CoSeCast - The Continuous Security Podcast

Steve Giguere
  • 0.0 (0)
  • TECHNOLOGY

In this show we will smooth the divide between security enthusiasts and DevOps warriors, bringing harmony to our secure development efforts. Whether we're talking about a Kubernetes and cloud native application, or a big ol' Java beast, we'll seek to educate, inform, entertain and of course secure, all walks of technological life.

Episodes

  1. 01/05/2022

    EP8 - Lewis Denham-Parry and Andy Martin: KubeCon CTF

    In this episode Steve speaks with the Control Plane Kubernetes security training gurus, Lewis Denham-Parry and Andy Martin about their brain-child, the KubeCon Capture the Flag! We get into how it began, the community the enables it and the inspiration for some of the concepts within its structure and scenes. Recorded back in June 2021 and long overdue thanks to some editing nightmares, this is one to listen to before we  meet up for KubeCon 2022 #optimistic   Lewis Denham-ParryHead of Training at Control Plane / Co-Founder at Cloud Native Wales https://control-plane.io/ https://www.linkedin.com/in/denhamparry/ https://twitter.com/denhamparry Andrew MartinHacker // CEO | Kubernetes & cloud security ▲ consulting, audit/test, training — author O'Reilly/SANS Passionate and motivated security engineer and CEO: educator, public speaker, community builder, author, hacker. Leads by example, extensive hands-on expertise in technical domains across security and operations for government, financial services, and private sector. Enjoys difficult problems. https://www.linkedin.com/in/andr3wmartin/ https://twitter.com/sublimino https://control-plane.io/

    29 min

  2. 06/09/2021

    EP7 - Brian Haugli and Security Culture Change #CISOLIFE

    Guest: Brian Haugli - Managing Partner, SideChannel | CEO, RealCISO.io | Host of #CISOlife Viewed as a "full stack CISO", Brian is an executive security leader and mentor focused on building high performance security teams, deploying effective operating models, and delivering risk management capabilities for global, domestic, and local enterprises. He has held senior advisory & practitioner roles within DoD, the Intelligence Community and Fortune 1000 companies. Brian is a NIST expert, specifically with the Cyber Security Framework (CSF) and 800-53, and for industrial control systems & operational technologies. In the episode Steve speaks to Brian about implementing security strategy specifically around the struggles with culture change, mis-alignment of risk appetite at the highest level and the behavioural effects this can have throughout an organisation. More about Brian: LinkedIn: https://www.linkedin.com/in/brianhaugli Virtual CISO:  https://sidechannel.com/ Security Assessment: https://www.realciso.io/ YouTube: https://www.youtube.com/channel/UCtDlpJo3O8Z08mF_KoIkxWQ Twitter: https://twitter.com/BrianHaugli Your host: Steve Giguere Steve is a Developer Advocate for Bridgecrew by Palo Alto Networks. He is a serial podcaster having hosted his solo editorial podcast called Codifyre, as well as podcasts for Synopsys and Aqua Security called Hacking Security and BeerSecOps. He's a fun and entertain public speaker on application, cloud native and kubernetes security and when he's not doing that he loves music.  He's composed and played the theme music for this and each of his other podcasts. Learn more... https://stevegiguere.com/ https://bridgecrew.io/ https://twitter.com/_SteveGiguere_

    51 min

  3. 04/29/2021

    EP6 - Jim Bugwadia - Kubernetes Policies Through Kyverno

    Jim is the Founder and CEO at Nirmata who are in turn the founders of Kyverno Kyverno is a policy engine designed for Kubernetes. With Kyverno, policies are managed as Kubernetes resources and no new language is required to write policies. This allows using familiar tools such as kubectl, git, and kustomize to manage policies. Kyverno policies can validate, mutate, and generate Kubernetes resources.  Software is changing the world, and Jim's mission at Nirmata is to help the world deliver better software by fully by democratizing cloud native best practices. Nirmata is a Kubernetes management plane built for enterprises. Nirmata works across clouds, data centers, edge, and connected devices. Jim’s Profile linkedin.com/in/jimbugwadia Websites nirmata.com  (Company Website)kyverno.ioinfoworld.com/blog/the-noops-enterprise/  (Blog)Phone 408-410-3701 (Mobile)Email jim@nirmata.com Twitter JimBugwadia

    39 min

  4. 03/10/2021

    EP5 - Alvin Chang - DevOps is Dead?

    Alvin Chang is a futurist and technology enthusiast.  This episode was prompted by a conversation I had with him on LinkedIn where he spontaneously told me DevOps was dead and briefly seemed to be suggesting he should tell Gene Kim. I requested he explain via podcast and here we are!  It goes in some very interesting directions. References: https://en.wikipedia.org/wiki/GPT-3 https://en.wikipedia.org/wiki/Impact_factor Blogchain: https://steemit.com/ People: https://en.wikipedia.org/wiki/Tim_Berners-Lee https://www.ucl.ac.uk/bartlett/public-purpose/people/mariana-mazzucato https://en.wikipedia.org/wiki/Charlie_Munger Alvin’s Profile https://www.linkedin.com/in/alvinchang/ Website medium.com/@d7414bb4154815d100ab8aa6610fb1  (Blog) Email alvin.chang@gmail.com Twitter alvin_chang

    33 min

  5. 02/24/2021

    EP4 - Jessica Cherry - Embrace the Chaos (Engineering)

