On this Screaming in the Cloud In this episode of Screaming in the Cloud, Corey Quinn is joined by AWS container hero and security engineer at the Python Software Foundation, Mike Fiedler. They delve into the intricacies of Python's ecosystem, discussing the evolution of PyPI, its significance, and the ongoing battles against security threats like account takeover attacks and typo-squatting. Mike sheds light on his role in maintaining the security and reliability of the Python Package Index, the importance of 2FA, and the collaborative efforts with security researchers. Corey and Mike also explore the challenges and philosophies surrounding legacy systems versus greenfield development, with insights on maintaining critical infrastructure and the often-overlooked aspects of social engineering.Show Highlights(0:00) Introduction(0:47) The Duckbill Group sponsor read(1:21) Breaking down the Python nomenclature and its usability(5:49) Figuring out how Boto3 is one of the most downloaded packages(6:43) Why Mike is the only full-time security and safety engineer at the Python Software Foundation(9:53) How the Python Software Foundation affords to operate(14:17) Mike's stack security work(16:14) The Duckbill Group sponsor read(16:57) Having the "impossible job" of stopping supply chain attacks(21:00) The dangers of social engineering attacks(24:44) Why Mike prefers to work on legacy systems(33:30) Where you can find more from MikeAbout Mike FiedlerMike Fiedler is a highly analytical, forward-thinking Information Technology professional. His broad-based background includes systems administration and engineering in global environments. Mike is technically astute and versatile with ability to quickly learn, master, and leverage new technologies to meet business needs and has a track record of success in improving performance, stability, and security for all infrastructure and product initiatives.Mike is also bilingual, speaks English and Hebrew, and he loves solving puzzling problems.LinksMike’s Mastadon: https://hachyderm.io/@mikethemanMike’s Bluesky: https://bsky.app/profile/miketheman.comMike’s Python Software Foundation blog posts: https://blog.pypi.org/The Python Package Index Safety & Security Engineer: First Year in Review: https://blog.pypi.org/posts/2024-08-16-safety-and-security-engineer-year-in-review/SponsorThe Duckbill Group: duckbillgroup.com 

On this Screaming in the Cloud Replay, we’re revisiting our conversation with Co-Founder of Senzo, Ant Stanley. Ant sits down with Corey to do so. He offers up his history which has lead to his time as “Serverless Hero” to landing on the line that “serverless sucks.” Lend us your ears to see how that transition happened! Ant goes into detail on JeffConf (not the of the Bezos nomen), and working with servers and what to put where and why. Ant and Corey talk over the plague of AWS services where Ant offers his perspective how to trim the fat and keep things simple to make long-term objectives more attainable. They discuss the importance of training, the role of certifications for better and worse, and more. Tune in for his take!Show Highlights(0:00) Intro(0:51) Duckbill Group sponsor read(1:24) What does it mean to be an AWS Serverless Hero?(3:13) Why Ant and Corey are critical of the state of serverless(7:53) Woes with Lambda and CloudFront(10:12) The never-ending stream of new AWS services(13:36) Hurdles ahead of going serverless(17:33) Struggles of getting customers to understand a newly built service(21:31) Duckbill Group sponsor read(22:14) Pros and cons of certifications(32:17) Where you can find more from AntAbout Ant StanleyAnt Stanley is a community focused technologist with a passion for enabling better outcomes for society through technology. He is an AWS Serverless Hero, runs the Serverless London User Group, co-runs ServerlessDays London and is part of the ServerlessDays Global team. LinksA Cloud Guru: https://acloudguru.comhomeschool.dev: https://homeschool.devaws.training: https://aws.traininglearn.microsoft.com: https://learn.microsoft.comTwitter: https://twitter.com/iamstanOriginal Episodehttps://www.lastweekinaws.com/podcast/screaming-in-the-cloud/serverless-hero-got-servers-in-his-eyes-with-ant-stanley/SponsorThe Duckbill Group: duckbillgroup.com 

Eric Carter, Director of Product Marketing at Sysdig, dives into the fast-paced world of AWS cloud security. He discusses the significance of real-time threat detection against evolving attacks and the critical role of automation alongside human oversight. Tools like Falco and Runtime Insights are highlighted for their ability to detect misconfigurations and stealthy threats. Eric introduces a '10-minute benchmark' for defense strategies, emphasizing proactive measures and adaptive frameworks like MITRE ATT&CK to outsmart attackers.

On this Screaming in the Cloud Replay, Corey is joined by John Allspaw, Founder/Principal at Adaptive Capacity Labs. John was foundational in the DevOps movement, but he’s continued to bring much more to the table. He’s written multiple books and seems to always be at the forefront. Which is why he is now at Adaptive Capacity Labs. John tells us what exactly Adaptive Capacity Labs does and how it works and how he convinced some heroes to get behind it. John brings a much-needed insight into how to get multiple people in an organization on the same level when it comes to dealing with incidents. Engineers and non. John points out the issues surrounding public vs. private write-ups and the roadblocks they may prop up. Adaptive Capacity Labs is working towards bringing those roadblocks down, tune in for how!Show Highlights(0:00) Introduction(0:59) The Duckbill Group sponsor read(1:33) What is Adaptive Capacity Labs and the work that they do?(3:00) How to effectively learn from incidents(7:33) What is the root of confusion in incident analysis(13:20) Identifying if an organization has truly learned from their incidents(18:23) Gitpod sponsor read(19:35) Adaptive Capacity Lab’s reputation for positively shifting company culture(24:22) What the tech industry is missing when it comes to learning effectively from the incidents(28:44) Where you can find more from John and Adaptive Capacity LabsAbout John AllspawJohn Allspaw has worked in software systems engineering and operations for over twenty years in many different environments. John’s publications include the books The Art of Capacity Planning (2009) and Web Operations (2010) as well as the forward to “The DevOps Handbook.”  His 2009 Velocity talk with Paul Hammond, “10+ Deploys Per Day: Dev and Ops Cooperation” helped start the DevOps movement.John served as CTO at Etsy, and holds an MSc in Human Factors and Systems Safety from Lund UniversityLinksThe Art of Capacity Planning: https://www.amazon.com/Art-Capacity-Planning-Scaling-Resources/dp/1491939206/Web Operations: https://www.amazon.com/Web-Operations-Keeping-Data-Time/dp/1449377440/The DevOps Handbook: https://www.amazon.com/DevOps-Handbook-World-Class-Reliability-Organizations/dp/1942788002/Adaptive Capacity Labs: https://www.adaptivecapacitylabs.comJohn Allspaw Twitter: https://twitter.com/allspawRichard Cook Twitter: https://twitter.com/ri_cookDave Woods Twitter: https://twitter.com/ddwoods2Original Episodehttps://www.lastweekinaws.com/podcast/screaming-in-the-cloud/finding-a-common-language-for-incidents-with-john-allspaw/SponsorsThe Duckbill Group: duckbillgroup.com Gitpod: http://www.gitpod.io/

On this Screaming in the Cloud Replay, we’re revisiting our conversation with Michael Garski, the director of software engineering at famed electrical guitar manufacturer, Fender. Prior to this position, he worked as a principal software architect at Viant, a principal software architect at MySpace, a manager of internet development at Countrywide Financial, and a manager of system architecture at Fandango, among other positions. He also had a four-year stint in the US Navy, working as an engineering laboratory technician. Join Corey and Michael as they talk about how artists are angels and Fender’s job is to give them wings, how Fender has diversified its offerings in recent years, how serverless is a mindset and how Fender approach serverless technology, how Fender’s traffic surged during the pandemic and how everything mostly scaled up without a hitch, the challenges of teaching students to play instruments over the internet, the vendor lock-in boogeyman, and more.Show Highlights(0:00) Introduction(0:42) Dragonfly sponsor read(1:25) How does Michael describe Fender’s work(2:08) Fender’s work to go serverless(4:13) The impact of COVID on Fender(6:19) Explaining Fender Play and how it works on the backend(9:44) Working with MediaConvert(11:30) Experiences with scaling and hitting AWS service limits(12:52) Why Michael prefers working on the customer side(15:33) The Duckbill Group sponsor read(16:15) Frustrations with gateways and third-party apps(19:03) Managing a massive influx of users during COVID(21:13) The vendor lock-in boogeyman(23:19) Cloud costs vs. saving time(24:49) Walking the fine line of criticism as a director(28:09) Enforcing consistency across services(31:52) Where you can find more from MichaelAbout Michael GarskiMichael Garski has worked in the Los Angeles tech industry for over 20 years, across companies including Fandango, Countrywide Home Loans, MySpace, Viant, and is currently at Fender Musical Instruments as the Director of Platform engineering were he leads the devops, data, and api engineering teams. His focus currently is on building the platform to support the consumer facing digital products for Fender. The most prominent application he supports is Fender Play, a web and mobile application that provides video-based instruction for guitar, bass, and ukulele for more than a quarter-million subscribers.LinksLinkedIn: https://www.linkedin.com/in/mgarski/Original Episodehttps://www.lastweekinaws.com/podcast/screaming-in-the-cloud/keep-on-rockin-in-the-server-free-world/SponsorsDragonfly: dragonflydb.ioThe Duckbill Group: duckbillgroup.com 

Whether remote or local, Gitpod Co-Founder and CTO Chris Weichel thinks there’s a clear benefit to standardizing automated development environments. On this episode of Screaming in the Cloud, Chris joins Corey to chat about the inception and progression of Gitpod, highlighting the company’s mission to streamline development workflows, improve security, and enhance developer productivity. They also discuss the hurdles and solutions that come with balancing organizational standardization with individual developer preferences. You’ll also get the inside scoop on why Gitpod is transitioning away from Kubernetes and the innovative aspects of Gitpod Flex!Show Highlights(0:00) Introduction(0:27) Gitpod sponsor read(1:39) What is Gitpod in the modern era?(3:07) The debate of local vs. remote development(4:57) Explaining Gitpod's target customers(9:36) Clarifying Corey's misconceptions about Gitpod(12:42) Building between developer environments(15:23) Is something inherently bad if your employer forces you to use it (17:49) Gitpod sponsor read(19:01) Deploying local development tools at large scale(21:16) Launching Gitpod Flex(22:54) Creating a separate product based on feedback(24:58) Gitpod's decision to leave Kubernetes(28:16) Where you can find more from Chris and GitpodAbout Chris WeichelChris Weichel is the Chief Technology Officer at Gitpod, where he leads the engineering team that builds and maintains the cloud-native platform for software development. With over 20 years of experience in software engineering and human-computer interaction, he has a comprehensive view of the systems Gitpod creates, from the user experience to the underlying technology.Chris is passionate about creating technology that empowers users, and solving complex engineering problems. His expertise in cloud-native architecture, programming, and digital fabrication has resulted in multiple publications, patents, and awards. Chris is always looking for new opportunities to apply my broad skill-set and excitement for creating technology in a commercial or research context.LinksChris’s LinkedIn: https://www.linkedin.com/in/christian-weichel-740b4224/Chris’s Twitter: https://twitter.com/csweichelGitpod: https://www.gitpod.io/Why Gitpod is leaving Kubernetes: https://www.gitpod.io/blog/we-are-leaving-kubernetesSponsorGitpod: https://www.gitpod.io/

Before cloud economics entered his life, Corey’s first true love was a good book. On this episode of Screaming in the Cloud, he’s joined by Laura Brief, the CEO of nonprofit 826 National. The organization is the largest youth writing network in the country, something that’s near and dear to our hearts at The Duckbill Group. Corey and Laura talk about why having a deep appreciation for reading and writing is vital no matter what career path you take. From offering a creative escape for kids to moonlighting as a “pirate supply company,” 826 National helps children realize that there’s an author inside all of us. So check out this great conversation, and be sure to buy one of our shirts while you’re at it!Show Highlights(0:00) Introduction(1:02) Gitpod sponsor read(2:14) The Duckbill Group's history working with 826 National(3:01) What is 826 National?(4:43) Corey's love of reading, writing, and how it correlates with 826 National's mission(10:11) The rise of ChatGPT and its impact on reading and writing(13:49) Why GenAI fails to capture the feeling of writing(22:30) Why writing education is important(24:54) The benefits of reading and writing for kids(31:39) 826 Valencia: the Pirate Supply Company(35:24) Buy a shirt benefiting 826 National!(37:15) Where you can find more from Laura Brief and 826 NationalAbout Laura BriefLaura Brief is the CEO of 826 National. Prior to joining the nonprofit, Laura held leadership positions at high achieving youth organizations including Build, First Graduate, Juma Ventures, and The Posse Foundation, where she developed the organization’s first national career, corporate engagement, and alumni programs. She holds a Master’s in Education and a Master’s in Counseling Psychology from Columbia University, and is the Chair of the Board of Directors at Youth Speaks.Links826 National: https://826national.org/Reach out to Laura: laura@826national.org Buy our charity shirt to help support 826 National: shitposting.fashionSponsorGitpod: gitpod.io 

Corey Quinn talks with Serena DiPenti, aka “SheNetworks,” about her career from Cisco to Black Hills Information Security and her challenges in content creation. Serena reflects on starting at Cisco, where her role as a tech engineer required deep expertise and navigating rigid, high-pressure situations that led to burnout and limited growth opportunities. Now at Black Hills, she enjoys the hands-on work in security analysis and network-based penetration testing. Serena finds content creation more demanding than her cybersecurity work, often facing audience skepticism and burnout. However, her podcast Breaking the Internet provides a rewarding, conversational outlet for sharing insights.Show Highlights(00:00) Introduction(00:37) Dragonfly sponsor read(1:20) Catching up with Serena since she was last on the show(2:34) Serena’s experience at CISCO(8:00) How Serena got stuck in her TAC role(11:06) Serena’s pivot to her new role at Black Hills Information Security(14:10) When Serena finds time to sleep during her busy schedule(16:43) Corey’s short-lived attempt at YouTube(20:28) The importance of conversational content(21:43) Serena’s plans for naming and branding(25:49) Where Serena sees herself aiming next(31:18) How to follow Serena’s workAbout SerenaSerena DiPenti is an offensive security professional who shares her experiences and expertise through her Shenetworks educational content on platforms like TikTok, Twitter (X), YouTube, and Twitch. Her focus includes topics related to penetration testing, ethical hacking, and other areas of cybersecurity. She's passionate about helping others break into the cybersecurity field, offering tips, guidance, and career advice.Serena’s work includes creating accessible and engaging content that demystifies complex cybersecurity concepts, making the industry more inclusive and approachable for beginners and professionals alike.LinksYouTube: https://www.youtube.com/@shenetworks TikTok: https://www.tiktok.com/@shenetworks?lang=en Twitter: https://x.com/shenetworksBuy our charity shirt to help support 826 National!https://store.lastweekinaws.com/SponsorDragonfly: dragonflydb.io

