Podcast about DevSecOps

We talk like no one is listening except that we record it

This is the show by and for DevSecOps practitioners who are trying to survive information overload, get through marketing nonsense, do right technology bets, help their organizations to deliver value and last but not the least to have some fun. Tune in for talks about technology, ways of working and news from DevSecOps.

We created this podcast because we realized that we were not the only ones to struggle with security on a daily basis. It is also difficult to find information without marketing content or a product pitch. We don’t intend to sell anything, now or later.

This show is not sponsored by any technology vendor and we are trying to be as unbiased as possible. We talk like no one is listening! For good or bad 😉.

Want to join discussion?

Discuss or suggest topics for upcoming episodes, chat with podcast guests, hosts and fans at the podcast’s Gitter channel

What is DevSecOps

As DevOps improved the collaboration between developers (dev) and operations (ops), DevSecOps includes security aspects into the development and operation of applications. It adds the dimension of security to a DevOps culture.

Enjoy the talks and feel free to participate.

How do you start to implement a CI pipeline when dealing with infrastructure as code implemented via Terraform? What are the security concerns when the credentials to the whole kingdom are used in an automated process? In this episode, we discuss the various security and feasibility aspects of using Terraform in a CI pipeline.

Andrey tells us the story of how DevOps came into existence and took over the market. We discuss the marketing around it, its relationship with DevSecOps. We tried to shed a light on what is marketing strategy versus implementing DevOps in an organization. We also compared DevOps to SRE (Site Reliability Engineering).

In this episode, Mattias, Julien, and Andrey share tips and tricks on how to stay on top of what is going on in the industry, resources they use for continuous learning

This time Johan Abildskov, a Senior Consultant with Praqma/Eficode, joins us to talk about SemVer (Semantic Versioning), and we finally get to hear what Julien has to say about it. We get to explore different options regarding versioning and how it helps humans communicate. At the end of the podcast, everyone gets to share their approach and recommendations for versioning things.

We had a few potential topics for this episode but before getting started with them we decided to discuss what technological problems we were solving during the last two weeks. As it turns out there were quite a lot to discuss. Tune in for tips on auditing ssh session through a jump host, preventing downloads from AWS S3 even if you got read access, credentials in Git repository, why you should (or should not) use Kubernetes and more.
Building docker images is not as straightforward as one would like sometimes. In this episode we talk about how you can build a more secure and lightweight container images, ready-made for production.
Whens should you start using infra structure as code and when not. What tool is there to help and hoe can you use them. Follow us in our first talk. notes from pod Andrey: First chapter of infra as code Julien: This went viral in the Kubernetes community: