When Will IT Security Escape the Cat-and-Mouse Game? with Sean Atkinson, CISO of CIS

After several decades of use, should we consider open source software (OSS) a business model? In short: No! In this conversation, open source evangelist Javier Perez welcomes technology evangelist and CNCF ambassador Dotan Horovits to provide context for the biggest changes happening in OSS, discuss what a sustainable future looks like for open source, and explain what to do when companies choose to go not-so-open with their source code.Highlights:Why open source shouldn’t be considered a business modelThe “disturbing trend” in OSS and why “nothing is written in stone” when it comes to open sourceHow tools can differentiate themselves from the ‘open source-ness' of their projectsSpeakers:Javier Perez, Open Source EvangelistDotan Horovits, Cloud Native Ambassador at the Cloud Native Computing Foundation (CNCF) and host of the OpenObservability Talks podcastLinks:Get the new State of Open Source Report from OpenLogicFind Dotan on LinkedIn and TwitterRead Dotan’s articles on ‘vendor-owned open source’ and ‘When Your Open Source Turns to the Dark Side’Read Javier’s articles on the State of Open Source in 2024 and concerns over the future of open sourceListen to OpenObservability Talks on YouTube and wherever you get podcastsFind Us Online:puppet.comApple PodcastsTwitterLinkedIn

When Sean Atkinson says that “We’re on a trajectory to have the most vulnerabilities ever identified in a single year, starting this year,” take note: As Chief Information Security Officer for the Center for Internet Security, he knows what he’s talking about.He’s referring to the ever-increasing tide of weaknesses and flaws that undermine the security of software used every single day by teams around the world. Between a more active threat landscape, demands for development velocity, and the rise of generative AI, the cat in this proverbial game of cat-and-mouse has their work cut out for them.In this conversation, Robin Tatam, Puppet’s Evangelist and Certified Information Security Manager, talks with Sean about the role of a CISO, what’s behind the unprecedented rise in vulnerabilities, and how smart integrations turn automation into a first-line defense against threats, misconfiguration, errors, and software vulnerabilities.Highlights:What a CISO actually does versus a CIO or a CTO The difference between “security” and “compliance” How compliance helps build the backbone of a long-term security posture Who really owns IT security and where IT operations fits into the security conversation What CIS Benchmarks are, what they do, and how CIS “wizards” keep them up-to-date on the latest vulnerabilities How Puppet’s partnership with CIS puts the power of automation behind CIS’s widely recognized frameworksSpeakers:Robin Tatam, Senior Technical Marketer and Evangelist, Puppet by PerforceSean Atkinson, Chief Information Security Officer, Center for Internet SecurityLinks:Learn more about Security Compliance Enforcement, a premium feature for Open Source Puppet and Puppet Enterprise that automates secure configurations hardened against CIS Benchmarks and DISA STIGsListen to Sean’s podcast with CIS, “Cybersecurity Where You Are,” wherever you get podcastsFind Us Online:puppet.comApple PodcastsTwitterLinkedIn

It’s all good news, we promise! The Forge has always been the go-to spot for Puppet users to find, download, and update content and modules. On this episode, we're revealing a few of the exciting changes that are going to make the Forge even easier and more valuable for all Puppet users, like personalization, filters, and features to track module versions and updates against your Puppet file.As of today, there are 7,508 modules on the Puppet Forge – some active, some deprecated, some created and supported by Puppet Labs, some by community groups like Vox Pupuli. While it’s become a hub for all Puppet users, we've heard feedback on ways it could be even better. We see a brighter future for the Forge – one built for and shaped by users like you! Join Ben Ford as he talks to Forge Product Manager Saurabh Karwa about what the Forge is today, the subtle changes that are already in the works, the near-term roadmap, and the long-term vision for the Forge.Speakers:Ben Ford, Community Lead at Puppet by PerforceSaurabh Karwa, Product Manager at Puppet by PerforceHighlights:Introducing Saurabh, the Product Manager for the Puppet ForgeWhat the Forge is today and what it needs to become THE place for Puppet usersThe role of the Puppet Community in shaping the future of the ForgeAdding personalization, new filters, and features to track module versions and updatesWhy you should join our new Ecosystem Advisory BoardLinks:Join the Puppet Community SlackTell us what you think of the Forge and PDK with the Ecosystem Advisory Board surveyEmail Saurabh at [email protected]

