Thoughtworks SecConf 2022 - SCALING YOUR ORGANIZATION KUBERNETES SECURITY!

Abstract

Most companies adopting Kubernetes have a hard time building their security around it. With cloud-native transformation, growth of the company, and adoptions it’s super hard to build security across different layers.

In this talk, Madhu Akula will showcase how Kubernetes Goat will solve these problems by helping developers, DevOps, and security teams to understand the real-world security misconfigurations, vulnerabilities, and attacks in a context-driven practical hands-on way. So, most of your security issues will be fixed before even being deployed into Production.

Some examples include helping DevOps/Developer teams understand the risks so they could have been mitigated even before they write Dockerfiles, Manifests, Helm charts, etc. to deploy the microservice into clusters. We will see some real challenges regards competency, knowledge gap, and bridging the gap between DevOps/SRE teams and security collaboratively and practically.

Date
Saturday, 15 Oct 2022 00:00 UTC
Location
Live, Online
Madhu Akula
Madhu Akula
Never Ending Learner!

Madhu Akula is a pragmatic security leader and creator of Kubernetes Goat, an intentionally vulnerable by design Kubernetes Cluster to learn and practice Kubernetes Security. Also published author and cloud native security researcher with an extensive experience. Also he is an active member of the international security, devops and cloud native communities (null, DevSecOps, AllDayDevOps, AWS, CNCF, USENIX, OWASP, etc). Holds industry certifications like OSCP (Offensive Security Certified Professional), CKA (Certified Kubernetes Administrator), CKS (Certified Kubernetes Security Specialist), etc. Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON (24, 26, 27, 28, 29, 30), BlackHat (2018, 19, 21, 22 & 23), USENIX LISA (2018, 19 & 21), SANS Cloud Security Summit 2021 & 2022, O’Reilly Velocity EU 2019, GitHub Satellite 2020, Appsec EU (2018, 19, 22), All Day DevOps (2016, 17, 18, 19, 20, 21 & 22), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 18 & 20), Nullcon (2018, 19, 21 & 22), SACON 2019, Serverless Summit, null and multiple others. His research has identified vulnerabilities in over 200+ companies and organisations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP and Adobe, etc and credited with multiple CVE’s, Acknowledgements and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. He is the technical reviewer for Learn Kubernetes Security, Practical Ansible2 books by Packt Pub. Also won 1st prize for building Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams.