DevOps vs. the Security People 6/21 1-3pm
5 views
Skip to first unread message
Alvin Fong
Jun 12, 2019, 1:34:44 PM6/12/19
to Hartford Chapter
Sharing awareness of our next meetup. We're looking for some local panelists if you or someone you know may be interested in being on a panel discussing devops and security.
Date/Time:
Friday, June 21, 2019
1:00 PM to 3:00 PM
1:00 PM to 3:00 PM
Location:
Agenda:
1pm: "DevOps vs “Security People"
In 2019, surveys are saying that 90% of Fortune 500 plan on using containers and things like Kubernetes, yet there’s still a divide between what “security people” see that containers provide and what DevOps teams see. Kubernetes has become the defacto standard for production container deployments and there are 98 different options (as of February 2019) for hosted Kubernetes clouds. In many cases a Kubernetes threat model becomes compromised either by accident or by alibi and even if you wanted to harden your environment, there’s little guidance. Is there truly such a thing as a Kubernetes best practice? How can Kubernetes handle multiple tenants in a cluster? Do hosted Kubernetes services provide enough security for your work load? This talk will explore Kubernetes’ known attack vectors, defenses, and see how we can bridge the silos between security engineers and developers to help in the future.
2pm: panel / chapter meeting TBD
3pm: Networking @ TBD
Please make sure we have your full name so we can send building security a list in advance.
About the speaker: Mark Manning is a Principal Security Consultant with NCC Group and a lead in their Container Practice. He focuses on container technologies, Linux kernel security, and application security, in general. He has performed penetration tests to breakout from containers, delivered architecture reviews of devops environments, and worked with developers on various container and orchestration technologies such as Docker, Kubernetes, Mesos/Marathon, as well as Rancher. Mark currently organizes Rochester 2600 has also organized BSidesROC from 2010 through 2018.
1pm: "DevOps vs “Security People"
In 2019, surveys are saying that 90% of Fortune 500 plan on using containers and things like Kubernetes, yet there’s still a divide between what “security people” see that containers provide and what DevOps teams see. Kubernetes has become the defacto standard for production container deployments and there are 98 different options (as of February 2019) for hosted Kubernetes clouds. In many cases a Kubernetes threat model becomes compromised either by accident or by alibi and even if you wanted to harden your environment, there’s little guidance. Is there truly such a thing as a Kubernetes best practice? How can Kubernetes handle multiple tenants in a cluster? Do hosted Kubernetes services provide enough security for your work load? This talk will explore Kubernetes’ known attack vectors, defenses, and see how we can bridge the silos between security engineers and developers to help in the future.
2pm: panel / chapter meeting TBD
3pm: Networking @ TBD
Please make sure we have your full name so we can send building security a list in advance.
About the speaker: Mark Manning is a Principal Security Consultant with NCC Group and a lead in their Container Practice. He focuses on container technologies, Linux kernel security, and application security, in general. He has performed penetration tests to breakout from containers, delivered architecture reviews of devops environments, and worked with developers on various container and orchestration technologies such as Docker, Kubernetes, Mesos/Marathon, as well as Rancher. Mark currently organizes Rochester 2600 has also organized BSidesROC from 2010 through 2018.
Reply all
Reply to author
Forward
0 new messages