Best DevSecOps Podcast Series Podcasts (2025)

1
Making Process Respectable Again: Advancing DevSecOps in the DoD Mission Space 44:26

15d ago44:26

44:26

Warfighters in the Department of Defense (DoD) operate in high-stakes environments where security, efficiency, and speed are critical. In such environments DevSecOps has become crucial in the drive toward modernization and overall mission success. A recent study led by researchers at the Carnegie Mellon University Software Engineering Institute (SE…

1
The Magic in the Middle: Evolving Scaled Software Solutions for National Defense 21:25

1d ago21:25

21:25

A January 2025 Defense Innovation Board study on scaling nontraditional defense innovation stated, “We must act swiftly to ensure the DoD leads in global innovation and competition over AI and autonomous systems – and is a trendsetter for their responsible use in modern warfare." In this podcast from the Carnegie Mellon University Software Engineer…

1
An Introduction to the MLOps Tool Evaluation Rubric 1:00:23

1d ago1:00:23

1:00:23

Organizations looking to build and adopt artificial intelligence (AI)–enabled systems face the challenge of identifying the right capabilities and tools to support Machine Learning Operations (MLOps) pipelines. Navigating the wide range of available tools can be especially difficult for organizations new to AI or those that have not yet deployed sy…

1
Is AI ready for DevOps? 25:39

16d ago25:39

25:39

Bret and Nirmal are at KubeCon London and record their ideas about how AI Agents are about to change DevOps, platform engineering, SRE, automation, troubleshooting, and more. Creators & Guests Bret Fisher - Host Beth Fisher - Producer Cristi Cotovan - Editor Nirmal Mehta - Host (00:00) - Intro (03:10) - Understanding AI Agents (09:53) - The Future …

1
Deploying on the Edge 1:01:02

22d ago1:01:02

1:01:02

Deploying cloud-centric technologies such as Kubernetes in edge environments poses challenges, especially for mission-critical defense systems. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Patrick Earl, Doug Reynolds, and Jeffrey Hamed, all DevOps engineers in the SEI's Software Solutions Division, sit d…

1
The Trailer for Agentic DevOps Podcast 2:56

24d ago2:56

2:56

By Bret Fisher

1
The State of DevSecOps in the DoD: Where We Are, and What’s Next 58:42

1M ago58:42

58:42

DevSecOps practices foster collaboration among software development, security, and operations teams to build, test, and release software quickly and reliably. A high-stakes, high-security environment has challenged the implementation of these practices within the Department of Defense (DoD). The DoD Chief Information Officer (CIO) organization part…

1
I Spy with My Hacker Eye: How Hackers Use Public Info to Crack Your Creds 57:16

1M ago57:16

57:16

Did you know there are 500 million tweets per day? 3 billion monthly active Facebook users? 1 billion LinkedIn members? Are you one of them? In this webcast, Destiney Marie Plaza reveals how a hacker can use seemingly benign public information to customize an attack on a victim by showing a scenario-based attack and demo (using free and open-source…

1
The Best and Brightest: 6 Years of Supporting the President’s Cup Cybersecurity Competition 21:40

1M ago21:40

21:40

A strong cyber defense is vital to public- and private-sector activities in the United States. In 2019, in response to an executive order to strengthen America’s cybersecurity workforce, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) partnered with the SEI to develop and run the President’s Cup Cyberse…

1
A New Performance Zone for Software for National Security 1:02:23

1M ago1:02:23

1:02:23

Today, we have seen our national security organizations working to adopt modern software practices, particularly Agile methods and DevSecOps practices, efforts challenged by a mismatch of tempos between operational needs and development processes. The newly mandated Software Acquisition Pathway helps to align those tempos. However, to sustain a com…

1
AI Native Dev: Shaping the Future of AI-First Software Development - DevOps Chats Episode 12 35:55

2M ago35:55

35:55

In this episode of DevOps Chats, Alan speaks with Patrick Debois, the man who coined the term DevOps to talk about his new passion AI NativeDev. Beyond giving it a name, Patrick has always been one of the leading lights of the community. After 12+ years in DevOps thought, Patrick’s enthusiasm was starting to wane. AI has reignited that and his crea…

1
Identifying and Mitigating Cyber Risk 47:33

2M ago47:33

47:33

An organization’s cyber risk management practices must be rooted in organizational goals to be truly effective. In this webcast, Matt Butkovic, Greg Crabbe and Beth-Anne Bygum explore how best to align business and resilience objectives.By Matt Butkovic, Greg Crabbe and Beth-Anne Bygum

