Shows
TechDaily.aiDevSecOps Maturity Model: A Roadmap to Secure, Scalable Software DeliveryStruggling to make DevSecOps work in your organization, even though everyone agrees it's crucial? You're not alone—and this episode is here to help. Join us as we break down the DevSecOps Maturity Model, a powerful framework to assess your current capabilities, define where you want to go, and create a step-by-step path to get there.In this episode, you’ll learn:The 4 stages of DevSecOps maturity: Beginner, Intermediate, Advanced, and ExpertThe 6 key competencies: from people & culture to observability & incident responseHow to conduct a DevSecOps self-assessment and map your improvement journeyWhy “baking in” security (not bolting it on) i...2025-05-0715 min
Defense Unicorns, A PodcastBuilding Trust and Security in the DoD: A DevSecOps PerspectiveDevOps, culture, and the battlefield converge in this compelling episode of Defense Unicorns as host Rebecca Lively speaks with Dr. Noe Lorona, a platform engineer at the Army Software Factory. Together, they explore the nuances of DevSecOps, unraveling its critical role in the defense sector, where software isn’t just a tool but a lifeline. Dr. Lorona delves into how the Department of Defense has elevated security to the forefront, embedding it into every phase of the development process to ensure reliable and secure systems that protect both lives and missions.Beyond the technical jargon, this episode sh...2025-02-1048 min
🧠 _What is DevSecOps? (explained by GitLab) | CXOTalk #861 Podcast: CXOTalk: Leadership, AI, and the Digital Economy (LS 39 · TOP 2% what is this?)Episode: What is DevSecOps? (explained by GitLab) | CXOTalk #861Pub date: 2024-11-26Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationAI is revolutionizing software development, but where do you start? Ashley Kramer, Chief Marketing & Strategy Officer and Interim Chief Revenue Officer at GitLab, joins CXOTalk to discuss how to integrate AI strategically into your DevSecOps process.
Learn how to measure AI's ROI, increase developer productivity and happiness, and navigate the hype around AI-powered coding. Dis...2024-12-1924 min
Effekten | digitalisering - kunskapBygg säkra applikationer: Guide till DevSecOps. Erik Hjalmarsson (# 226)Att integrera säkerhet i utvecklingsprocessen genom DevSecOps, med fokus på utbildning, verktyg för sårbarhetsanalys, och förbättrat samarbete mellan säkerhets- och utvecklingsteam.
Erik Hjalmarsson, Cloud Architect på Sogeti, med en introduktion till DevSecOps från utvecklingsperspektivet. DevSecOps handlar om att integrera säkerhetsarbetet i den dagliga utvecklingsprocessen. Det innebär ett samarbete och delat ansvar mellan säkerhetsteamet och utvecklingsteamen. Historiskt har det funnits en obalans där ett litet säkerhetsteam har haft ansvaret för alla säkerhetsaspekter, vilket har varit svårt att hantera. Genom DevSecOps kan säkerhetsarbetet bli en naturlig de...2024-11-2420 minPodd om digitalisering - EffektenBygg säkra applikationer: Guide till DevSecOps. Erik Hjalmarsson (# 226)
Att integrera säkerhet i utvecklingsprocessen genom DevSecOps, med fokus på utbildning, verktyg för sårbarhetsanalys, och förbättrat samarbete mellan säkerhets- och utvecklingsteam.
Erik Hjalmarsson, Cloud Architect på Sogeti, med en introduktion till DevSecOps från utvecklingsperspektivet. DevSecOps handlar om att integrera säkerhetsarbetet i den dagliga utvecklingsprocessen. Det innebär ett samarbete och delat ansvar mellan säkerhetsteamet och utvecklingsteamen. Historiskt har det funnits en obalans där ett litet säkerhetsteam har haft ansvaret för alla säkerhetsaspekter, vilket har varit svårt att hantera. Genom DevSecOps kan säkerhetsarbetet bli en naturlig de...2024-11-2420 min
The Application Security PodcastKayra Otaner -- DevSecOpsKayra Otaner joins the podcast today to discuss DevSecOps and answer the question, is it dead? Kayra is the Director of DevSecOps at Roche and is highly involved in the DevSecOps community. Kayra states that DevSecOps in its traditional form is “dead” and that each organization should approach its needs based on their size. Otaner introduces the concept of "security as code" and "policy as code" as more effective approaches, where security functions are codified rather than relying on traditional documentation and checklists. Finally, they discuss the emergence of Application Security Posture Management (ASPM) tools as the "SIM for AppS...2024-10-2932 min
PPT Não Compila | Tecnologia, IA e ProgramaçãoDevSecOps na Prática: Segurança e Agilidade no Ciclo de DesenvolvimentoNeste episódio do podcast PPT Não Compila, mergulhamos profundamente no universo do DevSecOps, explorando como essa metodologia está mudando o cenário de desenvolvimento de software. Com a presença de Luciano Beja, Especialista Cloud DevOps, e Rafael Silva, DevSecOps, ambos da empresa Natura, além da incrível co-host Damaris Souza da Silva, da VMBears, discutimos as melhores práticas para integrar segurança ao longo de todo o ciclo de vida do desenvolvimento, desde a concepção até o deploy.
Nossos convidados abordaram a importância de uma cultura de segurança int...2024-10-241h 36
Cars, Hackers & Cyber SecurityDevSecOps for Automotive – PlaxidityX Ep 2Automotive cyber security is becoming a critical concern as software-defined vehicles (SDVs) increasingly dominate the market. In this episode, we explore how DevSecOps ensures that cyber security is integrated at every stage of the automotive software development process. By adopting a security-by-design approach, automakers can accelerate production timelines, reduce vulnerabilities, and improve overall vehicle safety.We also dive into the features of the PlaxidityX DevSecOps Platform, which automates threat detection, code security, and compliance verification for automotive applications. As OEMs and suppliers face rising regulatory pressures, this platform helps them meet industry standards while delivering secure, high-quality...2024-10-2007 min
The ITSM Practice: Elevating ITSM and IT Security KnowledgeIntegrating Security and Service: The Convergence of DevSecOps and ITIL® 4Welcome back! In today's episode of "The ITSM Practice," hosted by Luigi Ferri, we delve into how DevSecOps, combined with ITIL® 4, enhances security in IT services. We explore the benefits and challenges from a customer's perspective, discuss proactive security practices, and offer practical tips for integrating DevSecOps effectively. This integration is crucial for managing modern cybersecurity threats and ensuring rapid recovery from disruptions.
In this episode, we answer to:
How does DevSecOps change the security landscape in IT services?
What are the pros and cons of DevSecOps from a customer's p...2024-10-0808 min
The ITSM Practice: Elevating ITSM and IT Security KnowledgeIntegrating Security and Service: The Convergence of DevSecOps and ITIL® 4Welcome back! In today's episode of "The ITSM Practice," hosted by Luigi Ferri, we delve into how DevSecOps, combined with ITIL® 4, enhances security in IT services. We explore the benefits and challenges from a customer's perspective, discuss proactive security practices, and offer practical tips for integrating DevSecOps effectively. This integration is crucial for managing modern cybersecurity threats and ensuring rapid recovery from disruptions. In this episode, we answer to: How does DevSecOps change the security landscape in IT services? What are the pros and cons of DevSecOps from a customer's perspective? How can organizations effectively implement DevSecOps? Resources M...2024-10-0808 minDefense Unicorns, A PodcastConnecting DevSecOps to Boyd’s Theories with Mark McGrathIn this episode of the Defense Unicorns Podcast, Rebecca sits down with Mark McGrath, a Marine Corps veteran turned asset manager and consultant, to explore how modern DevSecOps practices intersect with John Boyd's theories. Mark’s deep understanding of Boyd's OODA loop—observe, orient, decide, act—shapes how he helps clients in industries like manufacturing, energy, and public relations respond to complexity and streamline decision-making, much like DevSecOps optimizes software development and deployment.Diving into the legacy of John Boyd and going beyond the OODA loop, Mark discusses Boyd’s influence on business strategy, finance, and software developm...2024-09-1952 min
Talking Security: Insights from Microsoft Security ExpertsDevSecOps E07 - Elevating DevSecOps: Mastering Infrastructure and Identity MonitoringIn this compelling follow-up episode of the Talking Security podcast, hosts Sander ten Brinke, Pouyan Khabazi, and Frans Oudendorp delve into the crucial aspects of monitoring infrastructure and identity within the DevSecOps framework. Building on our previous discussion, this episode provides a thorough exploration of best practices for securing your infrastructure and managing identities to maintain a robust security posture.Topics covered in this episode include:- Key components of infrastructure monitoring in a DevSecOps environment- Strategies for effective identity management and monitoring- Techniques for integrating infrastructure and identity...2024-09-1139 min
Unleash Your Imagination, Through Free AudiobookLearning DevSecOps: A Practical Guide to Processes and Tools Audiobook by Steve SuehringListen to this audiobook in full for free onhttps://hotaudiobook.com/freeID: 795850
Title: Learning DevSecOps: A Practical Guide to Processes and Tools
Author: Steve Suehring
Narrator: Chris Sorensen
Format: Unabridged
Length: 06:19:25
Language: English
Release date: 08-27-24
Publisher: Ascent Audio
Genres: Science & Technology, Computers
Summary:
How do some organizations maintain 24-7 internet-scale operations? How can organizations integrate security while deploying new features? How do organizations increase security within their DevOps processes? This practical guide helps you answer those questions. Steve Suehring provides unique content to help practitioners and leadership successfully implement DevOps and DevSecOps. Learning DevSecOps emphasizes prerequisites that lead...2024-08-276h 19
Discover the Best Audio Stories in Non-Fiction, Computers & TechnologyLearning DevSecOps: A Practical Guide to Processes and Tools by Steve SuehringPlease visit https://thebookvoice.com/podcasts/1/audiobook/795850 to listen full audiobooks. Title: Learning DevSecOps: A Practical Guide to Processes and Tools Author: Steve Suehring Narrator: Chris Sorensen Format: Unabridged Audiobook Length: 6 hours 19 minutes Release date: August 27, 2024 Genres: Computers & Technology Publisher's Summary: How do some organizations maintain 24-7 internet-scale operations? How can organizations integrate security while deploying new features? How do organizations increase security within their DevOps processes? This practical guide helps you answer those questions. Steve Suehring provides unique content to help practitioners and leadership successfully implement DevOps and DevSecOps. Learning DevSecOps emphasizes prerequisites that lead to success through best...2024-08-2703 min
Bezpieczny Kod PodcastDevSecOps - Od Czego Zacząć. O Mentoringu i Dashboardach - Bezpieczny Kod x Katarzyna BrzozowskaNowy odcinek podcastu z Katarzyną Brzozowską - doświadczoną specjalistką DevSecOps!
