Podcast about DevSecOps

Straight-up tech talk by practitioners, for practitioners

This is the show by and for DevSecOps practitioners who are trying to survive information overload, get through marketing nonsense, do right technology bets, help their organizations to deliver value and last but not the least to have some fun. Tune in for talks about technology, ways of working and news from DevSecOps.

We created this podcast because we realized that we were not the only ones to struggle with security on a daily basis. It is also difficult to find information without marketing content or a product pitch. We don’t intend to sell anything, now or later.

This show is not sponsored by any technology vendor and we are trying to be as unbiased as possible. We talk like no one is listening. For good or bad 😉.

What is DevSecOps

As DevOps improved the collaboration between developers (dev) and operations (ops), DevSecOps includes security aspects into the development and operation of applications. It adds the dimension of security to a DevOps culture.

Enjoy the talks and feel free to participate.

#17 - Best Practices for Building Docker Images - ep.#17

–

This is the first episode in the new format — 30 minutes short and crisp episodes, i.e., less water and side discussions, focusing on the topic, duration under (well, almost under) 30 minutes. We hope you like it!

The topic of this episode is building Docker images — automation, security, best practices.

In this episode, we discuss: saving money with T3a family, building Docker images locally and in CI, setting up daemonless Docker builds for CI and k8s, using multistage builds to keep your images nice and clean as well as encapsulate the build environment and make it portable, passing secrets to Docker build and inspecting image layers for secrets (ssh-agent and many more), keeping Docker images updated with dependencies and updates, scanning Docker images for vulnerabilities, Docker image layers caching — doing it right, DockerHub is to delete old images stored for free and GitHub is ready to host them for you, Docker image naming so you can find all you need to debug quickly.

Some of the information overlaps with episode #3 but greatly extends the information provided before.

Discuss the episode or ask us anything on LinkedIn

#16 - Do You Need a Staging Environment? - ep.#16

–

In this episode, we discuss options for splitting your deployment stages. We hear people coming up with all possible types of environments — dev, test/QA, integration, stage, prod, etc. How many do you actually need? What is the reason for having all those stages? Maybe you need less? Why not deploy directly to production using some fancy technique? Put it simply — stage or not to stage?

Discuss the episode or ask us anything on LinkedIn

#14 - Theory of Constraint - ep.#14

–

This time, we are joined by Henrik Høegh who shares his unique perspective on applying the theory of constraint to IT transformation as well as how it applies in the world of Cloud Native. We go back to the origin of DevOps, discussing the various problems companies are facing when transforming their organizations and adopting cultural changes.

Discuss the episode or ask us anything on LinkedIn

#12 - Scale vs Scaling - ep.#12

–

Julien and Andrey got together to define the scale and ways to automate the scaling of your infrastructure in response to changes in load patterns. What are the prerequisites for implementing scaling? What is cooling down, warm up, horizontal and vertical scaling, scale-up, and scale in? What are the metrics that could be useful for making scaling decisions? And last but not least, the very unexpected spin that Julien gives to the conversation.

Discuss the episode or ask us anything on LinkedIn

#10 - Are We Wrong About Terragrunt? - ep.#10

–

Our guest speaker is Anton Babenko, he is a DevSecOps Talks podcast fan, AWS Community Hero, Terraform fanatic, HashiCorp Ambassador and a prolific open source contributor. After listening to episode #9 Terraform in CI and #1 Infrastructure as Code, Anton decided that enough is enough and volunteered to give his point of view on Terragrunt since he thought that we are missing a few important points. In this episode, we are discussing the use cases of Terragrunt, a wrapper around Terraform for working with multiple environments and modules.

Discuss the episode or ask us anything on LinkedIn

#9 - Terraform in CI - ep.#9

–

How do you start to implement a CI pipeline when dealing with infrastructure as code implemented via Terraform? What are the security concerns when the credentials to the whole kingdom are used in an automated process? In this episode, we discuss the various security and feasibility aspects of using Terraform in a CI pipeline.

Discuss the episode or ask us anything on LinkedIn

#8 - DevOps What - ep.#8

–

Andrey tells us the story of how DevOps came into existence and took over the market. We discuss the marketing around it, its relationship with DevSecOps. We tried to shed a light on what is marketing strategy versus implementing DevOps in an organization. We also compared DevOps to SRE (Site Reliability Engineering).

Discuss the episode or ask us anything on LinkedIn