Send us a text

Jenn Molyneaux joins the crew as the very first guest! ( https://bit.ly/3ctCLJu ). Jenn is a Senior SCRUM Master who brings her wealth of experience and patience to the table to help us all understand how we can work better together. We had a great time recording this one and are excited to start getting more opinions and views on the show. We talk about DevSecOps in Agile/SCRUM, how to handle security issues, how to develop relationships across teams and getting leadership buy-in for your projects. We also get Jenn's opinions on bugs vs vulns, which we all know is a hot topic.

Send us a text

Security and Engineering go head to head in a conversation about bugs vs vulnerabilities and where we think they should fall in the grand scheme of product development. Unfortunately we threw this one together at the last minute as we had to scramble due to some life events. Keep an eye out for our intended episode next week on Agile/Scrum with Jenn!

Send us a text

This episode we riff on some of the hotter topics we discussed during Episode 9 as we cover security misconfigurations, default misconfigurations, and the responsibility of application/infrastructure configs in an organization. We talk about how to best interact with other teams to ensure configurations are manageable, maintained, and in the right hands

Send us a text

In this episode we cover the OWASP Top 10, a popular security awareness document and how DevOps and Product Engineering are typically exposed to it. While it's made waves in the industry we discuss how to use and how not to use this document and give some opinions on categories that fall into the DevSecOps sphere of work. This isn't your typical "What is SQL Injection" episode, so give us a listen and hopefully you come out the other side with a new viewpoint on using the top 10 to help your organization. Also, Ken introduces this episode after a little too much coffee, so in case you're wondering - it does NOT start in 2x speed.

Send us a text

There are so many types of tests across DevSecOps and we try to cover as many as possible from SAST to Contract testing. Simon covers his dislike for test-driven development, Ken talks through writing security tests against requirements, and Jamieson brings automation testing to light with new toolsets and process developments. 

We all had some preconceived notions going into this, but it was an eye opening and long episode. We hope you enjoy!

Send us a text

In this episode we get back to tech in the DevOps centric topic of Service Mesh. Ken and Simon chat with Jamieson about concerns and first thoughts on service mesh in their respective experiences. If you're looking at spinning up service mesh within your organization or just want to learn more about it this episode gives highlights from different professional perspectives. We end with some ways to pitch this internally to get buy in from departments that may challenge your next push into service mesh.

Send us a text

In this episode we take another people centric approach with Simon Dollo as we explore the difference between developers and product engineers. We explore Simon's engineering history and work to identify more meaningful and effective ways of communicating with people writing code. 

Send us a text

In this episode we discuss product engineering security Easter eggs and try to stay on track talking about how to get other departments and teams to adapt your latest and greatest process, tool, or optimization. The conversation quickly devolves into a side track on documentation where we discuss the pitfalls of traditional documentation tactics in the fast paced world of Agile development and continuous deployment. Speaking of Easter Eggs, Ken's cat makes an earnest request to be a part of the show.

Send us a text

This time on Relating to DevSecOps we cover application logging, how it's viewed by different teams and what those teams are looking to get out of them. We cover some tips and tricks with logging challenges like ACTUALLY implementing a logging standard, the importance of logging severity levels, and the challenge with the appropriate amount to log. Join us for our divergent opinions and challenges we've faced in the real world.

Send us a text

Starting on the left side of the SDLC, we talk about Threat Modeling experiences from all perspectives and the fundamental issues with checkbox security. We almost get through a whole episode without making fun of Perl and are still waiting for a Perl developer to reach out and tell us how wrong we are. We attempted to get to application logging perspectives but ran into a timewall. Keep an eye out for Episode #004 as we tackle DevSecOps from both sides.