DSO Overflow

DSO Overflow S5EP6 Agentic AI in the Wild: Risks, Reality and a Framework for Survival with Max Corbridge In this episode of DSO Overflow, hosts Glenn Wilson and Steve Giguere are joined by ethical hacker and AI security specialist Max Corbridge to explore the rise of agentic AI. Max explains how agentic systems differ from generative AI, the new security risks created by autonomous actions, and why traditional controls fall short. The discussion covers real-world adoption, emerging attack surfaces, and Max’s DAMSIC framework for securing agentic AI in production. Max is an Independent Principal Cyber Security Consultant with many years experience delivering penetration testing and red teaming in fast-paced London consultancies. He has a special interest in AI, and AI security. Resources mentioned in this podcast: Max's LinkedIn profileMax's Substack blogSecure Agentics (Max's company LinkedIn page)DSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg

DSO Overflow S5EP5 Saving $20,000 a year by self-hosting a map server with Vimal Paliwal In this episode, Vimal Paliwal talks about how he led a migration project that saved his organisation $20,000 annually. He talks about how he overcame challenges he faced resulting from compute and storage demands. Vimal discusses how he ensured cost-efficiency and security by implementing a fully serverless architecture using AWS CloudFront, Lambda authorisers, and WAF, integrating robust domain whitelisting and access control. We finish this conversation by reflecting on lessons learned from this project. Vimal is a part of the AWS Community Builders program, where he actively contributes to knowledge-sharing efforts across the cloud ecosystem by writing on real-world implementations and best practices. In addition, Vim has spent several years as an AWS Authorized Instructor, during which he trained over 1,000 professionals. Resources mentioned in this podcast: Vimal's LinkedIn profileVimal's blog post about this projectVimal's GitHub repoDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg

DSO Overflow S5EP4 Threat modelling and AI with Petra Vukmirovic In this episode Petra Vukmirovic, head of information security and technology at Numan, shares her experience of threat modelling within an AI landscape drawing from her background in medicine to highlight similarities between differential diagnosis and threat modelling. She discusses the opportunities and the risks of integrating AI into security workflows as well as exploring evolving methodologies and updated frameworks to address modern threats. Petra is also an OWASP Project Leader for the OWASP Threat Model Library, a public speaker, and leader in cybersecurity. Resources mentioned in this podcast: Petra's LinkedIn profileNuman's websiteOWASP Threat Model LibraryDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. Thanks to Janet Mesh and Jessica Martinez from Aimtal for editing this episode of the DSO Overflow podcast Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg

DSO Overflow S5EP3 AI and auto-remediation with Jonathan Schneider In this episode Jonathan Schneider discusses his path from Netflix to founding Moderne, focusing on large-scale software modernisation. The conversation covers the promise and pitfalls of AI and auto-remediation. Jonathan advocates for empowering developers with self-service, pull-based tooling rather than top-down changes and emphasises collaboration between security and engineering to reduce technical toil so developers can focus on innovation. Resources mentioned in this podcast: Jonathan's LinkedIn profileModerne's websiteOpenRewrite by ModerneDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. Thanks to Janet Mesh and Jessica Martinez from Aimtal for editing this episode of the DSO Overflow podcast Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg

DSO Overflow S5EP2 Vulnerability Management, Supply Chain threats and AI with Mackenzie Jackson In this episode of DSO Overflow, Mackenzie Jackson discusses his transition from GitGuardian to Aikido Security, where he focuses on Application Security Posture Management (ASPM). He explains ASPM as an integrated platform that consolidates security tools. The conversation explores Aikido Security's use of open-source tools and AI to minimise false positives and streamline vulnerability management. The discussion also covers challenges with open-source vulnerability disclosure processes. Resources mentioned in this podcast: Mackenzie's LinkedIn profileAikido Security websiteWhite Rabbit NeoWired's article on the XZ backdoor incidentCISA's article on tj_actions compromiseMackenzie's The Security Repo PodcastDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg

DSO Overflow S5EP1 Security the Software Supply Chain with Francois Proulx In this episode, featuring Francois Proulx, a senior product security engineer, we discuss software supply chain security, particularly the security of build pipelines and dependencies. Francois shares insights on defining supply chains, identifying vulnerabilities, threat modeling, and strategies to improve security. The conversation explores topics like the SALSA framework, risk factors in CI/CD pipelines, and reducing complexity in dependencies. The discussion emphasizes threat awareness, holistic approaches, and the importance of isolating critical processes in software development. Practical tools and insights on research and AI’s role in security were also touched upon. Resources mentioned in this podcast: Francois' LinkedIn profileBoost blog siteBoost on GitHubSLSA websiteDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. This podcast is brought to you by our sponsors: Prisma Cloud, Tigera and Apiiro Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg

DSO Overflow S4EP10 Threat Modelling with Ashley Ward In this month's episode, Steve and Glenn chatted with Ashley Ward to discuss topics around threat modelling. Ashley is a highly experienced CTO at ControlPlan with expertise in cloud-native architectures and cybersecurity, known for leading transformative initiatives across startups and large enterprises, including as Group CTO for a €4.5 billion company. He excels in scaling organisations through agile, FinOps, and DevSecOps, while inspiring teams and engaging with stakeholders at all levels. As a Justice of the Peace since 2017, Ashley brings additional strengths in decision-making, public speaking, and community-focused leadership. In this episode of DSO Overflow, Ashley Ward, CTO at Control Plane, discusses threat modelling in cloud-native environments, security challenges, and the impact of emerging technologies like AI. Ward explains that threat modeling should start with existing knowledge and highlights the benefits of collaborative, iterative approaches. He emphasises involving various teams in the process to account for application, platform, and infrastructure layers. Ward also discusses practical frameworks, such as the CIA triad and STRIDE, and points out the specific challenges in cloud-native threat modelling, like microservices and fast-paced release cycles. Regarding AI, he cautions about the heightened risks, as AI democratises hacking capabilities. Ward advocates for using AI thoughtfully in threat modelling and encourages companies to adopt proactive security strategies. He concludes by encouraging organisations to embrace threat modelling as an evolving, essential practice. Resources mentioned in this podcast: Ashley Ward's LinkedIn profileControlPlane websiteDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. This podcast is brought to you by our sponsors: Prisma Cloud, Tigera and Apiiro Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg

DSO Overflow S4EP9 Open Source Integrity with Luke Hinds In this month's episode, Jessica and Glenn chatted with Luke Hinds to discuss topics around Open Source integrity and provenance. Luke is a co-founder and the CTO at Stacklok who loves building open source software and communities, as well as leading talented engineering teams to develop innovative cutting edge security technologies at scale. In this episode, Luke talks about the challenges of ensuring open source software integrity and provenance using cryptographic technologies and automated signing of software within the CICD pipeline using a non-profit software cryptographic signing service. He talks about managing developer expectations and how security should enable software development. We briefly discuss the dangers of putting too much trust into AI and the data that supports GenAI models. Resources mentioned in this podcast: Luke Hind's LinkedIn profileStacklok on LinkedInStacklok's websitesigstore on LinkedInsigstore websiteslsa websiteMinder websiteMinder on GitHubDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. This podcast is brought to you by our sponsors: Prisma Cloud, Tigera and Apiiro Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg

DSO Overflow S4EP8 Cloud Native and Kubernetes with Steve Wade and Michael Foster In this month's episode, Steve met with Steve Wade and Michael Foster to talk about the Cloud Native Club and new and future developments in Kubernetes. Steve Wade founded The Cloud Native Club, a global community for cloud-native enthusiasts. He is also a maintainer of the Flux Terraform Provider. As an experienced conference speaker, independent cloud-native consultant, and trainer, Steve shares his expertise worldwide. He has held platform leadership roles across various industries, including real estate, gaming, fintech, and the UK Parliament. With a BSc in Computer Science, Steve is passionate about cloud-native software development and distributed computing. Michael Foster regards himself as a passionate tech enthusiast and open-source advocate with a multidisciplinary background. Understands the importance of community and being a good communicator. Great problem solver, quick thinker, constant learner, and someone who is process-orientated. Able to conceptualize, coordinate, and implement by paying attention to detail while seeing the big picture. I am continually working to bridge the gap between tech and business. In this episode, Steve Wade introduces his new community called the Cloud Native Club while Steve Giguere and special guest host Michael Foster (Red Hat) introduces The State of Kubernetes Security report as an anchor to pick Steve Wade’s brain on everything from how we secure cloud native to AI’s influence on Kubernetes now and in the future. Cloud Native Club: The Cloud Native Club is a global community I founded in July 2024, dedicated to connecting cloud-native enthusiasts from all walks of life, no matter where they are in the world. Inspired by my journey transitioning from a football career to the tech industry, I quickly realised the immense value of community in fostering growth and success. However, I also saw that many people, especially those in remote areas, lacked access to the supportive networks that can be crucial for learning and development. The Cloud Native Club was created to bridge that gap. It’s a place where anyone—from beginners to seasoned professionals—can come together to learn, share, and grow in the cloud-native space. Through our forum, weekly hangouts, and YouTube series like "My Journey" and "Project Spotlight," we aim to make cutting-edge cloud-native knowledge accessible to everyone while fostering a strong, supportive, and inclusive community. Resources mentioned in this podcast: Steve Wade's LinkedIn profileSteve Wade's Twitter profileThe Cloud Native Club on LinkedInThe Cloud Native Club on TwitterThe Cloud Native Club on YouTubeMichael Foster's LinkedIn ProfileDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. This podcast is brought to you by our sponsors: Prisma Cloud, Tigera and Apiiro Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg Dev

