DSC London

Automated Cloud-Native Incident Response & Your Attack Surface Just Got Bigger

Register

Date

June 8, 2023

Time

6pm - 9pm BST

Location

Snyk London office, 97 Hackney Rd, London E2 8ET

Questions? Join the conversation on Discord channel #devsecon-discussions-🗣

Share

About the event:

DevSecCon London will be hosting their June event in-person! We’ll be joined by Matt Turner, Software Engineer at Tetrate, and Sonya Moisset, Senior Security Advocate at Snyk.

Location (hybrid):

In-person: Snyk London Office, 97 Hackney Rd, London E2 8ET
Remote: https://www.youtube.com/live/ta97g-9m8zg?feature=share

Agenda:
6:00 PM: in-person doors open
6:30 PM: Session kicks off + Live stream (Virtual viewers join in)

Matt Turner
Sonya Moisset

8:30 PM: That’s a wrap, more drinks and networking for those attending in person
9:00 PM: In-person event ends, doors closed

Matt Turner: Automated Cloud-Native Incident Response with Kubernetes and Service Mesh
Security incident response is a well-understood operation, with established best practices like the MITRE Att&ck Framework and the Lockheed Martin Kill Chain. Tooling to aid and automate incident response exists, but not all of it is applicable to cloud-native platforms. For example, playbook apps are generally applicable, but the steps to move compromised workloads to an isolated forensics network are platform-specific, and new implementations are needed for the cloud-native world.

In this talk, Matt will:

Recap incident response 101
Introduce some cloud-native tech including Kubernetes, Istio, and GitOps
Show an Operator built by Matt for dynamically adding complex layer-7 traffic rules in response to changes in the environment, which will be used as part of the demo
Walk you through a response to a log4shell attack against a workload in a k8s cluster: sensor alert, SIEM analysis, IRP automation (honeypots, isolation), building the IoC, and killing the attack.

Sonya Moisset: The Iceberg: Your Attack Surface Just Got Bigger (How to mitigate risks in your OSS projects)
Software supply chain attacks are not a new security concern, but high-profile attacks such as SolarWinds, CodeCov, and Kaseya have brought the topic to the forefront of cybersecurity awareness across the globe. Software supply chain attacks have not only increased in volume and frequency, but have also become more sophisticated. This trend, together with the potentially wide impact of a singular successful supply chain attack, requires maintainers to take dedicated steps to ensure the security and integrity of their projects. You will learn how to secure your CI/CD pipeline by setting up guardrails at each stage and harden your OSS projects.

Join the Community!
If you haven’t joined the Discord community, please do so! You can find us on Discord at: https://devseccon.io/discordcommunity

Matt Turner

Software Engineer at Tetrate

About Matt Turner

Matt is a software engineer at Tetrate, working on Istio-related products. He’s been doing Dev, sometimes with added Ops, for 10 years. His idea of “full-stack” is Linux, Kubernetes, and now Istio too. He’s given several talks and workshops on Kubernetes and Istio, and is a co-organiser of the Istio London meetup.

Sonya Moisset

Senior Security Advocate at Snyk

About Sonya Moisset

Sonya is a lifelong traveler who lived in the Middle-East, North Africa and Asia and is always looking for new challenges. She has made a career switch from International Business Consultant in Saudi Arabia and Singapore to Full Stack Software Engineer in South Korea to Lead Security Engineer at Photobox Group. Before coming to the UK, she was based in South Korea for 6 years where she learnt Korean and worked for several Korean companies.

Sonya is a Tech Advocate and a public speaker in the UK tech scene. She is also a mentor for women in tech, a cybersecurity writer for FreeCodeCamp publications and an active member of the tech community in London. Her motto is #GetSecure, #BeSecure & #StaySecure

Browse all events