DOP 277: Making Security Tooling Easy for Developers

#281: In today's rapidly evolving tech industry, many startups believe they can challenge the well-established giants by offering similar products with minor tweaks. However, this approach is fundamentally flawed. Companies like Amazon and Microsoft will absorb a few of these new competitors, while many others will simply disappear. The driving force behind this harsh reality isn't just competition; it's the absence of truly innovative products. The tech landscape is unforgiving to those who don't innovate. While it might seem tempting to follow the footsteps of successful giants like Adobe, Amazon, and Microsoft, the key to success lies in innovation and offering something new. Companies that fail to grasp this reality will find themselves disappearing into obscurity. In this episode, Bret Fisher and Nirmal Mehta join Darin and Viktor to discuss how artificial intelligence is affecting the tech industry.   Bret's contact information: X (Formerly Twitter): https://x.com/bretfisher LinkedIn: https://www.linkedin.com/in/bretefisher   Nirmal's contact information: X (Formerly Twitter): https://x.com/normalfaults LinkedIn: https://www.linkedin.com/in/nirmalkmehta/   YouTube channel: https://youtube.com/devopsparadox   Review the podcast on Apple Podcasts: https://www.devopsparadox.com/review-podcast/   Slack: https://www.devopsparadox.com/slack/   Connect with us at: https://www.devopsparadox.com/contact/

#280: Policy as Code is not just a trend but a critical practice for cloud-native success. It ensures automation, consistency, version control, auditability, security, and flexibility. By adopting policies as code, organizations can effectively manage and enforce policies, leading to improved compliance and faster incident response. In this episode, Darin and Viktor dive deeper into the topic, share real-world scenarios, and discuss the practical implications of implementing policies as code as they review a blog post from Nirmata titled “What Is Policy-As-Code? Top 10 Reasons Why Policy-As-Code Is Essential for Cloud-Native Success”.   What Is Policy-As-Code? Top 10 Reasons Why Policy-As-Code Is Essential for Cloud-Native Success https://nirmata.com/2024/06/24/top-10-reasons-why-policy-as-code/   YouTube channel: https://youtube.com/devopsparadox   Review the podcast on Apple Podcasts: https://www.devopsparadox.com/review-podcast/   Slack: https://www.devopsparadox.com/slack/   Connect with us at: https://www.devopsparadox.com/contact/

#279: One topic continues to emerge in conversations about technology and observability — OpenTelemetry. It's clear that OpenTelemetry has become fundamental in the tech industry. In this episode, we talk with Paschalis Tsilias, a software engineer with Grafana, about Alloy, a vendor-neutral distribution of the OpenTelemetry (OTel) Collector.   Paschalis' contact information: X (Formerly Twitter): https://x.com/tpaschalis_ LinkedIn: https://www.linkedin.com/in/tsilias/   YouTube channel: https://youtube.com/devopsparadox   Review the podcast on Apple Podcasts: https://www.devopsparadox.com/review-podcast/   Slack: https://www.devopsparadox.com/slack/   Connect with us at: https://www.devopsparadox.com/contact/

#278: In today's tech landscape, developers often find themselves caught in the middle of a debate that never seems to age: GUI or CLI? While the tools and interfaces we use may evolve, the core question remains. How do we balance the efficiency and familiarity of graphical user interfaces (GUIs) with the raw power and flexibility of command-line interfaces (CLIs)? In this episode, Darin and Viktor discuss a blog post by Ian Miell titled In Praise of Low Tech DevEx.   In Praise of Low Tech DevEx https://blog.container-solutions.com/in-praise-of-low-tech-devex   YouTube channel: https://youtube.com/devopsparadox   Review the podcast on Apple Podcasts: https://www.devopsparadox.com/review-podcast/   Slack: https://www.devopsparadox.com/slack/   Connect with us at: https://www.devopsparadox.com/contact/

#277: Developers are often caught in a challenging position. They are keen to write code, innovate, hack, and build new things. However, when security measures are perceived as long, difficult, and cumbersome tasks, these essential protocols tend to be avoided or improperly implemented. The key is to balance the pursuit of creativity with the need for robust security. The idea is simple yet profound: by ensuring that security tools are straightforward and user-friendly, developers are more likely to incorporate them into their workflow. This not only benefits the developer but also the entire organization by safeguarding the product from potential vulnerabilities. In this episode, we talk with Luke Hinds, CTO of Stacklok, about how bridging the gap between development and security can lead to healthier, more secure software environments.   Luke's contact information: X (Formerly Twitter): https://x.com/decodebytes LinkedIn: https://www.linkedin.com/in/lukehinds/   YouTube channel: https://youtube.com/devopsparadox   Review the podcast on Apple Podcasts: https://www.devopsparadox.com/review-podcast/   Slack: https://www.devopsparadox.com/slack/   Connect with us at: https://www.devopsparadox.com/contact/

