2023云原生安全大会（Cloud Native Security Con 2023）嘉宾PPT合集（共55套打包）

1、Michael Peters-Red HatZero Trust Workload Identity in KubernetesZero Trust?Architectural Pattern Security applied at the asset level Not the location(network)ImplicitZero Trust?Zero Trust?Microservic。

2、Cailyn EdwardsShopifySharing Security Secrets:How to Encourage Security Advocates1.The Basicsa.Whatb.Whoc.Why2.Howa.Mangersb.Individual Contributors3.Examplesa.Security Reviewsb.Security Self Assessm。

3、mcdwaynemcdwayneSecurity Does Not Need To Be Fun:Ignoring OWASP To Have A Terrible TimemcdwaynemcdwayneHi,Im DwayneDwayne McDaniel I live in Chicago Ive been a Developer Advocate since 2016 On Twitte。

4、STANDARDIZATION&SECURITY:A PERFECT MATCHFEBRUARY 1,2023RAVI DEVINENISenior Director,Engineering,Northwestern MutualvscarpenterVINNY CARPENTERVice President,Engineering,Northwestern Mutualravicdev。

5、Improving Secure Pod-to-PodCommunication Using Trust Bundles Ted Hahn,Mark Hahn, Mutual TLS-Secure Pod-to-Pod communicationEvery Kubernetes pod should include a SSL Certificate,verifying itsidentity.。

6、 Securing Diverse Supply Chains across Interconnected SystemsWayne StarrAaron Creel01 February 2023 The ProblemSynergizing activities across an organization for Large Software Systems can be difficul。

7、SBOMs,VEX,and KubernetesKiran KamityFounder&CEODeepfactorAllan FriedmanSenior Advisor and StrategistCISAJonathan MeadowsManaging Director,Cybersecurity,CitiGroupRose JudgeSenior Open Source Engin。

8、Michaela Flatau&Callan AndreacchiMore Than Just a Pretty Penny!Why You Need Cybersecurity In Your CultureCyber Attacks are EvolvingChatGPT and other tools are lowering barriers for cyber attacker。

9、Bernard Van De Walle,SplunkMitch Connors,AviatrixNetwork Security at ScaleMeet Your SpeakersBernard Van De WallePrincipal software engineer,SplunkK8s,Istio,Envoy operations at scalePreviously at Crui。

10、Hemil Kadakia&Yonghe Zhao,YahooSecure your Software Supply Chain at ScaleAgenda What is software supply chain&why is it important?Existing solutions Infrastructure&Scale at Yahoo!Demos&am。

11、Yossi Weizman&Ram Pliskin,MicrosoftFrom the Cluster to the Cloud:Lateral Movements in KubernetesAgendaIdentity types in KubernetesInner-cluster lateral movementCluster-to-cloud lateral movement:A。

12、Hayden BlauzvernGoogle Open Source Security TeamSo You Want to Run Your Own Sigstore:Recommendations for a Secure SetupSigstore OverviewSigstore OverviewProject under the OpenSSF(Linux Foundation)Sim。

13、Alberto Pellitteri Security ResearcherCSI Container:Can You DFIR It?Stefano ChiericiThreat Research Lead Manager#WhoAreWe?Alberto Pellitteri Security Researcher Sysdig pellibert1 https:/ Falco Rule C。

14、Iris DingCloud Software Engineer,Malini BhandaruSenior Principal Engineer,Thanks to my colleagues:QimingLiu,HuailongZhang,XintongChen,XinHuang,RuijingGuo,RuoyuYing,ChangranWang,ForrestZhao,SoodKapil,。

15、Container PatchingMaking It Less Gross Than The Seattle Gum WallGreg Castlemrgcastle,gregcastleinfosec.exchangeGKE Security,Google CloudWeston PantherGKE Security,Google CloudSimple View Of Patching0。

16、Security as Code,a DevSecOps ApproachXavier Ren-Corailxcorailhttps:/Planet MarsWhat is different 9 years later?Inclusion in the SDLC43%https:/ that security testing is done late in the SDLCHow can we。

