Shows
Franklin Matters RadioFM #1423 - School Cmte - Policy Subcmte Mtg - 04/08/25This session shares the Franklin (MA) School Committee Policy Subcmte meeting held on Tuesday, April 8, 2025. All 3 members participated, Chair O’Sullivan, members Callaghan, McNeill. Supt Giguere, Ops Director Boisvert, and Dr Rogers representing the Central Office.Quick recap:Supt Giguere sets the stage with some background on how this topic has developed during the redistricting efforts first updated in Dec 2024, then in Jan 2025 to act on the notification to Police, Fire, and DESE on the temporary naming of the new schools operating in the buildings that remained operational in the DistrictSome members of the community have mis...2025-04-1054 minFranklin Matters RadioFM #1404 - Joint Budget Listening Session #6 - 03/12/25This session shares the last of the 6 Joint Budget Listening Sessions held Wednesday, March 12, 2025 at the FHS Auditorium. 10 of the 11 members participated along with Town Administrator Jamie Hellen & School Supt Lucas Giguere.Quick recap:Brief statements by TA Hellen and Supt Giguere opened the session before going to the audience for questions and comments. Approx 100 folks in the audience this evening, a mix of town staff, school dept and teachers, and residents10 members of the Joint Budget Subcmte present on the stage along with Town Administrator Jamie Hellen and School Superintendent Lucas GiguereA dozen folks asked q...2025-03-143h 18Franklin Matters RadioFM #1400 - Joint Budget Subcmte Listening Session #5 - 03/08/25This session shares the Joint Budget Listening Session held Saturday, March 8, 2025 Council Chambers. 8 of the 10 members participated along with Town Administrator Jamie Hellen & School Supt Lucas Giguere.Brief statements by TA Hellen and Supt Giguere opened the session before going to the audience for questions and comments. More than 14 folks stepped up to comment or ask a question, some multiple questions. Felicia Oti, Library Director spoke to the work being done by the Library.Link to the Town page with the budget materials for both Town and School sides https://www.franklinma.gov/Archive.aspx...2025-03-102h 07Franklin Matters RadioFM #1393 - Joint Budget Listening Session #4 - 03/04/25This session shares the Joint Budget Listening Session held Tuesday, March 4, 2025 at the Franklin Senior Center. 8 of the 10 members participated along with Town Administrator Jamie Hellen & School Supt Lucas Giguere.Brief statements by TA Hellen and Supt Giguere opened the session before going to the audience for questions and comments. More than 20 folks stepped up to comment or ask a question, some multiple questions. Both Police Chief Lynch and Fire Cheif McLaughlin spoke to their budget risks. Sarah Amaral, Senior Center Director spoke to the work being done by the center.Link to the Town...2025-03-052h 31Franklin Matters RadioFM #1385 - Joint Budget Listening Session #2 - 02/12/25This session shares the Joint Budget Listening Session held Wednesday, February 12, 2025 at the Remington/Jefferson cafetorium. 8 of the 10 members participated along with Town Administrator Jamie Hellen and School Supt Lucas Giguere. Brief statements by TA Hellen and by Supt Giguere opened the session before going to the audience for questions and comments. About 10 folks stepped up to comment or ask a question, some multiple questions.Link to the Town page with the budget materials for both Town and School sides https://www.franklinma.gov/Archive.aspx?ADID=500 As of today, $3.6M sho...2025-02-172h 23
DSO OverflowS5Ep1 - Securing the Software Supply Chain with Francois ProulxDSO Overflow S5EP1Security the Software Supply ChainwithFrancois ProulxIn this episode, featuring Francois Proulx, a senior product security engineer, we discuss software supply chain security, particularly the security of build pipelines and dependencies. Francois shares insights on defining supply chains, identifying vulnerabilities, threat modeling, and strategies to improve security. The conversation explores topics like the SALSA framework, risk factors in CI/CD pipelines, and reducing complexity in dependencies. The discussion emphasizes threat awareness, holistic approaches, and the importance of isolating critical processes in software development. Practical tools and insights...2025-01-3148 minDSO OverflowS4Ep10 - Threat modelling with Ashley WardDSO Overflow S4EP10Threat ModellingwithAshley WardIn this month's episode, Steve and Glenn chatted with Ashley Ward to discuss topics around threat modelling.Ashley is a highly experienced CTO at ControlPlan with expertise in cloud-native architectures and cybersecurity, known for leading transformative initiatives across startups and large enterprises, including as Group CTO for a €4.5 billion company. He excels in scaling organisations through agile, FinOps, and DevSecOps, while inspiring teams and engaging with stakeholders at all levels. As a Justice of the Peace since 2017, Ashley brings additional st...2024-12-0646 minFranklin Matters RadioFM #1319 - Chalkboard Chat: Giguere & Boisvert - 11/14/24This session shares my conversation with Franklin School Superintendent Lucas Giguere. We are joined by Food Service and Operations Director Colin Boisvert. This is another episode of our continuing “Chalkboard Chat” series. We had our discussion in the Municipal Bldg on Thursday, November 14, 2024. We cover Details behind the reorganization processFocus on balancing within the guidelines to create an equitable distributionDavis Thayer exemption, transportation study, teacher alignmentsECDC expansion While conducting a school year, and redistricting, they are also redeveloping a budget from scratch to reflect the new organizational structuresCommunication of information as it develops is keyThe re...2024-11-2234 minDSO OverflowS4Ep9 - Open Source Integrity with Luke HindsDSO Overflow S4EP9Open Source IntegritywithLuke HindsIn this month's episode, Jessica and Glenn chatted with Luke Hinds to discuss topics around Open Source integrity and provenance.Luke is a co-founder and the CTO at Stacklok who loves building open source software and communities, as well as leading talented engineering teams to develop innovative cutting edge security technologies at scale.In this episode, Luke talks about the challenges of ensuring open source software integrity and provenance using cryptographic technologies and automated signing of software...2024-11-1941 minDSO OverflowS4Ep8 - Cloud Native and Kubernetes with Steve Wade and Michael FosterDSO Overflow S4EP8Cloud Native and KuberneteswithSteve Wade and Michael FosterIn this month's episode, Steve met with Steve Wade and Michael Foster to talk about the Cloud Native Club and new and future developments in Kubernetes.Steve Wade founded The Cloud Native Club, a global community for cloud-native enthusiasts. He is also a maintainer of the Flux Terraform Provider. As an experienced conference speaker, independent cloud-native consultant, and trainer, Steve shares his expertise worldwide. He has held platform leadership ro...2024-10-2251 minDSO OverflowS4Ep7 - Managing the risks that really matter with Sam WatkinsDSO Overflow S4EP7Managing the risks that really matterwithSam WatkinsIn this month's episode, Glenn and Jessica speak with Sam Watkins to talk about a new paradigm for managing risks.Sam Watkins is an accomplished engineer working at BT in the UK. Sam is driven by a passion for driving change through the implementation of technological solutions, possessing the expertise in impacting organisational capability and performance, catering to business needs by early adaption of futuristic technological trends, and enabling organisations to meet the business needs.2024-09-1639 minDSO OverflowS4Ep6 - Security in front-end application development with David MyttonDSO Overflow S4EP6Security in front-end application developmentwithDavid MyttonIn this month's episode, Glenn speaks with David Mytton to talk about how to make sure front-end development is secure.David Mytton is the CEO of Arcjet, a devtools software startup that helps developers protect their apps. He also writes the weekly Console.dev devtools newsletter which helps developers find the best tools.He's an angel investor in >30 early-stage developer-first startups and is working towards an Engineering Science PhD in sustainable computing at the University...2024-06-1344 minDSO OverflowS4Ep5 - LLMs and GenAI with John BoeroDSO Overflow S4EP5LLM and GenAI securitywithJohn BoeroIn this month's episode, Jess and Glenn speak with Field CTO at TeraSky John Boero to talk about LLMs and GenAI.John lives in London and has 20 years in the IT industry developing and consulting for Red Hat, Puppet, HashiCorp, and more with emphasis on performance and security.In this episode, John talks about the inherent risks of using LLMs and GenAI and provides some hints on how to benefit from using them effectively. He discusses...2024-05-1738 minDSO OverflowS4Ep4 - IoT, AI and DevSecOps with Darren RichardsonDSO Overflow S4EP4IoT, AI and DevSecOpswithDarren RichardsonIn this month's episode, Jess and Glenn speak with networking graduate, security enthusiast, coder and giant with a great bushy beard Darren Richardson from Eficode.Darren is an IT graduate specializing in system administration, network operation and information security with experience in Cisco IOS operation and network management. He has a passion for information security with a bias towards offensive security and ethical hacking.In this episode, Darren talks about the inherent security challenges of using...2024-04-0934 min
My Strange BibleWhy is Satan on God's Payroll in the Book of Job?In this episode of 'My Strange Bible,' hosts Alex and Steve delve into the perplexing question of why Satan appears on God's payroll in the Book of Job. They discuss the notion of cognitive dissonance experienced by many when encountering this scenario and suggest that a common misunderstanding of the text has led to confusion. Introducing the concept of the Divine Council worldview, they explain its significance in interpreting biblical narratives, specifically how it pertains to the 'sons of God' and the character of Satan. Using textual analysis, they argue that 'Satan' in Job might not refer to...2024-03-2942 minDSO OverflowS4Ep3 - Paving the Road to Effective Software Development with Sarah WellsDSO Overflow S4EP3Paving the Road to Effective Software DevelopmentwithSarah WellsIn this month's episode, Jess and Glenn speak with Sarah Wells an independent tech consultant, author formerly the Technical Director for Engineering Enablement at the Financial Times to talk about how to balance developer autonomy with standardisation.Sarah is a technology leader, consultant and conference speaker with a focus on microservices, engineering enablement, observability and devops. She has over 20 years experience as a developer, principal engineer and tech director across product, platform, SRE and devops...2024-03-1143 minMy Strange BibleThe Oldest Parable in the Bible | Judges 9:7-26This episode delves into the second part of the biblical story of Abimelech, exploring its dark and complex themes. The hosts, Steve and Alex, discuss how the story, found in the Book of Judges, reflects on Abimelech's tyrannical rule over Israel and his rise to power through deceit and murder. They analyze the parable of Jotham, Abimelech's sole surviving brother, and its implications on leadership and the consequences of sinful actions. The episode deeply examines the narrative's use of divine and spiritual elements, including God's intervention through an evil spirit to bring about Abimelech's downfall. This storytelling approach provides...2024-03-1153 minDSO OverflowS4Ep2 - Resilient Cybersecurity with Kennedy TorkuraDSO Overflow S4EP2Resilient CybersecuritywithKennedy TorkuraIn this month's episode, Steve and Glenn speak with Kennedy Torkura from Mitigant to talk about how to build cyber resiliency into your organisation.Kennedy is a cybersecurity professional, CTO and co-founder at Mitigant who specialises continuous security verification and making cybersecurity resilience a first-class citizen in the cloud. Kennedy holds a doctorate in cybersecurity whose thesis covers continuous security paradigms in cloud-native infrastructure. He is also a contributor to the book Security Chaos Engineering released in 2023.In...2024-02-1243 minDSO OverflowS4Ep1 - Contract First Development with Holly CumminsDSO Overflow S4EP1Contract First DevelopmentwithHolly CumminsIn this month's episode, Steve, Jess and Glenn speak with Holly Cummins to talk about how to API contracts and Contract First Development.Holly Cummins is a Senior Principal Software Engineer on the Red Hat Quarkus team and a Java Champion. Over her career, Holly has been a full-stack javascript developer, a WebSphere Liberty build architect, a client-facing consultant, a JVM performance engineer, and an innovation leader. Holly has used the power of cloud to understand climate risks, count f...2024-01-0941 min
StoryworldTales of a Budding Serial EntrepreneurIn this special episode, Alex interviews Steve! He shares insights into his personal and business journey, from growing up in the gospel music industry to his experiences in the recording studio and moving into the web design business.We discuss Steve's mindset, his transition from a 9-to-5 job to entrepreneurship, and his love for digital marketing. Steve draws parallels between Dana White's passion for the UFC and Elon Musk's diverse ventures.Steve also shares his approach to business, emphasizing strategic thinking and constant evaluation. We touch on his expansive domain name collection, viewing them as...2023-12-111h 03DSO OverflowS3Ep12 - The World of OWASP with Sam StepanyanDSO Overflow S3EP12The world of OWASPwithSam StepanyanIn this month's episode, Steve and Glenn speak with Sam Stepanyan who was recently voted onto the OWASP board. Sam tells us about his involvement with OWASP, the origins of OWASP, and what the future hold for OWASP.Sam is an OWASP London Chapter Leader, elected OWASP board member and an Independent Application Security Consultant with over 20 years of experience in the IT industry with a background in software engineering and web application development. Sam has worked for v...2023-12-0447 minDSO OverflowS3Ep11 - Storing secrets with Mackenzie JacksonDSO Overflow S3EP11Storing secretswithMackenze JacksonIn this month's episode, Steve, Jess and Glenn speak with Mackenzie Jackson to talk about managing secrets and digital authentication credentials in distributed architectures. In particular, Mackenzie digs into the concepts of secrets sprawl, and how we can keep secrets safe.Mackenzie is currently the developer advocate at GitGuardian, a developer-first cybersecurity company based in Paris that is focused on helping keep secrets and credentials out of source code.Mackenzie is passionate about technology and building a community of engaged...2023-11-0642 minDSO OverflowS3Ep10 - Private end-points with Jonathan D'AloiaDSO Overflow S3EP10Private end-pointswithJonathan D'AloiaIn this episode, Glenn, Jess and Steve are joined by Jonathan D'Aloia from Adatis to talk about benefits and challenges of using private end-points. Jonathan is a Principal DevOps Engineer at Adatis (part of Telefonica Tech) and is also an Azure Certified DevOps engineer and certified Cloud Solution Architect.Jonathan works with Infrastructure as code languages such as BICEP, Terraform and ARM templates, writes and designs YAML templates to automate the deployment of the Infrastructure as well as pipelines to deploy the...2023-10-0237 minStoryworldI NEVER Saw the Parable of the Sower This Way Before - It CHANGED My Perspective | Parables ep. 6In this episode, Steve and Alex dive deep into the fascinating Parable of the Sower found in Matthew 13. They break down each of the four types of soil/ground that Jesus describes to uncover the hidden meaning behind this story. Through their discussion, they reveal how this parable perfectly illustrates the different ways people respond when they hear the gospel message. They explore what it means for someone's faith to be choked out by life's worries or to fall away due to lack of deep roots.Steve and Alex also get personal as they connect t...2023-09-1427 minDSO OverflowS3Ep9 - Container Security with Rony MoshkovichDSO Overflow S3EP9Container SecuritywithRony MoshkovichIn this episode, Glenn and Jess are joined by Rony Moshkovich, co-founder & CPO at Prevasio, an AlgoSec company to talk about adopting a container security programme. Rony has extensive experience with cloud platform development, developing cloud-hosted service platforms for companies such as NTT, Symantec, HCL, CA, and more. A true veteran of the antivirus industry, Rony has worked as Development Director and Malware Research Lab Manager for CA\HCL and PC Tools\Symantec. Having many years of extensive experience in building and managing security...2023-09-0447 minStoryworldDune: Full Movie ReviewIn this episode, Steve and Alex dive deep into analyzing the sci-fi epic Dune directed by Denis Villeneuve. They discuss the film's plot, character development, emotional resonance, and how well it accomplishes what it sets out to do categorically.Through their trademark "Meat-O-Meter" rating system, Steve and Alex rank movies on a scale of 1-5 based on the quality of cut of meat the film would receive.Between analysis of the book adaptations, Hans Zimmer's phenomenal score, and dissecting the balance of sci-fi and fantasy elements, Steve and Alex find much to praise in Dune's...2023-08-3149 minDSO OverflowS3Ep8 - Static Application Security Testing with Nipun GuptaDSO Overflow S3EP8Static Application Security TestingwithNipun GuptaIn this episode, Glenn is joined by Nipun Gupta, a seasoned technology executive, entrepreneur, and speaker to talk about static code analysis, its benefits, its pitfalls and how best to integrate tools into developer workflows. Based nowadays in London, UK after a decade in Silicon Valley, Nipun has developed a reputation as a thought leader and innovator in cybersecurity at places like NCC Group, Deutsche Bank, and Deloitte. Prior to leading Integrations Product at Devo, he served as the Vice President, Global C...2023-08-0736 min
The Application Security PodcastSteve Giguere -- Cloud AppSecCloud security is on an evolutionary path, with newer platforms embracing secure-by-default settings. This has led to a significant improvement in security but also adds complexity as developers need to understand these defaults when deploying to the cloud.Steve Giguere defines cloud application security, describes cloud-first development and cloud complexity, security by default, and the need to broaden AppSec by creating new security personas and being secure from idea to destination. Steve provides many nuggets of insight from his travels, including pointing us to Wing, a programming language for the cloud that includes code and IaC together.2023-07-2437 minDSO OverflowS3Ep7 - Open Source Cloud Security with Matt JohnsonDSO Overflow S3EP7Open Source Cloud SecuritywithMatt JohnsonIn this episode, Steve, Jess and I are joined by Matt Johnson, developer advocate at Palo Alto Networks to talk to us about open source cloud security. Matt is a Developer Advocate for all things cloud security and open source at Prisma Cloud (part of Palo Alto). Hobbyist pentester, network and container geek, he specialises in Cloud Infrastructure and developer ecosystem security. Matt introduces us to the Checkov and Yor open source projects and talks about how AI may affect cloud security...2023-07-1745 minStoryworldWhat did I just watch...? | Hot Fuzz Movie ReviewIn this episode, Steve and Alex review the 2007 British comedy film Hot Fuzz directed by Edgar Wright. They discuss the hilarious humor, clever writing, over-the-top violent scenes, and stunts in miniature sets. They praise the performances of Simon Pegg as Nicholas Angel and Jim Broadbent as Inspector Frank Butterman. Steve and Alex agree the plot is excellent for a comedy film, managing to incorporate elements of buddy cop, slasher, and action genres while still staying grounded in humor. The emotional response the film evokes - mainly shock and laughter - earns it high marks. The guest cameos an...2023-07-1347 min
Scale to Zero - No Security Questions Left UnansweredCloud-Native Realm: A Comprehensive Look at Kubernetes Security with Steve Giguere | Scale to ZeroWelcome to Scale to Zero S2 Ep7! In this video podcast, dive deep into the intricate realm of cloud-native security and Kubernetes security. Our guest Steve Giguere, Uncovers invaluable insights and best practices to safeguard your cloud-native infrastructure. Steve also shares his view on AI in the cloud security environment.
Watch full transcript here.2023-06-2649 minDSO OverflowS3Ep6 - Notes from Japan with John WillisDSO Overflow S3EP6Notes from JapanwithJohn WillisIn this episode, Glenn is joined by John Willis, DevOps advocate and co-author of the DevOps Handbook to talk about our recent trip to Japan in which we visited a number of organisations to gain an understanding of lean principles. Listen to John as he shares his views of the trip and what he learned about quality, community, society and of course, Deming.Resources mentioned in this podcast:John's LinkedIn profileJohn's Profound Deming blogJohn's lates book on DemingThe DevOps Handbook2023-06-1946 minStoryworldReviewing the FULL Harry Potter SeriesIn this episode of the Storyworld Podcast, Steve and Alex discuss finally finishing the Harry Potter series, analyze the character development of Severus Snape, and give updates on what they’ve been working on recently.Steve just completed watching all the Harry Potter films with his wife and found that while the later, darker films stripped away some of the fun “wizarding world” elements, the progression of the characters and story was fantastic. Alex, a longtime Potter fan, shares insights into details left out of the movies, like the close friendship between Snape and Harry’s mother, Lily. Th...2023-06-151h 00DSO OverflowS3Ep5 - Workload authentication and authorisation using SPIFFE and OPA with Charlie EganDSO Overflow S3EP5Workload authentication and authorisation using SPIFEE and OPAwithCharlie EgainIn this episode, Steve, Jess and I are joined by Charlie Egan, developer advocate and Styra to talks to us about using SPIFFE (Secure Production Identity Framework For Everyone) and OPA (Open Policy Agent) to authenticate and authorise workloads. Charlie explains what SPIFFE is, how to start using it, and the challenges it helps organisations overcome.Resources mentioned in this podcast:Charlie's LinkedIn profileSPIFFEOPADSO Overflow S1Ep7 on Open Policy AgentDSO Overflow is...2023-05-3046 minStoryworldStructural Tension in the BibleHave you ever wondered why the Bible tells such incredible stories? In this episode of the Story World Podcast, Steve and Alex dive into the fascinating concept of structural tension in the Bible and how it unfolds throughout history. Join them as they:
Explore the idea of the Bible as the ultimate storybook with a cohesive narrative from beginning to end
Discuss the inspiration behind the Bible and the potential for deeper meanings within the text
Examine specific examples of structural tension in biblical stories, highlighting the progression of God's promises
Neglecting to consider structural t...2023-04-2756 minDSO OverflowS3Ep4 - The 'Man' Who Started It with Michael ManIn this episode, Steve, Jess and Glenn met with Michael Man, the founder of the DevSecOps London Gathering and this podcast, to chat about how it all started and the principles and philosophy of the Gathering. We reminisce about some key moments as well as discussing Michael's decision to step down from running the events and the podcast.We hope you enjoy listening to this episode as much as we enjoyed recording it.DSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and...2023-04-0347 minStoryworldTales from The Meat TavernIn this laid-back episode of StoryWorld, Steve and Alex catch up on their year so far, filled with sicknesses, traveling, and contrasting their current pace with last year's rapid episode releases. They chat about their recent TV show obsessions and entertain the idea of recording a podcast on the beach. They even explore quirky ways to bring the beach experience home, like heat lamps and spray tans.Diving into their writing journeys, they share their progress on novel outlines and drafts, the development of a magic system, and the importance of character-driven storytelling. The excitement of...2023-03-3038 minStoryworldUnraveling the Power of Structural Tension in StorytellingJoin Steve and Al in this episode of the Story World Podcast as they delve into the fascinating concept of structural tension and its significance in storytelling. Discover how this intriguing concept, which Steve initially encountered in the world of copywriting, can enhance the way you craft compelling narratives. Listen in as they share their unique perspectives on immersion, the importance of tension throughout a story, and how the right balance can create unforgettable tales. Don't miss this thought-provoking discussion on the art of storytelling and the impact of structural tension on engaging your audience.2023-03-2324 minDSO OverflowS3Ep3 - Leveraging Systems Thinking with Simon CopseyDSO Overflow S3EP3Leveraging Systems ThinkingwithSimon CopleyIn this episode, Steve, Jess and I are joined by Simon Copsey who talks to us about taking a systems thinking approach to improving organisational performance. He tells us among other things, about challenging assumptions, identifying, understanding and managing constraints, and how important it is to recognise cognitive dissonance.Resources mentioned in this podcast:Simon's LinkedIn profileCurious Coffee ClubGoldratt's Rule of FlowThe Unicorn ProjectThe GoalDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all...2023-03-0647 minDSO OverflowS3Ep2 - Cloud Security with Paul SchwarzenbergerDSO Overflow S3EP2Cloud SecuritywithPaul SchwarzenbergerIn this episode, Steve and I are joined by Paul Schwarzenberger who talks to us about cloud providers, cloud security and an OWASP project he has recently started working on. We hear about Paul's journey into cloud security, his views on certification programmes, and he warns us of the security traps that await us when working with cloud technologies.Resource mentioned in this podcast:OWASP 2023 Global AppSec in DublinOWASP Domain Protect projectPaul's LinkedIn profileDSO Overflow is a DevSecOps London...2023-02-0649 minDSO OverflowS3Ep1 - CVE, CVSS and the Land of Broken Dreams with Francesco CipolloneDSO Overflow S3EP1CVE, CVSS and the Land of Broken DreamswithFrancesco CipolloneIn this episode, Steve and Glenn are joined by Francesco 'Frank' Cipollone CEO and Founder of AppSec Phoenix. Frank talks about CVEs, CVSS scoring and how they create too much noise to be effective in helping organisations improve their security posture. We hear Frank speak about contextualisation and risk as a means to improve security within your organisation.Resource mentioned in this podcast:AppSec Phoenix websiteFrank's Cyber Security and Cloud PodcastWhitepaper on vulnerability management...2023-01-1648 minStoryworldSchramm and Giguere Update# 1Here's a personal update for ya! 2022-10-1319 minDSO OverflowS2Ep5 - Security Differently with Mario PlattDSO Overflow S3EP5Security DifferentlywithMario Platt from LastPassIn this episode Glenn Wilson and Steve Giguere sit down with Mario Platt to discuss how the current paradigm of doing security is not working. Taking lessons from how safety is managed within a physically demanding role, Mario examens why compliance is failing and how we need to build a new model based on resilience.Resources mentioned in this podcast:Mario's presentation given at DSO LG in May 2022Rasmussen paper Rasmussen, J. (1997). Risk management in a dynamic society: A...2022-09-1249 minDSO OverflowS2Ep4 - Cloud Security @ Large with Ashish and ShilpiDSO/Overflow S2EP4Cloud Security at LargewithAshish Rajan and Shilpi Bhattacharjee from the Cloud Security Podcasthttps://cloudsecuritypodcast.tv/https://twitter.com/cloudsecpod?lang=enhttps://www.youtube.com/c/CloudSecurityPodcast?sub_confirmation=1Watch on YouTube: https://youtu.be/HV6iJReLoXEIn the episode, Jessica Cregg sits with Ashish and Shilpi and breaks the 4th wall about their mega successful Cloud Security Podcast, what advocacy means, and the state of Cloud Security at large. DSO/Overflow is a DevSecOps London Gathering production. Find th...2022-09-0350 min
DSO OverflowS2Ep3 - Or Weis on Modern AuthorizationIn this episode, Or Weis talks to us about Full Stack Permission as a Service, why simplifying access control is crucial to creating secure infrastructure and how the use of access control could facilitate a zero-trust architecture.BIOOr is the CEO and co-founder of Permit.io, and co-maintainer and author of open source OPAL.ac. Or is a serial entrepreneur who is passionate about developer tools, previously founding Rookout.com, a leading production debugging solution; and managing Upwards Israel’s largest founders’ PLG community. Before becoming a founder, Or worked as a lead engi...2022-03-3142 min
DSO OverflowS2Ep2 - Chris Tomkins and Nathan Skrzypczak on VPP and K8s Calico Data PlanesIn this episode, Nathan and Chris talk about VPP, Calico, CNI and Service Mesh architecture. We will learn how VPP can enhance security and performance of your K8s clusters and the benefits of using Calico.BiosChris Tomkins - Chris is lead developer advocate at Tigera, where he champions user needs to support Project Calico’s users and contributor community. He has worked in networking since 2000. After realising that a per-device CLI is not a scalable solution for a large environment, he took an early interest in infrastructure-as-code approaches and large-scale au...2022-03-0953 minStoryworldThe Big Screen: RocketmanRocketman (1997) is one of Steve's very favorite movies! Although it's a slapstick comedy, Steve and Alex discuss and discover some deep, universal themes in the movie, and attempt to shed light on those in this episode. This one is SUPER fun AND informative, we hope you enjoy!2022-03-031h 09StoryworldThe Stories of Schramm and GiguereStory has infected us both...obviously, because that's why we're here! So, how did we get our start and find our individual passion for storytelling? Find out on this episode!2022-02-031h 00
DSO OverflowS2Ep1 - Nigel Kersten: Accelerating DevOps AdoptionEpisode SummaryIn this episode, Nigel gives his views on the current state of DevOps adoption, the role of security in DevOps, and gives us some clues from the State of DevOps Report 2021 that will help organisations accelerate their DevOps journey.Nigel's BioNigel is a Field CTO at Puppet where he is responsible for bringing product knowledge and a senior technical operations perspective to Puppet field teams and customers, working on services strategy and representing the customer back into the product organization. He works with many of Puppet’s largest cu...2022-01-3140 min
CoSeCast - The Continuous Security PodcastEP8 - Lewis Denham-Parry and Andy Martin: KubeCon CTFIn this episode Steve speaks with the Control Plane Kubernetes security training gurus, Lewis Denham-Parry and Andy Martin about their brain-child, the KubeCon Capture the Flag!We get into how it began, the community the enables it and the inspiration for some of the concepts within its structure and scenes.Recorded back in June 2021 and long overdue thanks to some editing nightmares, this is one to listen to before we meet up for KubeCon 2022 #optimistic Lewis Denham-ParryHead of Training at Control Plane / Co-Founder at Cloud Native Wales2022-01-0529 min
CodifyreS2 #2 - WHAT IS THE CLOUD?There is a lot of hype around the cloud. Many people know the term "the cloud" but the meaning is often jokingly relegated to the "other peoples computers".
Is it really other peoples computers? Well it's not your computer. It's bigger and more amazing than that. In this show I'll talk about the inception of the cloud and how it went from solving an internal problem to becoming the global operating system is it today.
#thecloud #aws #azure #whatisthecloud #gcp #google #microsoft #jeffbezos #andyjassy
2021-12-3014 min
DSO OverflowEP17: A History of Kubernetes Security with Rory McCuneFrom containers to Kubernetes to cloud, it can be hard enough to keep up with the technologies let alone how to secure them. Rory McCune was there at the inception. Starting as a pen tester looking into containers he has become one of the world's foremost Kubernetes security authorities. In this episode Glenn and Steve talk to him about the early days of containers, the orchestration wars, the first ever Kubernetes CVE and how security chases a technology maturing at breakneck speed.You can reach Rory on Twitter: https://twitter.com/raesene2021-12-2945 min
DSO OverflowEP:16 Breaking down silos with Stefania ChaplinIn this episode, Steve and Glenn are joined by Stefania Chaplin to talk about breaking down silos.BioStefania Chaplin’s experience within Cybersecurity, DevSecOps and OSS governance means she's helped countless organisations understand and implement security throughout their SDLC. As a python developer at heart, Stefania is always optimising and improving efficiency wherever she goes by scripting & automating processes and creating integrations. Stefania is passionate about DevSecOps and cybersecurity, having spoken at many conferences including; RSA Conference, ADDO, OWASP, JavaZone, Women of Silicon Roundabout, Women in DevOps, DZone and many more. She is al...2021-12-2645 min
DSO OverflowEP15: DevSecOps PersonasIn this episode, Steve and Glenn speak with Ed Tucker and Gary Robinson about the differences between DevSecOps personas.DevSecOps Personas – what Developers, Security, and Operations think when it comes to people/tech/processes/culture when it comes to rolling out DevSecOps programs. Each of these teams have different drivers, ambitions, blockers, and challenges when it comes to a successful DevSecOps program. As Dale Carnegie said, ‘The only way to get anyone to do anything, is to make them want to do it’ - all the tech and process in the world isn’t going to make it successf...2021-10-2553 min
DSO OverflowEP14: Threat Modeling - A Manifesto And Some CodeTitle: Threat Modeling - A Manifesto And Some CodeThreat Modeling: Why we think it matters for you, and how you can implement it in your organization.Modeling: How to model your system in an expressive way.Eliciting threats: What are some of the major approaches in use and how can it be done closer to the developer and at Agile speed.Evolution: Automated threat analysis using an open source tool (pytm). We will talk through the making of pytm and then do a demo.Guest...2021-08-2338 min
DSO OverflowEP13: Top 5 things I wish I knew about SASTApplication security testing ... top tips to achieve more SASTisfaction from your tooling.ReferencesYoutube Channel: AppSecEngineerYoutube Channel: we45OSSF ScorecardPlease visit our YouTube Channel to see Florin present in our July 2021 Gathering (monthly meet-up).Guest SpeakersFlorin CoadaI've been working in the Application Security testing space for the last eight years. I was lucky enough to experience many customer environments and different testing technologies (SAST, DAST, IAST, SCA). Over the years, I became more interested in SAST, and I am currently working...2021-08-0445 min
DSO OverflowEP12: Exploring eBPF Cloud Native SecurityExtended Berkeley Packet Filter (eBPF) allows us to tap into the kernel to implement monitoring, observability, networking, and security. In this episode, we invited Chris Kranz and Liz Rice to discuss the usage and adoption of eBPF within Cloud Native solutions.Referenceshttp://www.brendangregg.com/https://nathanleclaire.com/https://github.com/iovisor/bpftracehttps://ebpf.io/what-is-ebpfhttps://github.com/lizrice/ebpf-beginnerseBPF for Windows: https://www.youtube.com/watch?v=LrrV-eo6fugCommunity: http://slack.cilium.io/eBPF Summit 2021https://ebpf.io/summit-2021/Please visit our YouTube Channel to s...2021-06-1935 minCoSeCast - The Continuous Security PodcastEP7 - Brian Haugli and Security Culture Change #CISOLIFEGuest: Brian Haugli - Managing Partner, SideChannel | CEO, RealCISO.io | Host of #CISOlifeViewed as a "full stack CISO", Brian is an executive security leader and mentor focused on building high performance security teams, deploying effective operating models, and delivering risk management capabilities for global, domestic, and local enterprises. He has held senior advisory & practitioner roles within DoD, the Intelligence Community and Fortune 1000 companies.Brian is a NIST expert, specifically with the Cyber Security Framework (CSF) and 800-53, and for industrial control systems & operational technologies.In the episode Steve speaks to...2021-06-0950 min
DSO OverflowEp11: From Zero To a DevSecOps HeroLearning or knowing what to study in the field of security is a tough subject in it's own right. Join us with Marcus and Josh where we understand what best practices they follow them.Please visit our YouTube Channel to see Marcus present in our May 2021 Gathering (monthly meet-up).Guest Speakers:Marcus Maxwell:Marcus Maxwell is a Principal Consultant at Contino. He has spent the last 5 years helping large enterprises with building out their Kubernetes clusters, migrating to cloud and most recently with the cloud security programmes. Marcus has given talks b...2021-06-0639 min
DSO OverflowEp10: Security Chaos EngineeringJoin us to explore and learn what is Security Chaos Engineering with two of the leading figures in this field Aaron Reinhart and Kennedy Torkura.If you missed the Gathering watch the meet-up here.References: Aaron ReinhartChaos Engineering: System Resiliency in PracticeSecurity Chaos EngineeringReferences: Kennedy TorkuraSecurity-Chaos-Engineering-for-Cloud-ServicesFrom Dependability to Resilience → Security Chaos Engineering for Cloud ServicesRisk-Driven Fault Injection: Security Chaos Engineering for the Fast & FuriousContact Details:Aaron Reinhart: https://www.linkedin.com/in/aa...2021-05-0952 minCoSeCast - The Continuous Security PodcastEP6 - Jim Bugwadia - Kubernetes Policies Through KyvernoJim is the Founder and CEO at Nirmata who are in turn the founders of KyvernoKyverno is a policy engine designed for Kubernetes. With Kyverno, policies are managed as Kubernetes resources and no new language is required to write policies. This allows using familiar tools such as kubectl, git, and kustomize to manage policies. Kyverno policies can validate, mutate, and generate Kubernetes resources. Software is changing the world, and Jim's mission at Nirmata is to help the world deliver better software by fully by democratizing cloud native best practices. Nirmata is a Kubernetes management p...2021-04-2939 min
DSO OverflowEp09: DevOps meets SecurityDevOps meets Security.London DevOps meets DevSecOps - London Gathering. https://www.meetup.com/London-DevOps/Speakers Bio:Matt Saunders is a technical operations leader, using Devops and continuous delivery to help teams deliver quality software quickly and efficiently. He is also co-organiser of the London DevOps meetup - a group with over 8,000 members which meets monthly.https://www.linkedin.com/in/msaunders/Marc Cluet is a Senior Partner Solutions Engineer at Hashicorp and has over 25 years of experience in the Industry. Heis one of the organisers of London DevOps which i...2021-04-2439 min