#276: In today's fast-paced tech world, one sentiment seems to echo louder than ever: "Don't give me help, give me an API." Whether it's AWS configurations, Kubernetes manifests, or even something as fundamental as setting up a basic S3 bucket, an intuitive, well-designed API can mean the difference between smooth sailing and being lost at sea. When companies fail to adapt and streamline their operations through user-friendly APIs, they risk obsolescence. In this episode, Darin and Viktor discuss why organizations must prioritize simplicity and customer-centric design in their technical architectures to stay competitive.   Today's sponsor: Save 25% on your first Barbaro Mojo order using the code DevOps25 https://barbaromojo.com/discount/DevOps25   YouTube channel: https://youtube.com/devopsparadox   Review the podcast on Apple Podcasts: https://www.devopsparadox.com/review-podcast/   Slack: https://www.devopsparadox.com/slack/   Connect with us at: https://www.devopsparadox.com/contact/

#275: In the constantly evolving landscape of technology, embracing new methodologies can significantly enhance our system management capabilities. One such methodology that has risen to prominence is GitOps. This practice enhances the declarative nature of infrastructure management, aiming to increase efficiency and reliability. In this episode, we talk with Christian Hernandez about the origins, principles, and challenges of GitOps.   Christian's contact information: X (Formerly Twitter): https://x.com/christianh814 LinkedIn: https://www.linkedin.com/in/chernandez1982/   YouTube channel: https://youtube.com/devopsparadox   Review the podcast on Apple Podcasts: https://www.devopsparadox.com/review-podcast/   Slack: https://www.devopsparadox.com/slack/   Connect with us at: https://www.devopsparadox.com/contact/

#274: When we talk about problems in the tech space, one recurring issue is what we call the "XY problem", where understanding the root cause of a problem is crucial for crafting an effective solution. In this episode, Darin and Viktor explore what the XY problem is, why it happens, and how we can mitigate it to create better outcomes for everyone involved.   The XY Problem https://xyproblem.info/   Today's sponsor: Save 25% on your first Barbaro Mojo order using the code DevOps25 https://barbaromojo.com/discount/DevOps25   YouTube channel: https://youtube.com/devopsparadox   Review the podcast on Apple Podcasts: https://www.devopsparadox.com/review-podcast/   Slack: https://www.devopsparadox.com/slack/   Connect with us at: https://www.devopsparadox.com/contact/

#273: Platform engineering plays a crucial role in modern software delivery. The platform engineering team is responsible for creating a development environment that is both productive and scalable. However, many platform engineers might not be familiar with foundational software design principles, and this can lead to inefficiencies and technical debt. One such principle is the three-tier architecture model, a concept that seems to have become lost amidst the rapid evolution of technology. In this episode, we speak with Daniel Bryant, the Head of Product Marketing at Syntasso, about how we can take the three-tier architecture model and apply it to building our platforms and portals.   Daniel's contact information: X (Formerly Twitter): https://x.com/danielbryantuk LinkedIn: https://www.linkedin.com/in/danielbryantuk/   YouTube channel: https://youtube.com/devopsparadox   Review the podcast on Apple Podcasts: https://www.devopsparadox.com/review-podcast/   Slack: https://www.devopsparadox.com/slack/   Connect with us at: https://www.devopsparadox.com/contact/

#272: Public speaking, especially at conferences, can be a daunting task. The fear of failing, the pressure of performing in front of peers, and the challenges of preparation can make even the most confident individuals second-guess themselves. In this episode, Darin and Viktor offer practical advice for aspiring conference speakers.   Today's sponsor: Save 25% on your first Barbaro Mojo order using the code DevOps25 https://barbaromojo.com/discount/DevOps25   YouTube channel: https://youtube.com/devopsparadox   Review the podcast on Apple Podcasts: https://www.devopsparadox.com/review-podcast/   Slack: https://www.devopsparadox.com/slack/   Connect with us at: https://www.devopsparadox.com/contact/