Devops Chat

Gaining real insights, often unique insights can catapult companies ahead of the competition, but that's easier said than done. Splunk recently released its new report, "What Is Your Data Really Worth?" which produced some very compelling results. Leading-edge data innovators use data to raise gross profits by 12.5%. 97% of this top tier meet or beat their customer retention targets. Mature organizations are almost 10 times more likely to draw more than 20% of their revenue from new, innovative products and services. A select group of companies, categorized as Data Innovators, achieved impressive and measurable results. Andi Mann, Splunk Chief Technology Advocate, joins Mitch Ashley on DevOps Chats to share some of the key insights in the report and discuss how companies are utilizing their data to achieve higher revenue growth, improved customer experiences and gain cost savings. The full report is available to download at https://www.splunk.com/en_us/form/whats-your-data-really-worth.html.

Contrast Security has released the first "Route Intelligence" functionality in the latest version of their next generation security platform. https://www.contrastsecurity.com/contrast-news In this DevOps Chat we speak with Contrast's CTO/co-founder, Jeff Williams, about what route intelligence is and why you should have a look at it. Contrast continues to set the bar in DevSecOps, pushing beyond vulnerability scanning to enable more security software.

Datical has been a leader in the DevOps for databases since even before the term was used. What many may not realize was that the open source Liquibase project was a major contributor to Datical's success. So it should be no surprise then that in filling the open President's seat, they would tap an open source veteran. Dion Cornett, has open source credibility from his time at Red Hat and MariaDB. In his new role he is responsible for marketing, sales and product. He is determined to see the same kind of success with open source business models he has been part of before, succeed at Datical. In this discussion we hear from Dion on his plans and views.

SauceCon 2020 (https://saucecon.com/) by the good folks at Sauce Labs is just about a month and half away (April 27). As part of our lead up to the show and our coverage including live broadcasting on Digital Anarchist, we caught up with newly minted, Chief Product Officer, Matt Wyman. Matt discusses how continuous testing, automation and DevOps has led to better testing. With that though we are more complex and sophisticated than ever in how, what and when we test. Can't we just keep it simple? Do we want to keep it simple? Have a listen to what Matt has to say, as well as why he is so excited about this coming event. If you are interested in testing at all, do check out the great lineup for SauceCon and hope to see you there.

Sumo Logic has been one of the pioneers in DevSecOps and log analysis for many years now. In this DevOps Chat we speak with Founding VP of Product & Strategy, Bruno Kuric about the Sumo Continuous Intelligence Platform and how it is taking security into the next era. Have a listen as Bruno explains how Sumo is trying to meet the challenges of keeping up with the speed of business, today.

A new company announced their launch and Series A funding. Esper (https://esper.io)is building a platform for android device deployment and application management. Not just for Android phones either. The Esper founders are betting that Android will be the dominant form for embedded devices in both headless and IoT deployments. The CEO/co-founder of Esper, Yadhu Gopalan knows a little something about this, as he was one of the key people behind Microsoft's Windows CE embedded program. Yadhu was also a leader of Amazon's Go Store program prior to Esper. We had a chance to sit down with Yadhu and talk about what raising their $7.5m series A means for Esper and where they are going.

Rancher Labs is a great example of a start up that was smart enough to sense the way the market was moving and adopted a strategy to capitalize on it. But if you know Rancher co-founder, CEO Sheng Liang, you should not be surprised. Sheng has been seeing the market and staying one step ahead for a long time. In this DevOps chat we sat down with Sheng and spoke about the recent momentum at Rancher. We also spoke a lot about Kubernetes becoming the industry standard for compute. It is always a good learning experience speaking with Sheng and this conversation is no different. Have a listen.

Tufin Technologies announced Secure Cloud https://www.businesswire.com/news/home/20200211005174/en/Tufin-SecureCloud-Enables-Companies-Secure-Hybrid-Cloud. The product combines and builds on Tufin Orca and Tufin Iris to offer one product for comprehensive cloud security policy. We had a chance to catch up with Tufin CTO and co-founder, Reuven Harrison to chat about this and the state of the market before the upcoming RSA Conference.

How do you know if your cyber team is up to snuff? Like any good team, they need training and practice to stay on top of their game. The concept of cyber ranges for red and blue teams has been in use for a few years now. Gov and military organizations have been some of the big leaders in this space. Rangeforce comes out of Estonia where NATO teams used the idea of a cyber range to train up their teams.They are taking this concept to the commercial space and will be at RSAC this year. I sat down with Gordon Lawson, President of Rangeforce to discuss the technology behind Rangeforce and the use cases. Have a listen and be sure to check them out at RSAC this year!

Ask any tech person what is involved in evaluating and purchasing tech tools and their eyes will often roll into their heads. While open source and free versions have made it easier to get the tools into people's hands, evaluating them to choose what is the best fit for your organization is still more art than science. In this podcast we sit down with two security industry veterans to talk about what is the best strategy to evaluate and pick the right security products. Les Correia and Migo Kedem are two industry veterans who have written the book on this. Have a listen

Brian Gracely has been helping to shape the Red Hat OpenShift product line for over 4 years. Brian is a key person in the product team there. In this podcast Brian gives us an update on the latest innovation at OpenShift. Much of what he is talking about will be visible or announced by KubeCon in Amsterdamn. So if you want to get an early look at the latest in Openshift, have a listen to what Brian has to see.

