Holly, Jolly Kubernetes - App Aware Security & Crap, I've Been Hacked

Samsung - 506 2nd Ave, Suite 1140 Seattle - View Map Seattle
Tue, Dec 12, 2017, 6:30 PM (PST)

About this event


The meetup will be on TuesdayDecember 12, 2017 and starts at 6:30 with food/beverages, speakers start at 7:00. 

SPONSORED: Spin up and manage a Kubernetes cluster with Istio at AWS, GCE, GKE, DigitalOcean or Azure today!

If you would like to present or host feel free to reach out to me on meetup.com or Twitter (@baldwinmathew). 


6:30 - 7:00 - Arrive / Social

7:00 - 7:30 -  Cilium: Application-Aware Security for Microservices via BPF - Cynthia Thomas

BPF (Berkeley Packet Filter) is becoming the fastest growing technology in the Linux kernel and is revolutionizing networking, security and tracing. At the same time, the rise of container-based orchestration platforms such as Kubernetes is creating demand for routing, load-balancing & security infrastructure that is highly scalable, application-aware, and resilient. This talk introduces the open source project Cilium - a modern networking and security platform for microservices. Cilium is built on top of BPF and provides Linux native networking and security services with application protocol awareness. Cilium works hand in hand with application proxies such as Envoy and the services management orchestration layer Istio to provide infrastructure services in a transparent manner and with minimal overhead. This talk will discuss the challenges of exposing services via APIs and the solution that Cilium provides to enforce least privilege security.

7:30 - 8:00 - Hacked! Run time security for Kubernetes - Michael Ducy

Containers have the potential to improve your security posture in production, but the black -box nature of containers and the complexity of distributed microservices present new challenges that InfoSec and DevSecOps teams may not be ready for yet. Common approaches like scanning and container signatures will get you part of the way, but what happens when your production environment is hit by a zero day threat or unknown event? Do you have the capabilities to detect and protect against that incident? In this session we will cover how to use Sysdig Secure to implement run-time security monitoring, policy enforcement, and forensics using activity signals based on system calls. We’ll cover topics such as: How do I see activity originating within containers? What does it take to apply policies consistently across all containers that make up a micro service? How can I get a service-oriented view of container activity based on Kubernetes metadata, for the purposes of auditing or forensics? What can I leverage in open source to make this happen? You’ll walk away from this talk understanding what types of events to look for, how to alert on them, and what you need to do deep forensics in the event of an incident.

8:00 - 8:30 - Wrap-up / Depart


Cynthia Thomas (@_techcet_) is a Technology Evangelist at Covalent IO. Her background includes working with open source cloud & networking solutions. Since 2015, she has been working on Docker and Kubernetes with CNI plugins, currently through the open source project Cilium (www.cilium.io). She is a frequent speaker at conferences, including ContainerCon, Container Camp, DevOps Days, DockerCon, IT Cloud Computing Conference (IC3), and OpenStack Summits & MeetUps. Cynthia received her B.Sc. (Eng) and M.Sc. (Eng) from Queen’s University in Kingston, Canada.

Twitter: @_techcet_

Michael Ducy currently works as Director of Community & Evangelism for Sysdig where he is responsible for growing adoption of Sysdig's open source solutions. Previously, Michael worked at Chef where we held a variety of roles helping customers and community members leverage Chef's open source and paid solutions, as well as implement the ideas and practices of DevOps. Michael has also worked in a variety of roles in his career including Cloud Architecture, Systems Engineering, and Performance Engineering.

Twitter: @mfdii



506 2nd Ave

Suite 1140

Seattle, WA


Tuesday, Dec 12
6:30 PM - 8:30 PM (PST)


506 2nd Ave, Suite 1140 Seattle