Session Name: Scaling Kubernetes Security with Kubernetes Goat
Most companies adopting Kubernetes have a hard time building their security around it. With cloud-native transformation, growth of the company, and adoptions it’s super hard to build security across different layers. In this talk, Madhu Akula will showcase how Kubernetes Goat will solve these problems by helping developers, DevOps, and security teams to understand the real-world security misconfigurations, vulnerabilities, and attacks in a context-driven practical hands-on way. So most of your security issues will be fixed before even being deployed into Production.
Some examples include helping DevOps/Developer teams understand the risks so they could have been mitigated even before they write Dockerfiles, Manifests, Helm charts, etc. to deploy the microservice into clusters. We will see some real challenges regards competency, knowledge gap, and bridging the gap between DevOps/SRE teams and security collaboratively and practically.
Madhu Akula is a pragmatic security leader, working on product security, cloud native security. I have created OSS projects including Kubernetes Goat, Hacker Container, tldr.run, etc. I frequently speak & train at events and conferences like DEFCON, Black Hat, SANS, USENIX, OWASP, Nullcon, All Day DevOps, DevSecCon, null, and many others around the globe. My research has found 200+ vulnerabilities in products, and organizations including Google, Microsoft, AT&T, NTOP, Adobe, WordPress, Gitlab, etc. Published author of Security Automation with Ansible2. Technical reviewer for books, conferences, etc. I contribute to communities like All Day DevOps, null, AWS, OWASP, etc. Advise startups on building great products, and communities, and adding value.