DevSecOops

KBI.FM
  • 0.0 (0)
  • TECHNOLOGY
  • UPDATED SEMIWEEKLY
DevSecOops

Welcome to DevSecOops - a mostly serious podcast about modern ICT, and pragmatic solutions to complex problems.

Episodes

  1. JUN 29

    Episode 9 - Rapid Fire Judgement

    In this episode, Tom and Scotti take listeners behind the curtain at Cordant, revealing how the team collaboratively approaches designing IT solutions—from infrastructure to cybersecurity. Framed around a hypothetical greenfield deployment, the discussion is a rapid-fire breakdown of their go-to tools, platforms, and philosophies—covering everything from hypervisors and SIEM solutions to code repositories and discovery tools. Key Topics Covered: Discovery & Strategy Process: The Cordant methodology: discovery, internal collaboration, and experience-based solution building. VMware & Broadcom Fallout: Tom discusses why VMware remains the on-prem hypervisor of choice, despite Broadcom's pricing and licensing challenges. Alternatives are weighed, including cloud-native VMs and infrastructure consolidation strategies. SIEM & Logging Solutions: Scotti explores cost-effective approaches to log management, weighing Splunk, Microsoft Sentinel, and CrowdStrike SIEM. He stresses the need to align tooling with organisational maturity and internal expertise, cautioning against over-investment in underutilised platforms. Code Repositories: The team debates GitHub, GitLab, Bitbucket, and cloud-native options. Security, ease-of-use, and deployment flexibility are discussed, especially in contexts requiring data sovereignty or air-gapped environments. Discovery Tooling & Attack Surface Management: With evolving threats shifting from network-focused to identity-centric attacks, Scotti outlines the importance of modern asset discovery tools like RunZero, AssetNote, and Wiz. He advocates for agentless, comprehensive visibility across hybrid environments. Key Takeaways: Vendor selection should reflect organisational context—not just feature sets. Tooling must match internal capability; gold-plated tech without operational maturity offers little value. Identity, not infrastructure, is the modern threat frontier—external and internal visibility is critical. Cloud-native and hybrid strategies should be evaluated tactically and strategically, not reactively.

    1h 4m

  2. MAY 30

    Episode 8 - Bytesized: Kubernetes, AI, Oracle, and More

    In this byte-sized episode of DevSecOops, Tom and Scotti dive into recent developments from the Cordant office. Tom and Scotti unpack the power and pitfalls of modern tech trends, from Kubernetes to GenAI, and cloud resilience. Kubernetes in Focus Tom questions the complexity of Kubernetes, while Scotti defends its scalability and abstraction benefits. Drawing from both home labs and enterprise deployments, they highlight how managed services reduce friction, enabling cloud-agnostic architecture and better DevOps alignment. OCI Incident & Lessons in Trust Reflecting on a real-world project from Oracle, Scotti describes auditing IAM permissions at scale using Kubernetes. They dive into cultural lessons from a major Oracle Cloud Infrastructure (OCI) incident, advocating for transparency, not blame. Tom stresses that resilience comes from what we learn, not whom we blame. AI: Game-Changer or Crutch? AI adoption is accelerating, with tools like ChatGPT and Claude now embedded in workflows. Tom recounts a colleague building a mobile app with zero prior experience using AI alone. Scotti sees AI as a thought partner; great for learning, risky if misused. ⚠️ Ethics & Risk AI’s potential is massive, but so are the dangers. Open-source LLMs trained on exploits pose real threats. As Scotti warns: “Like any security tool, it can be used for good or bad.” ️ Key Takeaway Balance innovation with governance. Transparency, culture, and intent define how we build secure, resilient systems.

    43 min

  3. MAY 15

    Episode 7 - Wiz Bang

    This episode explores Wiz’s platform-driven approach to cloud security, emphasising its usability across multiple organizational roles — from developers to executives. Matt, a Principal Solution Engineer at Wiz, explains how the company provides comprehensive, real-time visibility into cloud environments (including multi-cloud and hybrid architectures), helping organisations identify high-risk vulnerabilities early in the software lifecycle — even before deployment. Key Discussion Points Wiz’s Core Value Proposition Wiz offers a cloud-native security platform designed to detect risks across infrastructure, applications, and configurations. The solution prioritises threats using risk context and attack path analysis, making security information relevant and actionable for both technical and business stakeholders. Executive-Level Adoption Matt notes strong engagement from CISOs, CTOs, and CIOs due to Wiz’s rapid time-to-value, easy implementation, and support for tooling consolidation. Executives appreciate how Wiz enables faster, safer adoption of new technologies, such as AI services, while maintaining governance and compliance. Developer Enablement A major focus is shifting security left by integrating it into developers’ workflows. Wiz provides clear guidance, risk prioritisation, and remediation suggestions, removing the need for developers to be security experts. This reduces friction between engineering and security teams, traditionally a major operational challenge. Operationalisation and ROI Emphasis is placed on real-world usage and ROI. Matt shares insights from customers who evaluate tools based on actual usage metrics, such as platform login frequency, to ensure investments are delivering value. Security Champion Models The discussion touches on the importance of embedded security roles, such as Security Champions within development teams. This model, pioneered by companies like Amazon, helps organisations scale secure development practices and manage the growing velocity of security threats in cloud environments. Noise Reduction and Prioritisation Hosts and guests stress the importance of eliminating alert fatigue. Wiz’s platform contextualises vulnerabilities (e.g., IAM policy misconfigurations or outdated libraries in containers) to distinguish meaningful risks from benign issues. This “pragmatic security” approach builds credibility with developers and promotes a security-aware culture.

