Relating to DevSecOps
A Podcast dedicated to forging iron clad relationships between developers, engineers, operations, and security practitioners by discussing hot topics in the world of DevSecOps. This podcast aims to air out some of the common gripes, misconceptions, and hardships that these teams face in the real world every day.
Episodes
79 episodes
Episode #078: 🔥 Burn Your 30-page Policies: Tanya’s Got Better Ideas
In this must-listen episode of Relating to DevSecOps, Ken welcomes the ever-inspiring Tanya Janca, aka SheHacksPurple—author, AppSec expert, and champion of making security usable. Together, they dig into why so many application security polici...
•
Season 1
•
Episode 78
•
46:48
Episode #077: Is Google Eating the Cloud? 🔥 Wiz.io Acquisition Hot Takes
In this episode of Relating to DevSecOps, Ken Toler and Mike McCabe dive deep into Google's blockbuster acquisition of Wiz.io for a reported $32 billion. They explore the implications for cloud security, the consolidation of the DevSecOps tooli...
•
31:59
Episode #076: ShmooBalls & Open Source Brawls: DevSecOps, Risk, and the Final ShmooCon
Welcome to 2025! Ken and Mike kick off the new year with their security resolutions (or lack thereof) before diving into the bittersweet farewell to ShmooCon, one of the most beloved hacker conferences. Ken shares his experiences from the final...
•
Season 1
•
Episode 76
•
33:32
Episode #075: Ghosts of DevSecOps: Past, Present, and Future
In this special holiday-themed episode of Relating to DevSecOps, hosts Ken and Mike channel their inner Dickens with a retrospective journey through the "Ghosts of DevSecOps Past, Present, and Future." From lessons learned about securi...
•
Season 1
•
Episode 75
•
36:08
Episode #074: Battling Budgets in Security
In this episode of Relating to DevSecOps, hosts Ken and Mike tackle the complex challenges of managing security budgets in organizations of all sizes. From small, scrappy teams to sprawling enterprises, they explore how security leaders can nav...
•
Season 1
•
Episode 74
•
36:11
Episode #073: Staffing Security in DevSecOps
In this episode, Ken and Mike discuss the pressing issue of staffing security in the DevSecOps field. They explore the challenges of finding qualified application security professionals, the importance of diverse backgrounds in security roles, ...
•
Season 1
•
Episode 73
•
37:10
Episode #072: Measuring the Immeasurable: The Power and Pitfalls of Metrics in DevSecOps
Ken and Mike dive deep into the world of metrics and measurement in the context of security and DevSecOps. They explore the critical role metrics play in driving security improvements, from tracking vulnerabilities to gauging the effectiveness ...
•
Season 1
•
Episode 72
•
33:48
Episode #071: Retro Vibes with Retrospectives
Ken and Mike discuss the importance of postmortems in incident response and security incidents. They explore the definition of postmortems, the value of reflection, the challenges of blame, and the significance of actionable outcomes. They also...
•
Season 1
•
Episode 71
•
25:32
Episode: #070: Putting da BOM in SBOM and SCA
Ken and Mike discuss supply chain security, including software composition analysis (SCA) and software bill of materials (SBOM). They highlight the importance of understanding the components that make up your software and the risks associated w...
•
Season 1
•
Episode 70
•
39:32
Episode #069: Your SaaS is Grass
In this episode Mike and Ken dive into the wild world of SaaS products in DevSecOps. From vendors to security tooling hygiene they cover an often overlooked ecosystem of cloud and software services that may be rotting in the sky of your workloa...
•
Season 1
•
Episode 69
•
32:38
Episode #068: Data Breaches and DevSecOps
With pep and full youtube energy Ken and Mike discuss the findings of the IBM "Cost of a Data Breach" report and its implications for DevSecOps. They highlight the importance of integrating security into every phase of the software development ...
•
Season 1
•
Episode 68
•
34:17
Episode #067: Welcome to 2024! AppSec Resolutions and A Smhoocon Recap
Ken and Mike discuss their new year's resolutions related to application security. They also reflect on the impact of AI and its adoption in the industry. The hosts share their experiences attending conferences and highlight interesting talks o...
