An inside look into the field of architecture told from the perspective of individuals that are leading the industry. This motivational series grants unique insight into the making of a successful design career, from humble beginnings to national recognition. Every week, featured guests share their personal highs and lows on their journey to success, that is sure to inspire audiences at all levels of the industry. Listening to their stories will provide a rare blueprint for anyone seeking to ...
…
continue reading
Architecture Recordings Podcasts

1
Where it's AT - the Architectural Technology podcast
Chartered Institute of Architectural Technologists (CIAT)
Whether you're an AT, an industry collaborator, or just curious about how buildings really come together — you're in the right place.
…
continue reading
Software Engineering Radio is a podcast targeted at the professional software developer. The goal is to be a lasting educational resource, not a newscast. SE Radio covers all topics software engineering. Episodes are either tutorials on a specific topic, or an interview with a well-known character from the software engineering world. All SE Radio episodes are original content — we do not record conferences or talks given in other venues. Each episode comprises two speakers to ensure a lively ...
…
continue reading
The Kitchen Sisters Present… Stories from the b-side of history. Lost recordings, hidden worlds, people possessed by a sound, a vision, a mission. Deeply layered stories, lush with interviews, field recordings and music. From powerhouse NPR producers The Kitchen Sisters (The Keepers, Hidden Kitchens, The Hidden World of Girls, The Sonic Memorial Project, Lost & Found Sound, and Fugitive Waves). "The Kitchen Sisters have done some of best radio stories ever broadcast" —Ira Glass. The Kitchen ...
…
continue reading
The Upaya Dharma Podcast features Wednesday evening Dharma Talks and recordings from Upaya’s diverse array of programs. Our podcasts exemplify Upaya’s focus on socially engaged Buddhism, including prison work, end-of-life care, serving the homeless, training in socially engaged practices, peace & nonviolence, compassionate care training, and delivering healthcare in the Himalayas.
…
continue reading
I'd Rather Be Writing features regular podcasts with experts in the field of technical communication.
…
continue reading
The Certified Cloud Security Professional (CCSP) Audio Course is your complete audio-first guide to mastering the world’s leading cloud security certification. Across dozens of structured episodes, we break down every CCSP exam domain, from cloud concepts and architecture to legal, risk, and compliance. Whether you are building foundational knowledge or sharpening advanced skills, this course helps you design, manage, and secure cloud environments with confidence. Learn at your own pace and ...
…
continue reading
Akbar’s Chamber offers a non-political, non-sectarian and non-partisan space for exploring the past and present of Islam. It has no political or theological bias other than a commitment to the Socratic method (which is to say that questions lead us to understanding) and the empirical record (which is to say the evidence of the world around us). By these methods, Akbar’s Chamber is devoted to enriching public awareness of Islam and Muslims both past and present. The podcast aims to improve un ...
…
continue reading
From Earth orbit to the Moon and Mars, explore the world of human spaceflight with NASA each week on the official podcast of the Johnson Space Center in Houston, Texas. Listen to in-depth conversations with the astronauts, scientists and engineers who make it possible.
…
continue reading
Cyber After Hours: The Podcast Where Real Cyber Pros Let Loose What’s It All About? Think of it as that relaxed, late-night bar conversation you have with a fellow cybersecurity pro—except now it’s on the record. Co-hosts (and longtime friends) Paul Marco and Evan Morgan bring decades of combined experience in cybersecurity, from hands-on operations to engineering and architecture. Unscripted & Authentic Every week, they draw a random cybersecurity topic from a “fishbowl” and dive right in. ...
…
continue reading
Human Entities is a series of public talks focused on technological change and its impacts – the ways in which culture and technology shape and influence each other. Organised by CADA, the programme takes place annually in Lisbon. Listen to recordings from 2025 to 2016. In partnership with the Lisbon Architecture Triennale and the Fine Arts Faculty, ULisbon Funded by: The Dir.-Gen. for the Arts of the Portuguese Ministry of Culture
…
continue reading
Indiepop Radio plays indie songs with proper tunes and proper lyrics: Indie pop, Sarah Records, Brit-Pop, Shoegaze, Twee... For more information, visit www.indiepopradio.co.uk. The address to subscribe is http://feeds.feedburner.com/IndiepopRadioPodcast.
…
continue reading
