Loading…
Virtual Event
November 17, 2020
Learn More and Register to Attend This Event

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2020 - Virtual and add this Co-Located event to your registration to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Eastern Standard Time (UTC–05:00). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.
Simple
Expanded
Grid
By Venue
Tuesday, November 17
 

10:00am EST

Welcome and Introductions - Emily Fox, National Security Agency
Speakers
avatar for Emily Fox

Emily Fox

Security Lead - Emerging Technologies, Security Community Architect - OSPO, Red Hat
Emily Fox is a DevOps enthusiast, security unicorn, and advocate for Women in Technology. She has worked in security for over 13 years to drive a cultural change where security is unobstructive, natural, and accessible to everyone. Serving as chair on the Cloud Native Computing Foundation’s... Read More →

Cloud Native Security Day Intro 17 NOV 2020 pdf
Tuesday November 17, 2020 10:00am - 10:10am EST
Virtual
  General Session

10:15am EST

Dynamic Image Scanning Through System Tracing - Itay Shakury, Aqua Security
As security practices and tools for application scanning are becoming increasingly popular, malicious actors are introducing sophisticated techniques to obfuscate their intent and evade those scanning tools. The malware they create cannot be detected using static analysis or signatures, but dynamic analysis that runs the application and observes its activity can trace the entire chain of events and help you detect those threats.  In this talk we introduce Dynamic scanning and discuss how it relates to two other security approaches: Static scanning and Runtime security. We will then show how operating system tracing is key to implementing dynamic scanning as we explore common behavioral patterns of malware, and discuss how these threats can be uncovered using open source tools.
Speakers
avatar for Itay Shakury

Itay Shakury

VP Open Source, Aqua Security
Itay Shakury is the VP of Open Source at Aqua Security, where he leads engineering for open source, cloud native security solutions. Itay has some 20 years of professional experience in various software development, architecture and product management roles. Itay is also a CNCF Cloud... Read More →

CNDNA20 Dynamic Image Scanning Through System Tracing pdf
Text Transcript EBPM 1119 txt
Tuesday November 17, 2020 10:15am - 11:00am EST
Virtual
  Session Presentation

11:05am EST

Building Effective Attack Detection in the Cloud - Alfie Champion & Nick Jones, F-Security Consulting
The cloud has significantly altered the nature of attack detection, and many of the common data sources and attacker TTPs that security teams have been looking for on premise have changed or are no longer relevant. A lack of public threat intelligence has hindered development of industry knowledge bases, such as the MITRE ATT&CK framework, and the nature of many cloud-native attacker TTPs make it challenging to separate the malicious from the benign.  Based on first-hand experience attacking and defending large enterprises, this talk will share what Alfie and Nick have learned about detecting attacks against cloud-native environments. They will cover how the cloud has changed the detection landscape, the key data sources to leverage, and how to plan and prioritise your cloud detection use cases. They'll also discuss how to validate your detection, including a demonstration of Leonidas, an open source framework for automatically validating detection capability in the cloud.
Speakers
avatar for Nick Jones

Nick Jones

Senior Consultant, Global Cloud Lead, F-Secure Consulting
Nick Jones is the cloud security lead and a senior security consultant at F-Secure Consulting (formerly MWR InfoSecurity), where he has focused on AWS security in mature, cloud-native organisations and large enterprises for a number of years. When he's not delivering offensively-focused... Read More →
avatar for Alfie Champion

Alfie Champion

F-Secure Consulting
I lead F-Secure's consulting services for all things attack detection, from traditional objective-based adversary simulations through to 'purple teaming' exercises in cloud. Outside of helping bolster client's detective capabilities, I love building new tools for simulating offensive... Read More →

CNSD Building Effective Attack Detection In The Cloud pdf
Text Transcript PRDB 1499 txt
Tuesday November 17, 2020 11:05am - 11:50am EST
Virtual
  Session Presentation

11:55am EST

Break
Tuesday November 17, 2020 11:55am - 12:20pm EST
Virtual
  Break

12:25pm EST

Exit Stage Left: Replacing Theater with Chaos - Kelly Shortridge, Capsule8
Kelly will explore how security theater leads to increased organizational friction, especially in the realm of software delivery, rather than promoting safety. She'll contrast these dramatics with a security chaos engineering approach – one which embraces the importance of convenience, alignment with organizational goals, and the wisdom derived from failure.
Speakers
avatar for Kelly Shortridge

Kelly Shortridge

VP of Product Management and Product Strategy, Capsule8

replacing theater with chaos kubecon shortridge pdf
Text Transcript LAHT 3155 txt
Tuesday November 17, 2020 12:25pm - 12:45pm EST
Virtual
  Sponsored Session

12:50pm EST

Designing Secure Applications in the Cloud - Adora Nwodo, Microsoft
When building cloud applications, we should always bear in mind that our services are exposed on the Internet and can be accessed by anyone and may have untrusted users.  Because of this, we need to be proactive and aware of these possible security threats so that we can design our cloud applications to be able to handle them properly. Apart from preventing malicious attacks, cloud applications must also be designed to protect sensitive data and grant access for certain resources to only authorized users.  In this session, I will be talking about 3 security patterns that can be used to prevent malicious or accidental actions outside of the applications designed usage, and to prevent disclosure or loss of information when building for the cloud.
Speakers
avatar for Adora Nwodo

Adora Nwodo

Software Engineer, Microsoft
Adora is a Software Engineer currently building Mixed Reality on the Cloud at Microsoft. She is also the Author of the popular books "Cloud Engineering for Beginners," and "Beginning Azure DevOps". These books are currently helping a lot of people start their career as Cloud Engineers... Read More →

DesigningSecureApplications pdf
Text Transcript QDPF 0380 txt
Text Transcript QDPF 0380 txt
Tuesday November 17, 2020 12:50pm - 1:35pm EST
Virtual
  Session Presentation

1:40pm EST

A Tale of a Meshi Kafka: Securing Kafka Deployment When Istio Is Used - Ariel Shuper, Portshift & Nikolas Mousouros, Marlow Navigation
Kafka is a commonly used message broker for microservices real-time data feeds. A standard setup allows any micro-service to read or write any messages to/from any topic. The need for security typically starts when multiple applications use the same Kafka broker in a cluster, or when confidential information is shared in the Kafka topics. Common security practices to use are authenticating subscribers and publishers, authorization policies for access control and data encryption. When Istio is being used with microservices that access Kafka topics, the envoy proxies is expected to offload these security elements.  However, creating sustainable and consistent authorization policies when Istio is deployed isn't feasible, and tracking the microservices based on their IPs isn’t feasible because of their replacement.   The session will present how to build an external authorization mechanism and simplify policy management for Kafka topics by using open source tools, like OPA and others
Speakers
avatar for Ariel Shuper

Ariel Shuper

VP Product, Portshift
NM

Nikolas Mousouros

Marlow Navigation

A Tale of A Meshi Kafka cloud native security day na 2020 ppt.pptx pdf
Text Transcript TUKF 4112 txt
Tuesday November 17, 2020 1:40pm - 2:25pm EST
Virtual
  Session Presentation

2:50pm EST

Cartography: using graphs to improve and scale security decision-making - Alex Chantavy, Lyft & Marco Lancini, Thought Machine
This talk highlights using Cartography (https://github.com/lyft/cartography) to improve and scale security decision-making in cloud-native environments. Attendees of this session will be introduced to the platform and shown a broad set of compelling scenarios including understanding complex permissions relationships, tracking and alerting on infrastructure changes, and enabling teams to see and better understand their security risk regardless of the platforms they use.  Cartography is a free open-source tool that consolidates your technical assets and the relationships between them in an intuitive graph database.  The presenters hope that sharing their approaches to these problems will help you better understand, categorize, and secure all the assets deployed in your cloud-native organization. They are thrilled to grow the Cartography community in the first couple years as an open source project and look forward to hearing your feedback!
Speakers
avatar for Alex Chantavy

Alex Chantavy

Software Engineer, Lyft
Alex Chantavy is a proudly homesick Hawaii boy who works as a Software Engineer at Lyft and maintains an open source graph tool called cartography. In previous roles, he's worked as a red teamer at Microsoft and as a [REDACTED] for the Department of Defense.
avatar for Marco Lancini

Marco Lancini

Thought Machine
Marco Lancini is a Cloud Security Engineer at Thought Machine, where he focuses on the security of the containerisation technologies used (i.e., Docker and Kubernetes), as well as of the deployments on the different cloud providers (AWS, GCP, Azure). He also curates CloudSecList... Read More →