•
Season 1
•
Episode 67
•
35:27
Episode #066: Exploration of the Shifting Definition of Shifting Left
We are joined by incredible guests Mikhail Chechik and Marcus Hallberg as they help us define DevSecOps and emphasize the importance of a security mindset throughout the development process. These two incredible folks explore common misconcepti...
•
Season 1
•
Episode 66
•
42:33
Episode #065: LASCON 2023 Recap - AI, a Misunderstood Menace or Magic Bullet
On this episode of R2DSO Mike and Ken dive into their takeaways and experiences from LASCON 2023 in Austin, TX where AI was both a problem child and praised bringer of salvation in security. Vendors and companies alike are embracing AI with wid...
•
Season 1
•
Episode 65
•
33:11
Episode #064: Don't Instigate, Mitigate!
In this episode Ken and Mike dive directly into the meat with solutioning and mitigation. All too often security professionals finding themselves falling into the trap of focusing on vulnerability counts, evangelizing findings, and playing the ...
•
Season 1
•
Episode 64
•
31:32
Episode #063: Unscrambling CloudSecSoup with CSPM, Vuln Management, SIEMs, and Log Aggregators
In today's episode, we untangle the web of alphabet-soup technologies: CSPM, VM, SIEM, and Log Aggregators. We go beyond the buzzwords to give you a no-nonsense look at how these tools fit together, complement each other, or might even replace ...
•
Season 1
•
Episode 63
•
37:56
Episode #062: Cyber Sentinels: Ken and Mike in the DevSecOps Labyrinth
Dive headfirst into AppSec and Terraform security with Ken and Mike in this electrifying podcast episode. They demystify complex security concepts, offer golden nuggets on Cybersecurity programs as a DevSecOps concept, and provide a rare ...
•
Season 1
•
Episode 62
•
40:21
Episode #061: Fossilized Code & Future Clouds: Contrasting Worlds of Balance in Legacy Applications
Ken and Mike dive into the exciting world of modern application and cloud security, with a keen focus on the challenges posed by legacy systems. They explore the hurdles faced when dealing with older applications written in stalwart languages l...
•
Season 1
•
Episode 61
•
39:05
Episode #060: Precise Angles for Automation in DevSecOps Adventures
In this captivating episode of R2DSO hosts Ken and Mike embark on an exploration of security automation in the realms of application and cloud security. With a a keen understanding of the pitfalls, they emphasize the need for precision, consist...
•
Season 1
•
Episode 60
•
56:48
Episode #059: DevSecOps Pentesting, Possible or Preposturous?
In this action-packed episode, Ken, Mike, and Izzy (Ken's cat) dive headfirst into the wild world of DevSecOps Penetration Testing – is it possible or downright preposterous? Can we truly automate pentesting in this breakneck DevSecOps environm...
•
Season 1
•
Episode 59
•
43:25
Episode #058: Merging Your Mergers without Git Merge
Mike and Ken dive into the exciting topic of Mergers and Acquisitions. Take a bit of time out of your day to join them in their explorations of how M&As have affected operations for clients, companies, and security teams. Today they discuss...
•
Season 1
•
Episode 58
•
33:29
Episode #057: Security Without Compromise!
Join Mike and Ken as they discuss collaborative security work and what working together looks like in enterprise and organizations. In an effort to help people make better security decisions, in this episode they cover avoiding silos, working e...
•
Season 1
•
Episode 57
•
30:37
Episode #56: Respond Well in Incident Response with DevSecOps
Join Mike and Ken in their discussion about Incident Response and how it fits into the DevSecOps world and arena. Incident Response, logging and monitoring are hard problems to solve and Mike has some strong opinions on how to leverage and use ...
•
Season 1
•
Episode 56
•
34:47
Episode #055: Engineering Empathy with Hecber Cordova
We dive back into bringing guests onto the show focusing on real problems with real people on the ground. In this episode, we are joined by Hecber Cordova, Director of Cloud Security at RBC. He shares insights around growth into DevSecOps, deve...
•
Season 1
•
Episode 55
•
42:02
Episode #54: ChatGPT's Cryptic Insights: AI in Security for Developers and Operations Teams
In this episode, Mike and Ken will dive deep into the world of ChatGPT and explore how it can be used to generate code for developers and operations teams. They'll discuss the benefits and drawbacks of relying on AI for security, and how it can...
•
Season 1
•
Episode 54
•
36:38