DSO Overflow

Glenn Wilson, and Steve Giguere

In this podcast, we speak with professionals working in cyber security, software engineering and operations to talks about a number of DevSecOps topics. We discuss how organisations factor security into their product delivery cycles without compromising the value of doing DevOps and Agile.

  1. 2일 전

    S5Ep5 - How to save $20,000 per year with Vimal Paliwal

    DSO Overflow S5EP5 Saving $20,000 a year by self-hosting a map server with Vimal Paliwal In this episode, Vimal Paliwal talks about how he led a migration project that saved his organisation $20,000 annually. He talks about how he overcame challenges he faced resulting from compute and storage demands. Vimal discusses how he ensured cost-efficiency and security by implementing a fully serverless architecture using AWS CloudFront, Lambda authorisers, and WAF, integrating robust domain whitelisting and access control. We finish this conversation by reflecting on lessons learned from this project. Vimal is a part of the AWS Community Builders program, where he actively contributes to knowledge-sharing efforts across the cloud ecosystem by writing on real-world implementations and best practices. In addition, Vim has spent several years as an AWS Authorized Instructor, during which he trained over 1,000 professionals. Resources mentioned in this podcast: Vimal's LinkedIn profileVimal's blog post about this projectVimal's GitHub repoDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg

    31분

  2. 10월 14일

    S5Ep4 - Threat modelling and AI with Petra Vukmirovic

    DSO Overflow S5EP4 Threat modelling and AI with Petra Vukmirovic In this episode Petra Vukmirovic, head of information security and technology at Numan, shares her experience of threat modelling within an AI landscape drawing from her background in medicine to highlight similarities between differential diagnosis and threat modelling. She discusses the opportunities and the risks of integrating AI into security workflows as well as exploring evolving methodologies and updated frameworks to address modern threats. Petra is also an OWASP Project Leader for the OWASP Threat Model Library, a public speaker, and leader in cybersecurity. Resources mentioned in this podcast: Petra's LinkedIn profileNuman's websiteOWASP Threat Model LibraryDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. Thanks to Janet Mesh and Jessica Martinez from Aimtal for editing this episode of the DSO Overflow podcast Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg

    39분

  3. 9월 9일

    S5Ep3 - AI and Auto-remediation with Jonathan Schneider

    DSO Overflow S5EP3 AI and auto-remediation with Jonathan Schneider In this episode Jonathan Schneider discusses his path from Netflix to founding Moderne, focusing on large-scale software modernisation. The conversation covers the promise and pitfalls of AI and auto-remediation. Jonathan advocates for empowering developers with self-service, pull-based tooling rather than top-down changes and emphasises collaboration between security and engineering to reduce technical toil so developers can focus on innovation. Resources mentioned in this podcast: Jonathan's LinkedIn profileModerne's websiteOpenRewrite by ModerneDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. Thanks to Janet Mesh and Jessica Martinez from Aimtal for editing this episode of the DSO Overflow podcast Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg

    43분

  4. 8월 13일

    S5Ep2 - Vulnerability Management, Supply Chain threats and AI with Mackenzie Jackson

    DSO Overflow S5EP2 Vulnerability Management, Supply Chain threats and AI with Mackenzie Jackson In this episode of DSO Overflow, Mackenzie Jackson discusses his transition from GitGuardian to Aikido Security, where he focuses on Application Security Posture Management (ASPM). He explains ASPM as an integrated platform that consolidates security tools. The conversation explores Aikido Security's use of open-source tools and AI to minimise false positives and streamline vulnerability management. The discussion also covers challenges with open-source vulnerability disclosure processes. Resources mentioned in this podcast: Mackenzie's LinkedIn profileAikido Security websiteWhite Rabbit NeoWired's article on the XZ backdoor incidentCISA's article on tj_actions compromiseMackenzie's The Security Repo PodcastDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg

    47분

  5. 1월 31일

    S5Ep1 - Securing the Software Supply Chain with Francois Proulx

    DSO Overflow S5EP1 Security the Software Supply Chain with Francois Proulx In this episode, featuring Francois Proulx, a senior product security engineer, we discuss software supply chain security, particularly the security of build pipelines and dependencies. Francois shares insights on defining supply chains, identifying vulnerabilities, threat modeling, and strategies to improve security. The conversation explores topics like the SALSA framework, risk factors in CI/CD pipelines, and reducing complexity in dependencies. The discussion emphasizes threat awareness, holistic approaches, and the importance of isolating critical processes in software development. Practical tools and insights on research and AI’s role in security were also touched upon. Resources mentioned in this podcast: Francois' LinkedIn profileBoost blog siteBoost on GitHubSLSA websiteDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. This podcast is brought to you by our sponsors:  Prisma Cloud, Tigera and Apiiro Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg

    48분

  6. 2024. 12. 06.