With over 18 years of experience in IT consulting specializing in SAP (ERP), Srikanth brings a proven track record in managing complex projects, nurturing strong client relationships, and handling multi-regional projects. As an SAP and PMP-certified executive, he has experience delivering enterprise solutions and providing project executive coverage, project management, and functional architecture across SAP sales and implementation engagements.
…
continue reading
Join "Mrs. Steam" herself, Martha Orellana, VP of Marketing, and Dan Reinert otherwise known as "Dr. Feel Good" as they explore the world of steam and its impact on our well-being. Listen to enlightening interviews with professionals from various fields, including builders, designers, realtors, and more.
…
continue reading
India Classified - A show about the secrets of India and the truth surrounding the myths. The show explores 'Not everything is what it seems to be' and keeps a scientific intellect while doing so. Find out more about the hidden truth about customs, rituals, scientific theories, the architecture of ancient temples, and much more.
…
continue reading
We discuss materials management, specification, interior design, architecture, and things in between -- to help you design better, build more efficiently, and grow your design and build firm. Fohlio is a product specification and data management software for the architecture, engineering, and construction (AEC) industry. Get your trial at fohlio.com.
…
continue reading
Deep-dive discussions with the smartest developers we know, explaining what they're working on, how they're trying to move the industry forward, and what we can learn from them. You might find the solution to your next architectural headache, pick up a new programming language, or just hear some good war stories from the frontline of technology. Join your host Kris Jenkins as we try to figure out what tomorrow's computing will look like the best way we know how - by listening directly to the ...
…
continue reading
Dr Emre Aracı is a composer, conductor and musicologist, whose work elegantly intertwines music, history and diplomacy. A graduate of the University of Edinburgh’s Faculty of Music, where he read for both his BMus (Hons) and PhD, he has pursued a singularly erudite career, illuminating the European musical traditions of the Ottoman court. Through concerts, illustrated lectures, books, articles, CD recordings and documentaries, Dr Aracı resurrects the forgotten soundscapes of the nineteenth c ...
…
continue reading
Learn, grow and connect with the Angular community like never before. The Angular Master Podcast is a broadcast aimed at all Angular developers. We cover topics such as building production-ready applications, architecture and performance best practices, and delving into the components of the framework. Listen / Code / Repeat. Everything you need to know to become a super Angular developer. https://ng-poland.pl https://js-poland.pl https://angularmaster.dev https://workshopfest.dev
…
continue reading
Insights, perspectives and practical advice. For and by employers, and job seekers and job candidates.
…
continue reading
The Project+ Audio Course is a complete audio series built around the CompTIA Project+ PK0-005 exam objectives. Each episode delivers clear explanations, practical examples, and glossary coverage to help you understand project management concepts, tools, life cycle phases, and IT governance. Produced by BareMetalCyber.com, it’s designed to guide you from orientation through exam readiness with professional, exam-focused instruction.
…
continue reading
The OFFICIAL MrCreepyPasta Storytime! Hey there kids! It's me, MrCreepyPasta! And I think I might have found a new way to bring Creepypasta stories from the deep dark stones of the crypt and right to the ear balls in your head. If you're as excited as I am to hear a good story of terror and fear as I am then give me a subscription, hide under your blanket, and prepare yourself for some sweet dreams. Creepypasta Storytime is a collection of some of the most horrifying (and occasionally funny) ...
…
continue reading
The Episcopal Podcast is an initiative of intellectual formation by Bishop Richard Umbers, auxiliary bishop in the Archdiocese of Sydney. In the context of a fortnightly informal discussion with co-hosts and guests, the podcast aims to bring awareness to the riches that make up the Christian intellectual tradition, which includes philosophy, theology, history, the sciences, languages and the arts. Conversations will last between 30 and 45 minutes and be organised around discussions on specif ...
…
continue reading
Why do we save historic places? For whom? How can heritage conservation advance equity, justice, and climate adaptation? This podcast explores these and other issues with students at the University of Southern California, for a glimpse of the future of the field.
…
continue reading
In More Than Reports, Paul and Alex explore the many ways in which data technology can be used by small and midsize businesses to promote transformational growth. We talk openly about the opportunities and challenges companies face as they try to make sense of an increasingly complex environment. Together with our expert guests we break the facts away from the hype and never lose sight of our target: value.
…
continue reading

1
SE Radio 686: François Daoust on W3C
1:02:36
1:02:36
Play later
Play later
Lists
Like
Liked
1:02:36François Daoust, W3C staff member and co-chair of the Web Developer Experience Community Group, discusses the origins of the W3C, the browser standardization process, and how it relates to other organizations like TC39, WHATWG, and IETF. This episode covers a lot of ground, including funding through memberships, royalty-free patent access for imple…
…
continue reading

1
The Real Ambassadors — A Jazz Opera for Louis Armstrong by Dave & Iola Brubeck
36:15
36:15
Play later
Play later
Lists
Like
Liked
36:15The Real Ambassadors is a poignant tale of cultural exchange, anti-racism, and jazz history. And it's a love story — between life-long husband and wife partners, Iola & Dave Brubeck and their vision for a better world. Appalled by the racist treatment of Black jazz musicians in the United States in the 1950s and 60s, the Brubecks wrote a musical ba…
…
continue reading
In this Wednesday Night Dharma Talk, Sensei Dainin interweaves personal story, Buddhist teaching, and contemporary challenges to show how the Bodhisattva vow can be lived — and is urgently needed — in our times. She shares how her understanding of compassion shifted through practice, from a fixed character trait to something that can be cultivated …
…
continue reading

1
Awareness In Action: We Were Made for This with Rebecca Solnit (Part 10 – August)
1:38:51
1:38:51
Play later
Play later
Lists
Like
Liked
1:38:51In this session of Upaya’s Awareness in Action series, writer and activist Rebecca Solnit joins Roshi Joan Halifax to explore how stories shape reality, the nature of human behavior in crisis, and the discipline of hope as an antidote to despair. Rebecca reminds us, “Hope is not an emotion, it’s a commitment to not give up, to keep looking for poss…
…
continue reading
NASA Artemis II launch director Charlie Blackwell-Thompson shares herpath to the console and what it takes to launch the first crewed Artemismission to the Moon. HWHAP 401.By National Aeronautics and Space Administration (NASA)
…
continue reading
Soon I had visited 22 different countries. The Netherlands was my 23rd. 🖋️ The Author: https://www.reddit.com/user/Mr_Outlaw_/submitted/ 📹 Video!: https://www.youtube.com/watch?v=34c5h8XZe64 📖 Read Along!: https://www.reddit.com/r/nosleep/comments/1mb6kdx/the_rain_wouldnt_stop/ Check out my new books! A collection of Creepypasta compiled by some of…
…
continue reading

1
From Unit Tests to Whole Universe Tests (with Will Wilson)
1:12:12
1:12:12
Play later
Play later
Lists
Like
Liked
1:12:12How confident are you when your test suite goes green? If you're honest, probably not 100% confident - because most bugs come from scenarios we never thought to test. Traditional testing only catches the problems we anticipate, but the 3am pager alerts? Those come from the unexpected interactions, timing issues, and edge cases we never imagined. In…
…
continue reading

1
SE Radio 685: Will Wilson on Deterministic Simulation Testing
1:01:14
1:01:14
Play later
Play later
Lists
Like
Liked
1:01:14In this episode, Will Wilson, CEO and co-founder of Antithesis, explores Deterministic Simulation Testing (DST) with host Sriram Panyam. Wilson was part of the pioneering team at FoundationDB that developed this revolutionary testing approach, which was later acquired by Apple in 2015. After seeing that even sophisticated organizations lacked robus…
…
continue reading

1
Episode 100 — Emerging Regulations: AI, Sovereignty and Sector Rules
33:36
33:36
Play later
Play later
Lists
Like
Liked
33:36The cloud landscape is constantly evolving, and regulations are racing to keep pace. This final episode explores emerging rules governing artificial intelligence, digital sovereignty, and sector-specific requirements in areas like healthcare, finance, and critical infrastructure. These developments will shape the future of cloud security practice, …
…
continue reading

1
Episode 99 — Records Management: Retention Schedules and Disposition
34:12
34:12
Play later
Play later
Lists
Like
Liked
34:12Records management defines how information is retained, archived, and ultimately disposed of. In this episode, we cover how cloud systems enforce retention schedules, integrate with compliance requirements, and apply defensible disposition when data is no longer required. Poor records management not only creates legal risk but also inflates costs a…
…
continue reading

