Best DevSecOps Podcast Series Podcasts (2024)

1
ep2024-07 Safety belts for AppSec with Lisa Plaggemier 32:04

1d ago32:04

32:04

After a long and unplanned pause, the OWASP podast is back with a home run of an episode. We have Lisa Plaggemier as our guest who reprises her eloquent keynote topic from AppSec DC. All hope isn't lost, we are making progress - just look at safety in the auto industry to understand where we are and where we're going.Links:Lisa's keynote from AppSe…

1
Safeguarding Against Recent Vulnerabilities Related to Rust 26:25

12d ago26:25

26:25

What can the recently discovered vulnerabilities related to Rust tell us about the security of the language? In this podcast from the Carnegie Mellon University Software Engineering Institute, David Svoboda discusses two vulnerabilities, their sources, and how to mitigate them.

1
Developing a Global Network of Computer Security Incident Response Teams (CSIRTs) 30:51

22d ago30:51

30:51

Cybersecurity risks aren’t just a national concern. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), the CERT division’s Tracy Bills, senior cybersecurity operations researcher and team lead, and James Lord, security operations technical manager, discuss the SEI’s work developing Computer Security Incident R…

1
Automated Repair of Static Analysis Alerts 27:05

1M ago27:05

27:05

Developers know that static analysis helps make code more secure. However, static analysis tools often produce a large number of false positives, hindering their usefulness. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), David Svoboda, a software security engineer in the SEI’s CERT Division, discusses Rede…

1
Cyber Career Pathways and Opportunities 31:23

2M ago31:23

31:23

Not all paths to cybersecurity careers look the same. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Randy Trzeciak, deputy director of cyber risk and resilience in the SEI’s CERT division, discusses his career journey, resources for pursuing a career in cybersecurity, and the importance of building a dive…

1
My Story in Computing with Sam Procter 37:15

3M ago37:15

37:15

Sam Procter started out studying computer science at the University of Nebraska, but he didn’t love it. It wasn’t until he took his first software engineering course that he knew he’d found his career path. In this podcast from the Carnegie Mellon University Software Engineering Institute, Sam Procter discusses the early influences that shaped his …

1
Developing and Using a Software Bill of Materials Framework 37:37

3M ago37:37

37:37

With the increasing complexity of software systems, the use of third-party components has become a widespread practice. Cyber disruptions, such as SolarWinds and Log4j, demonstrate the harm that can occur when organizations fail to manage third-party components in their software systems. In this podcast from the Carnegie Mellon University Software …

1
The Importance of Diversity in Cybersecurity: Carol Ware 26:37

4M ago26:37

26:37

In this podcast from the Carnegie Mellon University Software Engineering Institute, Carol Ware, a senior cybersecurity engineer in the SEI’s CERT Division, discusses her career path, the value of mentorship, and the importance of diversity in cybersecurity.By Carol Ware

1
The Importance of Diversity in Software Engineering: Suzanne Miller 29:02

4M ago29:02

29:02

In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Suzanne Miller, a principal researcher in the SEI’s Software Solutions Division, discusses her career path, the value of mentorship, and the importance of diversity in software engineering.By Suzanne Miller

1
The Importance of Diversity in Artificial Intelligence: Violet Turri 16:57

4M ago16:57

16:57

Across the globe, women account for less than 30 percent of professionals in technical fields. That number drops to 22 percent in the field of Artificial Intelligence (AI). In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Violet Turri, a software developer in the SEI’s AI Division, discusses the evolution of…

1
Using Large Language Models in the National Security Realm 34:45

5M ago34:45

34:45

At the request of the White House, the Office of the Director of National Intelligence (ODNI) began exploring use cases for large language models (LLMs) within the Intelligence Community (IC). As part of this effort, ODNI sponsored the Mayflower Project at Carnegie Mellon University’s Software Engineering Institute (SEI) from May 2023 through Septe…

1
Atypical Applications of Agile and DevSecOps Principles 33:41

5M ago33:41

33:41

Modern software engineering practices of Agile and DevSecOps have provided a foundation for producing working software products faster and more reliably than ever before. Far too often, however, these practices do not address the non-software concerns of business mission and capability delivery even though these concerns are critical to the success…

1
When Agile and Earned Value Management Collide: 7 Considerations for Successful Interaction 35:21

6M ago35:21

35:21

Increasingly in government acquisition of software-intensive systems, we are seeing programs using Agile development methodology and earned value management. While there are many benefits to using both Agile and EVM, there are important considerations that software program managers must first address. In this podcast, Patrick Place, a senior engine…

1
The Impact of Architecture on Cyber-Physical Systems Safety 34:05

6M ago34:05

34:05

As developers continue to build greater autonomy into cyber-physical systems (CPSs), such as unmanned aerial vehicles (UAVs) and automobiles, these systems aggregate data from an increasing number of sensors. However, more sensors not only create more data and more precise data, but they require a complex architecture to correctly transfer and proc…

