Session Name: Defender's Guide to Cloud Native Infrastructure Security
This talk is focused on why, what and how we can add security value into modern cloud native infrastructure. Organisation using micro services and distributed architectures uses containers, kubernetes and modern infrastructure. Understanding these technologies and applying security principles like defense in depth, least privilege, secure by defaults, etc are some of the things we will see in this session.
By end of this talk participants will be able to understand some of the common and real world security problems. Applying pragmatic security using tools, technologies and procedures (TTPs) to build secure cloud native infrastructure. In this talk, we will see how to apply security at different layers like infrastructure security, supply chain security and run-time security.
Also end of the talk, speaker will give away the reference checklist and guide for building secure infrastructure with available resources in their daily operations.
Madhu Akula is a security ninja, published author and cloud native security researcher with an extensive experience. Also he is an active member of the international security, devops and cloud native communities (null, DevSecOps, AllDayDevOps, etc). Hold industry certifications like OSCP (Offensive Security Certified Professional), CKA (Certified Kubernetes Administrator), etc.
Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON (24, 26 & 27), BlackHat USA (2018 & 19), USENIX LISA 2018, O’Reilly Velocity EU 2019, Appsec EU 2018, All Day DevOps (2016, 17, 18 & 19), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 18), Nullcon (2018, 19), SACON 2019, Serverless Summit, null and multiple others.
His research has identified vulnerabilities in over 200+ companies and organisations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP and Adobe, etc and credited with multiple CVE’s, Acknowledgements and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. Also won 1st prize for building Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams.