Category: 3-SometimeTechTalk

The newfound popularity of the internet in the nineties spurned an obsession with hacking. Unfortunately, most movies believed that it wasn't possible to show real hacking and still be entertaining; hence all the awkward video game graphics and characters living in sketchy basements regularly yelling out, "We're in!" while pounding on their keyboards. I'd also like to address their outfit choices but now is not the appropriate time. The point is, hackers have been portrayed as the same character repeatedly when in reality, there are many possibilities to turn these skills into a legitimate career.    

In this episode of Security Unlocked, hosts Natalia Godyla and Nic Fillingham are joined by Co-Founder and Chief Technology Officer at Veracode Chris Wysopal. In the ’90s, Chris was one of the first vulnerability researchers at The L0pht, a hacker think tank, where he publicized his findings on the dangers of insecure software. Chris shares guidance for anyone getting started with modern secure software development, the best tools to monitor for vulnerabilities in open-source code, and shares what he believes is one of the greatest threats to software development. 

  

In This Episode You Will Learn:    

• How to use open-source code safely 
• Best tools for monitoring vulnerabilities 
• How to detect and respond to threats to insecure software 

 

Some Questions We Ask:    

• What is modern secure software development?  
• What are the biggest threats to software today?  
• How should companies allocate ownership of secure code across the software development lifecycle? 

 

Resources:   

View Chris Wysopal on LinkedIn 

View Nic on LinkedIn  

View Natalia on LinkedIn  

Related:    

Listen to: Afternoon Cyber Tea with Ann Johnson  

Listen to: Security Unlocked: CISO Series with Bret Arsenault  

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network. 

---

Hosted on Acast. See acast.com/privacy for more information.

The infrastructure that networked applications lives on is getting more and more complicated. There was a time when you could serve an application from a single machine on premises. But now, with cloud computing offering painless scaling to meet your demand, your infrastructure becomes abstracted and not really something you have contact with directly. Compound that problem with with architecture spread across dozens, even hundreds of microservices, replicated across multiple data centers in an ever changing cloud, and tracking down the source of system failures becomes something like a murder mystery. Who shot our uptime in the foot? 

A good observability system helps with that. On this sponsored episode of the Stack Overflow Podcast, we talk with Greg Leffler of Splunk about the keys to instrumenting an observable system and how the OpenTelemetry standard makes observability easier, even if you aren’t using Splunk’s product. 

Observability is really an outgrowth of traditional monitoring. You expect that some service or system could break, so you keep an eye on it. But observability applies that monitoring to an entire system and gives you the ability to answer the unexpected questions that come up. It uses three principal ways of viewing system data: logs, traces, and metrics.

Metrics are a number and a timestamp that tell you particular details. Traces follow a request through a system. And logs are the causes and effects recorded from a system in motion. Splunk wants to add a fourth one—events—that would track specific user events and browser failures. 

Observing all that data first means you have to be able to track and extract that data by instrumenting your system to produce it. Greg and his colleagues at Splunk are huge fans of OpenTelemetry. It’s an open standard that can extract data for any observability platform. You instrument your application once and never have to worry about it again, even if you need to change your observability platform. 

Why use an approach that makes it easy for a client to switch vendors? Leffler and Splunk argue that it’s not only better for customers, but for Splunk and the observability industry as a whole. If you’ve instrumented your system with a vendor locked solution, then you may not switch, you may just let your observability program fall by the wayside. That helps exactly no one. 

As we’ve seen, people are moving to the cloud at an ever faster pace. That’s no surprise; it offers automatic scaling for arbitrary traffic volumes, high availability, and worry-free infrastructure failure recovery. But moving to the cloud can be expensive, and you have to do some work with your application to be able to see everything that’s going on inside it. Plenty of people just throw everything into the cloud and let the provider handle it, which is fine until they see the bill.

Observability based on an open standard makes it easier for everyone to build a more efficient and robust service in the cloud. Give the episode a listen and let us know what you think in the comments.

James Burd, Chief Privacy Officer for the Cybersecurity and Infrastructure Security Agency (CISA) at Department of Homeland Security joins the show to discuss some of the key initiatives we should be focused on within the recent cybersecurity executive order. We also discuss his priorities and challenges as a privacy officer, ways governments can make themselves a less attractive target for cyber attacks, and whether online elections are in our future within the United States..

Nate Joens was born and raised in Iowa. And in fact, he plans to spend out the rest of his days there, cause he loves it. He lovingly calls it the Silicon Prairie, though he admits that most people don't call it that. He studied at Iowa State University, majoring in Geographic Information Systems and Urban Planning - which is basically mapping on steroids. He learned how to map topography, three dimensionally, using tools like ArcGIS. Outside of tech, he loves to hike, kayak, golf, and generally be outdoors.

In college, he was very interested and connected to the real estate industry, as urban planning works closely with realtors. He figured out that lead follow up was a huge pain point for realtors, which peaked his interest. And led him to build some tech to solve the problem.

This is the creation story of Structurely.

Sponsors

• Courier
• Img.ly
• Routable
• CTO.ai
• Cloudways offers peace of mind and flexibility so you can focus on growing your business instead of dealing with server management. With Cloudways, you get an optimized stack, managed servers, backups, staging environment, integrated Git, pre-configured, Composer, 24/7 support, and a choice of five cloud providers: AWS, DigitalOcean, Linode, Google Cloud, and Vultr. Get up to 2 Month Free Hosting by using code "CODE30" and get $30 free hosting credit.

