Podcast about DevSecOps

We talk like no one is listening except that we record it

This is the show by and for DevSecOps practitioners who are trying to survive information overload, get through marketing nonsense, do right technology bets, help their organizations to deliver value and last but not the least to have some fun. Tune in for talks about technology, ways of working and news from DevSecOps.

We created this podcast because we realized that we were not the only ones to struggle with security on a daily basis. It is also difficult to find information without marketing content or a product pitch. We don’t intend to sell anything, now or later.

This show is not sponsored by any technology vendor and we are trying to be as unbiased as possible. We talk like no one is listening! For good or bad ๐Ÿ˜‰.

Want to join discussion?

Discuss or suggest topics for upcoming episodes, chat with podcast guests, hosts and fans at the podcast’s Gitter channel

What is DevSecOps

As DevOps improved the collaboration between developers (dev) and operations (ops), DevSecOps includes security aspects into the development and operation of applications. It adds the dimension of security to a DevOps culture.

Enjoy the talks and feel free to participate.

Andrey feels frustrated that he has to develop a way to configure environments for every customer. Think for yourself - you arrive at a new project or company. It is day one, and you need to get the right tools as well as the correct environment configuration. During this episode, we are trying to figure out how companies solve it. And is there a standard solution? What are the options?

Henrik Hoegh is back to talk about his experiences working in the platform team at his new job, but before that, we are getting through the following topics:

  • bash is the future of automation (not really, but some people think so)
  • building multi-cloud solutions using k8s and service mesh solutions
  • Shuttle - CLI for handling shared build and deploy tools between projects no matter what technologies the projects are using https://github.com/lunarway/shuttle
  • when is it the time to start looking into the building application delivery platform
  • platform team as an enabler or evil gatekeeper
  • team topology

us-east-1 will never go down, and if it would, half of the internet would go down. It is what people used to say. So, us-east-1 went down big time. What does it mean for us as practitioners? What should we consider going forward? In this episode, we talk through the incident and disaster recovery strategies you can consider to keep your company up

We have had Git around for more than 15 years, and during that time, it has become a standard de-facto to share code and track code changes. While Git is a superior version control system to most of what we have seen before, it has been 15 years since the first release. Should we be looking for new ways to approach version control systems? Is the time right for the next generation of tools in this area?

Our first episode was about Infrastructure as code, and we feel that it is time to revisit the topic after almost two years. Another reason is the release of the second edition of Infrastructure as Code book by Keif Morris. Thus, in this episode, we revisit the definition of Infrastructure as code and try to summarize what has changed over the years. We hope you like it!

Everyone seems to be talking about service mesh. Mattias, Julien, and Andrey are trying to separate hype and real value. Most importantly, they dig into when is the good time for the organization is to embrace service mesh and what are the prerequisites.