WhiteHat Security is one of the pioneers in AppSec. As such they were an early advocate for DevSecOps. They have been doing annual surveys of the security and developer space for several years. In this years survey the good news is that we are seeing real progress in DevSecOps adoption by developers and security teams. But all is not roses. Some of the same old issues are still there, including how long it takes us to fix vulnerabilities and security issues. In this DevOps Chats we speak with Eric Sheridan, Chief Scientist of WhiteHat about the survey results and what they mean. Have a listen to find out Eric's take on the foundings.

Jenkins founder Kohsuke Kawaguchi (KK) and respected DevOps veteran, Harpreet Singh have launched a new company called Launchable https://launchableinc.com Launchable aims to help you improve your delivery velocity by prioritizing and applying some ML and intelligence to testing. There is still much work to be done but with these two industry luminaries behind it, the expectations are high for something impactful. The VC community and a blue chip list of investors are already on board. Yes this means KK is no longer at CloudBees (several CloudBees execs are investors in Launchable)and Jenkins, while he is still an advisory. But with Jenkins now in the capable hands of the CDF and Linux Foundation and CloudBees well established, he felt this was a good time to pursue an issue he thinks needs to be solved. Hear from KK and Harpreet themselves in this great podcast.

Walkme recently announced a funding round of 90 million dollars bringing their total raise to over $300 million. But according to Rephael Sweary, that is great but the real measure of Walkme's success is their annual reoccurring revenue being over a $100m (which it is) and whether or not that company is helping their customers. In the case of Walkme, that are business's undergoing digital transformations and are looking to accelerate their digital platform adoption. Walkme has been a tremendous success no matter what yardstick you use. Listen to Rephael to understand better his view of the world and what is important for the coming times ahead.

DevSecOps has become a real thing over the last few years. The big shift has been making security tools that developers can use. ShiftLeft has been one of the leaders in this movement, recognizing that security had to shift left (hence the name). I had a chance to sit down right before the holidays with ShiftLeft CEO Manish Gupta about how the shift to developers using security tools is helping to make applications more secure.

Ken Rutsky is on a mission. In addition to being a master cybersecurity marketing ninja, Ken is also the founder of the Cybersecurity Go To Market Dojo. It is the hub of a community of cybersecurity marketers who seek to up their game and bring even more professionalism to cybersec marketing. Frankly, cybersecurity marketers get a bad wrap. Many of them have great technical chops. Just because they have marketing in their title don't assume they are not technical. Ken and the group are again putting on a great together on the Sunday of RSAC week. Also they will be doing a Cyber Marketer of the Year awards as well. Alan Shimel is one of the judges. You can find out more at https://www.gotomarketdojo.com/events/rsa2020-marketers-prefresher-happy-hour-the-marketer-of-the-year-awards

The Eclipse Foundation recently launched a new working group for Edge Native (https://edgenative.eclipse.org/). The mission is to deliver open source edge platforms now. I had a chance to sit down with the guests highlighted below to discuss. Enjoy. Mike Milinkovich, Executive Director, Eclipse Foundation Mike serves as the executive editor for the Eclipse Foundation. An influential voice in the open source and Java communities, Mike has worked tirelessly over the last two decades to help establish the open source model for software development. Outside of work, Mike's passions are his family, the family cottage and hockey (as a coach, player and fan) in pretty much that order. When he's not working, or traveling for work, you will probably find him involved in one of those three things. Kilton Hopkins, CEO and co-founder, Edgeworx Kilton started programming computers when he was 8 years old. That was 1986. He started a software company a few years later. The world is very different than it was back then

Sometimes the best way to accomplish something is to choose a path requiring the least friction, or amount of change. Qualys customers now have that path available to them in bring vulnerability scanning into Google Cloud Platform. Qualys' recent announcement means a one-click configuration change enables vulnerability scans in GCP with the results appearing in both Qualys Cloud Center and GCP Security Command Center. Join me on this DevOps Chats to explore this announcement with Sumedh Thakar, Qualys President and Chief Product Officer. We discuss Qualys' and Google's collaboration and how this benefits DevOps teams.

The increasing breadth and complexity of the environments we manage are nothing short of breathtaking. Understanding the security risks and applying policies across the cloud, multi-cloud, private clouds, and a plethora of software technologies is a challenge faced by every enterprise. vArmour recently announced version 5 of the vArmour Application Controller, which opens more significant access to vast amounts of information the Security Graph represents and organizes through its Security Graph and SDK. By streaming cloud, network, and agent information into the Security Graph, enterprises now have a centralized understanding of application relationships across their multi-cloud infrastructure, enabling centralized risk and policy management that is simple, accurate, and secure. Marc Woolward, vArmour CTO and CISO, and I discuss establishing abd assessing policies becomes more manageable through expanded access to information about software infrastructure, systems, environments across the organization. I

Application security is top of mind now more than ever. For more than a decade, Veracode examined increasing amounts of code as it passes through their source code vulnerability scanning service. During this period, automation is increasingly prevalent, making it easier to run scans more frequently and regularly. But has automation helped?. Is the software we create more secure? We gain key insights about this in Veracode's The State of Software Security Report X (10th edition). Chris Eng, Chief Research Officer at Veracode, joins us on DevOps Chats. We talk about many insights uncovered in the latest report, such as 50% of applications are accruing security debt over time, the regularity of scanning correlates to vulnerability fix times, and that scanning frequency directly impacts security debt. There is a wealth of information in the report, and you can get a jump on the key findings on this podcast episode with Chris. Download the full report at https://www.veracode.com/state-of-software-security-rep