DSO Overflow

In this episode, Steve and Glenn speak with Ed Tucker and Gary Robinson about the differences between DevSecOps personas.DevSecOps Personas – what Developers, Security, and Operations think when it comes to people/tech/processes/culture when it comes to rolling out DevSecOps programs.  Each of these teams have different drivers, ambitions, blockers, and challenges when it comes to a successful DevSecOps program.  As Dale Carnegie said, ‘The only way to get anyone to do anything, is to make them want to do it’ -  all the tech and process in the world isn’t going to make it successful if the people and culture (and heart) are not in it.   So let’s share what we’ve seen from 100s of company interactions, understand better where everyone is coming from, and how to approach a DevSecOps program that can move the needle like Marty McFly playing Doc Brown’s guitar.   We’ve love this to be interactive, so bring your stories and questions.Gary Robinson has been working in software and cyber security for 20+ years, as a coder, pen tester, consultant, Security Architect at Citi, Global Board member at OWASP, and heading up Uleska to focus on DevSecOps for the last 5 years.  Gary’s focused on the people, process, technology, and culture aspect of DevSecOps – as someone who’s worked in all three spaces during his time – and what drivers, blockers, etc each experience with ‘DevSecOps’, ‘shift-left’, ‘secure by design’, and the rest.Ed Tucker is an exceptional Cyber Security leader, with extensive knowledge across most sectors, as a defender, vendor, consultant and founder.  He was the 2017 European Chief Information Security Officer of the Year, UK Security Professional of the Year, and Security Leader of the Year and has been globally recognised for his vision and delivery.Your HostsSteve Giguere: https://www.linkedin.com/in/stevegiguere/Glenn Wilson: https://www.linkedin.com/in/glennwilson/DevSecOps - London GatheringKeep in touch with our events associated with this podcast.https://www.meetup.com/DevSecOps-London-Gathering/https://twitter.com/DevSecOps_LGhttps://www.youtube.com/c/DevSecOpsLondonGathering

Title: Threat Modeling - A Manifesto And Some CodeThreat Modeling: Why we think it matters for you, and how you can implement it in your organization.Modeling: How to model your system in an expressive way.Eliciting threats: What are some of the major approaches in use and how can it be done closer to the developer and at Agile speed.Evolution: Automated threat analysis using an open source tool (pytm). We will talk through the making of pytm and then do a demo.Guest SpeakersMatthew Coles (he/him) is a security professional focused on the security of physical devices and the ecosystems and processes that enable them to operate. He has a MSc in Computer Science from Worcester Polytechnic University (USA), and maintains a CSSLP certification.https://www.linkedin.com/in/matthew-coles-4330652/Izar Tarandach (he/him) has peeked and poked at security from various sides over the last couple of decades, currently focusing on modern SDLC's and how AppSec extrapolates onto the larger scheme of Security. He has a MSc in Computer Science/Security from Boston University (USA).https://www.linkedin.com/in/izartarandach/Izar and Matt have collaborated on security techniques and training for the past 10 years, co-authoring a book on Threat Modeling, are founding members of the Threat Modeling Manifesto, and created and maintain an open source threat modeling automation system, pytm.Your HostsMichael Man: https://www.linkedin.com/in/mman/Glenn Wilson: https://www.linkedin.com/in/glennwilson/DevSecOps - London GatheringKeep in touch with our events associated with this podcast.https://www.meetup.com/DevSecOps-London-Gathering/https://twitter.com/DevSecOps_LGhttps://www.youtube.com/c/DevSecOpsLondonGathering