Corey Quinn sits down with Stephen Barr, Chief Evangelist of CloudFix. With his extensive history in the cloud, the pair delve into Stephen's journey with AWS, relatable anecdotes on optimizing cloud costs, and the complex role of tech evangelists in fostering better communication between engineering and finance teams. Corey and Stephen also weigh the pitfalls of early AI adoption, how to come up with effective content creation strategies, and even postulate a hopeful vision of a tech-driven future (from a Trekkie’s point of view at least).Show Highlights(0:00) Intro(0:40) Gitpod sponsor read(1:52) How Stephen defines his role(4:26) Breaking down recent shakeups at AWS and the ever-growing promotion of AI(9:36) How will AI impact how we teach younger people about coding?(13:45) AI marketing, crypto, and other professional grifts(16:56) Stephen's history with AWS and the cloud ecosystem(20:42) Wiz sponsor read(21:30)Oversights that can easily inflate a cloud bill(25:32) Acting as a marriage counselor between engineering and finance(30:09 Stephen's creative process as a Chief Evangelist(33:54) Stephen's thoughts on the future of technology(35:28) Where you can find more from StephenAbout Stephen BarrStephen Barr, Principal Architect and Technical Evangelist at CloudFix, is known throughout the technology industry for his joyful frame of mind and deep expertise in data engineering, machine learning, LLMs, systems architecture, and all things AWS.Even as a teenager, Stephen’s digital curiosity and drive landed him at an email hosting startup working on network administration. He also worked at Microsoft while still a high school student.After graduating from the University of Washington, he continued graduate studies at the University of Rochester and Washington. Stephen has also worked as a data scientist, software developer, technical consultant and more.When he’s not researching or communicating about the power of AWS, Stephen enjoys spending time with his family at home in Seattle. His interests outside of work include science fiction, 3D printing, and the outdoors., Stephen Barr, Principal Architect and Technical Evangelist at CloudFix, is known throughout the technology industry for his joyful frame of mind and deep expertise in data engineering, machine learning, LLMs, systems architecture, and all things AWS.Even as a teenager, Stephen’s digital curiosity and drive landed him at an email hosting startup working on network administration. He also worked at Microsoft while still a high school student.After graduating from the University of Washington, he continued graduate studies at the University of Rochester and Washington. Stephen has also worked as a data scientist, software developer, technical consultant and more.When he’s not researching or communicating about the power of AWS, Stephen enjoys spending time with his family at home in Seattle. His interests outside of work include science fiction, 3D printing, and the outdoors., Stephen Barr, Principal Architect and Technical Evangelist at CloudFix, is known throughout the technology industry for his joyful frame of mind and deep expertise in data engineering, machine learning, LLMs, systems architecture, and all things AWS.Even as a teenager, Stephen’s digital curiosity and drive landed him at an email hosting startup working on network administration. He also worked at Microsoft while still a high school student.After graduating from the University of Washington, he continued graduate studies at the University of Rochester and Washington. Stephen has also worked as a data scientist, software developer, technical consultant and more.When he’s not researching or communicating about the power of AWS, Stephen enjoys spending time with his family at home in Seattle. His interests outside of work include science fiction, 3D printing, and the outdoors.Links ReferencedLinkedIn: https://www.linkedin.com/in/stephenjbarr/AWS Made Easy: https://awsmadeeasy.com/SponsorsGitpod: gitpod.ioWiz: https://www.wiz.io/scream

Corey Quinn chats with Dylan Etkin, CEO and co-founder of Sleuth. He joins this episode of Screaming Into the Cloud to share his insights on reshaping engineering metrics to prioritize team success. Sleuth emphasizes team-level productivity over individual output, sidestepping controversial metrics like lines of code and focusing on alignment and iterative improvement. By aggregating data from tools like GitHub, Jira, and Datadog, Sleuth provides actionable insights, helping leaders reallocate resources for optimal impact without disrupting unique team workflows. Designed for collaborative review, Sleuth’s slide deck-like interface supports meaningful discussions around DORA metrics and deploy tracking. Show Highlights(0:00) Intro(0:51) Sleuth sponsor read(1:12) What Sleuth is(2:02) How Sleuth evaluates engineers’ work(5:41) The value that evaluations brings to a business(9:34) Who Dylan usually discusses results with(11:04) Sleuth sponsor read(11:30) The day-to-day experience of using Sleuth(14:23) The importance of meeting people where they are(18:21) The actual outcome of implementing Sleuth(20:27) Why engineering teams should care about metrics(24:27) The interface that people have when they're working with Sleuth(26:23) Where you can find more from SleuthAbout Dylan EtkinDylan was one of the first twenty employees of Atlassian, and a founding engineer and the first architect of Jira. He has led engineering at scale for Bitbucket and Statuspage. He has a Master's in Computer Science from ASU. Dylan is a bit of a space nut and has been seen climbing around the inside of a life-size replica of the Mir space station in Star City Russia.SponsorSleuth: https://www.sleuth.io/