Virtual Event
November 17, 2020
Learn More and Register to Attend This Event

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2020 - Virtual and add this Co-Located event to your registration to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Eastern Standard Time (UTC–05:00). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Session Presentation [clear filter]
Tuesday, November 17

10:15am EST

Dynamic Image Scanning Through System Tracing - Itay Shakury, Aqua Security
As security practices and tools for application scanning are becoming increasingly popular, malicious actors are introducing sophisticated techniques to obfuscate their intent and evade those scanning tools. The malware they create cannot be detected using static analysis or signatures, but dynamic analysis that runs the application and observes its activity can trace the entire chain of events and help you detect those threats.  In this talk we introduce Dynamic scanning and discuss how it relates to two other security approaches: Static scanning and Runtime security. We will then show how operating system tracing is key to implementing dynamic scanning as we explore common behavioral patterns of malware, and discuss how these threats can be uncovered using open source tools.

avatar for Itay Shakury

Itay Shakury

Director of Open Source, Aqua Security
Itay Shakury is Director of Open Source at Aqua Security, where he leads the development of industry leading, open source, cloud native security solutions. Itay has almost 20 years of experience in various development, architecture and product roles. Itay is also a CNCF Cloud Native... Read More →

Tuesday November 17, 2020 10:15am - 11:00am EST

11:05am EST

Building Effective Attack Detection in the Cloud - Alfie Champion & Nick Jones, F-Security Consulting
The cloud has significantly altered the nature of attack detection, and many of the common data sources and attacker TTPs that security teams have been looking for on premise have changed or are no longer relevant. A lack of public threat intelligence has hindered development of industry knowledge bases, such as the MITRE ATT&CK framework, and the nature of many cloud-native attacker TTPs make it challenging to separate the malicious from the benign.  Based on first-hand experience attacking and defending large enterprises, this talk will share what Alfie and Nick have learned about detecting attacks against cloud-native environments. They will cover how the cloud has changed the detection landscape, the key data sources to leverage, and how to plan and prioritise your cloud detection use cases. They'll also discuss how to validate your detection, including a demonstration of Leonidas, an open source framework for automatically validating detection capability in the cloud.

avatar for Nick Jones

Nick Jones

Senior Consultant, Global Cloud Lead, F-Secure Consulting
Nick Jones is the cloud security lead and a senior security consultant at F-Secure Consulting (formerly MWR InfoSecurity), where he has focused on AWS security in mature, cloud-native organisations and large enterprises for a number of years. When he's not delivering offensively-focused... Read More →
avatar for Alfie Champion

Alfie Champion

F-Secure Consulting
I lead F-Secure's consulting services for all things attack detection, from traditional objective-based adversary simulations through to 'purple teaming' exercises in cloud. Outside of helping bolster client's detective capabilities, I love building new tools for simulating offensive... Read More →

Tuesday November 17, 2020 11:05am - 11:50am EST

12:50pm EST

Designing Secure Applications in the Cloud - Adora Nwodo, Microsoft
When building cloud applications, we should always bear in mind that our services are exposed on the Internet and can be accessed by anyone and may have untrusted users.  Because of this, we need to be proactive and aware of these possible security threats so that we can design our cloud applications to be able to handle them properly. Apart from preventing malicious attacks, cloud applications must also be designed to protect sensitive data and grant access for certain resources to only authorized users.  In this session, I will be talking about 3 security patterns that can be used to prevent malicious or accidental actions outside of the applications designed usage, and to prevent disclosure or loss of information when building for the cloud.

avatar for Adora Nwodo

Adora Nwodo

Software Engineer, Microsoft
Adora is a Software Engineer currently building Mixed Reality on the Cloud at Microsoft. She is also the Author of the popular book "Cloud Engineering for Beginners". This book is currently helping a lot of people start their career as Cloud Engineers. Adora is also a Digital Creator... Read More →