Kasia dzieli się swoją inspirującą ścieżką kariery - od przebranżowienia się do IT, poprzez rolę administratora Linuxa, SysOps i DevOps, aż po obecne stanowisko DevSecOps Engineer.
Kluczowe tematy:
* Jak rozpocząć karierę w IT - wartość darmowych warsztatów i samodzielnej nauki
* Narzędzia w pracy DevSecOps: SonarQube, Snyk, Trivy
* Budowanie wartościowych dashboardów bezpieczeństwa
* Doświadczenia z mentoringu dla początkujących w IT
* Platformy do nauki cyberb...2024-08-1936 min
The Secure DeveloperImplementing A DevSecOps Program For Large Organizations With David ImhoffEpisode SummaryIn this episode of The Secure Developer, David Imhoff, Director of DevSecOps and Product Security at Kroger, shares insights on implementing DevSecOps in large organizations. He discusses balancing regulatory compliance with business objectives, fostering a security culture, and the challenges of risk mitigation. David also explores the importance of asset management, security champions, and the potential impact of AI on cybersecurity practices.Show NotesIn this episode of The Secure Developer, host Danny Allan speaks with David Imhoff, Director of DevSecOps and Product Security at Kroger, about implementing security programs in...2024-07-2340 min
Machine Learning Tech Brief By HackerNoonMaximizing Log Value with AI: 8 Ways to Revolutionize DevSecOps Monitoring
This story was originally published on HackerNoon at: https://hackernoon.com/maximizing-log-value-with-ai-8-ways-to-revolutionize-devsecops-monitoring.
AI enhances DevSecOps by handling vast log data, automating security, and reducing alert fatigue, transforming logs into actionable insights efficiently.
Check more stories related to machine-learning at: https://hackernoon.com/c/machine-learning.
You can also check exclusive content about #ai, #logging, #artificial-intelligence, #devsecops, #the-future-of-logging, #logging-and-monitoring, #log-value, #ai-devsecops, and more.
This story was written by: @MichaelB. Learn more about this writer by checking @MichaelB's about page,
and for more stories, please visit hackernoon.com.
2024-07-2009 min
InfosecTrainHow to Become a DevSecOps Engineer in 2024?What is DevSecOps?
DevSecOps builds upon DevOps, which combines software development with IT operations to enhance application deployment speed and competitiveness. DevOps has become standard practice in application development, facilitated by IT advancements like cloud computing.
DevSecOps, an extension of DevOps, integrates security practices into every DevOps phase. It fosters a ‘Security as Code’ culture through continuous collaboration between Release Engineers and Security teams.
What is a DevSecOps Engineer?
DevSecOps Engineers play a crucial role in configuring IT infrastructure, proactively identifying security vulnerabilities, and ensuring the security of the software development proc...2024-06-2405 min
InfosecTrainIntroduction to DevSecOps Maturity ModelDevSecOps is critical in today’s fast-paced software development landscape, emphasizing security integration to mitigate vulnerabilities and breaches. This methodology offers a structured approach, guiding organizations to enhance security within DevOps processes. The DevSecOps maturity model is a roadmap for progressing through its stages to strengthen security posture, accelerate software delivery, and foster collaboration. It signifies a significant change in the way security is addressed in today’s digital era, emerging as a crucial resource for managing the intricate challenges of modern software as organizations adopt DevSecOps practices. Its adoption is no longer optional but essential for staying ahead in tod...2024-06-2105 min
InfosecTrainIs a DevSecOps Career Right for You in 2024?In the increasingly digital world, DevSecOps has emerged as a crucial career path for those seeking to contribute to the security landscape. By incorporating security practices into the software development process, DevSecOps professionals play a vital role in safeguarding organizations against cyber threats.
As we step into 2024, the demand for skilled DevSecOps professionals is only expected to grow. For example, according to a recent report by Glassdoor, the job outlook for DevSecOps engineers is projected to grow 37% from 2020 to 2030, much faster than the average for all occupations. This growth is being driven by the increasing adoption of...2024-06-2004 minTalking Security: Insights from Microsoft Security Experts#36 - DevSecOps Series - Mastering the Monitor Phase for Robust SecurityIn this insightful episode of the Talking Security podcast, we turn our focus to the Monitor phase of the DevSecOps cycle. Hosts Sander ten Brinke, Pouyan Khabazi, and Frans Oudendorp guide you through the intricacies of continuous monitoring, providing an in-depth analysis of how to effectively observe and respond to threats in real-time.This episode of our DevSecOps series will cover:An overview of the Monitor phase in DevSecOpsStrategies for setting up robust monitoring systemsTechniques for real-time threat detection and responseBalancing proactive and reactive security measuresJoin us as we dissect the tools and practices...2024-06-1742 minTalking Security: Insights from Microsoft Security Experts#35 - DevSecOps Series – How to release Software Securely in a DevSecOps Pipeline?In this episode of the Talking Security podcast, we delve into the essentials of release code securely within a DevSecOps pipeline. Join hosts Sander ten Brinke, Pouyan Khabazi, and Frans Oudendorp as they explore key strategies and best practices for integrating security into every stage of software development and deployment.As part of our DevSecOps series, this episode covers:- The fundamentals of DevSecOps- Critical security measures for code release- Tips for maintaining security without compromising speed or efficiencyWhether you're a seasoned professional or new to...2024-05-2734 min
TechTalks the Podcast by ipt#23 Navigieren durch DevSecOps & Platform Engineering – Herausforderungen & StrategienIn dieser Podcast-Episode tauchen IT Architect Florian Stelzer und Senior Consultant Sergen Sentürk tief in die (sichere) Welt von Applikationen und Plattformen ein und beleuchten die Herausforderungen, denen Applikations- und Plattformentwickler und -entwicklerinnen derzeit gegenüberstehen. Das Themengebiet nennt sich DevSecOps. Dabei werfen sie einen Blick darauf, wie diese Herausforderungen die Team- und Projektarbeit beeinflussen. Und sie stellen sich der Frage: Was passiert, wenn DevSecOps nicht wie erwartet funktioniert und welche Schritte können unternommen werden, um dennoch erfolgreich zu sein?Diese Fragen werden beantwortet:(02:01) Welche aktuellen Herausforderungen beeinflussen App- und Plattformentwickler, sowie dere...2024-05-1216 min
Cyber Sentries: AI Insight to Cloud SecurityAI Revolution in DevSecOps: Insights from John BushUnlocking the Power of AI in DevSecOpsIn this episode of Cyber Sentries, host John Richards sits down with John Bush, solutions architect at GitLab, to explore how artificial intelligence is transforming the day-to-day lives of developers. Bush, who has been coding since childhood, shares his insights on how AI is becoming embedded into every aspect of the DevSecOps pipeline, from writing code to identifying and remediating security vulnerabilities.John and Bush dive deep into GitLab's AI-powered features, collectively known as Duo, which are sprinkled throughout the software development process. They discuss how these features...2024-05-0833 minTalking Security: Insights from Microsoft Security Experts#34 - DevSecOps Series – Demystifying the Test ProcessWelcome to the latest episode of the TalkingSecurity podcast, where we delve into the world of DevSecOps. In this episode, “Demystifying the Test Process,” we unpack the essentials of testing and its significance in the DevSecOps pipeline.🔍 What’s Inside:- Automated Testing: Discover the transformative power of automation in testing.- Security Integration: Learn how to weave security seamlessly into your test processes.- Expert Advice: Hear from industry veterans about navigating the challenges of DevSecOps testing.🎧 Listen and Learn: Whether you’re a DevSecOps newbie or a seasoned pract...2024-05-0633 min
Cybersecurity Tech Brief By HackerNoon6 GitHub Repos for DevSecOps in 2024
This story was originally published on HackerNoon at: https://hackernoon.com/6-github-repos-for-devsecops-in-2024.
