DevOps Chat

As any CIO knows, a data management architecture is essential to caring for one of the organization's most valuable assets: data. Data management sounds simple but it's not. Backup and recovery, disaster recovery, data retention, governance, e-discovery... all are parts of any effective data protection strategy. As businesses move and grow their presence in the cloud, the same capabilities apply in this very dynamic and elastic environment. Recently, Druva received another investment round of $130m led by Viking Global. Mike Palmer, Druva Chief Product Officer, joins us on this episode of DevOps Chat where we talk about Druva's planned use of those funds, and Druva's approach to providing a SaaS-based data protection platform.

Network technology has undergone its own transformation in parallel with cloud infrastructure, how we create software, and the adoption of DevOps. SDN, NFV, virtual network appliances, and an ever-expanding suite of APIs making network and security technologies much more accessible to developers. Network engineers' worlds are rapidly changing too. From highly skilled to associate-level, all network engineers are faced with building up a new and necessary skill: software development. Learning software dev can be a daunting, even intimidating proposition even for someone already skilled in the network engineer domain. So, how do we lift up the community of network engineers and help them build their development chops? How can software and DevOps engineers easily get access to all the programmatic interfaces that configure, manage and control the network? These questions and more we explore with Susie Wee, Founder, Senior Vice President, and CTO of Cisco DevNet. DevNet is an online resource full of information for app developers, infrastructure developers, and network and DevOps engineers. On DevNet you'll find training (Python, API, and more), sandboxes for experimentation, code exchanges (including GitHub), CI/CD, and new Cisco certifications for software. Check out DevNet at https://developer.cisco.com.

It's easy to forget not everyone started their move to the cloud eight or even ten years ago. Early adopters have a wealth of experiences that can benefit newcomers and experienced teams alike. A preview to August 14th's webinar "Top 5 AWS Security Mistakes and How to Stop Them Before You Lose Data", DisruptOps CEO Mike Rothman joins us on DevOps Chat. In this episode, we reflect on learnings and knowledge Mike and co-founder Rich Mogul incorporated into their product DisruptOps Guardrails. Be sure to register for the Aug. 14th webinar at https://webinars.devops.com/top-5-aws-security-mistakes-and-how-to-stop-them-before-you-lose-data.

In a world where our apps are stitched together from a various building blocks, why wouldn't we do the same with Kubernetes? Operators make this possible. We spoke with Rob Szumski of IBM RedHat OpenShift team about the groundbreaking work he and the OpenShift team have been doing with bringing an entire library/repo of Operators for Kubernetes that will make it easier and faster to deploy and use Kubernetes. Low code/no code is the wave and now you can ride it with Kubernetes too. Have a listen.

The tribe at Armory (https://armory.io) announced their $28m series B funding, led by Insight Partners. Armory enables continuous software delivery at enterprise scale, powered by Spinnaker. That is a crisp mission statement, but beyond that Armory is bringing the open source Spinnaker to the enterprise market. As such they are also helping the entire Spinnaker community and as part of this the entire CD market. They are members of the CD Foundation, part of the Linux Foundation as well. I had a chance to catch up with their founder/CEO, DROdio and VP of marketing, Carl Landers to talk about Spinnaker, CD and the state of software delivery. BTW, if you are interested in learning more about Spinnaker and will be in San Diego for CloudNative.com/KubeCon, the Spinnaker Summit is the weekend before. The Armory folks have been nice enough to arrange a 20% discount if you would like to go: https://www.eventbrite.com/e/spinnaker-summit-2019-tickets-57895274324?discount=ARMORYAUGUST20 The code for discount is ARMORYAUGUST20. Also you can join the Spinnaker slack channel at: http://join.Spinnaker.io i

