Ken Toler and Mike McCabe
Relating to DevSecOps
A Podcast dedicated to forging iron clad relationships between developers, engineers, operations, and security practitioners by discussing hot topics in the world of DevSecOps. This podcast aims to air out some of the common gripes, misconceptions, and hardships that these teams face in the real world every day.
Author
Ken Toler and Mike McCabe
Category
Podcast website
Latest episode
Apr 29, 2026
Where to listen?
Podcasts in the app Replaio Radio Coming soonPodcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts
Episodes
Episode #058: Merging Your Mergers without Git Merge 01.06.2023 33:29
Send us Fan Mail Mike and Ken dive into the exciting topic of Mergers and Acquisitions. Take a bit of time out of your day to join them in their explorations of how M&As have affected operations for clients, companies, and security teams. Today they discuss techniques, trials, tribulations, and methods for tackling the joining of two companies, organizations, and teams bringing real scenarios...
Episode #057: Security Without Compromise! 19.05.2023 30:37
Send us Fan Mail Join Mike and Ken as they discuss collaborative security work and what working together looks like in enterprise and organizations. In an effort to help people make better security decisions, in this episode they cover avoiding silos, working effectively together, picking your battles, reframing the security conversation with engineers, and using security as an enabler. Now Availa...
Episode #56: Respond Well in Incident Response with DevSecOps 21.04.2023 34:47
Send us Fan Mail Join Mike and Ken in their discussion about Incident Response and how it fits into the DevSecOps world and arena. Incident Response, logging and monitoring are hard problems to solve and Mike has some strong opinions on how to leverage and use native tooling to prepare and respond to incidents in your environment. Understanding logs, what to do with them, and how to filter through...
Episode #055: Engineering Empathy with Hecber Cordova 31.03.2023 42:02
Send us Fan Mail We dive back into bringing guests onto the show focusing on real problems with real people on the ground. In this episode, we are joined by Hecber Cordova, Director of Cloud Security at RBC. He shares insights around growth into DevSecOps, developing empathy with your engineering teams, creating cloud patterns, paved paths, and building secure architectures from the ground up. If...
Episode #54: ChatGPT's Cryptic Insights: AI in Security for Developers and Operations Teams 23.03.2023 36:38
Send us Fan Mail In this episode, Mike and Ken will dive deep into the world of ChatGPT and explore how it can be used to generate code for developers and operations teams. They'll discuss the benefits and drawbacks of relying on AI for security, and how it can be used to improve the security posture of your organization. But that's not all - Mike and Ken will also explore the challenges...
Episode #053: DevSecOps on the Emerald Isle: Insights from Global OWASP AppSec Dublin, with a Side of Guinness and Frustrations with Application Security Vendors 08.03.2023 41:07
Send us Fan Mail In this episode, our hosts recap the Global OWASP AppSec Dublin conference and share insights into interesting talks about DevSecOps. They delve into the challenges and opportunities that come with securing modern applications in a dynamic and ever-changing landscape. The hosts also share their frustrations with application security vendors in the space and discuss potential solut...
Episode #052: Dude! Where's My Stuff? Application Inventory and Service Discovery 07.02.2023 28:43
Send us Fan Mail Today's episode covers one of the most common problems for software development teams and their security partners. Application Inventory. App Inventory brings to mind different struggles and difficulties for teams and even Ken and Mike have a few different experiences in approach. The team breaks apart some differences between asset inventory, software constellations, service...
Episode #051: Hiring for DevSecOps in 2023! 14.01.2023 50:53
Send us Fan Mail Happy New Year! Another year of DevSecOps fun as we head into an unpredictable and volatile security market, Ken and Mike talk hiring and the struggle between having a ton of talented passionate junior talent and a security mission that requires experienced individuals with a limited budget. Inadequate staffing, the reality of security vs engineering budgets, bridging the talent g...
Episode #050: The Evolution of Data Security in DevSecOps 03.12.2022 34:51
Send us Fan Mail We hope all of the turkey comas have worn off! These holiday delays are almost over, and in the meantime here we are with the second part of how security verticals fit into the great sprawling world of DevSecOps! Mike and Ken discuss migration fro on prem to cloud and how this shift has had a tremendous effect on the perception of data security. It's become easier and easier...
Episode #049: IAM! The Myers Briggs of DevSecOps 24.10.2022 37:50
Send us Fan Mail It's been tough getting together with the end of year madness, but we're back again after another unanticipated delay. In this episode, we take some time to cover how IAM fits into the greater idea and methodology of DevSecOps. We cover how we think of IAM in today's code driven world and go through some thoughts, opinions, and scenarios around IAM. In the next few...
Episode #048: Threat Modeling doesn't need to feel like pain and sorrow 16.09.2022 42:00
Send us Fan Mail We are back from vacation! Pick up where you left off as we jump back into DevSecOps with threat modeling experiences, lessons, and perceptions we've seen in our day to day. After getting through a bit of a slow start, we revisit this topic all the way back from episode 3 where we got the hot takes on threat modeling from our resident devops and software engineering represent...
Episode #47: Geese aren't the only things migrating in the cloud, but we're more secure at least 08.08.2022 37:47
Send us Fan Mail One thing Mike and Ken have talked about at length at conferences, in board rooms, and in team chats is migrating workloads to the cloud security. Join them as they discuss the migrating patterns, how they vary between your favorite cloud service providers, and just where security fits into the whole mess. From on prem, refactoring, lift and shifted, native cloud workloads, or jus...