Links

• Website: https://www.structurely.com/
• LinkedIn: https://www.linkedin.com/in/nathanjoens/

Our Sponsors:
* Check out Vanta: https://vanta.com/CODESTORY


Support this podcast at — https://redcircle.com/code-story/donations

Advertising Inquiries: https://redcircle.com/brands

Privacy & Opt-Out: https://redcircle.com/privacy

This episode was inspired by Joma Tech's review of his first ten years in coding. 

Ben Popper shared  a fair amount of his coding journey through the series Ben Popper is the Worst Coder in the World. 

Should you actually write out code on paper as some of us had to do? Maybe.

Modding games gets people into programming. For Ryan, Freedom Force got him into Python. Today, it's Minecraft and Roblox. 

Want to jump start your career? Find a community on Discord or Twitter and make some contacts. The software industry is made of people. 

Hackathons helped Cassidy find a deeper love for coding, oh and her husband too.

In this music tech-themed UNAJUA series, Yaw Asamani taps his live industry experience to explore how African artists are using a plethora of social and technological platforms to find their voices, build audiences and monetise their art. Listen in to learn how the streaming era has ushered in lucrative opportunities for African artists to develop and dominate niche audiences and serve loyal international fan bases. Yaw Asamani is a music tech entrepreneur. He previously founded DooWapp, an app for adding playable song lyrics to messages & posts, think musical emojis. Former Managing Director at Airbit, a leading Marketplace for selling beats online. Currently, founder at Bawse, a pre-launch platform looking to empower DIY Artists. Click here (https://telbee.io/channel/uuatbnkraty1vn-nkazpcg/index.html) to leave us a 60-sec voice note with your reactions to any of the topics raised in the UNAJUA Series. (We will include some of your audio takes in future follow-up episodes.) PROMO: African Tech Roundup is partnering with Socialstack to launch a social token ($ATRU) on the Cello blockchain to drive community engagement. Listen in to today's episode to see how you could be one of the first few to receive some $ATRU social token. JOIN THE REVOLUTION: Create a Celo Account via Socialstack(https://wallet.socialstack.co/) EARN $ATRU TOKEN: Click here to complete the form and earn your $ATRU(https://forms.gle/CE7DrkszZzLXDCA6A). SUPPORT US: Support our independent media-making efforts by becoming a Patreon (https://www.africantechroundup.com/patreon/).

Ryan Johnson is originally from Saginaw, Michigan, and now lives in Atlanta. He never imagined he would get into tech. In fact, when he was growing up he wanted to be an orthodontist. He got into school, and immediately saw how difficult the classes were going to be. So he switched to business, and that part of school stuck and came naturally to him. As a college elective, he took computer science as an elective (who does that?). He brags that his computer science professor still has the mortgage calculator program on hand (and it still works). Post college, he worked as a broker for Equitable, as a financial advisor, and then supported law firm with their SEO. Eventually, he got into product and is still leading the charge there.

He is married, and has 2 young daughters, both in grade school. He loves to travel, and hopes to make that more of a regular thing as the pandemic slows down. He has an affinity for all things automotive as well, and has been into racing most of his life. Though he loves cars, he really prefers just to watch... and not wrench on them.

Ryan joined the his current company many years ago, and was charged to build a team to expand the companies call tracking functionality... to essentially, make it omni channel, with form, source and message tracking.

This is the creation story of CallRail.

Sponsors

• Courier
• Img.ly
• Routable
• CTO.ai
• Cloudways offers peace of mind and flexibility so you can focus on growing your business instead of dealing with server management. With Cloudways, you get an optimized stack, managed servers, backups, staging environment, integrated Git, pre-configured, Composer, 24/7 support, and a choice of five cloud providers: AWS, DigitalOcean, Linode, Google Cloud, and Vultr. Get up to 2 Month Free Hosting by using code "CODE30" and get $30 free hosting credit.

Links

• Website: https://www.callrail.com/
• LinkedIn: https://www.linkedin.com/in/ryandjohnson/

Our Sponsors:
* Check out Vanta: https://vanta.com/CODESTORY


Support this podcast at — https://redcircle.com/code-story/donations

Advertising Inquiries: https://redcircle.com/brands

Privacy & Opt-Out: https://redcircle.com/privacy

Links from the show:

• https://vscode.dev/
• Ubuntu-based Pop!_OS Spotted on Raspberry Pi | Tom's Hardware
• Apple Silicon Support · Issue #1552 · laravel/homestead · GitHub
• October issue release: Cryptography, SQL Schema Design, Security, and more

This episode of PHPUgly was sponsored by:

• Honeybadger.io - https://www.honeybadger.io/

PHPUgly streams the recording of this podcast live. Typically every Thursday night around 9 PM PT. Come and join us, and subscribe to our Youtube Channel, Twitch, or Periscope. Also, be sure to check out our Patreon Page.

Twitter Account https://twitter.com/phpugly

Host:

• Eric Van Johnson
• John Congdon
• Tom Rideout

Streams:

• Youtube Channel
• Twitch
• Periscope

Powered by Restream

Patreon Page

PHPUgly Anthem by Harry Mack / Harry Mack Youtube Channel

Thanks to all of our Patreon Sponsors:

Honeybadger ** This week Sponsor **

ButteryCrumpet
Shawn
David Q
Ken F
Tony L
Frank W
Jeff K
Shelby C
S Ferguson
Boštjan O
Matt L
Dmitri G
Knut E B
Marcus
MikePageDev
Rodrigo C
Billy
Darryl H
Blaž O
Mike W
Holly S
Peter A
Ben R
Luciano N
Elgimbo
Wayne
Kevin Y
Alex B
Clayton S
Kenrick B
R. C. S.
ahinkle
dreamup
Enno R
Sevi
Maciej P
Jeroen F
Ronny M N
Charlto
Tristan I
F'n Steve
Robert
Thorsten
Emily