1
ChatGPT and the Evolution of Large Language Models: A Deep Dive into 4 Transformative Case Studies 46:22

7M ago46:22

46:22

To better understand the potential uses of large language models (LLMs) and their impact, a team of researchers at the Carnegie Mellon University Software Engineering Institute CERT Division conducted four in-depth case studies. The case studies span multiple domains and call for vastly different capabilities. In this podcast, Matthew Walsh, a seni…

1
The Cybersecurity of Quantum Computing: 6 Areas of Research 23:01

8M ago23:01

23:01

Research and development of quantum computers continues to grow at a rapid pace. The U.S. government alone spent more than $800 million on quantum information science research in 2022. Thomas Scanlon, who leads the data science group in the SEI CERT Division, was recently invited to be a participant in the Workshop on Cybersecurity of Quantum Compu…

1
User-Centric Metrics for Agile 31:41

8M ago31:41

31:41

Far too often software programs continue to collect metrics for no other reason than that is how it has always been done. This leads to situations where, for any given environment, a metrics program is defined by a list of metrics that must be collected. A top-down, deterministic specification of graphs or other depictions of data required by the m…

1
The Product Manager’s Evolving Role in Software and Systems Development 24:19

8M ago24:19

24:19

In working with software and systems teams developing technical products, Judy Hwang, a senior software engineer in the SEI CERT Division, observed that teams were not investing the time, resources and effort required to manage the product lifecycle of a successful product. These activities include thoroughly exploring the problem space by talking …

1
Measuring the Trustworthiness of AI Systems 19:27

9M ago19:27

19:27

The ability of artificial intelligence (AI) to partner with the software engineer, doctor, or warfighter depends on whether these end users trust the AI system to partner effectively with them and deliver the outcome promised. To build appropriate levels of trust, expectations must be managed for what AI can realistically deliver. In this podcast f…

1
ep2023-09 Vulnerable Data Gathering for AI with Arturo Buanzo Busleiman 32:38

10M ago32:38

32:38

After getting a ping from an old friend about a potential new OWASP project, I had to bring him on as a guest. He's got an interesting idea around potential vulnerabilities in web crawlers which just happen to gather data for so many AI system. We talk about that, Cybersecurity and Government and so much more.Show Links:- LinkedIn https://www.linke…

1
Actionable Data in the DevSecOps Pipeline 31:58

10M ago31:58

31:58

In this podcast from the Carnegie Mellon University Software Engineering Institute, Bill Nichols and Julie Cohen talk with Suzanne Miller about how automation within DevSecOps product-development pipelines provides new opportunities for program managers (PMs) to confidently make decisions with the help of readily available data. As in commercial co…

1
Insider Risk Management in the Post-Pandemic Workplace 47:34

10M ago47:34

47:34

In the wake of the COVID pandemic, the workforce decentralized and shifted toward remote and hybrid environments. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Dan Costa, technical manager of enterprise threat and vulnerability management, and Randy Trzeciak, deputy director of Cyber Risk and Resilience, …

1
ep2023-08 Finding Next Gen Cybersecurity Professionals with Brad Causey 32:48

11M ago32:48

32:48

For years we've heard talk about a shortage of cybersecurity professionals so what can be done about that? In this episode, I speak to Brad Causey who has taken one approach he's found successful. We cover the trade-offs of his approach and how, should you agree with him, you can help fill those troubling vacancies at your company.Show Links:- Secu…

1
An Agile Approach to Independent Verification and Validation 31:57

11M ago31:57

31:57

Independent verification and validation (IV&V) is a significant step in the process of deploying systems for mission-critical applications in the Department of Defense (DoD). In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Justin Smith, senior Agile transformation leader in the SEI Software Solutions Divisi…

1
ep2023-07 What's Audit got to do with IT 33:40

12M ago33:40

33:40

In this episode we talk with Zain Haq and take a leap and bound over the first and second line to discover more about the third line - internal audit. We discover answers to a number of questions: What role does audit play in the overall cybersecurity of an organization? What does the CISO gain from having an audit function? What makes a good audit…

1
Zero Trust Architecture: Best Practices Observed in Industry 27:53

12M ago27:53

27:53

Zero trust architecture has the potential to improve an enterprise’s security posture. There is still considerable uncertainty about the zero trust transformation process, however, as well as how zero trust architecture will ultimately appear in practice. Recent executive orders have accelerated the timeline for zero trust adoption in the federal s…

1
Automating Infrastructure as Code with Ansible and Molecule 39:38

1y ago39:38

39:38

In Ansible, roles allow system administrators to automate the loading of certain variables, tasks, files, templates, and handlers based on a known file structure. Grouping content by roles allows for easy sharing and reuse. When developing roles, users must deal with various concerns, including what operating system(s) and version(s) will be suppor…

1
SBOMS, CycloneDX and Dependency Track: Automation for Survival with Steve Springett 29:32

1y ago29:32

29:32

Software supply chain seems to be front and center for technologists, cybersecurity and many governments. One of the early pioneers in this space was Steve Springett with two highly successful projects: OWASP Dependency Track and CycloneDX. In this episode, we catch up with Steve to talk about how he got started in software supply chain management …