Cloud Native Security Day Cartography Using graphs to improve and scale security decision making pdf
Text Transcript NPAL 5252 txt
Tuesday November 17, 2020 2:50pm - 3:35pm EST
Virtual
  Session Presentation

3:40pm EST

Cloud Security and how to leverage the shared responsibility model to your advantage - Eshrak Assaf & David Lebutsch, IBM
Adopting Cloud Computing models could be a blessing or a curse. When done with security and compliance in mind, it could save you lots of time, effort and operational costs. When done without regard to security and compliance, it could result in exposing your company to financial and reputational risks. In this session, we will talk about some basic security and compliance concepts that developers need to know before they consider adopting Cloud Computing models. We will talk about how to leverage the Cloud shared responsibility model to your advantage, and why Cloud security and compliance is not optional.
Speakers
avatar for Eshrak Assaf

Eshrak Assaf

Senior Manager, IBM
Senior manager for the Virtual Private Cloud Gen2, IBM Cloud Telemetry and Analytics teams. MSc & MBA graduate complemented by 13+ years of experience in Development, Security, DevOps and Operations with a primary focus on virtualization and cloud computing.
avatar for David Lebutsch

David Lebutsch

CTO / Distinguished Engineer SaaS and Hybrid Cloud, IBM Data and AI, IBM
IBM Distinguished Engineer and CTO for Data & AI SaaS on IBM Cloud. Hands on architect and technical leader with 20+ years of experience.

Cloud Security and how to leverage the shared responsibility model to your advantage pdf
Text Transcript OGJV 1005 txt
Tuesday November 17, 2020 3:40pm - 3:50pm EST
Virtual
  Lightning Talk

3:50pm EST

Why OpenID Connect is More Secure then Certificates - Marc Boorshtein, Tremolo Security, Inc.
Most user's first experience accessing a cluster usually involves a certificate.  It's one of the most secure ways to authenticate a user, when done properly.  It's not nearly as secure as OpenID Connect for your clusters.  In this session you will learn why certificate authentication is a bad idea for your users accessing your clusters and why you should be using OpenID Connect.  In addition to showing why OpenID Connect is the more secure method for accessing your clusters, the session will detail the OpenID Connect threat model and how to mitigate it.  The session will also contrast this model with certificates and show how it's nearly impossible to create an authentication system with certificates as secure as one protected with OpenID Connect.  There will also be a chance for those attending to try to take over an OpenID Connect protected cluster!  
Speakers
avatar for Marc Boorshtein

Marc Boorshtein

CTO, Tremolo Security, Inc.
Marc Boorshtein has been a software engineer and consultant for nearly twenty years and is currently the CTO of Tremolo Security, Inc. Marc has spent most of his career building identity management solutions for large enterprises, U.S. Government civilian agencies, and local government... Read More →

cncf security 2020 oidc pdf
Text Transcript OGJV 1005 txt
Tuesday November 17, 2020 3:50pm - 4:00pm EST
Virtual
  Lightning Talk

4:00pm EST

Hardware Backed Security For Multitenancy at the Edge with SPIFFE & PARSEC - Paul Howard, Arm & Andres Vega, VMware
Three powerful CNCF projects come together in this session, which focuses on how cloud-native workloads can access the best hardware security facilities of any platform in a way that is portable, convenient to consume, and which scales to multiple workloads.  SPIFFE, the Secure Production Identity Framework for Everyone, alongside its production-grade implementation project SPIRE, are both now incubation projects within CNCF.  Parsec (CNCF sandbox) is the Platform Abstraction for Security: a simple and portable way to access platform facilities for key management and cryptography on any hardware in any programming language. But Parsec is so much more than just an API shim. It also provides key management and access control based on the identities of workloads, keeping their secure assets separate.  This session will show how Parsec can be combined with SPIFFE and SPIRE to provide a key management service based on attested workload identities,
Speakers
avatar for Andres Vega

Andres Vega

Founder, M42
avatar for Paul Howard

Paul Howard

Principal System Solutions Architect, Arm
Paul Howard is a Principal System Solutions Architect in the Architecture and Technology group at Arm, based in Cambridge, UK. Paul joined Arm in 2018 from a software engineering background. His focus at Arm is on better-together stories for hardware and software across cloud, edge... Read More →

Multitenant Edge SPIFFE PARSEC CNSecDayNA2020 pdf
Text Transcript OGJV 1005 txt
Tuesday November 17, 2020 4:00pm - 4:10pm EST
Virtual
  Lightning Talk

