Relating to DevSecOps

EXPLORE

Society & Culture

Health & Fitness

© 2024 PodJoint

https://is1-ssl.mzstatic.com/image/thumb/Podcasts221/v4/62/9d/1b/629d1b27-325a-ffc1-5c50-08a1d4e8e0d8/mza_12628750743142322659.jpg/600x600bb.jpg

Relating to DevSecOps

Ken Toler and Mike McCabe

82 episodes

1 week ago

Send us a text In this candid and cathartic episode, Ken and Mike unpack the chaos that is Q4 for security professionals. From budget burnouts to end-of-year pentesting sprints, they explore why the final months of the year feel like a perfect storm for stress. Tune in as they share hard-earned lessons, practical advice for maintaining your sanity, and some gentle reminders that not everything needs to ship before Christmas. Whether you’re a tired vendor, an overwhelmed engineer, or just tryi...

Show more...

All content for Relating to DevSecOps is the property of Ken Toler and Mike McCabe and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Send us a text In this candid and cathartic episode, Ken and Mike unpack the chaos that is Q4 for security professionals. From budget burnouts to end-of-year pentesting sprints, they explore why the final months of the year feel like a perfect storm for stress. Tune in as they share hard-earned lessons, practical advice for maintaining your sanity, and some gentle reminders that not everything needs to ship before Christmas. Whether you’re a tired vendor, an overwhelmed engineer, or just tryi...

Show more...

Episodes (20/82)

Relating to DevSecOps

Episode #081: Burnout by Budget Season: Surviving Q4 in Security

Send us a text In this candid and cathartic episode, Ken and Mike unpack the chaos that is Q4 for security professionals. From budget burnouts to end-of-year pentesting sprints, they explore why the final months of the year feel like a perfect storm for stress. Tune in as they share hard-earned lessons, practical advice for maintaining your sanity, and some gentle reminders that not everything needs to ship before Christmas. Whether you’re a tired vendor, an overwhelmed engineer, or just tryi...

1 week ago

21 minutes

Relating to DevSecOps

Episode #080: Patch Me If You Can: Compliance, SLAs, and Other Fairytales

Send us a text In this no-punches-pulled return from hiatus, Ken and Mike dig deep into the messy middle of vulnerability management, SLA fatigue, and the illusion of compliance. Are we building secure systems or just passing audits? From legacy cruft to exploitable CVEs, this episode unpacks the real-world pressures of SOC 2, the auditor dance, and whether fixing every “critical” is even feasible. Perfect for practitioners trying to balance the checkbox culture with actual risk reduction, t...

2 months ago

34 minutes

Relating to DevSecOps

Episode #079: CISOver It: When Dashboards Replace Direction

Send us a text In this episode of Relating to DevSecOps, Ken and Mike discuss the challenges faced by CISOs in today's security landscape, particularly the struggle to balance immediate security needs with long-term preventative strategies. They explore the disconnect between security leadership and practitioners, the urgency of addressing security issues, and the importance of understanding the root causes of vulnerabilities. The conversation emphasizes the need for CISOs to engage more deep...

5 months ago

37 minutes

Relating to DevSecOps

Episode #078: 🔥 Burn Your 30-page Policies: Tanya’s Got Better Ideas

Send us a text In this must-listen episode of Relating to DevSecOps, Ken welcomes the ever-inspiring Tanya Janca, aka SheHacksPurple—author, AppSec expert, and champion of making security usable. Together, they dig into why so many application security policies fail, why developers ignore them, and how to make them actually work. Tanya shares real-world experiences from both dev and security perspectives, plus her journey from being ignored to lobbying governments for change. From communicat...

6 months ago

46 minutes

Relating to DevSecOps

Episode #077: Is Google Eating the Cloud? 🔥 Wiz.io Acquisition Hot Takes

Send us a text In this episode of Relating to DevSecOps, Ken Toler and Mike McCabe dive deep into Google's blockbuster acquisition of Wiz.io for a reported $32 billion. They explore the implications for cloud security, the consolidation of the DevSecOps tooling landscape, and how this move compares to Google’s previous acquisitions like Mandiant and Chronicle. The duo debates the future of multi-cloud strategies, platform fatigue, and whether Wiz will remain the darling of the security commun...