    54 min

  4. MAY 6

    Episode 6 - War of The Clouds

    In this episode of DevSecOops from the guys at Cordant, the crew dives headfirst into one of the juiciest debates in tech: which cloud reigns supreme? Dubbed 'The War of The Clouds', this episode pits the big players (and some honerable mentions) against each other in a lighthearted skirmish over developer love, enterprise muscle, and long-term value. Tom dons the blue armour for Microsoft Azure, bringing 25 years of Wintel loyalty to the table (though he’s got some thoughts on recent commercial antics from Redmond). James rides the mighty AWS beast, championing the original developer darling turned enterprise juggernaut—boasting revenue figures that dwarf even the biggest names on the ASX. Scotti takes the underdog position with a passionate defence of Oracle Cloud. With boots-on-the-ground experience and a developer’s heart, he makes a surprisingly compelling case for Oracle's open standards and Java-rich legacy (despite a few barbs about Delphi, Java, and Visual Basic 6 along the way). Together, the trio spar over: Developer experience: From Azure’s tight-knit integration with Visual Studio and GitHub, to AWS’s shiny toybox of SDKs, to OCI’s Kafka-powered streaming services. Tooling and automation: Why Terraform is winning hearts where native tools stumble, and how scripting your infra is now half the cloud battle. Strategic cloud adoption: Whether clients should go all-in with one vendor or play the multi-cloud field—and what truly drives those choices (hint: it’s not just tech, it’s business context). Security and identity: Expect a bit of heat here - especially around PIM roles, privileged access management, and how well (or not) each provider integrates identity services. This episode is as much a tech showdown as it is a masterclass in real-world cloud strategy, with the team drawing on their direct client experiences across all three platforms. While there’s plenty of banter, the insights are razor-sharp, and whether you're team AWS, Azure, or Oracle, you’ll leave with a clearer view of where each platform shines (and where it needs work).

    1h 3m

  5. MAR 24

    Episode 5 - The Importance of Proper Program Pragmatism

    In this episode of the DevSecOps podcast, hosts Tom, Scotty, and James from Cordant are joined by experienced project manager Natalie Haslam to explore the complexities of delivering cybersecurity projects. Natalie highlights the crucial role of human factors in security, emphasising the need for awareness and adherence to protocols. The discussion covers the importance of involving operational teams early, managing cybersecurity incidents during project delivery, and balancing governance with agility. The team also examines project management methodologies, debating agile versus waterfall approaches and the benefits of a hybrid mode, and the value of stakeholder engagement, advocating for clear communication to secure buy-in and drive successful cyber initiatives.

    52 min

  6. FEB 13

    Episode 4 - Big, Hairy, Audacious Truthbombs

    This podcast episode features Tom and Scotti discussing the often-unspoken truths of cybersecurity and IT modernisation. They emphasise that security is a mindset, not just a set of tools, and advocate for a holistic approach where everyone in an organisation is involved. They also stress the importance of getting the fundamentals right before diving into complex technologies like microservices and cloud migrations, warning against the pitfalls of "lift and shift" approaches. The hosts discuss the challenges of change management, the inevitability of security incidents, and the need for better communication and understanding of cybersecurity risks at the executive level. They also touch on the shortage of skilled cybersecurity professionals and the complexities of outsourcing IT services, advocating for a balanced approach that includes internal expertise and careful vendor selection.

    1h 3m

  7. JAN 28

    Episode 3 - Understanding the Modern Threat Landscape

    Tying back how threats are inseparable - and inescapable - from modern ICT. That means everything from cybersecurity threats, BCDR needs, data management, operational issues, etc.

    1h 17m

  8. JAN 28

    Episode 2 - Decision-making For Organisations

    Deep dive into specific ICT challenges organisations may face, addressing questions focus on current ICT challenges, offering insights into prioritisation, risk management, and strategic planning.

    52 min

  9. JAN 28

    Episode 1 - The Evolution of ICT

    An historical perspective on how ICT has evolved over the years. The change from on-prem, to cloud, hybrid, and how things continue to change.

    1h 4m
  • 9 Episodes

About

Welcome to DevSecOops - a mostly serious podcast about modern ICT, and pragmatic solutions to complex problems.

Information

  • Channel
    KBI.FM
  • Creator
    Cordant
  • Years Active
    2K
  • Episodes
    9
  • Rating
    Clean
  • Copyright
    © 2025
  • Show Website
    DevSecOops

More From KBI.FM

To listen to explicit episodes, sign in.

Stay up to date with this show

Sign in or sign up to follow shows, save episodes, and get the latest updates.
Select a country or region

Africa, Middle East, and India

Asia Pacific

Europe

Latin America and the Caribbean

The United States and Canada