Start / Relating to DevSecOps / Episode 003 bookending devsecops starting with threat models

Episode #003: Bookending DevSecOps starting with Threat Models

35 min • 8 juli 2020

Starting on the left side of the SDLC, we talk about Threat Modeling experiences from all perspectives and the fundamental issues with checkbox security. We almost get through a whole episode without making fun of Perl and are still waiting for a Perl developer to reach out and tell us how wrong we are. We attempted to get to application logging perspectives but ran into a timewall. Keep an eye out for Episode #004 as we tackle DevSecOps from both sides.

Senaste avsnitt

Episode #076: ShmooBalls & Open Source Brawls: DevSecOps, Risk, and the Final ShmooCon

4 februari | 34 min

Episode #075: Ghosts of DevSecOps: Past, Present, and Future

24 december 2024 | 36 min

Episode #074: Battling Budgets in Security

9 december 2024 | 36 min

Episode #073: Staffing Security in DevSecOps

21 oktober 2024 | 37 min

Episode #072: Measuring the Immeasurable: The Power and Pitfalls of Metrics in DevSecOps

28 augusti 2024 | 34 min

Episode #071: Retro Vibes with Retrospectives

19 juni 2024 | 26 min

Episode: #070: Putting da BOM in SBOM and SCA

8 maj 2024 | 40 min

Episode #069: Your SaaS is Grass

20 mars 2024 | 33 min

Episode #068: Data Breaches and DevSecOps

21 februari 2024 | 34 min

Episode #067: Welcome to 2024! AppSec Resolutions and A Smhoocon Recap

26 januari 2024 | 35 min

Episode #066: Exploration of the Shifting Definition of Shifting Left

5 december 2023 | 43 min

Episode #065: LASCON 2023 Recap - AI, a Misunderstood Menace or Magic Bullet

10 november 2023 | 33 min

Episode #064: Don't Instigate, Mitigate!

25 september 2023 | 32 min

Episode #063: Unscrambling CloudSecSoup with CSPM, Vuln Management, SIEMs, and Log Aggregators

5 september 2023 | 38 min

Episode #062: Cyber Sentinels: Ken and Mike in the DevSecOps Labyrinth

7 augusti 2023 | 40 min

Episode #061: Fossilized Code & Future Clouds: Contrasting Worlds of Balance in Legacy Applications

18 juli 2023 | 39 min

Episode #060: Precise Angles for Automation in DevSecOps Adventures

22 juni 2023 | 57 min

Episode #059: DevSecOps Pentesting, Possible or Preposturous?

8 juni 2023 | 43 min

Episode #058: Merging Your Mergers without Git Merge

1 juni 2023 | 33 min

Episode #057: Security Without Compromise!

19 maj 2023 | 31 min

Episode #56: Respond Well in Incident Response with DevSecOps

21 april 2023 | 35 min

Episode #055: Engineering Empathy with Hecber Cordova

31 mars 2023 | 42 min

Episode #54: ChatGPT's Cryptic Insights: AI in Security for Developers and Operations Teams

23 mars 2023 | 37 min

Episode #053: DevSecOps on the Emerald Isle: Insights from Global OWASP AppSec Dublin, with a Side of Guinness and Frustrations with Application Security Vendors

8 mars 2023 | 41 min

Episode #052: Dude! Where's My Stuff? Application Inventory and Service Discovery

7 februari 2023 | 29 min

Episode #051: Hiring for DevSecOps in 2023!

14 januari 2023 | 51 min

Episode #050: The Evolution of Data Security in DevSecOps

3 december 2022 | 35 min

Episode #049: IAM! The Myers Briggs of DevSecOps

24 oktober 2022 | 38 min

Episode #048: Threat Modeling doesn't need to feel like pain and sorrow

16 september 2022 | 42 min

Episode #47: Geese aren't the only things migrating in the cloud, but we're more secure at least

8 augusti 2022 | 38 min

Episode #046: Security Spiderwebs with Kubernetes and how Cloud helps (and hurts)

11 juli 2022 | 37 min

Episode #045: What is DevSecOps in 2022 an R2DSO anniversary redux

10 juni 2022 | 35 min

Episode #044: Multiball Pinball with Multicloud Hot Takes and Infrastructure as Code

21 maj 2022 | 37 min

Episode #043: Security leaves the cave to go to Miami with the Blockchain People and this episode happened

20 april 2022 | 34 min

Episode #042: Perscription Lenses or Sunglasses for Eyes on Code

31 mars 2022 | 34 min

Episode #041: Holistic Cloud Medicine in the Face of the Modularization of Cloud Components Affects Applications

16 mars 2022 | 31 min

Episode #040: Over the hill with blockchain and DevSecOps with digital money

25 februari 2022 | 36 min

Episode #039: Cloud Metal Detectors with Monitoring and Logging

16 februari 2022 | 32 min

Episode #038: Layers of the DevSecOps Onion, are we reversing time?

