Shows
The DevSecOps Talks Podcast#80 - Understanding Passkeys: Benefits And LimitationsPasskeys are gaining attention as a new way to log in without passwords. How do they work, and how do they compare to traditional multi-factor authentication (MFA)? In this episode, we explore the history of passwords, the strengths and weaknesses of common MFA methods, and the potential of passkeys to enhance security. What threats do passkeys mitigate, and what still remain?
Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners.
2025-05-2136 minThe DevSecOps Talks Podcast#79 - Going Local: What’S Driving The Move?Andrey, Paulina, and Mattias kick off a miniseries on European infrastructure. We talk about infrastructure providers' options across Europe, ask what really drives the move away from hyperscalers, and wonder whether the trade-offs make sense for most teams.
Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners.
2025-04-2320 minThe DevSecOps Talks Podcast#78 - Building AI Tools For IaC ComplianceIn this guest episode, we chat with Davlet Dzhakishev, co-founder of Cloudgeni, who’s working on an AI-powered approach to fixing compliance issues in IaC. What’s the state of tools in this space? Where does his idea fit in? And how should we think about the relationship between compliance and security?
Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners.
2025-04-0941 minThe DevSecOps Talks Podcast#77 - Chaos Engineering Explained: Part 2Part two of our chaos engineering series is here! Join Andrey, Mattias, and Paulina as they talk through practical strategies for chaos engineering. Who should do it? How can you start? And what are the essential prerequisites?
Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners.
2025-03-2634 minThe DevSecOps Talks Podcast#76 - Chaos Engineering Explained: Part 1Chaos engineering—is it really chaos, or something more structured? Andrey, Paulina, and Mattias talk about what chaos engineering means, how it started, and why you might already be using it unintentionally.
Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners.
2025-03-1126 minThe DevSecOps Talks Podcast#75 - Learning from the Crisis: Post-Incident ActionsThis is the final episode of our three-part series on incident response. We focus on what happens after the dust settles. How do you learn from what went wrong and avoid repeating it? Tune in to hear our top recommendations.
Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners.
2025-02-2724 minThe DevSecOps Talks Podcast#74 - From Preparation To Execution: Handling An Active IncidentWhat keeps an incident from spiraling out of control? How can you organize your team on the spot? We continue our series on incident response, moving from preparation to real-time actions. Mattias shares key points from his course. Listen to learn how we handle incidents step by step.
Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners.
2025-02-1027 minThe DevSecOps Talks Podcast#73 - Incident Response: Key Preparations You NeedIncident response can be complex, but where do you start? Andrey, Mattias, and Paulina dive into the preparation steps you need to take. Mattias shares his expertise from teaching an incident response course. What’s their top recommendation? Listen and find out!
Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners.
2025-01-2238 minThe DevSecOps Talks Podcast#72 - AWS Resource Control Policies (RCPs)We are looking into recently announced AWS Resource Control Policies. What are they? How are they different from Service Control Policies? What is a Data Perimeter? Tune in to find out!
Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners.
2025-01-1421 minThe DevSecOps Talks Podcast#71 - Unpacking The Dora Accelerate State Of Devops ReportIn this episode, Andrey, Mattias, and Paulina break down the new DORA Accelerate State of DevOps report. What’s changed since the last report? What do these insights mean for your team? Tune in for our insightful conversation!
Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners.
2024-12-2040 minThe DevSecOps Talks Podcast#70 - System Initiative Goes GaAndrey, Mattias, and Paulina are joined by Paul Stack, an IaC tools developer and a frequent guest on the show. He’s back to discuss the general availability of System Initiative and share what has changed since his last visit when they talked about the early beta of the tool. Will this be a revolution or evolution in Infrastructure as Code tooling? Do we really need collaborative infrastructure management tools? Tune in to find out!
Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer any questions, hear sugg...2024-11-2840 minThe DevSecOps Talks Podcast#69 - Who Is Paulina?Join Andrey and Mattias as they sit down with Paulina Dubas, an independent DevOps consultant and public speaker. Who is Paulina, and what experiences does she bring to the table? What topics particularly resonate with her? Tune in to learn more about Paulina since we have a feeling that she is here to stay
Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners.
2024-11-0842 minThe DevSecOps Talks Podcast#68 - Julien’s Last Episode?Julien shares big news with co-hosts Mattias and Andrey. What led to his decision to step down? And what does the future hold for him? Tune in for the off-boarding interview as we look back at the past four years and 60+ episodes we did together!
Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners.
2024-10-1727 minThe DevSecOps Talks Podcast#67 - Building MVP On AWSJoin Andrey, Julien, and Mattias in this episode of DevSecOps Talks as they delve into building Minimum Viable Products (MVPs) and selecting the best solutions for them. Andrey goes first and, as an AWS consultant, kicks off the discussion by outlining his preferred AWS services for MVP development.
Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners.
2024-10-0329 minThe DevSecOps Talks Podcast#66 - Multi-Account Strategy And Landing Zones: Account Segmentation Approaches For Security And Efficiency On AWSIn this episode of DevSecOps Talks, co-hosts Andrey, Julien, and Mattias are joined by AWS Consultant Fernando Gonçalves to explore the complexities of AWS organization and account segmentation. Get insights into the debate over development, stage, and production accounts versus micro-segmentation. Don’t miss Julien's take on why he believes staging is a waste of time and money, as well as Fernando’s explanation of what the AWS Landing Zone is. Learn about the tools provided by AWS for multi-account management and the pros and cons of various account segmentation approaches.
Connect with us on LinkedIn or Twi...2024-05-2758 minThe DevSecOps Talks Podcast#65 - Understanding Nats: An Explainer Of Its Features And CapabilitiesJoin Andrey, Julien, and Mattias in this episode of DevSecOps Talks as they discuss Nats.io, a messaging system popular among people building on top of Kubernetes. Julien explains how Nats is different from Kafka and shares his personal experience with the product. The hosts discuss the various use cases of Nats and explore its features and capabilities. Tune in to find out if Nats is the right messaging system for you!
Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer any questions, hear suggestions for new ep...2024-05-0737 minThe DevSecOps Talks PodcastDEVSECOPS Talks #64 - From Terraform To Opentofu: Story From The TrenchesIn this episode of DevSecOps Talks, Andrey and Mattias are joined by Timur Bublik, Platform Engineering Lead at TIER Mobility. As always, it's practitioners for practitioners as they discuss the migration from Terraform to OpenTofu, TACOS tools, and how SpaceLift is used in Timur's organization. Listen in as they dive into their three favorite features of SpaceLift and how TACOS tools like SpaceLift fit into the classic CI/CD pipeline.
Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer any questions, hear suggestions for new episodes, or he...2024-04-1139 minThe DevSecOps Talks PodcastDEVSECOPS Talks #63 - Yet Another AI EpisodeJulien has returned with some exciting AI news. A startup has made the bold claim that they are capable of building AI software engineer. Andrey shares details about another startup that generates infrastructure based on application source code. He also mentions his upcoming talk on the use of LLM-based tools. We also discuss how individuals can stay ahead of the curve and be prepared for changes in their work life.
Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer any questions, hear suggestions for new episodes, or he...2024-03-1434 minThe DevSecOps Talks PodcastDEVSECOPS Talks #62 - The DevSecOps Perspective: Key Takeaways From Re:Invent 2023In this episode of DevSecOps Talks, Andrey and Mattias discuss the latest announcements from re:Invent 2023 that are most relevant to DevSecOps practitioners. Which announcements are worth paying attention to? What are the implications for the DevSecOps community? Join us as we dive into the latest developments from AWS.
Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners.
2024-03-0233 minThe DevSecOps Talks PodcastDEVSECOPS Talks #61 - GitHub Actions And Evolution Of CI/CD ToolsAndrey has been exploring GitHub Actions and has some insights to share. How have CI/CD solutions transformed over time, and what innovations do GitHub Actions bring to the table? Julien drops a few tools that could be useful for GitHub Actions users.
Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners.
2024-02-0846 minThe DevSecOps Talks PodcastDEVSECOPS Talks #60 - ChatGPT Anniversary: Where Are We With AI In Our Everyday WorkWelcome to the first DevSecOps Talks episode of the new year! It's been a whole year since ChatGPT hit the scene – but how has AI adoption shaped our world since then? Join Julien, Mattias, and Andrey as they dive into the impact of AI on their workflows. How have their daily tech tools and practices evolved with AI integration? Plus, Julien gives us an insider's look at running models locally. Are these AI tools enhancing our efficiency? Tune in to find out how these advancements are reshaping the landscape of DevSecOps.
Connect with us on Lin...2024-01-2541 minThe DevSecOps Talks PodcastDEVSECOPS Talks #59 - Migration Off The Cloud: To Leave or Not to Leave?Is the grass greener outside the cloud? This episode dives into the trend of companies (notably Hey and Dropbox) migrating away from cloud services. Why are they leaving, and who would benefit from such a move? We also scrutinize the common belief that public clouds are overly expensive. Join us as we dissect various cloud cost optimization tools and techniques.
Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners.
2024-01-1629 minThe DevSecOps Talks PodcastDEVSECOPS Talks #58 - AWS CDK with Igor SorokaYou know our fondness for Terraform, but we are also open to exploring other tools. This episode is no different. We are joined by Igor Soroka, an expert in AWS serverless technology whose tool of choice is AWS CDK, but at the same time, he is no stranger to Terraform. We ask him practical questions about the tool and get answers based on his experience applying it to real-life projects. If you have been curious about CDK, how it functions, and if it's appropriate for you, then tune in to learn more.
