Register for the Workshop
Looks good!
First name is required.
Looks good!
Last name is required.
Looks good!
Valid E-Mail is required
Looks good!
Title is required.
Looks good!
We'd like to be able to get in touch.
Looks good!
Let us know where you are working.
Looks good!

We never sell attendee lists or contact information, nor do we authorize others to do so.

Space is limited we will confirm your registration via email.

High tempo workshops from some of the industry’s finest, where you will learn:

  • - theory and practice of threat modeling cloud native systems
  • - advanced, hands-on defensive and offensive techniques against Kubernetes
  • - threat detection and remediation in AWS for Kubernetes
  • - how to the participate CloudNativeSecurityCon Capture the Flag with a warm-up live hacking session

Making Security Valuable

Presented by Ergonautic

Cloud native computing forced most organizations to evolve their security practices and many organizations have bottlenecks where Kubernetes adoption collides with security and compliance. In this workshop we’ll analyze the value of security as a value stream and security as a contributor to other value streams. The workshop will help you identify key value streams within your organization, then outline how understanding the flow of information and assets within those value streams helps discover potential security risks and vulnerabilities. We’ll have interactive exercises to learn how to integrate security considerations into the overall strategy and measure the effectiveness of controls in protecting the value streams in language that the business understands.

Breaking and Building For Greater Good

Presented by Control Plane

In this hands-on workshop we’ll get things started by demonstrating threat modeling guidance applied to Kubernetes and from there move on to advanced techniques for attacking and defending Kubernetes. We’ll walk through a series of exploits and remediations to highlight common attack vectors and mitigate them. Throughout the workshop, participants work hands-on to reinforce the concepts with the opportunity to ask questions and get expert help.

Securing Kubernetes on AWS

Presented by AWS

As the popularity of Kubernetes grows so does the appeal of targeting Kubernetes and AWS can help keep your clusters secure. In this presentation you will learn AWS principles and tools for securing Kubernetes environments that will apply to both EKS and self managed clusters. We’ll cover practical AWS approaches to security ranging from intrusion detection to controlling pod traffic with security groups.

Schedule

  • 9:00-9:10 : Welcome and Agenda OverviewFarrah, Shafer, Andres
  • 9:10-10:45 : Making Security Valuable - Jabe Bloom and Sasha Rosenbaum
  • 10:45-11:00 Break
  • 11:00-12:15 : Attacking and Defending Kubernetes - Marco, Andy Andres
  • 12:15-12:45 Lunch
  • 12:45-2:45 : Attacking and Defending Kubernetes   - Marco, Andy Andres
  • 2:45-3:00 Break
  • 3:00-4:00 Kubernetes Threat Modeling  - Marco, Andy Andres
  • 4:00-4:10 Break
  • 4:10-5:10 AWS Security Guardrails for K8s - Jeremy  Cowan
  • 5:10 Wrap up
Register for the Workshop
Looks good!
First name is required.
Looks good!
Last name is required.
Looks good!
Valid E-Mail is required
Looks good!
Title is required.
Looks good!
We'd like to be able to get in touch.
Looks good!
Let us know where you are working.
Looks good!

We never sell attendee lists or contact information, nor do we authorize others to do so.

Space is limited we will confirm your registration via email.

Your Hosts

Andrew Clay Shafer evangelized DevOps tools and practices before DevOps was a word. Andrew focuses on evolving practices to make the most of technology investments. Having experience in almost every role in software delivery across two decades, he cuts through rituals to get to outcomes.
Andrés Vega is VP of Operations, North America at ControlPlane focused on helping global banks develop new online capabilities while meeting compliance objectives with a zero trust, continuous security approach. He participates actively in the Cloud Native Computing Foundation (CNCF) as Technical Leader in the Security Technical Advisory Group (TAG Security).
Jeremy Cowan, Developer Advocate Manager. Jeremy has been a huge proponent of containers since 2016 when containers we beginning to emerge as a reasonable way to package and run applications. Since joining AWS in 2015, Jeremy has been a Solutions Architect, Container Specialist, Developer Advocate, and now manages the Developer Advocacy team for Amazon EKS. He enjoys sharing his knowledge with others through social media and in person events. You can find him on Tapt at https://cards.tapt.io/view-profile/42ejZB0PEaEZPb16wa78.
Marco is a Security Engineer with 3+ years of experience consulting on cybersecurity projects within the private and public sectors. He received a PhD in Computer and Control Engineering from Politecnico di Torino, focusing on security and trust in containerised infrastructures. Marco is now employed in ControlPlane, a UK-based consultancy firm that focuses on cloud-native security and engineering.
Andrew is Founder and CEO of https://control-plane.io, CISO at OpenUK, and co-chair of the CNCF’s Technical Advisory Group for Security. He has an incisive security engineering ethos gained building and destroying high-traffic web applications. Proficient in secure systems development, testing, and operations, he is co-author of Hacking Kubernetes (O’Reilly Media, 2022), and has published whitepapers and training material for the Linux Foundation and SANS.
With a degree in Computer Science, an MBA, and two decades of experience across development, operations, product management, and technical sales, Sasha Rosenbaum brings a unique perspective to optimizing the organizational flow of work, bridging gaps with empathy and insight.
Rowan has extensive experience auditing, accrediting, and developing Kubernetes and containerised systems for high compliance commercial and public sector organisations. He is an author of the GKE CIS Benchmark, contributor to the CNCF Financial Services User Group Kubernetes Threat Models, and is Head of Security at ControlPlane.
For 20 years Jabe Bloom has focused on connecting design with software engineering and operational excellence. Jabe is finishing a PhD in Design Studies at Carnegie Mellon. His research focuses on understanding how technology and organizations coevolve together to design more effective transitions.
Presented by :