1
Updating Risk Assessment in the CERT Secure Coding Standard 26:04

2M ago26:04

26:04

Evaluating source code to ensure secure coding qualities costs time and effort and often involves static analysis. But those who are familiar with static analysis tools know that the alerts are not always reliable and produce false positives that must be detected and disregarded. This year, we plan on making some exciting updates to the SEI CERT C …

1
Delivering Next Generation Cyber Capabilities to the DoD Warfighter 27:16

2M ago27:16

27:16

In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Gregory Touhill, director of the SEI CERT Division, sits down with Matthew Butkovic, technical director of Cyber Risk and Resilience at CERT, to discuss ways in which CERT researchers and technologists are working to deliver rapid capability to warfighters in …

1
Cyber Maturity Model Certification (CMMC): Protecting the Nation’s Defense Industrial Base 28:02

2M ago28:02

28:02

The Defense Industrial Base (DIB) is a core element of the national security ecosystem. This point of intersection between private industry and the Department of Defense is a perpetual target for the Nation’s adversaries. In this Intersect, Matthew Butkovic and John Haller explore the development, and implementation, of the Cyber Maturity Model Cer…

1
Threat Hunting: What Should Keep All of Us Up at Night 57:09

3M ago57:09

57:09

When it comes to recognizing threats, cybersecurity professionals may become distracted by big promises or ignore some obvious inspections. New claims made by the latest and greatest new apps draw attention away from network situational awareness best practices—like a dog distracted when it spots a squirrel. We also may deviate from making routine …

1
Getting the Most Out of Your Insider Risk Data with IIDES 39:14

3M ago39:14

39:14

Insider incidents cause around 35 percent of data breaches, creating financial and security risks for organizations. In this podcast from the Carnegie Mellon University Software Engineering Institute, Austin Whisnant and Dan Costa discuss the Insider Incident Data Expression Standard (IIDES), a new schema for collecting and sharing data about insid…

1
Can a Cybersecurity Parametric Cost Model be Developed? 56:25

3M ago56:25

56:25

Can a cybersecurity parametric cost estimation model be developed? Every Department of Defense (DoD) program needs to account for, credibly estimate, budget/plan for, and assess the performance of its cybersecurity activities. Creating a cybersecurity parametric model would allow DoD programs to reliably estimate the effort and cost of cybersecurit…

1
Grace Lewis Outlines Vision for IEEE Computer Society Presidency 18:14

3M ago18:14

18:14

Grace Lewis, a principal researcher at the Carnegie Mellon University Software Engineering Institute (SEI) and lead of the SEI’s Tactical and AI-Enabled Systems Initiative, was elected the 2026 president of the IEEE Computer Society (CS), the largest community of computer scientists and engineers, with more than 370,000 members around the world. In…

1
Elements of Effective Communications for Cybersecurity Teams 34:00

4M ago34:00

34:00

Communications, both in times of crisis and during normal operations, are essential to the overall success and sustainability of an incident response or security operations team. How you plan for and manage these communications and how they are received and actioned by your audience will influence your trustworthiness, reputation, and ultimately yo…

1
Improving Machine Learning Test and Evaluation with MLTE 29:06

4M ago29:06

29:06

Machine learning (ML) models commonly experience issues when integrated into production systems. In this podcast, researchers from the Carnegie Mellon University Software Engineering Institute and the U.S. Army AI Integration Center (AI2C) discuss Machine Learning Test and Evaluation (MLTE), a new tool that provides a process and infrastructure for…

1
DOD Software Modernization: SEI Impact and Innovation 27:12

4M ago27:12

27:12

As software size, complexity, and interconnectedness has grown, software modernization within the Department of Defense (DoD) has become more important than ever. In this discussion moderated by Matthew Butkovic, technical director of risk and resilience in the SEI CERT Division, SEI director Paul Nielsen outlines the SEI’s work with the DoD on sof…

1
DevOps Thrives and Software Supply Chain is the SBOM 17:06

4M ago17:06

17:06

Mitch and Alan discuss what's required to take a holistic approach to software supply chain security and how DevOps has not only survived, but thrived as it's adapted over the years and helped for new XOps variations and platform engineering.By DevOps.com

1
Platform Engineering Scales DevOps and the AI Dev Bubble 25:16

4M ago25:16

25:16

After a brief podcast hiatus, Mitch and Alan discuss why it isn't a DevOps versus platform engineering debate. Rather, platform engineering helps scale DevOps, among PE's many, many benefits. They discuss the launch of platformengineering.com and its new podcast. They also delve into the debate about AI's impact on software development.…

