Relating to DevSecOps

Send us a textSimon, Ken, and Jamieson ponder what Security Operations brings to the table and discuss some of the misconceptions around responsibilities of security operations folks in the wild. A high-level episode exploring what SecOps means, and how it fits into the overall security dynamic of DevSecOps. We touch on the direction of the industry in SOAR and hit on the immaturity of SecOps in organizations as compared to other operations teams. We do hope you enjoy

Send us a textWith Jamieson out of commission, Simon and Ken chat and relfect on 2020. In this episode we cover some of our favorites and look towards the future with what's to come for DevSecOps in 2021. While Jamieson's there in spirit we take the opportunity to get one last Perl joke in. In 2021 we will be bringing video tutorial content, more guests, and deeper dives into topics with a git repo to follow along. We hope you'll join us for the ride and thanks for a great start!References in this Podcast:Security DevOps book: https://www.manning.com/books/securing-devopsDevSecOps Certs: https://www.practical-devsecops.com/certified-devsecops-professional/Tensorflow: https://www.tensorflow.org/

Send us a textIn our final episode of 2020 we dive into chaos engineering tools with a focus on security and unpack the differences between penetration testing, security testing, and chaos engineering.  After all, what was 2020 if not a chaos engineering experiment. We each took some time to review this awesome list of chaos engineering resources: https://github.com/dastergon/awesome-chaos-engineering and had a chat about what pulled us in to our respective choices. It's interesting what chaos engineering means depending on who you talk to and I think this sets us up well.Thank you all for listening to Season 1 - See you in 2021!

Send us a textIn this episode we talk about Chaos Engineering, what it is, what it isn't, our thoughts on what chaos really means and how we approach it in our day to day. In this episode we talk about our introductions to chaos engineering and how some of our career activities have related to it in the past. Have you ever done a tabletop exercise, but were dissatisfied with the technical level of it. This episode is for you!References: Jamieson's current read: https://learning.oreilly.com/library/view/chaos-engineering/9781492043850/Ken's current read: https://www.amazon.com/Girl-Decoded-Scientists-Intelligence-Technology-ebook/dp/B07VF1SKPV 

Send us a textWe wrap up this series with a talk through the terraform cdk and our initial reactions of the project and product. We all learned a ton through this journey trying to figure out where and when to use these tools. I think we've all come out of this with a newfound respect to the future of infrastructure as code and hope you've enjoyed listening to us. It's been fun to discover this on the mic!

Send us a textIn our quest to discuss and debate the usefulness of the Terraform CDK we take a pit stop at the Amazon CDK and Cloudformation. All of us have had varying experiences with the trials and tribulations of infrastructure as code, JSON, and YAML. We tease out why and when the CDK or Cloudformation route might be a better or complimentary choice to other platforms. We touch on some security concerns along the way and prep ourselves for the Terraform CDK use case from all 3 perspectives. We've had a pretty good time researching each other's points of view here, and hopefully you enjoy the listen! Thanks for all the support!

Send us a textWe've listened to your feedback and started diving into infrastructure as code starting with terraform, our experiences learning it for fun and for clients. The trials and tribulations of automation in Jamieson's lengthy DevOps career, and where to go to get started with terraform. We cover some of our personal frustrations living with terraform and the real world and discuss how learning something as fast paced as this can be challenging and different depending on whether your a consultant or corporate deploying things engineer. We're also moving to every two weeks and focusing on some more technical topics so we can give you some deeper dives into the material. Let us know what you think!

Send us a textSimon gives his perspective on Cross-Site Scripting (XSS) and we dig into some of the common protections. We also cover different views between front and back end development and where the responsibility lies for teams facing this issue. We start to unpack the importance of the product, context, and user experience as it pertains to browser attacks.

Send us a textJenn Molyneaux joins the crew as the very first guest! ( https://bit.ly/3ctCLJu ). Jenn is a Senior SCRUM Master who brings her wealth of experience and patience to the table to help us all understand how we can work better together. We had a great time recording this one and are excited to start getting more opinions and views on the show. We talk about DevSecOps in Agile/SCRUM, how to handle security issues, how to develop relationships across teams and getting leadership buy-in for your projects. We also get Jenn's opinions on bugs vs vulns, which we all know is a hot topic.

Send us a textSecurity and Engineering go head to head in a conversation about bugs vs vulnerabilities and where we think they should fall in the grand scheme of product development. Unfortunately we threw this one together at the last minute as we had to scramble due to some life events. Keep an eye out for our intended episode next week on Agile/Scrum with Jenn!