7 months ago

31 minutes

Relating to DevSecOps

Episode #076: ShmooBalls & Open Source Brawls: DevSecOps, Risk, and the Final ShmooCon

Send us a text Welcome to 2025! Ken and Mike kick off the new year with their security resolutions (or lack thereof) before diving into the bittersweet farewell to ShmooCon, one of the most beloved hacker conferences. Ken shares his experiences from the final event, including insights on hardware hacking, radio security, and the unique hacker culture that made ShmooCon special. They also unpack one of the most practical talks from the conference: a deep dive into open source security tools ve...

9 months ago

33 minutes

Relating to DevSecOps

Episode #075: Ghosts of DevSecOps: Past, Present, and Future

Send us a text In this special holiday-themed episode of Relating to DevSecOps, hosts Ken and Mike channel their inner Dickens with a retrospective journey through the "Ghosts of DevSecOps Past, Present, and Future." From lessons learned about security awareness and collaboration challenges of the past, to the growing pains and contradictions of today’s implementation of security basics, they explore it all. Wrapping up with a hopeful look at future innovations like policy-as-code and preempt...

10 months ago

36 minutes

Relating to DevSecOps

Episode #074: Battling Budgets in Security

Send us a text In this episode of Relating to DevSecOps, hosts Ken and Mike tackle the complex challenges of managing security budgets in organizations of all sizes. From small, scrappy teams to sprawling enterprises, they explore how security leaders can navigate tight financial constraints while maintaining strong security postures. They share insights on integrating security into IT operations, leveraging open-source tools, and rethinking traditional budget allocations. Whether you’re a CI...

11 months ago

36 minutes

Relating to DevSecOps

Episode #073: Staffing Security in DevSecOps

Send us a text In this episode, Ken and Mike discuss the pressing issue of staffing security in the DevSecOps field. They explore the challenges of finding qualified application security professionals, the importance of diverse backgrounds in security roles, and the paradox of understaffed security teams despite a high demand for cybersecurity jobs. The conversation also delves into strategies for mitigating staffing issues, such as empowering security champions within organizations, l...

1 year ago

37 minutes

Relating to DevSecOps

Episode #072: Measuring the Immeasurable: The Power and Pitfalls of Metrics in DevSecOps

Send us a text Ken and Mike dive deep into the world of metrics and measurement in the context of security and DevSecOps. They explore the critical role metrics play in driving security improvements, from tracking vulnerabilities to gauging the effectiveness of incident response. The hosts discuss what makes a good metric, the importance of aligning metrics with business goals, and the dangers of relying too heavily on numbers alone. They also tackle the challenges of quantifying "squishy" as...

1 year ago

33 minutes

Relating to DevSecOps

Episode #071: Retro Vibes with Retrospectives

Send us a text Ken and Mike discuss the importance of postmortems in incident response and security incidents. They explore the definition of postmortems, the value of reflection, the challenges of blame, and the significance of actionable outcomes. They also touch on the transparency of postmortems and the need for root cause analysis. The conversation concludes with a brief announcement about an upcoming conference series.

1 year ago

25 minutes

Relating to DevSecOps

Episode: #070: Putting da BOM in SBOM and SCA

Send us a text Ken and Mike discuss supply chain security, including software composition analysis (SCA) and software bill of materials (SBOM). They highlight the importance of understanding the components that make up your software and the risks associated with using third-party libraries. They also discuss recent supply chain failures, such as the XZ library hack and the SolarWinds attack. The hosts emphasize the need for organizations to stay up to date with software patches and to conside...

