DevSecOops

This episode explores Wiz’s platform-driven approach to cloud security, emphasising its usability across multiple organizational roles — from developers to executives. Matt, a Principal Solution Engineer at Wiz, explains how the company provides comprehensive, real-time visibility into cloud environments (including multi-cloud and hybrid architectures), helping organisations identify high-risk vulnerabilities early in the software lifecycle — even before deployment. Key Discussion Points Wiz’s Core Value Proposition Wiz offers a cloud-native security platform designed to detect risks across infrastructure, applications, and configurations. The solution prioritises threats using risk context and attack path analysis, making security information relevant and actionable for both technical and business stakeholders. Executive-Level Adoption Matt notes strong engagement from CISOs, CTOs, and CIOs due to Wiz’s rapid time-to-value, easy implementation, and support for tooling consolidation. Executives appreciate how Wiz enables faster, safer adoption of new technologies, such as AI services, while maintaining governance and compliance. Developer Enablement A major focus is shifting security left by integrating it into developers’ workflows. Wiz provides clear guidance, risk prioritisation, and remediation suggestions, removing the need for developers to be security experts. This reduces friction between engineering and security teams, traditionally a major operational challenge. Operationalisation and ROI Emphasis is placed on real-world usage and ROI. Matt shares insights from customers who evaluate tools based on actual usage metrics, such as platform login frequency, to ensure investments are delivering value. Security Champion Models The discussion touches on the importance of embedded security roles, such as Security Champions within development teams. This model, pioneered by companies like Amazon, helps organisations scale secure development practices and manage the growing velocity of security threats in cloud environments. Noise Reduction and Prioritisation Hosts and guests stress the importance of eliminating alert fatigue. Wiz’s platform contextualises vulnerabilities (e.g., IAM policy misconfigurations or outdated libraries in containers) to distinguish meaningful risks from benign issues. This “pragmatic security” approach builds credibility with developers and promotes a security-aware culture.

In this episode of DevSecOops from the guys at Cordant, the crew dives headfirst into one of the juiciest debates in tech: which cloud reigns supreme? Dubbed 'The War of The Clouds', this episode pits the big players (and some honerable mentions) against each other in a lighthearted skirmish over developer love, enterprise muscle, and long-term value. Tom dons the blue armour for Microsoft Azure, bringing 25 years of Wintel loyalty to the table (though he’s got some thoughts on recent commercial antics from Redmond). James rides the mighty AWS beast, championing the original developer darling turned enterprise juggernaut—boasting revenue figures that dwarf even the biggest names on the ASX. Scotti takes the underdog position with a passionate defence of Oracle Cloud. With boots-on-the-ground experience and a developer’s heart, he makes a surprisingly compelling case for Oracle's open standards and Java-rich legacy (despite a few barbs about Delphi, Java, and Visual Basic 6 along the way). Together, the trio spar over: Developer experience: From Azure’s tight-knit integration with Visual Studio and GitHub, to AWS’s shiny toybox of SDKs, to OCI’s Kafka-powered streaming services. Tooling and automation: Why Terraform is winning hearts where native tools stumble, and how scripting your infra is now half the cloud battle. Strategic cloud adoption: Whether clients should go all-in with one vendor or play the multi-cloud field—and what truly drives those choices (hint: it’s not just tech, it’s business context). Security and identity: Expect a bit of heat here - especially around PIM roles, privileged access management, and how well (or not) each provider integrates identity services. This episode is as much a tech showdown as it is a masterclass in real-world cloud strategy, with the team drawing on their direct client experiences across all three platforms. While there’s plenty of banter, the insights are razor-sharp, and whether you're team AWS, Azure, or Oracle, you’ll leave with a clearer view of where each platform shines (and where it needs work).

In this episode of the DevSecOps podcast, hosts Tom, Scotty, and James from Cordant are joined by experienced project manager Natalie Haslam to explore the complexities of delivering cybersecurity projects. Natalie highlights the crucial role of human factors in security, emphasising the need for awareness and adherence to protocols. The discussion covers the importance of involving operational teams early, managing cybersecurity incidents during project delivery, and balancing governance with agility. The team also examines project management methodologies, debating agile versus waterfall approaches and the benefits of a hybrid mode, and the value of stakeholder engagement, advocating for clear communication to secure buy-in and drive successful cyber initiatives.

This podcast episode features Tom and Scotti discussing the often-unspoken truths of cybersecurity and IT modernisation. They emphasise that security is a mindset, not just a set of tools, and advocate for a holistic approach where everyone in an organisation is involved. They also stress the importance of getting the fundamentals right before diving into complex technologies like microservices and cloud migrations, warning against the pitfalls of "lift and shift" approaches. The hosts discuss the challenges of change management, the inevitability of security incidents, and the need for better communication and understanding of cybersecurity risks at the executive level. They also touch on the shortage of skilled cybersecurity professionals and the complexities of outsourcing IT services, advocating for a balanced approach that includes internal expertise and careful vendor selection.

Tying back how threats are inseparable - and inescapable - from modern ICT. That means everything from cybersecurity threats, BCDR needs, data management, operational issues, etc.

Deep dive into specific ICT challenges organisations may face, addressing questions focus on current ICT challenges, offering insights into prioritisation, risk management, and strategic planning.

An historical perspective on how ICT has evolved over the years. The change from on-prem, to cloud, hybrid, and how things continue to change.