Cloud Security Podcast: Kubernetes (Goat) Vulnerable by Design
Episode Description
What We Discuss with Madhu Akula: What is Kubernetes for people who don’t know? What is Cloud native and it’s relevance to Kubernetes? Kubernetes deployed in productionIs Kubernetes insecure by Design? Why? Top 3 Security by design or default flaw in Kubernetes according to you that people don’t talk about? How important is a Docker file in the context of Kubernetes? What dock files can be used to secure kubernetes? Most sophisticated attack that you have seen in Kubernetes? And some simple attacks that people can check for as well?’ What is the defense strategy when it comes to Kubernetes Security? What does automated defense look like in a Kubernetes world? What are security defaults to consider for Kubernetes managed by Cloud Service Providers? Does implement everything in CIS benchmark on the Kubernetes cluster make it secure? How do you start learning about Kubernetes? What is Kubernetes goat and its relevance to people learning Kubernetes? What are ways to control access to users at cluster level? Is there a lot of difference (from a security perspective) between different types of Kubernetes? (CSP vs self hosted Kubernetes) Why would someone go for a Cloud managed Kubernetes vs Self Hosted? Let’s take Dockerfiles as an example, any TTP that people can use to secure them? Is there Automated Defence possible in a Kubernetes Cluster at scale throughout the dev to prod? Someone listening who works for a startup or tech company and is looking at doing Kubernetes the right way, what should be some basic things they should consider doing in their kubernetes cluster? Applying Kubernetes security at scale – what does this mean and can you share an example of how this can be done – from dev to prod cycle? What do you see as a pattern when you see it as a big mistake when people are trying to implement Kubernetes? What are the common fires you hear people talk about when deploying Kuberenetes in their organisation or in your circle Kubernetes Goat – What is it and what kind of experience folks should be using it? Any programming background required? And much more…
Madhu Akula
Never Ending Learner!
Madhu Akula is a pragmatic security leader and creator of Kubernetes Goat, an intentionally vulnerable by design Kubernetes Cluster to learn and practice Kubernetes Security. Also published author and cloud native security researcher with an extensive experience. Also he is an active member of the international security, devops and cloud native communities (null, DevSecOps, AllDayDevOps, AWS, CNCF, USENIX, OWASP, etc). Holds industry certifications like OSCP (Offensive Security Certified Professional), CKA (Certified Kubernetes Administrator), CKS (Certified Kubernetes Security Specialist), etc. Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON (24, 26, 27, 28, 29, 30), BlackHat (2018, 19, 21, 22 & 23), USENIX LISA (2018, 19 & 21), SANS Cloud Security Summit 2021 & 2022, O’Reilly Velocity EU 2019, GitHub Satellite 2020, Appsec EU (2018, 19, 22), All Day DevOps (2016, 17, 18, 19, 20, 21 & 22), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 18 & 20), Nullcon (2018, 19, 21 & 22), SACON 2019, Serverless Summit, null and multiple others. His research has identified vulnerabilities in over 200+ companies and organisations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP and Adobe, etc and credited with multiple CVE’s, Acknowledgements and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. He is the technical reviewer for Learn Kubernetes Security, Practical Ansible2 books by Packt Pub. Also won 1st prize for building Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams.