About Us

Find valuable insights, knowledge, and inspiration for your business in our selected articles. Explore practical tips from our team of experts and fuel your company’s growth.
Featured Image

ControlPlane Outreach: Exposing At-Risk Students to Careers in Tech

ControlPlane partnered with Spark! to empower at-risk students through workshops that introduced them to tech careers, continuous learning, and future possibilities.

By Maddie Clingan and Yannis Follias
Featured Image

Future Open Source LLM Killchains! A Talk by Vicente Herrera

In The Security Ai Summmit 2024, Principal Consultant Vicente Herrera explores how advanced adversaries could exploit vulnerabilities in the open-source AI ecosystem, particularly in large language models (LLMs), by targeting MLOps infrastructure, with a focus on mitigation strategies to prevent such attacks.

By ControlPlane Team
Featured Image

Smarter Than Your Average SBOM! A Talk by Matt Jarvis & Andrew Martin

In Kubernetes Community Day UK 2023 Snyk, Director Matt Jarvis and ControlPlane CEO Andrew Martin teamed up and deeply delved into the Software Bill of Materials (SBOMs) world

By ControlPlane Team
Featured Image

FINOS AI Governance Framework

At the Secure AI Summit earlier this year, ControlPlane’s Torin van den Bulk delivered an eye-opening talk on the ‘Invisible infiltration of AI supply chains by adversarial actors’. This talk examines the importance of securing the data, models, and pipelines involved at each step of an AI supply chain.

By Torin van den Bulk
Featured Image

ControlPlane at the Bleeding Edge: Ending the Pain of Periods

The ControlPlane Agile team is proudly taking steps toward breaking down awkwardness, stigma, and workplace barriers to menstrual health.

By ControlPlane Agile Team
Featured Image

I'll Let Myself In: Kubernetes Privilege Escalation Tactics

ControlPlane’s talk at Kubecon Europe 2024 gave attendees an overview of Cloud-Native Penetration Test and privilege escalation tactics to make cloud native systems more secure

By Iain Smart
Featured Image

The Impact of the Polyfill Supply Chain Attack

Recently a supply chain attack was discovered for the domain cdn dot polyfill dot io which was a popular service for the distribution of an open source library polyfill.js. According to sansec.io, this attack effected over 100,000 sites which involved cdn dot polyfill dot io injecting malware on mobile devices. So what happened in the polyfill.io attack? Polyfill is a service that provides a piece of Javascript code that allows modern functionality on older browsers that do not natively support it.

By Kevin Ward
Featured Image

Mastering the Cloud Native Wave: Security Resilience in Modern Systems

ControlPlane’s talk at InfoSec Europe 2024 gave attendees an overview of observations and techniques to make cloud native systems more resilient"

By Rob Kenefeck
Featured Image

Abusing VSCode: From Malicious Extensions to Stolen Credentials (Part 2)

High Level Architecture VSCode API Electron safeStorage Chromium OSCrypt Analysis Limited Documentation No Sandboxing Hardcoded Chromium Password 73% of developers use VSCode to work on hobby projects and enterprise software alike. At the same time, a disproportional amount of independent security research has been performed on VSCode to enable the community to make informed, risk-based decisions when it comes to VSCode adoption and hardening. Both Check Point and Aqua show how easily malicious extensions steal personal identifiable information (PII) and other sensitive data by impersonating popular extensions in the VSCode Marketplace.

By Fabian Kammel & Kevin Ward
Featured Image

Abusing VSCode: From Malicious Extensions to Stolen Credentials (Part 1)

Abusing VSCode Features Attack Paths for Remote VSCode Compromise Creating a Malicious Extension Publishing onto VSCode Marketplace Installing the Malicious Extension Attack Path for Stealing Credentials Conclusion Over the past several years, there has been a mantra of “shift left” to push security to the beginning of the development lifecycle. Although this is a great approach to enable developers to focus on functionality whilst providing security guidance, it does so at the cost of creating a powerful multi-functional toolbox which is integrated with source code repositories, CI/CD pipelines, cloud providers and other services.