1
Episode 98 — Intellectual Property: Licensing, OSS Use and Patents in Cloud
35:25
35:25
Play later
Play later
Lists
Like
Liked
35:25Intellectual property concerns arise frequently in the cloud, where software, data, and designs may involve multiple stakeholders. This episode explores licensing models, use of open-source software (OSS), and patent issues that affect cloud adoption. We highlight why organizations must track licensing terms carefully and ensure OSS use complies wi…
…
continue reading

1
Episode 97 — Legal for BCDR: Force Majeure, RTO/RPO and Notifications
34:09
34:09
Play later
Play later
Lists
Like
Liked
34:09Business continuity and disaster recovery are not just technical exercises—they also carry legal obligations. This episode covers how contracts and laws address force majeure events, define Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO), and require notification to stakeholders when disruptions occur. These legal dimensions ensu…
…
continue reading

1
Episode 96 — Ethics & Professionalism: Codes, Conflicts and Duty of Care
34:35
34:35
Play later
Play later
Lists
Like
Liked
34:35Professionalism in cloud security goes beyond technical competence—it includes ethical conduct and adherence to codes of practice. This episode explains the ethical responsibilities of CCSP professionals, including conflict of interest management, duty of care, and adherence to industry codes such as the ISC2 Code of Ethics. We emphasize why trust,…
…
continue reading

1
Episode 95 — Cloud Insurance: Coverage, Exclusions and Incident Costs
34:50
34:50
Play later
Play later
Lists
Like
Liked
34:50Cyber insurance has expanded into cloud-specific policies, offering organizations financial protection against breaches, outages, and other incidents. This episode explores how cloud insurance is structured, including what is typically covered, common exclusions, and how claims are assessed. We discuss why organizations must carefully review polici…
…
continue reading

1
Episode 94 — Audit Readiness: Evidence Generation and Control Mapping
36:22
36:22
Play later
Play later
Lists
Like
Liked
36:22Audits test whether organizations can prove compliance with standards and contractual obligations. In this episode, we discuss audit readiness in the cloud, focusing on evidence generation, control mapping, and continuous assurance. Documentation, automated reporting, and mapping provider controls to customer responsibilities all play vital roles i…
…
continue reading

1
Episode 93 — Third-Party Risk: Due Diligence and Continuous Monitoring
35:35
35:35
Play later
Play later
Lists
Like
Liked
35:35Cloud adoption almost always involves third parties, and their risk becomes your risk. This episode explains how due diligence, contract clauses, and continuous monitoring are used to manage vendor relationships. We cover the importance of evaluating a provider’s certifications, financial stability, and security practices before onboarding, and why…
…
continue reading

1
Episode 92 — Digital Evidence: Logging, Time Sync and Admissibility
36:41
36:41
Play later
Play later
Lists
Like
Liked
36:41For evidence to be admissible in legal or regulatory contexts, it must be accurate, verifiable, and properly maintained. This episode explores how digital evidence is collected in cloud environments, focusing on logging, time synchronization, and data integrity. Logs must be complete, tamper-resistant, and tied to reliable time sources so investiga…
…
continue reading

1
Episode 91 — E-Discovery: Preservation, Collection and Production in Cloud
36:11
36:11
Play later
Play later
Lists
Like
Liked
36:11E-Discovery obligations do not disappear in the cloud; in fact, they often become more complex. This episode explains how organizations must preserve relevant data during litigation, ensuring it cannot be altered or deleted once a legal hold is in place. We discuss the challenges of collection across distributed services, including multiple regions…
…
continue reading

1
Episode 90 — Privacy Regulations: Cross-Border Transfers and Consent
37:20
37:20
Play later
Play later
Lists
Like
Liked
37:20Privacy regulations impose strict rules on how personal data is handled, especially in the cloud where cross-border transfers are routine. This episode explores the requirements for lawful transfers under frameworks such as GDPR, as well as consent obligations that ensure users’ rights are respected. We also discuss localization laws that may restr…
…
continue reading

1
Episode 89 — Compliance Frameworks: ISO, SOC and Cloud-Specific Standards
37:43
37:43
Play later
Play later
Lists
Like
Liked
37:43Compliance frameworks provide benchmarks for cloud providers and customers alike. In this episode, we cover widely adopted standards such as ISO 27001, SOC 2, and cloud-specific programs like CSA STAR. We explain how frameworks provide assurance to regulators, customers, and partners, while also reducing duplication of effort through recognized cer…
…
continue reading