These are the essential building blocks and tidbits that can help you arrange for a DevSec Ops experiment or build out your own program.
Check more stories related to cybersecurity at: https://hackernoon.com/c/cybersecurity.
You can also check exclusive content about #devsecops, #github, #cybersecurity, #github-repos, #devsecops-guides, #devops-for-beginners, #devops, and more.
This story was written by: @nmishin. Learn more about this writer by checking @nmishin's about page,
and for more stories, please visit hackernoon.com.
Here, I've curated a list...2024-04-2305 min
DSO OverflowS4Ep4 - IoT, AI and DevSecOps with Darren RichardsonDSO Overflow S4EP4IoT, AI and DevSecOpswithDarren RichardsonIn this month's episode, Jess and Glenn speak with networking graduate, security enthusiast, coder and giant with a great bushy beard Darren Richardson from Eficode.Darren is an IT graduate specializing in system administration, network operation and information security with experience in Cisco IOS operation and network management. He has a passion for information security with a bias towards offensive security and ethical hacking.In this episode, Darren talks about the inherent security challenges of using...2024-04-0934 min
decodifyDevSecOps – wie lebt man eigentlich den Sec TeilDer Sec Teil in DevSecOps, nur ein Alibi oder eine Notwendigkeit? Wie lebt man den Security-Aspekt von DevOps, was heisst das praktisch für einen Entwickler oder eine IT-Abteilung?In dieser Folge von decodify widmen wir, Stefan, Ricky und Tom, uns dem spannenden Thema DevSecOps. Nach einen kurzen Recap zum Thema DevOps erörtern wir, was DevSecOps genau bedeutet und wie es sich von traditionellem DevOps und der klassischen Softwareentwicklung abhebt.Dabei beleuchten wir die zentrale Bedeutung der Sicherheit im Entwicklungsprozess, sprechen über die Schlüsselprinzipien, die für eine erfolgreiche Integration von Sicherheitsmaßnahmen notwendig sind, u...2024-04-0345 min
The DevSecOps Talks PodcastDEVSECOPS Talks #62 - The DevSecOps Perspective: Key Takeaways From Re:Invent 2023In this episode of DevSecOps Talks, Andrey and Mattias discuss the latest announcements from re:Invent 2023 that are most relevant to DevSecOps practitioners. Which announcements are worth paying attention to? What are the implications for the DevSecOps community? Join us as we dive into the latest developments from AWS.
Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners.
2024-03-0233 min
InfosecTrainIntroduction to DevSecOps | What is Software Development Lifecycle?In today's fast-paced tech world, understanding the intricacies of DevSecOps and the Software Development Lifecycle (SDLC) is crucial for anyone looking to excel in software development. This Podcast, "Introduction to DevSecOps" is your gateway to mastering these essential concepts. Throughout this session, we'll dive deep into the world of DevSecOps, exploring its significance in modern software development and how it integrates with the SDLC to enhance security, efficiency, and collaboration across development teams.
DevSecOps, a methodology that integrates security practices within the DevOps process, is rapidly becoming a necessity in software development. By listening to this Podcast, you'll understand...2024-02-291h 10
InfosecTrain10 Skills DevSecOps Engineers Must Master in 2024As per the ReportLinker report, the DevSecOps market is anticipated to expand at a 27.7% CAGR between 2022 and 2030, with an estimated market size exceeding USD 40.6 billion by 2030. This surge is primarily driven by the growing emphasis on security in software development and IT operations
In the modern age of advanced technology, the need for DevSecOps Engineers is surging significantly. As businesses seek to expedite their development procedures without compromising stringent security measures, these experts bridge the gaps between software development, security protocols, and operational efficiency. This article aims to delve into the most essential skill sets for DevSecOps En...2024-01-1505 min
Scaling Tech - The Blueprint for Successful Tech TeamsThe DevSecOps Playbook: Deliver Continuous Security at Speed with Sean D. MackWhat is DevSecOps, and how can we embrace it as we continue improving our systems development cycle?To answer this important question is Sean D. Mack, a transformational technology leader who has literally written the book, ‘The DevSecOps Playbook: Deliver Continuous Security at Speed’.Appreciating the crucial role that security (at speed!) plays in your DevOps process begins with understanding company culture. It’s not so much about understanding the tools (“moving to the cloud”) as it is about the People, Process, and Technology. All the sta...2023-12-1929 min
The Shaping Healthcare PodcastDriving Better Development, Delivery & Operational Excellence with DevSecOps by Madhu Madhanan, VP, DevSecOps Practice Lead at CitiusTechIn this episode of The Shaping Healthcare Podcast, we’re joined by Madhu Madhanan, Vice President and head of DevSecOps Practice at CitiusTech!Join them as they:Delve into the impact of AI in the healthcare industryTalk about what exactly DevSecOps isExplain why DevSecOps is like a superheroExplore how AI is freeing engineers of sluggish documentation processesMadhu Madhanan is Vice President and head of DevSecOps Practices at CitiusTech. Prior to this, he was with Wipro Digital for over 14 and a half years, his last role being the General Manager and Global Head of Agile-DevSecOps & SRE Transformation. If...2023-12-1557 minTalking Security: Insights from Microsoft Security Experts#32- DevSecOps series - Code security from a developer perspectiveCode Security is a crucial aspect of software development, especially in the era of DevSecOps. In this episode, three experts from different backgrounds and roles share their insights and experiences on how to code securely, what are the common pitfalls and best practices, and what tools and techniques can help developers and security analysts work together more effectively. Whether you are a developer, a security analyst, or a DevSecOps enthusiast, you will find this episode informative and inspiring. Tune in and learn more about Code Security from Sander ten Brinke, Pouyan Khabazi, and Frans Oudendorp.In this...2023-12-1446 min
Q & A Series with Suresh GPWhat is the Future of DevSecOps in a Recession? | Q & A series with Suresh GP | Episode 50In this 50th episode of the DevSecOps Q&A series, Suresh GP shares his insights on what the future of DevSecOps looks like in a recession. Suresh discusses the various trends that have been appearing in DevSecOps over the past few years and how they will continue to develop in the next few years. He also shares some of the challenges that organizations are facing currently with DevSecOps, and what can be done to overcome them.If you're interested in learning more about the future of DevSecOps in a recession, then this is a Q&A series...2023-12-1405 minQ & A Series with Suresh GPHow to get DevSecOps Certified | Q & A Series with Suresh GP | Episode 32How to get DevSecOps Certified? In this episode of the Q & A series, Suresh GP is going to cover 1. What is DevSecOps?2. How to get DevSecOps Certified?3. Agenda for the DevSecOps Training?2023-12-1405 minQ & A Series with Suresh GP10 Essential DevSecOps Metrics | QnA Series with Suresh GP | Ep 42The Q&A series with Suresh GP continues with this episode, where he covers 10 key DevSecOps metrics. This video is essential for anyone looking to improve their DevSecOps practices. Watch it to learn about the essential metrics that you need to measure to improve DevSecOps performance.In this video, Suresh GP discusses 10 essential DevSecOps metrics. He covers key areas such as incident response time, audit readiness, incident visibility, incident resolution time, application performance, and more.2023-12-1405 minQ & A Series with Suresh GPChallenges in implementing DevSecOps - Part 2 | Cyber Security | QnA Series with Suresh GP | Ep 41Challenges in implementing DevSecOps - Part 2 In this episode of the QnA Series with Suresh GP, we continue to discuss Challenges in implementing DevSecOps. In this episode, we discuss four more challenges that we’ve come across in our journey to implement DevSecOps.If you're new to DevSecOps or are struggling with any of the challenges, this series is for you! In this series, we discuss common challenges and how to overcome them. So if you're looking for solutions to your DevSecOps challenges, keep tuned for more episodes!Here are some of the cha...2023-12-1405 minQ & A Series with Suresh GPWhat is DevSecOps Practitioner Certification | QnA Series with Suresh GP | Episode 33How to get DevSecOps Practitioner Certification? In this episode of the QnA series, Suresh GP is going to cover 1. What is DevSecOps Practitioner?2. How to get DevSecOps Practitioner Certified?3. Agenda for the DevSecOps Practitioner Training?4. How to enroll for the upcoming DevSecOps Practitioner Training with TaUB Solutions?2023-12-1405 min
Download High-Quality Full Audiobooks in Non-Fiction, Computers & TechnologyThe DevSecOps Playbook: Deliver Continuous Security at Speed by Sean D. MackPlease visit https://thebookvoice.com/podcasts/1/audiobook/714159 to listen full audiobooks. Title: The DevSecOps Playbook: Deliver Continuous Security at Speed Author: Sean D. Mack Narrator: William Sarris Format: Unabridged Audiobook Length: 7 hours 9 minutes Release date: November 21, 2023 Genres: Computers & Technology Publisher's Summary: An essential and up-to-date guide to DevSecOps In The DevSecOps Playbook: Deliver Continuous Security at Speed, the chief information and information security officer at Wiley, Sean D. Mack, delivers an insightful and practical discussion of how to keep your business secure. You'll learn how to leverage the classic triad of people, process, and technology to build strong cybersecurity infrastructure...2023-11-2130 min
Scale to Zero - No Security Questions Left UnansweredUnleash the power of DevSecOps and Cloud-Native Security with Kayra Otaner | Ep-18 S2 | ScaletoZeroWe can't wait to uncover groundbreaking strategies that will revolutionize how we approach security in a cloud-native environment and DevSecOps. Let's empower our teams to build safer, faster, and more resilient applications together!
