Claim OwnershipDSO Overflow
Subscribed: 4Played: 33
Subscribe
© 2025 DSO Overflow
Description
In this podcast, we speak with professionals working in cyber security, software engineering and operations to talks about a number of DevSecOps topics. We discuss how organisations factor security into their product delivery cycles without compromising the value of doing DevOps and Agile.
48 Episodes
Reverse
DSO Overflow S5EP3 AI and auto-remediation with Jonathan Schneider In this episode Jonathan Schneider discusses his path from Netflix to founding Moderne, focusing on large-scale software modernisation. The conversation covers the promise and pitfalls of AI and auto-remediation. Jonathan advocates for empowering developers with self-service, pull-based tooling rather than top-down changes and emphasises collaboration between security and engineering to reduce technical toil so developers can...
DSO Overflow S5EP1 Security the Software Supply Chain with Francois Proulx In this episode, featuring Francois Proulx, a senior product security engineer, we discuss software supply chain security, particularly the security of build pipelines and dependencies. Francois shares insights on defining supply chains, identifying vulnerabilities, threat modeling, and strategies to improve security. The conversation explores topics like the SALSA framework, risk factors in CI/CD pipelines, and redu...
DSO Overflow S4EP7 Managing the risks that really matter with Sam Watkins In this month's episode, Glenn and Jessica speak with Sam Watkins to talk about a new paradigm for managing risks. Sam Watkins is an accomplished engineer working at BT in the UK. Sam is driven by a passion for driving change through the implementation of technological solutions, possessing the expertise in impacting organisational capability and performance, catering to business needs by early adaption of futuristic...
In this episode, Steve, Jess and Glenn met with Michael Man, the founder of the DevSecOps London Gathering and this podcast, to chat about how it all started and the principles and philosophy of the Gathering. We reminisce about some key moments as well as discussing Michael's decision to step down from running the events and the podcast. We hope you enjoy listening to this episode as much as we enjoyed recording it. DSO Overflow is a DevSecOps London Gathering production. Find the audio ve...
DSO Overflow S3EP1 CVE, CVSS and the Land of Broken Dreams with Francesco Cipollone In this episode, Steve and Glenn are joined by Francesco 'Frank' Cipollone CEO and Founder of AppSec Phoenix. Frank talks about CVEs, CVSS scoring and how they create too much noise to be effective in helping organisations improve their security posture. We hear Frank speak about contextualisation and risk as a means to improve security within your organisation. Resource mentioned in this podcast: AppSec Ph...
DSO/Overflow S2EP4 Cloud Security at Large with Ashish Rajan and Shilpi Bhattacharjee from the Cloud Security Podcast https://cloudsecuritypodcast.tv/ https://twitter.com/cloudsecpod?lang=en https://www.youtube.com/c/CloudSecurityPodcast?sub_confirmation=1 Watch on YouTube: https://youtu.be/HV6iJReLoXE In the episode, Jessica Cregg sits with Ashish and Shilpi and breaks the 4th wall about their mega successful Cloud Security Podcast, what advocacy means, and the state of Cloud Security at ...
In this episode, Or Weis talks to us about Full Stack Permission as a Service, why simplifying access control is crucial to creating secure infrastructure and how the use of access control could facilitate a zero-trust architecture. BIO Or is the CEO and co-founder of Permit.io, and co-maintainer and author of open source OPAL.ac. Or is a serial entrepreneur who is passionate about developer tools, previously founding Rookout.com, a leading production debugging solution; and managing Upwards...
In this episode, Nathan and Chris talk about VPP, Calico, CNI and Service Mesh architecture. We will learn how VPP can enhance security and performance of your K8s clusters and the benefits of using Calico. Bios Chris Tomkins - Chris is lead developer advocate at Tigera, where he champions user needs to support Project Calico’s users and contributor community. He has worked in networking since 2000. After realising that a per-device CLI is not a scalable solution for a large environment, he ...
Episode Summary In this episode, Nigel gives his views on the current state of DevOps adoption, the role of security in DevOps, and gives us some clues from the State of DevOps Report 2021 that will help organisations accelerate their DevOps journey. Nigel's Bio Nigel is a Field CTO at Puppet where he is responsible for bringing product knowledge and a senior technical operations perspective to Puppet field teams and customers, working on services strategy and representing the customer back ...
From containers to Kubernetes to cloud, it can be hard enough to keep up with the technologies let alone how to secure them. Rory McCune was there at the inception. Starting as a pen tester looking into containers he has become one of the world's foremost Kubernetes security authorities. In this episode Glenn and Steve talk to him about the early days of containers, the orchestration wars, the first ever Kubernetes CVE and how security chases a technology maturing at bre...
