View More DetailsRegistration

The schedule is subject to change.

Please note: This schedule is automatically displayed in Central European Summer Time (CEST). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above “Filter by Date.”

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Monday, August 17

13:00 CEST

Opening Remarks - Emily Fox, US National Security Agency
avatar for Emily Fox

Emily Fox

Security Engineer, Apple
Emily Fox is a DevOps enthusiast, security unicorn, and advocate for Women in Technology. She promotes the cross-pollination of development and security practices. She has worked in security for over 12 years to drive a cultural change where security is unobstructive, natural, and... Read More →

Monday August 17, 2020 13:00 - 13:10 CEST
InXpo https://onlinexperiences.com/Launch/Event.htm?ShowKey=99259

13:15 CEST

Collection is not Detection - Sec Ops in a Cloud Native Environment - Sarah Young, Microsoft
Security operations have always been hard. How many logs should we collect? Which logs should we collect? How to we respond and remediate things quickly? Then just when you thought you'd got it right for your on-premises, you've decided to move the cloud and have to start all over again... or do you?

In this talk, Sarah will discuss how security operations change from on-prem to the cloud native environment and how to optimise your security operations in a cloud native environment to make use of modern tooling.

avatar for Sarah Young

Sarah Young

Azure Security Architect, Microsoft
Sarah is an Azure Security Architect working for Microsoft. Allegedly she lives in Melbourne but is more likely to be found in airport lounges across Asia. Sarah loves cloud, Kubernetes and container security and spends most of her time telling people how to do it better and generally... Read More →

Monday August 17, 2020 13:15 - 13:45 CEST
InXpo https://onlinexperiences.com/Launch/Event.htm?ShowKey=99259

13:50 CEST

PARSEC: A New Platform Abstraction for Security - Hugues de Valon & Ionut Mihalcea, Arm
This talk will present PARSEC, an open source security project that has been seeded by Arm in collaboration with Docker.

PARSEC adopts the best-of-breed security and cryptography APIs that are defined in the Arm-founded Platform Security Architecture (PSA). The PSA is a holistic framework that was originally created to ensure the security of constrained IoT devices, from threat modelling through to deployment and maintenance. But the PSA is now evolving beyond these original goals, such that it can adapt to protect edge and infrastructure deployments as well.

PARSEC is a part of this evolution. It enables key management and cryptographic services to be consumed on rich, multi-tenant platforms in any programming language. It does so in a way that is agnostic with respect to the underlying hardware.

You will learn about the PARSEC vision, its architecture, and about how it is providing a new developer experience for security.

avatar for Hugues de Valon

Hugues de Valon

Software Engineer, Arm
Hugues is a Senior Software Engineer at Arm. Hugues started Software very low down the stack, writing drivers and firmware for microcontrollers for Mbed OS and Trusted Firmware M. Thinking that safer languages are the future of Systems Programming, he has worked on improving the support... Read More →
avatar for Ionut Mihalcea

Ionut Mihalcea

Software Engineer, Arm
Software engineer in the Software Prototyping team of the Architecture Group in Arm. Trying to make the edge a safer place for workloads, through Parsec. Previously part of a cybersecurity company, expanding their IaaS offering. Interested in all things infosec, especially applied... Read More →

Monday August 17, 2020 13:50 - 14:20 CEST
InXpo https://onlinexperiences.com/Launch/Event.htm?ShowKey=99259

14:25 CEST

Image Provenance and Security in Kubernetes - Adrian Mouat, Container Solutions
Take any container running in your Kubernetes cluster. What can you say about it and with what level of certainty? Do you know where it came from? Could an attacker have modified it? Is it up-to-date? Can you identify the exact revision of the code that the image was built from?

This talk will look at what guarantees Kubernetes gives you out-of-the-box, and what you can do to establish a trustworthy and reliable workflow for deploying and updating images. Topics and tooling covered will include:

- using Admission Controllers, Open Policy Agent and Trow to control the images that can run in a cluster
- when and why images should be considered immutable
- verifying provenance with repeatable builds, secure hashes and Notary/TUF

avatar for Adrian Mouat

Adrian Mouat

Chief Scientist, Container Solutions
Adrian has been involved with containers from the early days of Docker and authored the O’Reilly book “Using Docker” (https://atlas.oreilly.com/oreillymedia/using-docker). He is currently Chief Scientist at Container Solutions, who focus on consulting and product development... Read More →

Monday August 17, 2020 14:25 - 14:55 CEST
InXpo https://onlinexperiences.com/Launch/Event.htm?ShowKey=99259

15:00 CEST

Monday August 17, 2020 15:00 - 15:15 CEST
InXpo https://onlinexperiences.com/Launch/Event.htm?ShowKey=99259

15:20 CEST

Cloud native or cloud agnostic? The questions you need to ask - Sriram Rajan, Rackspace
Five questions you should be asking when deciding which cloud strategy is best for your business.

Sriram (Sri) Rajan is a Principal Product Architect at Rackspace and is responsible for designing and architecting cloud-based solutions for customers. He has more than 15 years of professional experience working with computer systems, networks, programming and security. Before joining Rackspace, Rajan worked as a systems programmer at Texas State University in San Marcos, where he also earned his Master’s degree in computer science. He studied and lived in the United States for a total of nine years before relocating to the U.K. in 2010. You can connect with him on social media at in/rajansriram and @sriramrajan.

Monday August 17, 2020 15:20 - 15:25 CEST
InXpo https://onlinexperiences.com/Launch/Event.htm?ShowKey=99259

16:05 CEST

How Secure Is Your Build/Server? - Patrick Debois, Snyk
There are aspects of Cloud Native security:
- talks about protecting the runtime
- talks focusing on writing secure code

In this talk I take a different focus: there are many trusts we take for granted while building software. From CA authorities on your laptop to Saas solutions:

- How to verify trust of your dependencies: from metadata , binaries and repositories
- How to provide trust to others that build upon your software
- How this ties into the concept of “reproducible builds”
- How the concepts of the “The Update Framework” (TUF) relate
- How this ties into trusting Saas solutions/Serviceless & Servicefull

Obviously not trust without verification, so I will explain these topics using practical examples from the Nodejs and Docker ecosystems. Let’s take ownership of your trust , we are already responsible when things go wrong anyway.

Note: the slides added to this submission will be fine tuned for a Cloud Native Audience. Trust me :)

avatar for Patrick Debois

Patrick Debois

Director of Market Strategy, Snyk
In order to understand current IT organizations, Patrick has taken a habit of changing both his consultancy role and the domain which he works in: sometimes as a developer, manager, sysadmin, tester and even as the customer.He first presented concepts on Agile Infrastructure at Agile... Read More →

Monday August 17, 2020 16:05 - 16:35 CEST
InXpo https://onlinexperiences.com/Launch/Event.htm?ShowKey=99259

16:40 CEST

Pod Security as an Afterthought - Alban Crequy, Kinvolk
Kubernetes has several security mechanisms that can be used to secure your applications: you can write security as code with network policies, PSP, seccomp, etc. Ideally, the specs of network policies and PSP should be written at the same time as your applications are developed. Oftentimes this is not the case and security remains an afterthought. It follows that the developers implementing the security might not have an enough good view of the architecture to know which network policies and other PSP to write.

This is not an ideal situation, of course. But as a developer who’s joining a project to implement the security, you don’t have a time machine to change that.

This talk will present some open source tools that can help: kube-psp-advisor, Inspektor Gadget, oci-seccomp-bpf-hook. The tools observe your deployments in different ways and help you to write the security specs.

avatar for Alban Crequy

Alban Crequy

Co-founder and Director of Kinvolk Labs, Kinvolk
Alban is Co-founder of Kinvolk and director of engineering for Kinvolk Labs. He has a particular interest in integrating BPF into Kubernetes. He’s a maintainer of the gobpf library and has worked on software in the cloud space using BPF with Golang: Weave Scope, Traceleft, Project... Read More →

