Questioning Shift Left: Changing Tech And Security Roles IT Ops Query podcast

22:18

Mark Tomlinson is senior director of performance and observability for digital payments provider FreedomPay. H previously worked for PayPal and also served as Chief Performacologist, founder and host of the PerfBytes podcast from 2012 to 2023. He talks about how his company uses generative AI tools in its observability practices, imagines the future possibilities for agentic AI ... and just as importantly, explains what a "Performacologist" is.…

IT Ops Query

1
Generative AI and the next AIOps frontier 23:42

hace 11 días23:42

23:42

Alois Reitbauer is chief technology strategist, head of open source and the leader of research at observability vendor Dynatrace. He is a contributor to CNCF open source standards such as the Keptn event-driven orchestration project and OpenFeature for feature flag management. His Dynatrace bio also describes him as "a regular conference speaker, blogger, book author and sushi maniac." He reflects on the evolution of AIOps before and after generative AI, and discusses the work still being done to help large language models better generate infrastructure code in response to incidents.…

IT Ops Query

1
OpenTelemetry in the age of AI 35:56

hace 18 días35:56

35:56

The rise of generative and agentic AI is also OpenTelemetry's moment to shine – in an increasingly non-deterministic world, there's a lot to be said for a standard means of collecting telemetry data about system behavior. However, it can be difficult to get a consensus on everything, especially developers' preferences about instrumenting code. This week's guest, Austin Parker, was among the original founding members of the OpenTelemetry project and remains a core contributor, as well as a member of the project's governance board. He explores the multiple intersections between the maturing open source observability standard and emerging AI technology, what's on the project's roadmap and shares his own experiences using generative AI to develop apps.…

IT Ops Query

1
Envisioning observability in 3D with knowledge graphs 21:31

hace 25 días21:31

21:31

What if you could see your application and infrastructure represented spatially instead of two-dimensional dashboard tabs, similar to atoms in a molecule or stars in the sky? According to Matt Young, founder and co-chair of the Cloud Native Computing Foundation (CNCF) technical advisory group (TAG) on observability, this will soon be a reality thanks to advanced AI models, knowledge graphs, and emerging data storage techniques such as columnar stores. In this episode, Matt discusses the implications of these new technologies for SREs, developers, and software supply chain security.…

IT Ops Query

1
Charity Majors on AI observability and a call to action for SREs 23:30

hace 5 weeks23:30

23:30

Charity Majors pioneered the term 'observability' as co-founder and CTO of Honeycomb.io, based on her experience building and managing distributed systems at Parse, Facebook, and Linden Lab building Second Life. She is the co-author of the O'Reilly books Observability Engineering and Database Reliability Engineering . Her Honeycomb bio adds that she "loves free speech, free software and single malt scotch." In this interview with Informa TechTarget senior news writer Beth Pariseau, Majors covers the interplay between AI and observability, "Observability 2.0," and urges site reliability engineers to lean into AI agents, even if they seem to be replacements.…

IT Ops Query

1
Trailer: IT Ops Query Season 3: Observability in the Age of AI 2:14

hace 6 weeks2:14

2:14

Multifaceted connection points are emerging between observability and AI, from monitoring and improving AI models themselves to observing the ways the behavior of AI agents differs from traditional web apps. In short, AI-driven automation makes new kinds of observability workflows both necessary and possible. This season of IT Ops Query will feature interviews with a variety of industry expert guests on how AI, including agentic AI, will change observability, as well as how observability will change AI. Join me starting March 20th, wherever you get your podcasts.…

IT Ops Query

1
2024 in review and 2025 predictions with Dan Lorenc 21:05

hace 18 weeks21:05

21:05

Sigstore creator, Chainguard CEO, OpenSSF TAC member and Season 1 guest Dan Lorenc returns to discuss the year in open source and security. Topics range from software supply chain management, hardening container images and SBOMs in limbo to open product companies and business models, including his own company's shift in focus this year. Plus: a look ahead to SecOps and AI in 2025.…

IT Ops Query

1
The arc of SecOps is long, but bends toward improvement 24:23

hace 19 weeks24:23

24:23

S&P Global Market Intelligence principal research analyst Daniel Kennedy discusses what the results of his Voice of the Enterprise research project dating back to 2015 reveal about the notion of a cybersecurity skills shortage; the effects of the Crowdstrike outage on a long-running debate about unified cybersecurity platforms vs best-of-breed vendors; and hopeful signs heading in to the next decade of SecOps.…

IT Ops Query

1
Back to the future in business resilience post-CrowdStrike 21:17

hace 20 weeks21:17

21:17

SecOps, developers and infrastructure ops teams are often encouraged to work more closely together within IT, but for one industry analyst, the CrowdStrike outage exposed an even more significant gap between IT and businesses. Charles Betz is vice president and principal analyst for enterprise architecture at Forrester Research. He has also worked as an adjunct professor at the University of St. Thomas in St. Paul, Minnesota, and as an enterprise architect at AT&T, Wells Fargo, Best Buy and Target. Following the CrowdStrike outage, Betz and a dozen other Forrester analysts collaborated on a report calling for a redefinition of enterprise resilience in the wake of the incident. For Betz, the experience of Delta Airlines in the CrowdStrike aftermath is potentially instructive for improving business resilience. "This was not a failure of IT disaster recovery," he said in this episode of Delta's weeklong ordeal. "This was truly a failure of business continuity…a shock to the physical system that couldn't be unwound without a lot of hard work."…

IT Ops Query

1
Questioning shift left: changing tech and security roles 20:50

hace 22 weeks20:50

20:50

In October, the Cybersecurity and Infrastructure Security Agency (CISA) issued a report that's still generating buzz in the security world – it questioned the data sources in often-cited reports about the value of "shifting left". Another section of the CISA report called into question the idea that security flaws cause people to stop using products and concluded that "In general, it seems that quality failures don’t always affect customer loyalty." In this episode, guest Adrian Sanabria, the host of the Enterprise Security Weekly podcast and principal researcher at The Defenders Initiative, discusses the fallout from CISA's report on the last decade's notions of organizational security roles and how changing technology will also change the roles organizations assign to those responsible for cybersecurity and risk.…

IT Ops Query

1
Gen AI kicks multi-cloud security into overdrive 24:15

hace 23 weeks24:15

24:15

Doug Merritt was CEO of Splunk from 2015 to 2021 and led the company's transition from an on-premises software company to a cloud-based service provider. After two years in the venture capital and board advisory space, Merritt joined multi-cloud networking company Aviatrix as CEO in 2023. That company introduced its first security product, a distributed firewall for Kubernetes, in May, and rolled out a managed version of its multi-cloud network and security control plane this week. Merritt identifies two ways generative AI is shifting multi-cloud security: first, data gravity and the costs of generative AI mean cloud computing is becoming increasingly distributed, often including hybrid and edge environments, which he says calls for a new approach to centralized network management. Secondly, Merritt said he's a believer that generative AI will help network and SecOps pros keep pace with these changes – and in the coming weeks, Aviatrix will roll out the first of its own GenAI-powered features for security incident management and event reduction.…

IT Ops Query

1
Airgaps over AI? Cyberdefense pro's tips and predictions 23:14

hace 24 weeks23:14

23:14

Robert Slaughter is CEO of Defense Unicorns, a defense tech startup specializing in Airgap software delivery in highly secure and sensitive environments in the military and federal government. Previously, he was director of the U.S. Department of Defense's Platform One DevSecOps project and co-founder at Space CAMP, a predecessor of Platform One for the US Space Force. Prior to starting Defense Unicorns, he served 12 years in the US Air Force. If companies think threats to the security of critical national infrastructure don't involve them, Slaughter says, they should think again. And he suggests they might adopt some of the techniques familiar to military and government cyberdefense pros, from proactive threat hunting to air gaps.…

IT Ops Query

1
SecOps "where bits and bytes meet flesh and blood" 25:00

hace 25 weeks25:00

25:00

Joshua Corman is executive in residence for public safety & resilience at The Institute for Security and Technology (IST), a non-profit think tank based in the San Francisco Bay Area. He is also co-leader of a Cybersecurity and Infrastructure Security Agency (CISA) community working group for SBOM on-ramps & adoption. Previously, he was vice president of cybersecurity strategy for Claroty, an IoT security company; chief strategist on the CISA COVID task force; director of the Atlantic Council's Cyber Statecraft Initiative; and CTO at security software vendor Sonatype. In August, Corman delivered a presentation at CISA's SBOM-a-Rama event warning that time is running out to more effectively protect critical infrastructure systems such as the water and power supply that rely on potentially vulnerable software to operate. Corman emphasized the urgent need to more effectively identify vulnerabilities and defend against attacks such as China's Volt Typhoon nation-state threat group. An initiative Corman is leading at IST under the working title UnDisruptable27 now looks to address these threats. "We live in glass houses," he said in this episode's interview. "And people are about to start throwing rocks."…

