive-management.html) Being acquired from a smallish start-up into VMware (https://apps-cloudmgmt.techzone.vmware.com/blog/being-acquired-smallish-start-vmware) Gartner Says Worldwide PC Shipments Declined 16.6% in Second Quarter of 2023 (https://www.gartner.com/en/newsroom/press-releases/2023-07-11-gartner-says-worldwide--pc-shipments-declined-16-percent-in-second-quarter-of-2023) Microsoft's Cloud Server Business in 2022 Was Less Than Half of AWS, New Document Reveals (https://www.theinformation.com/articles/microsofts-cloud-server-business-in-2022-was-less-than-half-of-aws-new-document-reveals) Microsoft confirms more job cuts on top of 10,000 layoffs announced in January (https://www.cnbc.com/2023/07/10/microsoft-confirms-more-job-cuts-on-top-of-10000-layoffs-in-january.html) Shopify deleted 12,000 meetings this year. (https://twitter.com/petergyang/status/1679130177819881475?s=20) Nonsense If you don't buy Jony Ive's $60,000 turntable, are you really a music fan? (https://techcrunch.com/2023/07/07/if-you-dont-buy-jony-ives-60000-turntable-are-you-really-a-music-fan/?guccounter=1&guce_referrer=aHR0cHM6Ly9uZXdzLmdvb2dsZS5jb20v&guce_referrer_sig=AQAAAJAa2W94DiGgNgW_6JYJlL5YfxUkrkPKqhok-JRQ7R9oVhR7RfppOcMzOmGT0a9ZAz5-Azv2dqgLtpchPjtcXX3gaH4jAqpgDPgaiAqQDjl2tqZwK5VnxICubA-JYISytIETZIZAiYbkVvkABjxuyQirthfmyE46rL3XWXEk94rv) Conferences August 8th Kubernetes Community Day Australia (https://community.cncf.io/events/details/cncf-kcd-australia-presents-kubernetes-community-day-australia-2023/) in Sydney, Matt attending. August 21st to 24th SpringOne (https://springone.io/) & VMware Explore US (https://www.vmware.com/explore/us.html), in Las Vegas. Explore EU CFP is open. Sep 6th to 7th DevOpsDays Des Moines (https://devopsdays.org/events/2023-des-moines/welcome/), Coté speaking. Sep 18th to 19th SHIFT (https://shift.infobip.com/) in Zadar, Coté speaking. October 6, 2023, KCD Texas 2023 (https://community.cncf.io/events/details/cncf-kcd-texas-presents-kcd-texas-2023/), CFP Closes: August 30, 2023 Jan 29, 2024 to Feb 1, 2024 That Conference Texas CFP Open 6/1 - 8/21 (https://that.us/call-for-counselors/tx/2024/) If you want your conference mentioned, let's talk media sponsorships. SDT news & hype Join us in Slack (http://www.softwaredefinedtalk.com/slack). Get a SDT Sticker! Send your postal address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) and we will send you free laptop stickers! Follow us: Twitch (https://www.twitch.tv/sdtpodcast), Twitter (https://twitter.com/softwaredeftalk), Instagram (https://www.instagram.com/softwaredefinedtalk/), Mastodon (https://hachyderm.io/@softwaredefinedtalk), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk), Threads (https://www.threads.net/@softwaredefinedtalk) and YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured). Use the code SDT to get $20 off Coté's book, Digital WTF (https://leanpub.com/digitalwtf/c/sdt), so $5 total. Become a sponsor of Software Defined Talk (https://www.softwaredefinedtalk.com/ads)! Recommendations Brandon: Hijack (https://tv.apple.com/us/show/hijack/umc.cmc.1dg08zn0g3zx52hs8npoj5qe3) Matt: Murderbot Diaries (https://www.goodreads.com/series/191900-the-murderbot-diaries) Coté: Fantastical (https://flexibits.com/fantastical), read-out of second HEY try. Photo Credits Header (https://paper.dropbox.com/doc/Is-the-enemy-of-my-enemy-my-friend--B78kG9125I6L26iQ7ANBrxDaAg-AymUiXqVRaytqe3gqMPDv) Artwork (https://labs.openai.com/e/MlTLNTDx8VvoCaCEiMc16oDi/oFNRSDbXIEng8pevJZCfCYnE)

On today's episode, we invite you into another dimension. A dimension not only of sight and sound, but of mind. Ben's mind. Ben's sick, twisted cavern of decay and depravity wherein we gain insight into what actually makes this man tick. Topics include the slippery slope of the "Shift Left" mentality; over-complicating life with JWTs (JSON Web Tokens); dangerous public-on-public method invocation; and, the inherent cost of everything.Follow the show and be sure to join the discussion on Discord! Our website is workingcode.dev and we're @WorkingCodePod on Twitter and Instagram. New episodes drop weekly on Wednesday.And, if you're feeling the love, support us on Patreon.With audio editing and engineering by ZCross Media.