1
Episode 88 — Governance & Risk: ERM, Risk Appetite and Cloud Policies
35:36
35:36
Play later
Play later
Lists
Like
Liked
35:36Governance provides the structure for aligning cloud security with business strategy. This episode explains how enterprise risk management (ERM) frameworks define risk appetite, set tolerance levels, and establish policies that guide cloud decisions. We examine how risk assessments inform governance structures and how policies translate high-level …
…
continue reading

1
Episode 87 — Contracts & SLAs: Security, Privacy and Audit Clauses
36:15
36:15
Play later
Play later
Lists
Like
Liked
36:15Contracts and service-level agreements (SLAs) form the legal foundation of cloud relationships. This episode explores how security, privacy, and audit clauses define accountability between providers and customers. We highlight the importance of specifying uptime commitments, incident response expectations, and audit rights to ensure transparency an…
…
continue reading

1
Episode 86 — Domain 6 Overview: Legal, Risk and Compliance
36:33
36:33
Play later
Play later
Lists
Like
Liked
36:33The sixth domain of the CCSP exam shifts attention from technical controls to the legal, risk, and compliance frameworks that govern cloud operations. In this episode, we introduce the core themes, including contracts, service-level agreements, international privacy rules, and regulatory obligations. While technical knowledge is essential, professi…
…
continue reading

1
Episode 85 — Service Catalog: Standard Builds and Self-Service Controls
35:18
35:18
Play later
Play later
Lists
Like
Liked
35:18A service catalog provides pre-approved templates and builds that standardize cloud deployment. In this episode, we discuss how catalogs simplify operations, reduce risk, and accelerate adoption by giving users secure, vetted options. Self-service access is controlled through catalog entries, ensuring that only compliant resources can be launched w…
…
continue reading

1
Episode 84 — Cost & Security: Guardrails for Spend with Least Privilege
36:38
36:38
Play later
Play later
Lists
Like
Liked
36:38Cloud introduces new financial dimensions to security. This episode explores how cost optimization intersects with security, showing how excessive privileges or poorly controlled resources can drive unexpected expenses and risks. We explain how budgets, quotas, and automated guardrails ensure both financial discipline and security hygiene. Cost gov…
…
continue reading

1
Episode 83 — Business Continuity: Failover, Runbooks and Exercises
34:43
34:43
Play later
Play later
Lists
Like
Liked
34:43Business continuity in the cloud goes beyond disaster recovery; it ensures that critical services remain available under any condition. In this episode, we cover failover strategies across regions, the creation of detailed runbooks that guide recovery actions, and the role of exercises in validating readiness. Continuity planning in the cloud benef…
…
continue reading

1
Episode 82 — Access Reviews: Just-In-Time and Just-Enough Access Workflows
33:48
33:48
Play later
Play later
Lists
Like
Liked
33:48Access control is only effective if it remains accurate over time. This episode explains how access reviews confirm that permissions align with roles and responsibilities, ensuring least privilege is preserved. We highlight advanced workflows such as Just-In-Time (JIT) access, which grants temporary credentials, and Just-Enough Access (JEA), which …
…
continue reading

1
Episode 81 — Key & Secret Operations: Rotation, Expiry and Escrow
27:57
27:57
Play later
Play later
Lists
Like
Liked
27:57Keys and secrets are not static assets; they must be actively managed to maintain security. In this episode, we explore operational practices such as regular rotation, enforced expiry, and escrow arrangements that ensure continuity in case of emergencies. Keys left unrotated for years become predictable targets, while secrets without expiration can…
…
continue reading

1
Episode 80 — Vulnerability Operations: Prioritization and Remediation at Scale
28:32
28:32
Play later
Play later
Lists
Like
Liked
28:32Vulnerability operations extend beyond scanning, focusing on how findings are prioritized, tracked, and remediated across thousands of resources. This episode covers how risk-based prioritization ensures that critical flaws are addressed first, while less urgent issues are scheduled for later remediation. We also explore automation and orchestratio…
…
continue reading

