Relating to DevSecOps
Episodes
Episode #083: AI Mythos, Security Fundamentals, and the Zero-Day Panic Cycle
29 Apr 2026
Contributed by Lukas
Send us Fan MailKen and Mike are back in the AI trenches, this time unpacking the hype, fear, and practical security implications surrounding Anthropi...
Episode #082: AI Hype, Human Cost
17 Mar 2026
Contributed by Lukas
Send a textKen and Mike are back from the grave to kick off 2026 with a timely debate on the AI panic cycle hitting software and security. They dig in...
Episode #081: Burnout by Budget Season: Surviving Q4 in Security
29 Oct 2025
Contributed by Lukas
Send a textIn this candid and cathartic episode, Ken and Mike unpack the chaos that is Q4 for security professionals. From budget burnouts to end-of-y...
Episode #080: Patch Me If You Can: Compliance, SLAs, and Other Fairytales
25 Aug 2025
Contributed by Lukas
Send a textIn this no-punches-pulled return from hiatus, Ken and Mike dig deep into the messy middle of vulnerability management, SLA fatigue, and the...
Episode #079: CISOver It: When Dashboards Replace Direction
10 Jun 2025
Contributed by Lukas
Send a textIn this episode of Relating to DevSecOps, Ken and Mike discuss the challenges faced by CISOs in today's security landscape, particular...
Episode #078: ๐ฅ Burn Your 30-page Policies: Tanyaโs Got Better Ideas
22 Apr 2025
Contributed by Lukas
Send a textIn this must-listen episode of Relating to DevSecOps, Ken welcomes the ever-inspiring Tanya Janca, aka SheHacksPurpleโauthor, AppSec expe...
Episode #077: Is Google Eating the Cloud? ๐ฅ Wiz.io Acquisition Hot Takes
24 Mar 2025
Contributed by Lukas
Send a textIn this episode of Relating to DevSecOps, Ken Toler and Mike McCabe dive deep into Google's blockbuster acquisition of Wiz.io for a re...
Episode #076: ShmooBalls & Open Source Brawls: DevSecOps, Risk, and the Final ShmooCon
04 Feb 2025
Contributed by Lukas
Send a textWelcome to 2025! Ken and Mike kick off the new year with their security resolutions (or lack thereof) before diving into the bittersweet fa...
Episode #075: Ghosts of DevSecOps: Past, Present, and Future
24 Dec 2024
Contributed by Lukas
Send a textIn this special holiday-themed episode of Relating to DevSecOps, hosts Ken and Mike channel their inner Dickens with a retrospective journe...
Episode #074: Battling Budgets in Security
09 Dec 2024
Contributed by Lukas
Send a textIn this episode of Relating to DevSecOps, hosts Ken and Mike tackle the complex challenges of managing security budgets in organizations of...
Episode #073: Staffing Security in DevSecOps
21 Oct 2024
Contributed by Lukas
Send a textIn this episode, Ken and Mike discuss the pressing issue of staffing security in the DevSecOps field. They explore the challenges of findin...
Episode #072: Measuring the Immeasurable: The Power and Pitfalls of Metrics in DevSecOps
28 Aug 2024
Contributed by Lukas
Send a textKen and Mike dive deep into the world of metrics and measurement in the context of security and DevSecOps. They explore the critical role m...
Episode #071: Retro Vibes with Retrospectives
19 Jun 2024
Contributed by Lukas
Send a textKen and Mike discuss the importance of postmortems in incident response and security incidents. They explore the definition of postmortems,...
Episode: #070: Putting da BOM in SBOM and SCA
08 May 2024
Contributed by Lukas
Send a textKen and Mike discuss supply chain security, including software composition analysis (SCA) and software bill of materials (SBOM). They highl...
Episode #069: Your SaaS is Grass
20 Mar 2024
Contributed by Lukas
Send a textIn this episode Mike and Ken dive into the wild world of SaaS products in DevSecOps. From vendors to security tooling hygiene they cover an...
Episode #068: Data Breaches and DevSecOps
21 Feb 2024
Contributed by Lukas
Send a textWith pep and full youtube energy Ken and Mike discuss the findings of the IBM "Cost of a Data Breach" report and its implications...
