Powered by RND
Open app
Top stationsPodcastsLive sportsNear youGenresTopics
PodcastsNewsDevSecOops
Listen to this podcast in the app for free:
DevSecOops
radio.net
Sleep timer
Save favourites
Download for free in the App Store

DevSecOops

Cordant
NewsTechnology
DevSecOops
Latest episode

Available Episodes

5 of 9
  • Episode 9 - Rapid Fire Judgement
    In this episode, Tom and Scotti take listeners behind the curtain at Cordant, revealing how the team collaboratively approaches designing IT solutions—from infrastructure to cybersecurity. Framed around a hypothetical greenfield deployment, the discussion is a rapid-fire breakdown of their go-to tools, platforms, and philosophies—covering everything from hypervisors and SIEM solutions to code repositories and discovery tools. Key Topics Covered: Discovery & Strategy Process: The Cordant methodology: discovery, internal collaboration, and experience-based solution building. VMware & Broadcom Fallout: Tom discusses why VMware remains the on-prem hypervisor of choice, despite Broadcom's pricing and licensing challenges. Alternatives are weighed, including cloud-native VMs and infrastructure consolidation strategies. SIEM & Logging Solutions: Scotti explores cost-effective approaches to log management, weighing Splunk, Microsoft Sentinel, and CrowdStrike SIEM. He stresses the need to align tooling with organisational maturity and internal expertise, cautioning against over-investment in underutilised platforms. Code Repositories: The team debates GitHub, GitLab, Bitbucket, and cloud-native options. Security, ease-of-use, and deployment flexibility are discussed, especially in contexts requiring data sovereignty or air-gapped environments. Discovery Tooling & Attack Surface Management: With evolving threats shifting from network-focused to identity-centric attacks, Scotti outlines the importance of modern asset discovery tools like RunZero, AssetNote, and Wiz. He advocates for agentless, comprehensive visibility across hybrid environments. Key Takeaways: Vendor selection should reflect organisational context—not just feature sets. Tooling must match internal capability; gold-plated tech without operational maturity offers little value. Identity, not infrastructure, is the modern threat frontier—external and internal visibility is critical. Cloud-native and hybrid strategies should be evaluated tactically and strategically, not reactively.
    --------  
    1:03:47
  • Episode 8 - Bytesized: Kubernetes, AI, Oracle, and More
    In this byte-sized episode of DevSecOops, Tom and Scotti dive into recent developments from the Cordant office. Tom and Scotti unpack the power and pitfalls of modern tech trends, from Kubernetes to GenAI, and cloud resilience. Kubernetes in Focus Tom questions the complexity of Kubernetes, while Scotti defends its scalability and abstraction benefits. Drawing from both home labs and enterprise deployments, they highlight how managed services reduce friction, enabling cloud-agnostic architecture and better DevOps alignment. OCI Incident & Lessons in Trust Reflecting on a real-world project from Oracle, Scotti describes auditing IAM permissions at scale using Kubernetes. They dive into cultural lessons from a major Oracle Cloud Infrastructure (OCI) incident, advocating for transparency, not blame. Tom stresses that resilience comes from what we learn, not whom we blame. AI: Game-Changer or Crutch? AI adoption is accelerating, with tools like ChatGPT and Claude now embedded in workflows. Tom recounts a colleague building a mobile app with zero prior experience using AI alone. Scotti sees AI as a thought partner; great for learning, risky if misused. ⚠️ Ethics & Risk AI’s potential is massive, but so are the dangers. Open-source LLMs trained on exploits pose real threats. As Scotti warns: “Like any security tool, it can be used for good or bad.” ️ Key Takeaway Balance innovation with governance. Transparency, culture, and intent define how we build secure, resilient systems.
    --------  
    42:42
  • Episode 7 - Wiz Bang
    This episode explores Wiz’s platform-driven approach to cloud security, emphasising its usability across multiple organizational roles — from developers to executives. Matt, a Principal Solution Engineer at Wiz, explains how the company provides comprehensive, real-time visibility into cloud environments (including multi-cloud and hybrid architectures), helping organisations identify high-risk vulnerabilities early in the software lifecycle — even before deployment. Key Discussion Points Wiz’s Core Value Proposition Wiz offers a cloud-native security platform designed to detect risks across infrastructure, applications, and configurations. The solution prioritises threats using risk context and attack path analysis, making security information relevant and actionable for both technical and business stakeholders. Executive-Level Adoption Matt notes strong engagement from CISOs, CTOs, and CIOs due to Wiz’s rapid time-to-value, easy implementation, and support for tooling consolidation. Executives appreciate