Shows
DSO OverflowS5Ep1 - Securing the Software Supply Chain with Francois ProulxDSO Overflow S5EP1Security the Software Supply ChainwithFrancois ProulxIn this episode, featuring Francois Proulx, a senior product security engineer, we discuss software supply chain security, particularly the security of build pipelines and dependencies. Francois shares insights on defining supply chains, identifying vulnerabilities, threat modeling, and strategies to improve security. The conversation explores topics like the SALSA framework, risk factors in CI/CD pipelines, and reducing complexity in dependencies. The discussion emphasizes threat awareness, holistic approaches, and the importance of isolating critical processes in software development. Practical tools and insights...2025-01-3148 minDSO OverflowS4Ep10 - Threat modelling with Ashley WardDSO Overflow S4EP10Threat ModellingwithAshley WardIn this month's episode, Steve and Glenn chatted with Ashley Ward to discuss topics around threat modelling.Ashley is a highly experienced CTO at ControlPlan with expertise in cloud-native architectures and cybersecurity, known for leading transformative initiatives across startups and large enterprises, including as Group CTO for a €4.5 billion company. He excels in scaling organisations through agile, FinOps, and DevSecOps, while inspiring teams and engaging with stakeholders at all levels. As a Justice of the Peace since 2017, Ashley brings additional st...2024-12-0646 minDSO OverflowS4Ep9 - Open Source Integrity with Luke HindsDSO Overflow S4EP9Open Source IntegritywithLuke HindsIn this month's episode, Jessica and Glenn chatted with Luke Hinds to discuss topics around Open Source integrity and provenance.Luke is a co-founder and the CTO at Stacklok who loves building open source software and communities, as well as leading talented engineering teams to develop innovative cutting edge security technologies at scale.In this episode, Luke talks about the challenges of ensuring open source software integrity and provenance using cryptographic technologies and automated signing of software...2024-11-1941 minDSO OverflowS4Ep8 - Cloud Native and Kubernetes with Steve Wade and Michael FosterDSO Overflow S4EP8Cloud Native and KuberneteswithSteve Wade and Michael FosterIn this month's episode, Steve met with Steve Wade and Michael Foster to talk about the Cloud Native Club and new and future developments in Kubernetes.Steve Wade founded The Cloud Native Club, a global community for cloud-native enthusiasts. He is also a maintainer of the Flux Terraform Provider. As an experienced conference speaker, independent cloud-native consultant, and trainer, Steve shares his expertise worldwide. He has held platform leadership ro...2024-10-2251 minDSO OverflowS4Ep7 - Managing the risks that really matter with Sam WatkinsDSO Overflow S4EP7Managing the risks that really matterwithSam WatkinsIn this month's episode, Glenn and Jessica speak with Sam Watkins to talk about a new paradigm for managing risks.Sam Watkins is an accomplished engineer working at BT in the UK. Sam is driven by a passion for driving change through the implementation of technological solutions, possessing the expertise in impacting organisational capability and performance, catering to business needs by early adaption of futuristic technological trends, and enabling organisations to meet the business needs.2024-09-1639 minDSO OverflowS4Ep6 - Security in front-end application development with David MyttonDSO Overflow S4EP6Security in front-end application developmentwithDavid MyttonIn this month's episode, Glenn speaks with David Mytton to talk about how to make sure front-end development is secure.David Mytton is the CEO of Arcjet, a devtools software startup that helps developers protect their apps. He also writes the weekly Console.dev devtools newsletter which helps developers find the best tools.He's an angel investor in >30 early-stage developer-first startups and is working towards an Engineering Science PhD in sustainable computing at the University...2024-06-1344 minDSO OverflowS4Ep5 - LLMs