00:00 Trailer
01:05 Introduction to guest
05:00 Transition from DevOps to DevSecOps
07:40 Challenges of DevSecOps
10:40 Finding the right balance between shift left and SDLC
14:55 Keeping the right culture for an organization
17:40 Frictionless collaboration between security teams and DevOps teams
21:10 Security for organizations that are just starting on the cloud
23:40 Role of automation in the security of a cloud-native environment
27:20 Is using open source a good practice?
31:50 Evolution of DevOps...2023-11-1042 min
InfosecTrainCI/CD Pipeline Security in DevSecOpsA vital component of the DevSecOps concept is CI/CD pipeline security, which enables organizations to develop and release software while maintaining high security swiftly. Organizations can detect and fix vulnerabilities early in the development process by incorporating security measures into the pipeline, lowering the chance of security breaches. Some of the best practices organizations may use to increase the security of their CI/CD pipelines and build a more secure software delivery pipeline in the DevSecOps era include access control, automated testing, and secret management. Security in DevSecOps is not a gatekeeper but a facilitator of quick, secure...2023-10-2505 min
InfosecTrainWhat are the DevSecOps Practices for Security? | Embracing DevSecOps: Achieving Security ExcellenceWelcome to "Embracing DevSecOps: Achieving Security Excellence" - your go-to resource for integrating security into your DevOps practices! In this Session, we break down the importance of DevSecOps in modern software development, offer best practices, and help you navigate the challenges that come with it.
🔐 WHAT YOU'LL LEARN:
• Present State of Technology Advancement and Implementation.
• Key Challenges within the DevSecOps Landscape.
• Solution – Unveiling Pathways to Security Excellence.
👁🗨 WHO THIS Session IS FOR:
This Session is perfect for DevOps Engineers, Security Analysts, CTOs, or anyone looking to improve the security and efficiency of their software development process.
#DevSecOps #SecureCoding #SecurityAutomation #DevOpsSecurity #Shi...2023-09-2832 min
InfosecTrainWhy choose the DevSecOps Engineer course from InfosecTrain?What is DevSecOps?
DevSecOps, short for Development, Security, and Operations, is an approach to software development that integrates security practices into the entire Software Development Life Cycle (SDLC). It extends the principles of DevOps, which emphasizes collaboration and integration between development and IT operations teams, to include security considerations from the very beginning of the development process.
The DevSecOps Engineer’s objective is to make security an essential part of the development process rather than an afterthought or a distinct step. Organizations can establish a more proactive and simplified approach to discovering and addressing security vu...2023-09-1505 min
InfosecTrainWhy Choose DevSecOps Practical Course with InfosecTrain?What is DevSecOps?
A technique to software development known as DevSecOps, or Development, Security, and Operations, incorporates security practices across the whole Software Development Lifecycle (SDLC). It extends the principles of DevOps, which emphasizes collaboration and integration between development and IT operations teams, to include security considerations from the beginning of the development process.
What is the DevSecOps Practical Course with InfosecTrain?
The DevSecOps Practical training course from InfosecTrain offers participants an all-encompassing, hands-on learning experience, equipping them with the practical expertise needed to implement DevSecOps practices within the context of...2023-09-1205 min
Люди и кодDevSecOps: как защитить цепочки поставок ПО и создать безопасный софтСодержание выпуска
— Что такое DevOps, как и зачем придумали эту методологию, какие инструменты в ней задействованы.
— Цепочки поставок программного обеспечения: что это такое и из чего они состоят.
— Баги, уязвимости, бэкдоры и другие угрозы, которые несёт Open Source.
— Яркие примеры атак на цепочки поставок ПО.
— Что такое DevSecOps и какие проблемы «обычного» DevOps он решает. Понятие Shift left.
— Как выглядит работа DevSecOps-специалистов.
— Что такое software composition analysis и как он осуществляется.
— Как самостоятельно проверить безопасность пайплайнов: базовые принципы, SAST, Trivy и другие инструменты.
— Что почитать про DevSecOps. Фреймворки и концепции, которые полезно знать специалисту.
— Метрики и бенчмарки в DevSecOps.
Гость. Антон Башарин. Технический директор Swordfish Security, сооснователь платформы AppSec.Hub, архитектор продукта и ведущий эксперт по его развитию.
Общий опыт работы в IT — более 20 лет. Прошёл суровую школу от рядового разработчика до системного архитектора и руководителя команды разработки в Luxoft и EPAM Systems, участвовал в проектах для Boeing, Сбербанка и «Альфа-банка».Полезные ссылки
— Статья про бэкдор в event-stream https://habr.com/ru/articles/431360/— отчет Group IB о Redcurl https://www.facct.ru/resources/research-hub/red-curl/— блог Swordfish Security на Хабре https://habr.com/ru/companies/swordfish_security/articles/— YouTube-канал Swordfish Security https://www.youtube.com/@swordfishsecurity— Марк Миллер, «Epic Failures in DevSecOps: Volume 1» https://www.sonatype.com/thanks/white-paper-epic-failures-vol-1— Марк Миллер, «Epic Failures, Volume 2: Compliments of Sonatype» https://www.sonatype.com/thanks/white-paper-epic-failures-vol-2Предложить тему, стать гостем подкаста, похвалить или поругать выпуск: code.media@skillbox.ru, t.me/antoxa_s95
Стартовать в программировании вместе со Skillbox: skillbox.ru/code
Подписывайтесь, ставьте лайки, делитесь с друзьями и оставляйте комментарии!
2023-09-0750 min
InfosecTrainTop DevSecOps Interview Questions
With the rapid advancement of technology, it has become paramount to integrate security throughout the software development lifecycle. DevSecOps, which combines development, security, and operations, has emerged as a holistic approach to ensure that security is not overlooked but an inherent part of the entire software delivery process. Within the domain of DevSecOps, interviews play a pivotal role in assessing a candidate’s understanding of this integrated methodology and their ability to navigate the complex landscape of security-focused software development.
This article provides a collection of top DevSecOps job interview questions and answers. Whether you are preparing for an in...2023-08-1705 min
Relating to DevSecOpsEpisode #059: DevSecOps Pentesting, Possible or Preposturous?Send us a textIn this action-packed episode, Ken, Mike, and Izzy (Ken's cat) dive headfirst into the wild world of DevSecOps Penetration Testing – is it possible or downright preposterous? Can we truly automate pentesting in this breakneck DevSecOps environment, or are we chasing a cybersecurity unicorn?Discover the vital distinction between red team operations and adversarial simulations within the DevSecOps landscape. We strip back to basics, defining penetration testing and its critical role in security programs we're talking practical, actionable insights into building robust pentesting into your CI/CD pipelines and vulnerability management by le...2023-06-0843 min
SilverLining ILSilverLining Episode 59: Understanding the six pillars of DevSecopsGuest: Sam Sehgal, Co-Chair for the CSA DevSecOps working group and program Lead - DevSecOps Strategy and Architecture, Dell
Language: English
Abstract
DevSecOps, the integration of security practices into the DevOps methodology, has become a prominent topic in the field of information security in recent years. This approach emphasizes the collaboration between development, operations, and security teams throughout the software development lifecycle.