Monday August 17, 2020 16:40 - 17:10 CEST
InXpo https://onlinexperiences.com/Launch/Event.htm?ShowKey=99259

17:15 CEST

Monday August 17, 2020 17:15 - 17:30 CEST
InXpo https://onlinexperiences.com/Launch/Event.htm?ShowKey=99259

17:35 CEST

Defenders Think in Lists. Attackers Think in Graphs. - Reuven Harrison, Tufin
Most of our digital infrastructure is at risk due to the gap that exists between attack and defense strategies. Attackers usually penetrate systems in a graph-like flow. They start by identifying an entry point and then use discovery technics and lateral movement to reach the “crown jewels”. Security people often protect their systems using checklists: vulnerabilities, misconfigurations, excess privileges etc. In this session we will discuss this gap, its causes and implications and suggest a better approach which is based on network connectivity analysis combined with weakness analysis.

avatar for Reuven Harrison

Reuven Harrison

CTO, Tufin

Monday August 17, 2020 17:35 - 17:40 CEST
InXpo https://onlinexperiences.com/Launch/Event.htm?ShowKey=99259

18:10 CEST

Kubernetes Attack and Defense: Inception-Style - Jay Beale, InGuardians
This demo-heavy talk starts by monkey-in-the-middling a software update, to create a poisoned pod. From there, the attack follows the plot of the movie Inception, incorporating a monkey-in-the-middle attack on a service, a public cloud API attack, and a pod security policy evasion. We will demonstrate a defense, replacing pod security policies with OPA/Gatekeeper. The scenario demonstrated will be added to the open source Bustakube cluster, allowing everyone to practice the same attack and defense.

avatar for Jay Beale

Jay Beale

CTO, InGuardians
Jay Beale works on Kubernetes and cloud native security, both as a professional threat actor and as a member of the Kubernetes project, where he previously co-led the Security Audit working group. He's the architect of the Peirates attack tool for Kubernetes, as well as of the @Bustakube... Read More →

Monday August 17, 2020 18:10 - 18:40 CEST
InXpo https://onlinexperiences.com/Launch/Event.htm?ShowKey=99259

18:45 CEST

New Paradigms for the Next Era of Security - Sounil Yu, Cyber Defense Matrix
As we enter the 2020s, we should expect to see attackers refine and mature their techniques to drive outcomes that result in the *inability* for us to recover from an attack, i.e., irreversible attacks. We are already seeing evidence of this now through ransomware and permanent denial of service attacks. In these scenarios, the old security paradigm of confidentiality, integrity, and availability (CIA) no longer applies. Instead, we need to consider design patterns that follow new paradigms for the next era of security: distributed, immutable, and ephemeral (DIE). This session articulates the compelling need for us to consider new, business-aligned design patterns leveraging capabilities from the CNCF landscape that enable us to have systems that are fully resilient against destructive/irreversible attacks and why we need to seriously consider pivoting to this approach as soon as possible.


Sounil Yu

Author, Cyber Defense Matrix
Sounil Yu is a security innovator with 30+ years of hands-on experience creating, breaking, and fixing computer and network systems. He is the creator of the Cyber Defense Matrix and the DIE Resiliency Framework; serves as on the Board of Directors for the FAIR Institute and SCVX... Read More →

Monday August 17, 2020 18:45 - 19:15 CEST
InXpo https://onlinexperiences.com/Launch/Event.htm?ShowKey=99259

19:20 CEST

Closing Remarks - Brandon Lum, IBM
avatar for Brandon Lum

Brandon Lum

Senior Software Engineer, IBM
Brandon loves designing and implementing computer systems (with a focus on Security, Operating Systems, and Distributed/Parallel Systems). He enjoys tackling both technical and business challenges and has a side interest in organizational behavior and leadership. At IBM Research... Read More →

Monday August 17, 2020 19:20 - 19:30 CEST
InXpo https://onlinexperiences.com/Launch/Event.htm?ShowKey=99259
  • Timezone
  • Filter By Venue Virtual
  • Filter By Type
  • Breaks & Meals
  • General Session
  • Session Presentations
  • Sponsored Sessions