1
Identifying and Preventing the Next SolarWinds 46:04

1y ago46:04

46:04

In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Gregory J. Touhill, director of the SEI CERT Division, talks with principal researcher Suzanne Miller about the 2020 attack on Solar Winds software and how to prevent a recurrence of another major attack on key systems that are in widespread use. Solar Winds i…

1
A Penetration Testing Findings Repository 25:47

1y ago25:47

25:47

In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI) Marisa Midler and Samantha Chaves, penetration testers with the SEI’s CERT Division, talk with Suzanne Miller about a penetration-testing repository that they helped to build. The repository is a source of information for active directory, phishing, mobile tech…

1
Understanding Vulnerabilities in the Rust Programming Language 36:45

1y ago36:45

36:45

While the memory safety and security features of the Rust programming language can be effective in many situations, Rust’s compiler is very particular on what constitutes good software design practices. Whenever design assumptions disagree with real-world data and assumptions, there is the possibility of security vulnerabilities–and malicious softw…

1
AppSec at 40,000 feet 44:02

1y ago44:02

44:02

In this episode I speak with Jerry Hoff who provides some very interesting perspective on application security especially at scale and from a high level view like that of a CISO. Even if you're not in a senior leadership position, you're likely to be reporting to one. Understanding that point of view can help you successfully frame your work and ac…

1
We Live in Software: Engineering Societal-Scale Systems 39:31

1y ago39:31

39:31

Societal-scale software systems, such as today’s commercial social media platforms, are among the most widely used software systems in the world, with some platforms reporting billions of daily active users. These systems have created new mechanisms for global communication and connect people with unprecedented speed. Despite the numerous benefits …

1
Secure by Design, Secure by Default 54:05

1y ago54:05

54:05

In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI) Gregory J. Touhill, director of the SEI CERT Division, talks with Suzanne Miller about secure by design, secure by default, a longstanding tenet of the work of the SEI and CERT in particular. The SEI has been in the forefront of secure software development, pro…

1
Key Steps to Integrate Secure by Design into Acquisition and Development 48:50

1y ago48:50

48:50

Secure by design means performing more security and assurance activities earlier in the product and system lifecycles. A secure-by-design mindset addresses the security of systems during the requirements, design, and development phases of lifecycles rather than waiting until the system is ready for implementation. The need for a secure-by-design mi…

1
2023-04 Rethinking WAFs: OWASP Coraza 29:14

1y ago29:14

29:14

WAFs have been with us a while and it's about time someone reconsidered WAFs and their role in AppSec given the cloud-native and Kubernetes landscape. The OWASP Coraza is not only asking these questions but putting some Go code behind their ideas. Should WAFs work in a mesh network? Why create an open source WAF? What's next for the OWASP Coraza pr…

1
An Exploration of Enterprise Technical Debt 25:56

1y ago25:56

25:56

Like all technical debt, enterprise technical debt consists of choices expedient in the short term, but often problematic over the long term. In enterprise technical debt, the impact reaches beyond the scope of a single system or project. Because ignoring enterprise technical debt can have significant consequences, software and systems architects s…

1
The Messy Middle of Large Language Models 33:46

1+ y ago33:46

33:46

The recent growth of applications that leverage large language models, including ChatGPT and Copilot, has spurred reactions ranging from fear and uncertainty to adoration and lofty expectations. In this podcast from the Carnegie Mellon University Software Engineering Institute, Jay Palat, senior engineer and technical director of AI for mission, an…

1
2023-03 Point of Scary - the POS ecosystem 34:46

1+ y ago34:46

34:46

In this episode I speak with Aaron about Point of Sale or POS systems. He's been investigating the security of POS systems for quite some time now and brings to light the state of the POS ecosystem. Buckle your seat belts, this is going to be a bumpy and very interesting ride.By The OWASP Podcast Series

1
An Infrastructure-Focused Framework for Adopting DevSecOps 43:35

1+ y ago43:35

43:35

DevSecOps practices, including continuous-integration/continuous-delivery (CI/CD) pipelines, enable organizations to respond to security and reliability events quickly and efficiently and to produce resilient and secure software on a predictable schedule and budget. Despite growing evidence and recognition of the efficacy and value of these practic…

1
Software Security in Rust 18:09

1+ y ago18:09

18:09

Rust is growing in popularity. Its unique security model promises memory safety and concurrency safety, while providing the performance of C/C++. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), David Svoboda and Joe Sible, both engineers in the SEI’s CERT Division, talk with principal researcher Suzanne Mil…

1
2023-02 Isolation is just PEACHy 33:54

1+ y ago33:54

33:54

In this episode I speak with Amitai Cohen who's been thinking a lot about tenant isolation. This is a problem for more then just cloud providers. Anyone with a SaaS offering or even large enterprise may want to isolate customers or parts of their business from each other. Several useful items came out of this including the Cloud VulnDB which catalo…

Podcasts Worth a Listen

DevSecOps Podcast Series

Podcasts Worth a Listen

Quick Reference Guide