Episode #046: Security Spiderwebs with Kubernetes and how Cloud helps (and hurts) 11.07.2022 36:56
Send us Fan Mail We are BACK! after a hiatus of vacations, illness, and family gatherings, but while we may have been absent we are at no shortage of words to say and hope you enjoy our conversation about Kubernetes and the variety of flavors cloud service providers have to offer. From EKS through GKE and AKS we cover security concerns and challenges we've seen in the last few months. We talk...
Episode #045: What is DevSecOps in 2022 an R2DSO anniversary redux 10.06.2022 35:09
Send us Fan Mail Mike and Ken take it back to the roots with a special anniversary episode on what is DevSecOps. Since we started this podcast we've had a lot of topics that fit the overall DevSecOps buzzsord, but in this episode we talk about some of the evolution DevSecOps has gone through, how it's perceived in the industry and market today and some hot takes on what's changed. T...
Episode #044: Multiball Pinball with Multicloud Hot Takes and Infrastructure as Code 21.05.2022 37:24
Send us Fan Mail Mike and Ken are BACK after a small hiatus and they jump into hot takes on multi-cloud. What does multi-cloud even mean? How does it differ from hybrid cloud, private cloud, or even just the status quo data center. The hosts discuss integration of products and projects into a multicloud deployment, security concerns associated with the approach, and how it differs from the horror...
Episode #043: Security leaves the cave to go to Miami with the Blockchain People and this episode happened 20.04.2022 34:01
Send us Fan Mail Ken had a chance to attend a blockchain conference for Solana out in Miami and Mike hops into the interviewer seat. We talk about some differences between the approach. With a heavy builder community we chat through the build it on site mentality of Solana devs and the driving market that is new and novel blockchain ecosystems. From new projects, industry verticals, and everythin...
Episode #042: Perscription Lenses or Sunglasses for Eyes on Code 31.03.2022 34:12
Send us Fan Mail In this Episode we talk about the differences in code review depending on role and how you can be a better code reviewer on the "blue" side. Sometimes security tends to think in breaks and hacks, but we talk about how to think and act like a secure developer. Continuing the theme of systemic fixes, we discuss how difficult it can be to review small segments of code witho...
Episode #041: Holistic Cloud Medicine in the Face of the Modularization of Cloud Components Affects Applications 16.03.2022 31:14
Send us Fan Mail A continuing trend in cloud and application security has been the modularization of application functions that offloads the developer responsibility for security and even some development! We cover how these cloud legos affect secure architectures, how the assessment paradigm shifts to configuration, how traditional silos such as #cloudsec, #netsec, and #appsec change. Mike bring...
Episode #040: Over the hill with blockchain and DevSecOps with digital money 25.02.2022 36:05
Send us Fan Mail In this episode we introduce the general concepts of security in cryptocurrency in blockchain, what we see in our day to day with regard to application security and devsecops. We cover developer personas, cloud, centralized organizations, the difference in transparency, compliance, and frustrations as Mike grills Ken and teases out a tangent or two.
Episode #039: Cloud Metal Detectors with Monitoring and Logging 16.02.2022 32:15
Send us Fan Mail In this episode we cover another security perspective on logging and monitoring in the cloud as opposed to web applications specifically. We dive into Mike's view on how logs and software defined infrastructure evolve in the world of incident response and detection today. With the propagation of infinitely scalable cloud environments, we dive into ways to wrangle logs and mak...
Episode #038: Layers of the DevSecOps Onion, are we reversing time? 02.02.2022 35:49
Send us Fan Mail In this episode Mike and Ken talk about the magic of software defined things and how skill crossover is becoming a thing of the future. Maybe history is repeating itself. Whether it's endpoint detection and response, physical security, disaster recovery, networks, or a firewall, it seems like everything has a software defined equivalent. Developers and Application Security en...
Episode #037: New Year, New Security what can you do to level up? 19.01.2022 35:20
Send us Fan Mail Happy New Year from R2DSO as we head into 2022. In this Episode we bring back Michael McCabe for a more permanent role on the show! Super exciting for us and hopefully for you. We talk about our plans for the future of the show including interactive components, video, and expansion on the existing repository. We also take some time to talk about trends in security skills that orga...
Episode #036: Trending Topics from Terraform to Testing 07.12.2021 38:04
Send us Fan Mail In this alliterative episode we bring back Mike McCabe to wrap up a security year in consulting with common trends and successes in security. On the back of Ken and Mike's talk at LASCON 2021, these two break down some of the common security themes from clients and scenarios that highlight just how we've progressed in an almost fully remote year of work. AppSec programs,...
Happy Holidays from R2DSO! 24.11.2021 1:58
Send us Fan Mail We've had a bit of an end of year rush so just wanted to give listeners a preview of what's to come in the next few episodes. We're laying down the tracks now and should have something out the door early December. Thanks for all of your support and feedback. We're looking forward to getting back into the studio!
Episode #035: Successful Unit Testing Through Collaboration with Your Unit 02.11.2021 41:37
Send us Fan Mail We know, we know! It's been too long between episodes, but we had some speaking engagements, conferences, and general life going into November and here we are. In this episode we cover unit testing, what it means to security vs what it means to engineers and some learning along the way as we dig into what makes a good unit test. All to often security engineers are telling dev...
Similar podcasts
Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.