DevSec For Scale from Akeyless

What's it like to go from a DevOps engineer in large organizations with expert security engineers, to a small startup that requires you to be the security engineer?
In this episode, Gil Zellner, Infrastructure Lead at HourOne.ai talks about his personal experience being thrown into the deep end of security as a developer. He discusses some of the changes he had to make on his journey from companies like Oracle, AppsFlyer, and Wix to his current early stage employer.
Gil also brings some interesting stories about things he has learned becoming a de facto security engineer.

How has threat modeling evolved and how can security help make it easier for developers to implement that practically into their code?
In this episode, Maran Gunasekaran, Principal Security Consultant at Practical DevSecOps gives us a rundown of what threat modeling used to mean and how developers can translate threat models into actual threat modeling as code. He also offers real-world examples of how security and developers align on threat modeling when shipping code.

Why do security teams and developers clash, and how can we ensure there is better collaboration between them?
In this episode, Ravid Circus, Co-Founder & CPO at Seemplicity talks about his experience with security teams and how their requests are handled by the development teams. He also gets into how security teams should track progress and handle backlogs based on priorities.

Why is there still friction between Dev and Sec? How can we bridge that gap better?
In this episode, Duane Gran, Corporate Director of Information Security at Converge Technology Solutions dives into how he has seen developers and security butt heads and about his personal journey from dev to sec.
Duane offers great advice on getting developer buy-in and making sure security and dev tasks are more aligned.

Is there a simple way to detect and manage ransomware attacks?
In this episode, Greg Edwards, CEO of CryptoStopper introduces us to the evolution and basics of ransomware as well as how to get better at detecting sophisticated attacks, such as file-less ransomware, before they can damage your system. He also gives us insights into how developers can ensure they aren't the reason for a ransomware attack through vigilance and preparation.

If you've ever worked with containers, or specifically Kubernetes, you are probably familiar with the basics of cluster configuration. But are you ensuring your clusters are secured properly?
In this episode, Rotem Refael, Director of Engineering at ARMO elaborates on a research study that the company did by scanning tens of thousands of repos to find out if the most obvious security configurations are being adhered to, as well as the more advanced ones.
Interestingly enough, they found that 100% of the clusters had at least one misconfiguration. We dive into some of the most frequent misconfigurations Rotem has come by and discuss how this happens and how it can be prevented.

Are development environments important enough for us to even care about securing? The answer is a resounding yes.
In this episode, Guy Flecther, CEO & Co-Founder of Cider Security goes in-depth into why security is not just a requirement for production, but also development environments. And development environment security also has an impact on the rest of the organization being that we're seeing most teams are using DevOps methodologies.
Guy also talks about how to increase visibility into those environments and mitigate risk.

How do you ensure secure development while maintaining the release velocity of your applications?
In this episode, Harshit Chitalia, CTO & Founder at Tromzo, talks with me about his recent research study where he asked over 400 developers about their biggest Application Security challenges.
We get into some of the interesting findings of the report and also discuss how vulnerabilities are found and fixed as well as tooling developers can use to do just that.
--
State of Modern Application Security: https://www.tromzo.com/resources/state-of-modern-application-security
Voice of the Modern Developer Research: https://www.tromzo.com/resources/voice-of-the-modern-developer

Whether it's leaving a database on a public IP or waiting to put proper VPN access in place, there are many security issues startups can sometimes fall victim to.
In this episode, Dan Yelovitch, Chief DevOps Architect at develeap, wows us with stories about actual clients he works with that have made mistakes that have been costly. We learn about the problem, fixes, and ways to ensure your small organization can install automation and cultural practices to stay more secure.

What are best practices for protecting your production pipeline?
In this episode, we welcome Zan Markan, Senior Developer Advocate at CircleCI to talk about how he looks at basic security aspects related to continuous deployment as well as common configuration issues that come up. We also discuss code and dependency scanning as well as policy enforcement.
---
Follow Zan at:
https://twitter.com/zmarkan
https://circleci.com
https://twitter.com/circleci