Relating to DevSecOps Ken Toler and Mike McCabe

Ken and Mike discuss supply chain security, including software composition analysis (SCA) and software bill of materials (SBOM). They highlight the importance of understanding the components that make up your software and the risks associated with using third-party libraries. They also discuss recent supply chain failures, such as the XZ library hack and the SolarWinds attack. The hosts emphasize the need for organizations to stay up to date with software patches and to consider the security ...

In this episode Mike and Ken dive into the wild world of SaaS products in DevSecOps. From vendors to security tooling hygiene they cover an often overlooked ecosystem of cloud and software services that may be rotting in the sky of your workloads. Join up for a listen on SaaS Security!

With pep and full youtube energy Ken and Mike discuss the findings of the IBM "Cost of a Data Breach" report and its implications for DevSecOps. They highlight the importance of integrating security into every phase of the software development life cycle and the positive impact it can have on reducing the cost of a data breach.

Ken and Mike discuss their new year's resolutions related to application security. They also reflect on the impact of AI and its adoption in the industry. The hosts share their experiences attending conferences and highlight interesting talks on topics such as zero-day vulnerabilities and fuzzing LLM models. They discuss the OWASP LLM Top 10 and the evolving perception of AI in the industry. The conversation concludes with a discussion on the definition of DevSecOps and how it has evolved ove...

We are joined by incredible guests Mikhail Chechik and Marcus Hallberg as they help us define DevSecOps and emphasize the importance of a security mindset throughout the development process. These two incredible folks explore common misconceptions about shifting left and discuss the challenges of triaging and validating vulnerabilities early in the development lifecycle. We enter in the wild world of this wonderful shifting buzzword and how it applies to incident response, design, people, and...

On this episode of R2DSO Mike and Ken dive into their takeaways and experiences from LASCON 2023 in Austin, TX where AI was both a problem child and praised bringer of salvation in security. Vendors and companies alike are embracing AI with wide eyes and there was no shortage of talks, presentations, and hallway conversations about the topic. Beyond that security is fast accepting that they can't be the department of "No" a consistent theme here on the podcast. The team had a fantastic time a...