DSC London

eBPF for Cloud Native Security and Threat Modeling Zero Trust

with Liz Rice, James Callaghan, Richard Featherstone
play_circle

Description:

DevSecCon London will be kicking off the New Year with their very first in-person event! We’ll be joined by Liz Rice, Chief Open Source Officer with eBPF specialists Isovalent, James Callaghan, Cloud Native Security Architect at ControlPlane, and Richard Featherstone, Head of Engineering at ControlPlane.

 

Liz Rice: eBPF for Cloud Native Security

eBPF is a powerful platform for the next generation of networking, observability and security tools. In this talk let’s explore how it is being used for security in cloud native environments.

 

James Callaghan & Richard Featherstone: What Can Go Wrong When You Trust Nobody? Threat Modeling Zero Trust

With the prevalence of cloud-native technologies continually growing, and organisations increasingly adopting multi-cloud and hybrid architectures, it has never been more important to discuss the principles of Zero Trust. In order to fully apply the philosophy of ‘never trust, always verify’, we must build systems with a sound understanding of the adversaries who may wish to compromise our data, how such a compromise could occur, and how we can protect ourselves by implementing proportionate, layered security controls. The foundation on which we can construct this ‘secure by design’ approach is threat modeling. In this talk, we will: – introduce the fundamental concepts of threat modeling, and how they can be applied to systems made up of many distributed cloud-native workloads; – demonstrate a simple system built using Zero Trust principles, with workloads running on an Istio service mesh within a Kubernetes cluster; – show how cryptographically strong workload identities can be provided by a SPIRE server; – demonstrate how Istio External Authorization can delegate layer 7 authorization decisions to OPA sidecars; – build our threat model and introduce controls following the Zero Trust philosophy, including a demonstration of custom signing and verification of OPA bundles.

 

Join the Community!

If you haven’t joined the Discord community, please do so! You can find us on Discord at: https://devseccon.io/discordcommunity

Tags:

Liz Rice

Chief Open Source Officer at Isovalent

About Liz Rice

Liz Rice is Chief Open Source Officer with eBPF specialists Isovalent, creators of the Cilium cloud native networking, security and observability project. She was Chair of the CNCF’s Technical Oversight Committee in 2019-2022, and Co-Chair of KubeCon + CloudNativeCon in 2018. She is also the author of Container Security, published by O’Reilly.

She has a wealth of software development, team, and product management experience from working on network protocols and distributed systems, and in digital technology sectors such as VOD, music, and VoIP. When not writing code, or talking about it, Liz loves riding bikes in places with better weather than her native London, competing in virtual races on Zwift, and making music under the pseudonym Insider Nine.

James Callaghan

Security Architect at ControlPlane

About James Callaghan

Dr. James Callaghan is a Cloud Native Security Architect at ControlPlane. He started off working as a Theoretical Physicist, but long nights of coding sparked an interest in how easy it can be for vulnerabilities and weaknesses to creep in, and thus a career in cyber security was born. James then spent a number of years consulting as a Security Architect for UK Government clients, where he specialised in designing secure Public Cloud architectures. A particular interest in container security led him to Control Plane, where he works with clients operating in highly regulated environments, helping them to protect their systems against the multitude of cyber threats facing any organisation operating in the data age.

Richard Featherstone

Head of Engineering at ControlPlane

About Richard Featherstone

Ric is the Head of Engineering at ControlPlane. His greying hair comes from his years of hard-won experience consulting in the Financial Services and Media sectors. With engineering and architecture experience over many years, he’s seen the next big thing arrive, disappear, or get rebranded many times. He practices continuous learning with a pinch of cynicism and a dash of curiosity.
We use cookies to ensure you get the best experience on our website.Read Privacy Policy
close