Connect with us on LinkedIn...2023-12-2840 minThe DevSecOps Talks PodcastDEVSECOPS Talks #57 - Terraform Best Practices with Ben GoodmanIn this episode, Mattias is joined by Ben Goodman, the founder of dragondrop.cloud, a platform that offers Terraform Best Practices as a Pull Request. They discuss the best workflows for Terraform, open-source tools that can be used in conjunction with Terraform, the most effective best practices, and common pitfalls to avoid when implementing infrastructure as code using Terraform.
Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners.
2023-11-2336 minThe DevSecOps Talks PodcastDEVSECOPS Talks #56 - Backstage and Internal Development Platforms (IDP)In this episode of DevSecOps Talks, join Andrey, Julien, and Mattias as they dive into the world of Backstage, the notable internal development platform. Mattias is keen to peel back the layers and understand what makes people think of Backstage as a must-have in modern DevOps toolchains. Andrey highlights the platform's core feature: a comprehensive registry that keeps track of every software service running within a company. Could this signify a revival of IT change management, but with a twist? We've moved on from the days of cumbersome ticketing systems to streamlined internal development platforms. The team also ponders...2023-11-0836 minThe DevSecOps Talks PodcastDEVSECOPS Talks #55 - Unpacking System Initiative with Paul StackOur dialogue with Paul Stack resumes on DevSecOps Talks, almost two years after our initial podcast about his work on Pulumi (episode 25). As a warm-up, we talk about what prompted his move from Pulumi and his take on Open Terraform drama. The main topic of the episode is Paul's current focus, System Initiative; we probe into its purpose, the progress so far, and the promise it holds for redefining how we think of doing Infrastructure as Code and DevSecOps workflows in general.
Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/ab...2023-10-1757 minThe DevSecOps Talks PodcastDEVSECOPS Talks #54 - HashiCorp’s BSL Move and OpenTF: What DevSecOps Practitioners Need to KnowIn this episode of DevSecOps Talks, we dive deep into HashiCorp's recent shift to the Business Source License and its implications. Join Andrey, Julien, and Mattias as they unpack what this means for practitioners and explore the timeline of OpenTF initiative. Stay informed about what comes ahead with our latest discussion. Tune in!
Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer any questions, hear suggestions for new episodes or hear from you, our listeners.
2023-09-1433 minThe DevSecOps Talks PodcastDEVSECOPS Talks #53 - Open Software Supply Chain Attack Reference Framework with NeatsunWe had the opportunity to talk with Neatsun Ziv, one of the founders of Ox Security, about the Open Source Software Supply Chain Attack Reference Framework (https://pbom.dev). We delved deeper into possible attack vectors and explored ways to mitigate some of them. During our discussions, we also had a couple of unusual takes on supply chain security. If you are looking to understand the Open Source Software Supply Chain, then this episode is perfect for you.
Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer a...2023-08-0149 minThe DevSecOps Talks PodcastDEVSECOPS Talks #52 - Lingon a.k.a Juliens and Jacobs open source project
This time we got to talk about Lingon, an open-source project developed by Julian and Jacob who is a frequent podcast guest. Discover the motivations behind Lingon's creation and how it bridges the gap between Terraform and Kubernetes. Learn how Lingon simplifies infrastructure management, tackles frustrations with YAML and HCL, and offers greater control and automation.
Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer any questions, hear suggestions for new episodes or hear from you, our listeners.
2023-07-1337 minThe DevSecOps Talks PodcastDEVSECOPS Talks #51 - Provisioning bare-metal serversDiving into the world of bare-metal servers, Mattias takes the helm solo for this episode. He's accompanied by special guests Michael Wagner and Ian Evans from Metify, the company that powers Mojo - a leading platform for bare-metal provisioning automation.
While we often chat about the big cloud service providers, this time we're switching gears. If you've been curious about how real-world, physical servers are set up and managed, this episode is just for you. Join Mattias, Michael, and Ian as they dive into the nuts and bolts of setting up servers - a topic that Mattias...2023-06-3048 minThe DevSecOps Talks PodcastDEVSECOPS Talks #50 - History of AWS networking and new ways to design your VPC setupIn this episode, we discuss the evolution of AWS networking capabilities from EC2-classic to VPC and advanced networking features. Andrey highlights that while many companies only use VPC and VPC peerings, there are lesser-known features that can significantly change how we approach networking setups on AWS.
Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer any questions, hear suggestions for new episodes or hear from you, our listeners.