Developers don't want to be told “NO” by the Security team. They also don't want to be responsible for security. Is Shift Left the right or wrong answer?SHOW: 728CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwCHECK OUT OUR NEW PODCAST - "CLOUDCAST BASICS"SHOW SPONSORS:Find "Breaking Analysis Podcast with Dave Vellante" on Apple, Google and SpotifyKeep up to data with Enterprise Tech with theCUBECloudZero – Cloud Cost Visibility and Savings​​CloudZero provides immediate and ongoing savings with 100% visibility into your total cloud spendSHOW NOTES:Speed vs Security - Protecting CloudNative EnvironmentsCloud-native Security and Compliance (VMware Tanzu Talk)THANK YOU TO ALL THE DADS OUT THERE ON FATHER'S DAYHappy Father's Day!WHAT'S THE RIGHT ANSWER TO DEVELOPERS AND SECURITY?Every IT survey places Security in the Top 3 priorities, year after yearWho is actually able to measure the value of good vs bad security?The independent IT group called Security is frequently dislikedDevSecOps, Shift-Left and Secure Supply Chain has been invented to fix thisDevelopers generally don't want to think about security, because it impacts their productivity and measured KPIsIs this a platform problem, or CI/CD problem, or compliance/standards problem?Will the challenge of security force more groups/companies to move away from microservices in the future? FEEDBACK?Email: show at the cloudcast dot netTwitter: @thecloudcastnet

Tessa Kelly shares her experience unblocking users while building quality software, explains how to avoid the "accessibility dongle" using the Elm philosophy, and considers some tesk9/accessible-html design changes.Thanks to our sponsor, Logistically. Email: elmtown@logisticallyinc.com.Music by Jesse Moore.Recording date: 2023.04.04GuestTessa Kelly (https://github.com/tesk9)Show notes[00:00:13] Sponsored by Logistically[00:00:47] Introducing Tessa Kelly (she needs no introduction)Elm Town 9 - Getting StartedElm Town 30 - Accessibility with Tessa KellyElm Radio - (2020) Holiday Special!Elm Radio - Accessibility in Elmtesk9/accessible-htmltesk9/palette"Functional Data Structures" at elm-conf 2016"Accessibility with Elm" at elm-conf 2017"Writing Testable Elm" at elm-conf 2019Software Unscripted - Accessibility in Practice with the Accessibilibats!

What sounds like a political movement is actually a technical one. Traditional companies are starting to embrace the idea of “shift left” to increase efficiency and manage risk early. Find out how shifting left can help your organization get ahead of the curve in today's digital world. Join our guest host, Erik Brown, as he dissects this topic with a roundtable of experts from West Monroe.Topics covered include:What does “shift left” mean from the perspectives of risk, operations and technology ?The difference between digitally native and traditional companies when “shifting left”“Shift left” is about ruthless prioritization for the customer“Shift left” unifies teams across organizations within a businessHow highly regulated industries approach “shift left”How to measure the results of “shifting left”For more information on the concept of "shift left", visit https://www.westmonroe.com/perspectives/point-of-view/traditional-companies-develop-software-they-should-shift-left

Penetration testing is a vital part of a robust security program, but the traditional pentesting model is in a rut. Assessments happen infrequently, the scope is often very broad, and the report is usually overwhelming. What if you could increase the overall ROI of your pentesting program and avoid these limitations? Every penetration test should have specific goals. Coverage of the MITRE ATT&CK framework or the OWASP Top Ten is a great start, but a pentest could provide exponential value by applying a more strategic approach. In this episode of CyberWire-X, the CyberWire's Rick Howard and Dave Bittner discuss what it means to "shift left" with your penetration testing by working on a threat-informed test plan with guests and Hash Table members Bob Turner, the Field CSO of Fortinet, Etay Maor, the Senior Director for Security Strategy at Cato Networks, and Dan DeCloss, the Founder and CEO of our episode sponsor PlexTrac.