Relating to DevSecOps

Send us a textThis episode we riff on some of the hotter topics we discussed during Episode 9 as we cover security misconfigurations, default misconfigurations, and the responsibility of application/infrastructure configs in an organization. We talk about how to best interact with other teams to ensure configurations are manageable, maintained, and in the right hands

Send us a textIn this episode we cover the OWASP Top 10, a popular security awareness document and how DevOps and Product Engineering are typically exposed to it. While it's made waves in the industry we discuss how to use and how not to use this document and give some opinions on categories that fall into the DevSecOps sphere of work. This isn't your typical "What is SQL Injection" episode, so give us a listen and hopefully you come out the other side with a new viewpoint on using the top 10 to help your organization. Also, Ken introduces this episode after a little too much coffee, so in case you're wondering - it does NOT start in 2x speed.

Send us a textThere are so many types of tests across DevSecOps and we try to cover as many as possible from SAST to Contract testing. Simon covers his dislike for test-driven development, Ken talks through writing security tests against requirements, and Jamieson brings automation testing to light with new toolsets and process developments. We all had some preconceived notions going into this, but it was an eye opening and long episode. We hope you enjoy!

Send us a textIn this episode we get back to tech in the DevOps centric topic of Service Mesh. Ken and Simon chat with Jamieson about concerns and first thoughts on service mesh in their respective experiences. If you're looking at spinning up service mesh within your organization or just want to learn more about it this episode gives highlights from different professional perspectives. We end with some ways to pitch this internally to get buy in from departments that may challenge your next push into service mesh.

Send us a textIn this episode we take another people centric approach with Simon Dollo as we explore the difference between developers and product engineers. We explore Simon's engineering history and work to identify more meaningful and effective ways of communicating with people writing code. 

Send us a textIn this episode we discuss product engineering security Easter eggs and try to stay on track talking about how to get other departments and teams to adapt your latest and greatest process, tool, or optimization. The conversation quickly devolves into a side track on documentation where we discuss the pitfalls of traditional documentation tactics in the fast paced world of Agile development and continuous deployment. Speaking of Easter Eggs, Ken's cat makes an earnest request to be a part of the show.

Send us a textThis time on Relating to DevSecOps we cover application logging, how it's viewed by different teams and what those teams are looking to get out of them. We cover some tips and tricks with logging challenges like ACTUALLY implementing a logging standard, the importance of logging severity levels, and the challenge with the appropriate amount to log. Join us for our divergent opinions and challenges we've faced in the real world.

Send us a textStarting on the left side of the SDLC, we talk about Threat Modeling experiences from all perspectives and the fundamental issues with checkbox security. We almost get through a whole episode without making fun of Perl and are still waiting for a Perl developer to reach out and tell us how wrong we are. We attempted to get to application logging perspectives but ran into a timewall. Keep an eye out for Episode #004 as we tackle DevSecOps from both sides.

Send us a textSimon Dollo joins the crew and brings his product engineering perspective to the burning question "What is DevSecOps?" We explore the developer perspective to security and devops and have a little fun with Jamieson's love of Perl as an automation tool. Along the way we figure out a common thread to our introduction to code and dig into collaborating against the challenge of open source software security.

Send us a textJoin us on our first episode of relating to DevSecOps where we introduce the first two co-hosts of 3 recurring players, Jamieson Colburn, representing DevOps. We dig into our definitions of DevSecOps, talk about learning from your colleagues, leveling up your collaboration chops, homelabs, tearing apart electronics in our youth, and Jamieson's love affair with Perl. As the first of many we hope you give us a listen!