Building Security Champions / Hacking Kubernetes! - Ashish Rajan / Andrew Martin
Details
Agenda:
17:30 - Doors Open, Drinks and Food Provided (by Veracode)
18:00 - Intros, Lightning Talk
18:40 - 20:00(ish) Main Talk
21:00 - Drinks, Pub, Social
Lightning Talk
Title: Build Security Champions (during hybrid times)
Speaker: Ashish Rajan
Description:
I started as a CISO mid-pandemic and one of the first tasks that I took on was to start improving DevSecOps but being in Melbourne, the city with the longest lockdown period the challenges was there were no people physically around us to bring for lunch and learn. This talk will cover what my mistakes were and what worked in building a successful and growing security champions program during hybrid times.
Speaker Bio:
Ashish Rajan is the host of the wildly popular Cloud Security Podcast, a CISO, a SANS Trainer for Cloud Security and an outspoken opinion leader on all things Cloud Security & DevSecOps. He is a frequent contributor on topics related to public cloud transformation and the associated security challenges for practitioners and CISOs.
Main Talk:
Title: Hacking Kubernetes: Live Demo Marathon
Speaker: Andrew Martin: CEO, ControlPlane
Description:
In a live evocation of the recent O'Reilly title Hacking Kubernetes (Martin, Hausenblas, 2021), this ultimate guide to threat-driven Kubernetes defence threat models and details how to attack and defend your precious clusters from nefarious adversaries. This broad and detailed appraisal of end-to-end cluster security teaches you how to attack and defend against a range of historical and current CVEs, misconfigurations, and advanced threats: See the historical relevance of CVEs and demonstrations of attacks against your containers, pods, supply chain, network, storage, policy, and wider organisation. Understand when to use next-generation runtimes like gVisor, firecracker, and Kata Containers. Delve into workload identity and advanced runtime hardening. Consider the trust boundaries in soft and hard multitenant systems to appraise and limit the effects of compromise. Learn to navigate the choppy waters of advanced Kubernetes security.
This meetup is brought to you by our sponsors: Prisma Cloud and Sysdig, our gracious hosts Veracode.
Your Hosts
Steve Giguere: linkedin.com/in/stevegiguere
Glenn Wilson: linkedin.com/in/glennwilson
Jessica Cregg linkedin.com/in/jessicacregg
DevSecOps - London Gathering
Keep in touch with our events associated with this podcast via our website https://dsolg.com