Sort By
Search
Get the newsletter!
Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.
Helping Securing the Python with Mike Fiedler
On this Screaming in the Cloud In this episode of Screaming in the Cloud, Corey Quinn is joined by AWS container hero and security engineer at the Python Software Foundation, Mike Fiedler. They delve into the intricacies of Python's ecosystem, discussing the evolution of PyPI, its significance, and the ongoing battles against security threats like account takeover attacks and typo-squatting. Mike sheds light on his role in maintaining the security and reliability of the Python Package Index, the importance of 2FA, and the collaborative efforts with security researchers. Corey and Mike also explore the challenges and philosophies surrounding legacy systems versus greenfield development, with insights on maintaining critical infrastructure and the often-overlooked aspects of social engineering.
Replay – Serverless Hero, Got Servers in His Eyes with Ant Stanley
On this Screaming in the Cloud Replay, we’re revisiting our conversation with Co-Founder of Senzo, Ant Stanley. Ant sits down with Corey to do so. He offers up his history which has lead to his time as “Serverless Hero” to landing on the line that “serverless sucks.” Lend us your ears to see how that transition happened! Ant goes into detail on JeffConf (not the of the Bezos nomen), and working with servers and what to put where and why. Ant and Corey talk over the plague of AWS services where Ant offers his perspective how to trim the fat and keep things simple to make long-term objectives more attainable. They discuss the importance of training, the role of certifications for better and worse, and more. Tune in for his take!
Best Practices for Securing AWS Cloud with Eric Carter
Eric Carter of Sysdig joins Corey to tackle the evolving landscape of cloud security, particularly in AWS environments. As attackers leverage automation to strike within minutes, Sysdig focuses on real-time threat detection and rapid response. Tools like Runtime Insights and open-source Falco help teams identify and mitigate misconfigurations, excessive permissions, and stealthy attacks, while Kubernetes aids in limiting lateral movement. Eric introduced the “10-minute benchmark” for defense, combining automation and human oversight. Adapting to constant change, Sysdig integrates frameworks like MITRE ATT&CK to stay ahead of threats. Corey and Eric also discuss Sysdig’s conversational AI security analyst, which simplifies decision-making.
Replay – Finding a Common Language for Incidents with John Allspaw
On this Screaming in the Cloud Replay, Corey is joined by John Allspaw, Founder/Principal at Adaptive Capacity Labs. John was foundational in the DevOps movement, but he’s continued to bring much more to the table. He’s written multiple books and seems to always be at the forefront. Which is why he is now at Adaptive Capacity Labs. John tells us what exactly Adaptive Capacity Labs does and how it works and how he convinced some heroes to get behind it. John brings a much-needed insight into how to get multiple people in an organization on the same level when it comes to dealing with incidents. Engineers and non. John points out the issues surrounding public vs. private write-ups and the roadblocks they may prop up. Adaptive Capacity Labs is working towards bringing those roadblocks down, tune in for how!
Replay – Keep on Rockin’ in the Server-Free World with Michael Garski
On this Screaming in the Cloud Replay, we’re revisiting our conversation with Michael Garski, the director of software engineering at famed electrical guitar manufacturer, Fender. Prior to this position, he worked as a principal software architect at Viant, a principal software architect at MySpace, a manager of internet development at Countrywide Financial, and a manager of system architecture at Fandango, among other positions. He also had a four-year stint in the US Navy, working as an engineering laboratory technician. Join Corey and Michael as they talk about how artists are angels and Fender’s job is to give them wings, how Fender has diversified its offerings in recent years, how serverless is a mindset and how Fender approach serverless technology, how Fender’s traffic surged during the pandemic and how everything mostly scaled up without a hitch, the challenges of teaching students to play instruments over the internet, the vendor lock-in boogeyman, and more.
Standardizing Developer Freedom with Chris Weichel
Whether remote or local, Gitpod Co-Founder and CTO Chris Weichel thinks there’s a clear benefit to standardizing automated development environments. On this episode of Screaming in the Cloud, Chris joins Corey to chat about the inception and progression of Gitpod, highlighting the company’s mission to streamline development workflows, improve security, and enhance developer productivity. They also discuss the hurdles and solutions that come with balancing organizational standardization with individual developer preferences. You’ll also get the inside scoop on why Gitpod is transitioning away from Kubernetes and the innovative aspects of Gitpod Flex!
Learning the Joys of Reading and Writing with Laura Brief
Before cloud economics entered his life, Corey’s first true love was a good book. On this episode of Screaming in the Cloud, he’s joined by Laura Brief, the CEO of nonprofit 826 National. The organization is the largest youth writing network in the country, something that’s near and dear to our hearts at The Duckbill Group. Corey and Laura talk about why having a deep appreciation for reading and writing is vital no matter what career path you take. From offering a creative escape for kids to moonlighting as a “pirate supply company,” 826 National helps children realize that there’s an author inside all of us. So check out this great conversation, and be sure to buy one of our shirts while you’re at it!
Burnout and Breaking the Internet with Serena DiPenti
Corey Quinn talks with Serena DiPenti, aka “SheNetworks,” about her career from Cisco to Black Hills Information Security and her challenges in content creation. Serena reflects on starting at Cisco, where her role as a tech engineer required deep expertise and navigating rigid, high-pressure situations that led to burnout and limited growth opportunities. Now at Black Hills, she enjoys the hands-on work in security analysis and network-based penetration testing. Serena finds content creation more demanding than her cybersecurity work, often facing audience skepticism and burnout. However, her podcast Breaking the Internet provides a rewarding, conversational outlet for sharing insights.
Finding a Fix for the Cloud with Stephen Barr
Corey Quinn sits down with Stephen Barr, Chief Evangelist of CloudFix. With his extensive history in the cloud, the pair delve into Stephen's journey with AWS, relatable anecdotes on optimizing cloud costs, and the complex role of tech evangelists in fostering better communication between engineering and finance teams. Corey and Stephen also weigh the pitfalls of early AI adoption, how to come up with effective content creation strategies, and even postulate a hopeful vision of a tech-driven future (from a Trekkie’s point of view at least).
Sleuthing Out the Key to Teamwork with Dylan Etkin
Corey Quinn chats with Dylan Etkin, CEO and co-founder of Sleuth. He joins this episode of Screaming Into the Cloud to share his insights on reshaping engineering metrics to prioritize team success. Sleuth emphasizes team-level productivity over individual output, sidestepping controversial metrics like lines of code and focusing on alignment and iterative improvement. By aggregating data from tools like GitHub, Jira, and Datadog, Sleuth provides actionable insights, helping leaders reallocate resources for optimal impact without disrupting unique team workflows. Designed for collaborative review, Sleuth’s slide deck-like interface supports meaningful discussions around DORA metrics and deploy tracking.
Replay – Chaos Engineering for Gremlins with Jason Yee
On this Replay, we’re revisiting our conversation with Jason Yee, Staff Technical Advocate at Datadog. At the time of this recording, he was the Director of Advocacy at Gremlin, an enterprise-grade chaos engineering platform. Join Corey and Jason as they talk about what Gremlin is and what a director of advocacy does, making chaos engineering more accessible for the masses, how it’s hard to calculate ROI for developer advocates, how developer advocacy and DevRel changes from one company to the next, why developer advocates need to focus on meaningful connections, why you should start chaos engineering as a mental game, qualities to look for in good developer advocates, the Break Things On Purpose podcast, and more.
Disclosing Vulnerabilities in the Cloud with Ryan Nolette
In this episode of "Screaming in the Cloud," we’re making sure things are nice and secure thanks to Ryan Nolette, Senior Security Engineer at AWS Outreach. As a part of the Outreach team, he’s responsible for making everyone understand the nuances of AWS's Vulnerability Disclosure Program. Corey and Ryan explore the intricacies of AWS's approach to security, including the emphasis on communication with researchers. You’ll also get an overview of what goes into Vulnerability Disclosure Programs and how it courts security researchers over “security researchers.” If there’s anything you can take away from this episode, it’s that Ryan takes great pride in AWS's commitment to transparency and collaboration when it comes to resolving potential security flaws.