Menu
Sign In Search Podcasts Charts People & Topics Add Podcast API Blog Pricing
Podcast Image

Relating to DevSecOps

Technology Business

Activity Overview

Episode publication activity over the past year

Episodes

Episode #082: AI Hype, Human Cost

17 Mar 2026

Contributed by Lukas

Send a textKen and Mike are back from the grave to kick off 2026 with a timely debate on the AI panic cycle hitting software and security. They dig in...

Episode #081: Burnout by Budget Season: Surviving Q4 in Security

29 Oct 2025

Contributed by Lukas

Send a textIn this candid and cathartic episode, Ken and Mike unpack the chaos that is Q4 for security professionals. From budget burnouts to end-of-y...

Episode #080: Patch Me If You Can: Compliance, SLAs, and Other Fairytales

25 Aug 2025

Contributed by Lukas

Send a textIn this no-punches-pulled return from hiatus, Ken and Mike dig deep into the messy middle of vulnerability management, SLA fatigue, and the...

Episode #079: CISOver It: When Dashboards Replace Direction

10 Jun 2025

Contributed by Lukas

Send a textIn this episode of Relating to DevSecOps, Ken and Mike discuss the challenges faced by CISOs in today's security landscape, particular...

Episode #078: 🔥 Burn Your 30-page Policies: Tanya’s Got Better Ideas

22 Apr 2025

Contributed by Lukas

Send a textIn this must-listen episode of Relating to DevSecOps, Ken welcomes the ever-inspiring Tanya Janca, aka SheHacksPurple—author, AppSec expe...

Episode #077: Is Google Eating the Cloud? 🔥 Wiz.io Acquisition Hot Takes

24 Mar 2025

Contributed by Lukas

Send a textIn this episode of Relating to DevSecOps, Ken Toler and Mike McCabe dive deep into Google's blockbuster acquisition of Wiz.io for a re...

Episode #076: ShmooBalls & Open Source Brawls: DevSecOps, Risk, and the Final ShmooCon

04 Feb 2025

Contributed by Lukas

Send a textWelcome to 2025! Ken and Mike kick off the new year with their security resolutions (or lack thereof) before diving into the bittersweet fa...

Episode #075: Ghosts of DevSecOps: Past, Present, and Future

24 Dec 2024

Contributed by Lukas

Send a textIn this special holiday-themed episode of Relating to DevSecOps, hosts Ken and Mike channel their inner Dickens with a retrospective journe...

Episode #074: Battling Budgets in Security

09 Dec 2024

Contributed by Lukas

Send a textIn this episode of Relating to DevSecOps, hosts Ken and Mike tackle the complex challenges of managing security budgets in organizations of...

Episode #073: Staffing Security in DevSecOps

21 Oct 2024

Contributed by Lukas

Send a textIn this episode, Ken and Mike discuss the pressing issue of staffing security in the DevSecOps field. They explore the challenges of findin...

Episode #072: Measuring the Immeasurable: The Power and Pitfalls of Metrics in DevSecOps

28 Aug 2024

Contributed by Lukas

Send a textKen and Mike dive deep into the world of metrics and measurement in the context of security and DevSecOps. They explore the critical role m...

Episode #071: Retro Vibes with Retrospectives

19 Jun 2024

Contributed by Lukas

Send a textKen and Mike discuss the importance of postmortems in incident response and security incidents. They explore the definition of postmortems,...

Episode: #070: Putting da BOM in SBOM and SCA

08 May 2024

Contributed by Lukas

Send a textKen and Mike discuss supply chain security, including software composition analysis (SCA) and software bill of materials (SBOM). They highl...

Episode #069: Your SaaS is Grass

20 Mar 2024

Contributed by Lukas

Send a textIn this episode Mike and Ken dive into the wild world of SaaS products in DevSecOps. From vendors to security tooling hygiene they cover an...

Episode #068: Data Breaches and DevSecOps

21 Feb 2024

Contributed by Lukas

Send a textWith pep and full youtube energy Ken and Mike discuss the findings of the IBM "Cost of a Data Breach" report and its implications...

