DSO Overflow

DSO Overflow S3EP5Workload authentication and authorisation using SPIFEE and OPAwithCharlie EgainIn this episode, Steve, Jess and I are joined by Charlie Egan, developer advocate and Styra to talks to us about using SPIFFE (Secure Production Identity Framework For Everyone) and OPA (Open Policy Agent) to authenticate and authorise workloads. Charlie explains what SPIFFE is, how to start using it, and the challenges it helps organisations overcome.Resources mentioned in this podcast:Charlie's LinkedIn profileSPIFFEOPADSO Overflow S1Ep7 on Open Policy AgentDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud,, Apiiro, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

In this episode, Steve, Jess and Glenn met with Michael Man, the founder of the DevSecOps London Gathering and this podcast, to chat about how it all started and the principles and philosophy of the Gathering. We reminisce about some key moments as well as discussing Michael's decision to step down from running the events and the podcast.We hope you enjoy listening to this episode as much as we enjoyed recording it.DSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.Michael's LinkedIn ProfileThis podcast is brought to you by our sponsors:  Prisma Cloud,, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

DSO Overflow S3EP3Leveraging Systems ThinkingwithSimon CopleyIn this episode, Steve, Jess and I are joined by Simon Copsey who talks to us about taking a systems thinking approach to improving organisational performance. He tells us among other things, about challenging assumptions, identifying, understanding and managing constraints, and how important it is to recognise cognitive dissonance.Resources mentioned in this podcast:Simon's LinkedIn profileCurious Coffee ClubGoldratt's Rule of FlowThe Unicorn ProjectThe GoalDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud, Contrast Security, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

DSO Overflow S3EP2Cloud SecuritywithPaul SchwarzenbergerIn this episode, Steve and I are joined by Paul Schwarzenberger who talks to us about cloud providers, cloud security and an OWASP project he has recently started working on. We hear about Paul's journey into cloud security, his views on certification programmes, and he warns us of the security traps that await us when working with cloud technologies.Resource mentioned in this podcast:OWASP 2023 Global AppSec in DublinOWASP Domain Protect projectPaul's LinkedIn profileDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud, Contrast Security, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

DSO Overflow S3EP1CVE, CVSS and the Land of Broken DreamswithFrancesco CipolloneIn this episode, Steve and Glenn are joined by Francesco 'Frank' Cipollone CEO and Founder of AppSec Phoenix. Frank talks about CVEs, CVSS scoring and how they create too much noise to be effective in helping organisations improve their security posture. We hear Frank speak about contextualisation and risk as a means to improve security within your organisation.Resource mentioned in this podcast:AppSec Phoenix websiteFrank's Cyber Security and Cloud PodcastWhitepaper on vulnerability managementDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud, Contrast Security, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

DSO Overflow S3EP5Security DifferentlywithMario Platt from LastPassIn this episode Glenn Wilson and Steve Giguere sit down with Mario Platt to discuss how the current paradigm of doing security is not working. Taking lessons from how safety is managed within a physically demanding role, Mario examens why compliance is failing and how we need to build a new model based on resilience.Resources mentioned in this podcast:Mario's presentation given at DSO LG in May 2022Rasmussen paper Rasmussen, J. (1997). Risk management in a dynamic society: A modelling problem. Safety Science, 27(2-3), 183-213Dekker, S. (2015)”Safety Differently - Human Factors for a new era”, Ashgate PublishingDecluttering your security management systemRasmussen's Systemic Risk Modelling and Cyber SecurityWhy our security policies are a business liability and what to do about itDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

DSO/Overflow S2EP4Cloud Security at LargewithAshish Rajan and Shilpi Bhattacharjee from the Cloud Security Podcasthttps://cloudsecuritypodcast.tv/https://twitter.com/cloudsecpod?lang=enhttps://www.youtube.com/c/CloudSecurityPodcast?sub_confirmation=1Watch on YouTube: https://youtu.be/HV6iJReLoXEIn the episode, Jessica Cregg sits with Ashish and Shilpi and breaks the 4th wall about their mega successful Cloud Security Podcast, what advocacy means, and the state of Cloud Security at large.  DSO/Overflow is a DevSecOps London Gathering production.  Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprouthttps://open.spotify.com/show/0XVk0AKg26yLTCMMwkIA7mThis podcast is brought to you by our sponsors:  Prisma Cloud and SysdigYour HostsSteve Giguere: linkedin.com/in/stevegiguereGlenn Wilson: linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our websiteFor more about DevSecOps London Gathering check outhttps://dsolg.com

Or Weis, CEO of Permit.io, discusses Full Stack Permission as a Service and the importance of simplifying access control for secure infrastructure. Topics include zero-trust architecture, challenges in access control interfaces, graph-based solutions for vulnerability prioritization, and strategies for implementing multi-tenancy in modern applications. The podcast also explores analogies between Dune's spice and software authorization for safe navigation.

In this episode, Nathan and Chris talk about VPP, Calico, CNI and Service Mesh architecture. We will learn how VPP can enhance security and performance of your K8s clusters and the benefits of using Calico.BiosChris Tomkins - Chris is lead developer advocate at Tigera, where he champions user needs to support Project Calico’s users and contributor community. He has worked in networking since 2000. After realising that a per-device CLI is not a scalable solution for a large environment, he took an early interest in infrastructure-as-code approaches and large-scale automation and continues to have a special interest in pursuing technologies in these areas. You can reach Chris on Twitter @tomkinsda and LinkedIn https://www.linkedin.com/in/cdtomkins/ Nathan Skryypczak - Nathan is a software engineering at Cisco focusing on container networking & cloud app performance. After spending some time deploying & scaling web applications he took interest in converting his love for script based infras into cloud native approaches, and now contributes to the building blocks of line rate container networking. He’s a maintainer of the Calico/VPP integration, and of the QUIC stack & the cNAT in VPP.You can reach Nathan via LinkedIn https://www.linkedin.com/in/sknatThis podcast is brought to you by our sponsors:  Prisma Cloud and DynaminetYour HostsSteve Giguere: https://www.linkedin.com/in/stevegiguere/Glenn Wilson: https://www.linkedin.com/in/glennwilson/DevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website https://dsolg.com

Episode SummaryIn this episode, Nigel gives his views on the current state of DevOps adoption, the role of security in DevOps, and gives us some clues from the State of DevOps Report 2021 that will help organisations accelerate their DevOps journey.Nigel's BioNigel is a Field CTO at Puppet where he is responsible for bringing product knowledge and a senior technical operations perspective to Puppet field teams and customers, working on services strategy and representing the customer back into the product organization. He works with many of Puppet’s largest customers on the cultural and organizational changes necessary for large scale DevOps implementations. He has been deeply involved in Puppet's DevOps initiatives, and regularly speaks around the world about the adoption of DevOps in the enterprise and IT organizational transformation.Episode LinksState of DevOps Reports:  https://puppet.com/resources/?refinementList%5Btype%5D%5B0%5D=Report&page=1&configure%5BhitsPerPage%5D=18Nigel's LinkedIn: linkedin.com/in/nigelkerstenNigel's Twitter: @nigelkerstenThis podcast is brought to you by our sponsors:  Prisma Cloud and DynaminetYour HostsSteve Giguere: https://www.linkedin.com/in/stevegiguere/Glenn Wilson: https://www.linkedin.com/in/glennwilson/DevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website https://dsolg.com