Best DevSecOps Podcast Series Podcasts (2025)

1
Achieving Balance: Agility, MBSE, and Architecture 42:55

Play Pause

1M ago42:55

42:55

Often, agile implementations are a struggle. Dedicated agile teams focus hard and deliver value on a regular cadence. But when results are tallied, the value teams produce may not fit neatly into the expectations of senior stakeholders. Why? In this webcast, Peter Capell addresses the importance of a practical vision to express outcomes, so that th…

1
My Favorite AI Terminal, Prompt Injection, and More 29:24

1M ago29:24

29:24

In this episode, I walk though some of my favorite new AI tools and content. 🙌 My next course is coming soon! I've opened the waitlist for those wanting to go deep in GitHub Actions for DevOps and AI automation in 2025. I'm so thrilled to announce this course. The waitlist allows you to quickly sign up for some content updates, discounts, and more …

1
Understanding Container Reproducibility Challenges: Stopping the Next Solar Winds 25:10

1M ago25:10

25:10

Container images are increasingly being used as the main method for software deployment, so ensuring the reproducibility of container images is becoming a critical step in protecting the software supply chain. In practice, however, builds are often not reproducible due to elements of the build environment that rely on nondeterministic factors such …

1
AWS Agentic DevOps with the EKS MCP Server 1:00:21

1M ago1:00:21

1:00:21

Bret and Nirmal are joined by Rajdeep Saha from AWS to discuss AI agents and the MCP (Model Context Protocol) standard. In this episode, they explore how AI can manage infrastructure with ease and demonstrate creating Kubernetes clusters with a single prompt. 🙌 My next course is coming soon! I've opened the waitlist for those wanting to go deep in …

1
Identifying AI Talent for the DoD Workforce 1:01:42

2M ago1:01:42

1:01:42

Finding and growing AI and Data talent is essential for mission success, but many skilled workers remain unseen because they lack traditional credentials. This session introduces practical strategies and prototype tools that help individuals demonstrate what they know while helping managers identify and evaluate emerging talent in these fields. Att…

1
ePlus Security + F5 API Security Podcast Series - Episode 2 5:31

2M ago5:31

5:31

In this episode, ePlus’ David Tumlin and F5’s Chuck Herrin discuss how securing modern applications isn’t just about tools—it’s about people. Hear how ePlus and F5 are helping organizations break down silos and build secure, scalable systems—together.By David Tumlin, ePlus and Chuck Herrin, F5

1
Agentic CI/CD with Solomon Hykes of Dagger 1:17:57

2M ago1:17:57

1:17:57

Bret and Nirmal discuss the intersection of AI agents and DevOps with Solomon Hykes, co-founder of Dagger and Docker. Solomon introduces Container Use, an open-source MCP server that gives coding agents isolated, containerized environments to work in, solving the critical problem of agents interfering with each other when running on the same system…

1
Mitigating Cyber Risk with Secure by Design 32:29

2M ago32:29

32:29

Software enables our way of life, but market forces have sidelined security concerns leaving systems vulnerable to attack. Fixing this problem will require the software industry to develop an initial standard for creating software that is secure by design. These are the findings of a recently released paper coauthored by Greg Touhill, director of t…

1
Model Your Way to Better Cybersecurity 1:02:54

2M ago1:02:54

1:02:54

Threat modeling is intended to help defend a system from attack. It tops the list of techniques recommended by the National Institute of Standards and Technology (NIST) to secure critical systems. In a world where people with malicious intent have deadlier tools at their disposal, defenders need to take advantage of Model-Based Systems Engineering …

1
Running AI MCP Tools on Kubernetes with kagent 42:44

2M ago42:44

42:44

Bret and Nirmal explore AI agents in Kubernetes with Eitan Yarmush, Senior Architect at Solo.io. Eitan explains how AI agents work through three simple components (system prompts, LLMs, and tools), and demonstrates the kagent project, which provides a Kubernetes-native way to deploy and manage AI workflows. 🙌 My next course is coming soon! I've ope…

1
Episode 1: The Evolution of API Security, Shift Left Security and DevSecOps Integration 16:54

2M ago16:54

16:54

ePlus Security + F5 API Security Podcast Series where ePlus’ David Tumlin and F5’s Chuck Herrin share why visibility is the foundation of modern security—and how together, ePlus & F5 are helping organizations manage the real challenges of API security in today’s hybrid, multi-cloud world.By David Tumlin, ePlus and Chuck Herrin, F5

1
DevSecOps: See, Use, Succeed 1:00:41

2M ago1:00:41

1:00:41

DevSecOps generates a lot of data valuable for better decision making. However, decision makers may not see all they need to in order to make best use of the data for continuous improvement. The SEI open source Polar tool unlocks the data, giving DevSecOps teams greater capability to automate, which in turn means they can innovate rapidly – without…