17、Trust and Risk in the software supply chain Emmy EideDirector,Supply Chain SecurityProduct Security,Red Hat22022 State of the Software Supply Chain-SonatypeWhat is happening?Supply chain attacks are 。

18、 2023 Aqua Security So2ware Ltd.,All Rights Reserved Itay ShakuryJose Donize3Verfiable GitHub Ac0ons using eBPFitayskjosedonize-3Tracee-Run+me Security and Forensics using eBPFContainer startedProces。

19、Demian Ginther,SuperOrbital LLC 2022Demian Ginther,SuperOrbital LLC 2022Learning from Supply Chain Learning from Supply Chain Failures and Best Practices in Failures and Best Practices in Other Indus。

20、Leveraging SBOMS to Automate Packaging,Transfer,and Reporting of Dependencies Between Secure EnvironmentsCloudNativeSecurityConP R E S E N T E RI a n D u n b a r-H a l lJ e r o d H e c kDAT EFe b 2 n。

21、Self Healing GitOps:Continuous,Secure GitOps using Argo CD,Helm and OPAUpkar LidderSenior Product Manager,Tenable CLOUD NATIVE INFRASTRUCTURE IS FUELING INNOVATIONCNCF Survey 2020CREATING INCREASED V。

22、Natalie FisherCryptographic Agility:Preparing Modern Apps for Quantum Safety and BeyondAgenda What is Cryptographic Agility?Why do you care?How to prepare VMwares PlansRequired DisclaimerWhat is Cryp。

23、Good Fences Make Good NeighborsMaking Cross-Namespace References more secure with ReferenceGrantSpeaker:Nick YoungyoungnickNot this type of NeighboursyoungnickWhat well talk about Namespaces are one 。

24、Arun Krishnakumar,VMware IncWhen Sys-Admins QuitProtecting Kubernetes Clusters when Cluster-Admins QuitProblemUsually,humans are operators and owners of Clusters.Humans change teams or companiesWhen 。

25、Ragashree M C,CISSPGraduate Student,Carnegie Mellon UniversityTechnical Lead,CNCF TAG SecuritySneak Peak into the Security Assessment with the communityWhat a wonderful world.-We are more connected n。

26、John Fastabend,Natalia Reka IvankoSecuring the Superpowers-Who loaded that eBPF program?SpeakersNatalia Reka IvankoSecurity Product LeadIsovalentJohn FastabendTetragon Lead&Cilium Maintainer,Engi。

27、Multi-Service Without A MeshEvan AndersonWhy This Talk?Use existing,mature technologies“The hard way”building understanding by building a thingIts not as easy as it should beWe can make it better!Mul。

28、solo.ioWhats a Zero-Trust Tunnel?Exploring Security and Simpler Operations with Istio Ambient Mesh2|Copyright 2022Jim Bartonjameshbartonjimsolo.iohttps:/ Engineer-North America Solo3|Copyright 2022vi。

29、CONTAINER FACTORY FOR AEROSPACE&DEFENSESarah Miller Melissa RobertsonCLS24582058 2023 Collins Aerospace.|This document does not include any export controlled technical data.Sarah MillerSr.Technic。

30、Natalie SomersallSenior Solutions Engineer,GitHubSecuring Self-Hosted GitHub Actions With Kubernetes and Actions-Runner-ControllerAbout meSenior Solutions Engineer,GitHubLoveEmpowering developers to 。

31、Do This,Not ThatMaya Levine,Product ManagerLessons from 7 Headline Grabbing Security BreachesCloud vs On Premise Threats and BreachesThis well does not contain anyPOISONED WATERDrink it you are not i。

32、Delivering Secure Healthcare Applications with OSSRobert Wood-CMSGedd Johnson-Defense UnicornsWhat is CEnters for medicare and medicaidCMSs mission is to serve Medicare&Medicaid beneficiariesWe p。

