Relating to DevSecOps

Send us a textIn this episode we cover another security perspective on logging and monitoring in the cloud as opposed to web applications specifically. We dive into Mike's view on how logs and software defined infrastructure evolve in the world of incident response and detection today. With the propagation of infinitely scalable cloud environments, we dive into ways to wrangle logs and make sense of the information these environments generate. Whether it's automation or filtering, we get this conversation started with the cloud side of DevSecOps

Send us a textIn this episode Mike and Ken talk about the magic of software defined things and how skill crossover is becoming a thing of the future. Maybe history is repeating itself. Whether it's endpoint detection and response, physical security, disaster recovery, networks, or a firewall, it seems like everything has a software defined equivalent. Developers and Application Security engineers are being called on more and more to know things they didn't have to even 5 years ago. The team digs into this topic by looking at it through two lenses, what skills engineers need, and how software deals its own set of pros and cons in cloud and modern infrastructure.

Send us a textHappy New Year from R2DSO as we head into 2022. In this Episode we bring back Michael McCabe for a more permanent role on the show! Super exciting for us and hopefully for you. We talk about our plans for the future of the show including interactive components, video, and expansion on the existing repository. We also take some time to talk about trends in security skills that organizations are looking for and what types of programming languages are hot in the industry right now. Join us for a light-hearted come back as we jump into talent, technical skills, and predictions for 2022

Send us a textIn this alliterative episode we bring back Mike McCabe to wrap up a security year in consulting with common trends and successes in security. On the back of Ken and Mike's talk at LASCON 2021, these two break down some of the common security themes from clients and scenarios that highlight just how we've progressed in an almost fully remote year of work. AppSec programs, maturity, compliance, transferring risk, and infrastructure as code are just a few of the topics we chat through We know it's been a while since we've laid down some content, but we are excited to bring Mike on for more and more as we get into 2022 content.

Send us a textWe've had a bit of an end of year rush so just wanted to give listeners a preview of what's to come in the next few episodes. We're laying down the tracks now and should have something out the door early December. Thanks for all of your support and feedback. We're looking forward to getting back into the studio!

Send us a textWe know, we know! It's been too long between episodes, but we had some speaking engagements, conferences, and general life going into November and here we are.In this episode we cover unit testing, what it means to security vs what it means to engineers and some learning along the way as we dig into what makes a good unit test. All to often security engineers are telling development teams they need to write security unit tests, but they don't say how or what to write. We go through definitions, potential examples, and a bit of debate on this riveting nerd out of an episode of R2DSO.

Send us a textIn this episode we squeeze one more git topic out with an attack through a PR. Based on a recent article posted on https://cloudseclist.com/ we thought it fit the series pretty well and put a nice capstone on everything.  You can read the article we reference yourself at https://goteleport.com/blog/hack-via-pull-request/ This episode is full of hot takes and rambling, but we thought we ended in a good place even if we went through a few roundabout analogies to get there. Learn more about how security relates to building a house, robbing a bank, and fixing your kitchen sink.

Send us a textBad puns end this series with branching strategies and git. We start with Simon's preferred approach from a product engineering strategy for branching and why it works for him. Then we talk about some of the common issues that occur due to strategies that are not optimized for the organization running them. Some of these include over engineering, cultural frustrations, re-work, and security bugs! Join us for the capstone of the git series in 2021, hope you enjoy the listen

Send us a textIn this episode we cover a few technical topics, but primarily how to get started with getting security into your git pipeline through git hooks, pre-commit strategies, secrets analysis, and scan automation. We also cover some best practices that help engineers and developers stay security minded throughout their time in the repository. We hope you have as much fun listening as we did recording!

Send us a textWe head into an unknown number of episodes around git. In this episode we introduce git and common security concerns to folks who may be unfamiliar with either. Git is an essential skill for security practitioners and engineers and sometimes we're just winging it when it comes to doing things right (or at least our opinion of right). We cover differences between rebase and merge, common commands that become problems down the road, and some problems we've face in our careers with using, evaluating, and analyzing code in a repo.