DiscoverOff ScriptEpisode 40: Shifting security left
Episode 40: Shifting security left

Episode 40: Shifting security left

Update: 2024-03-27
Share

Description

Inspired by reading ‘Investments Unlimited’ and other books built around the principles of storytelling, James and Josh dive into DevSecOps and the bigger picture of shifting security left in this new episode of Off Script!



In this episode:




  • 00:00 Fictional Bugs - Investments Unlimited

  • 01:00 DevSecOps

  • 02:00 Moving security testing to the beginning

  • 03:00 Reducing the friction of releases

  • 04:00 Go through pain points early

  • 05:00 Strict linting, function length, no unused variables

  • 06:00 Early automated tests to prevent Git leaks

  • 08:00 Making it easy for the developer

  • 10:00 Bearer

  • 11:00 Concise reporting

  • 12:00 Dependabot

  • 13:00 Secret Management

  • 14:00 Making it easy to do the right thing

  • 16:00 Having pride in your security

  • 17:00 What if your language doesn’t have much security support?

  • 19:00 Dynamic & Static languages

  • 20:00 Language agnostic tools

  • 21:00 Key takeaways



References:





Find out more about Stac and Parallax:



Comments 
loading
In Channel
Episode 55: From proof of concept to production: AI engineering

Episode 55: From proof of concept to production: AI engineering

2025-11-2523:22

Episode 54: Why awards shouldn't cost a fortune

Episode 54: Why awards shouldn't cost a fortune

2025-09-2913:22

Episode 53: The power of pen and paper

Episode 53: The power of pen and paper

2025-08-1516:06

Episode 52: Unlocking team potential with user manuals

Episode 52: Unlocking team potential with user manuals

2025-08-0114:33

Episode 51: Is Test Driven Development actually better now we have AI?

Episode 51: Is Test Driven Development actually better now we have AI?

2025-07-1523:13

Episode 50: The new age of tech job interviews and how to conquer them

Episode 50: The new age of tech job interviews and how to conquer them

2025-06-2325:27

Episode 49: Navigating the AI discourse — Why can't we talk properly about AI?

Episode 49: Navigating the AI discourse — Why can't we talk properly about AI?

2025-06-1629:29

Episode 48: AI interoperability and MCP

Episode 48: AI interoperability and MCP

2025-06-0226:49

Episode 47: Behind the scenes of running a tech conference

Episode 47: Behind the scenes of running a tech conference

2025-04-0121:17

Episode 46: How to plan and run a discovery workshop

Episode 46: How to plan and run a discovery workshop

2025-03-2428:04

Episode 45: 2024 developer round-up

Episode 45: 2024 developer round-up

2025-01-0942:02

Episode 44: Future of software engineering leadership - Part 2

Episode 44: Future of software engineering leadership - Part 2

2024-12-1122:59

Episode 43: Future of software engineering leadership - Part 1

Episode 43: Future of software engineering leadership - Part 1

2024-12-0327:56

Episode 42: Imperfect innovation

Episode 42: Imperfect innovation

2024-08-2848:08

Episode 41: WWDC 2024 round-up

Episode 41: WWDC 2024 round-up

2024-07-2632:20

Episode 40: Shifting security left

Episode 40: Shifting security left

2024-03-2724:50

Episode 39: The beauty of side projects

Episode 39: The beauty of side projects

2024-02-2822:08

Episode 38: AI risks

Episode 38: AI risks

2024-02-0928:34

Episode 37: 2023 developer round-up

Episode 37: 2023 developer round-up

2023-12-2258:31

Episode 36: Tech leadership misconceptions

Episode 36: Tech leadership misconceptions

2023-12-1130:13

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
1.0x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

Episode 40: Shifting security left

Episode 40: Shifting security left

Hey! Presents