In this episode, Steve and Glenn are joined by Stefania Chaplin to talk about breaking down silos. Bio Stefania Chaplin’s experience within Cybersecurity, DevSecOps and OSS governance means she's helped countless organisations understand and implement security throughout their SDLC. As a python developer at heart, Stefania is always optimising and improving efficiency wherever she goes by scripting & automating processes and creating integrations. Stefania is passionate about DevSecOps a...
In this episode, Steve and Glenn speak with Ed Tucker and Gary Robinson about the differences between DevSecOps personas. DevSecOps Personas – what Developers, Security, and Operations think when it comes to people/tech/processes/culture when it comes to rolling out DevSecOps programs. Each of these teams have different drivers, ambitions, blockers, and challenges when it comes to a successful DevSecOps program. As Dale Carnegie said, ‘The only way to get anyone to do anything, i...
Title: Threat Modeling - A Manifesto And Some Code Threat Modeling: Why we think it matters for you, and how you can implement it in your organization. Modeling: How to model your system in an expressive way. Eliciting threats: What are some of the major approaches in use and how can it be done closer to the developer and at Agile speed. Evolution: Automated threat analysis using an open source tool (pytm). We will talk through the making of pytm and then do a demo. Guest Speakers Matth...
Application security testing ... top tips to achieve more SASTisfaction from your tooling. References Youtube Channel: AppSecEngineerYoutube Channel: we45OSSF ScorecardPlease visit our YouTube Channel to see Florin present in our July 2021 Gathering (monthly meet-up). Guest Speakers Florin Coada I've been working in the Application Security testing space for the last eight years. I was lucky enough to experience many customer environments and different testing technologies (SAST, DAST, IAS...
Extended Berkeley Packet Filter (eBPF) allows us to tap into the kernel to implement monitoring, observability, networking, and security. In this episode, we invited Chris Kranz and Liz Rice to discuss the usage and adoption of eBPF within Cloud Native solutions. References http://www.brendangregg.com/https://nathanleclaire.com/https://github.com/iovisor/bpftracehttps://ebpf.io/what-is-ebpfhttps://github.com/lizrice/ebpf-beginnerseBPF for Windows: https://www.youtube.com/watch?v=LrrV-e...
Learning or knowing what to study in the field of security is a tough subject in it's own right. Join us with Marcus and Josh where we understand what best practices they follow them. Please visit our YouTube Channel to see Marcus present in our May 2021 Gathering (monthly meet-up). Guest Speakers: Marcus Maxwell: Marcus Maxwell is a Principal Consultant at Contino. He has spent the last 5 years helping large enterprises with building out their Kubernetes clusters, migrating to cloud a...
Join us to explore and learn what is Security Chaos Engineering with two of the leading figures in this field Aaron Reinhart and Kennedy Torkura. If you missed the Gathering watch the meet-up here. References: Aaron Reinhart Chaos Engineering: System Resiliency in Practice Security Chaos Engineering References: Kennedy Torkura Security-Chaos-Engineering-for-Cloud-Services From Dependability to Resilience → Security Chaos Engineering for Cloud Services Risk-Driven Fault Injection: Security ...
DevOps meets Security. London DevOps meets DevSecOps - London Gathering. https://www.meetup.com/London-DevOps/ Speakers Bio: Matt Saunders is a technical operations leader, using Devops and continuous delivery to help teams deliver quality software quickly and efficiently. He is also co-organiser of the London DevOps meetup - a group with over 8,000 members which meets monthly. https://www.linkedin.com/in/msaunders/ Marc Cluet is a Senior Partner Solutions Engineer at Hashicorp and h...
We have the pleasure to have Steve Giguere and Michael Foster, the hosts from Clust3rF8ck, to share with us their experience cramming in all the relevant materials to take both the CKA (Kubernetes Administrator) and CKS (Kubernetes Security Specialist) exams https://www.twitch.tv/clust3rf8ck https://www.cncf.io/certification/cka/ https://www.cncf.io/certification/cks/ Speakers Bio: Steve Giguere is a dedicated DevSecOps community champion, securing cloud native applications. In addition to ...
In this episode we invited Anders from the Open Policy Agent project and Alex one of the masterminds behind a new opensource project called KICS. OpenSource Projects KICS - Keep your Infrastructure as Code Secure: https://kics.io/ Styra Academy: https://academy.styra.com/ Rego Playground: https://play.openpolicyagent.org/ Official Docs: https://www.openpolicyagent.org/docs/latest/ OPA Blog: https://blog.openpolicyagent.org/ Guest Details https://www.linkedin.com/in/anderseknert/ https://www....
Comments
Download from Google Play
Download from App Store
United States