Archiv autora: DevSecOps Days

A Concise Introduction to DevSecOps

The inclusion of security as an integral piece of the DevOps puzzle continues to gain traction. In this episode of the DevSecOps Days Podcast Series, I speak with Curtis Yanko and Scott McCarty about their new book, "A Concise Introduction to DevSecOps". We discuss why they wrote the book, who the audience is that will benefit from it and why enterprises should be considering security as part of the software development environment.

A Concise Introduction to DevSecOps

The inclusion of security as an integral piece of the DevOps puzzle continues to gain traction. In this episode of the DevSecOps Days Podcast Series, I speak with Curtis Yanko and Scott McCarty about their new book, "A Concise Introduction to DevSecOps". We discuss why they wrote the book, who the audience is that will benefit from it and why enterprises should be considering security as part of the software development environment.

What’s In Store for the AppSec Cali Conference w/ Richard Greenberg

As if there aren't enough reasons to go to Southern California in the middle of a New York winter, AppSec Cali opens it's doors for its 6th Annual OWASP conference on January 22, 2019. In this broadcast, I speak with Richard Greenberg, one of the core organizers of the conference, talking about why people come, what they can expect to see and why he continues to help produce the conference year after year. For a transcript of this broadcast, go to DevSecOpsDays.com and click on "Podcasts".

What’s In Store for the AppSec Cali Conference w/ Richard Greenberg

As if there aren't enough reasons to go to Southern California in the middle of a New York winter, AppSec Cali opens it's doors for its 6th Annual OWASP conference on January 22, 2019. In this broadcast, I speak with Richard Greenberg, one of the core organizers of the conference, talking about why people come, what they can expect to see and why he continues to help produce the conference year after year. For a transcript of this broadcast, go to DevSecOpsDays.com and click on "Podcasts".

Epic Failures in DevSecOps w/ Aubrey Stearn

Aubrey Stearn is the Technical Lead for the Enterprise Cloud Platform at Nationwide. In the broadcast we talk with Aubrey about her chapter, "The Tale of the Burning Programme", in the recently released "Epic Failures in DevSecOps" book. Aubrey talks about her extensive experience guiding and molding teams, leading the way through the maze of decisions needed in order to build a more productive and efficient engineering culture. We start off the discussion with "Why is our biggest problem DevOps, itself?"

Epic Failures in DevSecOps w/ Aubrey Stearn

Aubrey Stearn is the Technical Lead for the Enterprise Cloud Platform at Nationwide. In the broadcast we talk with Aubrey about her chapter, "", in the recently released "Epic Failures in DevSecOps" book. Aubrey talks about her extensive experience guiding and molding teams, leading the way through the maze of decisions needed in order to build a more productive and efficient engineering culture. We start off the discussion with "Why is our biggest problem DevOps, itself?"

Strategic Asymetry – Leveling the Playing Field w/ Chetan Conikee

"In the past when we were writing software, it was our engineers and our organizations that had total cost of ownership of that software. But now, that has fundamentally changed. Engineers are using open source software and deploying the entire application on an open source framework, which means a large part of the software supply chain is no longer owned by the engineer. " -- Chetan Conikee In this episode of the DevSecOps Days Podcast Series, I speak with Chetan Conikee about his chapter in the Epic Failures in DevSecOps book. About Chetan Conikee Chetan Conikee is a serial entrepreneur with over 20+ years of experience in authoring and architecting and securing mission-critical software. His expertise includes building web-scale distributed infrastructure, cybersecurity, personalization algorithms, complex event processing, fraud detection and prevention in investment/retail banking domains. He currently serves as CTO/Founder at ShiftLeft, and most recently Chief Data Officer and GM Operations at Cloud- Physics. Prior to CloudPhysics, Chetan was part of early founding teams at CashEdge (acquired FiServ), Business Signatures (acquired Entrust)and EndForce (acquired Sophos).

Strategic Asymetry – Leveling the Playing Field w/ Chetan Conikee

"In the past when we were writing software, it was our engineers and our organizations that had total cost of ownership of that software. But now, that has fundamentally changed. Engineers are using open source software and deploying the entire application on an open source framework, which means a large part of the software supply chain is no longer owned by the engineer. " -- Chetan Conikee In this episode of the DevSecOps Days Podcast Series, I speak with Chetan Conikee about his chapter in the Epic Failures in DevSecOps book. About Chetan Conikee Chetan Conikee is a serial entrepreneur with over 20+ years of experience in authoring and architecting and securing mission-critical software. His expertise includes building web-scale distributed infrastructure, cybersecurity, personalization algorithms, complex event processing, fraud detection and prevention in investment/retail banking domains. He currently serves as CTO/Founder at ShiftLeft, and most recently Chief Data Officer and GM Operations at Cloud- Physics. Prior to CloudPhysics, Chetan was part of early founding teams at CashEdge (acquired FiServ), Business Signatures (acquired Entrust)and EndForce (acquired Sophos).

Threat Modeling – A Disaster Story with Edwin Kwan

We continue the "Epic Failures in DevSecOps" series by speaking with Edwin Kwan on his chapter, "Threat Modeling - A Disaster Story". Edwin is Application and Software Security Team Lead at Tyro Payments. In our discussion, we talk about the three things he learned through his "Epic Failure": -- Demonstrate value at the buy-in -- Get early feedback -- Automate as much as possible During our discussion, we talk at length about the role of security and how to begin implementing automation at the earliest stages of the development process. About Edwin Kwan Edwin Kwan is the Application and Software Security Team Lead for a bank. His approach toward application and software security is to raise security awareness, provide light touch controls to the software development life cycle to increase visibility of security issues and work closely with engineering teams to quickly develop secure applications. Edwin started out as a software engineer and transitioned into the application security role to lead a range of security initiatives when the company was working towards obtaining an unrestricted banking licence. As a Software Engineer, he has over a decade of experience developing large scale; real-time; high performance; high reliability software applications for major telecommunication vendors. He is also experienced in working with stakeholders from small to large organisations to design and develop innovation solutions to help manage and grow their business.

Threat Modeling – A Disaster Story with Edwin Kwan

We continue the "Epic Failures in DevSecOps" series by speaking with Edwin Kwan on his chapter, "Threat Modeling - A Disaster Story". Edwin is Application and Software Security Team Lead at Tyro Payments. In our discussion, we talk about the three things he learned through his "Epic Failure": -- Demonstrate value at the buy-in -- Get early feedback -- Automate as much as possible During our discussion, we talk at length about the role of security and how to begin implementing automation at the earliest stages of the development process. About Edwin Kwan Edwin Kwan is the Application and Software Security Team Lead for a bank. His approach toward application and software security is to raise security awareness, provide light touch controls to the software development life cycle to increase visibility of security issues and work closely with engineering teams to quickly develop secure applications. Edwin started out as a software engineer and transitioned into the application security role to lead a range of security initiatives when the company was working towards obtaining an unrestricted banking licence. As a Software Engineer, he has over a decade of experience developing large scale; real-time; high performance; high reliability software applications for major telecommunication vendors. He is also experienced in working with stakeholders from small to large organisations to design and develop innovation solutions to help manage and grow their business.