Relating to DevSecOps
A Podcast dedicated to forging iron clad relationships between developers, engineers, operations, and security practitioners by discussing hot topics in the world of DevSecOps. This podcast aims to air out some of the common gripes, misconceptions, and hardships that these teams face in the real world every day.
Relating to DevSecOps
Episode #080: Patch Me If You Can: Compliance, SLAs, and Other Fairytales
•
Ken Toler and Mike McCabe
•
Season 1
•
Episode 80
In this no-punches-pulled return from hiatus, Ken and Mike dig deep into the messy middle of vulnerability management, SLA fatigue, and the illusion of compliance. Are we building secure systems or just passing audits? From legacy cruft to exploitable CVEs, this episode unpacks the real-world pressures of SOC 2, the auditor dance, and whether fixing every “critical” is even feasible.
Perfect for practitioners trying to balance the checkbox culture with actual risk reduction, this one’s got stories, strategies, and spicy takes. Bonus: tips on managing auditors without losing your mind—or your security posture.