    In this show I get to talk with Jessica about the breaking down of tribal knowledge through chaos engineering,  her favourite tools, culture change and I discover that kubernetes and cloud native infused gardening might soon be a "thing".   About Jessica Cherry SRE II Evangelist of silo prevention in the IT space, the importance of information sharing with all teams. Believer in educating all and open source development. Lover of all things tech. Follow Jessica Cherry on Twitter @alynderthered1 Important links ---- https://www.oreilly.com/library/view/seeking-sre/9781491978856/ https://github.com/dastergon/awesome-chaos-engineering https://opensource.com/users/cherrybomb https://www.amazon.co.uk/Phoenix-Project-DevOps-Helping-Business-ebook/dp/B00AZRBLHO Slide deck: https://docs.google.com/presentation/d/15JmmOx9KneE79md2WMRn3uS5spRft3iNzw3xcvvirwc/edit?usp=sharing Tools! Chaoskube: https://github.com/linki/chaoskube litmus: https://litmuschaos.io/ kubeinvaders: https://github.com/lucky-sideburn/KubeInvaders chaosmesh: https://chaos-mesh.org/

    28 min

  6. 02/08/2021

    EP3 - Kenichi Shibata - Continuous Learning through DevOps

    Kenichi is a Cloud Expert with more than 3 years of Kubernetes in production and more than 8 years of Cloud Engineering Experience, With Exposure to Cloud Security and Big Data.  He worked across multiple sectors on a global scale including Retail with Uniqlo and Fast Retailing, Conde Nast (Vogue, GQ, Wired, Reddit).  Also worked and designed solutions for highly regulated environments like Finance with Simplex JP, Beacon Platform, ComparetheMarket. In this show we are taken through Kenichi's regulatory,  geographical and security driven learning experiences across data centres and cloud.  Listen in to become a part of his personal DevOps to DevSecOps journey. Kenichi is a contributor to  https://FAUN.dev Learn more about Kenichi: https://kenichi.shibata.co.uk/ https://www.linkedin.com/in/kenichishibata31/

    38 min

  7. 01/06/2021

    EP2 - Glenn Wilson - What is DevSecOps... The Book?

    In this episode I speak to Glenn Wilson the author of the recently released (Jan 2021) book entitled... DevSecOps - A leader’s guide to producing secure software without compromising flow, feedback and continuous improvement He discusses not just the book but his influences, the struggles of writing a technical (but not too technical) book as well as the general state of DevSecOps in 2021. Buy his book here  https://www.amazon.co.uk/dp/1781335028/ref=cm_sw_r_tw_dp_ZFG9FbG62WW08 About Glenn Wilson: Glenn is a DevOps and Agile security consultant and founder of Dynaminet. He is also the best-selling author of the book “DevSecOps: A leader’s guide to producing secure software without compromising flow, feedback and continuous improvement”. He is an experienced development and security professional who has worked for over 20 years in the IT industry across multiple sectors. He is strategy focused and enables organisations to apply secure processes and principles that augment business capabilities and enrich an organisation’s relationship with its customers.. Links to Glenn: LinkedIn:       www.linkedin.com/in/glennwilson Twitter:          twitter.com/glenndynaminet (@GlennDynaminet) Webpage:     https://dynaminet.com/about/glenn-wilson/

    47 min

  8. 12/16/2020

    EP1 - Tanya Janca - Alice and Bob Learn Application Security

    In this show Steve speaks with application security specialist and educator Tanya Janca to talk about her new book "Alice and Bob Learn Application Security", as well as the struggles to educate developers about secure development, creating a positive and inclusive community and a slice of just about everything else. The Book! https://www.amazon.com/Alice-Bob-Learn-Application-Security/dp/1119687357 https://www.wiley.com/en-us/Alice+and+Bob+Learn+Application+Security-p-9781119687351 Who are Allison and Bob https://en.wikipedia.org/wiki/Alice_and_Bob Tanya gets a book! https://www.youtube.com/watch?v=6OaYA5nuI4A&ab_channel=SheHacksPurple Meet Tanya Janca Tanya Janca, also known as WehackPurple, is the author of ‘Alice and Bob Learn Application Security’.   She is also the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won numerous awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion, and kindness, which shines through in her countless initiatives. Founder: We Hack Purple (Academy, Community, and Podcast), WoSEC International (Women of Security), OWASP DevSlop, OWASP Victoria, #CyberMentoringMonday Follow Tanya on Twitter: https://twitter.com/shehackspurple Follow Tanya on LinkedIn: https://www.linkedin.com/in/tanya-janca Follow Tanya on Medium: https://medium.com/@shehackspurple Follow Tanya on YouTube: https://www.youtube.com/shehackspurple Follow Tanya on Twitch: https://www.twitch.tv/shehackspurple CoSeCast is powered by StackRox Security The only Kubernetes-native container security platform StackRox has set the standard in container and Kubernetes security, protecting cloud-native apps across the full life cycle — build, deploy, and runtime. Steve Giguere Steve is the Director of Solutions and Community for EMEA for StackRox. He is a serial podcaster having hosted his solo editorial podcast called Codifyre, as well as podcasts for Synopsys and Aqua Security called Hacking Security and BeerSecOps. He's a fun and entertain public speaker on application, cloud native and kubernetes security and when he's not doing that he loves music.  He's composed and played the theme music for this and each of his other podcasts. Learn more... https://stevegiguere.com/

    36 min

  9. TRAILER

    EP0 - Welcome to CoSeCast!

    Hello DevOps, Security, Kubernetes, Application and Continuous Security friends, this is the intro show to CoSeCast!  It's a short one so why not listen and get a taster for what's to come. Hosted by Steve Giguere https://cosecast.com Powered by StackRox https://stackrox.com

    2 min

Trailer

About

In this show we will smooth the divide between security enthusiasts and DevOps warriors, bringing harmony to our secure development efforts. Whether we're talking about a Kubernetes and cloud native application, or a big ol' Java beast, we'll seek to educate, inform, entertain and of course secure, all walks of technological life.

Information