and GenAI with John BoeroDSO Overflow S4EP5LLM and GenAI securitywithJohn BoeroIn this month's episode, Jess and Glenn speak with Field CTO at TeraSky John Boero to talk about LLMs and GenAI.John lives in London and has 20 years in the IT industry developing and consulting for Red Hat, Puppet, HashiCorp, and more with emphasis on performance and security.In this episode, John talks about the inherent risks of using LLMs and GenAI and provides some hints on how to benefit from using them effectively. He discusses...2024-05-1738 minDSO OverflowS4Ep4 - IoT, AI and DevSecOps with Darren RichardsonDSO Overflow S4EP4IoT, AI and DevSecOpswithDarren RichardsonIn this month's episode, Jess and Glenn speak with networking graduate, security enthusiast, coder and giant with a great bushy beard Darren Richardson from Eficode.Darren is an IT graduate specializing in system administration, network operation and information security with experience in Cisco IOS operation and network management. He has a passion for information security with a bias towards offensive security and ethical hacking.In this episode, Darren talks about the inherent security challenges of using...2024-04-0934 minDSO OverflowS4Ep3 - Paving the Road to Effective Software Development with Sarah WellsDSO Overflow S4EP3Paving the Road to Effective Software DevelopmentwithSarah WellsIn this month's episode, Jess and Glenn speak with Sarah Wells an independent tech consultant, author formerly the Technical Director for Engineering Enablement at the Financial Times to talk about how to balance developer autonomy with standardisation.Sarah is a technology leader, consultant and conference speaker with a focus on microservices, engineering enablement, observability and devops. She has over 20 years experience as a developer, principal engineer and tech director across product, platform, SRE and devops...2024-03-1143 minDSO OverflowS4Ep2 - Resilient Cybersecurity with Kennedy TorkuraDSO Overflow S4EP2Resilient CybersecuritywithKennedy TorkuraIn this month's episode, Steve and Glenn speak with Kennedy Torkura from Mitigant to talk about how to build cyber resiliency into your organisation.Kennedy is a cybersecurity professional, CTO and co-founder at Mitigant who specialises continuous security verification and making cybersecurity resilience a first-class citizen in the cloud. Kennedy holds a doctorate in cybersecurity whose thesis covers continuous security paradigms in cloud-native infrastructure. He is also a contributor to the book Security Chaos Engineering released in 2023.In...2024-02-1243 minDSO OverflowS4Ep1 - Contract First Development with Holly CumminsDSO Overflow S4EP1Contract First DevelopmentwithHolly CumminsIn this month's episode, Steve, Jess and Glenn speak with Holly Cummins to talk about how to API contracts and Contract First Development.Holly Cummins is a Senior Principal Software Engineer on the Red Hat Quarkus team and a Java Champion. Over her career, Holly has been a full-stack javascript developer, a WebSphere Liberty build architect, a client-facing consultant, a JVM performance engineer, and an innovation leader. Holly has used the power of cloud to understand climate risks, count f...2024-01-0941 minDSO OverflowS3Ep12 - The World of OWASP with Sam StepanyanDSO Overflow S3EP12The world of OWASPwithSam StepanyanIn this month's episode, Steve and Glenn speak with Sam Stepanyan who was recently voted onto the OWASP board. Sam tells us about his involvement with OWASP, the origins of OWASP, and what the future hold for OWASP.Sam is an OWASP London Chapter Leader, elected OWASP board member and an Independent Application Security Consultant with over 20 years of experience in the IT industry with a background in software engineering and web application development. Sam has worked for v...2023-12-0447 minDSO OverflowS3Ep11 - Storing secrets with Mackenzie JacksonDSO Overflow S3EP11Storing secretswithMackenze JacksonIn this month's episode, Steve, Jess and Glenn speak with Mackenzie Jackson to talk about managing secrets and digital authentication credentials in distributed architectures. In particular, Mackenzie digs into the concepts of secrets sprawl, and how we can keep secrets safe.Mackenzie is currently the developer advocate at GitGuardian, a developer-first cybersecurity company based in Paris that is focused on helping keep secrets and credentials out of source code.Mackenzie is passionate about technology and building a community of engaged...2023-11-0642 minDSO OverflowS3Ep10 - Private end-points with Jonathan D'AloiaDSO Overflow S3EP10Private end-pointswithJonathan D'AloiaIn this episode, Glenn, Jess and Steve are joined by Jonathan D'Aloia from Adatis to talk about benefits and challenges of using private end-points. Jonathan is a Principal DevOps Engineer at Adatis (part of Telefonica Tech) and is also an Azure Certified DevOps engineer and certified Cloud Solution Architect.Jonathan works with Infrastructure as code languages such as BICEP, Terraform and ARM templates, writes and designs YAML templates to automate the deployment of the Infrastructure as well as pipelines to deploy the...2023-10-0237 minDSO OverflowS3Ep9 - Container Security with Rony MoshkovichDSO Overflow S3EP9Container SecuritywithRony MoshkovichIn this episode, Glenn and Jess are joined by Rony Moshkovich, co-founder & CPO at Prevasio, an AlgoSec company to talk about adopting a container security programme. Rony has extensive experience with cloud platform development, developing cloud-hosted service platforms for companies such as NTT, Symantec, HCL, CA, and more. A true veteran of the antivirus industry, Rony has worked as Development Director and Malware Research Lab Manager for CA\HCL and PC Tools\Symantec. Having many years of extensive experience in building and managing security...2023-09-0447 minDSO OverflowS3Ep8 - Static Application Security Testing with Nipun GuptaDSO Overflow S3EP8Static Application Security TestingwithNipun GuptaIn this episode, Glenn is joined by Nipun Gupta, a seasoned technology executive, entrepreneur, and speaker to talk about static code analysis, its benefits, its pitfalls and how best to integrate tools into developer workflows. Based nowadays in London, UK after a decade in Silicon Valley, Nipun has developed a reputation as a thought leader and innovator in cybersecurity at places like NCC Group, Deutsche Bank, and Deloitte. Prior to leading Integrations Product at Devo, he served as the Vice President, Global C...2023-08-0736 minDSO OverflowS3Ep7 - Open Source Cloud Security with Matt JohnsonDSO Overflow S3EP7Open Source Cloud SecuritywithMatt JohnsonIn this episode, Steve, Jess and I are joined by Matt Johnson, developer advocate at Palo Alto Networks to talk to us about open source cloud security. Matt is a Developer Advocate for all things cloud security and open source at Prisma Cloud (part of Palo Alto). Hobbyist pentester, network and container geek, he specialises in Cloud Infrastructure and developer ecosystem security. Matt introduces us to the Checkov and Yor open source projects and talks about how AI may affect cloud security...2023-07-1745 minDSO OverflowS3Ep6 - Notes from Japan with John WillisDSO Overflow S3EP6Notes from JapanwithJohn WillisIn this episode, Glenn is joined by John Willis, DevOps advocate and co-author of the DevOps Handbook to talk about our recent trip to Japan in which we visited a number of organisations to gain an understanding of lean principles. Listen to John as he shares his views of the trip and what he learned about quality, community, society and of course, Deming.Resources mentioned in this podcast:John's LinkedIn profileJohn's Profound Deming blogJohn's lates book on DemingThe DevOps Handbook2023-06-1946 minDSO OverflowS3Ep5 - Workload authentication and authorisation using SPIFFE and OPA with Charlie EganDSO Overflow S3EP5Workload authentication and authorisation using SPIFEE and OPAwithCharlie EgainIn this episode, Steve, Jess and I are joined by Charlie Egan, developer advocate and Styra to talks to us about using SPIFFE (Secure Production Identity Framework For Everyone) and OPA (Open Policy Agent) to authenticate