Episode #067: Welcome to 2024! AppSec Resolutions and A Smhoocon Recap

26 Jan 2024

Contributed by Lukas

Send a textKen and Mike discuss their new year's resolutions related to application security. They also reflect on the impact of AI and its adopt...

Episode #066: Exploration of the Shifting Definition of Shifting Left

05 Dec 2023

Contributed by Lukas

Send a textWe are joined by incredible guests Mikhail Chechik and Marcus Hallberg as they help us define DevSecOps and emphasize the importance of a s...

Episode #065: LASCON 2023 Recap - AI, a Misunderstood Menace or Magic Bullet

10 Nov 2023

Contributed by Lukas

Send a textOn this episode of R2DSO Mike and Ken dive into their takeaways and experiences from LASCON 2023 in Austin, TX where AI was both a problem ...

Episode #064: Don't Instigate, Mitigate!

25 Sep 2023

Contributed by Lukas

Send a textIn this episode Ken and Mike dive directly into the meat with solutioning and mitigation. All too often security professionals finding them...

Episode #063: Unscrambling CloudSecSoup with CSPM, Vuln Management, SIEMs, and Log Aggregators

05 Sep 2023

Contributed by Lukas

Send a textIn today's episode, we untangle the web of alphabet-soup technologies: CSPM, VM, SIEM, and Log Aggregators. We go beyond the buzzwords...

Episode #062: Cyber Sentinels: Ken and Mike in the DevSecOps Labyrinth

07 Aug 2023

Contributed by Lukas

Send a textDive headfirst into AppSec and Terraform security with  Ken and Mike in this electrifying podcast episode. They demystify complex security...

Episode #061: Fossilized Code & Future Clouds: Contrasting Worlds of Balance in Legacy Applications

18 Jul 2023

Contributed by Lukas

Send a textKen and Mike dive into the exciting world of modern application and cloud security, with a keen focus on the challenges posed by legacy sys...

Episode #060: Precise Angles for Automation in DevSecOps Adventures

22 Jun 2023

Contributed by Lukas

Send a textIn this captivating episode of R2DSO hosts Ken and Mike embark on an exploration of security automation in the realms of application and cl...

Episode #059: DevSecOps Pentesting, Possible or Preposturous?

08 Jun 2023

Contributed by Lukas

Send a textIn this action-packed episode, Ken, Mike, and Izzy (Ken's cat) dive headfirst into the wild world of DevSecOps Penetration Testing –...

Episode #058: Merging Your Mergers without Git Merge

01 Jun 2023

Contributed by Lukas

Send a textMike and Ken dive into the exciting topic of Mergers and Acquisitions. Take a bit of time out of your day to join them in their exploration...

Episode #057: Security Without Compromise!

19 May 2023

Contributed by Lukas

Send a textJoin Mike and Ken as they discuss collaborative security work and what working together looks like in enterprise and organizations. In an e...

Episode #56: Respond Well in Incident Response with DevSecOps

21 Apr 2023

Contributed by Lukas

Send a textJoin Mike and Ken in their discussion about Incident Response and how it fits into the DevSecOps world and arena. Incident Response, loggin...

Episode #055: Engineering Empathy with Hecber Cordova

31 Mar 2023

Contributed by Lukas

Send a textWe dive back into bringing guests onto the show focusing on real problems with real people on the ground. In this episode, we are joined by...

Episode #54: ChatGPT's Cryptic Insights: AI in Security for Developers and Operations Teams

23 Mar 2023

Contributed by Lukas

Send a textIn this episode, Mike and Ken will dive deep into the world of ChatGPT and explore how it can be used to generate code for developers and o...

Episode #053: DevSecOps on the Emerald Isle: Insights from Global OWASP AppSec Dublin, with a Side of Guinness and Frustrations with Application Security Vendors

08 Mar 2023

Contributed by Lukas

Send a textIn this episode, our hosts recap the Global OWASP AppSec Dublin conference and share insights into interesting talks about DevSecOps. They ...

Episode #052: Dude! Where's My Stuff? Application Inventory and Service Discovery

07 Feb 2023

Contributed by Lukas

Send a textToday's episode covers one of the most common problems for software development teams and their security partners. Application Invento...

Episode #051: Hiring for DevSecOps in 2023!