2023-05-1831 minThe DevSecOps Talks PodcastDEVSECOPS Talks #49 - Password managers, ways to share sensitive info, email aliases, ChatGPT and much moreThis is a mixed bag of an episode, we chat about all sorts of digital tools and security practices that we use in our day-to-day lives. We start by talking about password managers, and why Julien still using LastPass after the recent LastPass data breach. Julien gives us the lowdown on his personal approach to handling passwords and two-factor authentication (2FA) tokens, showing us why strong security measures matter.
Julien also shares his favorite email alias service and we discuss services for sharing sensitive information to keep mail inboxes cleaner and more private.
We also...2023-04-1252 minThe DevSecOps Talks PodcastDEVSECOPS Talks #48 - Building Data PlatformsJulien has extensive experience building data platforms for data engineering, so we got him talking and sharing. If infra for data engineering is your cup of tea, then this episode is for you.
Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer your questions, hear suggestions for new episodes or just hear from you, our listeners.
2023-03-0846 minThe DevSecOps Talks PodcastDEVSECOPS Talks #47 - Tracing explainedWe discussed tracing before but never got around to explaining details such as fundamentals, terminology, etc. This time Julien goes into detail about what tracing is, what the benefits are, the basic terms you need to understand, and where to start. Great episode for those who are considering adding tracing capabilities to their systems.
Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer your questions, hear suggestions for new episodes or just hear from you, our listeners.
2023-02-0730 minThe DevSecOps Talks PodcastDEVSECOPS Talks #46 - Software supply chain attacksWe are happy to welcome back Jacob Lärfors, CEO and Senior Consultant from Verifa, to talk about software supply chain attacks. It feels important to raise this topic since those attacks start to be utilized more often by sophisticated adversaries. At the same time, software supply chain security is something that companies often overlook. We as practitioners have so many things to consider and do that, in most cases, we do not have enough cognitive capacity left when looking into our library sources. What are the things we need to be aware of, and what are the low-hanging f...2022-12-0150 minThe DevSecOps Talks PodcastDEVSECOPS Talks #45 - What is happening with Docker?Have you heard any recent news from Docker? We haven't. That is why we decided to check up on Docker to see how it is doing and go through the tool's history and adoption. Clueless about the difference between Docker, Containerd, CRI-O? We got you covered. Also, we will highlight a couple of new handy capabilities added recently.
Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer your questions, hear suggestions for new episodes or just hear from you, our listeners.
2022-11-0255 minThe DevSecOps Talks PodcastDEVSECOPS Talks #44 - Kosli with Mike Long. From compliance to answering questions about the production environmentWe are excited about the new breed of tools coming to the market. We often had to put together tools to find out what was in production and what broke it. Your monitoring tools go as far as only telling you that something isn't working as expected but not why it is so, and then you have to scramble to figure out what versions of services are in production, were there any recent deploys, etc. So you can understand what has changed to narrow down possible causes. Our good friend Mike and his team are building the tool to...2022-09-0146 minThe DevSecOps Talks PodcastDEVSECOPS Talks #43 - Terraform 1.0 to 1.3.0. One year in reviewWe are discussing what has happened in Terraform world since the 1.0 release last year and if there are new features worth mentioning, trends in Terraform development, etc. As well as doing a recap of the road to 1.0 and how long it took us to get there.
Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer your questions, hear suggestions for new episodes or just hear from you, our listeners.
2022-06-2837 minThe DevSecOps Talks PodcastDEVSECOPS Talks #42 - Prometheus - a practitioner takeIf you follow CloudNative hype wave, you might feel that Prometheus is the must-use monitoring tool for everything CloudNative. Plus, almost everything nowadays has a Prometheus exporter. Just get that helm chart installed, and here you go - metrics question sorted out. Want to monitor endpoints - here is BlackBox exporter for you. Want to get notifications - AlertManager got you covered. And so on and so on. But is it all rainbows and unicorns? You probably guessed that it depends. This time, Semyon is joining us to air his grievances with Prometheus and share insights on how to...2022-05-1951 minThe DevSecOps Talks PodcastDEVSECOPS Talks #41 - Great communication FTWCommunication in co-located teams is quite often complicated. It is even more complex and, at the same time, important in distributed teams. Have you ever got an issue report that says this thing is failing? No logs, no explanation of context, no nothing. Pretty sure we've all been in such situations. How do you step up your communication game? This episode of DevSecOps Talks is about great communication tips for DevSecOps practitioners in distributed (and not only) teams.
Connect with us on LinkedIn or Twitter https://devsecops.fm/about/ and tell us about your questions, and...2022-04-2640 minThe DevSecOps Talks PodcastDEVSECOPS Talks #40 - Web3 and its implications for DevSecOps practitionersweb3 has gotten a lot of attention lately; thus, it is time for us to separate facts from the hype.
In this episode, we are trying to understand its implications for us as DevSecOps practitioners.
Connect with us on LinkedIn or Twitter https://devsecops.fm/about/ and tell us about your questions, and we will answer them in the show.
2022-03-2343 minThe DevSecOps Talks PodcastDEVSECOPS Talks #39 - Setting up tools and environmentsAndrey feels frustrated that he has to develop a way to configure environments for every customer. Think for yourself - you arrive at a new project or company. It is day one, and you need to get the right tools as well as the correct environment configuration. During this episode, we are trying to figure out how companies solve it. And is there a standard solution? What are the options?
Connect with us on LinkedIn or Twitter https://devsecops.fm/about/ and tell us about your questions, and we will answer them in the show.
2022-02-0727 minThe DevSecOps Talks PodcastDEVSECOPS Talks #38 - Platform teams with Henrik
Henrik Hoegh is back to talk about his experiences working in the platform team at his new job, but before that, we are getting through the following topics:
- bash is the future of automation (not really, but some people think so)
- building multi-cloud solutions using k8s and service mesh solutions
- Shuttle - CLI for handling shared build and deploy tools between projects no matter what technologies the projects are using https://github.com/lunarway/shuttle
- when is it the time to start looking into the building application delivery platform
- platform team as an enabler...2022-01-241h 02The DevSecOps Talks PodcastDEVSECOPS Talks #37 - Surviving AWS outage (revised for 2021)us-east-1 will never go down, and if it would, half of the internet would go down. It is what people used to say. So, us-east-1 went down big time. What does it mean for us as practitioners? What should we consider going forward? In this episode, we talk through the incident and disaster recovery strategies you can consider to keep your company up
Connect with us on LinkedIn or Twitter https://devsecops.fm/about/ and tell us about your questions, and we will answer them in the show.
2022-01-0733 minThe DevSecOps Talks PodcastDEVSECOPS Talks #36 - Sturdy. Is it time for a new version control tool?We have had Git around for more than 15 years, and during that time, it has become a standard de-facto to share code and track code changes. While Git is a superior version control system to most of what we have seen before, it has been 15 years since the first release. Should we be looking for new ways to approach version control systems? Is the time right for the next generation of tools in this area?
Connect with us on LinkedIn or Twitter https://devsecops.fm/about/ and tell us about your questions, and we will ans...2021-12-0743 minThe DevSecOps Talks PodcastDEVSECOPS Talks #35 - Infrastructure as code (IAC) revisited 2021Our first episode was about Infrastructure as code, and we feel that it is time to revisit the topic after almost two years. Another reason is the release of the second edition of Infrastructure as Code book by Keif Morris. Thus, in this episode, we revisit the definition of Infrastructure as code and try to summarize what has changed over the years. We hope you like it!
Connect with us on LinkedIn or Twitter https://devsecops.fm/about/ and tell us about your questions, and we will answer them in the show.
2021-11-1638 minThe DevSecOps Talks PodcastDEVSECOPS Talks #34 - Google Next and HashiConf recapJulien gives his impressions of Google Cloud Next 2021, and Andrey recaps HashiConf Global 2021 as well as gives his take with the twist on why do we might need HashiCorp Waypoint
Connect with us on LinkedIn or Twitter https://devsecops.fm/about/ and tell us about your questions, and we will answer them in the show.
2021-11-0236 minThe DevSecOps Talks PodcastDEVSECOPS Talks #33 - Do I need a service mesh?Everyone seems to be talking about service mesh. Mattias, Julien, and Andrey are trying to separate hype and real value. Most importantly, they dig into when is the good time for the organization is to embrace service mesh and what are the prerequisites
Connect with us on LinkedIn or Twitter https://devsecops.fm/about/ and tell us about your questions, and we will answer them in the show.
2021-09-3028 minThe DevSecOps Talks PodcastDEVSECOPS Talks #32 - Getting hired as an infrastructure automation personAs a follow-up to the [last episode about hiring an infrastructure automation person](https://devsecops.fm/episodes/31-hiring/) we decided to reverse the view and talk about how do you get hired as an infrastructure automation person. This episode is full of career advice for people who are just only from university as well as people who already have experience in the industry.
Connect with us on LinkedIn or Twitter https://devsecops.fm/about/ and tell us about your questions, and we will answer them in the show.
2021-09-1325 minThe DevSecOps Talks PodcastDEVSECOPS Talks #31 - Hiring an infrastructure automation person
Have you ever conducted an interview to hire an infrastructure automation person? What would you ask? How do you check their skills? And what skills are essential? Tune in for our tips on hiring and finding the right person for your team!
Connect with us on LinkedIn or Twitter https://devsecops.fm/about/ and tell us about your questions, and we will answer them in the show.
