DevSecOps Mentor

These days, we hear a lot about agile development. Some of you aspire to become scrum masters or practice leads at some point in your career. Listen in on the conversation with Oussama Melki who started out as a developer and grew into becoming an Agile Evangelist. He shares his experience and lessons learned.

You may have come across people advising you to build a "comb" shaped career. The thinking behind this advice goes as follows: start with a single area of deep specialization and then expand into a generalist view.  This "T" shaped career evolves into a "comb" shape over time as you gradually add deeper expertise in several areas.
Our guest, Tony Carrato, spent over 13 years at IBM working as an architect. Prior to that, he worked at AT&T focused on systems engineering and architecture. Today, Tony remains very active at the Open Group Security Forum and is also a board advisor at the Ortelius Open Source project, which is a part of the Continuous Delivery Foundation.
In this podcast, Tony shares his experience in building a comb shaped career.
 
Some helpful links:
https://www.linkedin.com/in/tonycarrato/
https://www.opengroup.org/
https://www.linuxfoundation.org/ 
https://github.com/ortelius/ortelius 

Security Architecture is foundational to the design and implementation of our systems. The OWASP Top 10 list for 2021 even mentions insecure design as one of the top security issues that we face. 
Have you ever wondered about the people that help us create secure architectures? How did they become an architect? What challenges have they faced in order to become security architects? 
Our guest today is Pranshu Bajpai. He is a Principal Security Architect as well as a frequent conference speaker and industry collaborator. He shares insights and advice from his personal journey toward becoming a Security Architect.
Hopefully, today's podcast will help to inform and even inspire some of you to become security architects. 
Useful links:https://www.linkedin.com/in/pranshubajpai/https://cybersecurityguide.org/careers/security-architect/https://cloudsecurityalliance.org/artifacts/enterprise-architecture-reference-guide-v2/

When it comes to software development, many different teams have to work together in order to deploy something that is secure, resilient, and scalable. It's one thing to talk about the technology stack to make this happen. But what about the personal interactions required to communicate clearly, to collaborate, to embrace shared responsibility?
How do you participate in or lead a diverse software development team whose cultural norms and practices may in fact differ from your own? Have you ever wondered about the people who are involved in this? What was their experience like? How did they get to a point where they were able to achieve this successfully?
 
Useful links:
https://www.linkedin.com/in/spencerwkoch/

Threat modeling is an important part of developing secure applications. However, many times we focus on the process of threat modeling or on the tools that we need. 
Have you ever wondered how threat modelers started out? What challenges they faced? How they overcame their challenges? Today's guest is Izar Tarandach, who co-authored an O'Reilly book in 2020 called, "Threat Modeling: A Practical Guide for Development Teams".
Izar is also an active participant in various threat modeling communities, conferences, and podcasts.
 
Relevant links:
https://www.linkedin.com/in/izartarandach/
https://www.amazon.com/Threat-Modeling-Identification-Avoidance-Secure/dp/1492056553/ 
https://www.threatmodelingmanifesto.org/