Sign up to save your podcasts
Or
Share #121 SBOM or Be Doomed: Surviving the Next Supply-Chain Meltdown
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
#121 SBOM or Be Doomed: Surviving the Next Supply-Chain Meltdown
In this episode of The Dutch Kubernetes Podcast, Ronald and Jan sit down with Soroosh Khodami to explore one of the most urgent questions in modern software engineering: are we truly ready for the next Log4Shell-level cyber crisis?
Soroosh, a hands-on solution architect currently supporting security platform services at Rabobank, takes us deep into the evolving threat landscape. From classic vulnerabilities like SQL injection to modern supply-chain attacks and the infamous XZ backdoor, he explains how seemingly small weaknesses can cascade into full-cluster compromise — especially in cloud-native and Kubernetes environments.
The conversation covers:
- How a simple SQL injection can escalate into full Kubernetes root access, thanks to lateral movement and unpatched dependencies
- What supply-chain attacks really are, and why they’re becoming the attackers' favorite weapon
- Low-effort, high-impact practices to secure your CI/CD pipeline
- Shift-Left Security & DevSecOps — what’s hype, what’s real, and how teams need to evolve
- Why SBOMs are becoming mandatory, and how they help organizations prepare for future zero-days
- Essential tooling for SBOM generation, scanning and continuous monitoring
- How new EU regulations (DORA & CRA) will impact developers, architects and enterprises in the coming years
Soroosh also shares practical stories from the field, including real-world examples of dependency attacks, insecure pipelines, and security mistakes that happen even in mature organizations.
This episode is a must-listen for developers, architects, platform engineers, and anyone building or deploying software in 2025 and beyond.
Stuur ons een bericht.
ACC ICT Specialist in IT-CONTINUÏTEIT
Bedrijfskritische applicaties én data veilig beschikbaar, onafhankelijk van derden, altijd en overal
Support the show
Like and subscribe! It helps out a lot.
You can also find us on:
De Nederlandse Kubernetes Podcast - YouTube
Nederlandse Kubernetes Podcast (@k8spodcast.nl) | TikTok
De Nederlandse Kubernetes Podcast
Where can you meet us:
Events
This Podcast is powered by:
ACC ICT - IT-Continuïteit voor Bedrijfskritische Applicaties | ACC ICT
View all episodes
By Ronald Kers en Jan StomphorstIn this episode of The Dutch Kubernetes Podcast, Ronald and Jan sit down with Soroosh Khodami to explore one of the most urgent questions in modern software engineering: are we truly ready for the next Log4Shell-level cyber crisis?
Soroosh, a hands-on solution architect currently supporting security platform services at Rabobank, takes us deep into the evolving threat landscape. From classic vulnerabilities like SQL injection to modern supply-chain attacks and the infamous XZ backdoor, he explains how seemingly small weaknesses can cascade into full-cluster compromise — especially in cloud-native and Kubernetes environments.
The conversation covers:
- How a simple SQL injection can escalate into full Kubernetes root access, thanks to lateral movement and unpatched dependencies
- What supply-chain attacks really are, and why they’re becoming the attackers' favorite weapon
- Low-effort, high-impact practices to secure your CI/CD pipeline
- Shift-Left Security & DevSecOps — what’s hype, what’s real, and how teams need to evolve
- Why SBOMs are becoming mandatory, and how they help organizations prepare for future zero-days
- Essential tooling for SBOM generation, scanning and continuous monitoring
- How new EU regulations (DORA & CRA) will impact developers, architects and enterprises in the coming years
Soroosh also shares practical stories from the field, including real-world examples of dependency attacks, insecure pipelines, and security mistakes that happen even in mature organizations.
This episode is a must-listen for developers, architects, platform engineers, and anyone building or deploying software in 2025 and beyond.
Stuur ons een bericht.
ACC ICT Specialist in IT-CONTINUÏTEIT
Bedrijfskritische applicaties én data veilig beschikbaar, onafhankelijk van derden, altijd en overal
Support the show
Like and subscribe! It helps out a lot.
You can also find us on:
De Nederlandse Kubernetes Podcast - YouTube
Nederlandse Kubernetes Podcast (@k8spodcast.nl) | TikTok
De Nederlandse Kubernetes Podcast
Where can you meet us:
Events
This Podcast is powered by:
ACC ICT - IT-Continuïteit voor Bedrijfskritische Applicaties | ACC ICT