how Wiz enables faster, safer adoption of new technologies, such as AI services, while maintaining governance and compliance. Developer Enablement A major focus is shifting security left by integrating it into developers’ workflows. Wiz provides clear guidance, risk prioritisation, and remediation suggestions, removing the need for developers to be security experts. This reduces friction between engineering and security teams, traditionally a major operational challenge. Operationalisation and ROI Emphasis is placed on real-world usage and ROI. Matt shares insights from customers who evaluate tools based on actual usage metrics, such as platform login frequency, to ensure investments are delivering value. Security Champion Models The discussion touches on the importance of embedded security roles, such as Security Champions within development teams. This model, pioneered by companies like Amazon, helps organisations scale secure development practices and manage the growing velocity of security threats in cloud environments. Noise Reduction and Prioritisation Hosts and guests stress the importance of eliminating alert fatigue. Wiz’s platform contextualises vulnerabilities (e.g., IAM policy misconfigurations or outdated libraries in containers) to distinguish meaningful risks from benign issues. This “pragmatic security” approach builds credibility with developers and promotes a security-aware culture.
    --------  
    54:19
  • Episode 6 - War of The Clouds
    In this episode of DevSecOops from the guys at Cordant, the crew dives headfirst into one of the juiciest debates in tech: which cloud reigns supreme? Dubbed 'The War of The Clouds', this episode pits the big players (and some honerable mentions) against each other in a lighthearted skirmish over developer love, enterprise muscle, and long-term value. Tom dons the blue armour for Microsoft Azure, bringing 25 years of Wintel loyalty to the table (though he’s got some thoughts on recent commercial antics from Redmond). James rides the mighty AWS beast, championing the original developer darling turned enterprise juggernaut—boasting revenue figures that dwarf even the biggest names on the ASX. Scotti takes the underdog position with a passionate defence of Oracle Cloud. With boots-on-the-ground experience and a developer’s heart, he makes a surprisingly compelling case for Oracle's open standards and Java-rich legacy (despite a few barbs about Delphi, Java, and Visual Basic 6 along the way). Together, the trio spar over: Developer experience: From Azure’s tight-knit integration with Visual Studio and GitHub, to AWS’s shiny toybox of SDKs, to OCI’s Kafka-powered streaming services. Tooling and automation: Why Terraform is winning hearts where native tools stumble, and how scripting your infra is now half the cloud battle. Strategic cloud adoption: Whether clients should go all-in with one vendor or play the multi-cloud field—and what truly drives those choices (hint: it’s not just tech, it’s business context). Security and identity: Expect a bit of heat here - especially around PIM roles, privileged access management, and how well (or not) each provider integrates identity services. This episode is as much a tech showdown as it is a masterclass in real-world cloud strategy, with the team drawing on their direct client experiences across all three platforms. While there’s plenty of banter, the insights are razor-sharp, and whether you're team AWS, Azure, or Oracle, you’ll leave with a clearer view of where each platform shines (and where it needs work).
    --------  
    1:02:56
  • Episode 5 - The Importance of Proper Program Pragmatism
    In this episode of the DevSecOps podcast, hosts Tom, Scotty, and James from Cordant are joined by experienced project manager Natalie Haslam to explore the complexities of delivering cybersecurity projects. Natalie highlights the crucial role of human factors in security, emphasising the need for awareness and adherence to protocols. The discussion covers the importance of involving operational teams early, managing cybersecurity incidents during project delivery, and balancing governance with agility. The team also examines project management methodologies, debating agile versus waterfall approaches and the benefits of a hybrid mode, and the value of stakeholder engagement, advocating for clear communication to secure buy-in and drive successful cyber initiatives.
    --------  
    51:54

More News podcasts

Trending News podcasts

About DevSecOops

Welcome to DevSecOops - a mostly serious podcast about modern ICT, and pragmatic solutions to complex problems.
Podcast website
NewsTechnologyTech News

Listen to DevSecOops, Missing in the Amazon and many other podcasts from around the world with the radio.net app

Get the free radio.net app

  • Stations and podcasts to bookmark
  • Stream via Wi-Fi or Bluetooth
  • Supports Carplay & Android Auto
  • Many other app features
Open app
Company
Legal
Service
Apps
Social
Radio Australia
v7.20.0 | © 2007-2025 radio.de GmbH
Generated: 7/3/2025 - 2:22:13 AM