The Security Repo Mackenzie Jackson & Dwayne McDaniel

This week, we dive deep into the world of Kubernetes with John Dietz, co-founder of Kubefirst and a seasoned IT professional with over two decades of experience. John shares his extensive insights into the transformative power of Kubernetes and infrastructure as code (IaC) in modern cloud environments. Reflecting on his personal journey from skepticism about containerization to embracing Kubernetes. John discusses the critical role of governance and security in successfully deploying and managing cloud-native technologies. We also explore challenges and strategies for integrating security practices into DevOps, ensuring robust governance, and leveraging IaC for efficient and secure infrastructure management. Whether you're an IT veteran or new to the field, join us as we unpack the complexities of Kubernetes, security through governance, and the future of cloud-native platforms.

Show Notes:
Kubefirst: https://kubefirst.io/
Johns articles on The News Stack https://thenewstack.io/author/john-dietz/

John Dietz sociales
X (Twitter): https://twitter.com/vitamindietz
Linkedin: https://www.linkedin.com/in/jd-k8s/

Introduction: 0:00
Kubernetes skeptic to advocate: 1:09
Governance in Kubernetes & IaC: 8:30
Who owns security with IaC and K8: 24:36
Common K8 mistakes: 32:16
Why care about Kubernetes: 38:23
Best and worst: 47:15
Links and show notes: 54:22

In this episode we dive deep into the world of authorization with Emre Baran, CEO and co-founder of Cerbos. As a seasoned entrepreneur and software expert, Emre brings over 20 years of experience to the table, discussing the subtle yet significant distinctions between authorization and authentication, and why these concepts are pivotal in today's cloud-based and development environments.

In this discussion, Emre explains why many organizations still grapple with these issues in 2024, highlighting common pitfalls in security practices and offering insights into the sophisticated challenges of implementing fine-grained access control. He also shares his views on the evolving landscape of regulatory standards and introduces us to "Cerbos," his solution designed to streamline and secure authorization processes efficiently.

Show Notes
Learn about Corbos: https://www.cerbos.dev/
Cerbos GitHub: https://github.com/cerbos/cerbos

Follow Emre Baran
X / Twitter - https://twitter.com/emre
Linkedin: https://www.linkedin.com/in/emrebaran/

Time Stamps
Intro: 0:00
Why are we still struggling with authz: 1:12
Difference Authentication &Authorization: 6:16
What is Cerbos?: 9:35
The auth trap: 11:58
Is it scalable: 13:20: Scaling Auth
Who owns auth: 16:31
Regulation and compliance: 20:32
GitGuardian: 22:12
What is ZSP (Zero standing Privileges): 23:00
Best and Worst: 28:00
Links and followup: 32:00

In this engaging episode of "The Security Repo," host Dwayne McDaniel and esteemed guest Rachel Stephens, delve into the rapidly evolving world of security tooling, with a special focus on the buzz around Application Security Posture Management (ASPM). They tackle the complexities and confusions surrounding the burgeoning category of security solutions, offering listeners a clear-eyed view of what ASPM means for developers, security professionals, and the tech industry at large. Through a candid and enlightening conversation, they explore the history and potential future of security practices, the push towards simplification and consolidation of tools, and the real challenges of effectively managing security risks in today's dynamic digital environments. Join us for a thought-provoking discussion that demystifies ASPM and provides valuable insights into the direction of security tooling and practices.

Show Notes:
Learn more about ASPM - https://blog.gitguardian.com/good-application-security-posture-requires-good-data/Learn more about RedMonk https://redmonk.com/ Listen on Spotify: https://open.spotify.com/show/2emgX3m3dJSzlmAG3axBGa Listen on Apple Podcasts: https://podcasts.apple.com/us/podcast/the-security-repo/id1634401017

In this episode of The Security Repo podcast, we dive deep into the evolving landscape of security within software development with our guest, Rachel Stephens, a senior analyst at RedMonk. Rachel sheds light on the broader implications of the "shift left" movement, emphasizing the integration of security practices throughout the entire software development lifecycle rather than viewing it as an isolated final step. This conversation explores how developers and security professionals can work together more effectively, the role of tools in aiding or hindering this collaboration, and the importance of understanding security from a holistic viewpoint. With insights into the latest trends, challenges, and solutions in securing our software development processes, this episode is a must-listen for anyone interested in the intersection of development, security, and industry analysis.

Show Notes
https://redmonk.com/

Introduction: 0:00
Analyst Role / RedMonk: 2:18
Shift Lift: 4:27
Dev and Sec in Conflict: 6:20
Shift Left Where?: 9:35
What about micro applications?: 11:08
What is Shift Right?: 15:15
GitGuardian:20:22
How do you Shift Left?: 21:20
Measure what matters: 25:20
Best and Worst Advice: 27:30
RedMonk: 29:39

This week, join us as we sit down with Huxley Barbee, the lead organizer of B-Sides New York City and a security evangelist at RunZero. With over two decades of experience as a software engineer and security consultant, Huxley shares his profound insights and journey through the evolving landscape of cybersecurity.

From his early days attending DefCon in 1999 to spearheading B-Sides conferences that champion technical excellence, community engagement, and accessibility, Huxley's story is one of passion, dedication, and innovation. He offers a fresh perspective on the recent shift of DefCon to the Las Vegas Convention Center and recounts memorable anecdotes that highlight the unique culture of hacker communities.

Moreover, Huxley sheds light on the critical topic of exposure management, moving beyond traditional vulnerability scanning to encompass advanced techniques and strategies for securing modern networks. His advice on asset inventory and the importance of understanding your network's vulnerabilities is indispensable for both seasoned professionals and newcomers to the field.

So, whether you're a cybersecurity veteran, an aspiring hacker, or simply curious about the digital world's inner workings, this episode is packed with valuable insights, fascinating stories, and practical advice. Don't miss out on this deep dive into the challenges and triumphs of securing our digital future with Huxley Barbee.

This episode of The Security Repo Podcast features an insightful discussion with Gregory Zagraba on the challenges and strategies of integrating security practices within the DevOps landscape. Covering the evolution of DevOps, the emergence of DevSecOps, and the importance of a culture shift in large organizations, the conversation delves into practical advice on automation, the significance of backups, and fostering a security-conscious mindset. Through real-world examples and expert insights, the episode sheds light on creating robust, secure systems in the fast-paced world of software development and data protection.



Show Notes:

Git Protect https://gitprotect.io/

Git Protect Blog https://gitprotect.io/blog/