33、Mor WeinbergerFrom Illuminating to Eliminating Crypto Jacking Techniques in Cloud NativeAgendaIntroWhat is Crypto MiningThe Birth of Crypto-jacking and Why Its So PopularCrypto-jacking Evolution and 。

34、Unpacking Open Source Security in Public Repos&RegistriesCraig Box VP OSS and Ben Hirschberg CTOBen Hirschberg Co-founder&CTO ARMOKubescape maintainerWhitehat in the past(unofficially still;-。

35、K8s Admission Controllersfrom scratchBy Steve GiguereMeet the Proctors Steve Giguere Matt Johnson Angela GizziDeveloper Advocate-Bridgecrew DevRel Lead-Prisma Cloud Technical Marketing -PANWAn admiss。

36、Package Transparency forWebAssembly RegistriesKyle Brown,SingleStoreOverviewIntroduce WebAssembly(Wasm)What is a Package Registry?Applying Certificate Transparency to Package RegistriesPackage Transp。

37、Rafik HarabiCloud Native Security 101:Building Blocks,Patterns and Best Practices1Who Am I?Senior Solution Architect at Sysdig,Cloud Security AdvocateFocus on Cloud Native Security and ObservabilityP。

38、A Lightweight Framework For Security ReactionsCloud(Security)EventsEvan AndersonWhat Is An Event?A notification that something happened in a system.Photo by Jeff Finley on UnsplashWhat Is CloudEvents。

39、JWTsUnderstanding Common PitfallsBruce MacDonaldUnderstand JWTs to use them securelyBy the end of this talk you should be able to accept and validate JWTs in your own service.-JWT format-Usage-Signin。

40、Finding the Needles in a Haystack:identifying suspicious behaviors with eBPFJeremy CowanDeveloper Advocate,Amazon EKSWasiq MuhammadSecurity Engineer,Amazon GuardDutyThe challenges Capturing and monit。

41、Maisem Ali&Maya KaczorowskiSecuring user to server access in Kubernetes maisem_ali,MayaKaczorowski ,MayaKaczorowskiinfosec.exchangeMaya KaczorowskiHead of Productshe/herMaisem AliMember of Techni。

42、CNI or Service Mesh?Comparing Security Policies Across ProvidersChristine Kim-GooglextineskimRob Salmond-SuperOrbitalmastodon.social/rsalmondWhat well cover.Whats a CNI?Whats a Service Mesh?The What 。

43、Robert FiccagliaPolicy Governance with OSCAL$idRobert Ficcaglia,co-chair wg-policy$ls-al.stuff_i_do Kubernetes sig-security SOX,SOC2,HIPAA,ISO,HITRUST FISMA,CJIS,FedRAMP OSCAL Machine Learningespecia。

44、Mapping Motives Tells a Story:Mapping Motives Tells a Story:JOSHUA SMITHJOSHUA SMITHSecurity Content EngineerDAVID WOLFDAVID WOLFSecurity Innovation Researcher Analysis of 2,000 Enterprise Cloud Dete。

45、Beyond cluster-admin:Getting Started with Kubernetes Users and PermissionsTiffany JerniganDeveloper AdvocateVMwaretiffanyfayjT I F F A N Y F A Y JT I F F A N Y F A Y M A S T O D O N.O N L I N E AUTHE。

46、Zero Trust in the CloudWith WebAssembly and wasmCloudAbout MeAuthor“Programming WebAssembly with Rust”Cloud Native GoBuilding Microservices with ASP.NET Core a lot moreCreator of the CNCF project was。

47、Security That Enables:Breaking Down Security Silos in the DevOps EcosystemSr.Solutions EngineerSaurabh Wadhwa2AgendaIntroduction1Rise in attacks on CI/CD ecosystem 2Security gaps in traditional pipel。

48、Brandon Lum(lumjjb)Software Engineer,GoogleThe Next Steps in Software Supply Chain SecuritylumjjbSUPPLY CHAIN ATTACKSSECURITYIncrease in Attacks lead to strong industry responselumjjbProducing Truste。