In this episode, we had the opportunity to speak with Sam Sehgal, co-chair for the DevSecOps Working Group (WG) at the Cloud Security Alliance (CSA). Sam shed li...2023-05-3032 min
DevSecOps Podcast#15 - Appsec, DevSecOps e Nuvem?Neste episódio especial, mergulhamos no emocionante mundo da segurança de aplicações e como ela se relaciona com a cultura DevSecOps. Vamos explorar as melhores práticas para garantir a segurança em todas as etapas SDL e como os profissionais de segurança podem trabalhar em colaboração com as equipes de desenvolvimento e operações. Batemos um papo com o especialista em segurança de aplicações, Magno Logan, que compartilha insights valiosos sobre os desafios comuns enfrentados pelas organizações quando se trata de garantir a segurança de seus aplicativos. Ele discute a importância de uma aborda...2023-05-2450 min
Cloud Security PodcastWhat is DevSecOps? DevSecOps with Cloud & AI explained for 2023Cloud Security Podcast - What is DevSecOps in 2023 especially in a world of Cloud and AI which is top of mind for both application security, developers, cybersecurity professionals. In this episode we will share how the updated definition of DevSecOps in 2023 has been redefined with Cloud and AI, also how does one measure success for DevSecOps.
Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv
FREE CLOUD BOOTCAMPs on www.cloudsecuritybootcamp.com
Host Twitter: Ashish Rajan (@hashishrajan)
Podcast Twitter - @CloudSecPod @CloudSecureNews
If you want to watch videos of...2023-05-2314 min
Cybersecurity Tech Brief By HackerNoonDevSecOps Principles and Key Steps for Securing the CI/CD Pipeline
This story was originally published on HackerNoon at: https://hackernoon.com/devsecops-principles-and-key-steps-for-securing-the-cicd-pipeline.
This article will discuss the fundamental principles of DevSecOps and provide key steps for securing your organization’s CI/CD Pipeline.
Check more stories related to cybersecurity at: https://hackernoon.com/c/cybersecurity.
You can also check exclusive content about #cybersecurity, #devsecops, #devsecops-open-source, #cybersecurity-tips, #cybersecurity-awareness, #cybersecurity-skills, #security, #cyber-security-awareness, and more.
This story was written by: @andreyg. Learn more about this writer by checking @andreyg's about page,
and for more stories, please visit hackernoon.com.
DevSecOps is a powerful approach that emerged to...2023-05-1716 min
Cognixia PodcastReshaping Developer Roles in DevSecOps with AIOne such area where artificial intelligence is making quite a mark is DevSecOps. We are going to take a quick minute here to tell everybody what is DevSecOps. DevSecOps is the practice of integrating security testing at every stage of the software development process. This would include the tools & processes which facilitate collaboration among developers, security specialists, operations team members, etc. to ensure that the final product, the software, or the application is both efficient and secure. To put it in a very simplified form, DevSecOps adds the element of security to the DevOps culture, weaving it into the...2023-05-0610 min
Software Engineering Institute (SEI) Webcast SeriesTop 5 Challenges to Overcome on Your DevSecOps JourneyHistorically, a lot of discussion in software security focused on the project level, emphasizing code scanning, penetration testing, reactive approaches for incident response, and so on. Today, the discussion has shifted to the program level to align with business objectives. In the ideal outcome of such a shift, software teams would act in alignment with business goals, organizational risk, and solution architecture and would understand that security practices are integral to business success. However, the shift from project- to program-level thinking brings lots of challenges. In this webcast, Hasan Yasar and Joe Yankel discuss the top 5 challenges and barriers...2023-05-031h 00
Security StreamАнтон Гаврилов - Что такое DevSecOps и зачем он нужен?Что такое DevSecOps и зачем он нужен?Откуда берутся DevSecOps-специалисты и что они должны уметь?Обсуждаем эти и другие вопросы с нашим гостем.В новом выпуске второго сезона – Антон Гаврилов, BDM по направлению DevSecOps в компании «Инфосистемы Джет».Автор и ведущий подкаста – менеджер по развитию UserGate Иван Чернов.Краткое содержание беседы:– Чем отличается DevOps от DevSecOps;– Кому нужен DevSecOps;– Где учиться начинающим AppSec и DevSecOps-специалистам и нужно ли уметь программировать;– Чему может научиться начинающий ИБшник у линуксового админа.2023-04-1050 min
The Virtual CISO PodcastEp 114: 4 Tactical Steps To Implementing DevSecOps In 2023DevSecOps is the practice of integrating security testing at every stage of the software development process. With DevSecOps, training and educating all teams in risk, security, and mitigation at all stages of development is a top priority– traditionally, app developers don't pay much attention to security, which increases the risk of vulnerable code being deployed and the application being compromised. To learn more about DevSecOps in this episode, your host John Verry, sits down with André Keartland, Solutions Architect with Netsurit Professional Services, to discuss tactical steps to implement DevSecOps in 2023.In this episode, Join us as...2023-03-2851 minCloud Security PodcastIS THERE DEVSECOPS IN CLOUD? 🤔Cloud Security Podcast - This month we are talking about "Cloud Security - the Leadership View" and for the final episode in this series, we spoke to Guy Podjarny ( GuyPo's Linkedin). If you are working on building or securing Cloud resources, can you truly imagine solving the next log4j or AWS/Azure/GCP vulnerability without including the help of Platform Engineers or IT engineers? This is the bigger picture of what we CyberSecurity people have to do day in day out. We work with wider team members
Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www...2023-03-2850 minSoftware Engineering Institute (SEI) Webcast SeriesDoes your DevSecOps Pipeline only Function as Intended?Understanding and articulating cybersecurity risk is hard. With the adoption of DevSecOps tools and techniques and the increased coupling between the product being built and the tools used to build them, the attack surface of the product continues to grow by incorporating segments of the development environment. Thus, many enterprises are concerned that DevSecOps pipeline weaknesses can be abused to inject exploitable vulnerabilities into their products and services. Using Model Based Systems Engineering (MBSE), a DevSecOps model can be built that considers system assurance and enables organizations to design and execute a fully integrated DevSecOps strategy in...2023-01-1352 min
Software Engineering Institute (SEI) Podcast SeriesA Platform-Independent Model for DevSecOpsDevSecOps encompasses all the best software engineering principles known today with an emphasis on faster delivery through increased collaboration of all stakeholders resulting in more secure, useable, and higher-quality software systems. In this podcast from the Carnegie Mellon University Software Engineering Institute, researchers Tim Chick and Joe Yankel present a DevSecOps Platform-Independent Model (PIM), which uses model based systems engineering (MBSE) to formalize the practices of DevSecOps pipelines and organize relevant guidance. This first-of-its-kind model gives software development enterprises the structure and articulation needed for creating, maintaining, securing, and improving DevSecOps pipelines.2022-09-0823 min
Adventures in DevOpsTransforming from DevOps to DevSecOps - DevOps 130With recent high-profile software supply chain breaches and President Biden's Executive Order to improve the nation's cybersecurity, there is an increase in the urgency for businesses and governments to move to DevSecOps. How shall your enterprise integrate security with its DevOps process? Today on the show, Will Kelly outlines his approach to transforming from DevOps to DevSecOps. In this episode…What is DevSecOps?Startups vs large enterprisesFirst steps to making changes internally Common pitfalls with security Advocating for security Software supply chain security SponsorsTop End DevsRaygun | Click here to get started on your free 14-day trialCoaching | Top End...2022-09-0846 min
CXOInsights by CXOCIETYPodChats for FutureCIO: How DevOps practitioners see DevSecOpsGina Smith, a research manager for DevOps in Asia/Pacific with IDC explains that with the COVID-19 pandemic going into its third year, Asia/Pacific organizations are looking to DevOps processes and practices now more than ever. "The need to deliver evocative and secure applications and services is unrelenting. Mature DevOps efforts will combine IT, development, and business resources to help organizations stay competitive and resilient moving forward," she adds.Gartner predicts that through 2022, 75% of DevOps initiatives will fail to meet expectations due to issues around organizational learning and change.2022-09-0615 min
RSA ConferenceWhat is DevSecOps and why is it important?Integrating security into the development lifecycle can be a challenge, especially for those who don’t understand why security matters to development and operations. What’s the ROI of DevSecOps? What are the key KPIs? Join us for an insightful conversation that explains why DevSecOps is important while shining a spotlight on some DevSecOps bloopers to avoid. Our guests will also expose the cost of bad DevSecOps and offer suggestions for how to measure developers on security.
Speakers:
Keenan Skelly, CEO, Shadowbyte
Stephanie Simpson, Vice President of Product, SCYTHE2022-06-1718 minRelating to DevSecOpsEpisode #045: What is DevSecOps in 2022 an R2DSO anniversary reduxSend us a textMike and Ken take it back to the roots with a special anniversary episode on what is DevSecOps. Since we started this podcast we've had a lot of topics that fit the overall DevSecOps buzzsord, but in this episode we talk about some of the evolution DevSecOps has gone through, how it's perceived in the industry and market today and some hot takes on what's changed. The good, the bad, and the ugly. We leave it to you to decide, has DevSecOps lost it's marketing shine and buzzword status?2022-06-1035 min
Post Mortem#19 Le DevSecOps à l'US Air ForceLe Department of Defense américain, c’est plus de 2.9 millions de personnels dont plus de 320 000 personnels à l’U.S. Air Force.
Déployer et maintenir du logiciel opérationnel à cette échelle - dans un contexte de compétition international grandissante - nécessite de pouvoir ajuster rapidement ses priorités, de prototyper et déployer des solutions sous courtes échéances.
Bref, de pouvoir pousser en production en quelques heures (voir minutes) et non plus en mois, cela avec des contraintes fortes en cybersécurité.
Nicolas Chaillan fut le...2022-06-0530 min
Café Debug seu podcast de tecnologia#93 O que é DevSecOps?Fizemos um bate papo sobre DevSecOps, que significa desenvolvimento segurança e operações. Ou seja, é pensar na segurança da aplicação e da infraestrutura desde o ínicio. Talvez seja um tema novo para você ou não, equipes devem automatizar a segurança para proteger seu ambiente e os dados. Assuntos abordados no tema O que é DevSecOps? Sobre abordagens DevSecOps: Shift-left Descentralizar a segurança: difundir segurança em outros times Técnicas de segurança e seu uso durante o processo CI/CD Como funciona o processo de automatização da segurança do DevSecOps? Fator...2022-03-2153 min
DevOps State of MindWhat do DevSecOps and Formula 1 have in common?Episode Summary: Is DevSecOps the answer to effective cloud migration? In this episode Liesse will talk to Josh Minthorne, Co-founder and Global Technology Director of Axcelinno. Axcelinno is an IT Technology Consultancy and Professional Services company that helps organizations define and implement their DevSecOps adoption and cloud migration. Liesse and Josh will talk about why the security landscape has made companies hesitant to move to the cloud and what they can do to migrate with confidence. About: Josh Minthorne, Co-founder and Global Technology Director of AxcelinnoJosh combines his passion for technology and innovation to h...2022-02-1532 min
The Somerford PodcastWhat is DevSecOps and why do we need it?—Splunk Observability explained: Ft. Splunk DevOps AdvocateAnne is once again joined by Chris Riley, Technology Advocate at Splunk, for a conversation about DevSecOps. They explore "What is DevSecOps and why do we need it?", alongside tangible examples and getting realistic with customer challenges and what next steps they should take.✓ Watch/Read Chris Riley's "Enabling DevSecOps and Securing the Software Factory With Splunk" .conf21 session:▶ https://www.somerfordassociates.com/devsecops-explained-splunk-observability-podcast-register/✓ Register for our 'Splunk4Rookies - Observability' Virtual Workshops: ▶ https://www.somerfordassociates.com/splunk-devops-virtual-workshop/━━━━▶ Listen on Spotify: https://open.spotify.com/show/00soJ9kAQuVCh9EBRHOGzJ▶ Listen on Goo...2022-01-1438 min
Хабр ПодкастыХабр ПРО // Треугольник DevSecOps: как объединить инструменты, процессы и знания о безопасностиНастраивать и контролировать процессы в IT-компании не проще, чем пилить код. Преуспеть в этом помогает DevOps, естественным продолжением которого в сфере информационной безопасности стал DevSecOps. О нём и поговорим.
Вместе с нашими гостями мы рассмотрели Ивана-царевича как модель угрозы; обсудили, как быть на шаг впереди злоумышленников; как сложить слово «безопасность» из процессов, инструментов и знаний; какая главная цель DevSecOps, как перейти к нему от DevOps и с чего надо начиать внедрение и изучение этих практик.
Мы взглянули на вопрос с двух сторон: реализации на практике и разработки инструментов. В этом нам помогли Алексей Бабенко, лидер команды тестирования безопасности приложений (Мир Plat.Form) и Алексей Жуков, руководитель направления по развитию продуктов обеспечения процесса безопасной разработки (Positive Technologies).
1:20 Объясняем концепцию DevSecOps на примере бессмертия Кощея
6:50 Безопасник — не враг: DevSecOps — глазами пользователя и производителей инструментов
13:50 «Ребята в худи – это мы сами». Не просто искать баги, а предотвращать их появление
18:20 DevSecOps – надстройка над DevOps или нечто большее
22:50 Как от DevOps прейти к DevSecOps, какие препятствия и сложности возникают
32:20 Определяем, соответствуют ли ваши процессы концепции безопасной разработки
32:20 Подходы, инструменты, люди – что важнее для DevSecOps (или зачем нужны отчёты на 100500 страниц)
38:40 Как безопаснику найти союзников среди разработчиков
42:30 С каких процессов начать переход к безопасному пайплайну разработки
51:20 Почему баги находят, но ничего с ними не делают (и как начать делать)
55:50 «Как стать DevSecOps и сделать это хорошо»: что почитать/посмотреть по теме
Прямой эфир прошёл 09 декабря. Запись доступна тут: https://youtu.be/rz_TjUmfY-Q2021-12-101h 04
МимокрокодилВыпуск #12 - Денис Якимов. Про devsecops в большом банке и медийность с автором DevSecOps Wine канала.В этот раз у нас в гостях Денис Якимов занимающий позицию Head of DevSecOps в одном из крупнейших банков России, в широких кругах известен как автор нескольких популярных телеграмм каналов, таких как DevSecOps Wine CloudSec Wine и AppSec & DevSecOps Jobs.
Денис рассказал чем занимается человек на такой уникальной для СНГ позиции как Head of DevSecOps, что в ходит в круг его задач и поделится опытом их решения. Вторая часть подкаста освещает тему медийности в ИБ и её влияние на карьеру. Кажется, вышло интересно!
Внутри
- Как Денис пришел к текущей позиции
- Мнение Дениса о роли devsecops практик в ландшафте защиты компании
- Какие стоит покупать, а где лучший друг open source
- История развития DevSecOps wine канала
- Рассуждения не тему роли медийности в карьере ИБ специалиста2021-12-0853 min
Effekten | digitalisering - kunskapDevSecOps – att utveckla säkert. Torbjörn Andersson (#170)Devops handlar om att föra samman systemutveckling och drift i iterativa loopar för att arbeta mer agilt. Lägg sedan till att det alltid finns hot mot systemet, som behöver hanteras, och vi får devsecops: Development Security Operations, ett sätt att integrera säkerhet i utvecklingsprocessen. Okej, det var många buzzwords i en mening… I detta avsnitt avdramatiserar vår säkerhetsexpert Torbjörn säkerhetsarbetet. Förr hade man ett säkerhetsteam; nu ska alla utvecklare ha säkerhetshatten på för att utveckla och leverera kontinuerligt på ett säkert sätt.
"Man ska alltid ha en s...2021-11-2922 min
Resilient CyberS2E6: Tracy Bannon - DevSecOps, Innovation & The Public SectorChris - We know you are extremely passionate about DevSecOps in Government. What do you think some of the biggest impediments for widespread Government adoption of DevSecOps is?Nikki - I see you spoke recently about minimum viable continuous delivery - can you tell us a little bit about what that is and what it means? And what you think the possible implications may be on development cycles? Chris - Do you feel there is often a disconnect between leadership and practitioners when it comes to successful DevSecOps implementation, and if so, what do you t...2021-11-0926 min
DSO OverflowEP15: DevSecOps PersonasIn this episode, Steve and Glenn speak with Ed Tucker and Gary Robinson about the differences between DevSecOps personas.DevSecOps Personas – what Developers, Security, and Operations think when it comes to people/tech/processes/culture when it comes to rolling out DevSecOps programs. Each of these teams have different drivers, ambitions, blockers, and challenges when it comes to a successful DevSecOps program. As Dale Carnegie said, ‘The only way to get anyone to do anything, is to make them want to do it’ - all the tech and process in the world isn’t going to make it successf...2021-10-2553 min
SilverLining ILSilverLining Episode 42: How to mature devsecops operationsGuest: Hemi Gur-Ary
Guest Title: Co-Founder & CEO at VATA
Abstract:
Various organizations around the world are struggling to build & mature their devsecops operations. DSOM (Devsecops Maturity Model) is an OWASP project designed to help organizations plan and prioritize their devsecops strategies. In this episode, Hemi Gur-Ary, co-founder at VATA and senior devsecops consultant, shares his insights about DSOM and how organizations can use it for reshaping their devsecops practices.
2021-10-0619 min
Konia PodcastEpisódio #5 - Jornada DevSecOpsNeste episódio especial conversaremos sobre DevSecOps, seus pilares, sua cultura e principalmente experiencias práticas através de uma Jornada DevSecOps. Participe da conversa e compartilhe sua experiência conosco.Pauta: O que é DevSecOps? DevSecOps é uma evolução do DevOps? Pessoas, processos, ferramentas... Qual a relação destes pilares do processo de DevSecOps e o seu negócio? Quando falamos da adoção de um cultura DevSecOps, estamos falando de qual nível de abrangência, ou seja, qual ou quais partes do ciclo de desenvolvimento alcançamos? Quais os principais desafios para se adotar um processo de D...2021-07-3053 min
DSO OverflowEp11: From Zero To a DevSecOps HeroLearning or knowing what to study in the field of security is a tough subject in it's own right. Join us with Marcus and Josh where we understand what best practices they follow them.Please visit our YouTube Channel to see Marcus present in our May 2021 Gathering (monthly meet-up).Guest Speakers:Marcus Maxwell:Marcus Maxwell is a Principal Consultant at Contino. He has spent the last 5 years helping large enterprises with building out their Kubernetes clusters, migrating to cloud and most recently with the cloud security programmes. Marcus has given talks b...2021-06-0639 min
401 Access DeniedTransitioning to DevSecOps with Bella Trenkova | The Cybrary Podcast Ep. 61In this episode of the Cybrary Podcast, Mike Gruen, the CISO at Cybrary, sits down with Bella Trenkova, the Founder of Ardigent Consulting, which offers Agile and DevSecOps services and coaching. Mike and Bella discuss the importance of and the common misconceptions about DevSecOps. They do a deep dive into the nuances of investing in DevSecOps for any company as well as transitioning into a DevSecOps team.
Don't forget to rate, review & subscribe to us on Apple Podcasts, Spotify, and YouTube!
Check out Cybrary Now!!!
~Cybrary
Follow Thor on Twitter!
2021-05-2648 minSoftware Engineering Institute (SEI) Webcast SeriesSoftware Supply Chain Concerns for DevSecOps ProgramsIn a DevSecOps world the software supply chain extends beyond libraries upon which developed software depends. In this webinar we will look at the Solarwinds incident as a worst-case exemplifying the breadth of the software supply chain issues confronting complex DevSecOps programs. We will explore the important architectural aspects of DevSecOps that are impacted by the software supply chain that require attention and potential mitigations to detect and respond to potential incidents. What attendees will learn: • The software supply chain issue is broad and impacts multiple aspects of DevSecOps • Programs need to be awar...2021-05-201h 03
АйТиБорода#119 - Кибербез как процесс разработки / Кто такие DevSecOps’еры / Денис КораблевСегодня мы узнаем, как принципы кибербезопасности внедряются в процесс разработки, помогают от атак хакеров, и помагают программистам делать действительно качественный код. В гостях Products Director компании Positive Technologies Денис Кораблёв.
В выпуске мы поговорили про технический опыт Дениса (а он у него ооочень богатый), про концепции из DevSecOps: SSDL, SCA, NVD, DAST, SAST, RASP и про внедрение подходов к написанию безопасного кода.
Так что, заваривайте чаинский/кофеинский и погнали, будет кайфово!😉
ДОП. МАТЕРИАЛЫ:
- Positive Technologies: https://www.ptsecurity.com
- Материалы и ссылки из выпуска: https://t.me/itbeard/605
- Видео-версия выпуска: https://youtu.be/pfyguvafIS8
- Стать спонсором канала: https://www.youtube.com/itbeard/join
НАВИГАЦИЯ:
0:00 - Начало
3:16 - Продажа газет
7:04 - Физмат лицей
15:36 - Университет
22:37 - Поездка в Канаду
26:30 - Законный перехват трафика
31:48 - Работа в банке с low latency
32:48 - Алготрейдинг
37:36 - Собеседование в Skype
42:10 - Уход из Skype
43:12 - Как попал в Positive Technologies
51:30 - Что такое DevSecOps
53:20 - Почему раработчики не думают об уязвимостях
59:20 - Про внедрение DevSecOps в команде
1:12:15 - Виртуальные патчи
1:12:51 - Что меняется в процессах команды при внедрении DevSecOps
1:14:35 - Кто отвечает за периметр
1:15:27 - Security Champios
1:23:29 - Инструменты DevSecOps: SSDL, SCA, NVD, DAST, SAST etc.
1:25:56 - Динамические сканеры
1:26:58 - Статические сканеры
1:32:40 - Runtime Application Self Protection - RASP
1:36:05 - Безобасность зависимостей
1:37:00 - Конференции и источники информации
1:38:40 - РАНДОМ: SPA, за что бить разрабов и художественная литература
1:53:00 - КОНКУРС
МОИ КОНТАКТЫ:
- Подпишись на этот YouTube канал :)
- Telegram: https://t.me/itbeard
- Instagram: https://instagram.com/itbeard
- Twitter: https://twitter.com/iamitbeard
- SoundCloud: https://soundcloud.com/itbeard
- Discord: https://discord.gg/it
- Сайт: https://itbeard.com
#айтиборода #ityoutubersru #devsecops2021-04-211h 54
ATARC Federal IT NewscastFederal DevSecOps: Pushing ForwardDevSecOps within the Federal landscape has been a topic of growing priority, implementation, and necessity over the past several years. Join this webinar to hear from leaders in DevSecOps practices as they discuss the current status, modern projects, and drive forward of Federal DevSecOps platforms used to push IT modernization, operational efficiency, and cybersecurity. Listen as topic experts discuss the middle point of where DevSecOps, Zero Trust, and enterprise IT as a service (ITaaS) meet, and create effective, secure, modern, operational systems within the Federal IT ecosystem. Hear first-hand the current status, challenges, successes, and vision for the future...2021-03-221h 03Software Engineering Institute (SEI) Webcast SeriesModeling DevSecOps to Reduce the Time-to-Deploy and Increase ResiliencyMany organizations struggle in applying DevSecOps practices and principles in a cybersecurity-constrained environment because programs lack a consistent basis for managing software intensive development, cybersecurity, and operations in a high-speed lifecycle. We will discuss how an authoritative reference, or Platform Independent Model (PIM), is needed to fully design and execute an integrated DevSecOps strategy in which all stakeholder needs are addressed, such as engineering security into all aspects of the DevSecOps pipeline to include both the pipeline and the deployed system. We will discuss how a PIM of a DevSecOps system can be used to 1) Specify the...2021-03-1159 min
Tech 'n Savvy3' Put the Security in DevSecOps with Abdel Sy FaneApril and Emily interview Abdel Sy Fane, a security manager with over 10 years of experience. They discuss how Abdel got into tech, DevSecOps, personal cybersecurity tips, and more!00:00 Intro + How Abdel got into tech and DevSecOps10:29 What is CSNP?13:11 Personal Cybersecurity Tips20:39 DevSecOps Overview41:33 A Day in the life of a DevSecOps engineer49:09 CyberSecurity and DevSecOps career adviceResources Mentioned (not owned or created by us!)OWASP: https://owasp.org/Awesome DevSecOps: https://github.com/devsecops/awesome-devsecopsAwesome Ethical Hacking Resources: https://github.com/husnainfareed/Awesome-Ethical-Hacking-ResourcesA...2021-02-231h 04
Meet The GurusHow DevSecOps Skills Distinguish You | Tim Chase | Paul Siegel | Meet The GurusIn this Meet the Gurus session, Tim Chase takes us on the DevSecOps journey and helps you to understand how it is a vital skill in every engineer's toolkit.What will you learn? The average DevSecOps Engineer salary (USA) is $140,000 per year or $71.79 per hour. Entry-level positions start at $78,000 per year while most experienced workers make up to $205,000 per year. DevSecOps isn't going away anytime soon as Cloud computing, data science, IoT and related technologies explode. Education and training are vital skills to differentiate the DevSecOps engineer. You can learn DevSecOps from master trainers.About...2021-02-1930 min
The OWASP Podcast SeriesThe Ops Side of DevSecOps w/ Damon EdwardsWhen Shannon Lietz and the team at DevSecOps.org published the DevSecOps Manifesto six years ago, security was uppermost in their minds. The manifesto starts with a call to arms…
“Through Security as Code, we have and will learn that there is simply a better way for security practitioners, like us, to operate and contribute value with less friction. We know we must adapt our ways quickly and foster innovation to ensure data security and privacy issues are not left behind because we were too slow to change.”
The effect of the DevSecOps movement was not understood by many, other than t...2021-01-2924 min
Master of NoneDevSecOps - Security is not an afterthoughtDevSecOps is a relatively new term coined that focus on the collaboration between Application Development, Operations and Security Teams coming together to deliver applications and software in an agile fashion in an iterative, faster and secure way.
