Podcast about DevSecOps

Straight-up tech talk by practitioners, for practitioners

This is the show by and for DevSecOps practitioners who are trying to survive information overload, get through marketing nonsense, do right technology bets, help their organizations to deliver value and last but not the least to have some fun. Tune in for talks about technology, ways of working and news from DevSecOps.

We created this podcast because we realized that we were not the only ones to struggle with security on a daily basis. It is also difficult to find information without marketing content or a product pitch. We don’t intend to sell anything, now or later.

This show is not sponsored by any technology vendor and we are trying to be as unbiased as possible. We talk like no one is listening. For good or bad 😉.

What is DevSecOps

As DevOps improved the collaboration between developers (dev) and operations (ops), DevSecOps includes security aspects into the development and operation of applications. It adds the dimension of security to a DevOps culture.

Enjoy the talks and feel free to participate.

#25 - All the Things You Wanted to Know About Pulumi.Explained - ep.#25

This time we are joined by Paul Stack (Pulumi developer, former Terraform developer) and podcast friend Jacob Lärfors to talk about

  • What is Pulumi?
  • What and who is it for?
  • The difference between Pulumi and Terraform (and if we should compare them at all)
  • What is hard about Pulumi?
  • What people ask the most? What are the common confusions?
  • Cross-language infra libraries? How is it even possible?!
  • Is there a possibility of a supply chain attack via Pulumi library?

Discuss the episode or ask us anything on LinkedIn

#24 - Ways To Protect Yourself From Data Breaches And Mitigate Consequences - ep.#24

Last week (week 6, 2021), seven data breaches were announced. In this episode, we discuss the possible scenarios for preventing attackers from getting a hold of your data, whether private or company data. And tips on how to mitigate the consequences of data leaks in cases when you have no control over data management (think of breach of 3rd party service).

Discuss the episode or ask us anything on LinkedIn

#21 - Surviving AWS Outage - ep.#21

AWS had a severe incident at the end of November. Kinesis in us-east-1 went dark for quite some time, and a ripple effect caused degradation of other services like CloudWatch, ECS, and others. As a Cloud Engineering practitioner, how do you get yourself and your organization ready for a such turn of events?

Discuss the episode or ask us anything on LinkedIn

#19 - Deleting Resources in the Cloud - ep.#19

How to decommission resources from your cloud environment to keep it clean? What to do when a resource is created without being in the infrastructure code? Andrey is going through a checklist he uses to delete resources and the utility serverless functions he wrote. Argo CD is a project that does GitOps and automatically deletes resources in Kubernetes namespaces if they are not defined. We talked about the different layers of abstraction for infrastructure as code and where it makes sense to have a Terraform controller in a Kubernetes cluster to manage the application dependencies.

Discuss the episode or ask us anything on LinkedIn

#18 - HashiConf Special - ep.#18

Initially, we planned this episode as a discussion about HashiCorp Nomad and invited Jacob Lärfors. He recently published a great article about his experience working with Nomad (see link in the show notes). However, because of a few postponements, and with HashiConf that happened just a week ago, we decided to extend the podcast’s scope to go over all of the announcements that they did during the conference. So here it is — HashiConf special: all you need to know about everything that HashiCorp announced during the conference plus a discussion about Nomad!

Discuss the episode or ask us anything on LinkedIn

#17 - Best Practices for Building Docker Images - ep.#17

This is the first episode in the new format — 30 minutes short and crisp episodes, i.e., less water and side discussions, focusing on the topic, duration under (well, almost under) 30 minutes. We hope you like it!

The topic of this episode is building Docker images — automation, security, best practices.

In this episode, we discuss: saving money with T3a family, building Docker images locally and in CI, setting up daemonless Docker builds for CI and k8s, using multistage builds to keep your images nice and clean as well as encapsulate the build environment and make it portable, passing secrets to Docker build and inspecting image layers for secrets (ssh-agent and many more), keeping Docker images updated with dependencies and updates, scanning Docker images for vulnerabilities, Docker image layers caching — doing it right, DockerHub is to delete old images stored for free and GitHub is ready to host them for you, Docker image naming so you can find all you need to debug quickly.

Some of the information overlaps with episode #3 but greatly extends the information provided before.

Discuss the episode or ask us anything on LinkedIn

#16 - Do You Need a Staging Environment? - ep.#16

In this episode, we discuss options for splitting your deployment stages. We hear people coming up with all possible types of environments — dev, test/QA, integration, stage, prod, etc. How many do you actually need? What is the reason for having all those stages? Maybe you need less? Why not deploy directly to production using some fancy technique? Put it simply — stage or not to stage?

Discuss the episode or ask us anything on LinkedIn