Mitch and Alan discuss Dagger's Solomon Hyke interview on modernizing DevOps pipelines the current realities of open source, the growth in software supply chain attacks and the value of doing smaller code reviews.

Links Referenced in Podcast:

https://devclass.com/2024/02/12/from-docker-to-dagger-solomon-hykes-on-modernisation-of-the-devops-pipeline/

https://devops.com/the-practicalities-of-open-sourcing

https://devops.com/survey-cyberattacks-aimed-at-software-supply-chains-are-pervasive

https://devops.com/improve-efficiency-with-smaller-code-reviews

Modernizing DevOps Pipelines, Open Source and Supply Chain Security

When two legends in the InfoSec world start a new company, people take notice. Jeremiah Grossman and Robert "RSnake" Hansen recently announced their new venture BitDiscovery (http://www.bitdiscovery.com) was coming out of stealth, fresh off a venture raise and the acquisition Robert's company, Outside Intel. 
BitDiscovery offers a radically different way of doing asset inventory and website discovery. Rather than scanning when you want to discover your assets, with BitDiscovery, you just query the master database that the company has assembled and it tells you what it has already found there. 
This is possible because BitDiscovery keeps a snapshot updated constantly of just about the entire Internet. That is one Big Data based solution right there. 
Robert and Jeremiah are just the kind of guys to make something like this work. Also after speaking to them, I believe that with that kind of data, there will be a lot more uses for this technology that will present themselves to the BitDiscovery team.  
With the track record of these two pioneers, look for big things!

Security Boulevard Chats

BitDiscovery - A Revolutionary Way To Track All Of Your Digital Assets

Written by Nicole Rodriguez
Produced by Tyler Postiglione
Additional Production/Mixing by Phil Joly
Mastered by Heba Kadry

Drums by Tj Rickette

Forgive Yourself

Martin McKeay, a cybersecurity veteran, joins us to review Akamai's latest State of The Internet report (SOTI). This SOTI edition, dubbed Financial Services Attack Economy, highlights the vast array of cyber attacks targeted at the financial systems ecosystem over the past 18 months.

Martin highlight from the report includes readily available lists of compromised user IDs and passwords, stuffing attacks, low cost or free All-In-One (AIO) attack tools, and the characteristics of phishing attacks against enterprises versus financial institutions. And more.

Join us on this episode of DevOps Chat with Martin McKeay, Editorial Director, Akamai. The full report is available at www.akamai.com/soti/

Akamai Financial Services Attack Economy Report with Martin McKeay

Cockroach Labs the folks behind CockroachDB recently announced another round of funding as they continue their mission to allow you to scale your data without complexity.

We spoke with CEO Spencer Kimball about their plans and how Cockroach Labs shall inherit the DB world

DevOps Chat

Cockroach Labs Mission to Scale Data w/0 Complexity Receives More Funding

ZeroNorth has from its founding been focused on bringing a DevSecOps solution to market that was unique and effective. They have brought on industry veteran, John Worrall as the CEO to join Chairman and Founder, Ernest DiGiambattista and the rest of the team to help organizations with DevSecOps. They have also recently raised $10m in funding to help the cause.

In this DevOps Chat we sit down with Ernest and John and talk about the new course that ZeroNorth is charting

Charting a New Course in DevSecOps @ ZeroNorth

Dr Mik Kersten always brings a fresh perspective on what is happening in the world of DevOps and value stream management. He is beyond bright, but explains things in a way that everyone can understand.

I had a chance to catch up with Mik and find out what was the latest with Tasktop. Have a listen to this great interview

Tasktop Update, Project to Product

On a project to move one of Google’s Fortune 500 customers to Google Cloud, Google Kubernetes Engine (GKE), and Spinnaker open source, our DevOps Chat guest ran into the message “hang tight". No scripts or documentation. Not to be delayed, Miles Matthias, Google Cloud Consultant with Container Heroes, filled the gap and contributed his work back to the Spinnaker community.

This episode of DevOps Chats features a preview of Mile’s talk, “Monitoring Spinnaker with Prometheus Operator on GKE” he is is giving on Saturday, November 16th, 3:45 pm PT, at Spinnaker Summit 2019. Miles also talks quite a bit about Canary testing in this episode.

Monitoring Spinnaker with Prometheus on GKE, Spinnaker Summit 2019

In the traditional datacenter world, security was (or is) very network-centric. Firewalls, IDS, Network Access Control, focus on the aggregation of all traffic traversing in, out, and across the network. Cloud-native applications rely upon different constructs and methods of building applications. It's not just the software and technology stack that requires different security in the cloud-native era.

We can't just surround cloud-native applications with security; we must build in security. And to do that requires you understand how container and microservices applications are made using DevOps. You must think about how DevOps works to build in security properly. Enter Lacework, a platform built for DevOps teams to build security into cloud-native applications.

Vikram Kapoor, Lacework Co-Founder and CTO, joins DevOps Chat to explore API-centric applications and infrastructure-as-code. We discuss how to build security into cloud-native applications through the DevOps-based software creation process, and not only rely on runtime security technologies. Vikram also discusses some of the planned uses for the recent $42m round of funding.

Why Cloud Native, API Centric Apps Require Built-In Security, Lacework

"DevOps Chats" by Techstrong Group, the force behind industry-leading platforms like DevOps.com, Cloud Native Now, Security Boulevard, Techstrong.ai, DigitalCxO, and Techstrong.TV, is your premier destination for all things DevOps. Hosted by industry veterans Alan Shimel and Mitchell Ashley, this podcast series delves deep into the world of DevOps, bringing you the latest trends, innovative strategies, and insightful discussions that matter.

Each episode of "DevOps Chat" is a journey through the evolving landscape of DevOps, featuring interviews with thought leaders, practitioners, and change-makers who are shaping the future of technology. Whether you're a developer, operations professional, IT leader, or tech enthusiast, Alan and Mitchell ensure you stay informed, engaged, and ahead of the curve.

From continuous integration and delivery to cloud-native development and cybersecurity, "DevOps Chat" covers the spectrum, offering valuable lessons, expert advice, and engaging stories. Tune in to explore how DevOps principles and practices are transforming the tech industry, driving efficiency, enhancing security, and fostering innovation.

Join us at "DevOps Chat" for your regular dose of DevOps insights, inspiration, and community. It's not just a podcast; it's your gateway to the forefront of the DevOps movement. Subscribe now and be part of the conversation that's setting the pace for the future of technology.

Modernizing DevOps Pipelines, Open Source and Supply Chain Security

DevOps.com

Related tracks