DSO OverflowEp08:Kubernetes Exam CramWe have the pleasure to have Steve Giguere and Michael Foster, the hosts from Clust3rF8ck, to share with us their experience cramming in all the relevant materials to take both the CKA (Kubernetes Administrator) and CKS (Kubernetes Security Specialist) examshttps://www.twitch.tv/clust3rf8ckhttps://www.cncf.io/certification/cka/https://www.cncf.io/certification/cks/Speakers Bio:Steve Giguere is a dedicated DevSecOps community champion, securing cloud native applications. In addition to Clust3rF8ck, he has a podcast called CoSeCast and represents the UK at...2021-04-0547 minCoSeCast - The Continuous Security PodcastEP5 - Alvin Chang - DevOps is Dead?Alvin Chang is a futurist and technology enthusiast. This episode was prompted by a conversation I had with him on LinkedIn where he spontaneously told me DevOps was dead and briefly seemed to be suggesting he should tell Gene Kim.I requested he explain via podcast and here we are! It goes in some very interesting directions.References:https://en.wikipedia.org/wiki/GPT-3https://en.wikipedia.org/wiki/Impact_factorBlogchain:https://steemit.com/People:https://en.wikipedia.org/wiki/Tim_Berners-Leehttps://www.ucl.ac...2021-03-1032 minCoSeCast - The Continuous Security PodcastEP4 - Jessica Cherry - Embrace the Chaos (Engineering)In this show I get to talk with Jessica about the breaking down of tribal knowledge through chaos engineering, her favourite tools, culture change and I discover that kubernetes and cloud native infused gardening might soon be a "thing". About Jessica CherrySRE IIEvangelist of silo prevention in the IT space, the importance of information sharing with all teams. Believer in educating all and open source development. Lover of all things tech.Follow Jessica Cherry on Twitter @alynderthered1Important links----...2021-02-2428 min
DSO OverflowEp07:Using Rego to define your policiesIn this episode we invited Anders from the Open Policy Agent project and Alex one of the masterminds behind a new opensource project called KICS.OpenSource ProjectsKICS - Keep your Infrastructure as Code Secure: https://kics.io/Styra Academy: https://academy.styra.com/Rego Playground: https://play.openpolicyagent.org/Official Docs: https://www.openpolicyagent.org/docs/latest/OPA Blog: https://blog.openpolicyagent.org/Guest Detailshttps://www.linkedin.com/in/anderseknert/https://www.linkedin.com/in/roichman/2021-02-1835 minCoSeCast - The Continuous Security PodcastEP3 - Kenichi Shibata - Continuous Learning through DevOpsKenichi is a Cloud Expert with more than 3 years of Kubernetes in production and more than 8 years of Cloud Engineering Experience, With Exposure to Cloud Security and Big Data. He worked across multiple sectors on a global scale including Retail with Uniqlo and Fast Retailing, Conde Nast (Vogue, GQ, Wired, Reddit). Also worked and designed solutions for highly regulated environments like Finance with Simplex JP, Beacon Platform, ComparetheMarket.In this show we are taken through Kenichi's regulatory, geographical and security driven learning experiences across data centres and cloud. Listen in to become a part...2021-02-0837 minCoSeCast - The Continuous Security PodcastEP2 - Glenn Wilson - What is DevSecOps... The Book?In this episode I speak to Glenn Wilson the author of the recently released (Jan 2021) book entitled...DevSecOps - A leader’s guide to producing secure software without compromising flow, feedback and continuous improvementHe discusses not just the book but his influences, the struggles of writing a technical (but not too technical) book as well as the general state of DevSecOps in 2021.Buy his book here https://www.amazon.co.uk/dp/1781335028/ref=cm_sw_r_tw_dp_ZFG9FbG62WW08About Glenn Wilson:Glenn is a Dev...2021-01-0647 minCoSeCast - The Continuous Security PodcastEP1 - Tanya Janca - Alice and Bob Learn Application SecurityIn this show Steve speaks with application security specialist and educator Tanya Janca to talk about her new book "Alice and Bob Learn Application Security",as well as the struggles to educate developers about secure development, creating a positive and inclusive community and a slice of just about everything else.The Book!https://www.amazon.com/Alice-Bob-Learn-Application-Security/dp/1119687357https://www.wiley.com/en-us/Alice+and+Bob+Learn+Application+Security-p-9781119687351Who are Allison and Bobhttps://en.wikipedia.org/wiki/Alice_and_BobTanya gets a book!https...2020-12-1636 minCoSeCast - The Continuous Security PodcastEP0 - Welcome to CoSeCast!Hello DevOps, Security, Kubernetes, Application and Continuous Security friends, this is the intro show to CoSeCast! It's a short one so why not listen and get a taster for what's to come.Hosted by Steve Giguerehttps://cosecast.comPowered by StackRoxhttps://stackrox.com2020-12-1302 minCodifyreS2 #1 - Shine Theory / DevOps / Community#DevOps, #DevSecOps, #ShineTheory
"Shine Theory not only defines how success can be achieved across so many aspects of our lives but also brings clarity to the successes of such movements as DevOps. The concept of collaboration of software development and operations, over the separation of role, knowledge and/or power is proving both an advantage and an enabler."
Read the full blog:
https://codifyre.com/culture/shine-theory-devops-community
Follow along on...
Twitter: https://www.twitter.com/codifyre
Facebook: https://www.facebook.com/codifyre
Instagram: https://www.instagram.com/codi...2020-10-3014 min
DSO OverflowEp06: CheckovIn this episode I have the pleasure of talking to James and Corcoran - two very talented individuals when it comes to Infrastructure as Code as well as all things DevOps; in addition we have Barak the CTO of Bridgecrew the company behind the opensource project - CheckovCheckov details:https://www.checkov.io/1.Introduction/Getting%20Started.html### DevSecOps - London Gathering ###https://dso-lg.comhttps://dso-overflow.comAlso follow us on Twitter: @DevSecOps_LG2020-09-1241 min
DSO OverflowEp05: SemgrepIn this episode I have the pleasure of talking to Clint from R2C - a software security startup from the US. They are championing an open source project called semgrep. I will be exploring what this is and how it is modernising SAST. Semgrep details:https://semgrep.dev/### DevSecOps - London Gathering ###https://dso-lg.comhttps://dso-overflow.comAlso follow us on Twitter: @DevSecOps_LG2020-09-1245 min