1
Operational Resilience Fundamentals: Building Blocks of a Survivable Enterprise 52:07

4M ago52:07

52:07

Surviving disruptive cyber events requires a specific form of planning. One must strike a balance between defending against threats (e.g., managing conditions) and effectively handling the effects of disruption (e.g., managing consequences). Employing a model (such as the CERT Resilience Management Model) provides a catalog of practices and a syste…

1
Integrating AI Co-Pilots and DevSecOps 25:45

4M ago25:45

25:45

In this episode of DevOps Chats, Alan Shimel and Mitch Ashley discuss the rapid integration of AI co-pilots in software tools, emphasizing the need for a unified AI interface to streamline user experience. They explore the evolving concept of DevSecOps, advocating for a holistic approach that includes both software development and underlying toolch…

1
Cybersecurity Priorities in 2025 32:21

4M ago32:21

32:21

Chief Information Security Officers (CISOs) perpetually navigate a dynamic set of challenges. Applying focus and aligning resources is imperative for success. In this Intersect, Matthew Butkovic and Gregory Touhill, reflect on 2024 and explore the topics that should be front of mind for CISOs in 2025. They provide insights and advice for those cont…

1
Understanding the Need for Cyber Resilience: A Conversation with Ray Umerley 53:02

5M ago53:02

53:02

No organization can comprehensively avoid disruptive cyber events. All must strive to maintain operational resilience during times of organizational stress. Ransomware incidents create disruption that can be fatal to the unprepared. In this webcast, we explore how to maintain operational resilience during a ransomware incident. Experts with varied …

1
Exploring the Fundamentals of Counter AI 27:57

6M ago27:57

27:57

As the strategic importance of AI increases, so too does the importance of defending those AI systems. To understand AI defense, it is necessary to understand AI offense—that is, counter AI. In this session, Matthew Butkovic, CISA, CISSP, technical director for risk and resilience, and Nathan VanHoudnos, senior machine learning researcher explore t…

1
ep2024-12 Tanya Janca: Happy Holidays are Secure Code 1:00:13

6M ago1:00:13

1:00:13

Some production issues caused this one to slip to December so the intro is a bit off but this is still a great episode. So, learn some lessons on creating secure code from one of my favorite guests: Tanya Janca. It was hard to keep this one to its current length as Tanya is such a great person to talk to for any reason. Enjoy and happy holidays!Sho…

1
Securing Docker Containers: Techniques, Challenges, and Tools 39:09

6M ago39:09

39:09

Containerization allows developers to run individual software applications in an isolated, controlled, repeatable way. With the increasing prevalence of cloud computing environments, containers are providing more and more of their underlying architecture. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Sasa…

1
An Introduction to Software Cost Estimation 22:55

7M ago22:55

22:55

Software cost estimation is an important first step when beginning a project. It addresses important questions regarding budget, staffing, scheduling, and determining if the current environment will support the project. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Anandi Hira, a data scientist on the SEI…

1
Cyber Challenges in Health Care: Managing for Operational Resilience 53:37

8M ago53:37

53:37

Health-care organizations are seemingly besieged by a complex set of cyber threats. The consequences of disruptive cyber events in health care are in many ways uniquely troubling. Health-care organizations often face these challenges with modest resources. In this webcast, Matthew Butkovic and Darrell Keeling will explore approaches to maximize ret…

1
ep2024-10 Don't be Scared, It's just a Pen Test with Brad Causey 37:19

8M ago37:19

37:19

There's no reason to be scared about a pen test - especially when it's run by a professional like Brad Causey. I catch up with Brad in this episode to discuss what's recently changed in pen testing in how you test and people's motivations for hiring a pen testing. Interesting and not spooky at all.Show Links:Brad on LinkedIn- https://www.linkedin.c…

1
Independent Verification and Validation for Agile Projects 1:02:23

8M ago1:02:23

1:02:23

Traditionally, independent verification and validation (IV&V) is performed by an independent team throughout a program’s milestones or once the software is formally delivered. This approach allows the IV&V team to provide input at the various milestone gates. As more programs move to an Agile approach, those milestones aren’t as clearly defined sin…

1
Cybersecurity Metrics: Protecting Data and Understanding Threats 27:00

8M ago27:00

27:00

One of the biggest challenges in collecting cybersecurity metrics is scoping down objectives and determining what kinds of data to gather. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Bill Nichols, who leads the SEI’s Software Engineering Measurements and Analysis Group, discusses the importance of cyber…

Podcasts Worth a Listen

DevSecOps Podcast Series

Podcasts Worth a Listen

Quick Reference Guide