December 10, 2018 | Seattle, WA
 Washington State Convention Center
KubeCon Co-Located Event 
Overview

Please join us for this very first KubeSec Enterprise Summit, focused on the challenges faced by larger organizations with demanding security and compliance requirements when deploying Kubernetes in production. Whether you are just now beginning to roll out your first production implementation of Kubernetes, or are an early adopter looking to learn from the experience of your peers, you are sure to get valuable insights from this educational event.

Co-hosted by Aqua Security, Amazon Web Services (AWS) and Red Hat, the day will provide a unique opportunity to hear from others who have already deployed Kubernetes to support highly secure solutions, as well as a range industry & technology experts in securing cloud-native applications.

The agenda will include:
End-user presentations sharing their experiences / best practices
Emerging trends in Kubernetes security technologies
Keynote presentations covering industry and market views, including a panel Q&A
Time for peer-to-peer networking at breaks, and during lunch (box lunch is included with registration fee)
Agenda
9:00 – 9:30
Registration & Networking
9:30 – 9:45
Welcome & Introductions
9:45 - 10:10
The Emergence of Kubernetes and the Need for Enterprise-Grade Security
Aqua Security, Amir Jerbi, CTO
10:10 – 10:35
Best Practices and Keys for a Successful Deployment
JPMorgan Chase, Oren Hamami
10:35 - 11:05
The State of Kubernetes Security
Aqua Security, Liz Rice
Red Hat, Michael Hausenblas
Liz and Michael give an overview on the state of Kubernetes security at the end of 2018
11:05 - 11:25
Break
11:25 - 11:50
How Security of the Cloud helps secure containers workloads in the Cloud
Amazon Web Services, Henrik Johansson
In this session we will discuss how you can use Cloud security controls and managed services to increase your overall security posture for container workloads by providing strict access controls, network isolation and automation tooling for auto responsive remediation work.
11:50 - 12:20
Outside The Box: Necessary Security Changes In A DevOps World
Forrester, Amy DeMartine
Excitement for containers has reached a fever pitch; developers are loving the easy creation and fast deployment. However, this enthusiasm can blur best practices and lessons learned from past advancements in application development and delivery. Join Forrester guest speaker Amy DeMartine to understand current trends in container adoption, review lessons learned from past technology mistakes, and learn how to assess the maturity of your container security program.
12:20 – 1:15
Lunch
1:15 – 1:35
Can Your Applications Keep a Secret?
CyberArk, Geri Jennings
Storing secrets – like database credentials, API and encryption keys, and passwords – in applications and processes can be burdensome, and it’s understandably tempting for engineers to resort to storing secrets in unsecured plain text files or in the native secret stores of DevOps tools. Developers aren’t security pros – and we can’t expect them to be.

That’s why we need to make it easier for them to adopt good security practices, and in this session we will explain how. Attendees will learn how to automate the process of securing secrets, enabling microservices to communicate securely and applications to safely communicate with external resources (without leaking secrets!). They’ll be introduced to new vendor agnostic open source tools that can be easily deployed in their own environments with little to no investment, and hear how other Fortune 500 organizations have been able to achieve both velocity and security without compromise.
1:35 – 2:00
Defense in Depth: Enterprise Security
Red Hat, Kirsten Newcomer
Organizations are rapidly adopting containers to more easily develop and manage the applications that drive business value. However, enterprise use requires strong security at every stage of the lifecycle. Securing containers is a lot like securing any running process. You need to think about security throughout the layers of the software stack. You also need to secure your CI/CD pipeline. You need defense in depth. In this session, Red Hat’s Kirsten Newcomer will identify the most common layers in a typical container deployment, and discuss ways to build security into each layer.
2:00 – 2:20
How to Lose a Container in 10 minutes
Versent, Sarah Young
Moving to the cloud and deploying containers? In this talk I discuss both the mindset shift and tech challenges, with some common mistakes made in real-life deployments with some real life (albeit redacted) examples. We’ll also look at what happens to a container that’s been left open to the Internet for the duration of the talk.
2:20 – 2:45
Kubernetes Ingress Controller for Autoscaling Application Security
Starbucks, Ryan Hild
Signal Sciences, Aaron Jahoda
How do large enterprises protect applications leveraging modern architectures and rapid development? This session will walk through Starbucks’ best practices for establishing Kubernetes as its modern platform standard. Key to the project’s success was the ability to embed security technology in the platform for automated application defense.
2:45 - 3:30
Break
3:30 - 3:55
Operations After Deployment: Life with Your Secure Kubernetes Environment
Amazon Web Services, Chris Hein
3:55 - 4:20
Authentication in a Cloud Native World
Red Hat, Erica von Buelow
Keeping your infrastructure secure can seem more difficult than ever: cloud-native environments introduce increased automation, greater developer autonomy, and a dynamic fast-growing ecosystem. Staying secure and sane doesn’t have to mean giving up control but it does require building the right security into your system.

