Hardening K8s Software Supply chain and Meeting Kelsey Hightower

Name: Hardening K8s Software Supply chain and Meeting Kelsey Hightower
Start: 2023-03-23T17:30:00-04:00
End: 2023-03-23T21:00:00-04:00
Location: PwC Tower

Toronto

March 23, 2023, 9:30 PM UTC – March 24, 2023, 1:00 AM UTC

In-person event

About this event

We are excited to kick off 2023 with our first in-person event in Toronto!
In our first meetup of the year, we are excited to host the most iconic person in Cloud Native community, Top CNCF Ambassador - Kelsey Hightower. As well discuss practical ways to harden your Kubernetes Runtime and container supply chain  with great speakers and practical demos.
This time we going to cover:
Special guest Kelsey Hightower - Fireside chat with Community
Project Falco, a CNCF Incubating project used to solve cloud-native runtime security problems and is the de facto Kubernetes threat detection engine.
Project Wolfi and Security Supply Chain with Chainguard. Designed from the ground up to produce container images that meet the requirements of a modern secure supply chain and aim for zero-known vulnerabilities.

When

March 23 – 24, 2023
9:30 PM – 1:00 AM UTC

Where

PwC Tower
18 York Street, 26th Floor
Toronto, M5J 0B2

Agenda

9:45 PM	Skateboarding on a Runaway Train: Securing Apps in the Container Runtime	By Curtis Collicutt (Engineer @Sysdig). There is a lot of desire to shift security left, closer to where the code is written. This is a great thing and as an industry we need to get better at it. However, while we work on shifting left we can’t ignore the right side of the equation: the runtime environment. We need to shift left while at the same time guarding and observing the right side, the runtime, where the app is actually running and doing valuable work. The magical world of the container runtime is a strange and frenzied place. There is a massive difference between an application that is not running, one that is simply sitting on disk, and what it looks like while it is running, while it is part of the runtime environment. When running, the application is making millions and millions of system calls that reach out to file systems, it’s loading libraries and accessing networked resources. Of course, while all this is happening, at the same time, end users are accessing and using the application and providing value for the organization. However, while it’s running the application is not only an extremely attractive target, it's in its most vulnerable state. We can use the open source project Falco to understand the complex and chaotic world of the container runtime. In this talk we’ll discuss and demonstrate using tools like the CNCF incubated project Falco, and related tooling, to observe what the application is doing at runtime, as well as the underlying runtime environment itself, and take steps to secure the entire stack.
10:30 PM	Fireside chat with Kelsey Hightower	Kelsey Hightower is in town ! And he wants to meet Toronto CNCF Community and talk about hot topics and challenges and share his experience with our community and where things are heading. Bio Kelsey Hightower is a Distinguished Engineer at Google working on Google’s Cloud Platform. Kelsey is also a huge open source contributor and currently maintains multiple projects that aid software developers and operations professionals in building and shipping cloud native applications. He is also an accomplished author and keynote speaker with a knack for demystifying complex topics and enabling others to succeed. Kelsey is also known for his work in the community and was the inaugural winner of the CNCF Top Ambassador award for his work in helping bootstrap the Kubernetes community. He is also a mentor and technical advisor helping founders turn their visions into reality.
11:30 PM	Hardened at birth: How Wolfi enable secure, minimal workloads preloaded with supply chain data	Adolfo (puerco) García - Staff Software Engineer @ Chainguard The best kind of security is the kind you don't need to think about! And nothing helps you get there better than having workloads that are secure by default. Hardening the software supply chain is a complex task, there are many moving parts that interact to achieve the necessary transparency, data integrity, workload identity and authorization, and more. While there are tools and techniques to handle it all, nothing beats the convenience and accuracy of having these features enabled at build time. Join us to talk about all things supply chain like SBOMS, SLSA provenance, signing with sigstore, minimal images with low CVE counts, and even why Chainguard decided to create Wolfi, a brand new Linux (un)distribution.