Application security testing ... top tips to achieve more SASTisfaction from your tooling.ReferencesYoutube Channel: AppSecEngineerYoutube Channel: we45OSSF ScorecardPlease visit our YouTube Channel to see Florin present in our July 2021 Gathering (monthly meet-up).Guest SpeakersFlorin CoadaI've been working in the Application Security testing space for the last eight years. I was lucky enough to experience many customer environments and different testing technologies (SAST, DAST, IAST, SCA). Over the years, I became more interested in SAST, and I am currently working as a product manager in this space. One of my areas of personal interest is how we enable developers to become more independent and get security teams to trust them more. I'm always up for a talk about security, gaming and a combination of both.https://www.linkedin.com/in/florincoada/Abhay BhargavAbhay is the CEO of we45, a focused Application Security company. He's a renowned application security expert and a leader in the domain of DevSecOps. Abhay brings with him, a rich experience with working on complex security engagements, from penetration testing to security architecture reviews to compliance consulting.https://www.linkedin.com/in/abhaybhargav/Your HostsMichael Man: https://www.linkedin.com/in/mman/Glenn Wilson: https://www.linkedin.com/in/glennwilson/DevSecOps - London GatheringKeep in touch with our events associated with this podcast.https://www.meetup.com/DevSecOps-London-Gathering/https://twitter.com/DevSecOps_LGhttps://www.youtube.com/c/DevSecOpsLondonGathering

Extended Berkeley Packet Filter (eBPF) allows us to tap into the kernel to implement monitoring, observability, networking, and security.  In this episode, we invited Chris Kranz and Liz Rice to discuss the usage and adoption of eBPF within Cloud Native solutions.Referenceshttp://www.brendangregg.com/https://nathanleclaire.com/https://github.com/iovisor/bpftracehttps://ebpf.io/what-is-ebpfhttps://github.com/lizrice/ebpf-beginnerseBPF for Windows: https://www.youtube.com/watch?v=LrrV-eo6fugCommunity: http://slack.cilium.io/eBPF Summit 2021https://ebpf.io/summit-2021/Please visit our YouTube Channel to see Chris present in our June 2021 Gathering (monthly meet-up).Guest SpeakersChris KranzChris supports the Sales Engineering team in EMEA at Sysdig, helping make cloud native easier and more secure for Sysdig customers. Before joining Sysdig, he spent time building microservices and cloud applications with various end users, and before that lived a life of cloud, virtualisation and storage!https://www.linkedin.com/in/ckranz/@ckranzLiz RiceLiz is focused on containers, cloud native technologies, security and distributed systems, and  heavily involved in open source as the chair the Technical Oversight Committee of the Cloud Native Computing Foundation (CNCF), and an ambassador for OpenUK.https://www.linkedin.com/in/lizrice/@lizriceYour HostsMichael Man: https://www.linkedin.com/in/mman/Glenn Wilson: https://www.linkedin.com/in/glennwilson/DevSecOps - London GatheringKeep in touch with our events associated with this podcast.https://www.meetup.com/DevSecOps-London-Gathering/https://twitter.com/DevSecOps_LGhttps://www.youtube.com/c/DevSecOpsLondonGathering

Learning or knowing what to study in the field of security is a tough subject in it's own right.  Join us with Marcus and Josh where we understand what best practices they follow them.Please visit our YouTube Channel to see Marcus present in our May 2021 Gathering (monthly meet-up).Guest Speakers:Marcus Maxwell:Marcus Maxwell is a Principal Consultant at Contino. He has spent the last 5 years helping large enterprises with building out their Kubernetes clusters, migrating to cloud and most recently with the cloud security programmes. Marcus has given talks before at AWS Loft, DevSecOps - London Gathering, Docker London and more.https://www.linkedin.com/in/marcusmaxwell/@mindful_monkJosh ArmitageKnown for a booming voice and distinct lack of a sense of humour, Josh works as a consultant after spending time with everything from mainframes to machine learning and kubernetes. Having split his life half in the UK, half in Australia, he's now back in London helping regulated enterprises embrace lean software development, cloud native architectures and team happiness as a true north metric.https://www.linkedin.com/in/josh-armitage-b7825a41/@JoshArmiYour HostsMichael Man: https://www.linkedin.com/in/mman/Glenn Wilson: https://www.linkedin.com/in/glennwilson/DevSecOps - London GatheringKeep in touch with our events associated with this podcast.https://www.meetup.com/DevSecOps-London-Gathering/https://twitter.com/DevSecOps_LGhttps://www.youtube.com/c/DevSecOpsLondonGathering

