Publications

eBPF Threat Model
A comprehensive threat model for eBPF-based security solutions.
For eBPF Foundation (2024)

Hacking Kubernetes
The definitive guide to Kubernetes offensive and defensive security.
For O'Reilly Media (2021)

NIST SP 800-233
Security guide to service mesh proxy models for cloud-native applications.
For NIST (National Institute of Standards and Technology) (2024)

Envoy Gateway Threat Model
A comprehensive threat model for the Envoy Gateway.
For CNCF (Cloud Native Computing Foundation) (2023)

ArgoCD End User Hardening Guide
A guide to hardening ArgoCD for end users.
For CNCF (Cloud Native Computing Foundation) (2023)

Flux D1 Reference GitOps Architecture
A hardened reference architecture for GitOps with Flux CD.
For Flux CD (2023)

FINOS AI Readiness Governance Framework
AI governance framework for financial services.
For FINOS (Fintech Open Source Foundation) (2023)

FINOS AI Security Reference Architecture
AI security reference architecture for financial services.
For FINOS (Fintech Open Source Foundation) (2023)

Flatcar Threat Model (CNCF)
A project graduation threat model with the TAG Security community.
For TAG Security (Technical Advisory Group on Security, CNCF) (2023)

Kubernetes for Security Operations Centres
Community collaboration with JP Morgan CyberOps.
For Community (2023)

Kubernetes Threat Model for Financial Services User Group
Financial services-specific threat model for Kubernetes.
For FS-ISAC (Financial Services Information Sharing and Analysis Center) (2020)

CIS Benchmarks for Google Kubernetes Engine
Center for Internet Security hardening guide for GKE.
For Google Cloud Platform (2018)