Episode #067: Welcome to 2024! AppSec Resolutions and A Smhoocon Recap
26 Jan 2024
Contributed by Lukas
Send a textKen and Mike discuss their new year's resolutions related to application security. They also reflect on the impact of AI and its adopt...
Episode #066: Exploration of the Shifting Definition of Shifting Left
05 Dec 2023
Contributed by Lukas
Send a textWe are joined by incredible guests Mikhail Chechik and Marcus Hallberg as they help us define DevSecOps and emphasize the importance of a s...
Episode #065: LASCON 2023 Recap - AI, a Misunderstood Menace or Magic Bullet
10 Nov 2023
Contributed by Lukas
Send a textOn this episode of R2DSO Mike and Ken dive into their takeaways and experiences from LASCON 2023 in Austin, TX where AI was both a problem ...
Episode #064: Don't Instigate, Mitigate!
25 Sep 2023
Contributed by Lukas
Send a textIn this episode Ken and Mike dive directly into the meat with solutioning and mitigation. All too often security professionals finding them...
Episode #063: Unscrambling CloudSecSoup with CSPM, Vuln Management, SIEMs, and Log Aggregators
05 Sep 2023
Contributed by Lukas
Send a textIn today's episode, we untangle the web of alphabet-soup technologies: CSPM, VM, SIEM, and Log Aggregators. We go beyond the buzzwords...
Episode #062: Cyber Sentinels: Ken and Mike in the DevSecOps Labyrinth
07 Aug 2023
Contributed by Lukas
Send a textDive headfirst into AppSec and Terraform security withย Ken and Mike in this electrifying podcast episode. They demystify complex security...
Episode #061: Fossilized Code & Future Clouds: Contrasting Worlds of Balance in Legacy Applications
18 Jul 2023
Contributed by Lukas
Send a textKen and Mike dive into the exciting world of modern application and cloud security, with a keen focus on the challenges posed by legacy sys...
Episode #060: Precise Angles for Automation in DevSecOps Adventures
22 Jun 2023
Contributed by Lukas
Send a textIn this captivating episode of R2DSO hosts Ken and Mike embark on an exploration of security automation in the realms of application and cl...
Episode #059: DevSecOps Pentesting, Possible or Preposturous?
08 Jun 2023
Contributed by Lukas
Send a textIn this action-packed episode, Ken, Mike, and Izzy (Ken's cat) dive headfirst into the wild world of DevSecOps Penetration Testing โ...
Episode #058: Merging Your Mergers without Git Merge
01 Jun 2023
Contributed by Lukas
Send a textMike and Ken dive into the exciting topic of Mergers and Acquisitions. Take a bit of time out of your day to join them in their exploration...
Episode #057: Security Without Compromise!
19 May 2023
Contributed by Lukas
Send a textJoin Mike and Ken as they discuss collaborative security work and what working together looks like in enterprise and organizations. In an e...
Episode #56: Respond Well in Incident Response with DevSecOps
21 Apr 2023
Contributed by Lukas
Send a textJoin Mike and Ken in their discussion about Incident Response and how it fits into the DevSecOps world and arena. Incident Response, loggin...
Episode #055: Engineering Empathy with Hecber Cordova
31 Mar 2023
Contributed by Lukas
Send a textWe dive back into bringing guests onto the show focusing on real problems with real people on the ground. In this episode, we are joined by...
Episode #54: ChatGPT's Cryptic Insights: AI in Security for Developers and Operations Teams
23 Mar 2023
Contributed by Lukas
Send a textIn this episode, Mike and Ken will dive deep into the world of ChatGPT and explore how it can be used to generate code for developers and o...
Episode #053: DevSecOps on the Emerald Isle: Insights from Global OWASP AppSec Dublin, with a Side of Guinness and Frustrations with Application Security Vendors
08 Mar 2023
Contributed by Lukas
Send a textIn this episode, our hosts recap the Global OWASP AppSec Dublin conference and share insights into interesting talks about DevSecOps. They ...
Episode #052: Dude! Where's My Stuff? Application Inventory and Service Discovery
07 Feb 2023
Contributed by Lukas
Send a textToday's episode covers one of the most common problems for software development teams and their security partners. Application Invento...
Episode #051: Hiring for DevSecOps in 2023!
