EPISODE · Sep 19, 2025 · 21 MIN
Infrastructure, Cloud, and Supply Chain Security
from Mastering Cybersecurity: The Cyber Educational Audio Course · host Dr Jason Edwards
Infrastructure security has evolved from racks of physical servers to fleets of virtual machines, containers, and cloud services managed by code. In this episode, we trace that transformation and the new risks it created—where automation, elasticity, and speed amplify both productivity and exposure. You’ll learn how Infrastructure as Code, CI/CD pipelines, and supply chain dependencies enable rapid delivery but also expand attack surfaces when misconfigurations or compromises spread at machine speed. The story connects IaC templates, configuration drift, and pipeline integrity to real-world lessons from SolarWinds, Log4j, and XZ, showing how trust can erode when oversight lags behind automation.We also explore the growing movement toward DevSecOps, reproducible builds, software bills of materials, and secure-by-design pipelines. These practices blend governance, verification, and culture into the foundation of resilience, ensuring that speed and safety advance together. With insights into SBOMs, NIST 800-204D, OWASP guidance, and the broader ecosystem of open-source collaboration, the episode frames supply chain security as both a technical and leadership challenge. If you want to understand how to protect what modern enterprises are truly built on—their automated infrastructure and shared code—this is your guide, developed by BareMetalCyber.com.
What this episode covers
Infrastructure security has evolved from racks of physical servers to fleets of virtual machines, containers, and cloud services managed by code. In this episode, we trace that transformation and the new risks it created—where automation, elasticity, and speed amplify both productivity and exposure. You’ll learn how Infrastructure as Code, CI/CD pipelines, and supply chain dependencies enable rapid delivery but also expand attack surfaces when misconfigurations or compromises spread at machine speed. The story connects IaC templates, configuration drift, and pipeline integrity to real-world lessons from SolarWinds, Log4j, and XZ, showing how trust can erode when oversight lags behind automation.We also explore the growing movement toward DevSecOps, reproducible builds, software bills of materials, and secure-by-design pipelines. These practices blend governance, verification, and culture into the foundation of resilience, ensuring that speed and safety advance together. With insights into SBOMs, NIST 800-204D, OWASP guidance, and the broader ecosystem of open-source collaboration, the episode frames supply chain security as both a technical and leadership challenge. If you want to understand how to protect what modern enterprises are truly built on—their automated infrastructure and shared code—this is your guide, developed by BareMetalCyber.com.
NOW PLAYING
Infrastructure, Cloud, and Supply Chain Security
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m