Relating to DevSecOps

Episode #082: AI Hype, Human Cost

Send a textKen and Mike are back from the grave to kick off 2026 with a timely debate on the AI panic cycle hitting software and security. They dig into the biggest questions flying around the industry right now: Is AI taking developer and security jobs? Is SaaS dying? Is software engineering being replaced by vibe coding and agents? From maker-checker workflows and token costs to AI-generated bugs, false positives, and attackers using autonomous tooling to move faster, this episode cuts through the hype from both the doomer and evangelist camps. The conclusion: software isn’t dead, security definitely isn’t solved, and the teams that adapt their craft instead of abandoning it will be the ones that keep up.

Episode #081: Burnout by Budget Season: Surviving Q4 in Security

Send a textIn this candid and cathartic episode, Ken and Mike unpack the chaos that is Q4 for security professionals. From budget burnouts to end-of-year pentesting sprints, they explore why the final months of the year feel like a perfect storm for stress. Tune in as they share hard-earned lessons, practical advice for maintaining your sanity, and some gentle reminders that not everything needs to ship before Christmas. Whether you’re a tired vendor, an overwhelmed engineer, or just trying to make it to PTO, this episode is for you.

Episode #080: Patch Me If You Can: Compliance, SLAs, and Other Fairytales

Send a textIn this no-punches-pulled return from hiatus, Ken and Mike dig deep into the messy middle of vulnerability management, SLA fatigue, and the illusion of compliance. Are we building secure systems or just passing audits? From legacy cruft to exploitable CVEs, this episode unpacks the real-world pressures of SOC 2, the auditor dance, and whether fixing every “critical” is even feasible.Perfect for practitioners trying to balance the checkbox culture with actual risk reduction, this one’s got stories, strategies, and spicy takes. Bonus: tips on managing auditors without losing your mind—or your security posture.

Episode #079: CISOver It: When Dashboards Replace Direction

Send a textIn this episode of Relating to DevSecOps, Ken and Mike discuss the challenges faced by CISOs in today's security landscape, particularly the struggle to balance immediate security needs with long-term preventative strategies. They explore the disconnect between security leadership and practitioners, the urgency of addressing security issues, and the importance of understanding the root causes of vulnerabilities. The conversation emphasizes the need for CISOs to engage more deeply with their teams and to focus on effective, context-driven security solutions rather than simply reacting to the latest threats.

Episode #078: 🔥 Burn Your 30-page Policies: Tanya’s Got Better Ideas

Send a textIn this must-listen episode of Relating to DevSecOps, Ken welcomes the ever-inspiring Tanya Janca, aka SheHacksPurple—author, AppSec expert, and champion of making security usable. Together, they dig into why so many application security policies fail, why developers ignore them, and how to make them actually work. Tanya shares real-world experiences from both dev and security perspectives, plus her journey from being ignored to lobbying governments for change.From communication failures and TL;DR policy pages to leveraging wikis and code reuse, this episode is a practical masterclass in creating impactful, developer-friendly security standards.