Ken Toler and Mike McCabe

Relating to DevSecOps

A Podcast dedicated to forging iron clad relationships between developers, engineers, operations, and security practitioners by discussing hot topics in the world of DevSecOps. This podcast aims to air out some of the common gripes, misconceptions, and hardships that these teams face in the real world every day.

Koniecznie odwiedź stronę podcastu i wesprzyj twórcę: www.buzzsprout.com

Autor

Ken Toler and Mike McCabe

Kategoria

Technology

Strona podcastu

www.buzzsprout.com

Ostatni odcinek

29 kwi 2026

Gdzie słuchać?

Podcasty w aplikacji Replaio Radio Już wkrótce

Podcasty trafią do aplikacji już wkrótce. Zainstaluj teraz i jako pierwszy zobacz nowe podejście do podcastów

Pobierz z Google Play Zainstaluj za darmo Android 5 mln+ pobrań · ocena 4,8 iOS niedługo

Odcinki

Episode #083: AI Mythos, Security Fundamentals, and the Zero-Day Panic Cycle 29.04.2026

Send us Fan Mail Ken and Mike are back in the AI trenches, this time unpacking the hype, fear, and practical security implications surrounding Anthropic’s Mythos preview. As the industry reacts to claims around AI-driven vulnerability discovery and exploit generation, the hosts ask a more important question: are we actually ready to fix what we already know is broken? The conversation cuts through...

Episode #082: AI Hype, Human Cost 17.03.2026

Send us Fan Mail Ken and Mike are back from the grave to kick off 2026 with a timely debate on the AI panic cycle hitting software and security. They dig into the biggest questions flying around the industry right now: Is AI taking developer and security jobs? Is SaaS dying? Is software engineering being replaced by vibe coding and agents? From maker-checker workflows and token costs to AI-generat...

Episode #081: Burnout by Budget Season: Surviving Q4 in Security 29.10.2025

Send us Fan Mail In this candid and cathartic episode, Ken and Mike unpack the chaos that is Q4 for security professionals. From budget burnouts to end-of-year pentesting sprints, they explore why the final months of the year feel like a perfect storm for stress. Tune in as they share hard-earned lessons, practical advice for maintaining your sanity, and some gentle reminders that not everything n...

Episode #080: Patch Me If You Can: Compliance, SLAs, and Other Fairytales 25.08.2025

Send us Fan Mail In this no-punches-pulled return from hiatus, Ken and Mike dig deep into the messy middle of vulnerability management, SLA fatigue, and the illusion of compliance. Are we building secure systems or just passing audits? From legacy cruft to exploitable CVEs, this episode unpacks the real-world pressures of SOC 2, the auditor dance, and whether fixing every “critical” is even feasib...

Episode #079: CISOver It: When Dashboards Replace Direction 10.06.2025

Send us Fan Mail In this episode of Relating to DevSecOps, Ken and Mike discuss the challenges faced by CISOs in today's security landscape, particularly the struggle to balance immediate security needs with long-term preventative strategies. They explore the disconnect between security leadership and practitioners, the urgency of addressing security issues, and the importance of understandin...

Episode #078: 🔥 Burn Your 30-page Policies: Tanya’s Got Better Ideas 22.04.2025

Send us Fan Mail In this must-listen episode of Relating to DevSecOps, Ken welcomes the ever-inspiring Tanya Janca, aka SheHacksPurple—author, AppSec expert, and champion of making security usable. Together, they dig into why so many application security policies fail, why developers ignore them, and how to make them actually work. Tanya shares real-world experiences from both dev and security per...

Episode #077: Is Google Eating the Cloud? 🔥 Wiz.io Acquisition Hot Takes 24.03.2025

Send us Fan Mail In this episode of Relating to DevSecOps, Ken Toler and Mike McCabe dive deep into Google's blockbuster acquisition of Wiz.io for a reported $32 billion. They explore the implications for cloud security, the consolidation of the DevSecOps tooling landscape, and how this move compares to Google’s previous acquisitions like Mandiant and Chronicle. The duo debates the future of...

Episode #076: ShmooBalls & Open Source Brawls: DevSecOps, Risk, and the Final ShmooCon 04.02.2025

Send us Fan Mail Welcome to 2025! Ken and Mike kick off the new year with their security resolutions (or lack thereof) before diving into the bittersweet farewell to ShmooCon, one of the most beloved hacker conferences. Ken shares his experiences from the final event, including insights on hardware hacking, radio security, and the unique hacker culture that made ShmooCon special. They also unpack...

Episode #075: Ghosts of DevSecOps: Past, Present, and Future 24.12.2024

Send us Fan Mail In this special holiday-themed episode of Relating to DevSecOps , hosts Ken and Mike channel their inner Dickens with a retrospective journey through the "Ghosts of DevSecOps Past, Present, and Future." From lessons learned about security awareness and collaboration challenges of the past, to the growing pains and contradictions of today’s implementation of security basi...

Episode #074: Battling Budgets in Security 09.12.2024

Send us Fan Mail In this episode of Relating to DevSecOps, hosts Ken and Mike tackle the complex challenges of managing security budgets in organizations of all sizes. From small, scrappy teams to sprawling enterprises, they explore how security leaders can navigate tight financial constraints while maintaining strong security postures. They share insights on integrating security into IT operation...

Episode #073: Staffing Security in DevSecOps 21.10.2024

Send us Fan Mail In this episode, Ken and Mike discuss the pressing issue of staffing security in the DevSecOps field. They explore the challenges of finding qualified application security professionals, the importance of diverse backgrounds in security roles, and the paradox of understaffed security teams despite a high demand for cybersecurity jobs.  The conversation also delves into strategies...

Episode #072: Measuring the Immeasurable: The Power and Pitfalls of Metrics in DevSecOps 28.08.2024

Send us Fan Mail Ken and Mike dive deep into the world of metrics and measurement in the context of security and DevSecOps. They explore the critical role metrics play in driving security improvements, from tracking vulnerabilities to gauging the effectiveness of incident response. The hosts discuss what makes a good metric, the importance of aligning metrics with business goals, and the dangers o...

Episode #071: Retro Vibes with Retrospectives 19.06.2024

Send us Fan Mail Ken and Mike discuss the importance of postmortems in incident response and security incidents. They explore the definition of postmortems, the value of reflection, the challenges of blame, and the significance of actionable outcomes. They also touch on the transparency of postmortems and the need for root cause analysis. The conversation concludes with a brief announcement about...

Episode: #070: Putting da BOM in SBOM and SCA 08.05.2024

Send us Fan Mail Ken and Mike discuss supply chain security, including software composition analysis (SCA) and software bill of materials (SBOM). They highlight the importance of understanding the components that make up your software and the risks associated with using third-party libraries. They also discuss recent supply chain failures, such as the XZ library hack and the SolarWinds attack. The...

Episode #069: Your SaaS is Grass 20.03.2024

Send us Fan Mail In this episode Mike and Ken dive into the wild world of SaaS products in DevSecOps. From vendors to security tooling hygiene they cover an often overlooked ecosystem of cloud and software services that may be rotting in the sky of your workloads. Join up for a listen on SaaS Security!

Episode #068: Data Breaches and DevSecOps 21.02.2024

Send us Fan Mail With pep and full youtube energy Ken and Mike discuss the findings of the IBM "Cost of a Data Breach" report and its implications for DevSecOps. They highlight the importance of integrating security into every phase of the software development life cycle and the positive impact it can have on reducing the cost of a data breach.

Episode #067: Welcome to 2024! AppSec Resolutions and A Smhoocon Recap 26.01.2024

Send us Fan Mail Ken and Mike discuss their new year's resolutions related to application security. They also reflect on the impact of AI and its adoption in the industry. The hosts share their experiences attending conferences and highlight interesting talks on topics such as zero-day vulnerabilities and fuzzing LLM models. They discuss the OWASP LLM Top 10 and the evolving perception of AI...

Episode #066: Exploration of the Shifting Definition of Shifting Left 05.12.2023

Send us Fan Mail We are joined by incredible guests Mikhail Chechik and Marcus Hallberg as they help us define DevSecOps and emphasize the importance of a security mindset throughout the development process. These two incredible folks explore common misconceptions about shifting left and discuss the challenges of triaging and validating vulnerabilities early in the development lifecycle. We enter...

Episode #065: LASCON 2023 Recap - AI, a Misunderstood Menace or Magic Bullet 10.11.2023

Send us Fan Mail On this episode of R2DSO Mike and Ken dive into their takeaways and experiences from LASCON 2023 in Austin, TX where AI was both a problem child and praised bringer of salvation in security. Vendors and companies alike are embracing AI with wide eyes and there was no shortage of talks, presentations, and hallway conversations about the topic. Beyond that security is fast accepting...

Episode #064: Don't Instigate, Mitigate! 25.09.2023

Send us Fan Mail In this episode Ken and Mike dive directly into the meat with solutioning and mitigation. All too often security professionals finding themselves falling into the trap of focusing on vulnerability counts, evangelizing findings, and playing the age old game of red, yellow, green. We jump straight into the why of this focus in the industry and offer some ideas on how to get out of i...

Episode #063: Unscrambling CloudSecSoup with CSPM, Vuln Management, SIEMs, and Log Aggregators 05.09.2023

Send us Fan Mail In today's episode, we untangle the web of alphabet-soup technologies: CSPM, VM, SIEM, and Log Aggregators. We go beyond the buzzwords to give you a no-nonsense look at how these tools fit together, complement each other, or might even replace one another in specific use-cases. Selecting the right tool can be overwhelming, and we're here to guide you through the when, wh...

Episode #062: Cyber Sentinels: Ken and Mike in the DevSecOps Labyrinth 07.08.2023

Send us Fan Mail Dive headfirst into AppSec and Terraform security with  Ken and Mike in this electrifying podcast episode. They demystify complex security concepts, offer golden nuggets on Cybersecurity programs as a DevSecOps concept, and provide a rare glimpse into the high-octane training sessions they're delivering at BlackHat, Defcon, and Lascon. This episode is a view into  building re...

Episode #061: Fossilized Code & Future Clouds: Contrasting Worlds of Balance in Legacy Applications 18.07.2023

Send us Fan Mail Ken and Mike dive into the exciting world of modern application and cloud security, with a keen focus on the challenges posed by legacy systems. They explore the hurdles faced when dealing with older applications written in stalwart languages like Java, .NET, Rails, and Python, and shed light on the complexities of addressing security issues in these systems. Join them as they dis...

Episode #060: Precise Angles for Automation in DevSecOps Adventures 22.06.2023

Send us Fan Mail In this captivating episode of R2DSO hosts Ken and Mike embark on an exploration of security automation in the realms of application and cloud security. With a a keen understanding of the pitfalls, they emphasize the need for precision, consistency, and repeatability. Stepping beyond the traditional confines of scanning, and automation techniques destined for failure, they offer i...

Episode #059: DevSecOps Pentesting, Possible or Preposturous? 08.06.2023

Send us Fan Mail In this action-packed episode, Ken, Mike, and Izzy (Ken's cat) dive headfirst into the wild world of DevSecOps Penetration Testing – is it possible or downright preposterous? Can we truly automate pentesting in this breakneck DevSecOps environment, or are we chasing a cybersecurity unicorn? Discover the vital distinction between red team operations and adversarial simulations...

Słuchaj podcastu Relating to DevSecOps w Replaio

Radio i podcasty w jednej aplikacji - za darmo, bez zakładania konta. Zainstaluj już dziś i nie przegap premiery

Pobierz z Google Play

Replaio nie jest wydawcą podcastów; nazwy audycji, okładki i audio należą do ich autorów i są rozpowszechniane przez publiczne kanały RSS