Cover image of Gareth Rushgrove

Gareth Rushgrove

12 Podcast Episodes

Latest 18 Mar 2023 | Updated Daily

Episode artwork

Gareth Rushgrove, DevOps pioneer and DevOps Weekly editor, discusses the past, present, and future of IT operations

AI and the Future of Work

Special guest Gareth Rushgrove, editor of the popular DevOps Weekly newsletter (since its inception ten years ago!) and former product lead at Docker and Puppet, joined the podcast this week for a wide-ranging discussion about the culture of IT operations, security and software development, and the future of application monitoring.Listen and learn:Why Gareth thinks teaching developers to write secure code is a "socio-technical" problemWhy the perceived "go fast vs. be secure" perceived tradeoff is wrongWhat Gareth has been doing to support the Open Policy Agent and accelerate adoption of infrastructure as codeWhat's ahead for Kubernetes and container managementWhat advice Gareth "newsletter iron man" has for listeners... and the one mistake he made when launching DevOps Weekly


7 Sep 2020

Episode artwork

Ep. #75, DevSecOps Data with Alanna Brown, Gareth Rushgrove, and Alyssa Miller

The Secure Developer

On The Secure Developer, we often hear a lot of opinions and experiences from people who are working in development, so today we’re turning to the data, to figure out what works and what doesn’t in the world of DevOps and SecDevOps. Joining us for a panel discussion on the topic is Alanna Brown, Senior Marketing Director at Puppet and mastermind behind the State of DevOps Report, Gareth Rushgrove, Product Director at Snyk and curator of Devops Weekly, and Alyssa Miller, Application Security Advocate, also at Synk. In this show, we get a lay of the land and take a look at the state of where things stand. In this section of the discussion, we hear about vulnerabilities and the mixed bag of data that our panelists have seen around remediation. While there are some positive developments in the space, there are also some areas, like on the container side, where there is great room for improvement. The conversation then moves to security practices and which security controls are effectively deployed and which are not. We gain great insights into the role that integration plays in the efficacy of controls. While it’s not all sunshine and roses, there are encouraging shifts happening around security thinking. From there, we move onto talking about infrastructure as code security and shared responsibility. Again, the panelists present their varied data findings, which paints an interesting picture. Finally, we wrap the show up with consolidating the discussion, where the panelists highlight what they think is key going forward. To hear more from this fascinating, data-rich discussion, tune in today!


4 Sep 2020

Similar People

Episode artwork

Episode 32 - How to put the Developer First in Kubernetes Security with Snyk's Gareth Rushgrove

The POPCAST with Dan POP

In this episode Gareth Rushgrove, Director of Product Management at Snyk, goes deep on putting developers first in Security. Snyk’s unique combination of developer-first tooling and best in class security depth enables businesses to easily build security into their continuous development process. Gareth is a wealth of knowledge on the subject of Kubernetes security from the developer point of view. We go deep on his journey in the cloud native space along with best practices for developers to secure their clusters along with injecting best practice into their deployments.  Episode Links Snyk's site - https://snyk.io/ Blog discussed on Helm Configuration security with Snyk https://snyk.io/blog/checking-helm-charts-for-security-misconfigurations/ Gareth's Blog http://www.garethrushgrove.com/ POPCAST SHOW LINKS Watch (YouTube): http://youtube.com/user/tonyladdie Listen (Apple PODCAST and others): http://popcast-d9f7b6dc.simplecast.com Follow us on (Twitter): https://twitter.com/PopcastPop Follow us on (Linkedin): https://www.linkedin.com/company/the-popcast-with-danpop


2 Sep 2020

Episode artwork

LOTE #15: Gareth Rushgrove on Kubernetes Tooling, Platforms, and Engineering Security

Ambassador Labs: All-Things Cloud, DevEx, and APIs

Gareth Rushgrove, Director of Product Management at Snyk, discusses the state of Kubernetes tooling, the role of application platforms and how they should be designed and managed, and the importance of engineering security.Summary and full transcript available at: https://www.getambassador.io/podcasts/gareth-rushgrove-on-kubernetes-tooling-platforms-and-engineering-security


23 Aug 2020

Most Popular

Episode artwork

Modern Application Security & Container Security - Gareth Rushgrove - ASW #106

Paul's Security Weekly TV

This week, we welcome Gareth Rushgrove, Director of Product Management at Snyk, to talk about Modern Application Security and Container Security! They also discuss Configuration Management, how developers are writing more Docker and Kubernetes Container files, and more! To learn more about Snyk, visit: https://securityweekly.com/snyk Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode106


4 May 2020

Episode artwork

Modern Application Security & Container Security - Gareth Rushgrove - ASW #106

Application Security Weekly (Video)

This week, we welcome Gareth Rushgrove, Director of Product Management at Snyk, to talk about Modern Application Security and Container Security! They also discuss Configuration Management, how developers are writing more Docker and Kubernetes Container files, and more! To learn more about Snyk, visit: https://securityweekly.com/snyk Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode106