By Kevin Ward & Fabian Kammel
Featured Image

Open Source Dynamics in the Era of Licence Innovation

This talk looks at the future of open source in the light of the turmoil from new “faux-pen source” business licenses. It explores the intricate dynamics of community-driven software construction, focusing on sustainability challenges with the evolving nature of licenses and business models, and contemplates solutions to the tension between open source principles and hyperscale cloud service providers.

By Andrew Martin
Featured Image

How to create a Table Top Exercise for Cyber Incident Responders

After a fair amount of hard work and collaboration with the OpenSSF and numerous proposed and scrapped scenarios, we launched the OSSF WG Vulnerability Disclosures TTX Documentation. OpenSSF wanted to create, host and run an Incident Response scenario (IR) Table Top Exercise (TTX), in the format of a panellist discussion, held at SOSS Community Day North America, in Seattle. Let’s start with a look behind the scenes at what goes into developing and conducting an effective Incident Response TTX, what worked for us and what didn’t, and how we think these lessons can contribute to anyone else looking to carry out a similar exercise.

By Ian Barbour
Featured Image

Brewing the Kubernetes Storm Center: Open Source Threat Intelligence for the Cloud Native Ecosystem

James Callaghan, principal consultant at ControlPlane, and Constanze Roedig discuss open source cloud native threat intelligence at KubeCon + CloudNativeCon Europe 2024

By James Callaghan
Featured Image

Flux CD Architecture Overview

Stefan Prodan, core maintainer of the CNCF Flux project, provides a comprehensive overview of Flux CD architectures for multi-cluster continuous delivery

By Stefan Prodan
Featured Image

Isovalent and ControlPlane's Joint Whitepaper

Engineers, product managers and consultants from both companies explore how Cilium can tackle the challenges of cloud native compliance

By Ollie Cuffley-Hur & Martyn Smith
Featured Image

The Lowdown on Locked Namespaces

Marco De Benedictis, senior consultant at ControlPlane, discusses how Kubernetes namespaces have grown from an optional feature to a security boundary at KubeCon + CloudNativeCon Europe 2024

By Marco De Benedictis
Featured Image

Zero Trust Training Courses with the Linux Foundation

ControlPlane has authored two Zero Trust training courses for the Linux Foundation

By ControlPlane
Featured Image

ControlPlane at Kubecon EU Paris ‘24 - Recap

A recap of ControlPlane’s activities at Kubecon EU in Paris

By Ashley Ward
Featured Image

The Envoy Gateway End User Threat Model, in collaboration with the Linux Foundation

ControlPlane has collaborated with the Linux Foundation to threat model Envoy Gateway and generate an End User guide

By ControlPlane
Featured Image

Flux CD: D1 Reference Architecture

ControlPlane’s commitment to supporting the Flux Project continues, providing a model and a guide for multi-cluster, multi-tenant environments

By Andrea Martino
Featured Image

ControlPlane at KubeCon EU '24 Paris

ControlPlane’s talks and events schedule for KubeCon EU in Paris

By Niamh O'Loughlin
Featured Image

Container Security Basics at Securi-Tay 2024

ControlPlane’s principal consultant, Iain Smart, talks about Container and Kubernetes Security at Abertay Hackers’ Securi-Tay 2024

By Iain Smart
Featured Image

NIST Special Publication 800-204D calls for GitOps approaches

Exploring how NIST’s latest publication underscores the necessity of integrating GitOps strategies in software supply chain security within DevSecOps CI/CD pipelines

By Andrew Martin
Featured Image

Bringing light to risks lurking in the black boxes of AI models

ControlPlane’s principal consultant, Vicente Herrera, talks about AI Security at OpenUK’s “State of Open Con 2024”

By Vicente Herrera
Featured Image

ControlPlane backs the CNCF Flux Project by Employing Maintainers

ControlPlane’s support for the CNCF Flux project ensures the sustainability and security of critical systems through open source maintenance and innovative enterprise solutions

By Andrew Martin
Featured Image

ControlPlane and Scott Logic Collaborate on Scottish Government Identity and Payments Systems

Collaborative efforts between ControlPlane and Scott Logic on the Scottish Government identity and payment systems: security architectures, platform integrations, and project assurance