and authorise workloads. Charlie explains what SPIFFE is, how to start using it, and the challenges it helps organisations overcome.Resources mentioned in this podcast:Charlie's LinkedIn profileSPIFFEOPADSO Overflow S1Ep7 on Open Policy AgentDSO Overflow is...2023-05-3046 minDSO OverflowS3Ep4 - The 'Man' Who Started It with Michael ManIn this episode, Steve, Jess and Glenn met with Michael Man, the founder of the DevSecOps London Gathering and this podcast, to chat about how it all started and the principles and philosophy of the Gathering. We reminisce about some key moments as well as discussing Michael's decision to step down from running the events and the podcast.We hope you enjoy listening to this episode as much as we enjoyed recording it.DSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and...2023-04-0347 minDSO OverflowS3Ep3 - Leveraging Systems Thinking with Simon CopseyDSO Overflow S3EP3Leveraging Systems ThinkingwithSimon CopleyIn this episode, Steve, Jess and I are joined by Simon Copsey who talks to us about taking a systems thinking approach to improving organisational performance. He tells us among other things, about challenging assumptions, identifying, understanding and managing constraints, and how important it is to recognise cognitive dissonance.Resources mentioned in this podcast:Simon's LinkedIn profileCurious Coffee ClubGoldratt's Rule of FlowThe Unicorn ProjectThe GoalDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all...2023-03-0647 minDSO OverflowS3Ep2 - Cloud Security with Paul SchwarzenbergerDSO Overflow S3EP2Cloud SecuritywithPaul SchwarzenbergerIn this episode, Steve and I are joined by Paul Schwarzenberger who talks to us about cloud providers, cloud security and an OWASP project he has recently started working on. We hear about Paul's journey into cloud security, his views on certification programmes, and he warns us of the security traps that await us when working with cloud technologies.Resource mentioned in this podcast:OWASP 2023 Global AppSec in DublinOWASP Domain Protect projectPaul's LinkedIn profileDSO Overflow is a DevSecOps London...2023-02-0649 minDSO OverflowS3Ep1 - CVE, CVSS and the Land of Broken Dreams with Francesco CipolloneDSO Overflow S3EP1CVE, CVSS and the Land of Broken DreamswithFrancesco CipolloneIn this episode, Steve and Glenn are joined by Francesco 'Frank' Cipollone CEO and Founder of AppSec Phoenix. Frank talks about CVEs, CVSS scoring and how they create too much noise to be effective in helping organisations improve their security posture. We hear Frank speak about contextualisation and risk as a means to improve security within your organisation.Resource mentioned in this podcast:AppSec Phoenix websiteFrank's Cyber Security and Cloud PodcastWhitepaper on vulnerability management...2023-01-1648 minDSO OverflowS2Ep5 - Security Differently with Mario PlattDSO Overflow S3EP5Security DifferentlywithMario Platt from LastPassIn this episode Glenn Wilson and Steve Giguere sit down with Mario Platt to discuss how the current paradigm of doing security is not working. Taking lessons from how safety is managed within a physically demanding role, Mario examens why compliance is failing and how we need to build a new model based on resilience.Resources mentioned in this podcast:Mario's presentation given at DSO LG in May 2022Rasmussen paper Rasmussen, J. (1997). Risk management in a dynamic society: A...2022-09-1249 minDSO OverflowS2Ep4 - Cloud Security @ Large with Ashish and ShilpiDSO/Overflow S2EP4Cloud Security at LargewithAshish Rajan and Shilpi Bhattacharjee from the Cloud Security Podcasthttps://cloudsecuritypodcast.tv/https://twitter.com/cloudsecpod?lang=enhttps://www.youtube.com/c/CloudSecurityPodcast?sub_confirmation=1Watch on YouTube: https://youtu.be/HV6iJReLoXEIn the episode, Jessica Cregg sits with Ashish and Shilpi and breaks the 4th wall about their mega successful Cloud Security Podcast, what advocacy means, and the state of Cloud Security at large. DSO/Overflow is a DevSecOps London Gathering production. Find th...2022-09-0350 min