4 May 2020

Episode artwork

Gareth Rushgrove on Kubernetes as a Platform, Applications, and Security

The InfoQ Podcast

In this podcast, Daniel Bryant sat down with Gareth Rushgrove, Director of Product Management at Snyk. Topics covered included Kubernetes as a platform, application abstractions, continuous delivery, and implementing good security practices in the cloud native space.Why listen to this podcast: - The value provided by Kubernetes depends on an organisation’s context. Kubernetes acts as both a series of lower-level building blocks for a platform, and also as a very powerful API for deploying and operating container-based applications. - Kubernetes provides several useful abstractions for engineers. For example, Pods, Deployments, and Services. However, Kubernetes doesn’t have an “application”-focused abstraction. Tools such as Helm and specifications like the Cloud Native Application Bundle (CNAB) are driving innovation in this space. - There is a large amount of open source Kubernetes tooling. This has been created by a range of vendors, groups, and individuals. Encouraging this diverse mix of participation is beneficial for the long-term health of the ecosystem. - The Cloud Native Computing Foundation (CNCF) provides a space for people to collaborate regardless of their current organisational affiliations. - Defining appropriate standards within the cloud native space is useful for enabling interoperability and providing common foundations for others to innovate on top of. - Security challenges within IT are socio-technical. Security teams working with cloud native technologies will benefit from continual learning, developing new skills, and researching new tools. For example, the defaults of Kubernetes aren’t necessarily secure, but this can be readily addressed with appropriate configuration.More on this: Quick scan our curated show notes on InfoQ https://bit.ly/38PLPFbYou can also subscribe to the InfoQ newsletter to receive weekly updates on the hottest topics from professional software development. bit.ly/24x3IVqSubscribe: www.youtube.com/infoqLike InfoQ on Facebook: bit.ly/2jmlyG8Follow on Twitter: twitter.com/InfoQFollow on LinkedIn: www.linkedin.com/company/infoqCheck the landing page on InfoQ: https://bit.ly/38PLPFb


13 Mar 2020

Episode artwork

Episode 24: Securing the FOSS Ecosystem with Gareth Rushgrove


Sponsored By: Panelists Eric Berry | Justin Dorfman | Richard Littauer | Allen “Gunner” Gunn Guest Gareth Rushgrove Snyk Show Notes In this episode, we talk with Gareth Rushgrove, from Cambridge, UK, Director of Project Management at a security software startup called Snyk. He has spoken at a number of international technology conferences over the past few years, including FOSDEM, RAMP, BACON, QCon, PuppetConf, Monitorama, GOTO and Velocity. Security and Open Source don’t often go together, in this episode we explore the topic and more. 01:20 Gareth explains that Snyk provides tools for developers who use Open Source Software and help them stay secure. He also expands on vulnerability landscapes. 02:10 Justin asks Gareth at what point does he think the collective community decided that we need to start digging into security holes within our software and he answers the question. 04:00 One of the guys asks Gareth if security is a passion of his and if he joined the company because that’s what he loves or was it more for Open Source. 05:30 The guys talk about Guy Podjarney (a.k.a Guypod) and Steve Souders and how they started the web performance movement. 07:30 Richard states Snyk has 400,000 users on the website and three times more vulnerability than a public database. Gareth goes further in-depth about this and what his company does using Java, Ruby, or Python and how he does a bunch of propriety research and helps projects do profit disclosure. 11:10 Gareth discusses the Heartbleed attack & the Equifax data breach and its effect on the industry’s view on Open Source. Companies want Open Source ecosystem to be more secure, 17:50 Gunner chimes in with a question about if there is a list of things Gareth wishes Open Source projects would do to be better members of ecosystems visa the security and if there are checklists or places to go for best practices. Gareth expands on this. 23:49 Gareth talks about DevSecCon which is a conference that brings developers and security together in one place. There are eight conferences around the world this year. 24:33 One of the guys is curious about the effect of security and how people out there have packages that are used by millions of other users and how often they don’t know how many users are using it. Gareth explains. 26:44 Gunner asks about the role of threat modeling in the work Gareth does and what he recommends. 28:25 Gareth goes in-depth about the Helm Project and CNCF sponsoring. 37:31 Gareth gives advice on where people can go to find more information about security besides talking to Snyk. Spotlight 38:40 Justin’s spotlight this week is a blog post by Andrew Mason about [Ruby on Rails Development with VS Code](ttps://andrewm.codes/posts/ruby-on-rails-development-with-vs-code-p1i/) 39:07 Eric suggests getting off Google Chrome and using Firefox (Developer Edition). 40:15 Gunner’s pick is guix.gnu.org 40:46 Richard’s pick is crubadan.org 41:34 Finally, Gareth’s pick is openpolicyagent.org Links Snyk Gareth Rushgrove Twitter Puppet Heartbleed CNCF DevSecCon Helm HeavyBit Open Policy Agent GitHub Guy Podjarny Twitter Steve Souders Twitter Andrew Mason - Ruby On Rails Firefox Guix An Crúbadán Open Policy Special Guest: Gareth Rushgrove. Sponsored By: Linode: Whether you’re working on a personal project or managing your enterprise’s infrastructure, Linode has the pricing, support, and scale you need to take your project to the next level. Get started on Linode today. Promo Code: sustain2020 Support Sustain


14 Feb 2020

Episode artwork

Ep96: Embedding security into the development process, with Guy Podjarny and Gareth Rushgrove

Cloud Unfiltered

Agile software development has inadvertently put security in the hands of developers--for better or for worse. Do your developers know this? Do they care? How do you and your security team ensure you're shipping secure software while still moving fast? In this episode we'll speak with Guy and Gareth about how we got where we are when it comes to security, which roles developers and the security team should play, and how to build security tools into the developer workflow in a way that is seamless.To learn more about Snyk--the company Guy and Gareth work for--visit www.snyk.io.


25 Jan 2020

Episode artwork

Snyk's Gareth Rushgrove on How Visibility is Driving Security

The New Stack Podcast

This is the classic security problem Gareth Rushgrove, director of product management at Snyk, pointed to during his conversation with The New Stack founder and publisher Alex Williams at KubeCon's Cloud Native Security Day. Snyk is a Software-as-a-Service dedicated to helping organizations flag and fix vulnerabilities in their open source, third-party dependencies.


6 Dec 2019