Cloud Native London, June 2022

Hi folks!

Welcome to our June Cloud Native London meetup! Join us in person to hear from our three speakers and hang out over pizza and drinks with your fellow techies, or alternatively on Rambly or Youtube to follow along!

7:00 Kick off
7:15 Policy as [versioned] code (Chris Nesbitt-Smith, esynergy)
7:45 Throw Away Your Passwords: Trusting Workload Identity (Ric Featherstone, ControlPlane)
8:15 Break
8:30 Cloud-Native Runtime Security with Sysdig & Falco (Bruno Silva, Sysdig)
9:00 Wrap up

See you soon!

Cheryl (@oicheryl)

Policy as [versioned] code (Chris Nesbitt-Smith, esynergy)
Beyond just “don’t run everything as root” In this talk Chris will trace back the origins of how policies are often incepted, how it can get out of hand, be slow if not impossible to update and measure compliance, and often lead us to question of **is the policy helping or hindering**. From this talk you’ll learn how to use a software development pattern and product ways of thinking towards how your organization can manage policy; achieve continual updates to policy allowing the risk mitigations to move as fast as the risk does, not get in the way and be easy to measure compliance.

A developer at heart with a passion for testing, while still active in the open source community, Chris has been using and abusing Kubernetes since 0.4 in production, in government, for citizen facing services; he’s worked extensively in critical national infrastructure where “matters of life or death” is not just a flippant throwaway comment. Chris provides training and consulting to many UK & US Government departments, large multinational private sector enterprises, and large charities. Through all of this Chris has seen a lot of organisational and technical disfunction (not all of his own making) and in inefficiencies, and wants you to join him in fixing them.

Throw Away Your Passwords: Trusting Workload Identity (Ric Featherstone, ControlPlane)
Trust is required to secure our systems: we need it to bootstrap infrastructure, to run workloads, and to reassure our customers of their privacy. But how do we establish and secure this "trust" in a dynamic cloud native system? Historically we relied upon identifiers such as IP addresses, passwords, and certificates, but can we do better than these antiquated authentication mechanisms? In this talk we:

• Demystify machine identity and its relationship to secrets management and access control
• Discuss the issues with historical approaches in a cloud native environment
• Solve the "bottom turtle" trust bootstrap quandary
• Appraise the open source implementations and technologies available to you
• Demonstrate practical examples of how to acquire a workload identity or secret zero
• Strive for a world in which passwords and static keys are replaced by dynamic credentials and hardware roots of trust

From Engineer to Architect and back, Ric’s greying hair comes from his years of hard-won experience consulting in the Financial Services and Media sectors. Working as a Cloud Native Engineer for ControlPlane, he's currently focused on Machine Identity in the context of Secrets Management and Access Control. He enjoys understanding how shiny new things work and telling people how cool they are.

Cloud-Native Runtime Security with Sysdig & Falco (Bruno Silva, Sysdig)
What if we can detect abnormal behavior in the application, container runtime, cloud & cluster environment using the same process? In this talk, we’ll present Falco (a CNCF project for runtime security) along with Sysdig Secure (a commercial tool). We will show how to use Falco to tap into Linux system calls, the Kubernetes audit logs, and cloud events to provide low-level insight into application and platform behavior, and how to write security rules to detect abnormal behavior. Finally, we’ll end with taking a forensic capture of a security anomaly and performing a more detailed analysis of the event.

Check out https://www.oicheryl.com/cloudnativelondon if you're interested in speaking or sponsoring.