DSO OverflowS2Ep3 - Or Weis on Modern AuthorizationIn this episode, Or Weis talks to us about Full Stack Permission as a Service, why simplifying access control is crucial to creating secure infrastructure and how the use of access control could facilitate a zero-trust architecture.BIOOr is the CEO and co-founder of Permit.io, and co-maintainer and author of open source OPAL.ac. Or is a serial entrepreneur who is passionate about developer tools, previously founding Rookout.com, a leading production debugging solution; and managing Upwards Israel’s largest founders’ PLG community. Before becoming a founder, Or worked as a lead engi...2022-03-3142 min
DSO OverflowS2Ep2 - Chris Tomkins and Nathan Skrzypczak on VPP and K8s Calico Data PlanesIn this episode, Nathan and Chris talk about VPP, Calico, CNI and Service Mesh architecture. We will learn how VPP can enhance security and performance of your K8s clusters and the benefits of using Calico.BiosChris Tomkins - Chris is lead developer advocate at Tigera, where he champions user needs to support Project Calico’s users and contributor community. He has worked in networking since 2000. After realising that a per-device CLI is not a scalable solution for a large environment, he took an early interest in infrastructure-as-code approaches and large-scale au...2022-03-0953 min
DSO OverflowS2Ep1 - Nigel Kersten: Accelerating DevOps AdoptionEpisode SummaryIn this episode, Nigel gives his views on the current state of DevOps adoption, the role of security in DevOps, and gives us some clues from the State of DevOps Report 2021 that will help organisations accelerate their DevOps journey.Nigel's BioNigel is a Field CTO at Puppet where he is responsible for bringing product knowledge and a senior technical operations perspective to Puppet field teams and customers, working on services strategy and representing the customer back into the product organization. He works with many of Puppet’s largest cu...2022-01-3140 min
DSO OverflowEP17: A History of Kubernetes Security with Rory McCuneFrom containers to Kubernetes to cloud, it can be hard enough to keep up with the technologies let alone how to secure them. Rory McCune was there at the inception. Starting as a pen tester looking into containers he has become one of the world's foremost Kubernetes security authorities. In this episode Glenn and Steve talk to him about the early days of containers, the orchestration wars, the first ever Kubernetes CVE and how security chases a technology maturing at breakneck speed.You can reach Rory on Twitter: https://twitter.com/raesene2021-12-2945 min
DSO OverflowEP:16 Breaking down silos with Stefania ChaplinIn this episode, Steve and Glenn are joined by Stefania Chaplin to talk about breaking down silos.BioStefania Chaplin’s experience within Cybersecurity, DevSecOps and OSS governance means she's helped countless organisations understand and implement security throughout their SDLC. As a python developer at heart, Stefania is always optimising and improving efficiency wherever she goes by scripting & automating processes and creating integrations. Stefania is passionate about DevSecOps and cybersecurity, having spoken at many conferences including; RSA Conference, ADDO, OWASP, JavaZone, Women of Silicon Roundabout, Women in DevOps, DZone and many more. She is al...2021-12-2645 min
DSO OverflowEP15: DevSecOps PersonasIn this episode, Steve and Glenn speak with Ed Tucker and Gary Robinson about the differences between DevSecOps personas.DevSecOps Personas – what Developers, Security, and Operations think when it comes to people/tech/processes/culture when it comes to rolling out DevSecOps programs. Each of these teams have different drivers, ambitions, blockers, and challenges when it comes to a successful DevSecOps program. As Dale Carnegie said, ‘The only way to get anyone to do anything, is to make them want to do it’ - all the tech and process in the world isn’t going to make it successf...2021-10-2553 min
DSO OverflowEP14: Threat Modeling - A Manifesto And Some CodeTitle: Threat Modeling - A Manifesto And Some CodeThreat Modeling: Why we think it matters for you, and how you can implement it in your organization.Modeling: How to model your system in an expressive way.Eliciting threats: What are some of the major approaches in use and how can it be done closer to the developer and at Agile speed.Evolution: Automated threat analysis using an open source tool (pytm). We will talk through the making of pytm and then do a demo.Guest...2021-08-2338 min
DSO OverflowEP13: Top 5 things I wish I knew about SASTApplication security testing ... top tips to achieve more SASTisfaction from your tooling.ReferencesYoutube Channel: AppSecEngineerYoutube Channel: we45OSSF ScorecardPlease visit our YouTube Channel to see Florin present in our July 2021 Gathering (monthly meet-up).Guest SpeakersFlorin CoadaI've been working in the Application Security testing space for the last eight years. I was lucky enough to experience many customer environments and different testing technologies (SAST, DAST, IAST, SCA). Over the years, I became more interested in SAST, and I am currently working...2021-08-0445 min
DSO OverflowEP12: Exploring eBPF Cloud Native SecurityExtended Berkeley Packet Filter (eBPF) allows us to tap into the kernel to implement monitoring, observability, networking, and security. In this episode, we invited Chris Kranz and Liz Rice to discuss the usage and adoption of eBPF within Cloud Native solutions.Referenceshttp://www.brendangregg.com/https://nathanleclaire.com/https://github.com/iovisor/bpftracehttps://ebpf.io/what-is-ebpfhttps://github.com/lizrice/ebpf-beginnerseBPF for Windows: https://www.youtube.com/watch?v=LrrV-eo6fugCommunity: http://slack.cilium.io/eBPF Summit 2021https://ebpf.io/summit-2021/Please visit our YouTube Channel to s...2021-06-1935 min
DSO OverflowEp11: From Zero To a DevSecOps HeroLearning or knowing what to study in the field of security is a tough subject in it's own right. Join us with Marcus and Josh where we understand what best practices they follow them.Please visit our YouTube Channel to see Marcus present in our May 2021 Gathering (monthly meet-up).Guest Speakers:Marcus Maxwell:Marcus Maxwell is a Principal Consultant at Contino. He has spent the last 5 years helping large enterprises with building out their Kubernetes clusters, migrating to cloud and most recently with the cloud security programmes. Marcus has given talks b...2021-06-0639 min
DSO OverflowEp10: Security Chaos EngineeringJoin us to explore and learn what is Security Chaos Engineering with two of the leading figures in this field Aaron Reinhart and Kennedy Torkura.If you missed the Gathering watch the meet-up here.References: Aaron ReinhartChaos Engineering: System Resiliency in PracticeSecurity Chaos EngineeringReferences: Kennedy TorkuraSecurity-Chaos-Engineering-for-Cloud-ServicesFrom Dependability to Resilience → Security Chaos Engineering for Cloud ServicesRisk-Driven Fault Injection: Security Chaos Engineering for the Fast & FuriousContact Details:Aaron Reinhart: https://www.linkedin.com/in/aa...2021-05-0952 min
DSO OverflowEp09: DevOps meets SecurityDevOps meets Security.London DevOps meets DevSecOps - London Gathering. https://www.meetup.com/London-DevOps/Speakers Bio:Matt Saunders is a technical operations leader, using Devops and continuous delivery to help teams deliver quality software quickly and efficiently. He is also co-organiser of the London DevOps meetup - a group with over 8,000 members which meets monthly.https://www.linkedin.com/in/msaunders/Marc Cluet is a Senior Partner Solutions Engineer at Hashicorp and has over 25 years of experience in the Industry. Heis one of the organisers of London DevOps which i...2021-04-2439 min
DSO OverflowEp08:Kubernetes Exam CramWe have the pleasure to have Steve Giguere and Michael Foster, the hosts from Clust3rF8ck, to share with us their experience cramming in all the relevant materials to take both the CKA (Kubernetes Administrator) and CKS (Kubernetes Security Specialist) examshttps://www.twitch.tv/clust3rf8ckhttps://www.cncf.io/certification/cka/https://www.cncf.io/certification/cks/Speakers Bio:Steve Giguere is a dedicated DevSecOps community champion, securing cloud native applications. In addition to Clust3rF8ck, he has a podcast called CoSeCast and represents the UK at...2021-04-0547 min
