KubeSec Enterprise Summit
March 30, 2020
Hotel Okura, Amsterdam Netherlands
KubeCon Co-Located Event
► Last KubeSec Recap Speak at KubeSec 2020
About

KubeSec Enterprise Summit

KubeSec Enterprise Summit is a full-day event that focuses on the challenges faced by larger organizations with demanding security and compliance requirements when deploying Kubernetes in production. Whether you are just now beginning to roll out your first production implementation of Kubernetes, or are an early adopter looking to learn from the experience of your peers, you are sure to get valuable insights from this educational event.

The agenda will include:
kubesec_icon_01
End-user presentations sharing their experiences / best practices
kubesec_icon_02
Emerging trends in Kubernetes security technologies
kubesec_icon_03
Keynote presentations covering industry and market views, including a panel Q&A
kubesec_icon_04
Time for peer-to-peer networking at breaks, and during lunch (box lunch is included with registration fee)
Thanks to All the Sponsors
KubeSec 2019 Agenda 
8:30 - 9:00 AM
Registration & Networking
9:00 - 9:20 AM
Welcome / Introduction
20 Minute Session
Dror Davidoff
Co-Founder and CEO
Aqua Security
Amir Jerbi
Co-Founder and CTO
Aqua Security
9:20 - 9:45 AM
Prevention is Better Than Cure
25 Minute Session

In this talk Liz will look at the options in cloud native deployments for controls and policies that can stop security breaches before they happen

Liz Rice
VP Open Source
Aqua Security
9:45 - 10:15 AM
DevOps and Security – An Uneven Journey
30 Minute Session

What does DevOps adoption look like at enterprises, and what is the impact of that on cloud-native security? 451 Research presents results from its quantitative and qualitative research into cloud-native security, particularly the relationship between current security practices and DevOps.

Eric Hanselman
Chief Analyst
451 Research
10:15 - 10:45 AM
These 6 Practices Will Help Your K8 Enterprise Security – Number 5 Will Shock You
30 Minute Session

As a large fintech provider, Finastra had some struggles around keeping up with Kubernetes security best practices. As most people know it is a very fast moving target, which seems to change on a near daily basis. In this session we will detail six different practices that Finastra implemented which really seemed to help move our security practices to the next level. 

Eric Skibicki
Principal Cloud Architect
Finastra
Nir Valtman
VP, Head of Product and Data Security 
Finastra
10:45 - 11:00 AM
Morning Break & Networking
15 Minute Break
11:00 - 11:30 AM
Build Once, Secure Many (Clusters)
30 Minute Session

This session will speak to the progress and pitfalls JPMC has faced over the previous year as they have secured production Kubernetes offerings.

Danny DeChiara
VP of Cyber Security
JPMorgan Chase
11:30 - 12:00 PM
How to Train Your Red Team: From Threat Model to Kubernetes CTF
30 Minute Session

“Simulation” (i.e. playing hacking games on production-like infrastructure) is rising to prominence as a comprehensive training method for penetration testers, Red Teams, and infrastructure engineers. It safely demonstrates the risks an organisation or platform may face by using a controlled environment that looks and feels like production but is only a clone. This allows users to experiment with system security without fear of affecting production traffic or opening unexpected security holes.

Andrew Martin
Co-Founder
ControlPlane
12:00 - 12:10 PM
No BS Zero Trust
10 Minute Session

Zero trust is the idea that identity, not network location, is what's most important for security. The marketing promise is that zero trust methods improve security and architectural flexibility, allowing you to connect anything running anywhere without relying on perimeter security or VPNs. This talk will explore how that's done in practice using open source and open standard technologies like X.509, ACME, mutual TLS/HTTPS, JWTs, OAuth OIDC, SSH, and WebAuthn.

Mike Malone
Founder and CEO
smallstep
12:10 - 1:00 PM
Lunch
1:00 - 1:30 PM
Building a Container Platform: Best Practices for Enterprise-Grade Kubernetes Security
30 Minute Session

What do autonomous vehicles and container platforms at Cruise have in common? For starters, we view safety and security as the number one top priority. In this talk, we’ll discuss 5 critical security topics that intersect with container platforms and explore how Cruise tackled their challenges to enable a "Secure by Default" PaaS environment for Self-Driving Cars.

Topics include: Identity, Authentication, Authorization, Secrets Management, & Encryption.

Mike Ruth
Staff Security Engineer
Cruise
1:30 - 2:00 PM
Duke Energy's Agile Transformation Journey: Kubernetes Infrastructure Implementation to Support AppDevInfraNetSecOps
30 Minute Session

Duke Energy’s Agile Transformation Journey: Learn how Duke Energy approached the security challenges of moving to a hybrid cloud environment, and key learnings along the way. 

