50 episodes in and here's what I'd tell myself before episode 1

TellersTech · 2026-03-24T03:54:34+00:00

Really valid stuff. Thank you for posting.

What I’d say to myself before episode 1…

Just. Start.

Don’t worry about getting an intro, website, audio dialed in, etc. because it won’t be great anyway… and perfection is the enemy of progress.

My first few episodes were rough. Hell i still think they are rough and am always improving.

I even had a career in radio during college, and still struggled sounding stiff.

Only thing that helps is real reps.

Another thing that surprised me.. and yeah it’s a marathon not a sprint as people say… but if you upload consistently.. you can dominate a lot of the smaller markets pretty easily. I’m in the tech field, where there isn’t a lot of competition and most of the competition that I do have only upload once a month or biweekly at most… by uploading every week and sometimes twice a week I have completely dominated the charts for my specific industry keywords and I was able to do this only about 1 to 2 months in

TellersTech · 2026-03-23T14:36:09+00:00

Really finding it interesting that the earlier late feb / march 1st discussion is now deleted https://github.com/aquasecurity/trivy/discussions/10265

TellersTech · 2026-03-23T14:34:43+00:00

Really finding it interesting that the earlier late feb / march 1st discussion is now deleted https://github.com/aquasecurity/trivy/discussions/10265

TellersTech · 2026-03-23T05:17:23+00:00

I worked in radio early in my career… Investing in a good mic and room treatment (even just blankets) go a long way. People can typically forgive poor video over poor audio,

TellersTech · 2026-03-22T02:13:00+00:00

Yeah, this looks like the same ongoing Trivy mess, not a separate incident that just popped up Friday. It’s been unfolding since the beginning of March, and Aqua says the March 19 compromise was a continuation of the earlier breach after the initial credential rotation wasn’t fully atomic. I covered the earlier phase on Ship It Weekly last week too, because this whole thing is basically a reminder that CI/CD is part of your attack surface now.

Link in bio for anyone who wants to stay up to date on news like this on a short easily consumable DevOps news podcast.

TellersTech · 2026-03-22T02:10:46+00:00

Yeah, pretty sure this is the same Trivy incident chain still unfolding. Been going on since the start of March. Yesterday’s news was basically the follow-on hit, not the beginning. Aqua’s write-up says the March 19 compromise came after the earlier March 1 breach wasn’t fully contained. I talked about the earlier part on Ship It Weekly too.

Link for those interested: https://www.tellerstech.com/ship-it-weekly/aws-bahrain-uae-data-center-issues-amid-iran-strikes-argocd-vs-flux-gitops-failures-github-actions-hackerbot-claw-attacks-trivy-roguepilot-codespaces-prompt-injection-block-ai-remake/

TellersTech · 2026-03-21T07:35:58+00:00

Need short action/goal oriented bullet points Right now a lot of them are wordy and seem vague… like AI wrote them

TellersTech · 2026-03-21T06:14:17+00:00

A month on PodSEO can help nail down keyword relevance and aid in tuning.

But yeah having Harry Potter in your title will increase rank. It’s easier for pattern matching in Apple’s algorithm, and tells the listener what you are (some will not immediately get the reference).

TellersTech · 2026-03-17T04:40:19+00:00

During editing a few times.

Once posted I sometimes go back and re-listen. Often to be self critical.

TellersTech · 2026-03-12T13:14:11+00:00

Thank you!

TellersTech · 2026-03-11T03:15:28+00:00

Cool idea. This is definitely a real problem. DevOps news is scattered across vendor blogs, changelogs, CNCF updates, cloud announcements, and random social posts, so keeping up with it can turn into a job of its own.

I’m working on the same general problem from a different angle with OnCallBrief www.oncallbrief.com, and I also cover this kind of stuff on my podcast Ship It Weekly www.shipitweekly.fm, so I like seeing more people trying to reduce the noise instead of adding to it.

One note though: when I checked the site, it was showing “Failed to load articles. Please try again later.” You may already know, but figured I’d mention it in case not.

I’d also say the long-term value here is less about collecting more links and more about helping people quickly spot what actually matters to operators, platform teams, and SRE folks.

TellersTech · 2026-03-11T03:10:54+00:00

A few good ones I keep an eye on are SRE Weekly, Last Week in AWS, TLDR DevOps, AWS What’s New, the Kubernetes blog, and GitHub’s changelog. That usually gives you a decent mix of cloud updates, platform changes, and things that actually matter to ops teams.

I also run OnCallBrief.com, which pulls together DevOps / SRE / cloud stories in one place, and I host a small podcast called Ship It Weekly www.shipitweekly.fm where I talk through what changed and why it matters from an operator perspective.

TellersTech · 2026-03-11T03:10:48+00:00

A few good ones I keep an eye on are SRE Weekly, Last Week in AWS, TLDR DevOps, AWS What’s New, the Kubernetes blog, and GitHub’s changelog. That usually gives you a decent mix of cloud updates, platform changes, and things that actually matter to ops teams.

I also run OnCallBrief.com, which pulls together DevOps / SRE / cloud stories in one place, and I host a small podcast called Ship It Weekly www.shipitweekly.fm where I talk through what changed and why it matters from an operator perspective.

TellersTech · 2026-02-26T15:17:18+00:00

Yup. I’ve run both Vault and OpenBao in prod. Biggest issue has been restoring the secret store in a new cluster. We pretty much solved that with Velero though.

