CoSeCast - The Continuous Security Podcast

In this episode Steve speaks with the Control Plane Kubernetes security training gurus, Lewis Denham-Parry and Andy Martin about their brain-child, the KubeCon Capture the Flag! We get into how it began, the community the enables it and the inspiration for some of the concepts within its structure and scenes. Recorded back in June 2021 and long overdue thanks to some editing nightmares, this is one to listen to before we  meet up for KubeCon 2022 #optimistic LEWIS DENHAM-PARRY Head of Training at Control Plane / Co-Founder at Cloud Native Wales https://control-plane.io/ https://www.linkedin.com/in/denhamparry/ https://twitter.com/denhamparry ANDREW MARTIN Hacker // CEO | Kubernetes & cloud security ▲ consulting, audit/test, training — author O'Reilly/SANS Passionate and motivated security engineer and CEO: educator, public speaker, community builder, author, hacker. Leads by example, extensive hands-on expertise in technical domains across security and operations for government, financial services, and private sector. Enjoys difficult problems. https://www.linkedin.com/in/andr3wmartin/ https://twitter.com/sublimino https://control-plane.io/

Guest: Brian Haugli - Managing Partner, SideChannel | CEO, RealCISO.io | Host of #CISOlife Viewed as a "full stack CISO", Brian is an executive security leader and mentor focused on building high performance security teams, deploying effective operating models, and delivering risk management capabilities for global, domestic, and local enterprises. He has held senior advisory & practitioner roles within DoD, the Intelligence Community and Fortune 1000 companies. Brian is a NIST expert, specifically with the Cyber Security Framework (CSF) and 800-53, and for industrial control systems & operational technologies. In the episode Steve speaks to Brian about implementing security strategy specifically around the struggles with culture change, mis-alignment of risk appetite at the highest level and the behavioural effects this can have throughout an organisation. More about Brian: LinkedIn: https://www.linkedin.com/in/brianhaugli [https://www.linkedin.com/in/brianhaugli] Virtual CISO: https://sidechannel.com/ [ https://sidechannel.com/] Security Assessment: https://www.realciso.io/ [https://www.realciso.io/] YouTube: https://www.youtube.com/channel/UCtDlpJo3O8Z08mF_KoIkxWQ [https://www.youtube.com/channel/UCtDlpJo3O8Z08mF_KoIkxWQ] Twitter: https://twitter.com/BrianHaugli [ https://twitter.com/BrianHaugli] Your host: Steve Giguere Steve is a Developer Advocate for Bridgecrew by Palo Alto Networks. He is a serial podcaster having hosted his solo editorial podcast called Codifyre [https://codifyre.com/], as well as podcasts for Synopsys and Aqua Security called Hacking Security and BeerSecOps [https://beersecops.com/]. He's a fun and entertain public speaker on application, cloud native and kubernetes security and when he's not doing that he loves music.  He's composed and played the theme music for this and each of his other podcasts. Learn more... https://stevegiguere.com/ [https://stevegiguere.com/] https://bridgecrew.io/ [https://bridgecrew.io/]https://twitter.com/_SteveGiguere_ [https://twitter.com/_SteveGiguere_]

Jim is the Founder and CEO at Nirmata who are in turn the founders of Kyverno Kyverno is a policy engine designed for Kubernetes. With Kyverno, policies are managed as Kubernetes resources and no new language is required to write policies. This allows using familiar tools such as kubectl, git, and kustomize to manage policies. Kyverno policies can validate, mutate, and generate Kubernetes resources. Software is changing the world, and Jim's mission at Nirmata is to help the world deliver better software by fully by democratizing cloud native best practices. Nirmata is a Kubernetes management plane built for enterprises. Nirmata works across clouds, data centers, edge, and connected devices. Jim’s Profile linkedin.com/in/jimbugwadia [https://www.linkedin.com/in/jimbugwadia] Websites * nirmata.com [http://www.nirmata.com/](Company Website) * kyverno.io [https://kyverno.io] * infoworld.com/blog/the-noops-enterprise/ [http://www.infoworld.com/blog/the-noops-enterprise/](Blog) Phone * 408-410-3701 (Mobile) Email jim@nirmata.com [jim@nirmata.com] Twitter * JimBugwadia [https://twitter.com/JimBugwadia]

Alvin Chang is a futurist and technology enthusiast.  This episode was prompted by a conversation I had with him on LinkedIn where he spontaneously told me DevOps was dead and briefly seemed to be suggesting he should tell Gene Kim. I requested he explain via podcast and here we are!  It goes in some very interesting directions. References: https://en.wikipedia.org/wiki/GPT-3 [https://en.wikipedia.org/wiki/GPT-3]https://en.wikipedia.org/wiki/Impact_factor [https://en.wikipedia.org/wiki/Impact_factor] Blogchain: https://steemit.com/ [https://steemit.com/] People: https://en.wikipedia.org/wiki/Tim_Berners-Lee [https://en.wikipedia.org/wiki/Tim_Berners-Lee]https://www.ucl.ac.uk/bartlett/public-purpose/people/mariana-mazzucato [ https://www.ucl.ac.uk/bartlett/public-purpose/people/mariana-mazzucato] https://en.wikipedia.org/wiki/Charlie_Munger [https://en.wikipedia.org/wiki/Charlie_Munger] Alvin’s Profile https://www.linkedin.com/in/alvinchang [https://www.linkedin.com/in/alvinchang/]/ Website medium.com/@d7414bb4154815d100ab8aa6610fb1 [https://medium.com/@d7414bb4154815d100ab8aa6610fb1](Blog) Email alvin.chang@gmail.com [alvin.chang@gmail.com] Twitter alvin_chang [https://twitter.com/alvin_chang]

In this show I get to talk with Jessica about the breaking down of tribal knowledge through chaos engineering,  her favourite tools, culture change and I discover that kubernetes and cloud native infused gardening might soon be a "thing". About Jessica Cherry SRE II Evangelist of silo prevention in the IT space, the importance of information sharing with all teams. Believer in educating all and open source development. Lover of all things tech. Follow Jessica Cherry on Twitter @alynderthered1 Important links ---- https://www.oreilly.com/library/view/seeking-sre/9781491978856/ [https://www.oreilly.com/library/view/seeking-sre/9781491978856/] https://github.com/dastergon/awesome-chaos-engineering [https://github.com/dastergon/awesome-chaos-engineering] https://opensource.com/users/cherrybomb [https://opensource.com/users/cherrybomb] https://www.amazon.co.uk/Phoenix-Project-DevOps-Helping-Business-ebook/dp/B00AZRBLHO [https://www.amazon.co.uk/Phoenix-Project-DevOps-Helping-Business-ebook/dp/B00AZRBLHO] Slide deck: https://docs.google.com/presentation/d/15JmmOx9KneE79md2WMRn3uS5spRft3iNzw3xcvvirwc/edit?usp=sharing [https://docs.google.com/presentation/d/15JmmOx9KneE79md2WMRn3uS5spRft3iNzw3xcvvirwc/edit?usp=sharing] Tools! Chaoskube: https://github.com/linki/chaoskube [https://github.com/linki/chaoskube] litmus: https://litmuschaos.io/ [https://litmuschaos.io/] kubeinvaders: https://github.com/lucky-sideburn/KubeInvaders [https://github.com/lucky-sideburn/KubeInvaders] chaosmesh: https://chaos-mesh.org/ [https://chaos-mesh.org/]