DSO Overflow S4EP7 Managing the risks that really matter with Sam Watkins In this month's episode, Glenn and Jessica speak with Sam Watkins to talk about a new paradigm for managing risks. Sam Watkins is an accomplished engineer working at BT in the UK. Sam is driven by a passion for driving change through the implementation of technological solutions, possessing the expertise in impacting organisational capability and performance, catering to business needs by early adaption of futuristic technological trends, and enabling organisations to meet the business needs. In this episode, Sam reveals to Jess and Glenn the exciting work she is doing at BT, a major telecommunication company in the UK to improve the organisation's application security posture. You will hear Sam talk about challenging the current paradigm of managing vulnerabilities to a paradigm of managing weaknesses. Sam discusses the risks that really matter while remaining empathetic to the needs of everyone within the organisation including compliance, engineering and risk management. Resources mentioned in this podcast: Sam's LinkedIn profileSam's personal websiteCommon Weakness EnumerationDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. This podcast is brought to you by our sponsors: Prisma Cloud, Tigera and Apiiro Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg DevSecOps - London Gathering Keep in touch with our events associated with this podcast via our website. For more about DevSecOps - London Gathering check out https://dsolg.com

DSO Overflow S4EP6 Security in front-end application development with David Mytton In this month's episode, Glenn speaks with David Mytton to talk about how to make sure front-end development is secure. David Mytton is the CEO of Arcjet, a devtools software startup that helps developers protect their apps. He also writes the weekly Console.dev devtools newsletter which helps developers find the best tools. He's an angel investor in >30 early-stage developer-first startups and is working towards an Engineering Science PhD in sustainable computing at the University of Oxford. His research has been featured in The Times, WSJ, Financial Times, Fast Company, Computer Weekly, and Sky News.. In this episode, David and Glenn cover the main security challenges and security hygiene affecting front-end application development. They discuss a broad range of topics including software dependencies, input validation, securing environment variables, and many other security related topics that all developers should consider when developing front-end applications. Resources mentioned in this podcast: David's LinkedIn profileDavid's blogConsole.devDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. This podcast is brought to you by our sponsors: Prisma Cloud, Tigera and Apiiro Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg DevSecOps - London Gathering Keep in touch with our events associated with this podcast via our website. For more about DevSecOps - London Gathering check out https://dsolg.com

DSO Overflow S4EP5 LLM and GenAI security with John Boero In this month's episode, Jess and Glenn speak with Field CTO at TeraSky John Boero to talk about LLMs and GenAI. John lives in London and has 20 years in the IT industry developing and consulting for Red Hat, Puppet, HashiCorp, and more with emphasis on performance and security. In this episode, John talks about the inherent risks of using LLMs and GenAI and provides some hints on how to benefit from using them effectively. He discusses the technical details involved in LLMs to give listeners a better understanding of what's under the hood of GenAI models. Resources mentioned in this podcast: John's LinkedIn profileTerraSky's websiteDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. This podcast is brought to you by our sponsors: Prisma Cloud, Tigera and Apiiro Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg DevSecOps - London Gathering Keep in touch with our events associated with this podcast via our website. For more about DevSecOps - London Gathering check out https://dsolg.com

DSO Overflow S4EP4 IoT, AI and DevSecOps with Darren Richardson In this month's episode, Jess and Glenn speak with networking graduate, security enthusiast, coder and giant with a great bushy beard Darren Richardson from Eficode. Darren is an IT graduate specializing in system administration, network operation and information security with experience in Cisco IOS operation and network management. He has a passion for information security with a bias towards offensive security and ethical hacking. In this episode, Darren talks about the inherent security challenges of using IoT devices, and discusses the intersection of AI and DevSecOps and how AI is changing the way we do DevOps. Resources mentioned in this podcast: Darren's LinkedIn profileEficode's websiteDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. This podcast is brought to you by our sponsors: Prisma Cloud, Tigera and Apiiro Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg DevSecOps - London Gathering Keep in touch with our events associated with this podcast via our website. For more about DevSecOps - London Gathering check out https://dsolg.com

DSO Overflow S4EP3 Paving the Road to Effective Software Development with Sarah Wells In this month's episode, Jess and Glenn speak with Sarah Wells an independent tech consultant, author formerly the Technical Director for Engineering Enablement at the Financial Times to talk about how to balance developer autonomy with standardisation. Sarah is a technology leader, consultant and conference speaker with a focus on microservices, engineering enablement, observability and devops. She has over 20 years experience as a developer, principal engineer and tech director across product, platform, SRE and devops teams. She spent over a decade at the Financial Times, leading as it transformed into a true cloud native organisation, releasing code 250 times as often and embracing autonomous empowered teams. In this episode, Sarah shares her experience of transforming a software devlivery programme throgh balancing autonomy with standardisation. She discusses how she moved from monthly releases to multiple releases a day bringing focus, flow and joy to the organisation's engineering community. Resources mentioned in this podcast: Sarah's LinkedIn profileEnabling Microservice Success bookSarah's consultancy websiteDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. This podcast is brought to you by our sponsors: Prisma Cloud, Apiiro, and Sysdig Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg DevSecOps - London Gathering Keep in touch with our events associated with this podcast via our website. For more about DevSecOps - London Gathering check out https://dsolg.com

DSO Overflow S4EP2 Resilient Cybersecurity with Kennedy Torkura In this month's episode, Steve and Glenn speak with Kennedy Torkura from Mitigant to talk about how to build cyber resiliency into your organisation. Kennedy is a cybersecurity professional, CTO and co-founder at Mitigant who specialises continuous security verification and making cybersecurity resilience a first-class citizen in the cloud. Kennedy holds a doctorate in cybersecurity whose thesis covers continuous security paradigms in cloud-native infrastructure. He is also a contributor to the book Security Chaos Engineering released in 2023. In this episode, Kennedy talks about security chaos engineering and how to build security resilience into your organisation. He tells us wha security security chaos engineering (SCE) is, how to start with SCE, and how SCE builds resilience. We also discuss the concepts around detect and respond and how cyber attack emulation creates a more cyber resilient mindset. Resources mentioned in this podcast: Kennedy's LinkedIn profileKennedy's Mitigant blogKennedy's MediumMitigant.ioSecurity Chaos Engineering (book)Netflix Chaos MonkeyDSO Overflow with Aaron Rinehart and Kennedy TorkuraDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. This podcast is brought to you by our sponsors: Prisma Cloud, Apiiro, and Sysdig Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg DevSecOps - London Gathering Keep in touch with our events associated with this podcast via our website. For more about DevSecOps - London Gathering check out https://dsolg.com

DSO Overflow S4EP1 Contract First Development with Holly Cummins In this month's episode, Steve, Jess and Glenn speak with Holly Cummins to talk about how to API contracts and Contract First Development. Holly Cummins is a Senior Principal Software Engineer on the Red Hat Quarkus team and a Java Champion. Over her career, Holly has been a full-stack javascript developer, a WebSphere Liberty build architect, a client-facing consultant, a JVM performance engineer, and an innovation leader. Holly has used the power of cloud to understand climate risks, count fish, help a blind athlete run ultra-marathons in the desert solo, and invent stories (although not at all the same time). She gets worked up about sustainability, technical empathy, extreme programming, the importance of proper testing, and automating all the things. You can find her at http://hollycummins.com, or follow her on socials at @holly_cummins(@hachyderm.io) Resources mentioned in this podcast: PactMicrocksMore on Quarkus' Pact support (and contract testing in general)A nice introduction to ‘contract-first’ app development, with a deeper discussion of an ‘ideal’ lifecycleSam Newman's book (Building Microservices)Holly's coordinates: https://hachyderm.io/@holly_cumminshttps://www.linkedin.com/in/holly-k-cummins/https://twitter.com/holly_cumminshollycummins.comDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. This podcast is brought to you by our sponsors: Prisma Cloud, Apiiro, and Sysdig Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg DevSecOps - London Gathering Keep in touch with our events associated with this podcast via our website. For more about DevSecOps - London Gathering check out https://dsolg.com