Ritu Sharma
Sr IT Architect, Operations Architecture - Infrastructure
Duke Energy
2:00 - 2:30 PM
Multitenancy in Kubernetes: Come On In! … The Water's Warm
30 Minute Session

Multitenancy is a key capability for any cloud platform to gain widespread adoption. Without this, an enterprise will often need to deploy and operate separate Kubernetes clusters for separate teams within the enterprise which would be complex and expensive. In the ideal model of containers running on bare metal, it would be especially inefficient to allocate dedicated bare metal clusters to separate teams in contrast with deploying a smaller number of multi-tenant clusters which can be securely shared by multiple teams operating independently.

Sanjeev Rampal
Container Platform Engineering Architect
Cisco
2:30 - 2:45 PM
Simplifying Policy Enforcement for Application Workloads
15 Minute Session
Have you ever wanted to restrict or whitelist what images a user could deploy? Or wanted to ensure that meaningful defaults, such as Deployment always has a minimum of 2 replicas? This is where Open Policy Agent (OPA) can help save you time and effort. In this session, you learn leverage OPA effectively to easily and quickly improve the safety and governance of your Kubernetes environments and the workloads running in them.
Curtis Rissi
Senior Solutions Architect
AWS
2:45 - 3:10 PM
Afternoon Break
15 Minute Break
3:10 - 3:30 PM
Shifting Left: Breaking the Chains of "Corporate Habits"
20 Minute Session

This session will detail how the DevOps team at Primerica lead the way in moving to a more secure development process.  Breaking down the corporate culture of silos and turf protection by proving that security is every employees responsibility and not just one department.  We will show the tools that we chose and how we have implemented them and how we are fighting and winning the culture battle.

Carlos Traitel
Sr. DevOps Engineer
Primerica
Wes Kanazawa
Sr. DevOps Engineer
Primerica
3:30 - 4:00 PM
Hack-proofing Your Kubernetes Clusters
30 Minute Session

Some of the challenges faced by the organizations are: How can one create secure Kubernetes clusters and manage them for on-going compliance? What are the best practices for monitoring and detecting drift in your clusters? How can you patch your clusters quickly in the world of CVE’s with minimal downtime?  

In this talk, Prachi and Murali will share and demo the novel open source techniques they have developed to address these problems. 

Prachi Damle
Principal Software Engineer
Rancher
4:00 - 4:30 PM
Kerberos in Kubernetes - Legacy Authentication in a Cloud Native World
30 Minute Session

In this session we'll examine a customer case study of a global financial services firm that needed to access CIFS file shares and SQL Server from pods as the user that deployed them using Kerberos, with no service accounts. Kerberos is a mainstay of legacy systems. It's ubiquitous across the Windows enterprise and it's popular amongst big data implementations as well. The goal of these implementations is to avoid using service accounts and instead access systems as the authorized user. How will you do this when you're running a job in Kubernetes? It's much more than just injecting a secret.

Marc Boorshtein
CTO
Tremolo Security, Inc.
4:30 - 5:00 PM
The Problem With Sandboxing Solutions
30 Minute Session

Being able to run an application in a completely isolated environment, with only the permissions and resources it needs would be a huge leap forward. We appear to have the building blocks in Namespaces, capabilities, cgroups, seccomp, MAC, or even virtualization but what’s the hold up? HUGE surprise, these kernel level security controls have usability issues. Engineers trying to lock down their applications typically hit an EPERM wall without explanation, and turn off the controls all together. No one thinks about applications in terms of system calls, it’s time we rethink usability in sandboxing, and security as a whole. This talk will delve into these ideas and offer a first step towards a solution.

Grant Seltzer
Security Engineer
Oscar Health
5:00 - 6:00 PM
Networking Reception
Speakers at KubeSec 2019
Marc Boorshtein
CTO
Tremolo Security, Inc.
Dror Davidoff
Co-Founder and CEO
Aqua Security
Prachi Damle
Principal Software Engineer
Rancher Labs, Inc
Danny DeChiara
VP of Cyber Security,
JPMorgan Chase
Eric Hanselman
Chief Analyst
451 Research
Amir Jerbi
Co-Founder and CTO
Aqua Security
Wes Kanazawa
Sr. DevOps Engineer,
Primerica
Mike Malone
Founder and CEO
smallstep
Andrew Martin
Co-Founder
ControlPlane
Sanjeev Rampal
Container Platform
Engineering Architect
Cisco
Liz Rice
VP Open Source
Aqua Security
Curtis Rissi
Senior Solutions Architect - Containers,
AWS
Mike Ruth
Staff Security Engineer
Cruise
Grant Seltzer
Security Engineer
Oscar Health
Ritu Sharma
Sr IT Architect
Duke Energy
Eric Skibicki
Principal Cloud Architect
Finastra
Carlos Traitel
Sr. DevOps Engineer,
Primerica
Nir Valtman
VP, Head of Product & Data Security, Finastra