2021-08-2432 minThe DevSecOps Talks PodcastDEVSECOPS Talks #30 - Logs, metrics and tracesLogs, metrics, and traces are the three pillars of observability. Where should you start? What are the common mistakes to avoid? And if you are to pick one - which one should you do?
Connect with us on LinkedIn or Twitter https://devsecops.fm/about/ and tell us about your questions, and we will answer them in the show.
2021-06-2332 minThe DevSecOps Talks PodcastDEVSECOPS Talks #29 -Unikernels are hereThis time we are talking unikernles! Ian Eyberg from NanoVMs joins us to discuss how far this technology is from prime time. And it turns out that you don't have to be a kernel developer to take advantage of unikernes. Today, there are tools available to package, distribute, and run them locally as well as in the public cloud. While talking to Ian, it felt that the state of the technology is very similar to Linux containers at the beginning of 2010x, just before Docker made Linux containers available for everyone.
Connect with us on LinkedIn or...2021-05-1947 minThe DevSecOps Talks PodcastDEVSECOPS Talks #28 - Scaling SecurityThe real cloud lock-in is security! Every service/cloud provider has its own levels of granularity regarding resources. Cloud engineering is mainly about compute, storage, and networking and how to make them scale. Scaling security is often left out as it is hard to measure on so many levels.
We think that it is a myth and that we can measure how many steps it takes to add, modify or remove access rights. It all starts with monitoring, knowing what is there in a cloud infrastructure is a very good first step. By making it easy to...2021-05-0436 minThe DevSecOps Talks PodcastDEVSECOPS Talks #27 - AWS Bottlerocket - Open Source Contrainer OS from AWS. ExplainedAWS released AWS Bottlerocket OS in March of 2020, and version 1.0.0 got released in August 2020.
What is it? Should you be using it? What are the benefits?
Is it ready for prime time? We answer all of those questions during this episode of DevSecOps Talks. Tune in!
Connect with us on LinkedIn or Twitter https://devsecops.fm/about/ and tell us about your questions, and we will answer them in the show.
Visit https://devsecops.fm to see show notes and https://gitter.im/devsecopstalks/community to join a discussion.
2021-04-1241 minThe DevSecOps Talks PodcastDEVSECOPS Talks #26 - Git Branching Strategies. Do's and Don'tsJohan Abildskov (@RandomSort, see episode 6) is back, and we are talking branching strategies! In particular, why you shouldn't be doing git-flow, and what are other options out there. This conversation takes us down memory lane to a more broad discussion about version control systems, mono-repositories, continuous integration, and delivery. We hope you will like it!
Connect with us on LinkedIn or Twitter https://devsecops.fm/about/ and tell us about your questions, and we will answer them in the show.
Visit https://devsecops.fm to see show notes and https://gitter.im/devsecopstalks/community to...2021-03-2944 minThe DevSecOps Talks PodcastDEVSECOPS Talks #25 -All The Things You Wanted To Know About Pulumi. ExplainedThis time we are joined by Paul Stack (@stack72, Pulumi developer, former Terraform developer) and podcast friend Jacob Lärfors to talk about
- what is Pulumi is?
- understand the difference between Pulumi vs. Terraform (and if we should compare them at all)
- What is hard about Pulumi?
- What people ask the most? What are the common confusions?
- Cross-language infra libraries? How is it even possible?!
- Is there a possibility of a supply chain attack via Pulumi library?
Connect with u...2021-03-1254 minThe DevSecOps Talks PodcastDEVSECOPS Talks #24 - Ways To Protect Yourself From Data Breaches And Mitigate ConsequencesLast week (week 6, 2021), seven data breaches were announced. In this episode, we discuss the possible scenarios for preventing attackers from getting a hold of your data, whether private or company data. And tips on how to mitigate the consequences of data leaks in cases when you have no control over data management (think of breach of 3rd party service).
Connect with us on LinkedIn or Twitter https://devsecops.fm/about/ and tell us about your questions, and we will answer them in the show.
Visit https://devsecops.fm to see show notes and h...2021-02-2236 minThe DevSecOps Talks PodcastDEVSECOPS Talks #23 - How Do We Run Kubernetes In The Cloud?How do you run Kubernetes in the cloud? Still using Kops? Or is it time to jump to the managed offerings?
We go through the list of things you might be missing out on if not yet using a managed solution.
Also, in this episode - what do you always configure in the k8s cluster? CNI, Ingress, IAM, and even more!
Visit https://devsecops.fm to see show notes and https://gitter.im/devsecopstalks/community to join a discussion
2021-02-0536 minThe DevSecOps Talks PodcastDEVSECOPS Talks #22 - Who are Mattias, Julien and Andrey?It's been almost a year since we started the podcast, but we never took time to explain who we are and what problems we solve for our customers/employers. So in this episode, you will find more details about us and, as usual, references to useful tools, talks, and techniques.