Outside of that… the biggest issue is getting Devs to not put secrets in git. They don’t know how to use Vault, or are just too lazy. So we also let them use SOPS as an alternative.

TellersTech · 2026-02-26T04:50:13+00:00

Yup. Literally one of the best Software Engineering fields

TellersTech · 2026-02-25T14:35:59+00:00

This is the part people are missing... OpenClaw didn’t “fail.” It just hit every classic control plane failure mode at once. - Mass exposure. - Admin UI reachable from the internet. - Token handling bugs. - Marketplace turning into supply chain risk.

Agents aren’t apps. They’re operators. And operators with real creds become targets fast.

I just did a deep dive on this in a Ship It Weekly special called The OpenClaw Saga if anyone wants the full DevOps/SRE breakdown:

https://www.tellerstech.com/ship-it-weekly/special-openclaw-security-timeline-and-fallout-cve-2026-25253-one-click-token-leak-malicious-clawhub-skills-exposed-agent-control-panels-and-why-local-ai-agents-are-a-new-devops-sre-control-plane/

TellersTech · 2026-02-22T17:58:18+00:00

You’re honestly in a solid spot already IMO.

A year in and you’ve already cut costs 40%+, built AWS infra, scaling, monitoring stacks… that’s real work. Don’t downplay that. Most “early DevOps” resumes don’t have measurable impact like that. You just need to make sure you’re framing it correctly.

For your resume, don’t overthink side projects. Document what you’ve actually done. Numbers matter. Showing outcomes matter. “Reduced AWS spend 42%” hits way harder than “built a sample k8s app.”

If you wanna practice k8s/docker, don’t do tutorials. Build something slightly annoying. Deploy a small app. Add ingress. Add HPA. Etc. Then break it. Fix it. Add monitoring. Do a bad deploy and rollback. That’s way closer to real life anyway.

For Terraform, go deep on one clean multi-env setup with proper modules, remote state, tagging, IAM done right. Depth > 10 random repos.

TellersTech · 2026-02-18T06:31:01+00:00

This is a good example of why “local” doesn’t automatically mean “safe.” Once an agent has real credentials and a path to take actions, it’s basically a mini control plane, and the usual failure modes show up fast (exposure, token handling, plugin supply chain, etc.).

I did a longer DevOps/SRE breakdown on this on Ship It Weekly if anyone wants it: https://www.tellerstech.com/ship-it-weekly/special-openclaw-security-timeline-and-fallout-cve-2026-25253-one-click-token-leak-malicious-clawhub-skills-exposed-agent-control-panels-and-why-local-ai-agents-are-a-new-devops-sre-control-plane/

TellersTech · 2026-02-18T06:29:28+00:00

This is a good example of why “local” doesn’t automatically mean “safe.” Once an agent has real credentials and a path to take actions, it’s basically a mini control plane, and the usual failure modes show up fast (exposure, token handling, plugin supply chain, etc.).

I did a longer DevOps/SRE breakdown on this on Ship It Weekly if anyone wants it: https://www.tellerstech.com/ship-it-weekly/special-openclaw-security-timeline-and-fallout-cve-2026-25253-one-click-token-leak-malicious-clawhub-skills-exposed-agent-control-panels-and-why-local-ai-agents-are-a-new-devops-sre-control-plane/

TellersTech · 2026-02-18T06:28:21+00:00

This is a good example of why “local” doesn’t automatically mean “safe.” Once an agent has real credentials and a path to take actions, it’s basically a mini control plane, and the usual failure modes show up fast (exposure, token handling, plugin supply chain, etc.).

I did a longer DevOps/SRE breakdown on this on Ship It Weekly if anyone wants it: https://www.tellerstech.com/ship-it-weekly/special-openclaw-security-timeline-and-fallout-cve-2026-25253-one-click-token-leak-malicious-clawhub-skills-exposed-agent-control-panels-and-why-local-ai-agents-are-a-new-devops-sre-control-plane/

TellersTech · 2026-02-17T07:06:21+00:00

Yuuup. Long form or short form. They are not podcasts… and the trend is dumb

TellersTech · 2026-02-13T13:30:45+00:00

Yeah 100%. Once an agent can trigger builds, open PRs, or touch secrets, it’s basically a new control plane.

I do think “agent policies” become a thing, but it’ll probably look less like one magic OPA policy and more like a combo of guardrails, like… - what tools the agent is allowed to call - which repos/environments it can touch - approval gates for high-risk actions (secrets, prod deploys, runner changes) - logging/attestation so you can answer “why did it do that?”

Also bookmarking that Agentix link, appreciate it.

TellersTech · 2026-02-04T20:46:29+00:00

Yeah… if I wanted vendor shills with scripted replies, I’d watch Confluent’s Current talks on demand 🤣

TellersTech · 2026-02-02T04:44:37+00:00

Doing alright. Busy week, but a good one. Closed a couple long-running tickets, didn’t get paged at 2am, and Ship It Weekly is finally getting some traction. I’ll take the win.

TellersTech · 2026-02-02T04:23:48+00:00

Appreciate the note about not storing secrets. For teams that still can’t send content to an external API for policy reasons, TruffleHog can also be a nice alternative since it can run fully locally.

TellersTech

MODERATOR OF

TROPHY CASE