Tuesday November 17, 2020 12:50pm - 1:35pm EST

1:40pm EST

A Tale of a Meshi Kafka: Securing Kafka Deployment When Istio Is Used - Ariel Shuper, Portshift & Nikolas Mousouros, Marlow Navigation
Kafka is a commonly used message broker for microservices real-time data feeds. A standard setup allows any micro-service to read or write any messages to/from any topic. The need for security typically starts when multiple applications use the same Kafka broker in a cluster, or when confidential information is shared in the Kafka topics. Common security practices to use are authenticating subscribers and publishers, authorization policies for access control and data encryption. When Istio is being used with microservices that access Kafka topics, the envoy proxies is expected to offload these security elements.  However, creating sustainable and consistent authorization policies when Istio is deployed isn't feasible, and tracking the microservices based on their IPs isn’t feasible because of their replacement.   The session will present how to build an external authorization mechanism and simplify policy management for Kafka topics by using open source tools, like OPA and others

avatar for Ariel Shuper

Ariel Shuper

VP Product, Portshift

Nikolas Mousouros

Marlow Navigation

Tuesday November 17, 2020 1:40pm - 2:25pm EST

2:50pm EST

Cartography: using graphs to improve and scale security decision-making - Alex Chantavy, Lyft & Marco Lancini, Thought Machine
This talk highlights using Cartography (https://github.com/lyft/cartography) to improve and scale security decision-making in cloud-native environments. Attendees of this session will be introduced to the platform and shown a broad set of compelling scenarios including understanding complex permissions relationships, tracking and alerting on infrastructure changes, and enabling teams to see and better understand their security risk regardless of the platforms they use.  Cartography is a free open-source tool that consolidates your technical assets and the relationships between them in an intuitive graph database.  The presenters hope that sharing their approaches to these problems will help you better understand, categorize, and secure all the assets deployed in your cloud-native organization. They are thrilled to grow the Cartography community in the first couple years as an open source project and look forward to hearing your feedback!

avatar for Alex Chantavy

Alex Chantavy

Software Engineer, Lyft
Alex Chantavy is a software engineer on Lyft's security team. He maintains an open source security graph tool called Cartography, and is particularly interested in understanding cloud permissions relationships and finding opportunities for lateral movement. In previous roles, Alex... Read More →
avatar for Marco Lancini

Marco Lancini

Thought Machine
Marco Lancini is a Cloud Security Engineer at Thought Machine, where he focuses on the security of the containerisation technologies used (i.e., Docker and Kubernetes), as well as of the deployments on the different cloud providers (AWS, GCP, Azure). He also curates CloudSecList... Read More →

Tuesday November 17, 2020 2:50pm - 3:35pm EST

4:15pm EST

Enabling Autonomous Teams With Policy Enforcement at Yubico - James Alseth & John Reese, Yubico
In this talk, we will discuss the tools and processes created by Yubico to enable autonomous teams through policy.  Initially, Kubernetes RBAC and peer reviews from our Platform team allowed teams to adopt Kubernetes for their services. However, we knew that a dependency on a single team was not a scalable solution.  To give teams more autonomy over their services, and rely less on manual reviews, we began to enforce policies in our pipelines and clusters by leveraging the Open Policy Agent. The Open Policy Agent and its surrounding projects were the perfect fit for us; they are open source, flexible, performant, and have seen widespread adoption throughout the ecosystem.  We'll also discuss the tooling that was built that enabled us to test policies, automatically generate supporting documentation and audit how each policy is being used so that they can be safely promoted through our environments. Best of all? They are all open source!

avatar for James Alseth

James Alseth

Security Engineer, Yubico
James Alseth is a Security Engineer at Yubico, currently focused on cloud infrastructure security. He works on building self-service security solutions that enable engineers to be more confident in their design, implementation, and deployment decisions and strategies.
avatar for John Reese

John Reese

Software Engineer, Yubico
John Reese is a Software Engineer at Yubico, who specializes in Kubernetes and Go. He is an active open source contributor and a core maintainer for Conftest, a tool that helps you write tests against structured configuration data. In his free time, he enjoys playing hockey and video... Read More →

Tuesday November 17, 2020 4:15pm - 5:00pm EST
  • Timezone
  • Filter By Venue VIrtual
  • Filter By Type
  • Break
  • General Session
  • Lightning Talk
  • Session Presentation
  • Sponsored Session

Filter sessions
Apply filters to sessions.