Mattias Hemmingsson, Julien Bisconti and Andrey Devyatkin
The DevSecOps Talks Podcast
This is the show by and for DevSecOps practitioners who are trying to survive information overload, get through marketing nonsense, do right technology bets, help their organizations to deliver value and last but not the least to have some fun. Tune in for talks about technology, ways of working and news from DevSecOps. This show is not sponsored by any technology vendor and trying to be as unbiased as possible. We talk like no one is listening! For good or bad :) For more info, show notes, and discussion of past and upcoming episodes visit devsecops.fm
Autor
Mattias Hemmingsson, Julien Bisconti and Andrey Devyatkin
Categoría
Web del podcast
Último episodio
14 de jun. de 2026
¿Dónde escuchar?
Podcasts en la app Replaio Radio Muy prontoLos podcasts llegarán muy pronto a la app. Instálala ahora y sé el primero en descubrir una forma totalmente nueva de vivir los podcasts
Episodios
#103 - European Cloud Sovereignty with Mark Shine, Pawel Piwosz and Filipe Berti 14.06.2026 56:19
Mark Shine, Pawel Piwosz, and Filipe Berti discuss why the default choice of AWS, Azure, or GCP is no longer automatic for every team. The conversation covers cost, managed services, open source, AI workloads, and what European cloud providers can offer instead. We are always happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners. DevSecOps Talks podcas...
#102 - The 90-Day Patch Window Is Dead With Ian Amit And Matias Madou 05.06.2026 51:19
What happens when AI can turn patches into exploits in hours? The hosts discuss why the 90-day disclosure window is breaking, what Mythos Preview changes, and why shipping vulnerable code is becoming more expensive. We are always happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners. DevSecOps Talks podcast LinkedIn page DevSecOps Talks podcast website...
#101 - Infrastructure as Code in 2026: Still Essential or Already Changing? 04.06.2026 38:26
Six years after the podcast first covered infrastructure as code, what still holds up and what does not? The hosts revisit IaC through a 2026 lens: platform teams shipping secure-by-default modules, stacks becoming standard, GitOps making more sense for Kubernetes, and AI raising new questions instead of removing old ones. It is a practical look at where infra tooling is heading and what teams sho...
#100 - 100 Episodes Later: What Still Matters in DevSecOps 07.05.2026 40:45
What changed between episode 1 and episode 100, and what stayed surprisingly constant? The hosts revisit infrastructure as code, observability, incident response, secrets, compliance, and supply chain security through the lens of six years of conversations. It is part retrospective, part editorial reset for what the next 100 episodes should focus on. We are always happy to answer any questions,...
#99 - AI SRE and the End of 3 AM On-Call 28.04.2026 48:21
Could AI handle the worst parts of incident response before you even join the call? Mattias and Paulina talk with Birol Yildiz about AI-written status updates, fast root cause analysis, and the path from read-only help to autonomous fixes. They also explore why post-mortems and documentation may be some of the best places to start. We are always happy to answer any questions, hear suggestions fo...
#98 - Beyond AI SRE 21.04.2026 37:10
Andrey shares the thinking behind Boris and the idea of going beyond AI SRE. The conversation covers the DevOps talent shortage, the coming squeeze on AI costs, why repeatable operational tasks are a strong fit for agents, and why customer data should stay in the customer's own AWS account. We are always happy to answer any questions, hear suggestions for new episodes, or hear from you, our list...
#97 - Shift Left, Get Hacked: Supply Chain Attacks Hit Devs 15.04.2026 35:36
March 2026 made supply chain attacks feel a lot less theoretical, but what made these incidents different? The hosts discuss compromised publishing credentials, automatic execution hooks like post-install scripts and Python `.pth` files, and how both humans and security tools caught the malicious releases. They also talk through concrete ways to make developer environments harder to abuse. We ar...
#96 - Keeping Platforms Simple and Fast with Joachim Hill-Grannec 01.04.2026 48:44
This episode with Joachim Hill-Grannec asks: How do platforms bloat, and how do you keep them simple and fast with trunk-based dev and small batches? Which metrics prove it works—cycle time, uptime, or developer experience? Can security act as a partner that speeds delivery instead of a gate? We are always happy to answer any questions, hear suggestions for new episodes, or hear from you, our li...
#95 - From Platform Theater to Golden Guardrails with Steve Wade 23.03.2026 45:44
Is your Kubernetes stack bloated, slow, and hard to explain? Steve Wade shares simple checks—the hiring treadmill, onboarding time, and the acronym test—to spot platform theater fast. What would a 30-day deletion sprint cut, save, and secure? We are always happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners. DevSecOps Talks podcast LinkedIn page DevS...
#94 - Small Tasks, Big Wins: The AI Dev Loop at System Initiative 11.03.2026 52:42
We bring Paul Stack back to cover the parts we skipped last time. What changed when the models got better and we moved from one-shot Gen AI to agentic, human-in-the-loop work? How do plan mode and tight prompts stop AI from going rogue? Want to hear how six branches, git worktrees, and a TypeScript CLI came together? We are always happy to answer any questions, hear suggestions for new episodes,...
#93 - The DevSecOps Perspective: Key Takeaways From Re:Invent 2025 05.03.2026 27:30
Andrey and Mattias share a fast re:Invent roundup focused on AWS security. What do VPC Encryption Controls, post-quantum TLS, and org-level S3 block public access change for you? Which features should you switch on now, like ECR image signing, JWT checks at ALB, and air-gapped AWS Backup? Want simple wins you can use today? We are always happy to answer any questions, hear suggestions for new ep...
