The Security Repo

In this week's episode of the Security Repo Podcast, we dive into an unusual topic for the program, navigating the US immigration system and the challenges that many security professionals working in the US face. Join us as we discuss how to apply lessons from the world of pentesting to succeeding in the face of bureaucracy. We are joined by José A. Martinez. José is the owner of too many Pokemon games which he still hasn’t played. Born in Mexico but raised in Chicago, José loves guitars, books, cameras, and trying out new food. José worked in retail before transitioning to information security as an apprentice in a consulting firm, where he currently focuses on web application pentesting as a senior delivery analyst. Links mentioned in this episode: https://www.linkedin.com/in/jose-martinez-castro/

In this week's episode of the Security Repo Podcast, we turn our attention to STIR/SHAKEN, a requirement for US cell phone carriers that has been implemented to stop SPAM robocalls. We also look at password policies and research into how to make better passwords. We are joined by Per Thorsheim. Per is the founder and main organizer of PasswordsCon, the first conference dedicated to passwords, pins and anything related to digital authentication. He has been working in infosec for 30 years, and claims to know your next password. His bio on Linkedin has more information if you’re interested. Links mentioned in this episode: https://www.linkedin.com/in/thorsheim/ https://mastodon.social/@thorsheim https://www.fcc.gov/call-authentication

In this episode of The Security Repo Podcast, we look at how we satisfy the goals of compliance and security, which might seem like they would be the same thing, yet are not. We are joined by David Hawthorne. David is a technology factotum with 20 years of experience across system administration, data and software architecture, and DevOps. As the Director of Cloud Engineering at O3 Solutions, David successfully led SOC 2 and GRC initiatives. He is dedicated to delivering business value through automation and analytics and actively contributes to the DevSecOps and data communities as a speaker and mentor.We will discuss the role of the compliance audit and what frameworks like SOC2 were supposed to solve. We dive into the approach of supporting and empowering teams as a lifeguard as opposed to being a police officer yelling "no" all the time. By the end, David shares some practical advice for growing your team and staying safe as you scale.Links mentioned in this episode:http://davidhawthorne.comhttps://github.com/shellninja

In this episode of The Security Repo Podcast, we broach a wide variety of topics, ranging from The Theory of Constraints, source control horror stories, and using scorecards to drive cross-team success. We are joined by Justin Reock, the Head of Developer Relations for Cortex.io. He is an outspoken speaker, writer, and software practice evangelist. He has over 20 years of experience working in various software roles and has delivered enterprise solutions, technical leadership, and community education on a range of topics.  We start by talking about how the work of Ed Deming translates into modern software workflow and what that means for security. Branching from there, we dip into how developer and build tooling can and should include security. The one thing all developers have in common is source control, and Justin's background lets him share a few stories that are not to be missed. We end with a new twist on Best Advice/Worst Advice that gives us deeper insight into our guest. Thanks for tuning into this episode. Links mentioned in this episode: https://www.linkedin.com/in/justinreock/ OpenRewrite and Modern https://www.moderne.ai/blog/overview-... Pre-frontal cortex podcast - https://podcasts.apple.com/us/podcast... IDPcon.com - https://idpcon.com/