14 Jan 2023
Contributed by Lukas
Send a textHappy New Year! Another year of DevSecOps fun as we head into an unpredictable and volatile security market, Ken and Mike talk hiring and t...
Episode #050: The Evolution of Data Security in DevSecOps
03 Dec 2022
Contributed by Lukas
Send a textWe hope all of the turkey comas have worn off! These holiday delays are almost over, and in the meantime here we are with the second part o...
Episode #049: IAM! The Myers Briggs of DevSecOps
24 Oct 2022
Contributed by Lukas
Send a textIt's been tough getting together with the end of year madness, but we're back again after another unanticipated delay. In this ep...
Episode #048: Threat Modeling doesn't need to feel like pain and sorrow
16 Sep 2022
Contributed by Lukas
Send a textWe are back from vacation! Pick up where you left off as we jump back into DevSecOps with threat modeling experiences, lessons, and percept...
Episode #47: Geese aren't the only things migrating in the cloud, but we're more secure at least
08 Aug 2022
Contributed by Lukas
Send a textOne thing Mike and Ken have talked about at length at conferences, in board rooms, and in team chats is migrating workloads to the cloud se...
Episode #046: Security Spiderwebs with Kubernetes and how Cloud helps (and hurts)
11 Jul 2022
Contributed by Lukas
Send a textWe are BACK! after a hiatus of vacations, illness, and family gatherings, but while we may have been absent we are at no shortage of words ...
Episode #045: What is DevSecOps in 2022 an R2DSO anniversary redux
10 Jun 2022
Contributed by Lukas
Send a textMike and Ken take it back to the roots with a special anniversary episode on what is DevSecOps. Since we started this podcast we've ha...
Episode #044: Multiball Pinball with Multicloud Hot Takes and Infrastructure as Code
21 May 2022
Contributed by Lukas
Send a textMike and Ken are BACK after a small hiatus and they jump into hot takes on multi-cloud. What does multi-cloud even mean? How does it differ...
Episode #043: Security leaves the cave to go to Miami with the Blockchain People and this episode happened
20 Apr 2022
Contributed by Lukas
Send a textKen had a chance to attend a blockchain conference for Solana out in Miami and Mike hops into the interviewer seat.ย We talk about some di...
Episode #042: Perscription Lenses or Sunglasses for Eyes on Code
31 Mar 2022
Contributed by Lukas
Send a textIn this Episode we talk about the differences in code review depending on role and how you can be a better code reviewer on the "blue&...
Episode #041: Holistic Cloud Medicine in the Face of the Modularization of Cloud Components Affects Applications
16 Mar 2022
Contributed by Lukas
Send a textA continuing trend in cloud and application security has been the modularization of application functions that offloads the developer respo...
Episode #040: Over the hill with blockchain and DevSecOps with digital money
25 Feb 2022
Contributed by Lukas
Send a textIn this episode we introduce the general concepts of security in cryptocurrency in blockchain, what we see in our day to day with regard to...
Episode #039: Cloud Metal Detectors with Monitoring and Logging
16 Feb 2022
Contributed by Lukas
Send a textIn this episode we cover another security perspective on logging and monitoring in the cloud as opposed to web applications specifically. W...
Episode #038: Layers of the DevSecOps Onion, are we reversing time?
02 Feb 2022
Contributed by Lukas
Send a textIn this episode Mike and Ken talk about the magic of software defined things and how skill crossover is becoming a thing of the future. May...
Episode #037: New Year, New Security what can you do to level up?
19 Jan 2022
Contributed by Lukas
Send a textHappy New Year from R2DSO as we head into 2022. In this Episode we bring back Michael McCabe for a more permanent role on the show! Super e...
Episode #036: Trending Topics from Terraform to Testing
07 Dec 2021
Contributed by Lukas
Send a textIn this alliterative episode we bring back Mike McCabe to wrap up a security year in consulting with common trends and successes in securit...
Happy Holidays from R2DSO!
24 Nov 2021
Contributed by Lukas
Send a textWe've had a bit of an end of year rush so just wanted to give listeners a preview of what's to come in the next few episodes. We&...
Episode #035: Successful Unit Testing Through Collaboration with Your Unit
02 Nov 2021
Contributed by Lukas
Send a textWe know, we know! It's been too long between episodes, but we had some speaking engagements, conferences, and general life going into ...
Episode #034: Attack of the Git PR through K8s
11 Oct 2021
Contributed by Lukas
Send a textIn this episode we squeeze one more git topic out with an attack through a PR. Based on a recent article posted on https://cloudseclist.com...
Episode #033: Getting out of git by branching out with branching strategies
21 Sep 2021
Contributed by Lukas
Send a textBad puns end this series with branching strategies and git. We start with Simon's preferred approach from a product engineering strate...
Episode #32: Hooks, Kits, and Git - putting security into your git pipeline
07 Sep 2021
Contributed by Lukas
Send a textIn this episode we cover a few technical topics, but primarily how to get started with getting security into your git pipeline through git ...
Episode 031: Git Security Done with Git
17 Aug 2021
Contributed by Lukas
Send a textWe head into an unknown number of episodes around git. In this episode we introduce git and common security concerns to folks who may be un...
Episode #030: Blueprints, Reference Architectures, and Plans - Building Apps Securely
26 Jul 2021
Contributed by Lukas
Send a textIn this episode we chat blueprints, security patterns, reference architectures, and plans. Basically what we've seen in terms of the l...
Episode #029: Does anyone REALLY do DevSecOps, and succeed?
06 Jul 2021
Contributed by Lukas
Send a textIn this somewhat makeshift, low-power episode recorded during the NYC power grid strain we do our best at getting inventive with recording ...
Episode #028: Non-technical management and Email as your IDE
22 Jun 2021
Contributed by Lukas
Send a textEpisode number 28 moves us back to a more people focused topic as we dive into technical vs non-technical management, leadership, managemen...
Episode #027: Hot Takes on Blogs: Part I - Are QA, BA, and DBAs Dead?
03 Jun 2021
Contributed by Lukas
Send a textIn this react video of a podcast we have a look at a recent blog post on whether the QA, DBA, and BA jobs are going away in favor of more c...
Episode #026: Starting right by shifting left - what to do at build time
21 May 2021
Contributed by Lukas
Send a textAfter such a fun conversation last week, we bring Mike back in to discuss applying security at build time and what we can do with infrastru...
Episode #025: Warm blankets around your cloud with CSPM and Michael McCabe
11 May 2021
Contributed by Lukas
Send a textEpisode 25 is all about CSPM and our good friend Michael McCabe. Mike has a ton of experience securing application and cloud workloads and ...
Episode #024: The first line of defense for MicroServices - AUTH
26 Apr 2021
Contributed by Lukas
Send a textAnd that means authentication and authorization. Once you start splitting up the monolithic apps and iterating faster and faster, how does ...
Episode #023: A call back to Microservices - do we even get it yet?
10 Apr 2021
Contributed by Lukas
Send a textKen and Simon talk engineering and security ramifications of microservices, why organizations choose to split up their treasured applicatio...
Episode #22: From Engineer to CTO and what security means along the way w/ Jonathan Schwartz
12 Mar 2021
Contributed by Lukas
Send a textAn exciting episode indeed! Jon Schwartz the CTO of Jetty joins us in a discussion about security through his career, leadership guidance, ...
Episode #021: An Outside-In Look at Application Inventory
26 Feb 2021
Contributed by Lukas
Send a textKeeping with the SecOps theme the crew discusses Application Inventory, arguably the most important part of any successful application secu...
Episode #20: Security Operations ain't what it used to be
14 Feb 2021
Contributed by Lukas
Send a textSimon, Ken, and Jamieson ponder what Security Operations brings to the table and discuss some of the misconceptions around responsibilities...
Episode 019: Welcome to 2021 - R2DSO goes visual and more
25 Jan 2021
Contributed by Lukas
Send a textWith Jamieson out of commission, Simon and Ken chat and relfect on 2020. In this episode we cover some of our favorites and look towards th...
Episode #18: Was 2020 just a giant Chaos Engineering Experiment? Part Deux: Tooling and Security Experiments
22 Dec 2020
Contributed by Lukas
Send a textIn our final episode of 2020 we dive into chaos engineering tools with a focus on security and unpack the differences between penetration t...
