Resilient Cyber Podcast - Episode 21 - Dr. Philip Kulp - DevSecOps

In this episode of the Resilient Cyber Podcast, Chris Hughes and Dr. Nikki Robinson host Dr. Phil Kulp, an expert in cybersecurity with a rich background in both technical and academic fields. Dr. Kulp shares insights from his career, which began in a startup internet provider and evolved through roles in incident response, software development, and pen testing. He also discusses his experience in teaching and developing courses on secure software practices, particularly within the Department of Defense (DoD) and other government sectors.

Highlights:

• Background in Cybersecurity: Dr. Kulp details his journey from a technical role in a startup to a cybersecurity position at the Naval Research Lab, where he gained experience in incident response and pen testing.

• DevSecOps and DoD Influence: Dr. Kulp emphasizes the importance of DevSecOps, particularly in the context of DoD initiatives. He discusses the creation and success of his DevSecOps course, which integrates DoD reference architectures and industry best practices.

• Secure Software Development: The conversation covers the challenges of secure software development, including the integration of security practices in development and operations teams. Dr. Kulp stresses the need for executive-level support and standardized tools like OWASP’s dependency checker.

• Software Bill of Materials (SBOM): Dr. Kulp talks about the growing importance of SBOMs in ensuring software supply chain security, referencing recent executive orders and industry standards like SPDX.

• Open Source vs. Proprietary Software: The discussion also touches on the risks and benefits of open source software, particularly in government and defense environments.

• Cyber Resilience: Dr. Kulp defines cyber resilience as the ability to recover quickly from security incidents, emphasizing the importance of integrating security throughout the software lifecycle.