Digging Into Security With Kat Cosgrove
Arrested DevOps hosts Kat Cosgrove and Matt Stratton examine the persistent challenges of security in DevOps, blending candid advice and humor on topics from container vulnerabilities to effective patching.
Digging Into Security With Kat Cosgrove
Featuring Kat Cosgrove (Head of Developer Advocacy at Minimus) and Matt Stratton (Solution Architect at Turbot)
Overview
In this episode of the Arrested DevOps podcast, Kat Cosgrove and Matty Stratton take a deep, practical look at security’s critical—and often stressful—role in modern DevOps. The discussion covers:
- Why container vulnerabilities are always appearing and how teams can realistically keep up.
- Techniques for responding to recurring security issues without falling into panic.
- The complex work of securing Kubernetes and containerized environments, with a clear recognition that there isn’t a “magic fix.”
- The importance of fostering an effective security culture amid constantly evolving threats.
- The realities professionals face, like having to patch the same vulnerability multiple times, and the relatable frustration of dealing with persistent CVEs.
Key Takeaways
- Vulnerabilities are a constant: Teams must expect and plan for ongoing discovery of security issues in containers and dependencies.
- Proactive response is critical: Building processes to react efficiently—without panic—is essential for both security and sanity.
- Securing cloud native environments is complex: There’s no simple solution; layered, ongoing effort is necessary.
- Security culture matters: Tools are only as useful as the team’s commitment and practices around them.
- Humor helps manage stress: Recognizing the stressful and sometimes absurd aspects of security work makes the challenges more manageable.
Practical Insights
- Patch management is ongoing—there’s rarely a final “fix.”
- Recognize security as an organization-wide concern, not just a specialized team’s job.
- Foster open dialogues about security to avoid blame and encourage learning from incidents.
- Invest in automating vulnerability scanning and remediation where possible.
About the Guests
Kat Cosgrove
- Head of Developer Advocacy at Minimus.
- Specializes in approachable technical content and deep dives on DevOps and cloud native history.
- Kubernetes Release Lead for v1.30 Uwubernetes, SIG Docs tech lead.
Matt Stratton (host)
- Solution Architect at Turbot.
- Organizer of DevOpsDays and experienced operations leader.
Listen & More
- Kat Cosgrove on Twitter
- Kat Cosgrove GitHub
- Kat Cosgrove LinkedIn
- Matt Stratton Twitter
- Matt Stratton GitHub
- Arrested DevOps Podcast
This summary was prepared for Tech Hub, focusing on technical insights for Microsoft consultants and developers drawn from industry-leading DevOps practitioners.
This post appeared first on “Arrested DevOps”. Read the entire article here