By Andrew Martin
Featured Image

Tangible Value with ControlPlane Enterprise for Flux CD

ControlPlane Enterprise elevates Flux CD with enhanced security, support, and compliance, catering to diverse needs in Kubernetes deployments

By ControlPlane
Featured Image

AI Software Development Lifecycle on Kubernetes

AI software’s evolution on Kubernetes: current methodologies, potential future developments, and inherent risks

By ControlPlane
Featured Image

ControlPlane at OpenSSF and Open Source Summit Japan, 2023

ControlPlane’s journey to Japan and an overview of some of the talks presented

By Jack Kelly
Featured Image

Navigating Cloud Security and Automation with Eficode

Talking to Eficode about Cloud Native Security Challenges

By Andrew Martin
Featured Image

Play the 2023 CNCF CTF Scenarios with the Revamped Simulator

The public release of the 2023 CNCF CTF Scenarios is here! In this blog post, we’ll walk you through the revamped simulator and how to get started with the challenges.

By Kevin Ward
Featured Image

Cloud Native and Kubernetes Security Predictions 2024

A look into the tumultuous waters of cloud and Kubernetes security in 2024

By Andrew Martin
Featured Image

Andrew Martin on "Nerding Out With Viktor" — Security, Penetration Testing, and Threat Modelling

The inaugral “Nerding Out With Viktor” podcast with ControlPlane CEO, Andrew Martin

By Niamh O'Loughlin
Featured Image

Unveiling the Future of CI/CD Security: A Deep Dive into Advanced Practices

The “Advanced CI/CD Security” workshop we ran at DevOpsCon 2023 in Munich provided a deep dive into the latest practices shaping the future of cloud security

By Fabian Kammel
Featured Image

Conference Recap: ControlPlane at KubeCon NA '23 Chicago

Reflecting upon our experience at KubeCon North America 2023

By Jasmine Andine
Featured Image

ControlPlane at KubeCon NA '23 Chicago

Where to find ControlPlane talks and events at KubeCon North America 2023 in Chicago

By Jasmine Andine
Featured Image

Take Zero Trust to the Next Level with Confidential Virtual Machines

SPIFFE and confidential computing are two security projects that minimize the level of implicit trust a user needs to place into a computing system. We will show how to combine these approaches to minimize the trust we need to place in public cloud services

By Fabian Kammel
Featured Image

The National Cybersecurity Strategy Implementation Plan

The first annual iteration of the National Cybersecurity Strategy Implementation Plan has been released, detailing how the US government plans to achieve the goals previously outlined in 2021’s National Cybersecurity Strategy

By Andrew Martin
Featured Image

Dark Matter Cloud Anonymous: Andrew Martin and Amanda Brock discuss open source and OpenUK’s report

The event took questions from an audience of industry veterans and discussed open source security, developer understanding of Kubernetes, FinOps for cloud, and more

By Emma Ballantyne
Featured Image

Charting Zero Trust and High Assurance: ControlPlane’s Takeaways from the NIST Multi-Cloud and OSCAL Conferences

ControlPlane’s Experience at the 4th Annual OSCAL and Multi-Cloud Conferences Sponsored by NIST

By Torin van den Bulk
Featured Image

Conference Recap: ControlPlane at KubeCon EU '23

ControlPlane talk & event write-ups from KubeCon EU in Amsterdam

By Ollie Cuffley-Hur
Featured Image

Threat Modelling Zero Trust at KubeCon EU 2023 Amsterdam

ControlPlane show you how to threat model Zero Trust architectures at KubeCon Europe 2023 in Amsterdam

By James Callaghan
Featured Image

Kubecon EU '23: Open Source Releases

ControlPlane open sources security and threat model knowledge

By Andrew Martin

Netassert v2: Network Security Testing

How to write, test, and secure your network configurations

By Prithak Sharma
Featured Image

Collie: A toolkit for securing cloud controller provisioned infrastructure

Demonstrating compliance and securing infrastructure provisioned by Kubernetes Cloud Infrastructure Controllers

