logo_kubesec_2019_na_02_export_white_opacity
November 18, 2019
Westin San Diego Gaslamp Quarter
KubeCon Co-Located Event
About

KubeSec Enterprise Summit

KubeSec Enterprise Summit is a full-day event that focuses on the challenges faced by larger organizations with demanding security and compliance requirements when deploying Kubernetes in production. Whether you are just now beginning to roll out your first production implementation of Kubernetes, or are an early adopter looking to learn from the experience of your peers, you are sure to get valuable insights from this educational event.

The agenda will include:
kubesec_icon_01
End-user presentations sharing their experiences / best practices
kubesec_icon_02
Emerging trends in Kubernetes security technologies
kubesec_icon_03
Keynote presentations covering industry and market views, including a panel Q&A
kubesec_icon_04
Time for peer-to-peer networking at breaks, and during lunch (box lunch is included with registration fee)
2019 Sponsors 
Agenda 
8:30 - 9:00 AM
Registration
Session
Prevention is Better Than Cure

In this talk Liz will look at the options in cloud native deployments for controls and policies that can stop security breaches before they happen

Liz Rice
VP Open Source
Aqua Security
Session
These 6 Practices Will Help Your K8 Enterprise Security – Number 5 Will Shock You

As a large fintech provider, Finastra had some struggles around keeping up with Kubernetes security best practices. As most people know it is a very fast moving target, which seems to change on a near daily basis. In this session we will detail six different practices that Finastra implemented which really seemed to help move our security practices to the next level. 

Eric Skibicki
Principal Cloud Architect
Finastra
Nir Valtman
VP, Head of Product and Data Security 
Finastra
Session
Kubernetes Infrastructure Implementation to Support AppDevInfraNetSecOps

Duke Energy’s Agile Transformation Journey: Learn how Duke Energy approached the security challenges of moving to a hybrid cloud environment, and key learnings along the way. 

Ritu Sharma
Sr IT Architect, Operations Architecture - Infrastructure
Duke Energy
Session
DevOps and Security – An Uneven Journey

What does DevOps adoption look like at enterprises, and what is the impact of that on cloud-native security? 451 Research presents results from its quantitative and qualitative research into cloud-native security, particularly the relationship between current security practices and DevOps.

Fernando Montenegro
Principal Analyst InfoSec
451 Research
12:00 - 1:00 PM
Lunch
Session
Hack-proofing Your Kubernetes Clusters

Some of the challenges faced by the organizations are: How can one create secure Kubernetes clusters and manage them for on-going compliance? What are the best practices for monitoring and detecting drift in your clusters? How can you patch your clusters quickly in the world of CVE’s with minimal downtime?  

In this talk, Prachi and Murali will share and demo the novel open source techniques they have developed to address these problems. 

Prachi Damle
Principal Software Engineer
Rancher
Session
Kerberos in Kubernetes - Legacy Authentication in a Cloud Native World

In this session we'll examine a customer case study of a global financial services firm that needed to access CIFS file shares and SQL Server from pods as the user that deployed them using Kerberos, with no service accounts. Kerberos is a mainstay of legacy systems. It's ubiquitous across the Windows enterprise and it's popular amongst big data implementations as well. The goal of these implementations is to avoid using service accounts and instead access systems as the authorized user. How will you do this when you're running a job in Kubernetes? It's much more than just injecting a secret.

Marc Boorshtein
CTO
Tremolo Security, Inc.
Session
No BS Zero Trust

Zero trust is the idea that identity, not network location, is what's most important for security. The marketing promise is that zero trust methods improve security and architectural flexibility, allowing you to connect anything running anywhere without relying on perimeter security or VPNs. This talk will explore how that's done in practice using open source and open standard technologies like X.509, ACME, mutual TLS/HTTPS, JWTs, OAuth OIDC, SSH, and WebAuthn.

Mike Malone
Founder and CEO
smallstep
Session
Multitenancy in Kubernetes: Come On In! … The Water's Warm

Multitenancy is a key capability for any cloud platform to gain widespread adoption. Without this, an enterprise will often need to deploy and operate separate Kubernetes clusters for separate teams within the enterprise which would be complex and expensive. In the ideal model of containers running on bare metal, it would be especially inefficient to allocate dedicated bare metal clusters to separate teams in contrast with deploying a smaller number of multi-tenant clusters which can be securely shared by multiple teams operating independently.

Sanjeev Rampal
Container Platform Engineering Architect
Cisco
Session
The Problem With Sandboxing Solutions

Being able to run an application in a completely isolated environment, with only the permissions and resources it needs would be a huge leap forward. We appear to have the building blocks in Namespaces, capabilities, cgroups, seccomp, MAC, or even virtualization but what’s the hold up? HUGE surprise, these kernel level security controls have usability issues. Engineers trying to lock down their applications typically hit an EPERM wall without explanation, and turn off the controls all together. No one thinks about applications in terms of system calls, it’s time we rethink usability in sandboxing, and security as a whole. This talk will delve into these ideas and offer a first step towards a solution.

Grant Seltzer
Security Engineer
Oscar Health
Session
Building a Container Platform: Best Practices for Enterprise-Grade Kubernetes Security

What do autonomous vehicles and container platforms at Cruise have in common? For starters, we view safety and security as the number one top priority. In this talk, we’ll discuss 5 critical security topics that intersect with container platforms and explore how Cruise tackled their challenges to enable a "Secure by Default" PaaS environment for Self-Driving Cars.

Topics include: Identity, Authentication, Authorization, Secrets Management, & Encryption.

Mike Ruth
Staff Security Engineer
Cruise
Session
How to Train Your Red Team: From Threat Model to Kubernetes CTF

“Simulation” (i.e. playing hacking games on production-like infrastructure) is rising to prominence as a comprehensive training method for penetration testers, Red Teams, and infrastructure engineers. It safely demonstrates the risks an organisation or platform may face by using a controlled environment that looks and feels like production but is only a clone. This allows users to experiment with system security without fear of affecting production traffic or opening unexpected security holes.

Andrew Martin
Co-Founder
ControlPlane
5:00 - 6:00 PM
Networking Reception
Speakers
Liz Rice
VP Open Source
Aqua Security
Dror Davidoff
Co-Founder and CEO
Aqua Security
Amir Jerbi
Co-Founder and CTO
Aqua Security
Eric Skibicki
Principal Cloud Architect
Finastra
Nir Valtman
VP, Head of Product & Data Security, Finastra
Marc Boorshtein
CTO
Tremolo Security, Inc.
Fernando Montenegro
Principal Analyst, InfoSec
451 Research
Mike Malone
Founder and CEO
smallstep
Prachi Damle
Principal Software Engineer
Rancher Labs, Inc
Ritu Sharma
Sr IT Architect
Duke Energy
Sanjeev Rampal
Container Platform
Engineering Architect
Cisco
Grant Seltzer
Security Engineer
Oscar Health
Mike Ruth
Staff Security Engineer
Cruise
Andrew Martin
Co-Founder
ControlPlane