About ControlPlane

ControlPlane is a global cloud native and open source cybersecurity consultancy operating in London, New York, and Auckland.

We have industry-leading expertise in the architecture, audit, and implementation of zero trust infrastructure for regulated industries. With a deep understanding of secure-by-design and secure-by-default cloud, Kubernetes, and supply chain security we conduct threat modelling, penetration testing, and cloud native security training to the highest standard.

ControlPlane has secured: multinational banks; major public clouds; international financial and accountancy institutions; critical national infrastructure programs; healthcare and insurance providers; and global media firms.

Learn about out services or request a quote.

Why work with us?

ControlPlane was chosen by Google to audit and author the CIS Benchmarks for GKE, and by O’Reilly to write the book “Hacking Kubernetes”.

We have over 200 years of combined cloud native expertise in highly regulated environments, industry-leading DevSecOps experience, and many successful and significant projects including migrating the entire IT operations of a UK Home Office Critical National Infrastructure project to the public cloud.

We have worked with multiple Fortune 100 and FTSE 100 companies, developing excellent long-term collaborative relationships with our customers, and are currently leading multiple initiatives related to our expertise in one of the world’s largest banks.

We are frequent contributors to community and industry events, regularly delivering talks and training, and organizing cloud native and security meet-ups globally.

We deliver our unique, hands-on cloud native security training at KubeCons and conferences, and under license for O’Reilly Online (“Attacking and Defending Kubernetes” and “Threat Modelling Kubernetes”), and authored the SANS SEC584 Kubernetes course.

We specialize in Kubernetes Penetration Testing engagements, utilizing our knowledge of Kubernetes attack paths gained through the creation of the CNCF Financial Services User Group attack trees, and the creation of our very own gamified Kubernetes Capture the Flag tooling Kubesim, which we have run under license at every KubeCon event since 2020.

We have a proven track record of open source collaboration and leadership, co-chairing the Linux Foundation’s Technical Advisory Group on Security (CNCF TAG Security), acting as pro-bono CISO for the open source charity OpenUK, and contributing to the Open Source Security Foundation (OpenSSF) and Fintech Open Source Foundation (FINOS) community working groups. ControlPlane is extremely proud of the contributions we continue to make in this area.