By Rowan Baker & Henry Mortimer
Featured Image

ControlPlane at DevSecCon UK Meet-up

ControlPlane at DevSecCon UK Meet-up

By Joe Collins
Featured Image

ControlPlane at KubeCon EU 2023 Amsterdam

Where to find ControlPlane talks and events at KubeCon Europe 2023 in Amsterdam

By Ollie Cuffley-Hur
Featured Image

Intro to the CloudNative SecurityCon CTF

Capture-the-Flag platform demo with The New Stack 🔐🏴‍☠️

By ControlPlane
Featured Image

The Most Excellent Learnings of CloudNative SecurityCon 2023

The Cloud Native security community is vibrant and strong 🌩🎉

By ControlPlane
Featured Image

The Inaugral CloudNative SecurityCon, North America, and Security Zero Day

Cloud Native security bursts onto the conference circuit 🌩🎉

By ControlPlane
Featured Image

SPIFFE: The Keystone Species of Cloud Native Security

Short-lived cryptographic identities are the basis upon which secure communication and access control are built 🖧🙊

By ControlPlane
Featured Image

Cloud Native and Kubernetes Security Predictions 2023

A speculative look into the perils and opportunities that 2023 holds 🕵️🔎

By Andrew Martin
Featured Image

KCD UK 2022

Kubernetes Community Days 2022 at CodeNode, London ☸

By Jaymie Thomas

ControlPlane Accelerates International Expansion

ControlPlane expands into North America and APAC with two key executive hires 📈

By Andrew Martin
Featured Image

KubeCon NA 2022 - Techstrong TV interview

Andrew Martin joins Mitch Ashley of Techstrong TV for a chat about ControlPlane, Hacking Kubernetes, and avoiding configuration gotchas 📺

By Jaymie Thomas
Featured Image

An evening of network security

An evening of network security by Tailscale and ControlPlane 🔐

By Jaymie Thomas

ControlPlane at KubeCon NA 2022 Detroit

Where to find ControlPlane talks and events at KubeCon North America 2022, Detroit ☸

By Jaymie Thomas
Featured Image

The Future of Open Source Technology in Financial Services

ControlPlane’s New York City event with FINOS 🏙

By Jaymie Thomas

What's New - Kubernetes 1.25 Security Features

Overview of new security features in Kubernetes v1.25 ☸🔐

By James Cleverley-Prance

VEXing challenges - ControlPlane at the Open Source Summit Europe 2022, Dublin

ControlPlane and OpenUK information at the Open Source Summit Europe 2022 in Dublin 🔐

By Jaymie Thomas
Featured Image

OpenUK Reports on the State of Open: The UK in 2022

ControlPlane contributes to the definitive open source report for the UK

By Andrew Martin
Featured Image

Walking the talks - ControlPlane at KubeCon Europe 2022

ControlPlane talks at Kubecon EU, 2022 ☸

By Jaymie Thomas

Shift Left: Where Cloud Native Computing Security Is Going (The New Stack)

DevSecOps leaders on the direction of CloudNative Security

By ControlPlane
Featured Image

Hacking Kubernetes Book Released

A threat-based guide to Kubernetes security 📖

By Andrew Martin
Featured Image

Securing the Kubernetes Supply Chain: Software Factory Reference Architecture

Sophisticated mechanisms and best practices to enhance defenses against supply chain threats in Kubernetes

By Andrew Martin
Featured Image

Hardening Git for GitOps

ControlPlane whitepaper on securing GitOps workflows at source ✍

By Andrew Martin
Featured Image

CNCF Cloud Native Security Whitepaper

ControlPlane collaborates with authors in sig-security 📜

By Andrew Martin

Hands-on Kubernetes Security

Learning Kubernetes the Secure Way 💻

By Pi Unnerup

Kubernetes Predictions 2019

5 predictions and 5 wishes for Kubernetes in the year ahead 🕵️🔎

By Andrew Martin
Featured Image

ControlPlane Sponsors PhD of in-toto Author Santiago Torres

ControlPlane, the open source and cloud native security company, sponsors the PhD work of in-toto author Santiago Torres, furthering the advancement of software supply chain security.

By Andrew Martin
Featured Image

11 Ways (Not) to Get Hacked

An overview of essential security features for Kubernetes, and a glance to the future 👨‍🚀

By Andrew Martin