Relating to DevSecOps

Send us Fan MailKen and Simon talk engineering and security ramifications of microservices, why organizations choose to split up their treasured applications and cut them into bite size pieces for ease of use and maintenance. As with most technological advances - the best outcomes come from good implementation so SImon and Ken talk about some real world experiences, some things to think about, and some overarching microservices topics. This will probably be a two-parter so stay tuned for even more on this huge (but complex and isolated) topic.

Send us Fan MailAn exciting episode indeed! Jon Schwartz the CTO of Jetty joins us in a discussion about security through his career, leadership guidance, and how to align with all roles in your organization. Hear some real world examples of security, engineering, and devops working together towards a common goal and listen in to learn how to use a new perspective to bring security to the table. We really enjoyed this conversation! A big thanks to Jonathan for coming onIf you'd like to learn more about Jetty you can find them at https://www.jetty.com and if you're interested in joining their team, have a look at https://www.jetty.com/careers/ 

Send us Fan MailKeeping with the SecOps theme the crew discusses Application Inventory, arguably the most important part of any successful application security program. Challenges are always there in keeping an accurate and robust inventory, and with a focus on assets Jamieson, Ken, and Simon discuss what they want out of an inventory and how you might look at it from the outside in when dealing with a world of ever changing application environments that can differ from hour to hour.

Send us Fan MailSimon, Ken, and Jamieson ponder what Security Operations brings to the table and discuss some of the misconceptions around responsibilities of security operations folks in the wild. A high-level episode exploring what SecOps means, and how it fits into the overall security dynamic of DevSecOps. We touch on the direction of the industry in SOAR and hit on the immaturity of SecOps in organizations as compared to other operations teams. We do hope you enjoy

Send us Fan MailWith Jamieson out of commission, Simon and Ken chat and relfect on 2020. In this episode we cover some of our favorites and look towards the future with what's to come for DevSecOps in 2021. While Jamieson's there in spirit we take the opportunity to get one last Perl joke in. In 2021 we will be bringing video tutorial content, more guests, and deeper dives into topics with a git repo to follow along. We hope you'll join us for the ride and thanks for a great start!References in this Podcast:Security DevOps book: https://www.manning.com/books/securing-devopsDevSecOps Certs: https://www.practical-devsecops.com/certified-devsecops-professional/Tensorflow: https://www.tensorflow.org/

Send us Fan MailIn our final episode of 2020 we dive into chaos engineering tools with a focus on security and unpack the differences between penetration testing, security testing, and chaos engineering.  After all, what was 2020 if not a chaos engineering experiment. We each took some time to review this awesome list of chaos engineering resources: https://github.com/dastergon/awesome-chaos-engineering and had a chat about what pulled us in to our respective choices. It's interesting what chaos engineering means depending on who you talk to and I think this sets us up well.Thank you all for listening to Season 1 - See you in 2021!

Send us Fan MailIn this episode we talk about Chaos Engineering, what it is, what it isn't, our thoughts on what chaos really means and how we approach it in our day to day. In this episode we talk about our introductions to chaos engineering and how some of our career activities have related to it in the past. Have you ever done a tabletop exercise, but were dissatisfied with the technical level of it. This episode is for you!References: Jamieson's current read: https://learning.oreilly.com/library/view/chaos-engineering/9781492043850/Ken's current read: https://www.amazon.com/Girl-Decoded-Scientists-Intelligence-Technology-ebook/dp/B07VF1SKPV 

Send us Fan MailWe wrap up this series with a talk through the terraform cdk and our initial reactions of the project and product. We all learned a ton through this journey trying to figure out where and when to use these tools. I think we've all come out of this with a newfound respect to the future of infrastructure as code and hope you've enjoyed listening to us. It's been fun to discover this on the mic!

Send us Fan MailIn our quest to discuss and debate the usefulness of the Terraform CDK we take a pit stop at the Amazon CDK and Cloudformation. All of us have had varying experiences with the trials and tribulations of infrastructure as code, JSON, and YAML. We tease out why and when the CDK or Cloudformation route might be a better or complimentary choice to other platforms. We touch on some security concerns along the way and prep ourselves for the Terraform CDK use case from all 3 perspectives. We've had a pretty good time researching each other's points of view here, and hopefully you enjoy the listen! Thanks for all the support!

Send us Fan MailWe've listened to your feedback and started diving into infrastructure as code starting with terraform, our experiences learning it for fun and for clients. The trials and tribulations of automation in Jamieson's lengthy DevOps career, and where to go to get started with terraform. We cover some of our personal frustrations living with terraform and the real world and discuss how learning something as fast paced as this can be challenging and different depending on whether your a consultant or corporate deploying things engineer. We're also moving to every two weeks and focusing on some more technical topics so we can give you some deeper dives into the material. Let us know what you think!