Security Superfriends Episode 9: Clint Gibler

In this episode, Rich interviews Clint Gibler, the head of security research for r2c who runs tl;dr sec. Learn more about the origin of Semgrep, and how it helps developers static test their code without being blocked by security.

Security Superfriends Episode 8: Randy Barr

InterVenn CISO Randy Barr talks about his career - from the Marines, to leading security for Webex when it was a small startup, to CISO for cloud security pioneer Qualys, to head of product and security ops at Zoom during the pandemic. Hear his thoughts on shifting security left for modern software development, and how to secure remote workers.


Security Superfriends Episode 7: James Sörling

Security architect and open source contributor James Sörling talks about open source tools that make high velocity development more secure.

A New Security Mandate for Scanning Infrastructure as Code

Scanning IaC should be a security mandate to reduce security risk for your organization. Learn how to get it done in a way that scales with modern software development.

The iacbot Security Practitioner Demo

Learn about iacbot – a free service making it easy for developers to secure their infrastructure as code - Terraform, Cloudformation, Kubernetes. Watch the demo, and give it a try.

Introducing iacbot

Introducing iacbot

Learn about iacbot - a free GitHub app that analyzes Terraform, CloudFormation and Kubernetes changes for security vulnerabilities and provides fast feedback directly in pull requests.

open source security tools

Modernize the Security Development Lifecycle!

Organizations need to modernize security for the software development lifecycle – automating security assessments throughout the SDLC. Soluble does this utilizing open source security solutions.

miles morales spiderman

Security Superfriends Episode 6: Rick Howard

Rick Howard, CSO, Senior Fellow, Chief Analyst, The CyberWire, shares his thoughts on The SolarWinds Breach, Supply Chain Risk, Cloud Native Development, and security books we all must read.

a rolling rock gathers no moss

Rob Schoening

Minimizing Tech Debt With IaC

Tech debt can accumulate quickly as teams use IaC to provision cloud infrastructure. Learn how to minimize tech debt and remediation work by catching and fixing security issues early in development.

Infrastructure as Code

Rob Schoening

A Guide to Open Source IaC Testing

Are You Using Infrastructure as Code (IaC), such as Terraform, CloudFormation, Helm, or Kubernetes? Read about available IaC security testing tools - like Terrascan, Checkov, TFLint, Tf-sec, Sentinel, and others – and how they compare. 

Rich Seiersen

Security Superfriends Episode 5: Chad Kalmes

Currently at PagerDuty, formerly at Twilio, Chad discusses how to manage cloud native security risk at organizations with high volume software development.