Join us to explore and learn what is Security Chaos Engineering with two of the leading figures in this field Aaron Reinhart and Kennedy Torkura.If you missed the Gathering watch the meet-up here.References: Aaron ReinhartChaos Engineering: System Resiliency in PracticeSecurity Chaos EngineeringReferences: Kennedy TorkuraSecurity-Chaos-Engineering-for-Cloud-ServicesFrom Dependability to Resilience → Security Chaos Engineering for Cloud ServicesRisk-Driven Fault Injection: Security Chaos Engineering for the Fast & FuriousContact Details:Aaron Reinhart: https://www.linkedin.com/in/aaronsrinehart/Kennedy Torkura: https://www.linkedin.com/in/aondona/ Your HostsMichael Man: https://www.linkedin.com/in/mman/Glenn Wilson: https://www.linkedin.com/in/glennwilson/DevSecOps - London GatheringKeep in touch with our events associated with this podcast.https://www.meetup.com/DevSecOps-London-Gathering/https://twitter.com/DevSecOps_LGhttps://www.youtube.com/c/DevSecOpsLondonGathering

DevOps meets Security.London DevOps meets DevSecOps - London Gathering. https://www.meetup.com/London-DevOps/Speakers Bio:Matt Saunders is a technical operations leader, using Devops and continuous delivery to help teams deliver quality software quickly and efficiently. He is also co-organiser of the London DevOps meetup - a group with over 8,000 members which meets monthly.https://www.linkedin.com/in/msaunders/Marc Cluet is a Senior Partner Solutions Engineer at Hashicorp and has over 25 years of experience in the Industry. Heis one of the organisers of London DevOps which is the second biggest DevOps meetup in the world, he also helps organise DevOps Exchange Barcelona and Barcelona Big Data and is a DevOps Institute Ambassador.https://www.linkedin.com/in/marccluet/

We have the pleasure to have Steve Giguere and Michael Foster, the hosts from Clust3rF8ck, to share with us their experience cramming in all the relevant materials to take both the CKA (Kubernetes Administrator) and CKS (Kubernetes Security Specialist) examshttps://www.twitch.tv/clust3rf8ckhttps://www.cncf.io/certification/cka/https://www.cncf.io/certification/cks/Speakers Bio:Steve Giguere is a dedicated DevSecOps community champion, securing cloud native applications. In addition to Clust3rF8ck, he has a podcast called CoSeCast and represents the UK at playing Ultimate Frisbee.https://www.linkedin.com/in/stevegiguere/https://twitter.com/_SteveGiguere_Michael Foster is a Cloud Native Advocate at StackRox, a Kubernetes native security application. Michael's consulting background instilled the importance of selecting the right tool for the job and creating healthy communities for growth. His work allows him to review, discuss, and contribute to the CNCF ecosystem through various media forms.As a co-organizer of the Kubernetes & Cloud Native Security Meetups, Michael enjoys helping people become more security-focused during their Cloud native journey.https://www.linkedin.com/in/mfosterche/https://twitter.com/IdealUsrname

In this episode we invited Anders from the Open Policy Agent project and Alex one of the masterminds behind a new opensource project called KICS.OpenSource ProjectsKICS - Keep your Infrastructure as Code Secure: https://kics.io/Styra Academy: https://academy.styra.com/Rego Playground: https://play.openpolicyagent.org/Official Docs: https://www.openpolicyagent.org/docs/latest/OPA Blog: https://blog.openpolicyagent.org/Guest Detailshttps://www.linkedin.com/in/anderseknert/https://www.linkedin.com/in/roichman/

In this episode I have the pleasure of talking to James and Corcoran - two very talented individuals when it comes to Infrastructure as Code as well as all things DevOps; in addition we have Barak the CTO of Bridgecrew the company behind the opensource project - CheckovCheckov details:https://www.checkov.io/1.Introduction/Getting%20Started.html### DevSecOps - London Gathering ###https://dso-lg.comhttps://dso-overflow.comAlso follow us on Twitter: @DevSecOps_LG