1
The Magic in the Middle: Evolving Scaled Software Solutions for National Defense 21:25

3M ago21:25

21:25

A January 2025 Defense Innovation Board study on scaling nontraditional defense innovation stated, “We must act swiftly to ensure the DoD leads in global innovation and competition over AI and autonomous systems – and is a trendsetter for their responsible use in modern warfare." In this podcast from the Carnegie Mellon University Software Engineer…

1
An Introduction to the MLOps Tool Evaluation Rubric 1:00:23

3M ago1:00:23

1:00:23

Organizations looking to build and adopt artificial intelligence (AI)–enabled systems face the challenge of identifying the right capabilities and tools to support Machine Learning Operations (MLOps) pipelines. Navigating the wide range of available tools can be especially difficult for organizations new to AI or those that have not yet deployed sy…

1
Making Process Respectable Again: Advancing DevSecOps in the DoD Mission Space 44:26

3M ago44:26

44:26

Warfighters in the Department of Defense (DoD) operate in high-stakes environments where security, efficiency, and speed are critical. In such environments DevSecOps has become crucial in the drive toward modernization and overall mission success. A recent study led by researchers at the Carnegie Mellon University Software Engineering Institute (SE…

1
Is AI ready for DevOps? 27:17

3M ago27:17

27:17

Bret and Nirmal are at KubeCon London and record their ideas about how AI Agents are about to change DevOps, platform engineering, SRE, automation, troubleshooting, and more. 🙌 My next course is coming soon! I've opened the waitlist for those wanting to go deep in GitHub Actions for DevOps and AI automation in 2025. I'm so thrilled to announce this…

1
Deploying on the Edge 1:01:02

3M ago1:01:02

1:01:02

Deploying cloud-centric technologies such as Kubernetes in edge environments poses challenges, especially for mission-critical defense systems. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Patrick Earl, Doug Reynolds, and Jeffrey Hamed, all DevOps engineers in the SEI's Software Solutions Division, sit d…

1
The Trailer for Agentic DevOps Podcast 2:56

3M ago2:56

2:56

By Bret Fisher

1
The State of DevSecOps in the DoD: Where We Are, and What’s Next 58:42

4M ago58:42

58:42

DevSecOps practices foster collaboration among software development, security, and operations teams to build, test, and release software quickly and reliably. A high-stakes, high-security environment has challenged the implementation of these practices within the Department of Defense (DoD). The DoD Chief Information Officer (CIO) organization part…

1
I Spy with My Hacker Eye: How Hackers Use Public Info to Crack Your Creds 57:16

4M ago57:16

57:16

Did you know there are 500 million tweets per day? 3 billion monthly active Facebook users? 1 billion LinkedIn members? Are you one of them? In this webcast, Destiney Marie Plaza reveals how a hacker can use seemingly benign public information to customize an attack on a victim by showing a scenario-based attack and demo (using free and open-source…

1
The Best and Brightest: 6 Years of Supporting the President’s Cup Cybersecurity Competition 21:40

4M ago21:40

21:40

A strong cyber defense is vital to public- and private-sector activities in the United States. In 2019, in response to an executive order to strengthen America’s cybersecurity workforce, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) partnered with the SEI to develop and run the President’s Cup Cyberse…

1
A New Performance Zone for Software for National Security 1:02:23

4M ago1:02:23

1:02:23

Today, we have seen our national security organizations working to adopt modern software practices, particularly Agile methods and DevSecOps practices, efforts challenged by a mismatch of tempos between operational needs and development processes. The newly mandated Software Acquisition Pathway helps to align those tempos. However, to sustain a com…

1
AI Native Dev: Shaping the Future of AI-First Software Development - DevOps Chats Episode 12 35:55

4M ago35:55

35:55

In this episode of DevOps Chats, Alan speaks with Patrick Debois, the man who coined the term DevOps to talk about his new passion AI NativeDev. Beyond giving it a name, Patrick has always been one of the leading lights of the community. After 12+ years in DevOps thought, Patrick’s enthusiasm was starting to wane. AI has reignited that and his crea…

1
Identifying and Mitigating Cyber Risk 47:33

4M ago47:33

47:33

An organization’s cyber risk management practices must be rooted in organizational goals to be truly effective. In this webcast, Matt Butkovic, Greg Crabbe and Beth-Anne Bygum explore how best to align business and resilience objectives.By Matt Butkovic, Greg Crabbe and Beth-Anne Bygum

1
Updating Risk Assessment in the CERT Secure Coding Standard 26:04

5M ago26:04

26:04

Evaluating source code to ensure secure coding qualities costs time and effort and often involves static analysis. But those who are familiar with static analysis tools know that the alerts are not always reliable and produce false positives that must be detected and disregarded. This year, we plan on making some exciting updates to the SEI CERT C …

