Kubicast #166 - Supply-Chain and DevSecOps with Carlos Nogueira

In episode 166 of Kubicast, we opened up the studio (and spoke our minds) to reflect on the true role of DevOps in modern teams — without buzzwords and without theater.

With the practical experience of someone who lives the real operation of platform teams, João Brito discusses how the concept of DevOps has been distorted over the years, the impact of technical seniority in this scenario, and why security should be a part (and not an accessory) of this process.

Problems faced

• Reduction of DevOps to CI/CD tools, ignoring the cultural aspect.

• Lack of technical seniority in projects that should promote best practices.

• Mistakenly assigning security as an isolated and "external" element to the development workflow.

• Product and infrastructure teams operating in silos, resulting in fragile and unreliable deliveries.

• Frustrated attempts to implement DevOps without real autonomy or cultural alignment.

Throughout the episode, it became clear that DevOps still makes perfect sense — but only if understood as it should be: a philosophy of collaboration, continuous improvement, and shared responsibility. Reducing DevOps to automation is like saying that playing the guitar is just pressing strings.

Some links we mentioned in the episode:

SLSA at DevOps na Praia

Policies and signatures in docker images

The culture of reliability, security thought out from the origin, and respect for the technical maturity of the teams must go hand in hand. Otherwise, DevOps just becomes another beautiful slide in the company's keynote.

🎧 Also listen to Kubicast on Spotify, share it with that friend of yours who thinks DevOps is just the little green color in the pipeline!

Hosted by João Brito, your favorite host (@juniorjbn)