1
Episode 79 — Configuration Management: Baselines and Continuous Compliance
28:07
28:07
Play later
Play later
Lists
Like
Liked
28:07Configuration management goes hand in hand with posture and change management, ensuring systems remain aligned with secure baselines. This episode discusses how baselines are established, how continuous compliance tools monitor against them, and how automated remediation closes gaps quickly. In the cloud, where drift happens rapidly, configuration …
…
continue reading

1
Episode 78 — Change Management: Guardrails, Approvals and Exceptions
27:41
27:41
Play later
Play later
Lists
Like
Liked
27:41Change management ensures that updates to cloud environments are controlled, predictable, and secure. In this episode, we explore how guardrails, approval workflows, and documented exceptions keep systems stable while still allowing agility. We highlight the tension between speed and control, showing how automation can reduce friction while preserv…
…
continue reading

1
Episode 77 — Forensics in Cloud: Acquisition, Chain of Custody and Tools
29:04
29:04
Play later
Play later
Lists
Like
Liked
29:04Forensics in the cloud is complicated by lack of physical access, but it remains essential for investigations. This episode examines how evidence is acquired from cloud platforms, how chain of custody is maintained, and which tools support forensic readiness. We emphasize that evidence must be gathered in a way that preserves integrity, even when d…
…
continue reading

1
Episode 76 — Incident Response: Cloud-Specific Triage and Containment
22:04
22:04
Play later
Play later
Lists
Like
Liked
22:04Incident response in the cloud requires adapting traditional processes to dynamic, distributed environments. This episode covers how cloud-specific triage differs from on-premises, emphasizing challenges like volatile workloads, shared infrastructure, and rapid scaling. We discuss containment techniques that isolate affected services while minimizi…
…
continue reading

1
Episode 75 — SOAR Playbooks: Automation for Detection and Response
33:25
33:25
Play later
Play later
Lists
Like
Liked
33:25Security Orchestration, Automation, and Response (SOAR) platforms transform operations by codifying response actions into playbooks. This episode explains how triggers from SIEMs or monitoring systems activate playbooks that execute repeatable, automated workflows. By reducing manual effort, SOAR accelerates response and ensures consistency across …
…
continue reading

1
Episode 74 — Cloud Posture Management: Misconfiguration Detection and Drift
21:54
21:54
Play later
Play later
Lists
Like
Liked
21:54Cloud Security Posture Management (CSPM) addresses one of the leading causes of breaches: misconfiguration. In this episode, we explore how CSPM tools automatically detect weaknesses, enforce baselines, and identify drift from secure configurations. Cloud environments evolve rapidly, and without posture management, small errors can scale into criti…
…
continue reading

1
Episode 73 — SIEM & Analytics: Ingesting and Correlating Cloud Telemetry
21:02
21:02
Play later
Play later
Lists
Like
Liked
21:02Security Information and Event Management (SIEM) systems remain a cornerstone of security operations, but in the cloud, they must adapt to ingest vast amounts of telemetry from distributed sources. This episode explains how SIEM platforms collect, normalize, and correlate cloud logs, enabling advanced analytics that reveal patterns and anomalies ac…
…
continue reading

1
Episode 72 — Monitoring Strategies: Metrics, Logs and Traces in Cloud
22:56
22:56
Play later
Play later
Lists
Like
Liked
22:56Effective monitoring is at the heart of cloud security operations, providing the visibility required to detect, analyze, and respond to threats. In this episode, we discuss monitoring strategies that combine metrics for performance, logs for events, and traces for end-to-end transaction visibility. Each of these telemetry sources provides a differe…
…
continue reading

1
Episode 71 — Domain 5 Overview: Cloud Security Operations
24:18
24:18
Play later
Play later
Lists
Like
Liked
24:18Domain 5 introduces the operational side of cloud security, where the focus shifts from architecture and design to the day-to-day activities that ensure systems remain secure, resilient, and compliant. This episode provides a roadmap of the domain, highlighting monitoring strategies, posture management, automation, incident response, and business c…
…
continue reading

1
Episode 70 — Secure Delivery: Blue/Green, Canary and Rollback Safety
22:24
22:24
Play later
Play later
Lists
Like
Liked
22:24Delivery strategies determine how applications are released into production, and security must be considered at every step. In this episode, we compare blue/green deployments, canary releases, and rollback mechanisms, showing how each method reduces risk by limiting exposure to new code. These approaches provide safety nets when changes fail or int…
…
continue reading

