DevOps vs. the Security People

This is a past event

14 people went


1pm: "DevOps vs “Security People"

In 2019, surveys are saying that 90% of Fortune 500 plan on using containers and things like Kubernetes, yet there’s still a divide between what “security people” see that containers provide and what DevOps teams see. Kubernetes has become the defacto standard for production container deployments and there are 98 different options (as of February 2019) for hosted Kubernetes clouds. In many cases a Kubernetes threat model becomes compromised either by accident or by alibi and even if you wanted to harden your environment, there’s little guidance. Is there truly such a thing as a Kubernetes best practice? How can Kubernetes handle multiple tenants in a cluster? Do hosted Kubernetes services provide enough security for your work load? This talk will explore Kubernetes’ known attack vectors, defenses, and see how we can bridge the silos between security engineers and developers to help in the future.

2pm: Chapter meeting
* CTF for UNH GenCyber Agent Academy
* UNH -> Collegiate Cyber Comp and Cybersecurity Career Fair
* Security User Stories

3pm: Networking @ Front St Bistro, 39 Front St, Hartford, CT[masked]

Please make sure we have your full name so we can send building security a list in advance.

About the speaker: Mark Manning is a Principal Security Consultant with NCC Group and a lead in their Container Practice. He focuses on container technologies, Linux kernel security, and application security, in general. He has performed penetration tests to breakout from containers, delivered architecture reviews of devops environments, and worked with developers on various container and orchestration technologies such as Docker, Kubernetes, Mesos/Marathon, as well as Rancher. Mark currently organizes Rochester 2600 has also organized BSidesROC from 2010 through 2018.