The 2024 State of DevOps Report: The Evolution of Platform Engineering is live! In this episode, we’re taking you behind the scenes with the authors of the report and one of the people who helped run the survey.Download the 2024 report for free here!On this episode, join us as host Ben Ford, report authors Margaret Lee and David Sandilands, and project manager Stephanie Fairchild pull back the curtain on the 2024 State of DevOps Report.What are the characteristics of successful platforms? Why is the new practice driving a surge in security? Where is platform engineering going next? Learn more in this episode!Highlights:Why the State of DevOps Report pivoted to cover platform engineering last yearWhat we wanted to find out this yearThe big takeaways from the 2024 reportOur predictions for the next year of platform engineeringSpeakers:Ben Ford, Community Lead at Puppet by PerforceMargaret Lee, Manager of Product Management at Puppet by PerforceDavid Sandilands, Principal Solutions Architect at Puppet by PerforceStephanie Fairchild, Senior Manager at ClearPath StrategiesLinks:Download the 2024 State of DevOps Report: The Evolution of Platform EngineeringEmail Margaret at [email protected] Ben on Mastodon, Twitter, and in the Puppet Community Slack as binford2kFind David on Mastodon and TwitterCheck out another episode with Ben, Margaret, and David about how return-to-office plans are shaping platform strategiesRead the episode transcriptFind Us Online:puppet.comApple PodcastsTwitterLinkedIn

Platform engineering is all about giving devs the tools they need to work independently. Work-from-home policies give people flexibility in where and how they work. It should be a match made in heaven, right? Well... it’s more complicated than that.Research, feedback, and evangelizing are critical to building an internal developer platform (IDP). But WFH can make that communication tough. And that's before you’ve even considered compliance and security (ugh, the 2FA). A human-focused IT strategy was crucial in supporting a shift to remote work during the pandemic, and it's going to be equally as important as we shift to a platform paradigm.In this roundtable discussion, Ben leads a roundtable discussion of how return-to-office plans can impact platform engineering, joined by Margaret Lee and David Sandilands, authors of Puppet's 2024 State of DevOps Report: Platform Engineering Edition.Speakers:Ben Ford, Community Lead at Puppet by PerforceMargaret Lee, Manager of Product Management at Puppet by PerforceDavid Sandilands, Senior Solutions Architect at Puppet by PerforceHighlights:The remote/in-office flexibility your platform needs to considerHardening measures essential to a secure IDP in the hybrid eraWhat we learned about accommodating a workforce during the pandemicEvangelizing a platform without the in-person connectionLinks:Email Margaret at [email protected] Ben on Mastodon, Twitter, and in the Puppet Community Slack as binford2kDavid Sandilands on TwitterGet the 2023 Platform Engineering Report and sign up to receive 2024’s when it releasesRead the episode transcriptFind Us Online:puppet.comApple PodcastsTwitterLinkedIn 

Politics is everywhere in your organization. No, not THAT kind of politics – the kind that happens when you need something and can’t get it, or when you get good at something and people start noticing. Actually, politics happens just about whenever decisions get made. Joshua Zimmerman says that kind of politics is rooted in people, and with the right mindset, you can use politics to make things better in your organization – for you and your entire team.Joshua is a DevOps manager and organizer who thinks you could benefit from understanding and navigating the political landscape of your organization so you can help shape it. In fact, his presentation at DevOpsDays Chicago 2023 was all about that, and we were so impressed, we invited him on the podcast.After listening to this episode, we hope you’ll be able to figure out how decisions get made where you work, define your political structure, and leave with a few tools you can use to gain leverage with your team to make better decisions together.Highlights:Helping unpack the term “politics” in the context of your jobWhy org charts aren’t great for determining the real structure of your orgWhy trust matters more than authority (and how to sniff out both in your org)How to build lasting trust in your team and orgHow to subvert hierarchy to get what you need (without making anyone mad)Speakers:Ben Ford, Developer Relations Director at PuppetJoshua Zimmerman, SRE/DevOps ManagerLinks:Find Josh on LinkedIn, Mastodon, and TwitterWatch Joshua’s talk at DevOpsDays Chicago 2023 (2:26:00 – 2:54:30)Find Ben in the Puppet Community Slack as binford2k and on MastodonFind Us Online:puppet.comPulling the Strings on Apple PodcastsTwitterLinkedInRead the episode transcript

Great things – tools, spaces, companies, brands – are supported by great communities. The Vox Pupuli are perhaps the most prominent, active group in the Puppet community. Here’s what they're up to lately, what it’s like being one of them, and what Puppet (the community) means to Puppet (the company).The Vox Pupuli are 200+ strong; they maintain dozens of modules on the Forge; even executive leadership knows their name. On this episode of Pulling the Strings, join Puppet community members Gene Liverman, Tim Meusel, and Ben Ford for a casual discussion on what what Vox Pupuli actually do, the role of community in shaping a company like Puppet, what Vox Pupuli is focused on now, and what drives the highly engaged group. As Tim puts it, “There is no excuse to not participate.”Highlights:How Vox Pupuli worksThe relationship of Puppet (the company) to the Vox PupuliThe power of independenceThe time Vox Pupuli helped Puppet avoid disaster in a new releaseWhat Vox Pupuli is working on nowSpeakers:Gene Liverman, SRE at LTN Global and former SRE at Puppet by PerforceTim Meusel, Vox Pupuli PMC Community MemberBen Ford, Community Lead at Puppet by PerforceLinks:Find out more about the Vox Pupuli at https://voxpupuli.org/Find Tim on Twitter at https://twitter.com/BastelsBlogFind Gene in the Puppet Community Slack as genebean https://puppetcommunity.slack.com/team/U3DCRQQKAFind Ben in the Puppet Community Slack as binford2k and on Mastodon at https://hachyderm.io/@binford2kFollow the Puppet Community Team on Mastodon https://fosstodon.org/@puppetListen to Tim’s previous episode discussing how to build an awesome open source community https://www.puppet.com/resources/podcasts/awesome-open-source-communityFind Us Online:puppet.comPulling the Strings on Apple PodcastsTwitterLinkedInRead the episode transcript