Episode #017: Chaos in your Engineering, what to do if Zombies attack your cloud
04 Dec 2020
Contributed by Lukas
Send a textIn this episode we talk about Chaos Engineering, what it is, what it isn't, our thoughts on what chaos really means and how we approac...
Episode #016: Terraform CDK, finishing the Infra as Code series with its final form?
11 Nov 2020
Contributed by Lukas
Send a textWe wrap up this series with a talk through the terraform cdk and our initial reactions of the project and product. We all learned a ton thr...
Episode #015: Quest to Terraform CDK through the Amazon CDK
01 Nov 2020
Contributed by Lukas
Send a textIn our quest to discuss and debate the usefulness of the Terraform CDK we take a pit stop at the Amazon CDK and Cloudformation. All of us h...
Episode #014: Approaching Terraform and other "as-code" fun
17 Oct 2020
Contributed by Lukas
Send a textWe've listened to your feedback and started diving into infrastructure as code starting with terraform, our experiences learning it fo...
Episode #013: How a backend engineer looks at XSS
03 Oct 2020
Contributed by Lukas
Send a textSimon gives his perspective on Cross-Site Scripting (XSS) and we dig into some of the common protections. We also cover different views bet...
Episode #012: What DevSecOps means to a SCRUM master with Jenn Molyneaux
24 Sep 2020
Contributed by Lukas
Send a textJenn Molyneaux joins the crew as the very first guest! ( https://bit.ly/3ctCLJu ). Jenn is a Senior SCRUM Master who brings her wealth of e...
Episode #011: Bugs vs Vulns - what's your opinion?
18 Sep 2020
Contributed by Lukas
Send a textSecurity and Engineering go head to head in a conversation about bugs vs vulnerabilities and where we think they should fall in the grand s...
Episode #010: Security Configs, Default Configs, and other decisions we regret
11 Sep 2020
Contributed by Lukas
Send a textThis episode we riff on some of the hotter topics we discussed during Episode 9 as we cover security misconfigurations, default misconfigur...
Episode #009: OWASP Top 10: Awareness, not Measurement
04 Sep 2020
Contributed by Lukas
Send a textIn this episode we cover the OWASP Top 10, a popular security awareness document and how DevOps and Product Engineering are typically expos...
Episode #008: Testing Depths of the DevSecOps River with Both Feet
19 Aug 2020
Contributed by Lukas
Send a textThere are so many types of tests across DevSecOps and we try to cover as many as possible from SAST to Contract testing. Simon covers his d...
Episode #007: Service Mesh, more than a Sean Connery sidecar to your Indiana Jones App
12 Aug 2020
Contributed by Lukas
Send a textIn this episode we get back to tech in the DevOps centric topic of Service Mesh. Ken and Simon chat with Jamieson about concerns and first ...
Episode #006: How Engineering Titles Affect Your Communication with Development and Product Engineering Teams
05 Aug 2020
Contributed by Lukas
Send a textIn this episode we take another people centric approach with Simon Dollo as we explore the difference between developers and product engine...
Episode #005: Know Your Audience, the Face of Documentation and Training in a DevSecOps World
31 Jul 2020
Contributed by Lukas
Send a textIn this episode we discuss product engineering security Easter eggs and try to stay on track talking about how to get other departments and...
Episode #004: Be careful with your logs aka a hand grenade with a dictionary attached to it
22 Jul 2020
Contributed by Lukas
Send a textThis time on Relating to DevSecOps we cover application logging, how it's viewed by different teams and what those teams are looking t...
Episode #003: Bookending DevSecOps starting with Threat Models
08 Jul 2020
Contributed by Lukas
Send a textStarting on the left side of the SDLC, we talk about Threat Modeling experiences from all perspectives and the fundamental issues with chec...
Episode #002: A Product Engineering Perspective on DevSecOps
30 Jun 2020
Contributed by Lukas
Send a textSimon Dollo joins the crew and brings his product engineering perspective to the burning question "What is DevSecOps?" We explore...
Relating to DevSecOps #001: What is DevSecOps?!
23 Jun 2020
Contributed by Lukas
Send a textJoin us on our first episode of relating to DevSecOps where we introduce the first two co-hosts of 3 recurring players, Jamieson Colburn, r...