Martin McKeay, a cybersecurity veteran, joins us to review Akamai's latest State of The Internet report (SOTI). This SOTI edition, dubbed Financial Services Attack Economy, highlights the vast array of cyber attacks targeted at the financial systems ecosystem over the past 18 months. Martin highlight from the report includes readily available lists of compromised user IDs and passwords, stuffing attacks, low cost or free All-In-One (AIO) attack tools, and the characteristics of phishing attacks against enterprises versus financial institutions. And more. Join us on this episode of DevOps Chat with Martin McKeay, Editorial Director, Akamai. The full report is available at www.akamai.com/soti/

Michael Coates is on a mission, a journey, an unassailable quest. You don't come away from senior security leadership roles at Twitter and Mozilla without some real-world lessons of how to improve cybersecurity. Those lessons inspired our guest Michael Coates, former Twitter CISO, to co-found his new startup Altitude Networks. While we don't yet know all the details about Altitude Networks, we know Michael is addressing the protection of data when using cloud collaboration software like Google Drive, Box, Dropbox, Office 365 and other online collaboration services. Michael shares with us the lessons he learned from security roles at Twitter and Mozilla is applying at Altitude Networks. Security products need to be designed to solve problems and alleviate work, not make work. And security needs to enable end-users to get their work done and not interrupt them with confusing popups, options, and decisions most end users won't understand. Join us on this episode of DevOps Chat to get the latest on Michael Coates and his new company Altitude Networks. You can sign up for Michael's new newsletter at https://hubs.ly/H0jvMBN0 .

Agile, DevOps, multiple cloud providers, serverless, contemporary cloud native apps, shadow IT using a credit card…it can be daunting for any IT organization to be responsive to the internal customer needs. It’s even tougher to be proactive and get ahead of the curve. Enter Cloud Management Platforms (CMP). On this episode of DevOps Chat, we talk with Bernard Sanders (no, not the presidential candidate), CTO of CloudBolt. Our conversation explores how IT can use a CMP to provide the IT and self-service capabilities so DevOps and Agile teams won’t feel the pain and slowdown of IT past. Learn more about CloudBolt’s products at www.cloudbolt.io.

Should we secure containers? How do we secure containers? How do we secure serverless computing architectured apps? With code repositories growing rapidly with each container we create, our guest John Kinsella, VP of Engineering - Container Security at Qualys, has some sage advice for securing containers. Containers are not intended to isolate code from security vulnerabilities, containers are designed for packaging and use. Which of my containers have a vulnerable version of OpenSSL installed in them? Integrating vulnerability scanning into the CI/CD process gives developers information to catch vulnerabilities in open source code before it hits production. Join us on this episode of DevOps Chat as we dive into the container security insights John Kinsella of Qualys has to offer.

RSAC 2019 APJ in Singapore is coming up and we’re lucky enough to preview a talk by Derek Manky titled "Flash War: Tapering an Accelerating Attack Chain." The speed at which networks are attacked, compromised and then intruders spread laterally is increasing rapidly. Add swarm technologies with AI machine learning and automation and the future holds a world where attacks that take days, hours or minutes today could laterally happen in fractions of a second tomorrow. House of Mirror defenses (yes, the network security equivalent of Bruce Lee’s Enter The Dragon mirror room) and other deceptions techniques step up to the challenge of tapering this accelerating attack chain. On this episode of DevOps Chats, Derek Manky, Chief of Security Insights at Fortinet previews his RSAC 2019 APJ Preview talk, Flash War: Tapering an Accelerating Attack Chain, scheduled at 1:15pm on July18th in Singapore. Join us on this podcast and at Derek’s RSA talk.

RSA Asia Pacific & Japan Conference 2019 in Singapore promises exciting and engaging sessions. A likely popular and possibly controversial talk will be “The Future of AppSec is Cloud Native.” Co-Presented by Jimmy Mesta (CEO and co-founder Ksoc and CTO at Manicode Security) and Jim Manico (Founder and trainer at Manicode Security), this talk makes the bold assertion that how we build cloud native applications will establish the new benchmark for application security. On this episode of DevOps Chats, Jimmy and Jim preview their RSA APJ 2019 talk, set out the case for why cloud native is the future for AppSec, and entice all of us to come learn more at their session on July 18 at 4:30pm. We hope to see everyone at their talk at RSA APJ 2019.

Our podcast guest believes the world changed “on a Tuesday" six months ago when the enterprise move to the cloud became imperative, not just an aspirational goal. That eureka moment was enough to pull Steve Mullaney off the sidelines and back into the game as CEO of Aviatrix after successful executive gigs at Palo Alto Networks and Nicira. Go-build might be a wonderful approach for cloud-native apps, but enterprises want the framework laid out ahead of their move to the cloud. Think enterprise cloud IT reference architecture, much like Cisco provided for enterprise IP networks, DEC mainstreamed for client-server, and IBM established for mainframe computing. You have to “bring the cloud to them.” That enterprise cloud reference architecture is what Aviatrix targets, in the same buy-with-a-credit-card model that fueled customers’ unfettered move to AWS. On our DevOps Chat podcast episode, Steve Mullaney, CEO of Aviatrix, talks about what enterprises want in a true enterprise multi-cloud backbone to support their needs. Additional information about Aviatrix offerings is available at www.aviatrix.com.

Secure software depends on people finding vulnerabilities and deploying fixes before they are exploited in the wild. This has lead to a world of security researchers and bug bounties directed at finding new vulnerabilities. As dedicated as security researchers are, there is a vast ocean of software in existence, waiting for someone to find and exploit the next security vulnerability for profit or nefarious uses. With autonomous vehicles on the horizon, is there an autonomous solution to finding and fixing software vulnerabilities? Enter DARPA Cyber Grand Challenge winner “Mayhem”, created by a team of researchers from Carnegie Mellon University who spun out security startup ForAllSecure. And they have a BHAG (Big Hairy Audacious Goal). "Our vision is to check the world’s software for exploitable bugs so they can be fixed before attackers use them to hack computers”. Mayhem has moved on from capture the flag contests to observing and finding vulnerabilities in DoD software and is working its way to corporate systems. In this episode of DevOps Chats we talk with David Brumley, ForAllSecure co-founder and CEO, and CMU professor about the technology behind Mayhem, how it observes software as it executes, and injects changes to effect and observe new and potentially exploitable behaviors. More information about Mayhem is also available at www.forallsecure.com.

Wouldn’t it be helpful to know if other cloud users are seeing the same or similar attacks that you are? Security intelligence about cloud applications beyond just those you own and operate as an enterprise opens up a new dimension in attack visibility against an even large sets of cloud apps. Sumo Logic announced its extending their machine analytics and intelligence platform to include AWS Guard Duty during AWS re:Inforce 2019. Dubbed Global Intelligence Service for Amazon GuardDuty, the new service is more than just a data aggregation and reporting play. The new service provides additional context around GuardDuty data by reporting attack information across multiple Sumo Logic customers using AWS GuardDuty. Essentially a “crowdsourcing” approach to reporting threat intelligence across the cloud. In this episode of DevOps Chat, David Andrejewski, Senior Engineering Manager at Sumo Logic, joins us to talk about this new, more expansive threat intelligence service. More information about Global Intelligence Service for Amazon GuardDuty is available in the press release and website at https://www.sumologic.com/application/aws-guardduty/ .

Making sure our applications are secure during runtime is of course important but how do we shift left so security is built into containerized, serverless applications? Lacework announced the addition of build-time security capabilities which complement their existing run-time offering for cloud, container and hybrid environments. This “shift left” will provide security and compliance visibility across the enterprise’s infrastructure footprint, from development to runtime, and for cloud, container, bare metal, and hybrid environments. On this DevOps Chats episode, we talk with Lacework CEO Dan Hubbard about some of the challenges in moving security earlier in the DevOps process, and the benefits of examining security and vulnerabilities in both dev and runtime environments. More information about the announcement is available at http://www.lacework.com.

Introducing chaotic, unpredictable test software into your methodical testing regime is a good idea, right? Yes, it's a branch of testing called Chaos Engineering, or Chaos Testing. Netflix's Chaos Monkey famously introduced many of us to the idea that resilient systems, networks and software become more resilient and less brittle if we use chaotic testing methods to find their weak points before customers do. An innovative engineer at xMatters launched a new open source chaos testing tool named after H.P. Lovecraft's nightmarish character Cthulhu. Cthulhu is designed to test across multiple cloud providers, initially supporting Google Cloud with plans to support Amazon Web Services. It's open source, free to use, looking for more contributors, and is available on GitBub. We are joined on this DevOps Chats by Tobias Dunn-Krahn, CTO, and Gabrielle Gasse, lead engineer on the Cthulhu open source project, both at xMatters.

As more and more of the components that make up the applications we use are open source, the need to secure these open source components increases. Of course Equifax is the poster child for this issue. Checkmarx, one of the leaders i application security scanning has had an open source scanning module for sometime. They have now updated that with a new homegrown engine that greatly improves the ability for their scanner to detect open source vulnerabilities in your applications. https://www.checkmarx.com/press-releases/checkmarx-makes-sca-market-waves-with-enhanced-open-source-security-offering In this DevOps Chat we speak with Matthew Rose of Checkmarx about what this means for you.

Agility, DevOps and Digital Transformation are racing into the mainstream. You know that’s the case when enterprise technology suppliers shift and adapt their strategies from infrastructure software to platforms for application delivery. That’s certainly been the case with SUSE, a company we’ve know for a long time going back to its Linux distribution origins. Adoption of contemporary software technologies such as Kubernetes containers presents another investment decision. Do you download, build, maintain and support your installation of Kubernetes or do pre-integrated and supported solutions enable you to speed up building and delivering applications. A control versus speed argument. On our DevOps Chat podcast we explore these paths; when its preferable organizations build from open source resources, when to utilize a Containers as a Service offering, or when an application delivery platform with support from a trusted supplier is best. Joining me in the discussion is Jennifer Kotzen, Senior Product Marketing Manager at SUSE. You can find out more about SUSE's offerings at https://www.suse.com.

SignalFx just announced a $75m dollar round of financing, bringing their total raise to date to $179m. This is an impressive war chest that allows SignalFx to continue it mission of bringing next generation Cloud Monitoring to large enterprises. In this DevOps Chat we sat down with SignalFx CEO and co-founder, Karthik Rau to discuss what were the big trends he and the team bet on early in SignalFx's development which have allowed them to capitalize on the opportunity in the cloud monitoring market. Karthik also gives us his vision for where the market is heading and what SignalFx is going to use these funds for to stay at the forefront. Congrats to Karthik and the SignalFx team.

DevOps and Agile are all about making software cycles short and dynamic, empowering development teams to rapidly iterate, leveraging tools with fewer burdens and reliance on outside organizations. It's the dev + ops combination that is so powerful. But what about security, specifically the identity of physical and virtual devices, containers and micro services? Digital certificates are a key asset in managing device identity but traditional tools and processes may not fit the speed and dynamic nature of today's cloud native software. Our guest on DevOps Chats is Sandra Chrust, Senior Product Marketing Manager at Venafi. Sandra shares with us lessons learned to more easily manage device identities in DevOps and Agile environments, leveraging tools that provide self service portals, APIs and SDKs for automation. No more support tickets!

Dynatrace is a company that really reinvented itself as it saw the world it played in changing over the last few years. They moved from tracing and APM to what they call Software Intelligence and Smart Monitoring. In this DevOps Chat we sat

Mark Schwartz is one of the rare individuals who is not only a great IT exec but can also analyze what works and doesn't work and write it up in a way that helps others. His "A Seat at the Table" is still one of my favorite DevOps books. Mark's new book is called War, Peace & IT. You can download an excerpt of it here: https://dl.orangedox.com/WarPeaceITExcerpt We speak with Mark about the book and some of the lessons behind it. Have a listen and check out the book ASAP

Machine data comprises a vast array of data sources including logs, messages, events, telemetry data, and application and domain-specific relevant data. Aggregating all of these types of data, from sources across the enterprise and devices connected to our networks, brings opportunities to create intelligent analytics and new insights for use by the business, service delivery, security, devops and IT operations. In this Devops Chat we talk with Colin Britton, Chief Strategy Office at Devo, exploring how organizations are combining machine data with analytical and visualization tools to elevate the value IT brings to the business. You may recall Devo CEO Walter Scott joined us on a previous Devops Chat. Its a fascinating topic so have a listen and check out Devo at devo.com

Adopting devops means changes from how you build software to organizational processes and cultural behaviors. Large enterprises have even greater challenges to overcome including supporting a large number of applications and addressing technical debt while also taking on new development initiatives like digital transformation. What can we learn from experienced devops practitioners? In this DevOps Chat we spoke with Mark Levy, Director of Strategy, Software Delivery at Micro Focus, covering seven keys to successful devops implementations at large enterprises. You can find out more about the company at www.MicroFocus.com

Lumigo finds itself in the middle of one of the biggest waves in infrastructure deployment today, serverless. This is no accident, the company was started about a year ago with the mission of providing a serverless intelligence platform. The founders are ex-Checkpoint folks who saw the need for a best practices based platform to help deploy serverless payloads (apps) across different public cloud providers including AWS Lamdba, Azure and Google Cloud. In this DevOps Chat we spoke with Aviad Mor, CTO, co-founder of Lumigo about the company and the serverless market. You can find out more albout the company at https://lumigo.io

In this day in age to stay at one company for 19 years is remarkable. In the tech sector it is almost unheard of. But Rajalakshmi "Raji" Srinivasan has been with Zoho for that long. She is a terrific advocate for the company. Most recently she has worked with the Site24X7 (http://site24x7.com)team. We had a great chat about AIOps, DevOps and life. I think you will enjoy it.

Capsule8 is focused on protecting Linux infrastructure whether in the cloud, in containers or even bare metal. The team is make up of industry veterans who understand the problems security pros face, as well as the frustrations of developers, devops and sys admins deal with every day. Their approach is more of a shift right DevSecOps, focusing on detecting attacks, threats and vulnerabilities on production infrastructure. I spoke with co-founder & chief architect, Pete Markowsky in this DevOps chat. Have a listen and hopefully learn

If you have massive amounts of data Devo wants to help. The company was founded in Madrid and specializes in the handling and processing of massive amounts of data. In this DevOps chat we spoke with Devo CEO Walter Scott to talk about the use cases for Devo in a data crazy world. Walter is a seasoned CEO in the tech sector. He knows a problem when he sees it and he thinks Devo is the answer. Have a listen to why and check out Devo at https://devo.com

The year 2019 is shaping up as a "coming home" year for Chef. After recently reaffirming its commitment to an open source strategy, they are gearing up for the best ChefConf yet. ChefConf is coming home to Seattle for 2019 and many of the Chef favorites including Adam Jacobs, John Willis and more will be speaking. I had a chance to catch up with Nell Shamrell-Harrington, Principal Software Development Engineer and Community Engineering Lead at Chef. Nell gave us a great preview of the whole event, as well as her own presentation and what her most anticipated sessions and activities are. You can still register for ChefConf, as well as get more information at: https://chefconf.chef.io/

Flashpoint is a business risk intelligence provider who has been protecting government and private sector assets for a long time. In fact to paraphrase Jack Nicholson in A Few Good Men, "we have been sleeping under the blanket of their security" for a while now. I had a chance to catch up with co-founder and CEO Josh Lefkowitz and discuss Flashpoint's offerings. They recently upgraded their dashboards to give users more info tailored to their specific verticals and greater insight into risk intelligence. Have a listen

The Open Policy Agent (OPA) was accepted for incubation by the Cloud Native Computing Foundation ( https://www.cncf.io/blog/2019/04/02/toc-votes-to-move-opa-into-cncf-incubator/). In this chat we spoke with one of the founders of the project Torin Sandall about OPA and why the CNCF is the right place for OPA. We also discuss the company he works for Styra, that works with OPA.

Accelerate - The State of DevOps Report by Dr. Nicole Forsgren and the folks at Dora (now part of Google)is far and away the most widely cited research in the DevOps field. Dr Nicole and her team have brought scientific rigor to the survey over these past 6 years and the results show it. Here is your chance to shape the future of the DevOps market by taking 25 minutes of your time and take this years State of DevOps Survey. These reports are only as good as the info they gather. So have a listen to our conversation and then please go take the survey! https://bit.ly/2UzLMH2

In this DevOps Chat we met with Jonathan Fries, VP of Engineering and Digital Transformation at Exadel. Jonathan tells us about the new Innovation Lab by Exadel as a place for organizations to accelerate their transformation. We also talk about the state of IT in general from his perch at Exadel, a company with 20 years of empowering IT. You can find out more about the Innovation Lab at https://exadel.com/innovation-lab/.

At the recent Cloud Foundry Summit, IBM Cloud made several significant announcements enhancing the service from IBM and enriching the Cloud Foundry platform. In this DevOps Chat we caught up with Jason McGee, IBM Fellow, VP and CTO of IBM cloud to get all of the details.

As the move to Cloud Native accelerates we are seeing the rise of the cloud first architect and his impact on DevSecOps, cloud security and more. In this DevOps Chat we sat down with Chris Hines of ZScaler to explore the importance of this position and how security is working with Dev and DevOps to make us all more secure.

Aqua Security one of the leaders in container and cloud native security announced they have raised $62m in a "C" round of investment, led by Insight Partners. We spoke with Rani Osnat and Andy Feit of Aqua about how this validates the cloud native security field that Aqua has helped develop. This interview is also available in a video format on http://digitalanarchist.io and https://devops.com

In front of next month's ChefConf in Seattle (https://chefconf.chef.io/), Chef has announced a major refinement to its business model. Affirming and clarifying its commitment to open source business models, Chef will now and in the future release all of its software as open source. Speaking with Corey Scobie, SVP of products and engineering, he explains that Chef will be adding services, training and support to the open source software, as well as packaging all of this together. For the full story be sure to listen to the podcast and check out the video version of this interview along with accompanying slides on https://devops.com

Taking the lessons they learned heading Apples offensive security team the Sqreen founding team is moving Application Security Management (ASM) into the mainstream. They just announced a $14m series A investment led by blue chip VC firm Greylock Partners. In this DevOps Chat we speak with CEO and co-founder, Pierre Betouin about how Sqreen is filling a need in the AppSec market between WAFs, DAST, STAST, etc. that is vital to locking down our applications. For more info check out https://sqreen.com

In this DevOps Chat we speak with Keshav Vasudevan, product manager for performance testing at SmartBear. Keshav talks about the move to "end to end DevOps", the importance of shifting left with testing and the latest state of the art in Performance and load testing with SmartBear.

Asaf Cidon is the VP of Email Security at Barracuda. In this DevOps Chat we sat down with Asaf and spoke about what some of the new threats and up and coming attack vectors in email security are. Asaf is in a unique position at Barracuda to be on the front lines of the battle for email security. You can find out more about what Asaf and Barracuda are doing around email security at http://barracuda.com and their blog where Asaf frequently writes about new email security threats

WhiteSource has become a force in the security of open source components in your applications. One would think that it would follow that securing these open source components inside of a container would flow from this. But with containers, all is not always as it seems. Containers require a approach that is unique to containers. So the folks at White Source went to the lab and have engineered a solution that is container native and container specific. In this DevOps chat we speak with VP of Product David Habusha about White Source for Containers.

Simon Crosby has made a career of technology on the edge. From leading the charge with the Xen hypervisor to microVMs with Bromium and much more in between, Crosby has led some of the most innovative technology developers in the industry. He is now the CTO of SWIM.ai which is literally brining computing to the edge (almost an anti-cloud. This approach promises some revolutionary capabilities. If Simon is involved there is a good chance it will succeed as well. Have a listen to what Simon is all about now and check our more at https://www.swim.ai/

F5 Networks has acquired NGINX the leading open source web server player. The move clearly puts F5 in the DevOps space, as well as the open source market. In this DevOps Chat we speak with Lori MacVittie of F5 along with Sidney Rabsatt of NGINX. Some great insights into why this acquisition makes sense for both parties.

Yesterday saw the announcement of the CD Foundation, a new foundation under the auspices of the Linux Foundation. It will provide the home base for a vendor-neutral Continuous Delivery Foundation (CDF) committed to making it easier to build and reuse DevOps pipelines across multiple continuous integration/continuous delivery (CI/CD) platforms. The first projects to be hosted under the auspices of CDF includes Jenkins, the open source CI/CD system, and Jenkins X, an open source CI/CD solution on Kubernetes. Both were developed by CloudBees. Netflix and Google, meanwhile, are contributing Spinnaker, an open source multi-cloud CD solution, and Google is also adding Tekton, an open source project and specification for creating CI/CD components. Founding members of the CDF include Alauda, Alibaba, Anchore, Armory, Autodesk, Capital One, CircleCI, CloudBees, DeployHub, GitLab, Google, Huawei, JFrog, Netflix, Puppet, Red Hat, SAP and Snyk. In this chat we speak with KK, founder of Jenkins and CTO of Cloudbees and Tracy Miranda, Open Source Community Director for Cloudbees. They give us the insight behind the foundation and what the future may be for Jenkins, JenkinsX and Cloudbees

There are really only two repositories of any scale for software components today. The Nexus repo managed by Sonatype and the Artifactory artifact repo managed by JFrog. Up until now they were separate and apart, working with one was independent of another. In a big move towards keeping DevOps open, the Sonatype people have released a plugin that will allow their Nexus Firewall to work with Artifactory as well as Nexus. This means that users of both repos can now use the Nexus firewall to make sure that components or artifacts they download are in compliance with the policies they have set up. They can make sure there are no known vulnerabilities to the version you are downloading to use. This is really a big deal and kudos to Sonatype. In this DevOps Chat we speak with Wayne Jackson, CEO of Sonatype and Brian Fox, CTO and co-founder of Sonatype about what this means for the DevOps community.

I have known of Jeff Williams in the security industry for more than several years. He is a well respected thought leader in AppSec and OWASP. I finally got a chance to catch up with Jeff and talk with him about Contrast Security the company he co-founded and how it is helping.

In this DevOps Chat we speak with Cyara CEO and co-founder, Alok Kulkarni about how DevOps is helping in the customer experience arena. Cyara has carved out a leadership role in bringing DevOps to CX. Alok is a delight to speak with and very wired into this space.

The big news in DevOps today was the acquisition of Shippable by JFrog. This adds a CI/CD solution to the JFrog Enterprise + platform and further expands JFrog's end to end DevOps offering beyond Artifactory and more. In this DevOps chat we speak with Shippable CEO Avi Cavale, JFrog CEO Shlomi Ben Haim and JFrog VP of marketing , Ayally Goldschmidt about what was behind this acquisition and what are the plans going forward.

Agile has a bit of a longer history and subsequent maturity than DevOps. Despite this, how can organization now that it is in fact an "agile organization". What does that even mean? Our guest on this DevOps Chat is Jeff Dalton, founder of Broadsword consulting, author of Great Big Agile and founder of AgileCXO. Jeff shares with us his latest venture which is building AgileCXO into a worldwide movement to certify that organizations are in fact practicing Agile with best practices. Have a listen

Michael Stahnke has been with Puppet longer than just about everyone currently with the company. In his position as director of engineering he has had a front row seat as the DevOps market emerged and matures. In this DevOps Chat we speak with Michael about his own personal journey, what he is seeing in the market and the most recent State of DevOps report from Puppet.