Vlad outlines the origins of Earthly and how their open-source build automation tool enables consistent CI/CD across teams. The conversation covers GitHub Actions, the challenge of running pipelines locally, and why container-based workflows offer practical improvements in debugging and collaboration.

The discussion moves to Earthly's second product, Lunar, which focuses on monitoring and enforcing engineering practices in the SDLC. Vlad explains how this enables organizations to apply policies like test coverage and vulnerability scanning, without relying solely on teams to adopt them individually.

Other key topics include plugin governance, differences in developer infrastructure at large companies versus smaller teams, and the complexity of managing shared CI/CD ownership. The conversation also touches on hybrid work challenges, remote team management, and strategies for building trust and documentation in distributed teams.

Toward the end, the episode explores the potential impact of AI in software development. Vlad shares why he sees AI as a tool for accelerating skilled engineers, rather than a full replacement, and highlights the risks of relying on machine-generated code without proper verification.

Whether you're working on developer tooling, building remote teams, or thinking about the role of AI in engineering workflows, this episode offers a grounded and technical perspective.

Johan brings decades of experience in open infrastructure and a front-row seat to the evolution of cloud computing. We talk about why Europe still leans so heavily on U.S. cloud platforms, and the real-world risks that come with that dependency whether it's pricing, control, or strategic leverage.

We get into the friction points that keep Europe from moving faster: outdated procurement practices, broken incentive structures, and the lack of deep technical understanding inside policymaking circles. Johan also shares what it's been like building on OpenStack from the early days, and what Cleura has learned about scaling sovereign infrastructure in a space dominated by hyperscalers.

I really enjoyed diving into how cloud-native tools like Kubernetes can unlock more flexibility and how standardization could help level the playing field for smaller providers. We also touch on the limitations of regulation when enforcement is missing, and why alignment between government goals and operational behavior is long overdue.

Whether you're in cloud infrastructure, policy, or just curious about how Europe can chart its own course, this one's packed with insight.

Viktor and Warren explore the fascinating realm of physical security assessments, from initial reconnaissance and planning to the execution of sophisticated social engineering tactics. Warren reveals how security professionals can clone access badges, bypass reception areas, and exploit human psychology to gain unauthorized access to secured facilities. Through compelling real-world examples, he demonstrates how even seemingly robust security systems can be compromised by determined adversaries who understand the vulnerabilities in both technology and human behavior.

The conversation delves into the critical importance of physical security in the overall security posture of organizations, particularly those with sensitive data centers or restricted areas. Warren provides valuable insights into common weaknesses in building security, explaining how organizations can identify and address these vulnerabilities before they're exploited by malicious actors. He also discusses the ethical considerations and legal frameworks that govern physical penetration testing, emphasizing the importance of proper authorization and scope definition.

Whether you're a security professional looking to enhance your organization's physical defenses, an IT manager concerned about holistic security approaches, or simply fascinated by the world of security testing, this episode offers invaluable knowledge about the realities of physical security in today's complex threat landscape. Join Viktor and Warren for this eye-opening discussion that will forever change how you view the security of physical spaces around you.

The conversation delves deep into Chainguard's innovative approach to building minimal, hardened container images directly from source code. Dustin explains their groundbreaking Zero-CVE initiative, demonstrating how continuous rolling updates and careful dependency management can dramatically reduce vulnerability exposure. Through practical examples and real-world scenarios, he illustrates the delicate balance between security, functionality, and maintainability in modern container deployments.

Viktor and Dustin explore the intricate world of Software Bills of Materials (SBOMs), diving into how attestations and digital signatures through tools like Sigstore and Cosign create a robust chain of trust. The discussion illuminates the critical role these technologies play in guaranteeing software provenance and enabling rapid vulnerability patching across complex deployments.

The episode also tackles the challenges of navigating stringent compliance requirements such as FedRAMP and HIPAA, with Dustin sharing practical strategies for maintaining security without sacrificing agility. The conversation extends to the nuances of open source licensing and the future landscape of infrastructure security, offering listeners valuable insights into maintaining secure, modern systems in an increasingly complex technological environment.

Whether you're a security professional, container enthusiast, or technology leader, this episode provides essential knowledge about the future of supply chain security and container hardening. Don't miss this comprehensive exploration of how organizations can build and maintain secure infrastructure in today's rapidly evolving technology landscape.

The conversation covers crucial aspects of pentesting, from obtaining proper authorization and managing scope to selecting the right tools for different scenarios. Warren explains how seemingly minor oversights, such as exposed .git directories, can lead to significant security breaches, and demonstrates why thorough documentation and proper paperwork are as critical as technical expertise in professional pentesting.

Viktor and Warren explore the essential toolkit of a modern pentester, discussing tools like Burp Suite for web application testing, Nmap for network discovery, and Metasploit for exploitation. Through real-world examples and engaging stories from the field, Warren illustrates how attackers can leverage small vulnerabilities to gain broader access to networks and systems.

The episode also serves as a valuable resource for aspiring cybersecurity professionals, with Warren offering guidance on certifications, practical experience, and developing the investigative mindset necessary for success in the field. The discussion concludes with a preview of physical security testing, highlighting how the principles of penetration testing extend beyond the digital realm to encompass physical security controls and access systems.

Kate and Gary provide deep technical insights into the challenges teams face when generating accurate Software Bills of Materials (SBOMs), including complex scenarios involving circular dependencies and component uncertainty. Through practical examples from their work with various organizations, they demonstrate how these real-world challenges have influenced the development of SPDX tools and specifications.

The discussion delves into current initiatives for integrating SBOM generation into build systems, with specific focus on implementations in the Zephyr and Yocto projects. They also explore ongoing efforts to implement build-time SBOM generation for the Linux kernel, highlighting both the technical approach and practical benefits for development teams.

Viktor, Kate, and Gary examine the growing regulatory requirements surrounding SBOMs, particularly in safety-critical systems, and how SPDX 3.0 is being designed to meet these demands while supporting modern CI/CD pipelines. The conversation illuminates the technical considerations behind maintaining compatibility with existing tools while expanding functionality for new use cases. As an open, community-driven project, SPDX continues to evolve with industry needs, offering solutions for compliance, security vulnerabilities, and supply chain transparency in modern software development workflows.