DevSec For Scale from Akeyless

How do you manage infrastructure-as-code and keep it secure? And can you keep open source fully open?
In this episode, Ohad Maislish, Co-Founder and CEO at Env0 and OpenTofu Supporter discuss the evolution of infrastructure management, how OpenTofu started, and how to ensure security is baked into your code.
Check out Ohad's podcast, The IaC Podcast as well: https://www.theiacpodcast.com/

How do you ensure developers make the best security decisions when building their applications?
In this episode, Roy Avrahamy, Application Security Engineer at Akeyless Security gives us great insights into how to make sure your developers keep their minds on application security while still developing code at a fast pace. We discuss ideas about continuous learning, gamification, hackathons, and more.

Can cyber attacks and risk be managed by machines alone?
In this episode, Lidan Hazout, Risk & Fraud Detection Director at Transmit Security talks to us about how he is working to create Machine Learning algorithms to actually stop cybersecurity attacks before they even happen. We get into a lot of detail about how the algorithms decide good versus bad and what the more sophisticated types of attacks are out there.
If you're looking for the website Lidan mentions toward the end where you can practice your cyber skills, check out https://www.kaggle.com/.

Are you working on maturing your company's security?
In this episode of DevSec For Scale, we hear from Raz Probstein, Solution Engineer at Jit, about the various methods companies have been using to up their security game. But one methodology stands out to both her and the company she works for, OWASP DSOMM.
DSOMM focuses on DevSecOps security. There are quite a few differences between DSOMM and other models, and Raz breaks down why you should consider DSOMM when leveling up security.
Check out Raz's slides from her recent talk about this topic at the OWASP AppSecIL 2023 conference: https://docs.google.com/presentation/d/1oI4n_YjXDIhshl8mgEJTlYFMI6UznZHKRsxvkmDvA2U/

Do you wish you could log into all your apps without passwords? Enter asymmetric cryptography.
In this episode, Mike Malone, CEO and Founder of Smallstep walks us through how we got to where we are with password and secrets management and offers us ideas about how to change the way we think about credential security.

How do you actually get started managing secrets?
In this episode of DevSec For Scale, we are joined by Jeroen for a third time to discuss the real ins and outs of getting started with secrets management. We talk about threat modeling, CI/CD, and even multi-cloud secrets management.

What challenges are there with observability in modern microservices environments?
Yosef Arbiv, Engineering Group Leader at Epsagon (Acquired by Cisco), joins the podcast to discuss observability best practices as well as the Open Telemetry project and how observability impacts the overall security health of an organization.

In this episode of DevSec For Scale, we follow up our previous episode with some really great information about how the OWASP WrongSecrets project came about and how they manage everything, as well as how users can join and help with fixes, add challenges, and features. Jeroen also discusses the future of the project.
To learn more, go to https://owasp.org/www-project-wrongsecrets/ or star the repo at https://github.com/commjoen/wrongsecrets/.

How do you approach E2E and Integration testing in the new and complex world of Kubernetes and multi-cloud environments?
Arjun Iyer, CEO & Co-Founder of Signadot joins the podcast for a very interesting and informative episode on how testing needs to shift left as we rapidly grow our development environments to the latest and greatest in infrastructure orchestration and application security.

What is the importance of Secrets Management and how has it evolved to where it is now?
In this episode of the DevSec For Scale podcast, Jeroen Willemsen, one of two project leads for the OWASP WrongSecrets project, gives us a short history of secrets management in the OWASP universe and goes into how he sees the future of secrets in the enterprise.
Check out the WrongSecrets Project: https://owasp.org/www-project-wrongsecrets/