DSO Overflow

DSO Overflow S3EP7Open Source Cloud SecuritywithMatt JohnsonIn this episode, Steve, Jess and I are joined by Matt Johnson, developer advocate at Palo Alto Networks to talk to us about open source cloud security. Matt is a Developer Advocate for all things cloud security and open source at Prisma Cloud (part of Palo Alto). Hobbyist pentester, network and container geek, he specialises in Cloud Infrastructure and developer ecosystem security. Matt introduces us to the Checkov and Yor open source projects and talks about how AI may affect cloud security in the future.Resources mentioned in this podcast:Matt's LinkedIn profileCheckovYorCICD Goat on GitHubKubernetes Goat on GitHubDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud,, Apiiro, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

DSO Overflow S3EP6Notes from JapanwithJohn WillisIn this episode, Glenn is joined by John Willis, DevOps advocate and co-author of the DevOps Handbook to talk about our recent trip to Japan in which we visited a number of organisations to gain an understanding of lean principles. Listen to John as he shares his views of the trip and what he learned about quality, community, society and of course, Deming.Resources mentioned in this podcast:John's LinkedIn profileJohn's Profound Deming blogJohn's lates book on DemingThe DevOps HandbookDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud, Apiiro, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

DSO Overflow S3EP5Workload authentication and authorisation using SPIFEE and OPAwithCharlie EgainIn this episode, Steve, Jess and I are joined by Charlie Egan, developer advocate and Styra to talks to us about using SPIFFE (Secure Production Identity Framework For Everyone) and OPA (Open Policy Agent) to authenticate and authorise workloads. Charlie explains what SPIFFE is, how to start using it, and the challenges it helps organisations overcome.Resources mentioned in this podcast:Charlie's LinkedIn profileSPIFFEOPADSO Overflow S1Ep7 on Open Policy AgentDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud,, Apiiro, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

In this episode, Steve, Jess and Glenn met with Michael Man, the founder of the DevSecOps London Gathering and this podcast, to chat about how it all started and the principles and philosophy of the Gathering. We reminisce about some key moments as well as discussing Michael's decision to step down from running the events and the podcast.We hope you enjoy listening to this episode as much as we enjoyed recording it.DSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.Michael's LinkedIn ProfileThis podcast is brought to you by our sponsors:  Prisma Cloud,, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

DSO Overflow S3EP3Leveraging Systems ThinkingwithSimon CopleyIn this episode, Steve, Jess and I are joined by Simon Copsey who talks to us about taking a systems thinking approach to improving organisational performance. He tells us among other things, about challenging assumptions, identifying, understanding and managing constraints, and how important it is to recognise cognitive dissonance.Resources mentioned in this podcast:Simon's LinkedIn profileCurious Coffee ClubGoldratt's Rule of FlowThe Unicorn ProjectThe GoalDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud, Contrast Security, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

DSO Overflow S3EP2Cloud SecuritywithPaul SchwarzenbergerIn this episode, Steve and I are joined by Paul Schwarzenberger who talks to us about cloud providers, cloud security and an OWASP project he has recently started working on. We hear about Paul's journey into cloud security, his views on certification programmes, and he warns us of the security traps that await us when working with cloud technologies.Resource mentioned in this podcast:OWASP 2023 Global AppSec in DublinOWASP Domain Protect projectPaul's LinkedIn profileDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud, Contrast Security, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

DSO Overflow S3EP1CVE, CVSS and the Land of Broken DreamswithFrancesco CipolloneIn this episode, Steve and Glenn are joined by Francesco 'Frank' Cipollone CEO and Founder of AppSec Phoenix. Frank talks about CVEs, CVSS scoring and how they create too much noise to be effective in helping organisations improve their security posture. We hear Frank speak about contextualisation and risk as a means to improve security within your organisation.Resource mentioned in this podcast:AppSec Phoenix websiteFrank's Cyber Security and Cloud PodcastWhitepaper on vulnerability managementDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud, Contrast Security, and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

DSO Overflow S3EP5Security DifferentlywithMario Platt from LastPassIn this episode Glenn Wilson and Steve Giguere sit down with Mario Platt to discuss how the current paradigm of doing security is not working. Taking lessons from how safety is managed within a physically demanding role, Mario examens why compliance is failing and how we need to build a new model based on resilience.Resources mentioned in this podcast:Mario's presentation given at DSO LG in May 2022Rasmussen paper Rasmussen, J. (1997). Risk management in a dynamic society: A modelling problem. Safety Science, 27(2-3), 183-213Dekker, S. (2015)”Safety Differently - Human Factors for a new era”, Ashgate PublishingDecluttering your security management systemRasmussen's Systemic Risk Modelling and Cyber SecurityWhy our security policies are a business liability and what to do about itDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout.This podcast is brought to you by our sponsors:  Prisma Cloud and SysdigYour HostsSteve Giguere linkedin.com/in/stevegiguereGlenn Wilson linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our website.For more about DevSecOps - London Gathering check out https://dsolg.com

DSO/Overflow S2EP4Cloud Security at LargewithAshish Rajan and Shilpi Bhattacharjee from the Cloud Security Podcasthttps://cloudsecuritypodcast.tv/https://twitter.com/cloudsecpod?lang=enhttps://www.youtube.com/c/CloudSecurityPodcast?sub_confirmation=1Watch on YouTube: https://youtu.be/HV6iJReLoXEIn the episode, Jessica Cregg sits with Ashish and Shilpi and breaks the 4th wall about their mega successful Cloud Security Podcast, what advocacy means, and the state of Cloud Security at large.  DSO/Overflow is a DevSecOps London Gathering production.  Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprouthttps://open.spotify.com/show/0XVk0AKg26yLTCMMwkIA7mThis podcast is brought to you by our sponsors:  Prisma Cloud and SysdigYour HostsSteve Giguere: linkedin.com/in/stevegiguereGlenn Wilson: linkedin.com/in/glennwilsonJessica Cregg linkedin.com/in/jessicacreggDevSecOps - London GatheringKeep in touch with our events associated with this podcast via our websiteFor more about DevSecOps London Gathering check outhttps://dsolg.com

Or Weis, CEO of Permit.io, discusses Full Stack Permission as a Service and the importance of simplifying access control for secure infrastructure. Topics include zero-trust architecture, challenges in access control interfaces, graph-based solutions for vulnerability prioritization, and strategies for implementing multi-tenancy in modern applications. The podcast also explores analogies between Dune's spice and software authorization for safe navigation.