14 Jan 2023

Contributed by Lukas

Send a textHappy New Year! Another year of DevSecOps fun as we head into an unpredictable and volatile security market, Ken and Mike talk hiring and t...

Episode #050: The Evolution of Data Security in DevSecOps

03 Dec 2022

Contributed by Lukas

Send a textWe hope all of the turkey comas have worn off! These holiday delays are almost over, and in the meantime here we are with the second part o...

Episode #049: IAM! The Myers Briggs of DevSecOps

24 Oct 2022

Contributed by Lukas

Send a textIt's been tough getting together with the end of year madness, but we're back again after another unanticipated delay. In this ep...

Episode #048: Threat Modeling doesn't need to feel like pain and sorrow

16 Sep 2022

Contributed by Lukas

Send a textWe are back from vacation! Pick up where you left off as we jump back into DevSecOps with threat modeling experiences, lessons, and percept...

Episode #47: Geese aren't the only things migrating in the cloud, but we're more secure at least

08 Aug 2022

Contributed by Lukas

Send a textOne thing Mike and Ken have talked about at length at conferences, in board rooms, and in team chats is migrating workloads to the cloud se...

Episode #046: Security Spiderwebs with Kubernetes and how Cloud helps (and hurts)

11 Jul 2022

Contributed by Lukas

Send a textWe are BACK! after a hiatus of vacations, illness, and family gatherings, but while we may have been absent we are at no shortage of words ...

Episode #045: What is DevSecOps in 2022 an R2DSO anniversary redux

10 Jun 2022

Contributed by Lukas

Send a textMike and Ken take it back to the roots with a special anniversary episode on what is DevSecOps. Since we started this podcast we've ha...

Episode #044: Multiball Pinball with Multicloud Hot Takes and Infrastructure as Code

21 May 2022

Contributed by Lukas

Send a textMike and Ken are BACK after a small hiatus and they jump into hot takes on multi-cloud. What does multi-cloud even mean? How does it differ...

Episode #043: Security leaves the cave to go to Miami with the Blockchain People and this episode happened

20 Apr 2022

Contributed by Lukas

Send a textKen had a chance to attend a blockchain conference for Solana out in Miami and Mike hops into the interviewer seat.  We talk about some di...

Episode #042: Perscription Lenses or Sunglasses for Eyes on Code

31 Mar 2022

Contributed by Lukas

Send a textIn this Episode we talk about the differences in code review depending on role and how you can be a better code reviewer on the "blue&...

Episode #041: Holistic Cloud Medicine in the Face of the Modularization of Cloud Components Affects Applications

16 Mar 2022

Contributed by Lukas

Send a textA continuing trend in cloud and application security has been the modularization of application functions that offloads the developer respo...

Episode #040: Over the hill with blockchain and DevSecOps with digital money

25 Feb 2022

Contributed by Lukas

Send a textIn this episode we introduce the general concepts of security in cryptocurrency in blockchain, what we see in our day to day with regard to...

Episode #039: Cloud Metal Detectors with Monitoring and Logging

16 Feb 2022

Contributed by Lukas

Send a textIn this episode we cover another security perspective on logging and monitoring in the cloud as opposed to web applications specifically. W...

Episode #038: Layers of the DevSecOps Onion, are we reversing time?

02 Feb 2022

Contributed by Lukas

Send a textIn this episode Mike and Ken talk about the magic of software defined things and how skill crossover is becoming a thing of the future. May...

Episode #037: New Year, New Security what can you do to level up?

19 Jan 2022

Contributed by Lukas

Send a textHappy New Year from R2DSO as we head into 2022. In this Episode we bring back Michael McCabe for a more permanent role on the show! Super e...

Episode #036: Trending Topics from Terraform to Testing

07 Dec 2021

Contributed by Lukas

Send a textIn this alliterative episode we bring back Mike McCabe to wrap up a security year in consulting with common trends and successes in securit...

Happy Holidays from R2DSO!

24 Nov 2021

Contributed by Lukas

Send a textWe've had a bit of an end of year rush so just wanted to give listeners a preview of what's to come in the next few episodes. We&...

Episode #035: Successful Unit Testing Through Collaboration with Your Unit

02 Nov 2021

Contributed by Lukas

Send a textWe know, we know! It's been too long between episodes, but we had some speaking engagements, conferences, and general life going into ...

