DevOps.com

When two legends in the InfoSec world start a new company, people take notice. Jeremiah Grossman and Robert "RSnake" Hansen recently announced their new venture BitDiscovery (http://www.bitdiscovery.com) was coming out of stealth, fresh off a venture raise and the acquisition Robert's company, Outside Intel. 
BitDiscovery offers a radically different way of doing asset inventory and website discovery. Rather than scanning when you want to discover your assets, with BitDiscovery, you just query the master database that the company has assembled and it tells you what it has already found there. 
This is possible because BitDiscovery keeps a snapshot updated constantly of just about the entire Internet. That is one Big Data based solution right there. 
Robert and Jeremiah are just the kind of guys to make something like this work. Also after speaking to them, I believe that with that kind of data, there will be a lot more uses for this technology that will present themselves to the BitDiscovery team.  
With the track record of these two pioneers, look for big things!

Security Boulevard Chats

BitDiscovery - A Revolutionary Way To Track All Of Your Digital Assets

Written by Nicole Rodriguez
Produced by Tyler Postiglione
Additional Production/Mixing by Phil Joly
Mastered by Heba Kadry

Drums by Tj Rickette

Forgive Yourself

Agile, DevOps, multiple cloud providers, serverless, contemporary cloud native apps, shadow IT using a credit card…it can be daunting for any IT organization to be responsive to the internal customer needs. It’s even tougher to be proactive and get ahead of the curve. Enter Cloud Management Platforms (CMP).

On this episode of DevOps Chat, we talk with Bernard Sanders (no, not the presidential candidate), CTO of CloudBolt. Our conversation explores how IT can use a CMP to provide the IT and self-service capabilities so DevOps and Agile teams won’t feel the pain and slowdown of IT past. Learn more about CloudBolt’s products at www.cloudbolt.io.

Hybrid and Multi-Cloud Management For DevOps, CloudBolt

Should we secure containers? How do we secure containers? How do we secure serverless computing architectured apps? With code repositories growing rapidly with each container we create, our guest John Kinsella, VP of Engineering - Container Security at Qualys, has some sage advice for securing containers. 

Containers are not intended to isolate code from security vulnerabilities, containers are designed for packaging and use. Which of my containers have a vulnerable version of OpenSSL installed in them? Integrating vulnerability scanning into the CI/CD process gives developers information to catch vulnerabilities in open source code before it hits production. 

Join us on this episode of DevOps Chat as we dive into the container security insights John Kinsella of Qualys has to offer.

Container Security in an Open Source World, Qualys

Michael Coates is on a mission, a journey, an unassailable quest. 

You don't come away from senior security leadership roles at Twitter and Mozilla without some real-world lessons of how to improve cybersecurity. Those lessons inspired our guest Michael Coates, former Twitter CISO, to co-found his new startup Altitude Networks. 

While we don't yet know all the details about Altitude Networks, we know Michael is addressing the protection of data when using cloud collaboration software like Google Drive, Box, Dropbox, Office 365 and other online collaboration services. 

Michael shares with us the lessons he learned from security roles at Twitter and Mozilla is applying at Altitude Networks. Security products need to be designed to solve problems and alleviate work, not make work. And security needs to enable end-users to get their work done and not interrupt them with confusing popups, options, and decisions most end users won't understand. 

Join us on this episode of DevOps Chat to get the latest on Michael Coates and his new company Altitude Networks. You can sign up for Michael's new newsletter at https://hubs.ly/H0jvMBN0 .

A CISO's Quest For Better Security, Michael Coates, Altitude Networks

Martin McKeay, a cybersecurity veteran, joins us to review Akamai's latest State of The Internet report (SOTI). This SOTI edition, dubbed Financial Services Attack Economy, highlights the vast array of cyber attacks targeted at the financial systems ecosystem over the past 18 months.

Martin highlight from the report includes readily available lists of compromised user IDs and passwords, stuffing attacks, low cost or free All-In-One (AIO) attack tools, and the characteristics of phishing attacks against enterprises versus financial institutions. And more.

Join us on this episode of DevOps Chat with Martin McKeay, Editorial Director, Akamai. The full report is available at www.akamai.com/soti/

Akamai Financial Services Attack Economy Report with Martin McKeay

The software development tool needs of a 2-3 person team can be much different than those of a large enterprise. CI/CD is a common approach nearly all software teams establish. But what needs of a larger software organization to you adopt early on and which simply adds more complexity than benefit?

Rob Zuber, CTO of CircleCI, began tackling this problem in the mobile space and then moved to CircleCI to help create what is now a well established SaaS-based CI/CD offering to software teams of all sizes. Join us on this episode of DevOps Chat and take away some valuable CI/CD lessons for your organization.

CI/CD Scalability Lessons - Startup to Enterprise, CircleCI

Network technology has undergone its own transformation in parallel with cloud infrastructure, how we create software, and the adoption of DevOps. SDN, NFV, virtual network appliances, and an ever-expanding suite of APIs making network and security technologies much more accessible to developers.

Network engineers' worlds are rapidly changing too. From highly skilled to associate-level, all network engineers are faced with building up a new and necessary skill: software development. Learning software dev can be a daunting, even intimidating proposition even for someone already skilled in the network engineer domain. 

So, how do we lift up the community of network engineers and help them build their development chops? How can software and DevOps engineers easily get access to all the programmatic interfaces that configure, manage and control the network? 

These questions and more we explore with Susie Wee, Founder, Senior Vice President, and CTO of Cisco DevNet. DevNet is an online resource full of information for app developers, infrastructure developers, and network and DevOps engineers. On DevNet you'll find training (Python, API, and more), sandboxes for experimentation, code exchanges (including GitHub), CI/CD, and new Cisco certifications for software. Check out DevNet at https://developer.cisco.com.

Cisco DevNet - DevOps and the Programmable Network, Susie Wee

Red Hat Linux is a staple of most enterprise IT organization's software diets. Developers and IT leaders all over the world took notice when IBM acquired Red Hat. Will IBM Red Hat change? Will Red Hat continue to operate as it does today or will it be subsumed and disappear into some IBM business unit? Will IBM Red Hat still contribute to projects and tools like Kubernetes, JBoss, Fuse, OpenJDK, Eclipse IDE, and many others (https://redhatofficial.github.io/#!/main)? All are important questions.

Brad Micklea, Lead of the Developer Program and Tools at IBM, joins DevOps Chat to talk about the future of Red Hat as part of IBM. Brad sends a strong message that Red Hat will remain focused on the developer community and tools for Linux, Kubernetes, Java, DevOps, and others. 

Join us as we talk with Brad about the future of Red Hat, DevOps, and open source developer tools.

Red Hat Developer Experience in the IBM Era, Brad Micklea

Cockroach Labs the folks behind CockroachDB recently announced another round of funding as they continue their mission to allow you to scale your data without complexity.

We spoke with CEO Spencer Kimball about their plans and how Cockroach Labs shall inherit the DB world

DevOps Chat

Cockroach Labs Mission to Scale Data w/0 Complexity Receives More Funding

ZeroNorth has from its founding been focused on bringing a DevSecOps solution to market that was unique and effective. They have brought on industry veteran, John Worrall as the CEO to join Chairman and Founder, Ernest DiGiambattista and the rest of the team to help organizations with DevSecOps. They have also recently raised $10m in funding to help the cause.

In this DevOps Chat we sit down with Ernest and John and talk about the new course that ZeroNorth is charting

Charting a New Course in DevSecOps @ ZeroNorth

Dr Mik Kersten always brings a fresh perspective on what is happening in the world of DevOps and value stream management. He is beyond bright, but explains things in a way that everyone can understand.

I had a chance to catch up with Mik and find out what was the latest with Tasktop. Have a listen to this great interview

Tasktop Update, Project to Product

On a project to move one of Google’s Fortune 500 customers to Google Cloud, Google Kubernetes Engine (GKE), and Spinnaker open source, our DevOps Chat guest ran into the message “hang tight". No scripts or documentation. Not to be delayed, Miles Matthias, Google Cloud Consultant with Container Heroes, filled the gap and contributed his work back to the Spinnaker community.

This episode of DevOps Chats features a preview of Mile’s talk, “Monitoring Spinnaker with Prometheus Operator on GKE” he is is giving on Saturday, November 16th, 3:45 pm PT, at Spinnaker Summit 2019. Miles also talks quite a bit about Canary testing in this episode.

Monitoring Spinnaker with Prometheus on GKE, Spinnaker Summit 2019

In the traditional datacenter world, security was (or is) very network-centric. Firewalls, IDS, Network Access Control, focus on the aggregation of all traffic traversing in, out, and across the network. Cloud-native applications rely upon different constructs and methods of building applications. It's not just the software and technology stack that requires different security in the cloud-native era.

We can't just surround cloud-native applications with security; we must build in security. And to do that requires you understand how container and microservices applications are made using DevOps. You must think about how DevOps works to build in security properly. Enter Lacework, a platform built for DevOps teams to build security into cloud-native applications.

Vikram Kapoor, Lacework Co-Founder and CTO, joins DevOps Chat to explore API-centric applications and infrastructure-as-code. We discuss how to build security into cloud-native applications through the DevOps-based software creation process, and not only rely on runtime security technologies. Vikram also discusses some of the planned uses for the recent $42m round of funding.

Why Cloud Native, API Centric Apps Require Built-In Security, Lacework

"DevOps Chats" by Techstrong Group, the force behind industry-leading platforms like DevOps.com, Cloud Native Now, Security Boulevard, Techstrong.ai, DigitalCxO, and Techstrong.TV, is your premier destination for all things DevOps. Hosted by industry veterans Alan Shimel and Mitchell Ashley, this podcast series delves deep into the world of DevOps, bringing you the latest trends, innovative strategies, and insightful discussions that matter.

Each episode of "DevOps Chat" is a journey through the evolving landscape of DevOps, featuring interviews with thought leaders, practitioners, and change-makers who are shaping the future of technology. Whether you're a developer, operations professional, IT leader, or tech enthusiast, Alan and Mitchell ensure you stay informed, engaged, and ahead of the curve.

From continuous integration and delivery to cloud-native development and cybersecurity, "DevOps Chat" covers the spectrum, offering valuable lessons, expert advice, and engaging stories. Tune in to explore how DevOps principles and practices are transforming the tech industry, driving efficiency, enhancing security, and fostering innovation.

Join us at "DevOps Chat" for your regular dose of DevOps insights, inspiration, and community. It's not just a podcast; it's your gateway to the forefront of the DevOps movement. Subscribe now and be part of the conversation that's setting the pace for the future of technology.

Container Security in an Open Source World, Qualys

DevOps.com

Related tracks