1
Delivering Next Generation Cyber Capabilities to the DoD Warfighter 27:16

5M ago27:16

27:16

In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Gregory Touhill, director of the SEI CERT Division, sits down with Matthew Butkovic, technical director of Cyber Risk and Resilience at CERT, to discuss ways in which CERT researchers and technologists are working to deliver rapid capability to warfighters in …

1
Cyber Maturity Model Certification (CMMC): Protecting the Nation’s Defense Industrial Base 28:02

5M ago28:02

28:02

The Defense Industrial Base (DIB) is a core element of the national security ecosystem. This point of intersection between private industry and the Department of Defense is a perpetual target for the Nation’s adversaries. In this Intersect, Matthew Butkovic and John Haller explore the development, and implementation, of the Cyber Maturity Model Cer…

1
Threat Hunting: What Should Keep All of Us Up at Night 57:09

5M ago57:09

57:09

When it comes to recognizing threats, cybersecurity professionals may become distracted by big promises or ignore some obvious inspections. New claims made by the latest and greatest new apps draw attention away from network situational awareness best practices—like a dog distracted when it spots a squirrel. We also may deviate from making routine …

1
Getting the Most Out of Your Insider Risk Data with IIDES 39:14

5M ago39:14

39:14

Insider incidents cause around 35 percent of data breaches, creating financial and security risks for organizations. In this podcast from the Carnegie Mellon University Software Engineering Institute, Austin Whisnant and Dan Costa discuss the Insider Incident Data Expression Standard (IIDES), a new schema for collecting and sharing data about insid…

1
Can a Cybersecurity Parametric Cost Model be Developed? 56:25

6M ago56:25

56:25

Can a cybersecurity parametric cost estimation model be developed? Every Department of Defense (DoD) program needs to account for, credibly estimate, budget/plan for, and assess the performance of its cybersecurity activities. Creating a cybersecurity parametric model would allow DoD programs to reliably estimate the effort and cost of cybersecurit…

1
Grace Lewis Outlines Vision for IEEE Computer Society Presidency 18:14

6M ago18:14

18:14

Grace Lewis, a principal researcher at the Carnegie Mellon University Software Engineering Institute (SEI) and lead of the SEI’s Tactical and AI-Enabled Systems Initiative, was elected the 2026 president of the IEEE Computer Society (CS), the largest community of computer scientists and engineers, with more than 370,000 members around the world. In…

1
Elements of Effective Communications for Cybersecurity Teams 34:00

6M ago34:00

34:00

Communications, both in times of crisis and during normal operations, are essential to the overall success and sustainability of an incident response or security operations team. How you plan for and manage these communications and how they are received and actioned by your audience will influence your trustworthiness, reputation, and ultimately yo…

1
Improving Machine Learning Test and Evaluation with MLTE 29:06

6M ago29:06

29:06

Machine learning (ML) models commonly experience issues when integrated into production systems. In this podcast, researchers from the Carnegie Mellon University Software Engineering Institute and the U.S. Army AI Integration Center (AI2C) discuss Machine Learning Test and Evaluation (MLTE), a new tool that provides a process and infrastructure for…

1
DOD Software Modernization: SEI Impact and Innovation 27:12

6M ago27:12

27:12

As software size, complexity, and interconnectedness has grown, software modernization within the Department of Defense (DoD) has become more important than ever. In this discussion moderated by Matthew Butkovic, technical director of risk and resilience in the SEI CERT Division, SEI director Paul Nielsen outlines the SEI’s work with the DoD on sof…

1
DevOps Thrives and Software Supply Chain is the SBOM 17:06

7M ago17:06

17:06

Mitch and Alan discuss what's required to take a holistic approach to software supply chain security and how DevOps has not only survived, but thrived as it's adapted over the years and helped for new XOps variations and platform engineering.By DevOps.com

1
Platform Engineering Scales DevOps and the AI Dev Bubble 25:16

7M ago25:16

25:16

After a brief podcast hiatus, Mitch and Alan discuss why it isn't a DevOps versus platform engineering debate. Rather, platform engineering helps scale DevOps, among PE's many, many benefits. They discuss the launch of platformengineering.com and its new podcast. They also delve into the debate about AI's impact on software development.…

1
Operational Resilience Fundamentals: Building Blocks of a Survivable Enterprise 52:07

7M ago52:07

52:07

Surviving disruptive cyber events requires a specific form of planning. One must strike a balance between defending against threats (e.g., managing conditions) and effectively handling the effects of disruption (e.g., managing consequences). Employing a model (such as the CERT Resilience Management Model) provides a catalog of practices and a syste…

1
Integrating AI Co-Pilots and DevSecOps 25:45

7M ago25:45

25:45

In this episode of DevOps Chats, Alan Shimel and Mitch Ashley discuss the rapid integration of AI co-pilots in software tools, emphasizing the need for a unified AI interface to streamline user experience. They explore the evolving concept of DevSecOps, advocating for a holistic approach that includes both software development and underlying toolch…