DSO Overflow S3EP12 The world of OWASP with Sam Stepanyan In this month's episode, Steve and Glenn speak with Sam Stepanyan who was recently voted onto the OWASP board. Sam tells us about his involvement with OWASP, the origins of OWASP, and what the future hold for OWASP. Sam is an OWASP London Chapter Leader, elected OWASP board member and an Independent Application Security Consultant with over 20 years of experience in the IT industry with a background in software engineering and web application development. Sam has worked for various financial services institutions in the City of London specialising in Application Security consulting, Secure Software Development Lifecycle (SDLC), developer training, source code reviews and vulnerability management. Sam holds a Master’s degree in Software Engineering and a CISSP certification. Resources mentioned in this podcast: Sam's LinkedIn ProfileSam's X (formerly Twitter)OWASP ProjectsOWASP Application Security Verification Standard (ASVS)OWASP Mobile Application SecurityOWASP Low-Code/No-Code Top 10OWASP AI ExchangeOWASP Top 10 for LLMsOWASP CheatSheet seriesOWASP MembershipDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. This podcast is brought to you by our sponsors: Prisma Cloud, Apiiro, and Sysdig Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg DevSecOps - London Gathering Keep in touch with our events associated with this podcast via our website. For more about DevSecOps - London Gathering check out https://dsolg.com

DSO Overflow S3EP11 Storing secrets with Mackenze Jackson In this month's episode, Steve, Jess and Glenn speak with Mackenzie Jackson to talk about managing secrets and digital authentication credentials in distributed architectures. In particular, Mackenzie digs into the concepts of secrets sprawl, and how we can keep secrets safe. Mackenzie is currently the developer advocate at GitGuardian, a developer-first cybersecurity company based in Paris that is focused on helping keep secrets and credentials out of source code. Mackenzie is passionate about technology and building a community of engaged developers to shape future tools and systems. As the co-founder and former CTO of startup Conpago, Mackenze understands the importance of solid operational and security foundations in any tech team and the importance of in-depth security processes and policies. Resources mentioned in this podcast: Mackenzie's LinkedIn profileMackenzie's X (FKA Twitter)GitGuardianDSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. This podcast is brought to you by our sponsors: Prisma Cloud, Apiiro, and Sysdig Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg DevSecOps - London Gathering Keep in touch with our events associated with this podcast via our website. For more about DevSecOps - London Gathering check out https://dsolg.com

DSO Overflow S3EP10 Private end-points with Jonathan D'Aloia In this episode, Glenn, Jess and Steve are joined by Jonathan D'Aloia from Adatis to talk about benefits and challenges of using private end-points. Jonathan is a Principal DevOps Engineer at Adatis (part of Telefonica Tech) and is also an Azure Certified DevOps engineer and certified Cloud Solution Architect. Jonathan works with Infrastructure as code languages such as BICEP, Terraform and ARM templates, writes and designs YAML templates to automate the deployment of the Infrastructure as well as pipelines to deploy the code base to these resources. In this episode, Jonathan talks about his journey to Azure certification, the challenges of using public end-points and how private end-points can help overcome those challenges. He also explains some of the pitfalls of using private end-points ensuring our listeners are better informed when they decide to review their end-point security architecture. Resources mentioned in this podcast: Jonathan's LinkedIn profileAzure certification by MicrosoftAdatis (part of Telefonica Tech)DSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. This podcast is brought to you by our sponsors: Prisma Cloud, Apiiro, and Sysdig Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg DevSecOps - London Gathering Keep in touch with our events associated with this podcast via our website. For more about DevSecOps - London Gathering check out https://dsolg.com

DSO Overflow S3EP9 Container Security with Rony Moshkovich In this episode, Glenn and Jess are joined by Rony Moshkovich, co-founder & CPO at Prevasio, an AlgoSec company to talk about adopting a container security programme. Rony has extensive experience with cloud platform development, developing cloud-hosted service platforms for companies such as NTT, Symantec, HCL, CA, and more. A true veteran of the antivirus industry, Rony has worked as Development Director and Malware Research Lab Manager for CA\HCL and PC Tools\Symantec. Having many years of extensive experience in building and managing security research labs, Rony is a recognised expert in Threat Management and Identity Access Management solutions for various markets. Resources mentioned in this podcast: Rony's LinkedIn profileCloud Native Computing Foundation (CNCF)Prevasio (and AlgoSec company)DSO Overflow is a DevSecOps London Gathering production. Find the audio version on all good podcast sources like Spotify, Apple Podcast and Buzzsprout. This podcast is brought to you by our sponsors: Prisma Cloud,, Apiiro, and Sysdig Your Hosts Steve Giguere linkedin.com/in/stevegiguere Glenn Wilson linkedin.com/in/glennwilson Jessica Cregg linkedin.com/in/jessicacregg DevSecOps - London Gathering Keep in touch with our events associated with this podcast via our website. For more about DevSecOps - London Gathering check out https://dsolg.com