Operations | Monitoring | ITSM | DevOps | Cloud

Episode 006: In this episode of DevEx Unpacked, Cloudsmith co-founder Alan Carson sits down with CEO Glenn Weinstein for a deep dive into leadership, growth, and developer-first thinking. Glenn shares his journey from programming on a Commodore PET to founding and selling a startup, his lessons from Twilio, and what drew him to lead Cloudsmith. The two discuss what it takes to build a category-defining company from Belfast, navigating VC funding, and how values like resilience, clarity, and service drive long-term success.

Episode 005: In this episode of DevEx Unpacked, Alan Carson chats with Ciara Carey, Solutions Engineer at Cloudsmith, about her career journey from developer to DevRel to her current customer-facing role. Ciara shares real-world insights on software supply chain security, how teams are using Enterprise Policy Management (EPM) to control open source risk, and why Cloudsmith’s cloud-native platform is a game changer for DevSecOps workflows.

Episode 004: In this episode of DevEx Unpacked, Alan Carson chats with Jack Spargo, CTO of Control Alt, about his fascinating career journey from aerospace engineering to leading blockchain-powered investment platforms. Jack shares lessons from being acquired overnight, the challenges of building a platform from scratch, and why he’s betting big on junior engineers and AI augmentation. They explore the realities of compliance, software supply chain security, and why Northern Ireland is fast becoming a serious start-up hub.

Episode 003: In this episode of DevEx Unpacked, Alan Carson sits down with Tom Gibson, Principal Engineer and long-time Cloudsmith team member, to trace his journey from early start-up to leading strategic innovation in the CTO’s office. Tom shares behind-the-scenes stories about engineering through scale, building continuous security scanning, and what it takes to evolve a developer-first platform.

Episode 002: In this episode of DevEx Unpacked, Alan Carson sits down with Dan McKinney, one of Cloudsmith’s earliest team members and now Head of Solutions Engineering. Dan reflects on his unique journey from writing docs and filming DevRel videos to leading high-stakes enterprise sales. Discover how Cloudsmith scaled from a two-person start-up to a platform trusted by global enterprises, why software supply chain security is more urgent than ever, and what features make developers and security teams lean in.

Episode 001: In this inaugural episode of DevEx Unpacked, host Alan Carson sits down with Alison Sickelka, VP of Product at Cloudsmith, for a deep dive into the evolution of software supply chain security. Alison shares her journey from journalism to product leadership, the unique talent landscape in Belfast, and how Cloudsmith is pioneering secure artifact management. Learn how Cloudsmith's Enterprise Policy Management is shaping compliance strategies, why SBOMs are crucial, and where AI fits in a secure DevOps future.

Docker's VP of Product, Michael Donovan, gives a quick overview of Docker Hardened Images and how they make open source software available in a hardened image container. They're minimal images with less attack surface and SLSA level 3 artifact compliance. They carry extensive provenance data, including SBOMs, CVEs, and VEX. Be confident that your software is safer from attack using Docker Hardened Images and Cloudsmith.

Shift left means improving security at the early stages of software development. Is it the best approach? See the full webinar: https:/cloudsmith.com/webinars Get to know Cloudsmith: About Cloudsmith We offer the world's best cloud-native artifact management platform to control, secure, and distribute everything that flows through your software supply chain. Cloudsmith operates at enterprise scale, reduces risk, and streamlines builds.

Topics: Docker, Software Supply Chain Security, SBOMs, Attestations, Artifact Lifecycle, Signatures.

Software supply chain attacks are becoming more sophisticated, and Cloudsmith tackles this head-on with EPM. Using a set of tools, including a policy-as-code approach, you can tailor security policies to be as simple or as advanced as you need. Define any policy using Rego code and Open Policy Agent (OPA) to be highly prescriptive and catch suspect or non-compliant software artifacts before the damage is done..