#92 - From System Initiative to SWAMP: Agent-Native Infra with Paul Stack 20.02.2026 47:55
What can you automate with SWAMP today, from AWS to a Proxmox home lab? How do skills, scripts, and reusable workflows plug into your stack? Could this be your agent’s missing guardrails? We are always happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners. DevSecOps Talks podcast LinkedIn page DevSecOps Talks podcast website DevSecOps Talks podcast You...
#91 - January security roundup: CVSS 10 in n8n, self-hosted AI scares, and nonstop patching 04.02.2026 44:01
We kick off with a CVSS 10 in n8n, then look at self-hosted AI assistants with weak defaults and prompt injection risks. Are your API keys, inbox, and drives safe if a bot is open to the web? What should you rotate, patch, and hide behind a VPN? We are always happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners. DevSecOps Talks podcast LinkedIn page D...
#90 - K8s vs Managed Services: Cost, Lock-In, and Reality 19.01.2026 51:44
We get into K8s vs native orchestrators. Do you still need Kubernetes when managed services cover most needs? How do cost, lock-in, and team skills change the choice? Expect a heated debate. We are always happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners. DevSecOps Talks podcast LinkedIn page DevSecOps Talks podcast website DevSecOps Talks podcast...
#89 - Agents, Reviews, and Secrets: Real Talk on AI in Dev 05.01.2026 34:01
Are devs ignoring AI, misusing it, or getting real value? What happens when agents touch your env vars, repos, and pipelines? How do you share prompts, set team defaults, and keep trust? Could an AI engineer role lead culture as well as tools? We are always happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners. DevSecOps Talks podcast LinkedIn page Dev...
#88 - EU Compliance 101: DSA, MiCA explained 22.12.2025 30:56
Which parts of AI Act, NIS2, DORA, and DSA overlap so you can cover more with less? What basics raise your baseline fast: central logs, backups, risk assessments, and human-in-the-loop governance? Could a simple mailing list make incident comms painless? We are always happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners. DevSecOps Talks podcast Linked...
#87 - EU Compliance 101: AI Act, DORA, NIS2 explained 08.12.2025 38:20
Want a quick map of EU compliance for engineers? How do you classify AI by risk and tell users when AI is used? When do you send a 24-hour heads-up and a one-month report after an incident? Does NIS2 make your board liable and your logs mandatory? We are always happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners. DevSecOps Talks podcast LinkedIn page...
#86 - MCP plugins: your next security blind spot? 21.11.2025 1:04:54
Is MCP just another server you need to threat model, patch, and monitor? How do you keep users from over-privileged access, block LLM injection, and stop blind spots? We unpack the VentureBeat article https://venturebeat.com/security/mcp-stacks-have-a-92-exploit-probability-how-10-plugins-became-enterprise with real-world tips. We are always happy to answer any questions, hear suggestions for ne...
#85 - Is It Time for OpenTofu? Our HashiConf Takeaways 23.10.2025 30:46
We break down 10 years of HashiConf and this year's Terraform-heavy news. What do Terraform Actions with Ansible, Stacks GA, and HCP-only features mean for day two work? Is open source getting left behind, and is OpenTofu worth a look? We are always happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners. DevSecOps Talks podcast LinkedIn page DevSecOps T...
#84 - AI for DevSecOps: Current Wins and Ongoing Gaps 30.09.2025 35:22
Can AI really help us build more secure software? What’s working in practice right now, and where do the tools still fall short? Mattias and Paulina share their views. We are always happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners. DevSecOps Talks podcast LinkedIn page DevSecOps Talks podcast website DevSecOps Talks podcast YouTube channel
#83 - Opentofu Vs Terraform: Where We Are Now With Cole Bittel 17.09.2025 38:45
It’s been a while since OpenTofu was released to the public, so we wanted to check in on where it stands today. How is the community adopting it? What’s the public sentiment? And how does it differ from Terraform in terms of features? This time we’re joined by Cole Bittel, an experienced SRE, platform engineer, and contributor to OpenTofu. He shares his hands-on experience migrating to OpenTofu, a...
#82 - Tools, Mcps, And Attack Scenarios 25.08.2025 36:57
This time we talk about how LLMs use tools and what the Model Context Protocol (MCP) brings to the table. What are the risks? How can an attacker exploit MCPs? And why are LLMs a bit like grandpas — helpful but forgetful? We are always happy to answer any questions, hear suggestions for new episodes, or hear from you, our listeners. DevSecOps Talks podcast LinkedIn page DevSecOps Talks podcast w...
#81 - Keeping Secrets Safe 30.06.2025 33:35
Still pasting tokens into Slack? What types of secrets are at risk, and which tools fit which consumer—humans, CI/CD, or workloads? Where do most teams stumble, and how do you fix it fast? Hear our no-nonsense checklist. Connect with us on LinkedIn or X (see info at https://devsecops.fm/about/) . We are happy to answer any questions, hear suggestions for new episodes, or hear from you, our liste...
#80 - Understanding Passkeys: Benefits And Limitations 21.05.2025 36:55
Passkeys are gaining attention as a new way to log in without passwords. How do they work, and how do they compare to traditional multi-factor authentication (MFA)? In this episode, we explore the history of passwords, the strengths and weaknesses of common MFA methods, and the potential of passkeys to enhance security. What threats do passkeys mitigate, and what still remain? Connect with us on...
#79 - Going Local: What’S Driving The Move? 23.04.2025 20:31
Andrey, Paulina, and Mattias kick off a miniseries on European infrastructure. We talk about infrastructure providers' options across Europe, ask what really drives the move away from hyperscalers, and wonder whether the trade-offs make sense for most teams. Connect with us on LinkedIn or Twitter (see info at https://devsecops.fm/about/). We are happy to answer any questions, hear suggestions fo...
Podcasts similares
Replaio no es editor de podcasts; los nombres de los programas, las portadas y el audio pertenecen a sus autores y se distribuyen a través de canales RSS públicos