Open source has always moved fast. Today, it moves faster than ever, driven by both community demand and corporate interest. On this episode, Perforce’s Javier Perez and OSI’s Stefano Maffulli discuss the impact of recent license changes and the historical push-and-pull between consumers and providers in the world of open source.Highlights:Reflecting on 25 years of OSI and its widening scopeThe historical changes that set the stage for open sourceWhat’s shaping Linux distributions today (CentOS, RHEL restrictions, HashiCorp’s switch to BSL, and more)The “social contract” between companies and communitiesThe pros and cons of single companies driving open-source communitiesThe commercialized future of open sourceSpeakers:Javier Perez, Chief Open Source Evangelist and Senior Director of Product Management at PerforceStefano Maffulli, Executive Director at the Open Source Initiative (OSI)Links:Learn about Puppet’s commitment to open source projects like Bolt and Open Source Puppet (OSP): https://www.puppet.com/community/open-sourceFind Stefano at https://www.maffulli.net/Follow Javier on Twitter at https://twitter.com/jperezp_bosOSI’s programs (including a new Advocacy and Outreach program) https://opensource.org/programs/“Defining an open source AI for the greater good”: How OSI is approaching AI https://opensource.com/article/22/10/defining-open-source-ai“Friend or Foe? ChatGPT’s Impact on Open Source Software” by Javier Perez for DevOps.com https://devops.com/friend-or-foe-chatgpts-impact-on-open-source-software/Read the episode transcriptFind Us Online:puppet.comPulling the Strings on Apple PodcastsTwitterLinkedIn

In the past few years, developer experience has become one of the biggest concerns at the C-level. Gartner found it’s the top value factor for adopting IDPs, performance engineering, CI/CD, and more core aspects of platform engineering. In 2021, McKinsey said it should be “the cornerstone of talent strategy” – and still, it’s a sticking point for a lot of software orgs. Turnover, burnout, skill gaps – symptoms abound that can often be contributed to bad DevX.Justin Reock is Field CTO at Gradle, makers of Gradle Enterprise and Gradle Build Tool. He’s focused on the developer experience at an intersectional level – where right-brain creativity, left-brain productivity, and ‘joyful activity’ combine to make development better for the people who do it. In conversation with David Sandilands, Senior Solutions Architect at Puppet, Justin shares his perspective on where platform engineering is headed and how the future of platform engineering – up, down, or flat – depends on using tools to engineer the developer experience.Speakers:David Sandilands, Senior Solutions Architect at Puppet by PerforceJustin Roeck, Field CTO at GradleHighlights:Justin’s career to date and starting a year of living out of an RVWhy the future of platform engineering depends on a developer experience focusInstructions for organizations to adopt real practices, not just hypeThe personalities needed to make stuff like platform engineering actually workLinks:Download Puppet’s 2023 State of Platform Engineering ReportOrganizational Physics by Lex SisneyFind your nearest devopsdays eventJustin Reock on TwitterJustin Reock on LinkedInDavid Sandilands on LinkedInDavid Sandilands on TwitterRead the episode transcriptFind Us Online:puppet.comApple PodcastsTwitterLinkedIn

The opportunity to write a Puppet 8 book landed in David Sandilands’s lap when he had just started at Puppet and with a child on the way. About a year and a half later in mid-2023, “Puppet 8 for DevOps Engineers” launched via Packt. This is the story of everything that happened in the middle.Speakers:Ben Ford, Community Lead at Puppet by PerforceDavid Sandilands, Senior Solutions Architect at Puppet by Perforce Learn More About Puppet + DevOps[10+ YEARS OF DEVOPS REPORTS] Highlights:What other Puppet books didn’t haveThe joy of creating a book that doesn’t have to cater to one audience or anotherWhat it's like to work with a publisherLearning to lean on your community for supportHard-learned tips for writing your own bookLinks:Check out David's book, “Puppet 8 for DevOps Engineers,” via Packt“Puppet Best Practices” by Chris Barbour and Jo RhettBen Ford on TwitterDavid Sandilands on Twitter