consider compiling a list of suitable podcasts to make an appearance on? I imagine that between us we could put together a list that quite nicely spans the sdlc spectrum of infosec podcasts. It would also force us to create "flavours" of samm pitches for the different podcast audiences.
The most relevant podcasts I typically listen to:
TestGuild security: i have the feeling that 80% of the community (mostly people coming to it from the TestGuild automation) are relatively new to security. They had an episode on SQL injection from the top 10 recently. Focus: Automation. Generally quite hands-on, no-nonsense..
BeerSecOps: affiliated with Aqua Sec. Less predictable in its list of topics and level of detail. Has had Tnaya Janca, Liz Rice, Gene Kim talk about security in general.
The New Stack Makers: Typically has vendors talking about their product or technology, etc. positioning them in the modern appsec landscape. The New Stack podcasts are in general geared towards "modern" appsec (i.e. all cloud-ready shiny things).
The SecureDeveloper: Run by Guy Podjarny of Snyk. Probably the one on the list that flirts the most with C-level topics while still touching on technology / strategy from other roles.
DevSecOps Podcast: It's on my list but I haven't listened to any episodes yet so can't say much about it. The last guest was owasp's executive director and the topics of the other talks seem to match..
If we really wanted to be organised / anal about this, we could map podcasts to business functions (I hear someone's working on implementing references / mappings in our object model that could be used for this ;)
In all seriousness actually, if we don't try to appear on the podcasts, i think the idea of a community curated list of podcasts tagged by most relevant samm business function may be an interesting educational mapping to supplement the owasp projects mapping :)
Pat-Duarte
commented
2 years ago
consider compiling a list of suitable podcasts to make an appearance on? I imagine that between us we could put together a list that quite nicely spans the sdlc spectrum of infosec podcasts. It would also force us to create "flavours" of samm pitches for the different podcast audiences.
The most relevant podcasts I typically listen to: TestGuild security: i have the feeling that 80% of the community (mostly people coming to it from the TestGuild automation) are relatively new to security. They had an episode on SQL injection from the top 10 recently. Focus: Automation. Generally quite hands-on, no-nonsense.. BeerSecOps: affiliated with Aqua Sec. Less predictable in its list of topics and level of detail. Has had Tnaya Janca, Liz Rice, Gene Kim talk about security in general. The New Stack Makers: Typically has vendors talking about their product or technology, etc. positioning them in the modern appsec landscape. The New Stack podcasts are in general geared towards "modern" appsec (i.e. all cloud-ready shiny things). The SecureDeveloper: Run by Guy Podjarny of Snyk. Probably the one on the list that flirts the most with C-level topics while still touching on technology / strategy from other roles. DevSecOps Podcast: It's on my list but I haven't listened to any episodes yet so can't say much about it. The last guest was owasp's executive director and the topics of the other talks seem to match.. If we really wanted to be organised / anal about this, we could map podcasts to business functions (I hear someone's working on implementing references / mappings in our object model that could be used for this ;)
In all seriousness actually, if we don't try to appear on the podcasts, i think the idea of a community curated list of podcasts tagged by most relevant samm business function may be an interesting educational mapping to supplement the owasp projects mapping :)