DevSecCon London will be kicking off the New Year with their very first in-person event! We’ll be joined by Liz Rice, Chief Open Source Officer with eBPF specialists Isovalent, James Callaghan, Cloud Native Security Architect at ControlPlane, and Richard Featherstone, Head of Engineering at ControlPlane.
In-person: Snyk London office, 97 Hackney Rd, London E2 8ET
6:30 PM: in-person doors open
7:00 PM: Session kicks off + Live stream (Virtual viewers join in)
- Liz Rice: eBPF for Cloud Native Security
- James Callaghan & Richard Featherstone: What Can Go Wrong When You Trust Nobody? Threat Modeling Zero Trust
9:00 PM: That’s a wrap, more drinks and networking for those attending in person
9:30 PM: In-person event ends, doors closed
Liz Rice: eBPF for Cloud Native Security
eBPF is a powerful platform for the next generation of networking, observability and security tools. In this talk let’s explore how it is being used for security in cloud native environments.
James Callaghan & Richard Featherstone: What Can Go Wrong When You Trust Nobody? Threat Modeling Zero Trust
With the prevalence of cloud-native technologies continually growing, and organisations increasingly adopting multi-cloud and hybrid architectures, it has never been more important to discuss the principles of Zero Trust. In order to fully apply the philosophy of ‘never trust, always verify’, we must build systems with a sound understanding of the adversaries who may wish to compromise our data, how such a compromise could occur, and how we can protect ourselves by implementing proportionate, layered security controls. The foundation on which we can construct this ‘secure by design’ approach is threat modeling. In this talk, we will: – introduce the fundamental concepts of threat modeling, and how they can be applied to systems made up of many distributed cloud-native workloads; – demonstrate a simple system built using Zero Trust principles, with workloads running on an Istio service mesh within a Kubernetes cluster; – show how cryptographically strong workload identities can be provided by a SPIRE server; – demonstrate how Istio External Authorization can delegate layer 7 authorization decisions to OPA sidecars; – build our threat model and introduce controls following the Zero Trust philosophy, including a demonstration of custom signing and verification of OPA bundles.
Join the Community!
If you haven’t joined the Discord community, please do so! You can find us on Discord at: https://devseccon.io/discordcommunity