Visit https://devsecops.fm to see show notes and https://gitter.im/devsecopstalks/community to join a discussion
2021-01-2229 minThe DevSecOps Talks PodcastDEVSECOPS Talks #21 - Surviving AWS OutageAWS had a severe incident at the end of November. Kinesis in us-east-1 went dark for quite some time, and a ripple effect caused degradation of other services like CloudWatch, ECS, and others.
As a Cloud Engineering practitioner, how do you get yourself and your organization ready for a such turn of events?
Visit https://devsecops.fm to see show notes and https://gitter.im/devsecopstalks/community to join a discussion
2021-01-0534 minThe DevSecOps Talks PodcastDEVSECOPS Talks #20-2020 - Monitoring Done Wrong or Dreaming For A Better MonitoringAndrey wants monitoring to be more magical, or does he want a wrong thing? What are the sane defaults? And why do we have to set up boilerplate monitoring again and again?
Mattias shares what he does for monitoring security events.
Julien explains why using logs to debug in a microservices architecture is costly and inefficient.
Visit https://devsecops.fm to see show notes and https://gitter.im/devsecopstalks/community to join a discussion
2020-12-0731 minThe DevSecOps Talks PodcastDEVSECOPS Talks #19-2020 - Deleting Resources In The CloudHow to decommission resources from your cloud environment to keep it clean?
What to do when a resource is created without being in the infrastructure code?
Andrey is going through a checklist he uses to delete resources and the utility serverless functions he wrote.
ArgoCD is a project that does GitOps and automatically delete resources in Kubernetes namespaces if they are not defined.
We talked about the different layers of abstraction for infrastructure as code and where it makes sense to have a terraform controller in a Kubernetes cluster to manage...2020-11-2331 minThe DevSecOps Talks PodcastDEVSECOPS Talks #18-2020 - HashiConf SpecialInitially, we planned this episode as a discussion about HashiCorp Nomad and invited Jacob Lärfors. He recently published a great article about his experience working with Nomad (see link in the show notes). However, because of a few postponements, and with HashiConf that happened just a week ago, we decided to extend the podcast’s scope to go over all of the announcements that they did during the conference. So here it is - HashiConf special: all you need to know about everything that HashiCorp announced during the conference plus a discussion about Nomad!
Visit https://dev...2020-10-2649 minThe DevSecOps Talks PodcastDEVSECOPS Talks #17-2020 - Best Practices for Building Docker ImagesThis is the first episode in the new format - 30 minutes short and crisp episodes, i.e., less water and side discussions, focusing on the topic, duration under (well, almost under) 30 minutes. We hope you like it!
The topic of this episode is building docker images - automation, security, best practices.
In this episode, we discuss:
Saving money with T3a family
Building Docker images locally and in CI
Setting up deamonless Docker builds for CI and k8s
Using multistage builds to keep your images nice and clean as we...2020-10-1333 minThe DevSecOps Talks PodcastDEVSECOPS Talks #16-2020 - Do you need a staging environment?In this episode, we discuss options for splitting your deployment stages.
We hear people coming up with all possible type of environments - dev, test/QA, integration, stage, prod, etc
How many do you actually need? What is the reason for having all those stages?
Maybe do you need less? Why not deploy directly to production using some fancy technique?
Put it simply - stage or not to stage?
Visit https://devsecops.fm to see show notes and https://gitter.im/devsecopstalks/community to join a discussion
2020-09-2949 minThe DevSecOps Talks PodcastDEVSECOPS Talks #15-2020 - Remote Work SecurityLet's talk about security in the era of remote work. Most of us have experienced a flaky VPN connection.
What are the alternatives? SSH certificates? Yubikey?
We discussed various topics around security inside a cluster and outside.
Visit https://devsecops.fm to see show notes and https://gitter.im/devsecopstalks/community to join a discussion
2020-09-1750 minThe DevSecOps Talks PodcastDEVSECOPS Talks #14-2020 - Theory of constraintThis time, we are joined by Henrik Høegh who shares his unique perspective on applying the theory of constraint to IT transformation as well as how it applies in the world of Cloud Native. We go back to the origin of DevOps, discussing the various problems companies are facing when transforming their organizations and adopting cultural changes.
Visit https://devsecops.fm to see show notes and https://gitter.im/devsecopstalks/community to join a discussion
2020-08-3159 minThe DevSecOps Talks PodcastDEVSECOPS Talks #13-2020 - All you need to know about setting up HashiCorp VaultMattias wants to setup HashiCorp Vault and quizzes Andrey how to do that.
We cover a lot of ground - from basic Vault concepts to setting it up and hardening.