2 februari 2022 | 36 min

Episode #037: New Year, New Security what can you do to level up?

19 januari 2022 | 35 min

Episode #036: Trending Topics from Terraform to Testing

7 december 2021 | 38 min

Happy Holidays from R2DSO!

24 november 2021 | 2 min

Episode #035: Successful Unit Testing Through Collaboration with Your Unit

2 november 2021 | 42 min

Episode #034: Attack of the Git PR through K8s

11 oktober 2021 | 42 min

Episode #033: Getting out of git by branching out with branching strategies

21 september 2021 | 33 min

Episode #32: Hooks, Kits, and Git - putting security into your git pipeline

7 september 2021 | 40 min

Episode 031: Git Security Done with Git

17 augusti 2021 | 38 min

Episode #030: Blueprints, Reference Architectures, and Plans - Building Apps Securely

26 juli 2021 | 35 min

Episode #029: Does anyone REALLY do DevSecOps, and succeed?

6 juli 2021 | 31 min

Episode #028: Non-technical management and Email as your IDE

22 juni 2021 | 57 min

Episode #027: Hot Takes on Blogs: Part I - Are QA, BA, and DBAs Dead?

3 juni 2021 | 35 min

Episode #026: Starting right by shifting left - what to do at build time

21 maj 2021 | 33 min

Episode #025: Warm blankets around your cloud with CSPM and Michael McCabe

11 maj 2021 | 57 min

Episode #024: The first line of defense for MicroServices - AUTH

26 april 2021 | 40 min

Episode #023: A call back to Microservices - do we even get it yet?

10 april 2021 | 33 min

Episode #22: From Engineer to CTO and what security means along the way w/ Jonathan Schwartz

12 mars 2021 | 42 min

Episode #021: An Outside-In Look at Application Inventory

26 februari 2021 | 34 min

Episode #20: Security Operations ain't what it used to be

14 februari 2021 | 37 min

Episode 019: Welcome to 2021 - R2DSO goes visual and more

25 januari 2021 | 31 min

Episode #18: Was 2020 just a giant Chaos Engineering Experiment? Part Deux: Tooling and Security Experiments

22 december 2020 | 51 min

Episode #017: Chaos in your Engineering, what to do if Zombies attack your cloud

4 december 2020 | 53 min

Episode #016: Terraform CDK, finishing the Infra as Code series with its final form?

11 november 2020 | 47 min

Episode #015: Quest to Terraform CDK through the Amazon CDK

1 november 2020 | 39 min

Episode #014: Approaching Terraform and other "as-code" fun

17 oktober 2020 | 41 min

Episode #013: How a backend engineer looks at XSS

3 oktober 2020 | 49 min

Episode #012: What DevSecOps means to a SCRUM master with Jenn Molyneaux

24 september 2020 | 60 min

Episode #011: Bugs vs Vulns - what's your opinion?

18 september 2020 | 34 min

Episode #010: Security Configs, Default Configs, and other decisions we regret

11 september 2020 | 40 min

Episode #009: OWASP Top 10: Awareness, not Measurement

4 september 2020 | 42 min

Episode #008: Testing Depths of the DevSecOps River with Both Feet

19 augusti 2020 | 56 min

Episode #007: Service Mesh, more than a Sean Connery sidecar to your Indiana Jones App

12 augusti 2020 | 43 min

Episode #006: How Engineering Titles Affect Your Communication with Development and Product Engineering Teams

5 augusti 2020 | 42 min

Episode #005: Know Your Audience, the Face of Documentation and Training in a DevSecOps World

31 juli 2020 | 38 min

Episode #004: Be careful with your logs aka a hand grenade with a dictionary attached to it

22 juli 2020 | 39 min