Send us a text

In this must-listen episode of Relating to DevSecOps, Ken welcomes the ever-inspiring Tanya Janca, aka SheHacksPurple—author, AppSec expert, and champion of making security usable. Together, they dig into why so many application security policies fail, why developers ignore them, and how to make them actually work. Tanya shares real-world experiences from both dev and security perspectives, plus her journey from being ignored to lobbying governments for change.

From communication failures and TL;DR policy pages to leveraging wikis and code reuse, this episode is a practical masterclass in creating impactful, developer-friendly security standards.

Send us a text

In this episode of Relating to DevSecOps, Ken Toler and Mike McCabe dive deep into Google's blockbuster acquisition of Wiz.io for a reported $32 billion. They explore the implications for cloud security, the consolidation of the DevSecOps tooling landscape, and how this move compares to Google’s previous acquisitions like Mandiant and Chronicle. The duo debates the future of multi-cloud strategies, platform fatigue, and whether Wiz will remain the darling of the security community—or get lost in the labyrinth of Google Cloud products. With sharp insights and a dash of hot takes, they paint a picture of a cloud security ecosystem at a pivotal turning point

Send us a text

Welcome to 2025! Ken and Mike kick off the new year with their security resolutions (or lack thereof) before diving into the bittersweet farewell to ShmooCon, one of the most beloved hacker conferences. Ken shares his experiences from the final event, including insights on hardware hacking, radio security, and the unique hacker culture that made ShmooCon special.

They also unpack one of the most practical talks from the conference: a deep dive into open source security tools versus enterprise solutions, highlighting ways security teams can cut costs without sacrificing effectiveness. Speaking of open source, the hosts discuss the controversy surrounding Semgrep’s licensing changes and the rise of OpenGrep, the latest community-driven fork in response to closed-source shifts—drawing parallels to the Terraform/OpenTofu saga.

Finally, the duo explores cyber risk from an insurance perspective, breaking down how breaches translate into real-world financial costs (hint: mailing breach notifications alone could bankrupt you). Whether you're a security pro, an open source advocate, or just here for the ShmooBall nostalgia, this episode has something for you!