Diego Comas is leading Security Engineering at Sourcegraph. Diego has more than 12 years experience in the IT industry and is passionate about cloud, automation and security. Diego is an expert in cloud native security and performs presentations and shares stories with the community at diverse London meetups and events like Google Cloud Next Financial Services. Diego has several years of experience protecting cloud environments and applications, recently being more focused in highly regulated environments where core banking platforms run and high traffic communications as a service platforms.
About the training
Kubernetes is a non-secure by default container-orchestration system which is becoming the industry need-to-know platform for any professional working with cloud applications and containers. This 2-days course provides practical real world techniques to assess the security posture of Kubernetes clusters and how to protect them. By the end of the course participants will have the knowledge and resources to fortify Kubernetes clusters with confidence. All code, slides, tools and configuration along with auxiliary scripts will be provided.
This course will start with a quick review of the Linux and Docker containers security fundamentals. Then we will move to the Kubernetes world, starting with the essentials to understand its architecture and default configuration. After that we will go through attacking a vulnerable application, escalating, moving laterally and taking complete control of the cluster and the infrastructure beyond Kubernetes.
Next there will be more attacks from different threat actors on the platform like malicious containers and/or malicious operators. The course will transition on to how to protect Kubernetes clusters, starting with controls that can be leveraged from the standard Kubernetes capabilities, more advanced features and also extending the hardening with additional open source tools and other complementary processes.
The course has core modules as well as some bonus content that will be covered if there is time. These extra modules focus in areas like container runtime sandboxing, early prevention of misconfiguration leveraging policy-as-code as well as HSM integrations.
- Learn and understand Kubernetes essentials and security
- How to detect and prevent vulnerable application and escalation paths
- Learn how an attacker can leverage default security capabilities in Kubernetes and how to properly protect against this
- Enablement of advanced Kubernetes security tools