Relating to DevSecOps

Send us a textIn this action-packed episode, Ken, Mike, and Izzy (Ken's cat) dive headfirst into the wild world of DevSecOps Penetration Testing – is it possible or downright preposterous? Can we truly automate pentesting in this breakneck DevSecOps environment, or are we chasing a cybersecurity unicorn?Discover the vital distinction between red team operations and adversarial simulations within the DevSecOps landscape. We strip back to basics, defining penetration testing and its critical role in security programs we're talking practical, actionable insights into building robust pentesting into your CI/CD pipelines and vulnerability management by leaning on these concepts of DevSecOps for your red teams.

Send us a textMike and Ken dive into the exciting topic of Mergers and Acquisitions. Take a bit of time out of your day to join them in their explorations of how M&As have affected operations for clients, companies, and security teams. Today they discuss techniques, trials, tribulations, and methods for tackling the joining of two companies, organizations, and teams bringing real scenarios from their own experiences

Send us a textJoin Mike and Ken as they discuss collaborative security work and what working together looks like in enterprise and organizations. In an effort to help people make better security decisions, in this episode they cover avoiding silos, working effectively together, picking your battles, reframing the security conversation with engineers, and using security as an enabler.Now Available on YouTube:https://youtu.be/HDOWGqmaILc

Send us a textJoin Mike and Ken in their discussion about Incident Response and how it fits into the DevSecOps world and arena. Incident Response, logging and monitoring are hard problems to solve and Mike has some strong opinions on how to leverage and use native tooling to prepare and respond to incidents in your environment. Understanding logs, what to do with them, and how to filter through all of the noise are all covered in this episode. Mike and Ken also mention some tools and techniques you can start using for free today. Apologies for the Canine background, both dogs joined us for the episodeSome links from this episode:OWASP Cloud Top 10:https://owasp.org/www-pdf-archive/OWASP_Cloud_Top_10.pdfElectric Eye:https://github.com/jonrau1/ElectricEye

Send us a textWe dive back into bringing guests onto the show focusing on real problems with real people on the ground. In this episode, we are joined by Hecber Cordova, Director of Cloud Security at RBC. He shares insights around growth into DevSecOps, developing empathy with your engineering teams, creating cloud patterns, paved paths, and building secure architectures from the ground up. If you're interested in hearing from someone who has built strong security cultures in large institutions this is an episode to listen to!Links mentioned on the show:https://cloudseclist.com/https://cloudsecurityforum.slack.com

Send us a textIn this episode, Mike and Ken will dive deep into the world of ChatGPT and explore how it can be used to generate code for developers and operations teams. They'll discuss the benefits and drawbacks of relying on AI for security, and how it can be used to improve the security posture of your organization.But that's not all - Mike and Ken will also explore the challenges that come with scripting examples such as terraform, AWS, Azure, and python scripting for data structures. They'll share their experiences and insights into how you can overcome these challenges and succeed in your secure development and operations journey.So, buckle up and get ready for a high-energy, fast-paced episode that digs into how you might lean on ChatGPT for your DevSecOps Workloads... or maybe not!

Send us a textIn this episode, our hosts recap the Global OWASP AppSec Dublin conference and share insights into interesting talks about DevSecOps. They delve into the challenges and opportunities that come with securing modern applications in a dynamic and ever-changing landscape. The hosts also share their frustrations with application security vendors in the space and discuss potential solutions to overcome these challenges. Along the way, they also share their experiences in Dublin. Tune in for a candid and engaging conversation about DevSecOps, the future of application security, and the Irish experience.To view the talks from Global OWASP AppSec Dublin check out their playlist here:https://youtube.com/playlist?list=PLpr-xdpM8wG8479ud_l4W93WU5MP2bg78&si=EnSIkaIECMiOmarE 

Send us a textToday's episode covers one of the most common problems for software development teams and their security partners. Application Inventory. App Inventory brings to mind different struggles and difficulties for teams and even Ken and Mike have a few different experiences in approach. The team breaks apart some differences between asset inventory, software constellations, service discovery, and api security.If you want to meet and greet, come see us in Ireland at OWASP Global Dublin 2023!

Send us a textHappy New Year! Another year of DevSecOps fun as we head into an unpredictable and volatile security market, Ken and Mike talk hiring and the struggle between having a ton of talented passionate junior talent and a security mission that requires experienced individuals with a limited budget. Inadequate staffing, the reality of security vs engineering budgets, bridging the talent gap with internships and an all call to organizations to fund security programs are all hot topics in the first episode of the new year.If you're looking to think about some new approaches to hiring, or you're just curious about how to hire security staff without security staff to begin with, give us a listen

Send us a textWe hope all of the turkey comas have worn off! These holiday delays are almost over, and in the meantime here we are with the second part of how security verticals fit into the great sprawling world of DevSecOps! Mike and Ken discuss migration fro on prem to cloud and how this shift has had a tremendous effect on the perception of data security. It's become easier and easier to spin up data storage solutions in cloud and infrastructure as code, but it's lead to some common and repeated mistakes that rear their ugly heads. Now the responsibility of spinning up servers, managing credentials, encrypting data at rest and in transit falls on software engineering shoulders, and with that we're learning that some of those lessons DBAs learned ages ago are back with a vengeance.