Episode #034: Attack of the Git PR through K8s

11 Oct 2021

Contributed by Lukas

Send a textIn this episode we squeeze one more git topic out with an attack through a PR. Based on a recent article posted on https://cloudseclist.com...

Episode #033: Getting out of git by branching out with branching strategies

21 Sep 2021

Contributed by Lukas

Send a textBad puns end this series with branching strategies and git. We start with Simon's preferred approach from a product engineering strate...

Episode #32: Hooks, Kits, and Git - putting security into your git pipeline

07 Sep 2021

Contributed by Lukas

Send a textIn this episode we cover a few technical topics, but primarily how to get started with getting security into your git pipeline through git ...

Episode 031: Git Security Done with Git

17 Aug 2021

Contributed by Lukas

Send a textWe head into an unknown number of episodes around git. In this episode we introduce git and common security concerns to folks who may be un...

Episode #030: Blueprints, Reference Architectures, and Plans - Building Apps Securely

26 Jul 2021

Contributed by Lukas

Send a textIn this episode we chat blueprints, security patterns, reference architectures, and plans. Basically what we've seen in terms of the l...

Episode #029: Does anyone REALLY do DevSecOps, and succeed?

06 Jul 2021

Contributed by Lukas

Send a textIn this somewhat makeshift, low-power episode recorded during the NYC power grid strain we do our best at getting inventive with recording ...

Episode #028: Non-technical management and Email as your IDE

22 Jun 2021

Contributed by Lukas

Send a textEpisode number 28 moves us back to a more people focused topic as we dive into technical vs non-technical management, leadership, managemen...

Episode #027: Hot Takes on Blogs: Part I - Are QA, BA, and DBAs Dead?

03 Jun 2021

Contributed by Lukas

Send a textIn this react video of a podcast we have a look at a recent blog post on whether the QA, DBA, and BA jobs are going away in favor of more c...

Episode #026: Starting right by shifting left - what to do at build time

21 May 2021

Contributed by Lukas

Send a textAfter such a fun conversation last week, we bring Mike back in to discuss applying security at build time and what we can do with infrastru...

Episode #025: Warm blankets around your cloud with CSPM and Michael McCabe

11 May 2021

Contributed by Lukas

Send a textEpisode 25 is all about CSPM and our good friend Michael McCabe. Mike has a ton of experience securing application and cloud workloads and ...

Episode #024: The first line of defense for MicroServices - AUTH

26 Apr 2021

Contributed by Lukas

Send a textAnd that means authentication and authorization. Once you start splitting up the monolithic apps and iterating faster and faster, how does ...

Episode #023: A call back to Microservices - do we even get it yet?

10 Apr 2021

Contributed by Lukas

Send a textKen and Simon talk engineering and security ramifications of microservices, why organizations choose to split up their treasured applicatio...

Episode #22: From Engineer to CTO and what security means along the way w/ Jonathan Schwartz

12 Mar 2021

Contributed by Lukas

Send a textAn exciting episode indeed! Jon Schwartz the CTO of Jetty joins us in a discussion about security through his career, leadership guidance, ...

Episode #021: An Outside-In Look at Application Inventory

26 Feb 2021

Contributed by Lukas

Send a textKeeping with the SecOps theme the crew discusses Application Inventory, arguably the most important part of any successful application secu...

Episode #20: Security Operations ain't what it used to be

14 Feb 2021

Contributed by Lukas

Send a textSimon, Ken, and Jamieson ponder what Security Operations brings to the table and discuss some of the misconceptions around responsibilities...

Episode 019: Welcome to 2021 - R2DSO goes visual and more

25 Jan 2021

Contributed by Lukas

Send a textWith Jamieson out of commission, Simon and Ken chat and relfect on 2020. In this episode we cover some of our favorites and look towards th...

Episode #18: Was 2020 just a giant Chaos Engineering Experiment? Part Deux: Tooling and Security Experiments

22 Dec 2020

Contributed by Lukas

Send a textIn our final episode of 2020 we dive into chaos engineering tools with a focus on security and unpack the differences between penetration t...

