By Ollie Cuffley-Hur
KubeCon Europe 2023 is just around the bend, and ControlPlane is proud to both sponsor and actively participate in several talks and a range of other events. Here’s a list of our activities across the week - add us to your schedule and come learn from our team about the latest trends and developments in Cloud Native security.
The CNCF blog post on the CTF we ran at CloudNative SecurityCon in Seattle gives a taster of what’s to come!
Join ControlPlane’s principal consultants for a free custom workshop on:
Sessions available 10:00-16:00 on 19th, 20th and 21st April in meeting room BS11, register here!
08:30-20:00 Come say “hoi!” at our booth (SU57) near the Cloud Native Corner Store, to chat with us about interesting Cloud Native security challenges, find out more about how we can help, and grab some of our award-winning swag.
11:55 & 15:25 An Introduction to Cloud Native Capture The Flag - Andrew Martin & James Cleverley-Prance, ControlPlane
The Cloud Native Capture The Flag (CTF) is available to all in-person KubeCon + CloudNativeCon Europe attendees. In preparation for getting started with the activity, you are invited to attend an introductory session.
This session aims to introduce how to participate in CTF competition to those who are new to them. We will share our tips and tricks for completing these challenges and work through a practice scenario together.
Track: Capture the Flag
08:30-18:00 Come chat with our friendly and knowledgeable colleagues on booth SU57, and try your hand at one of our mini-CTF challenges!
11:00 Back to the Future: Next-Generation Cloud Native Security - Matt Jarvis, Snyk & Andrew Martin, ControlPlane
Cloud native security moves quickly: what will be the compounded effects of today’s emerging technologies on future architectural patterns? In this talk we’ll explore what security might look like in the cloud ecosystem of the future - from hardware, cryptography, architecture and software development patterns, to build an almost certainly fuzzy picture of what the coming years might bring.
11:55 Automated Cloud-Native Incident Response with Kubernetes and Service Mesh - Matt Turner, Tetrate & Francesco Beltramini, ControlPlane
Security incident response is a well-understood operation, with established best practices like the MITRE Att&ck Framework and the Lockheed Martin Kill Chain. Tooling to aid and automate incident response exists, but not all of it is applicable to cloud-native platforms. For example, playbook apps are generally applicable, but the steps to move compromised workloads to an isolated forensics network are platform-specific, and new implementations are needed for the cloud-native world.
11:55 InSPIREing Progress: How We’re Growing SPIFFE and SPIRE in 2023 and Beyond - Daniel Feldman, Hewlett Packard Enterprise & Andrés Vega, ControlPlane
SPIFFE/SPIRE keeps your data safe and hackers away by automatically assigning unique, secure credentials based on the unique properties of your software. It’s a bit like a fingerprint scanner, but for code. Find out more about what’s happend in the SPIFFE/SPIRE project over the last year.
14:30 Hacking and Defending Kubernetes Clusters: We’ll Do It LIVE!!! - Fabian Kammel & James Cleverley-Prance, ControlPlane
Ever wondered about the security of your own Kubernetes cluster, but new to Kubernetes security and not sure where to start? In this talk Fabian and James will, via a series of live demos, demonstrate both common attacks and offensive techniques against Kubernetes clusters and workloads, and the runtime controls to protect against them.
08:30-16:30 If you haven’t visited us yet, round off the week with a visit to booth SU57.
14:30 What Can Go Wrong When You Trust Nobody? Threat Modeling Zero Trust - James Callaghan & Richard Featherstone, ControlPlane
With the prevalence of cloud-native technologies continually growing, and organisations increasingly adopting multi-cloud and hybrid architectures, it has never been more important to discuss the principles of Zero Trust. In order to fully apply the philosophy of ‘never trust, always verify’, we must build systems with a sound understanding of the adversaries who may wish to compromise our data, how such a compromise could occur, and how we can protect ourselves by implementing proportionate, layered security controls.
Here’s the close-up:
And here’s where we are on the conference floor:
Directions: The rooms are located on the balcony of Hall 1 and are referred to as “Balcony Suites” (BS). BS11 and can be accessed by stairs or elevator from Hall 1 or by escalator from Entrance K.
This year’s KubeCon EU will play host to the first Security Village, which will run alongside the main conference on 19th-21st April and be a space to discuss Cloud Native security topics through presentations and interactive events. Run by volunteers from TAG Security.
We’ll also be hanging out here during the conference, so come join us for chats about all things Cloud Native, open source or supply chain security.
Don’t forget to follow us on Twitter and LinkedIn for the very latest information.
See you at the conference!