    S4Ep10 - Threat modelling with Ashley Ward

    DSO Overflow S4EP10 Threat Modelling with Ashley Ward In this month's episode, Steve and Glenn chatted with Ashley Ward to discuss topics around threat modelling. Ashley is a highly experienced CTO at ControlPlan with expertise in cloud-native architectures and cybersecurity, known for leading transformative initiatives across startups and large enterprises, including as Group CTO for a €4.5 billion company. He excels in scaling organisations through agile, FinOps, and DevSecOps, while inspiring teams and engaging with stakeholders at all levels. As a Justice of the Peace since 2017, Ashley brings additional strengths in decision-making, public speaking, and community-focused leadership. In this episode of DSO Overflow, Ashley Ward, CTO at Control Plane, discusses threat modelling in cloud-native environments, security challenges, and the impact of emerging technologies like AI. Ward explains that threat modeling should start with existing knowledge and highlights the benefits of collaborative, iterative approaches. He emphasises involving various teams in the process to account for application, platform, and infrastructure layers. Ward also discusses practical frameworks, such as the CIA triad and STRIDE, and points out the specific challenges in cloud-native threat modelling, like microservices and fast-paced release cycles. Regarding AI, he cautions about the heightened risks, as AI democratises hacking capabilities. Ward advocates for using AI thoughtfully in threat modelling and encourages companies to adopt proactive security strategies. He concludes by encouraging organisations to embrace threat modelling as an evolving, essential practice. Resources mentioned in this podcast: Ashley Ward's LinkedIn profileControlPlane websiteDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. This podcast is brought to you by our sponsors:  Prisma Cloud, Tigera and Apiiro Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg

    47분

  7. 2024. 11. 19.

    S4Ep9 - Open Source Integrity with Luke Hinds

    DSO Overflow S4EP9 Open Source Integrity with Luke Hinds In this month's episode, Jessica and Glenn chatted with Luke Hinds to discuss topics around Open Source integrity and provenance. Luke is a co-founder and the CTO at Stacklok who loves building open source software and communities, as well as leading talented engineering teams to develop innovative cutting edge security technologies at scale. In this episode, Luke talks about the challenges of ensuring open source software integrity and provenance using cryptographic technologies and automated signing of software within the CICD pipeline using a non-profit software cryptographic signing service. He talks about managing developer expectations and how security should enable software development. We briefly discuss the dangers of putting too much trust into AI and the data that supports GenAI models. Resources mentioned in this podcast: Luke Hind's LinkedIn profileStacklok on LinkedInStacklok's websitesigstore on LinkedInsigstore websiteslsa websiteMinder websiteMinder on GitHubDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. This podcast is brought to you by our sponsors:  Prisma Cloud, Tigera and Apiiro Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg

    41분

  8. 2024. 10. 22.

    S4Ep8 - Cloud Native and Kubernetes with Steve Wade and Michael Foster

    DSO Overflow S4EP8 Cloud Native and Kubernetes with Steve Wade and Michael Foster In this month's episode, Steve met with Steve Wade  and Michael Foster to talk about the  Cloud Native Club and new and future developments in Kubernetes. Steve Wade founded The Cloud Native Club, a global community for cloud-native enthusiasts. He is also a maintainer of the Flux Terraform Provider. As an experienced conference speaker, independent cloud-native consultant, and trainer, Steve shares his expertise worldwide. He has held platform leadership roles across various industries, including real estate, gaming, fintech, and the UK Parliament. With a BSc in Computer Science, Steve is passionate about cloud-native software development and distributed computing. Michael Foster regards himself as a passionate tech enthusiast and open-source advocate with a multidisciplinary background. Understands the importance of community and being a good communicator. Great problem solver, quick thinker, constant learner, and someone who is process-orientated. Able to conceptualize, coordinate, and implement by paying attention to detail while seeing the big picture. I am continually working to bridge the gap between tech and business. In this episode, Steve Wade introduces his new community called the Cloud Native Club while Steve Giguere and special guest host Michael Foster (Red Hat) introduces The State of Kubernetes Security report as an anchor to pick Steve Wade’s brain on everything from how we secure cloud native to AI’s influence on Kubernetes now and in the future. Cloud Native Club: The Cloud Native Club is a global community I founded in July 2024, dedicated to connecting cloud-native enthusiasts from all walks of life, no matter where they are in the world. Inspired by my journey transitioning from a football career to the tech industry, I quickly realised the immense value of community in fostering growth and success. However, I also saw that many people, especially those in remote areas, lacked access to the supportive networks that can be crucial for learning and development. The Cloud Native Club was created to bridge that gap. It’s a place where anyone—from beginners to seasoned professionals—can come together to learn, share, and grow in the cloud-native space. Through our forum, weekly hangouts, and YouTube series like "My Journey" and "Project Spotlight," we aim to make cutting-edge cloud-native knowledge accessible to everyone while fostering a strong, supportive, and inclusive community. Resources mentioned in this podcast: Steve Wade's LinkedIn profileSteve Wade's Twitter profileThe Cloud Native Club on LinkedInThe Cloud Native Club on TwitterThe Cloud Native Club on YouTubeMichael Foster's LinkedIn ProfileDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. This podcast is brought to you by our sponsors:  Prisma Cloud, Tigera and Apiiro Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg Dev

    51분
모두 보기(49개)

소개

In this podcast, we speak with professionals working in cyber security, software engineering and operations to talks about a number of DevSecOps topics. We discuss how organisations factor security into their product delivery cycles without compromising the value of doing DevOps and Agile.

정보

  • 제작진
    Glenn Wilson, and Steve Giguere
  • 방송 연도
    2019년 - 2025년
  • 에피소드
    49
  • 등급
    무삭제판
  • 저작권
    © 2025 DSO Overflow
  • 웹사이트 보기
    DSO Overflow