1
Episode 69 — DevSecOps: Pipelines, Gates and Automated Policy
22:46
22:46
Play later
Play later
Lists
Like
Liked
22:46DevSecOps integrates security into every stage of the development and delivery process. This episode explains how pipelines enforce security gates, how automated policies validate code and infrastructure, and how feedback loops accelerate remediation. By embedding security in workflows, DevSecOps reduces friction and strengthens trust in deployment…
…
continue reading

1
Episode 68 — Configuration Management: Feature Flags and Secure Defaults
24:11
24:11
Play later
Play later
Lists
Like
Liked
24:11Configuration management ensures that applications run consistently and securely across environments. In this episode, we explore how feature flags, environment variables, and default settings play critical roles in security posture. Misconfigured defaults are a leading cause of breaches, making it vital to enforce secure baselines and monitor for …
…
continue reading

1
Episode 67 — Containerized Apps: Image, Registry and Runtime Controls
24:20
24:20
Play later
Play later
Lists
Like
Liked
24:20Containers bundle applications and dependencies, but their security depends on careful control across the lifecycle. This episode examines how images are built, stored in registries, and deployed in runtime environments. We highlight risks such as outdated base images, poisoned registries, and misconfigured container permissions. Hardening requires…
…
continue reading

1
Episode 66 — Serverless Apps: Event Injection and Least Privilege Design
22:58
22:58
Play later
Play later
Lists
Like
Liked
22:58Serverless applications offer scalability and efficiency but bring unique risks. In this episode, we explore how event-driven models introduce vulnerabilities such as event injection, where malformed inputs can manipulate logic or trigger unintended behavior. We also highlight the critical role of least privilege in securing serverless functions, e…
…
continue reading

1
Episode 65 — Runtime Protections: Behavior Monitoring and Application Shielding
23:38
23:38
Play later
Play later
Lists
Like
Liked
23:38Even well-tested applications face threats once deployed, making runtime protection essential. This episode covers technologies that monitor application behavior in real time, including runtime application self-protection (RASP), anomaly detection, and shielding mechanisms that block malicious inputs. These controls provide a last line of defense a…
…
continue reading

1
Episode 64 — Dynamic & Interactive Testing: DAST and IAST in CI/CD
24:58
24:58
Play later
Play later
Lists
Like
Liked
24:58Dynamic Application Security Testing (DAST) examines applications while they are running, simulating external attacks to uncover vulnerabilities that may not appear in source code. Interactive Application Security Testing (IAST) combines elements of both static and dynamic testing, instrumenting the application to monitor its behavior during execut…
…
continue reading

1
Episode 63 — Static Analysis: SAST Practices for Cloud Apps
24:34
24:34
Play later
Play later
Lists
Like
Liked
24:34Static Application Security Testing (SAST) analyzes source code or binaries to identify vulnerabilities before software is deployed. In this episode, we explain how SAST fits into cloud application development, integrating into CI/CD pipelines and enabling developers to catch errors early. Unlike dynamic testing, SAST does not require a running env…
…
continue reading

1
Episode 62 — Open-Source Dependencies: Risk Management and Updates
26:41
26:41
Play later
Play later
Lists
Like
Liked
26:41Modern applications rely heavily on open-source libraries and frameworks, which can accelerate innovation but also expand the attack surface. In this episode, we analyze the risks associated with open-source dependencies, from unpatched vulnerabilities to malicious code injections by compromised maintainers. We explain why organizations must adopt …
…
continue reading

1
Episode 61 — Secrets in Code: Management and Injection Avoidance
26:38
26:38
Play later
Play later
Lists
Like
Liked
26:38Embedding secrets directly in code is one of the most common and dangerous mistakes developers make. In this episode, we examine why hardcoding credentials, API keys, or tokens creates significant risks, including source code leaks, insider misuse, and automated discovery by attackers scanning repositories. We highlight the dangers of secrets being…
…
continue reading

1
Episode 60 — Identity for Apps: OAuth 2.0, OIDC and Token Handling
24:07
24:07
Play later
Play later
Lists
Like
Liked
24:07Application identity is critical to securing interactions between services, users, and cloud providers. This episode covers OAuth 2.0 as the leading framework for delegated authorization, OpenID Connect as an identity layer, and the mechanics of token issuance and validation. We explain how scopes, claims, and Proof Key for Code Exchange (PKCE) str…
…
continue reading