In this podcast, we discuss the reason why DevSecOps have come into focus in the last few years. And for teams to start adopting DevSecOps practices, what are different aspects, perspectives and approaches that need to be considered are also briefly touched upon. Threat Modelling is the starting point to understand the security posture, identifying gaps and prioritize critical aspects...2021-01-2336 minATARC Federal IT NewscastDevSecOps Coffee Chat with Ian Anderson, Lead DevSecOps Engineer, Naval Sea Systems CommandOn this week's DevSecOps Coffee Chat, we sat down with Lead DevSecOps Engineer for the Naval Sea Systems Command, Ian Anderson. Ian shared with us some of the projects he has been working on and how covid has shaped our way of doing DevSecOps - Making processes more rigorous and increasing productivity!2020-12-2825 min
CXOInsights by CXOCIETYPodChats for FutureCIO: Making a business case for DevSecOpsDevSecOps attempts to bring security into the DevOps methodology by integrating security testing into the continuous integration and continuous delivery pipelines. As a practice, DevSecOps is still very nascent in development teams. According to the WhiteHat Security report, 2019 Application Security Statistics Report, an average of more than 50% of apps are always vulnerable for organisations that have not adopted DevSecOps. FutureCIO spoke to Gina Smith, research manager at IDC Asia to get her perspective on the state of DevSecOps in the region. 2020-10-1816 min
ShadowTalk: Powered by ReliaQuestWeekly: Torigon, Nulledflix, and BlueLeaks, Plus DevSecOps Insights From DS CISO RickAlex, Kacey, Charles and Rick host this week’s ShadowTalk to bring you the latest threat intelligence stories. This week they cover: Torigon - What was Torigon and how did it fail to survive?Nulledflix - The Nulled-focused streaming service taken down immediately for maintenanceBlueLeaks exposing private law enforcement filesDevSecOps and how it can be useful to your organizationGet this week’s intelligence summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-26-june-2020Plus, check out this page for more on DevSecOps: https://www.digitalshadows.com/blog-and-research/devsecops-modern-software-development/To learn more about DevSecOps product updates in SearchLight, check out the webinar at...2020-06-2621 min
Business & Technology Insights from CapgeminiDevSecOps- Agile security in a world of fast digitalIn today’s digitally enabled world, organisations are constantly evolving their products and services to maintain a competitive advantage with the customer. Cloud Computing and software development practices such as DevOps enable organisations to achieve high levels of agility, but often do so at the expense of security. Traditional Security practices are failing to evolve at the same rate, and this has resulted in a number of high-profile organisations fall foul to cyber-attacks. However, if done correct, DevSecOps offers a solution to this problem. Join two DevSecOps experts from Capgemini Invent and Secure Code Warrior, as they discuss what DevSecOps me...2020-04-1731 min
Application Security PodCastGeoff Hill — AppSec, DevSecOps, and DiplomacyGeoffrey Hill is an AppSec DevSecOps leader and Architect. Geoff joins us to discuss his experiences rolling out DevSecOps in both Agile and non-Agile practicing shops. We hope you enjoy this conversation with...Geoff Hill.
The post Geoff Hill — AppSec, DevSecOps, and Diplomacy appeared first on Security Journey Podcasts.2020-01-0900 min
All Jupiter Broadcasting Shows411 DevSecOps: Karthik Gaekwad | Jupiter Extras 37Ell and Wes sit down with Karthik Gaekwad to sort through the buzzword bingo and explain what DevSecOps is, what it isn’t, and why security should be part of the full lifecycle of your apps.Special Guest: Karthik Gaekwad.Sponsored By:Linux Academy: Give yourself a year of opportunity and save $150. Get a full year of Hands-On Cloud Training. Limited time Black Friday Offer.Links:Linux Academy Black Friday Sale — Give yourself a year of opportunity and save $150. Get a full year of Hands-On Cloud Training. Limited time Black Friday Offe...2019-12-0600 min
BeerSecOpsEP05: With Michael Man, The Creator and Organizer of The DevSecOps London GatheringSteve Giguere of Aqua Security met Michael Man, the creator and organizer of the DevSecOps London Gathering Meetup, who just won the DevSecCon Security leadership award for OUTSTANDING DEVSECOPS COMMUNITY OF 2019. Listen to this podcast to learn about these London-based events, how it all started and where it's going.
Related Links:
DevSecOps London Gathering Meetup
https://www.meetup.com/DevSecOps-London-Gathering/
Follow Michael Man on Twitter
https://twitter.com/DevSecOps_LG
Follow Michael Man on LinkedIn
https://www.linkedin.com/in/michael-man-38517342019-11-2634 min
The OWASP Podcast SeriesDevOps, DevSecOps and the Year Ahead w/ Sacha LaboureyOnce a year, Sacha Labourey and I sit down to discuss the past year and what the coming year looks like for DevOps and Jenkins. As CEO of CloudBees, Sacha has broad visibility into the progress of the DevOps/DevSecOps communities. We started our talk this year, commenting on the growth of the Jenkins World conference, with over 2000 attendees... what does Sacha attribute that to and does it coincide with the growth within the DevOps community. We continued our discussion by examining how cultural transformation within a company must align with the tools that are available to help with that...2019-10-0733 min
0d - Zeroday0d049 - DevSecOps - Des Unternehmens feuchter Traum / Des Entwicklers Graus
In der wohl chaotischsten Sendung seit bestehen des Podcasts geht es heute um das Buzzword “DevSecOps”. Vorher gab es aber so viel Probleme, dass die Sendung einfach ein wenig chaotisch wurde, da auch Svens Verbindung mitten drin abgebrochen ist und er auf sein LTE-Netz zurückgreifen musste.
Hausmeisterei
Das erste Mal…remote (mit 2,5h Audio-Setup vorweg…)
Der Rubel Rollt. Danke an alle die uns etwas in den Becher werfen.
Datenverluste
17.09.2019: Millions of Lion Air Passenger Records Exposed and Exchanged on Forums
17.09.2019: Gootkit malware crew left their database exposed online without a password...2019-09-272h 11
The ObjectSharp PodcastDevSecOps: Security Driven Development with Azure Security CenterIn this episode, we chat with Shane Castle, ObjectSharp's Cloud Practice Lead, and Ahmad Harb, Senior Cloud Consultant with ObjectSharp, about the changing role of security with cloud-native and serverless architectures. Shane and Ahmad help us unpack the "buzzword" of DevSecOps, think about the role of security in modern software development, introduce us to tooling in Azure Security Center, and give us practical advice and guidance on how to get started with security driven development right now.
Minutes
00:30 - Introduction to today’s show on Azure DevOps with guests Dave Lloyd and Martin Woodward
3:15- Shane Ca...2019-09-0334 min
Adelaide .NET User Group PodcastPutting
the Sec in DevSecOps with Jakob PenningtonDevSecOps seems to be the flavour of the month when it comes to software security. Is this just a buzzword, an ideology that's only applicable in unicorn start-ups, or are there tools and practices that we should be using to write more secure code. In his talk, Jakob explores DevSecOps as an approach to avoiding the common issues he sees as a penetration tester, and presents a process to build out a DevSecOps pipeline.2019-03-1300 min
DevOps ChatDevSecOps @ RSA Conference with James Wickett and Shannon LietzThe RSA Conference is just a month away. Once again RSAC promises to be the place where the world gathers around security. With upwards of 50,000 people attending, it is big by anyone's standard.
If you haven't already registered, here is a code for $100 dollars off a full conference pass (all sessions), 1U9DEVOPSFD
or get a free expo pass, 1U9DEVOPSXP
DevSecOps will be center stage this year, literally. Shannon Lietz, the found of DevSecOps.org will be keynoting as well as leading a week long track on DevSecOps. Appearing with Shannon, is another leader of the DevSecOps community, James...2019-02-0717 min
DevOps ChatThe DevSecOps Scene at RSA Conference 2019 w/ Shannon LietzThe RSA Conference is just a month away. Once again RSAC promises to be the place where the world gathers around security. With upwards of 50,000 people attending, it is big by anyone's standard.
If you haven't already registered, here is a code for $100 dollars off a full conference pass (all sessions), 1U9DEVOPSFD a free expo pass,
1U9DEVOPSXP
DevSecOps will be center stage this year, literally. Shannon Lietz, the found of DevSecOps.org will be keynoting as well as leading a week long track on DevSecOps. Shannon is our guest in this DevOps Chat.
Part 2 of this chat where...2019-02-0518 min
A Hard Look at Software SecurityData Supports DevSecOps PracticesIn this episode, we will look at the emergence of DevSecOps in the enterprise. Tim Jarrett, Senior Director of Product Marketing with Veracode, joins us to explain the goal of building security into the software development process at the outset. Listeners will learn more about: • What research says about the effectiveness of DevSecOps • The core principles of DevSecOps • What is holding DevSecOps back from going mainstream? • Predictions on where this practice is heading in the future2019-01-2917 min
DevOps ChatJames Wickett, Signal Sciences, DevSecOps 2019James Wickett is the man to go to for DevSecOps. The founder of the Rugged DevOps movement which has merged into the DevSecOps group, James is one of the most knowledgeable people on the subject of DevSecOps.
In this DevOps Chat James shares his views on what is on the horizon for DevSecOps and what are the most important things we can do to make our teams more secure. Have a listen as James gives us his take. Also look for the video of this interview on DevOps.com2018-11-2933 min
Cloud Engineering Archives - Software Engineering DailyDevSecOps with Edward Thomson
DevSecOps emphasizes moving security out of a siloed audit process and distributing security practices throughout the software supply chain.
In the past, software development usually followed a waterfall development process. Each step in building software was serialized, one after another. First, software was planned. Then it was built. Then it was tested. Finally, the software received a security audit at the end. If a security vulnerability was not discovered during that audit, it was likely that the software would be released with the vulnerability.
With continuous delivery, we can be continuously checking for...2018-10-2349 min