The Ops Side of DevSecOps w/ Damon Edwards

The Ops Side of DevSecOps w/ Damon Edwards

Author: The OWASP Podcast Series January 29, 2021 Duration: 24:20
The OWASP Podcast Series
Technology
When Shannon Lietz and the team at DevSecOps.org published the DevSecOps Manifesto six years ago, security was uppermost in their minds. The manifesto starts with a call to arms… “Through Security as Code, we have and will learn that there is simply a better way for security practitioners, like us, to operate and contribute value with less friction. We know we must adapt our ways quickly and foster innovation to ensure data security and privacy issues are not left behind because we were too slow to change.” The effect of the DevSecOps movement was not understood by many, other than the handful of practitioners who understood what the team was going after: security is the responsibility of everyone, not just the security team. Security deserves a seat at the DevOps table. Fast forward six years, and security is now not just at the table, but sitting at the head of the table, leading the way. During this transition to focus on security, operations has become the short leg on a three legged stool. What was original a two team party, Dev and Ops, became a threesome, gradually ignoring operations as Developers and Security built a strong relationship. Damon Edwards has been my go-to person when I want to talk to someone about how operations continues to be relevant as the third part of DevSecOps. I caught up with Damon a couple weeks back to talk with him about how the transition to enterprise automation is going in the industry, what has been happening in the past year with the COVID lockdown, and what he’s looking forward to in 2021. I started the conversation, asking how he perceives his role in the DevSecOps Community. ---------- This broadcast is supported by OWASP, the Open Web Application Security Project, host of “Call to Battle” a series of events for gamers, challenge champs, and fun-nerds. Get more information at owasp.org/events… and by JupiterOne.com featuring solutions that help you “Know more. Fear less” by mapping your cyber assets and knowing the relationships between those assets.

Tune in to The OWASP Podcast Series for genuine conversations that go beyond the headlines of cybersecurity. Instead of dry lectures, you'll hear from the people actually building, testing, and defending the software that shapes our world. Each episode sits down with a different practitioner or innovator, pulling insights directly from their daily work and long-term vision. The discussions are grounded in the real challenges of application security, offering practical knowledge and forward-thinking strategies. This podcast provides a unique audio space to understand the evolving threats and defensive techniques critical for our digital infrastructure. You’ll find the dialogue is both technical and accessible, demystifying complex topics through the experiences of those on the front lines. The goal is to share actionable wisdom from the OWASP community and its extended network, focusing on how to create more resilient systems. By listening, you gain a deeper appreciation for the ongoing effort required to secure technology for everyone. It’s an essential resource for developers, security professionals, and anyone curious about the foundational work of safeguarding our connected future. The series turns abstract concepts into tangible lessons, all through the voices of the individuals dedicated to this crucial mission.
Author: Language: English Episodes: 100

Official website RSS
youtubelinkedingithub
The OWASP Podcast Series
Podcast Episodes
ep2024-12 Tanya Janca: Happy Holidays are Secure Code [not-audio_url] [/not-audio_url]

Duration: 1:00:13
Some production issues caused this one to slip to December so the intro is a bit off but this is still a great episode. So, learn some lessons on creating secure code from one of my favorite guests: Tanya Janca. It was h…
ep2024-10 Don't be Scared, It's just a Pen Test with Brad Causey [not-audio_url] [/not-audio_url]

Duration: 37:19
There's no reason to be scared about a pen test - especially when it's run by a professional like Brad Causey. I catch up with Brad in this episode to discuss what's recently changed in pen testing in how you test and pe…
ep2024-09 Threat Modeling with Takaharu [not-audio_url] [/not-audio_url]

Duration: 36:19
What happens when you get interested in Threat Modeling and you want to share. For some, that means you do one work shop, then another, then another. What happens when you start down this path. Takaharu Ogasa tells us wh…
ep2024-08 OWASP Projects Roundup [not-audio_url] [/not-audio_url]

Duration: 36:19
The August episode is a review of projects from a recent OWASP project showcase. We talk to the leaders of the OWASP pytm, OWASP Developer Guide, OWASP State of AppSec Survey Project. Get up on the latest news and update…
ep2024-07 Safety belts for AppSec with Lisa Plaggemier [not-audio_url] [/not-audio_url]

Duration: 32:04
After a long and unplanned pause, the OWASP podast is back with a home run of an episode. We have Lisa Plaggemier as our guest who reprises her eloquent keynote topic from AppSec DC. All hope isn't lost, we are making pr…
ep2023-07 What's Audit got to do with IT [not-audio_url] [/not-audio_url]

Duration: 33:40
In this episode we talk with Zain Haq and take a leap and bound over the first and second line to discover more about the third line - internal audit. We discover answers to a number of questions: What role does audit pl…
AppSec at 40,000 feet [not-audio_url] [/not-audio_url]

Duration: 44:02
In this episode I speak with Jerry Hoff who provides some very interesting perspective on application security especially at scale and from a high level view like that of a CISO. Even if you're not in a senior leadership…

12345...10»