30 March | Amsterdam, Netherlands

KubeSec Europe 2020 Agenda 
8:45 - 9:15 AM
Registration and Networking
9:15 - 9:35 AM
Dror Davidoff
Co-Founder and CEO
Aqua Security
Amir Jerbi
Co-Founder and CTO
Aqua Security
9:35 - 10:00 AM
Aggregate Risk Profiling of Container Images in an Enterprise Environment

As HSBC continues to migrate workloads to AWS there is a need to support a security compliant mechanism for storing and scanning container images. Learn how HSBC leveraged AWS serverless technologies to build an automated container scanning platform integrated with Vulnerability Management processes.

Akinbiyi Akindoyin
Cloud Architect
10:00 - 10:25 AM
API Threats Protection for Developers

Securing microservices/APIs must be done at multiple levels, and one of them is the application level. In this talk, using recent breaches as examples, we give you immediately actionable tips to protect your APIs at design and development time.

Isabelle Mauny
Field CTO
42 Crunch
10:25 - 10:50 AM
Enabling 500+ Developers to Keep Secure

Over 600 developers in more than 100 teams work at, which is one of the most popular retailer of The Netherlands and Belgium. They are responsible for the entire DevOps process of their applications. Using an in-house developed infrastructure as code and configuration management solution (“R2D2”), they deploy and manage their own services without interference. How does the 19-person strong security team of keep control of security in our Google Kubernetes Engine (GKE) environment, while embracing the "You build it, you run it, you love it" culture in

Machiel Pronk
IT Security Engineer
Rutger Prins
Machine Learning Engineer
10:50 - 11:20 AM
Tea and Coffee Break
11:20 - 11:50 AM
DevOps and Security – An Uneven Journey

What does DevOps adoption look like at enterprises, and what is the impact of that on cloud-native security? 451 Research presents results from its quantitative and qualitative research into cloud native security, particularly the relationship between current security practices and DevOps.

Fernando Montenegro
Principal Analyst
451 Research
11:50 - 12:15 PM
How We Push Our CISO Feedback Loop to The Speed of Light
Loic Le Dru
Kubernetes Platforms Lead
12:15 - 12:40 PM
The Future of x509 Certificate Extensibility in Kubernetes

Until now, Kubernetes has had no standard for requesting and approving x509 certificates. Jetstack has been working with the upstream Kubernetes community to create standard extensibility points that will allow the community to request and manage certificates for kubelets and user applications.

James Munnelly
12:40 - 1:30 PM
1:30 - 1:55 PM
The Sharp Edges of Kubernetes Security

Once you get past the basics of Kubernetes security, locking down your APIs and implementing RBAC you might think you’ve got most of your security issues sorted. However, like any complex system Kubernetes has some sharp security edges. This is a talk about avoiding getting cut by them.

Rory McCune
Principal Security Analyst
NCC Group
1:55 - 2:20 PM
End User Presentation – To Be Announced
25 Minute Session
2:20 - 2:30 PM
Kubernetes Secrets - The Good, The Bad and The Ugly

Secrets (SQL/LDAP passwords, SSH-keys and API-tokens) are usually kept by applications in configuration files or as source code constants. Kubernetes offers a great feature to store your application's Secrets where your containers can access them on demand. In our talk, we’ll share several use cases and flaws were using Kubernetes built-in Secrets Storage is insufficient, and review several future features of K8s and other concepts available in order to be able to better manage and secure your secrets.

Oded Hareven
CEO and Co-Founder
2:30 - 2:40 PM
kubectl Support for PKCS#11 Hardware Security Module

How would you react if your laptop was stolen? Are you worried about attackers performing a cold boot attack to extract your Kubernetes credentials? Do you already use a YubiKey for SSH and GPG, and wonder why you cannot use it with kubectl? If yes, then this talk is for you!

Cristian Klein
Cloud Native Architect
2:40 - 2:50 PM
Re-think Security for the Kubernetes Attack Surface

This session will speak to Kubernetes security checklist based on Kubernetes workflows and attack vectors.  This talk will also include best practices for each attack vector.

Tomoya Amachi
GoodWith LLC
2:50 - 3:15 PM
Tea and Coffee Break

Lightning Talk "Meet the Experts"

3:15 - 3:40 PM
Projected Service Accounts and OIDC, Exposing an Endpoint

Kubernetes has an OIDC endpoint on the roadmap for release 1.18 and EKS provided their own OIDC endpoint. This talk will cover the power this will bring with Projected Service Account tokens. We will walk through how you can have secure intercluster RBAC and how to talk to external services.

Jason Smith
Partner Solution Architect
3:40 - 4:05 PM
Enterprise Kubernetes Security at a Fintech Company

The talk gives the audience to learn about kubernetes security in a real world setting. There is nothing sexy about security but it is damn important. Saurya and Erik (architect at Finastra) will share their real life experiences having worked in the field for 5 years.

Eric Skibicki
Principal Cloud Architect
Saurya Das
Senior Product Manager
4:05 - 4:30 PM
Three Levels of Complexity: Threat Modeling of Containerized Application

Threat modeling is a very powerful tool within application security. This session explains how we can optimize threat modeling and improve the process outcome, and how we can handle a new dimension in the model since the containers usage requires attention to additional aspects easily overlooked.

Elena Kravchenko
Application Security Lead
4:30 - 4:45 PM
Wrapping Up KubeSec Amsterdam with Liz Rice
Liz Rice
VP of Open Source
Aqua Security
4:45 - 6:00 PM
End of Sessions

Networking Drinks

Presenters from these companies
Sign Up for KubeSec Updates

By clicking submit, you consent to allow Aqua to contact you regarding its respective products, services, and upcoming events and to store and process the information submitted.
You may unsubscribe at any time. Please review our Privacy Policy for more information.