DSO OverflowEp07:Using Rego to define your policiesIn this episode we invited Anders from the Open Policy Agent project and Alex one of the masterminds behind a new opensource project called KICS.OpenSource ProjectsKICS - Keep your Infrastructure as Code Secure: https://kics.io/Styra Academy: https://academy.styra.com/Rego Playground: https://play.openpolicyagent.org/Official Docs: https://www.openpolicyagent.org/docs/latest/OPA Blog: https://blog.openpolicyagent.org/Guest Detailshttps://www.linkedin.com/in/anderseknert/https://www.linkedin.com/in/roichman/2021-02-1835 min
CoSeCast - The Continuous Security PodcastEP2 - Glenn Wilson - What is DevSecOps... The Book?In this episode I speak to Glenn Wilson the author of the recently released (Jan 2021) book entitled...DevSecOps - A leader’s guide to producing secure software without compromising flow, feedback and continuous improvementHe discusses not just the book but his influences, the struggles of writing a technical (but not too technical) book as well as the general state of DevSecOps in 2021.Buy his book here https://www.amazon.co.uk/dp/1781335028/ref=cm_sw_r_tw_dp_ZFG9FbG62WW08About Glenn Wilson:Glenn is a Dev...2021-01-0647 min
DSO OverflowEp06: CheckovIn this episode I have the pleasure of talking to James and Corcoran - two very talented individuals when it comes to Infrastructure as Code as well as all things DevOps; in addition we have Barak the CTO of Bridgecrew the company behind the opensource project - CheckovCheckov details:https://www.checkov.io/1.Introduction/Getting%20Started.html### DevSecOps - London Gathering ###https://dso-lg.comhttps://dso-overflow.comAlso follow us on Twitter: @DevSecOps_LG2020-09-1241 min
DSO OverflowEp05: SemgrepIn this episode I have the pleasure of talking to Clint from R2C - a software security startup from the US. They are championing an open source project called semgrep. I will be exploring what this is and how it is modernising SAST. Semgrep details:https://semgrep.dev/### DevSecOps - London Gathering ###https://dso-lg.comhttps://dso-overflow.comAlso follow us on Twitter: @DevSecOps_LG2020-09-1245 min
DSO OverflowEp04: Secure Delivery PlaybookIn this episode I have invited Stuart and James who are the project leads behind the Secure Delivery Playbook. This is a distilled version of their various client engagements when incorporating security into their development.Secure Delivery Playbook details:https://secure-delivery.playbook.ee/### DevSecOps - London Gathering ###https://dso-lg.comhttps://dso-overflow.comAlso follow us on Twitter: @DevSecOps_LG2020-09-1248 min
DSO OverflowEp03: Experimenting with and adopting AWS Lambda (Matthew Joyce)In this episode, Matthew Joyce shares his experience with taking on AWS Lamdba for one of his projects.Matthew's details:https://www.linkedin.com/in/matthew-joyce-1301772/### DevSecOps - London Gathering ###https://dso-lg.comhttps://dso-overflow.comAlso follow us on Twitter: @DevSecOps_LG2020-05-1726 min
DSO OverflowEp02: Passing a DSO Online Course (Emily Young)In this episode, I speak to Emily Young who has embarked on the Certified DevSeOps Professional online course and the gruelling twelve hour exam.Emily's details:https://www.linkedin.com/in/emily-young-a3a77255/@Ra1nb0wAn4lyst### DevSecOps - London Gathering ###https://www.meetup.com/DevSecOps-London-Gathering/Also follow us on Twitter: @DevSecOps_LG2020-05-1026 min
DSO OverflowEp01: terraform-compliance with Emre ErkuntIn this episode I have the pleasure of talking to Emre Erkunt - he is an independent consultant and the founder of an opensource project called Terraform-Compliance. Look out for the black falcon logo. Stickers available in our next Gathering.Emre's details:https://terraform-compliance.com/@3rkunt### DevSecOps - London Gathering ###https://www.meetup.com/DevSecOps-London-Gathering/Also follow us on Twitter: @DevSecOps_LG2019-11-2427 min