Ken Toler and Mike McCabe

Relating to DevSecOps

A Podcast dedicated to forging iron clad relationships between developers, engineers, operations, and security practitioners by discussing hot topics in the world of DevSecOps. This podcast aims to air out some of the common gripes, misconceptions, and hardships that these teams face in the real world every day.

Author

Ken Toler and Mike McCabe

Category

Technology

Podcast website

www.buzzsprout.com

Latest episode

Apr 29, 2026

Where to listen?

Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts

Get it on Google Play Install for free Android 5M+ downloads · 4.8 rating iOS soon

Episodes

Episode #034: Attack of the Git PR through K8s 11.10.2021

Send us Fan Mail In this episode we squeeze one more git topic out with an attack through a PR. Based on a recent article posted on https://cloudseclist.com/ we thought it fit the series pretty well and put a nice capstone on everything.  You can read the article we reference yourself at https://goteleport.com/blog/hack-via-pull-request/  This episode is full of hot takes and rambling, but we thou...

Episode #033: Getting out of git by branching out with branching strategies 21.09.2021

Send us Fan Mail Bad puns end this series with branching strategies and git. We start with Simon's preferred approach from a product engineering strategy for branching and why it works for him. Then we talk about some of the common issues that occur due to strategies that are not optimized for the organization running them. Some of these include over engineering, cultural frustrations, re-wor...

Episode #32: Hooks, Kits, and Git - putting security into your git pipeline 07.09.2021

Send us Fan Mail In this episode we cover a few technical topics, but primarily how to get started with getting security into your git pipeline through git hooks, pre-commit strategies, secrets analysis, and scan automation. We also cover some best practices that help engineers and developers stay security minded throughout their time in the repository. We hope you have as much fun listening as we...

Episode 031: Git Security Done with Git 17.08.2021

Send us Fan Mail We head into an unknown number of episodes around git. In this episode we introduce git and common security concerns to folks who may be unfamiliar with either. Git is an essential skill for security practitioners and engineers and sometimes we're just winging it when it comes to doing things right (or at least our opinion of right). We cover differences between rebase and me...

Episode #030: Blueprints, Reference Architectures, and Plans - Building Apps Securely 26.07.2021

Send us Fan Mail In this episode we chat blueprints, security patterns, reference architectures, and plans. Basically what we've seen in terms of the left hand side of the SDLC in establishing requirements early. This topic came about after reading the recent AWS Security reference architecture and grappling with implementation. We get pretty metaphor and analogy heavy in this one with some e...

Episode #029: Does anyone REALLY do DevSecOps, and succeed? 06.07.2021

Send us Fan Mail In this somewhat makeshift, low-power episode recorded during the NYC power grid strain we do our best at getting inventive with recording techniques. Topic of the day is does DevSecOps really work? We discuss some of our failures, frustrations, and successes with DevSecOps. We also cover things you can do to succeed with DevSecOps techniques.  While it may seem like fighting an u...

Episode #028: Non-technical management and Email as your IDE 22.06.2021

Send us Fan Mail Episode number 28 moves us back to a more people focused topic as we dive into technical vs non-technical management, leadership, management styles, how we've approached managers and management in our careers, and general hot takes on leadership and management in the DevSecOps world. Opinion heavy in this one and while this isn't management advice, hopefully it sparks so...

Episode #027: Hot Takes on Blogs: Part I - Are QA, BA, and DBAs Dead? 03.06.2021

Send us Fan Mail In this react video of a podcast we have a look at a recent blog post on whether the QA, DBA, and BA jobs are going away in favor of more consolidated roles in development such as the full stack engineer and cloud services like abstracted databases.  Simon baits Ken into a reaction since security is excluded, but eventually conclusions and comparisons are drawn to the security ind...

Episode #026: Starting right by shifting left - what to do at build time 21.05.2021

Send us Fan Mail After such a fun conversation last week, we bring Mike back in to discuss applying security at build time and what we can do with infrastructure as code through linting and early analysis. We break down the difference between Linting, Policy as Code, and SaaS and talk about how each of these might fit into your workloads. Plus! As a security practitioner, what you can do to move t...

Episode #025: Warm blankets around your cloud with CSPM and Michael McCabe 11.05.2021

Send us Fan Mail Episode 25 is all about CSPM and our good friend Michael McCabe. Mike has a ton of experience securing application and cloud workloads and we break down how CSPM fits into the larger landscape of DevSecOps. Whether you look at it as the first step, last step, catch all, or waste of money, we break down ways a CSPM can be a valuable part of your cloud strategy and DevSecOps.  In th...

Episode #024: The first line of defense for MicroServices - AUTH 26.04.2021

Send us Fan Mail And that means authentication and authorization. Once you start splitting up the monolithic apps and iterating faster and faster, how does your mindset on security change? Simon and I have our own opinions, but we're starting with authentication and authorization on this episode as well as some ideas that come to mind when organizations take their first microservices steps. I...

Episode #023: A call back to Microservices - do we even get it yet? 10.04.2021

Send us Fan Mail Ken and Simon talk engineering and security ramifications of microservices, why organizations choose to split up their treasured applications and cut them into bite size pieces for ease of use and maintenance. As with most technological advances - the best outcomes come from good implementation so SImon and Ken talk about some real world experiences, some things to think about, an...

Episode #22: From Engineer to CTO and what security means along the way w/ Jonathan Schwartz 12.03.2021

Send us Fan Mail An exciting episode indeed! Jon Schwartz the CTO of Jetty joins us in a discussion about security through his career, leadership guidance, and how to align with all roles in your organization. Hear some real world examples of security, engineering, and devops working together towards a common goal and listen in to learn how to use a new perspective to bring security to the table....

Episode #021: An Outside-In Look at Application Inventory 26.02.2021

Send us Fan Mail Keeping with the SecOps theme the crew discusses Application Inventory, arguably the most important part of any successful application security program. Challenges are always there in keeping an accurate and robust inventory, and with a focus on assets Jamieson, Ken, and Simon discuss what they want out of an inventory and how you might look at it from the outside in when dealing...

Episode #20: Security Operations ain't what it used to be 14.02.2021

Send us Fan Mail Simon, Ken, and Jamieson ponder what Security Operations brings to the table and discuss some of the misconceptions around responsibilities of security operations folks in the wild. A high-level episode exploring what SecOps means, and how it fits into the overall security dynamic of DevSecOps. We touch on the direction of the industry in SOAR and hit on the immaturity of SecOps i...

Episode 019: Welcome to 2021 - R2DSO goes visual and more 25.01.2021

Send us Fan Mail With Jamieson out of commission, Simon and Ken chat and relfect on 2020. In this episode we cover some of our favorites and look towards the future with what's to come for DevSecOps in 2021. While Jamieson's there in spirit we take the opportunity to get one last Perl joke in.  In 2021 we will be bringing video tutorial content, more guests, and deeper dives into topics...

Episode #18: Was 2020 just a giant Chaos Engineering Experiment? Part Deux: Tooling and Security Experiments 22.12.2020

Send us Fan Mail In our final episode of 2020 we dive into chaos engineering tools with a focus on security and unpack the differences between penetration testing, security testing, and chaos engineering.  After all, what was 2020 if not a chaos engineering experiment. We each took some time to review this awesome list of chaos engineering resources:  https://github.com/dastergon/awesome-chaos-eng...

Episode #017: Chaos in your Engineering, what to do if Zombies attack your cloud 04.12.2020

Send us Fan Mail In this episode we talk about Chaos Engineering, what it is, what it isn't, our thoughts on what chaos really means and how we approach it in our day to day. In this episode we talk about our introductions to chaos engineering and how some of our career activities have related to it in the past. Have you ever done a tabletop exercise, but were dissatisfied with the technical...

Episode #016: Terraform CDK, finishing the Infra as Code series with its final form? 11.11.2020

Send us Fan Mail We wrap up this series with a talk through the terraform cdk and our initial reactions of the project and product. We all learned a ton through this journey trying to figure out where and when to use these tools. I think we've all come out of this with a newfound respect to the future of infrastructure as code and hope you've enjoyed listening to us. It's been fun t...

Episode #015: Quest to Terraform CDK through the Amazon CDK 01.11.2020

Send us Fan Mail In our quest to discuss and debate the usefulness of the Terraform CDK we take a pit stop at the Amazon CDK and Cloudformation. All of us have had varying experiences with the trials and tribulations of infrastructure as code, JSON, and YAML. We tease out why and when the CDK or Cloudformation route might be a better or complimentary choice to other platforms. We touch on some sec...

Episode #014: Approaching Terraform and other "as-code" fun 17.10.2020

Send us Fan Mail We've listened to your feedback and started diving into infrastructure as code starting with terraform, our experiences learning it for fun and for clients. The trials and tribulations of automation in Jamieson's lengthy DevOps career, and where to go to get started with terraform. We cover some of our personal frustrations living with terraform and the real world and di...

Episode #013: How a backend engineer looks at XSS 03.10.2020

Send us Fan Mail Simon gives his perspective on Cross-Site Scripting (XSS) and we dig into some of the common protections. We also cover different views between front and back end development and where the responsibility lies for teams facing this issue. We start to unpack the importance of the product, context, and user experience as it pertains to browser attacks.

Episode #012: What DevSecOps means to a SCRUM master with Jenn Molyneaux 24.09.2020

Send us Fan Mail Jenn Molyneaux joins the crew as the very first guest! ( https://bit.ly/3ctCLJu ). Jenn is a Senior SCRUM Master who brings her wealth of experience and patience to the table to help us all understand how we can work better together. We had a great time recording this one and are excited to start getting more opinions and views on the show. We talk about DevSecOps in Agile/SCRUM,...

Episode #011: Bugs vs Vulns - what's your opinion? 18.09.2020

Send us Fan Mail Security and Engineering go head to head in a conversation about bugs vs vulnerabilities and where we think they should fall in the grand scheme of product development. Unfortunately we threw this one together at the last minute as we had to scramble due to some life events. Keep an eye out for our intended episode next week on Agile/Scrum with Jenn!

Episode #010: Security Configs, Default Configs, and other decisions we regret 11.09.2020

Send us Fan Mail This episode we riff on some of the hotter topics we discussed during Episode 9 as we cover security misconfigurations, default misconfigurations, and the responsibility of application/infrastructure configs in an organization. We talk about how to best interact with other teams to ensure configurations are manageable, maintained, and in the right hands

Listen to the Relating to DevSecOps podcast in Replaio

Radio and podcasts in one app - free, with no sign-up. Install today and do not miss the launch

Get it on Google Play

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.