1 year ago

39 minutes

Relating to DevSecOps

Episode #069: Your SaaS is Grass

Send us a text In this episode Mike and Ken dive into the wild world of SaaS products in DevSecOps. From vendors to security tooling hygiene they cover an often overlooked ecosystem of cloud and software services that may be rotting in the sky of your workloads. Join up for a listen on SaaS Security!

1 year ago

32 minutes

Relating to DevSecOps

Episode #068: Data Breaches and DevSecOps

Send us a text With pep and full youtube energy Ken and Mike discuss the findings of the IBM "Cost of a Data Breach" report and its implications for DevSecOps. They highlight the importance of integrating security into every phase of the software development life cycle and the positive impact it can have on reducing the cost of a data breach.

1 year ago

34 minutes

Relating to DevSecOps

Episode #067: Welcome to 2024! AppSec Resolutions and A Smhoocon Recap

Send us a text Ken and Mike discuss their new year's resolutions related to application security. They also reflect on the impact of AI and its adoption in the industry. The hosts share their experiences attending conferences and highlight interesting talks on topics such as zero-day vulnerabilities and fuzzing LLM models. They discuss the OWASP LLM Top 10 and the evolving perception of AI in the industry. The conversation concludes with a discussion on the definition of DevSecOps and how it ...

1 year ago

35 minutes

Relating to DevSecOps

Episode #066: Exploration of the Shifting Definition of Shifting Left

Send us a text We are joined by incredible guests Mikhail Chechik and Marcus Hallberg as they help us define DevSecOps and emphasize the importance of a security mindset throughout the development process. These two incredible folks explore common misconceptions about shifting left and discuss the challenges of triaging and validating vulnerabilities early in the development lifecycle. We enter in the wild world of this wonderful shifting buzzword and how it applies to incident response, desi...

1 year ago

42 minutes

Relating to DevSecOps

Episode #065: LASCON 2023 Recap - AI, a Misunderstood Menace or Magic Bullet

Send us a text On this episode of R2DSO Mike and Ken dive into their takeaways and experiences from LASCON 2023 in Austin, TX where AI was both a problem child and praised bringer of salvation in security. Vendors and companies alike are embracing AI with wide eyes and there was no shortage of talks, presentations, and hallway conversations about the topic. Beyond that security is fast accepting that they can't be the department of "No" a consistent theme here on the podcast. The team had a f...

1 year ago

33 minutes

Relating to DevSecOps

Episode #064: Don't Instigate, Mitigate!

Send us a text In this episode Ken and Mike dive directly into the meat with solutioning and mitigation. All too often security professionals finding themselves falling into the trap of focusing on vulnerability counts, evangelizing findings, and playing the age old game of red, yellow, green. We jump straight into the why of this focus in the industry and offer some ideas on how to get out of it successfully. If you're interested in a conversation about solving problems rather than just iden...

2 years ago

31 minutes

Relating to DevSecOps

Episode #063: Unscrambling CloudSecSoup with CSPM, Vuln Management, SIEMs, and Log Aggregators

Send us a text In today's episode, we untangle the web of alphabet-soup technologies: CSPM, VM, SIEM, and Log Aggregators. We go beyond the buzzwords to give you a no-nonsense look at how these tools fit together, complement each other, or might even replace one another in specific use-cases. Selecting the right tool can be overwhelming, and we're here to guide you through the when, where, and how of leveraging these technologies effectively. Whether you're encountering overlapping features o...

2 years ago

37 minutes

Relating to DevSecOps

Episode #062: Cyber Sentinels: Ken and Mike in the DevSecOps Labyrinth

Send us a text Dive headfirst into AppSec and Terraform security with Ken and Mike in this electrifying podcast episode. They demystify complex security concepts, offer golden nuggets on Cybersecurity programs as a DevSecOps concept, and provide a rare glimpse into the high-octane training sessions they're delivering at BlackHat, Defcon, and Lascon. This episode is a view into building resilient security programs, tackling compliance challenges, and comparing bug bounty programs a...

2 years ago

40 minutes