Relating to DevSecOps

Send us a textIt's been tough getting together with the end of year madness, but we're back again after another unanticipated delay. In this episode, we take some time to cover how IAM fits into the greater idea and methodology of DevSecOps. We cover how we think of IAM in today's code driven world and go through some thoughts, opinions, and scenarios around IAM. In the next few episodes we'll be covering how other security verticals like data, incident response, and endpoint detection/response meet application and cloud security horizontals.Videos are coming before end of year! Keep an eye on our youtube channel for live exercisesDon't judge Ken on his choice of Almond Joy as a superior Halloween candy

The hosts dive into the intricacies of threat modeling, sharing personal experiences and practical strategies. They highlight its crucial role in shift left security, dispelling common myths. The importance of collaboration across teams is a key focus, alongside maintaining accurate architecture diagrams for microservices. They discuss the challenges of cloud-native applications and the necessity of human expertise in threat modeling. Finally, skilled architects are portrayed as essential in mitigating risks, along with the potential for automating certain aspects.

Send us a textOne thing Mike and Ken have talked about at length at conferences, in board rooms, and in team chats is migrating workloads to the cloud security. Join them as they discuss the migrating patterns, how they vary between your favorite cloud service providers, and just where security fits into the whole mess. From on prem, refactoring, lift and shifted, native cloud workloads, or just someone else's computer, we have enough buzzwords to knock your socks off this time around

Send us a textWe are BACK! after a hiatus of vacations, illness, and family gatherings, but while we may have been absent we are at no shortage of words to say and hope you enjoy our conversation about Kubernetes and the variety of flavors cloud service providers have to offer. From EKS through GKE and AKS we cover security concerns and challenges we've seen in the last few months. We talk about why teams choose to implement one of the other and how you might think about locking down your own Kubernetes instances. Through that we try to keep the humor alive and our listeners engaged!

Send us a textMike and Ken take it back to the roots with a special anniversary episode on what is DevSecOps. Since we started this podcast we've had a lot of topics that fit the overall DevSecOps buzzsord, but in this episode we talk about some of the evolution DevSecOps has gone through, how it's perceived in the industry and market today and some hot takes on what's changed. The good, the bad, and the ugly. We leave it to you to decide, has DevSecOps lost it's marketing shine and buzzword status?

Send us a textMike and Ken are BACK after a small hiatus and they jump into hot takes on multi-cloud. What does multi-cloud even mean? How does it differ from hybrid cloud, private cloud, or even just the status quo data center. The hosts discuss integration of products and projects into a multicloud deployment, security concerns associated with the approach, and how it differs from  the horrors and challenges in private cloud and hybrid cloud. The team talks resources, talent, hiring, and what challenges they've faced over time shifting organizations into cloud deploymentsAs the passion increases, hot takes on hot takes manifest and a discussion of cloud unicorns ensues. We hope you enjoy!

Send us a textKen had a chance to attend a blockchain conference for Solana out in Miami and Mike hops into the interviewer seat.  We talk about some differences between the approach. With a heavy builder community we chat through the build it on site mentality of Solana devs and the driving market that is new and novel blockchain ecosystems. From new projects, industry verticals, and everything from gaming to sports betting. We give you some hot takes and first looks at Solana Miami.

Send us a textIn this Episode we talk about the differences in code review depending on role and how you can be a better code reviewer on the "blue" side. Sometimes security tends to think in breaks and hacks, but we talk about how to think and act like a secure developer. Continuing the theme of systemic fixes, we discuss how difficult it can be to review small segments of code without context, how code reviews change when you move internal, and what you can do about it.

Send us a textA continuing trend in cloud and application security has been the modularization of application functions that offloads the developer responsibility for security and even some development! We cover how these cloud legos affect secure architectures, how the assessment paradigm shifts to configuration, how traditional silos such as #cloudsec, #netsec, and #appsec change. Mike brings a real world scenario and provoking thoughts around how we can possibly call something secure if we don't understand all the cards and players. In this episode Mike coins the phrase of holistic medicine in cloud. As long as we can beat Whole Foods to the punch.

Send us a textIn this episode we introduce the general concepts of security in cryptocurrency in blockchain, what we see in our day to day with regard to application security and devsecops. We cover developer personas, cloud, centralized organizations, the difference in transparency, compliance, and frustrations as Mike grills Ken and teases out a tangent or two.