2020-08-1852 minThe DevSecOps Talks PodcastDEVSECOPS Talks #12-2020 - Scale and ScalingJulien and Andrey got together to define the scale and ways to automate the scaling of your infrastructure in response to changes in load patterns.
What are the prerequisites implementing scaling? What is cooling down, warm up, horizontal and vertical scaling, scale-up, and scale in? What are the metrics that could be useful for making scaling decisions?
And last but not least, the very unexpected spin that Julien gives to the conversation.
Visit https://devsecops.fm to see show notes and https://gitter.im/devsecopstalks/community to join a discussion
2020-08-0354 minThe DevSecOps Talks PodcastDEVSECOPS Talks #11-2020 - AWS Security Maturity Roadmap 2020This time we are discussing the white paper by Summit Route - AWS Security Maturity Roadmap 2020. Tune in to learn more about the white paper and recommendations that we pile up on top of it.
To view show notes visit https://devsecops.fm
Chat with hosts and suggest topics for upcoming episodes at our Gitter channel https://gitter.im/devsecopstalks/community
2020-07-1056 minThe DevSecOps Talks PodcastDEVSECOPS Talks #10-2020 - Are we wrong about Terragrunt?Our guest speaker is Anton Babenko
he is DevSecOps Talks podcast fan, AWS Community Hero, Terraform fanatic, HashiCorp Ambassador and a prolific open source contributor.
After listening to episode #9 Terraform in CI and #1 Infrastructure as code,
Anton decided that enough is enough and volunteered to give his point of view on Terragrunt since he though that we are missing a few important points.
In this episode, we are discussing the use cases of Terragrunt,
a wrapper around Terraform for working with multiple environment and modules.
2020-06-2652 minThe DevSecOps Talks PodcastDEVSECOPS Talks #9-2020 - Terraform in CIHow do you start to implement a CI pipeline when dealing with infrastructure as code implemented via Terraform? What are the security concerns when the credentials to the whole kingdom are used in an automated process? In this episode, we discuss the various security and feasibility aspects of using Terraform in a CI pipeline.
We start the episode by catching up with what we’ve been working on. Feel free to skip to 11:52 if you want to go directly to the topic. Having an automated process to deploy and manage infrastructure has advantages such as fast feedback an...2020-06-0651 minThe DevSecOps Talks PodcastDEVSECOPS Talks #8-2020 - DevOps WhatAndrey tells us the story of how DevOps came into existence and took over the market. We discuss the marketing around it, its relationship with DevSecOps. We tried to shed a light on what is marketing strategy versus implementing DevOps in an organization. We also compared DevOps to SRE (Site Reliability Engineering)
2020-05-2553 minThe DevSecOps Talks PodcastDEVSECOPS Talks #7-2020 - How do we learnIn this episode, Mattias, Julien, and Andrey share tips and tricks on how to stay on top of what is going on in the industry, resources they use for continuous learning. Make sure to visit devsecops.fm to check out show notes that contain references to resources mentioned during discussion and more
2020-05-0646 minThe DevSecOps Talks PodcastDEVSECOPS Talks #6-2020 - SemVer or not to SemVerThis time Johan Abildskov, a Senior Consultant with Praqma/Eficode, joins us to talk about SemVer (Semantic Versioning), and we finally get to hear what Julien has to say about it. We get to explore different options regarding versioning and how it helps humans communicate. At the end of the podcast, everyone gets to share their approach and recommendations for versioning things.
2020-05-061h 01The DevSecOps Talks PodcastDEVSECOPS Talks #5-2020 - What we have been working onWe had a couple of possible topics for this episode but before getting started with them we decided to discuss what technological problems we were solving during the last two weeks. Well, turns out there was quite a lot to discuss. Tune in for tips on ssh session logging on the ssh server, preventing downloads from AWS S3 even if you got read access, credentials in Git repository 🤦, why you should (or should not) do K8S and more.
2020-04-071h 00The DevSecOps Talks PodcastDEVSECOPS Talks #4-2020 - Is docker more secure then VMIn this episode Mattias is trying to convince that running docker in k8s is more security then VM. Did he success ? listen and find out.
2020-03-2655 minThe DevSecOps Talks PodcastDEVSECOPS Talks #3-2020 - Docker securing buildsYour docker images and build are be coming the base for our platform. But are they secure? In this episode we talk about how you can secure your docker images.
2020-03-2037 minThe DevSecOps Talks PodcastDEVSECOPS Talks #2-2020 - GitOpsGitops a new concept on devops. Whats is it and how can you use it when deploy and setup your k8s cluster.
2020-03-2018 minThe DevSecOps Talks PodcastDEVSECOPS Talks #1-2020 - Infra as codeAre infra as code always the best way to go and if not when and where should you use it. Here we are trying to better understand when its god to use and when its not.
2020-03-1950 min