Episode #017: Chaos in your Engineering, what to do if Zombies attack your cloud

04 Dec 2020

Contributed by Lukas

Send a textIn this episode we talk about Chaos Engineering, what it is, what it isn't, our thoughts on what chaos really means and how we approac...

Episode #016: Terraform CDK, finishing the Infra as Code series with its final form?

11 Nov 2020

Contributed by Lukas

Send a textWe wrap up this series with a talk through the terraform cdk and our initial reactions of the project and product. We all learned a ton thr...

Episode #015: Quest to Terraform CDK through the Amazon CDK

01 Nov 2020

Contributed by Lukas

Send a textIn our quest to discuss and debate the usefulness of the Terraform CDK we take a pit stop at the Amazon CDK and Cloudformation. All of us h...

Episode #014: Approaching Terraform and other "as-code" fun

17 Oct 2020

Contributed by Lukas

Send a textWe've listened to your feedback and started diving into infrastructure as code starting with terraform, our experiences learning it fo...

Episode #013: How a backend engineer looks at XSS

03 Oct 2020

Contributed by Lukas

Send a textSimon gives his perspective on Cross-Site Scripting (XSS) and we dig into some of the common protections. We also cover different views bet...

Episode #012: What DevSecOps means to a SCRUM master with Jenn Molyneaux

24 Sep 2020

Contributed by Lukas

Send a textJenn Molyneaux joins the crew as the very first guest! ( https://bit.ly/3ctCLJu ). Jenn is a Senior SCRUM Master who brings her wealth of e...

Episode #011: Bugs vs Vulns - what's your opinion?

18 Sep 2020

Contributed by Lukas

Send a textSecurity and Engineering go head to head in a conversation about bugs vs vulnerabilities and where we think they should fall in the grand s...

Episode #010: Security Configs, Default Configs, and other decisions we regret

11 Sep 2020

Contributed by Lukas

Send a textThis episode we riff on some of the hotter topics we discussed during Episode 9 as we cover security misconfigurations, default misconfigur...

Episode #009: OWASP Top 10: Awareness, not Measurement

04 Sep 2020

Contributed by Lukas

Send a textIn this episode we cover the OWASP Top 10, a popular security awareness document and how DevOps and Product Engineering are typically expos...

Episode #008: Testing Depths of the DevSecOps River with Both Feet

19 Aug 2020

Contributed by Lukas

Send a textThere are so many types of tests across DevSecOps and we try to cover as many as possible from SAST to Contract testing. Simon covers his d...

Episode #007: Service Mesh, more than a Sean Connery sidecar to your Indiana Jones App

12 Aug 2020

Contributed by Lukas

Send a textIn this episode we get back to tech in the DevOps centric topic of Service Mesh. Ken and Simon chat with Jamieson about concerns and first ...

Episode #006: How Engineering Titles Affect Your Communication with Development and Product Engineering Teams

05 Aug 2020

Contributed by Lukas

Send a textIn this episode we take another people centric approach with Simon Dollo as we explore the difference between developers and product engine...

Episode #005: Know Your Audience, the Face of Documentation and Training in a DevSecOps World

31 Jul 2020

Contributed by Lukas

Send a textIn this episode we discuss product engineering security Easter eggs and try to stay on track talking about how to get other departments and...

Episode #004: Be careful with your logs aka a hand grenade with a dictionary attached to it

22 Jul 2020

Contributed by Lukas

Send a textThis time on Relating to DevSecOps we cover application logging, how it's viewed by different teams and what those teams are looking t...

Episode #003: Bookending DevSecOps starting with Threat Models

08 Jul 2020

Contributed by Lukas

Send a textStarting on the left side of the SDLC, we talk about Threat Modeling experiences from all perspectives and the fundamental issues with chec...

Episode #002: A Product Engineering Perspective on DevSecOps

30 Jun 2020

Contributed by Lukas

Send a textSimon Dollo joins the crew and brings his product engineering perspective to the burning question "What is DevSecOps?" We explore...

Relating to DevSecOps #001: What is DevSecOps?!

23 Jun 2020

Contributed by Lukas

Send a textJoin us on our first episode of relating to DevSecOps where we introduce the first two co-hosts of 3 recurring players, Jamieson Colburn, r...