This talk dives into the unique challenges that come with enabling enterprise authentication and authorization in cloud-native systems. We will discuss how we tackled it at Red Hat in our OpenShift Container Platform by putting it at the heart of the product and demonstrate how to use the power of Kubernetes and automation to take back control of your system.
4:20 – 4:45
Implementing Bulletproof Access Control
Tinder, Jonathan Walker
Properly implementing access control for users, services, and resources is critical for securing applications running on Kuberentes. In this talk, we’ll cover how Tinder uses Kubernetes RBAC with Amazon Elastic Container Service for Kuberentes (EKS) in order to protect sensitive customer data. We’ll cover best practices for implementing access control for Kubernetes on AWS using the AWS IAM authenticator project, advanced RBAC configuration, and lessons learned from securely managing customer data using Amazon EKS at Tinder.
4:45 – 5:30
Panel Discussion - Frequently Asked Questions and How to get Started
Moderated by Liz Rice
Sponsors
Keynote Speakers
Call For Presentations (CFP): CLOSED
Amir Jerbi
Co-Founder and CTO of Aqua Security
Amir Jerbi brings to Aqua 17 years of security software experience in technical leadership positions. Amir co-founded Aqua with the vision of creating a security solution that will be simpler and lighter than traditional security products. Prior to Aqua, he was a Chief Architect at CA Technologies, in charge of the host based security product line, building enterprise grade security products for Global 1000 companies. Amir has 14 cloud and virtual security patents under his belt. In his free time, Amir enjoys backpacking in exotic places.
Liz Rice
Technology Evangelist at Aqua Security
Liz Rice leads Aqua’s technology evangelism activities in the cloud-native ecosystem. She is an active member of the open source community, and an award-winning speaker known for her live-coding demos. She is currently co-chair of KubeCon & CloudNativeCon. Prior to getting immersed in containers she built up a wealth of software development, team, and product management experience working on network protocols and distributed systems, and in digital technology sectors such as VOD, music, and VoIP with companies including Skype, Last.fm and Metaswitch Networks. When not writing code, or talking about it, Liz loves riding bikes in places with better weather than her native London, and competing in virtual races on Zwift.
Kirsten Newcomer
Senior Principal Product Manager at Red Hat
Kirsten Newcomer, OpenShift Senior Principal Product Manager, Red Hat. Kirsten works closely with Red Hat’s many security professionals across the Red Hat portfolio of enterprise-ready open source offerings. Kirsten is a diversified software management professional with 15+ years of experience in application development and infrastructure solutions. Prior to joining Red Hat, Kirsten provided strategic direction for Black Duck’s open source security and governance solutions. Her career has spanned successful roles at IBM Software Group, Rational Software and BMC Software. Kirsten was an early contributor to the Linux Foundation's Software Package Data Exchange (SPDX) specification, which provides a set of standards for communicating the components, licenses, and copyrights associated with software. In her free time, Kirsten serves as Vice Chair of the Board of Trustees.
Henrik Johansson
Amazon Web Services
With over 22 years’ experience in IT with a focus on security and compliance Henrik focuses on establishing and driving CISO level relationship as a trusted cloud security advisor with a passionate focus on developing services and features for security and compliance at scale.
From a technical perspective, Henrik focuses on services and tooling for security at scale / automation, various compliance frameworks, autonomous incident response remediation, secure architecture / pipelines and security tool creation with a focus on security services as well as OSS based tooling. Henrik owns and maintains a number of publicly available OpenSource repos on GitHub.
As a seasoned public speaker / panelist, Henrik has presented at a number of industry events including AWS ReInvent, RSA, SalesForce Connections and other events outside the security realm. His background includes roles such as Security Advisor, Director for Product Development and Professional Services, Enterprise Solutions Advisor, Public Speaker / Evangelist.