Claim OwnershipDSO Overflow
Subscribed: 4Played: 32
Subscribe
© 2024 DSO Overflow
Description
In this podcast, we speak with professionals working in cyber security, software engineering and operations to talks about a number of DevSecOps topics. We discuss how organisations factor security into their product delivery cycles without compromising the value of doing DevOps and Agile.
39 Episodes
Reverse
In this episode, Steve, Jess and Glenn met with Michael Man, the founder of the DevSecOps London Gathering and this podcast, to chat about how it all started and the principles and philosophy of the Gathering. We reminisce about some key moments as well as discussing Michael's decision to step down from running the events and the podcast.We hope you enjoy listening to this episode as much as we enjoyed recording it.DSO Overflow is a DevSecOps London Gathering production. Find the audio versio...
DSO Overflow S3EP1CVE, CVSS and the Land of Broken DreamswithFrancesco CipolloneIn this episode, Steve and Glenn are joined by Francesco 'Frank' Cipollone CEO and Founder of AppSec Phoenix. Frank talks about CVEs, CVSS scoring and how they create too much noise to be effective in helping organisations improve their security posture. We hear Frank speak about contextualisation and risk as a means to improve security within your organisation.Resource mentioned in this podcast:AppSec Phoenix web...
DSO/Overflow S2EP4Cloud Security at LargewithAshish Rajan and Shilpi Bhattacharjee from the Cloud Security Podcasthttps://cloudsecuritypodcast.tv/https://twitter.com/cloudsecpod?lang=enhttps://www.youtube.com/c/CloudSecurityPodcast?sub_confirmation=1Watch on YouTube: https://youtu.be/HV6iJReLoXEIn the episode, Jessica Cregg sits with Ashish and Shilpi and breaks the 4th wall about their mega successful Cloud Security Podcast, what advocacy means, and the state of Cloud Security at large. ...
In this episode, Or Weis talks to us about Full Stack Permission as a Service, why simplifying access control is crucial to creating secure infrastructure and how the use of access control could facilitate a zero-trust architecture.BIOOr is the CEO and co-founder of Permit.io, and co-maintainer and author of open source OPAL.ac. Or is a serial entrepreneur who is passionate about developer tools, previously founding Rookout.com, a leading production debugging solution; and managing Upwards Is...
In this episode, Nathan and Chris talk about VPP, Calico, CNI and Service Mesh architecture. We will learn how VPP can enhance security and performance of your K8s clusters and the benefits of using Calico.BiosChris Tomkins - Chris is lead developer advocate at Tigera, where he champions user needs to support Project Calico’s users and contributor community. He has worked in networking since 2000. After realising that a per-device CLI is not a scalable solution for a large environment, he too...
Episode SummaryIn this episode, Nigel gives his views on the current state of DevOps adoption, the role of security in DevOps, and gives us some clues from the State of DevOps Report 2021 that will help organisations accelerate their DevOps journey.Nigel's BioNigel is a Field CTO at Puppet where he is responsible for bringing product knowledge and a senior technical operations perspective to Puppet field teams and customers, working on services strategy and representing the customer back into...
From containers to Kubernetes to cloud, it can be hard enough to keep up with the technologies let alone how to secure them. Rory McCune was there at the inception. Starting as a pen tester looking into containers he has become one of the world's foremost Kubernetes security authorities. In this episode Glenn and Steve talk to him about the early days of containers, the orchestration wars, the first ever Kubernetes CVE and how security chases a technology maturing at breakne...
In this episode, Steve and Glenn are joined by Stefania Chaplin to talk about breaking down silos.BioStefania Chaplin’s experience within Cybersecurity, DevSecOps and OSS governance means she's helped countless organisations understand and implement security throughout their SDLC. As a python developer at heart, Stefania is always optimising and improving efficiency wherever she goes by scripting & automating processes and creating integrations. Stefania is passionate about DevSecOps and ...
In this episode, Steve and Glenn speak with Ed Tucker and Gary Robinson about the differences between DevSecOps personas.DevSecOps Personas – what Developers, Security, and Operations think when it comes to people/tech/processes/culture when it comes to rolling out DevSecOps programs. Each of these teams have different drivers, ambitions, blockers, and challenges when it comes to a successful DevSecOps program. As Dale Carnegie said, ‘The only way to get anyone to do anything, is ...
Title: Threat Modeling - A Manifesto And Some CodeThreat Modeling: Why we think it matters for you, and how you can implement it in your organization.Modeling: How to model your system in an expressive way.Eliciting threats: What are some of the major approaches in use and how can it be done closer to the developer and at Agile speed.Evolution: Automated threat analysis using an open source tool (pytm). We will talk through the making of pytm and then do a demo.Guest SpeakersMatthew Coles (he...
Application security testing ... top tips to achieve more SASTisfaction from your tooling.ReferencesYoutube Channel: AppSecEngineerYoutube Channel: we45OSSF ScorecardPlease visit our YouTube Channel to see Florin present in our July 2021 Gathering (monthly meet-up).Guest SpeakersFlorin CoadaI've been working in the Application Security testing space for the last eight years. I was lucky enough to experience many customer environments and different testing technologies (SAST, DAST, IAST, SCA)....
Extended Berkeley Packet Filter (eBPF) allows us to tap into the kernel to implement monitoring, observability, networking, and security. In this episode, we invited Chris Kranz and Liz Rice to discuss the usage and adoption of eBPF within Cloud Native solutions.Referenceshttp://www.brendangregg.com/https://nathanleclaire.com/https://github.com/iovisor/bpftracehttps://ebpf.io/what-is-ebpfhttps://github.com/lizrice/ebpf-beginnerseBPF for Windows: https://www.youtube.com/watch?v=LrrV-eo6f...
Learning or knowing what to study in the field of security is a tough subject in it's own right. Join us with Marcus and Josh where we understand what best practices they follow them.Please visit our YouTube Channel to see Marcus present in our May 2021 Gathering (monthly meet-up).Guest Speakers:Marcus Maxwell:Marcus Maxwell is a Principal Consultant at Contino. He has spent the last 5 years helping large enterprises with building out their Kubernetes clusters, migrating to cloud and mo...
Join us to explore and learn what is Security Chaos Engineering with two of the leading figures in this field Aaron Reinhart and Kennedy Torkura.If you missed the Gathering watch the meet-up here.References: Aaron ReinhartChaos Engineering: System Resiliency in PracticeSecurity Chaos EngineeringReferences: Kennedy TorkuraSecurity-Chaos-Engineering-for-Cloud-ServicesFrom Dependability to Resilience → Security Chaos Engineering for Cloud ServicesRisk-Driven Fault Injection: Security Chaos Engin...
DevOps meets Security.London DevOps meets DevSecOps - London Gathering. https://www.meetup.com/London-DevOps/Speakers Bio:Matt Saunders is a technical operations leader, using Devops and continuous delivery to help teams deliver quality software quickly and efficiently. He is also co-organiser of the London DevOps meetup - a group with over 8,000 members which meets monthly.https://www.linkedin.com/in/msaunders/Marc Cluet is a Senior Partner Solutions Engineer at Hashicorp and has over 2...
We have the pleasure to have Steve Giguere and Michael Foster, the hosts from Clust3rF8ck, to share with us their experience cramming in all the relevant materials to take both the CKA (Kubernetes Administrator) and CKS (Kubernetes Security Specialist) examshttps://www.twitch.tv/clust3rf8ckhttps://www.cncf.io/certification/cka/https://www.cncf.io/certification/cks/Speakers Bio:Steve Giguere is a dedicated DevSecOps community champion, securing cloud native applications. In addition to Clust3r...
In this episode we invited Anders from the Open Policy Agent project and Alex one of the masterminds behind a new opensource project called KICS.OpenSource ProjectsKICS - Keep your Infrastructure as Code Secure: https://kics.io/Styra Academy: https://academy.styra.com/Rego Playground: https://play.openpolicyagent.org/Official Docs: https://www.openpolicyagent.org/docs/latest/OPA Blog: https://blog.openpolicyagent.org/Guest Detailshttps://www.linkedin.com/in/anderseknert/https://www.linkedin.c...
In this episode I have the pleasure of talking to James and Corcoran - two very talented individuals when it comes to Infrastructure as Code as well as all things DevOps; in addition we have Barak the CTO of Bridgecrew the company behind the opensource project - CheckovCheckov details:https://www.checkov.io/1.Introduction/Getting%20Started.html### DevSecOps - London Gathering ###https://dso-lg.comhttps://dso-overflow.comAlso follow us on Twitter: @DevSecOps_LG
In this episode I have the pleasure of talking to Clint from R2C - a software security startup from the US. They are championing an open source project called semgrep. I will be exploring what this is and how it is modernising SAST. Semgrep details:https://semgrep.dev/### DevSecOps - London Gathering ###https://dso-lg.comhttps://dso-overflow.comAlso follow us on Twitter: @DevSecOps_LG
In this episode I have invited Stuart and James who are the project leads behind the Secure Delivery Playbook. This is a distilled version of their various client engagements when incorporating security into their development.Secure Delivery Playbook details:https://secure-delivery.playbook.ee/### DevSecOps - London Gathering ###https://dso-lg.comhttps://dso-overflow.comAlso follow us on Twitter: @DevSecOps_LG
Comments
Download from Google Play
Download from App Store
United States