4:15pm EST

Enabling Autonomous Teams With Policy Enforcement at Yubico - James Alseth & John Reese, Yubico
In this talk, we will discuss the tools and processes created by Yubico to enable autonomous teams through policy.  Initially, Kubernetes RBAC and peer reviews from our Platform team allowed teams to adopt Kubernetes for their services. However, we knew that a dependency on a single team was not a scalable solution.  To give teams more autonomy over their services, and rely less on manual reviews, we began to enforce policies in our pipelines and clusters by leveraging the Open Policy Agent. The Open Policy Agent and its surrounding projects were the perfect fit for us; they are open source, flexible, performant, and have seen widespread adoption throughout the ecosystem.  We'll also discuss the tooling that was built that enabled us to test policies, automatically generate supporting documentation and audit how each policy is being used so that they can be safely promoted through our environments. Best of all? They are all open source!
Speakers
avatar for James Alseth

James Alseth

Security Engineer, Yubico
James Alseth is a Security Engineer at Yubico, currently focused on cloud infrastructure security. He works on building self-service security solutions that enable engineers to be more confident in their design, implementation, and deployment decisions and strategies.
avatar for John Reese

John Reese

Software Engineer, Yubico
John Reese is a Software Engineer at Yubico, who specializes in Kubernetes and Go. He is an active open source contributor and a core maintainer for Conftest, a tool that helps you write tests against structured configuration data. In his free time, he enjoys playing hockey and video... Read More →

Enabling Autonomous Teams With Policy Enforcement At Yubico pdf
Text Transcript HXFB 8773 txt
Tuesday November 17, 2020 4:15pm - 5:00pm EST
Virtual
  Session Presentation

5:05pm EST

Break
Tuesday November 17, 2020 5:05pm - 5:20pm EST
Virtual
  Break

5:25pm EST

Capture the Flag Wrap Up & Summary, Andrew Martin, Control Plane & Magno Logan, Trend Micro
Speakers
avatar for Andrew Martin

Andrew Martin

CEO, ControlPlane
Andrew has an incisive security engineering ethos gained building and destroying high-traffic web applications. Proficient in systems development, testing, and operations, he is at his happiest profiling and securing every tier of a cloud native system, and has battle-hardened experience... Read More →
avatar for Magno Logan

Magno Logan

Information Security Specialist, GoHacking
Magno Logan works as an Information Security Specialist for Trend Micro. He specializes in Cloud, Container and Application Security Research, Threat Modelling and Red Teaming. He has been tapped as a resource speaker for numerous security conferences around the globe. He is also... Read More →

Text Transcript XGTO 0740 txt
Tuesday November 17, 2020 5:25pm - 6:10pm EST
Virtual
  General Session

6:15pm EST

Event Closing Talk
Speakers
avatar for Andrew Martin

Andrew Martin

CEO, ControlPlane
Andrew has an incisive security engineering ethos gained building and destroying high-traffic web applications. Proficient in systems development, testing, and operations, he is at his happiest profiling and securing every tier of a cloud native system, and has battle-hardened experience... Read More →
avatar for Emily Fox

Emily Fox

Security Lead - Emerging Technologies, Security Community Architect - OSPO, Red Hat
Emily Fox is a DevOps enthusiast, security unicorn, and advocate for Women in Technology. She has worked in security for over 13 years to drive a cultural change where security is unobstructive, natural, and accessible to everyone. Serving as chair on the Cloud Native Computing Foundation’s... Read More →
avatar for Brandon Lum

Brandon Lum

Senior Software Engineer, IBM
Brandon loves designing and implementing computer systems (with a focus on Security, Operating Systems, and Distributed/Parallel Systems). He enjoys tackling both technical and business challenges and has a side interest in organizational behavior and leadership. At IBM Research... Read More →
JJ

Jeyappragash Jeyakeerthi

Co-chair, Tetrate

Text Transcript YKHL 1127 txt
Tuesday November 17, 2020 6:15pm - 6:45pm EST
Virtual
  General Session
 
  • Timezone
  • Filter By Venue VIrtual
  • Filter By Type
  • Break
  • General Session
  • Lightning Talk
  • Session Presentation
  • Sponsored Session
Filter sessions
Apply filters to sessions.
Tuesday, November 17
Virtual
  • Break
  • General Session
  • Lightning Talk
  • Session Presentation
  • Sponsored Session
  • Popular