DSO Overflow

Glenn Wilson, and Steve Giguere
  • 0.0 (0)
  • TECHNOLOGY

In this podcast, we speak with professionals working in cyber security, software engineering and operations to talks about a number of DevSecOps topics. We discuss how organisations factor security into their product delivery cycles without compromising the value of doing DevOps and Agile.

  1. AUG 13

    S5Ep2 - Vulnerability Management, Supply Chain threats and AI with Mackenzie Jackson

    DSO Overflow S5EP2 Vulnerability Management, Supply Chain threats and AI with Mackenzie Jackson In this episode of DSO Overflow, Mackenzie Jackson discusses his transition from GitGuardian to Aikido Security, where he focuses on Application Security Posture Management (ASPM). He explains ASPM as an integrated platform that consolidates security tools. The conversation explores Aikido Security's use of open-source tools and AI to minimise false positives and streamline vulnerability management. The discussion also covers challenges with open-source vulnerability disclosure processes. Resources mentioned in this podcast: Mackenzie's LinkedIn profileAikido Security websiteWhite Rabbit NeoWired's article on the XZ backdoor incidentCISA's article on tj_actions compromiseMackenzie's The Security Repo PodcastDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg

    47 min

  2. JAN 31

    S5Ep1 - Securing the Software Supply Chain with Francois Proulx

    DSO Overflow S5EP1 Security the Software Supply Chain with Francois Proulx In this episode, featuring Francois Proulx, a senior product security engineer, we discuss software supply chain security, particularly the security of build pipelines and dependencies. Francois shares insights on defining supply chains, identifying vulnerabilities, threat modeling, and strategies to improve security. The conversation explores topics like the SALSA framework, risk factors in CI/CD pipelines, and reducing complexity in dependencies. The discussion emphasizes threat awareness, holistic approaches, and the importance of isolating critical processes in software development. Practical tools and insights on research and AI’s role in security were also touched upon. Resources mentioned in this podcast: Francois' LinkedIn profileBoost blog siteBoost on GitHubSLSA websiteDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. This podcast is brought to you by our sponsors:  Prisma Cloud, Tigera and Apiiro Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg

    48 min

  3. 12/06/2024

    S4Ep10 - Threat modelling with Ashley Ward

    DSO Overflow S4EP10 Threat Modelling with Ashley Ward In this month's episode, Steve and Glenn chatted with Ashley Ward to discuss topics around threat modelling. Ashley is a highly experienced CTO at ControlPlan with expertise in cloud-native architectures and cybersecurity, known for leading transformative initiatives across startups and large enterprises, including as Group CTO for a €4.5 billion company. He excels in scaling organisations through agile, FinOps, and DevSecOps, while inspiring teams and engaging with stakeholders at all levels. As a Justice of the Peace since 2017, Ashley brings additional strengths in decision-making, public speaking, and community-focused leadership. In this episode of DSO Overflow, Ashley Ward, CTO at Control Plane, discusses threat modelling in cloud-native environments, security challenges, and the impact of emerging technologies like AI. Ward explains that threat modeling should start with existing knowledge and highlights the benefits of collaborative, iterative approaches. He emphasises involving various teams in the process to account for application, platform, and infrastructure layers. Ward also discusses practical frameworks, such as the CIA triad and STRIDE, and points out the specific challenges in cloud-native threat modelling, like microservices and fast-paced release cycles. Regarding AI, he cautions about the heightened risks, as AI democratises hacking capabilities. Ward advocates for using AI thoughtfully in threat modelling and encourages companies to adopt proactive security strategies. He concludes by encouraging organisations to embrace threat modelling as an evolving, essential practice. Resources mentioned in this podcast: Ashley Ward's LinkedIn profileControlPlane websiteDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. This podcast is brought to you by our sponsors:  Prisma Cloud, Tigera and Apiiro Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg

    47 min

  4. 11/19/2024

    S4Ep9 - Open Source Integrity with Luke Hinds

    DSO Overflow S4EP9 Open Source Integrity with Luke Hinds In this month's episode, Jessica and Glenn chatted with Luke Hinds to discuss topics around Open Source integrity and provenance. Luke is a co-founder and the CTO at Stacklok who loves building open source software and communities, as well as leading talented engineering teams to develop innovative cutting edge security technologies at scale. In this episode, Luke talks about the challenges of ensuring open source software integrity and provenance using cryptographic technologies and automated signing of software within the CICD pipeline using a non-profit software cryptographic signing service. He talks about managing developer expectations and how security should enable software development. We briefly discuss the dangers of putting too much trust into AI and the data that supports GenAI models. Resources mentioned in this podcast: Luke Hind's LinkedIn profileStacklok on LinkedInStacklok's websitesigstore on LinkedInsigstore websiteslsa websiteMinder websiteMinder on GitHubDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. This podcast is brought to you by our sponsors:  Prisma Cloud, Tigera and Apiiro Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg

    41 min

  5. 10/22/2024

    S4Ep8 - Cloud Native and Kubernetes with Steve Wade and Michael Foster

    DSO Overflow S4EP8 Cloud Native and Kubernetes with Steve Wade and Michael Foster In this month's episode, Steve met with Steve Wade  and Michael Foster to talk about the  Cloud Native Club and new and future developments in Kubernetes. Steve Wade founded The Cloud Native Club, a global community for cloud-native enthusiasts. He is also a maintainer of the Flux Terraform Provider. As an experienced conference speaker, independent cloud-native consultant, and trainer, Steve shares his expertise worldwide. He has held platform leadership roles across various industries, including real estate, gaming, fintech, and the UK Parliament. With a BSc in Computer Science, Steve is passionate about cloud-native software development and distributed computing. Michael Foster regards himself as a passionate tech enthusiast and open-source advocate with a multidisciplinary background. Understands the importance of community and being a good communicator. Great problem solver, quick thinker, constant learner, and someone who is process-orientated. Able to conceptualize, coordinate, and implement by paying attention to detail while seeing the big picture. I am continually working to bridge the gap between tech and business. In this episode, Steve Wade introduces his new community called the Cloud Native Club while Steve Giguere and special guest host Michael Foster (Red Hat) introduces The State of Kubernetes Security report as an anchor to pick Steve Wade’s brain on everything from how we secure cloud native to AI’s influence on Kubernetes now and in the future. Cloud Native Club: The Cloud Native Club is a global community I founded in July 2024, dedicated to connecting cloud-native enthusiasts from all walks of life, no matter where they are in the world. Inspired by my journey transitioning from a football career to the tech industry, I quickly realised the immense value of community in fostering growth and success. However, I also saw that many people, especially those in remote areas, lacked access to the supportive networks that can be crucial for learning and development. The Cloud Native Club was created to bridge that gap. It’s a place where anyone—from beginners to seasoned professionals—can come together to learn, share, and grow in the cloud-native space. Through our forum, weekly hangouts, and YouTube series like "My Journey" and "Project Spotlight," we aim to make cutting-edge cloud-native knowledge accessible to everyone while fostering a strong, supportive, and inclusive community. Resources mentioned in this podcast: Steve Wade's LinkedIn profileSteve Wade's Twitter profileThe Cloud Native Club on LinkedInThe Cloud Native Club on TwitterThe Cloud Native Club on YouTubeMichael Foster's LinkedIn ProfileDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. This podcast is brought to you by our sponsors:  Prisma Cloud, Tigera and Apiiro Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg Dev

    51 min

  6. 09/16/2024

    S4Ep7 - Managing the risks that really matter with Sam Watkins

    DSO Overflow S4EP7 Managing the risks that really matter with Sam Watkins In this month's episode, Glenn and Jessica speak with Sam Watkins to talk about a new paradigm for managing risks. Sam Watkins is an accomplished engineer working at BT in the UK. Sam is driven by a passion for driving change through the implementation of technological solutions, possessing the expertise in impacting organisational capability and performance, catering to business needs by early adaption of futuristic technological trends, and enabling organisations to meet the business needs. In this episode, Sam reveals to Jess and Glenn the exciting work she is doing at BT, a major telecommunication company in the UK to improve the organisation's application security posture. You will hear Sam talk about challenging the current paradigm of managing vulnerabilities to a paradigm of managing weaknesses. Sam discusses the risks that really matter while remaining empathetic to the needs of everyone within the organisation including compliance, engineering and risk management. Resources mentioned in this podcast: Sam's LinkedIn profileSam's personal websiteCommon Weakness EnumerationDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. This podcast is brought to you by our sponsors:  Prisma Cloud, Tigera and Apiiro Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg DevSecOps - London Gathering Keep in touch with our events associated with this podcast via our website. For more about DevSecOps - London Gathering check out https://dsolg.com

    39 min

  7. 06/13/2024

    S4Ep6 - Security in front-end application development with David Mytton

    DSO Overflow S4EP6 Security in front-end application development with David Mytton In this month's episode, Glenn speaks with David Mytton to talk about how to make sure front-end development is secure. David Mytton is the CEO of Arcjet, a devtools software startup that helps developers protect their apps. He also writes the weekly Console.dev devtools newsletter which helps developers find the best tools. He's an angel investor in >30 early-stage developer-first startups and is working towards an Engineering Science PhD in sustainable computing at the University of Oxford. His research has been featured in The Times, WSJ, Financial Times, Fast Company, Computer Weekly, and Sky News.. In this episode, David and Glenn cover the main security challenges and security hygiene affecting front-end application development. They discuss a broad range of topics including software dependencies, input validation, securing environment variables, and many other security related topics that all developers should consider when developing front-end applications. Resources mentioned in this podcast: David's LinkedIn profileDavid's blogConsole.devDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. This podcast is brought to you by our sponsors:  Prisma Cloud, Tigera and Apiiro Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg DevSecOps - London Gathering Keep in touch with our events associated with this podcast via our website. For more about DevSecOps - London Gathering check out https://dsolg.com

    45 min

  8. 05/17/2024

    S4Ep5 - LLMs and GenAI with John Boero

    DSO Overflow S4EP5 LLM and GenAI security with John Boero In this month's episode, Jess and Glenn speak with Field CTO at TeraSky John Boero to talk about LLMs and GenAI. John lives in London and has 20 years in the IT industry developing and consulting for Red Hat, Puppet, HashiCorp, and more with emphasis on performance and security. In this episode, John talks about the inherent risks of using LLMs and GenAI and provides some hints on how to benefit from using them effectively. He discusses the technical details involved in LLMs to give listeners a better understanding of what's under the hood of GenAI models. Resources mentioned in this podcast: John's LinkedIn profileTerraSky's websiteDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. This podcast is brought to you by our sponsors:  Prisma Cloud, Tigera and Apiiro Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg DevSecOps - London Gathering Keep in touch with our events associated with this podcast via our website. For more about DevSecOps - London Gathering check out https://dsolg.com

    39 min
See All (46)

About

In this podcast, we speak with professionals working in cyber security, software engineering and operations to talks about a number of DevSecOps topics. We discuss how organisations factor security into their product delivery cycles without compromising the value of doing DevOps and Agile.

Information

  • Creator
    Glenn Wilson, and Steve Giguere
  • Years Active
    2019 - 2025
  • Episodes
    46
  • Rating
    Explicit
  • Copyright
    © 2025 DSO Overflow
  • Show Website
    DSO Overflow