IT Ops Query

1
Lessons from a "graybeard" in assessing cloud risk 22:52

hace 26 weeks22:52

22:52

Chris Steffen is vice president of research for information security at analyst firm Enterprise Management Associates. He previously held a variety of IT leadership roles at companies including Hewlett Packard Enterprise, and DXC Technology. He is a regular speaker at industry conferences, the host of the Cybersecurity Awesomeness podcast and a frequent guest on other IT security podcasts. The day of the CrowdStrike outage, Steffen posted on LinkedIn, "Not trying to kick anyone while they are down, but those that equate resiliency with public cloud computing really need to re-evaluate those beliefs, especially for mission critical workloads. The outages being reported today were some of the exact same issues that we have seen before, but - as an industry - don't seem to learn from." In this episode, Steffen discusses the lessons on data center resilience he says have been lost in the cloud era and why IT orgs must re-evaluate their cloud risk.…

IT Ops Query

1
Data, observability and the future of DevSecOps 17:48

hace 27 weeks17:48

17:48

Esteban Gutierrez is chief information security officer and vice president of information security at observability vendor New Relic. Previously, he was an enterprise information security strategist at Intel, and he managed the network operations and security center for the US Army Corps of Engineers. He shares takeaways from New Relic's recent State of Observability survey, lessons learned from his career in cybersecurity about bridging the SecOps / IT Ops gap and why he believes data is crucial to the future of both DevSecOps and AI.…

IT Ops Query

1
From Sony breach to CrowdStrike, IT Ops-SecOps rift deepened 16:26

hace 28 weeks16:26

16:26

Rich Lane is currently IT director at the City of Medford, Massachusetts, and has had a varied career in IT infrastructure and operations. He served as VP of digital operations strategy for data security software vendor Netenrich from 2021 to 2022, and as a Forrester Research analyst from 2018 to 2021. Before that, Lane worked as a professional services consultant for observability vendor Splunk, and as IT infrastructure and operations manager at Bain Capital. From Lane's perspective, the CrowdStrike outage reflected an organizational disconnect at many companies between the IT security teams that choose tools and the infrastructure operations teams that must support those tools in production. In Lane's experience, this rift began to grow after the high-profile Sony Pictures data breach ten years ago as enterprises re-emphasized cybersecurity. Now, he says, CrowdStrike should be a sign it's time for the two groups to come together again and come up with more resilient ways to operate security tools, demand better communication from vendors during incidents, and to better account for the human factor in cyberattacks.…

IT Ops Query

1
What SecOps pros can learn from Microsoft security overhaul 21:30

hace 29 weeks21:30

21:30

Melinda Marks is cybersecurity practice director for TechTarget's Enterprise Strategy Group analyst firm. Previously, she held a variety of roles in the IT and cybersecurity industry, including marketing and PR leadership positions at vendors such as VMware, Qualys, Tenable Network Security. Just before joining ESG in 2021, she was chief strategy officer and CMO at Soluble, makers of a CI/CD security and compliance automation tool for infrastructure as code. In this episode, Marks discusses how Microsoft's first Secure Future Initiative report can serve as a blueprint for other enterprise SecOps pros; the evolution of cloud security tools; the future of cybersecurity regulations; and how SecOps practices must also evolve in an age of increased regulatory scrutiny to become more efficient and collaborative while maintaining visibility and control.…

IT Ops Query

1
Cloud security, AI giveth and taketh away 20:19

hace 30 weeks20:19

20:19

Kyler Middleton is senior principal software engineer at healthcare tech company Veradigm. She is also founder, owner, and CEO at 14ers Consulting, an IT services and engineering firm, as well as the co-host of her own podcast, Day Two DevOps and the founder of an IT training website, LetsDoDevOps.com. Her LinkedIn profile says, "I will teach you. It's unavoidable." In this episode, Middleton and TechTarget Editorial's Beth Pariseau examine two of the biggest double-edge swords in IT: cloud security and AI. The same cloud platforms that connect the world -- and broaden its attack surface -- also offer free and low-cost tools for IT pros to experiment with multiple layers of security automation and centralize log analytics; the same AI models that make burgeoning log data manageable could make it more difficult for security novices to learn the basics. Middleton shares her outlook on all these issues as well as tips for SecOps newbies.…

IT Ops Query

1
How KnowBe4 caught an impostor employee in 25 minutes 23:26

hace 31 weeks23:26

23:26

Brian Jack is chief information security officer and data protection officer at KnowBe4, a security awareness training software vendor based in Clearwater, Florida. The company made headlines in July when it thwarted an attempt by a North Korean nation-state actor to infiltrate its software engineering staff. The company did hire the attacker, who used the stolen identity of a US citizen and deepfake images to get through the vetting process, but detected suspicious activity on his account and contained the threat before the attacker gained access to any company data. In this episode, Jack shares the details of the incident, how the company's SOC detected and responded to the threat, advice for other companies on how to mitigate this increasingly common path of attack in the age of remote work and how he defines a good state of SecOps.…

IT Ops Query

1
Challenging the software security status quo 17:51

hace 32 weeks17:51

17:51

Kevin E. Greene is public sector CTO at OpenText Cybersecurity. Prior to his current role, Kevin worked at the MITRE Corporation supporting DevSecOps initiatives for sponsors, ATT&CK research, and MITRE’s Common Weakness Enumeration program, and served as cyber research and development program manager at the US Department of Homeland Security. Kevin's research in Hybrid Analysis Mapping (HAM) helped shape and influence Gartner’s Application Security Posture Management Magic Quadrant. He has been an outspoken public advocate of challenging the status quo in software engineering practices as well as government policies and procedures to improve cybersecurity. This episode features a wide-ranging conversation about what's broken about software security and how the concept of software resiliency can improve the industry's cyberdefense.…

IT Ops Query

1
SecOps and how it got that way, from AIX to AI 18:38

hace 33 weeks18:38

18:38

Christopher Crowley is an independent consultant and senior instructor at the SANS Institute, who has 20 years of experience managing and securing networks. He is considered a leading expert in building a security operations center, or SOC, and authored the SANS 2024 SOC Survey report in May, which focused on the top challenges facing security operations. In this episode, Crowley's survey provides an entry point for a bigger-picture discussion about the last 20 years of SecOps, the pros and cons of cloud-based SOCs, the trough of disillusionment with AI and predictions for the future.…

IT Ops Query

1
Trailer: IT Ops Query Season 2: The State of SecOps 3:43

hace 34 weeks3:43

3:43

The number, magnitude and costs of cyberattacks have steadily escalated, year after year, for the last two decades as software has eaten the world. Fresh vendor products continue to proliferate to address increasingly sophisticated threats, but time-honored problems with human error, systems visibility and vulnerability remediation continue to plague security operations (SecOps) teams. When even the world's largest tech companies continue to be breached by attackers, what hope is there for everyone else that software-based security disasters won't continue to spiral? In this season of IT Ops Query, beginning on September 5, you'll hear from a range of experts about the mounting pressures of security operations, and how the tech industry can begin to relieve them.…

IT Ops Query

1
Red Hat CentOS Stream vs HashiCorp BSL: the view from downstream 26:12

hace 47 weeks26:12

26:12

Josh Koenig and David Strauss are co-founders at Pantheon, a platform for building and operating websites. Josh is the chief strategy officer, and David is the CTO. Open source software is a big part of the web, and Pantheon is a downstream user as well as a contributor to several open source projects. David is an early contributor to systemd, a component of Linux distributions, a member of the Drupal security team, and was a founding member of the first Fedora Server working group in 2011. Josh and David share their views as downstream consumers of open source software as well as members of the community, touching on why enterprises don't contribute more to open source, the approach to open source policy and licensing changes by two different major vendors in Red Hat and HashiCorp, efforts to shore up the security of the web by moving to memory-safe languages, and more. Come for the industry insights, and stay for the many colorful analogies in this discussion, from tugboats to tofurkey. Editor's Note: This episode was recorded before IBM agreed to acquire HashiCorp.…

IT Ops Query

1
Weighing open source project funding options, from taxes to anarchy 21:35

hace 48 weeks21:35

21:35

Justin Warren is founder and principal analyst at PivotNine, a technology consulting and analyst firm based in Melbourne, Australia. Until 2023, he was a board member at Electronic Frontiers Australia, a non-profit national organization representing Internet users. At KubeCon North America last year, he asked a press conference panel of enterprise IT leaders what they were doing to compensate open source maintainers "so they don't starve to death." A self-described "filthy socialist," Warren favors a tax or tax-like system for funding open source libraries that are widely used but not full-fledged products -- especially when the alternative is an offer from a malicious actor maintainers can't refuse. Together, Warren and Beth explore various approaches to shoring up the maintenance, security and sustainability of open source software and discuss the future outlook for the industry in this episode.…

IT Ops Query

1
An open source security leader's call to action 26:10

hace 49 weeks26:10

26:10

Emily Fox has held multiple roles at household-name organizations in her 13-year IT career and is currently senior principal software engineer at Red Hat. Previously, she worked as an engineer at Apple, and DevOps Security Lead at the National Security Agency. She also serves as chair of the CNCF's technical oversight committee and is involved in a variety of open source communities and activities. From her unique vantage point, she addresses the delicate balance the CNCF must strike between enterprises, open source maintainers and open product companies; growing awareness about open source sustainability issues; and how all of that feeds into a general "crisis of conscience" going on in cybersecurity.…

IT Ops Query

1
Chainguard CEO's keys to open source software success 17:45

hace 50 weeks17:45

17:45

How is open source sustainability similar to the subprime mortgage crisis? And what can an episode of South Park teach us about open product business models? Dan Lorenc has a uniquely multifaceted view of these and other questions – he worked at Google from 2012 to 2021, began contributing to open source projects in the Kubernetes community in 2016, and along the way, developed the tooling that would become the Sigstore project, which helps to verify the provenance of open source code packages. Sigstore is now governed by the OpenSSF, where Dan is a member of the Technical Advisory Council. He is also co-founder and CEO of Chainguard, a software supply chain security startup. Find out what Dan's take is on everything from the "Tragedy of the Commons" idea itself to the government's role in open source maintenance, the CNCF's role in open products, "open source lite" licenses and what's worked for Chainguard's business so far in this episode.…

IT Ops Query

1
Advocate seeks $1B for open source code project maintainers 16:17

hace 51 weeks16:17

16:17

Tobie Langel is Principal and Managing Partner at UnlockOpen, a consulting firm in Geneva that advises clients on working with the open tech ecosystem. Langel is a passionate advocate for open source, and in February, he gave a presentation at the State of Open Conference in London urging funding for open source maintainers. Here, he discusses the distinction between open source development and open source maintenance, why open source sustainability issues persist and why $1 billion or even $10 billion per year isn't too much to ask of the global tech industry to fund open source maintenance -- especially in an age of vulnerabilities such as log4shell and ongoing software supply chain attacks.…

IT Ops Query

1
Bruce Perens' Post-Open vision 29:09

hace 52 weeks29:09

29:09

Bruce Perens created the definition of open source and co-founded the Open Source Initiative in 1998. He has said in recent public interviews, however, that open source has failed, and called for its overhaul under his Post-Open project. In this episode, Beth caught up with him to hear more about his ideas for the world after open source.…

IT Ops Query

1
Open source business models must evolve past "rug pulls" 23:26

hace 1 year23:26

23:26

Adam Jacob is CEO and co-founder of System Initiative, an infrastructure automation software startup that came out of stealth in 2023. Previously, he was co-founder and CTO of Chef Software, which also focused on infrastructure automation, and was sold to Progress Software in 2020. Chef had roots in open source, and underwent a license change in 2019; Jacob has taken a different tack with his new company. In this episode, he discusses his "speed run" through the various permutations of open source business models during his career, and how the industry can use the lessons learned by a generation of open product entrepreneurs to improve open source-based business sustainability.…

IT Ops Query

1
A Weaveworks post-mortem and the open core business model 23:02

hace 1 year23:02

23:02

Alexis Richardson co-founded a company in 2014 called Weaveworks, which created an open source GitOps project called Flux CD. In February, the company ceased operations, despite having gained new customers in 2023. Among the events that precipitated the closure of the business were acquisition talks with a larger company that fell through "at the 11th hour," according to a post by Richardson on LinkedIn. Weaveworks is one example of a company associated with a flourishing open source project – Flux CD continues under the CNCF – that ultimately couldn't make the business side work. Richardson gives his take on what happened with the company and how the CNCF could help businesses like it in the future, as well as what he's got planned next.…

IT Ops Query

1
Linkerd's existential question about open source code 17:44

hace 1 year17:44

17:44

William Morgan is CEO at Buoyant, a company that sells commercial and SaaS support for the Linkerd service mesh project and employs all of its maintainers. In February, Buoyant announced it would no longer be making a certain class of the project's code, called stable release artifacts, available for free to production users with more than 50 employees. Morgan discusses community reaction to that change and his outlook on the future of open source.…

IT Ops Query

1
Open source vs source available code and balancing freedom with sustainability 17:52

hace 1 year17:52

17:52

Chad Whitacre is head of open source at Sentry, an application and performance monitoring software maker that moved to a business source license for its products in 2019, and then to a functional source license in November 2023. Most recently, Chad has been working on a new project called Software Commons over the last six months, with the goal of balancing the user freedom prioritized by open source software with developer sustainability. In this episode, he discusses the tragedy of the commons vs enclosure, open source vs open products, BSL vs FSL and more.…

IT Ops Query

1
Trailer: IT Ops Query Season 1. Tech's Tragedy of the Commons 2:28

hace 1 year2:28