Dates
Conferences
Tags
Sort by:
Most recent
Conference: Defcon 31
Authors: Christian “quaddi” Dameff MD Physician & Medical Director of Cyber Security at The University of California San Diego, Jacqueline Burgette, DMD, PhD White House Fellow in The Office of National Cyber Director (ONCD), Jeff “r3plicant” Tully MD Anesthesiologist at The University of California San Diego, Nitin Natarajan Deputy Director for the Cybersecurity and Infrastructure Security Agency (CISA), Senator Mark Warner Virginia Senator and Chair of the US Cybersecurity Caucus, Suzanne Schwartz MD Director of the Office of Strategic Partnerships and Technology Innovation (FDA)
2023-08-01
In 2016 a bunch of hackers took a break from DEF CON festivities to gather in a hotel room with a bathtub full of beer and talk about shared interests in a brave new world of connected healthcare. Trailblazers were popping pacemakers and pharmaceutical pumps, and we worried that instead of embracing such efforts as opportunities to make tech safer for patients, folks in charge would repeat mistakes of the past and double down on the status quo.
Fast forward to the 2022 passage of the Omnibus spending bill- the FDA is now locked and loaded with expanded authority to regulate cybersecurity requirements for medical devices. What changed? *Keanu voice:* “Policy. Lots of Policy.” Turns out when we get in with the right people, hackers can help get things done. This is the core of Policy @ DEF CON.
Challenges persist. We now have threats from state actors and ransomware blasts delaying lifesaving medical care while costing hospitals hundreds of millions of dollars they don’t have (been in an ER lately?). So once again, come join quaddi and r3plicant, your favorite ripper docs, for another round of D0 No H4rm- this time with special guests from Congress, FDA, and the White House as we figure out what policy patches have the best chance to save lives.
It starts here, in rooms like this, with hackers like you. And it ends with us changing the world.
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Brad Geesaman, Ian Coldwater, Rory McCune, Duffie Cooley
2023-04-21
tldr - powered by Generative AI
The presentation discusses the potential vulnerabilities and limitations of image scanning and S-bomb generation tools in DevOps and cybersecurity, and suggests ways to improve their effectiveness and prevent malicious attacks.
- Image scanning and S-bomb generation tools are sensitive to changes in metadata and the quality of the steps involved in building images, and inconsistent results can cause problems for organizations
- Malicious actors can manipulate the results of these tools, causing downstream effects and potentially compromising security
- To prevent attacks, tool makers should adopt a more adversarial approach and provide a more restrictive mode with detection coverage as the focus
- Users of these tools should check for unusual behavior, validate inputs and processes, and consider their threat model when making policy decisions
- Teams should work together to achieve larger goals and reduce toil
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Charlie Egan
2023-04-21
tldr - powered by Generative AI
The presentation discusses the Gatekeeper project, a customizable Kubernetes admission web hook that uses Opa engine to enforce policies and enhance governance in organizations.
- Gatekeeper project is a customizable Kubernetes admission web hook that uses Opa engine to enforce policies and enhance governance in organizations
- Gatekeeper is used to ensure that workloads deployed to Kubernetes clusters are compliant with governance and company policies
- Google Anthos and Microsoft Azure have embedded Gatekeeper in their policy engines
- Gatekeeper simplifies the process of building an admission web hook
- Gatekeeper uses Opa engine to enforce policies and enhance governance
- The presentation also discusses updates to Opa, including new built-in functions and upcoming features such as schema validation and a more user-friendly output for tests
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Jinhong Brejnholt, Charles-Edouard Brétéché
2023-04-20
tldr - powered by Generative AI
The presentation discusses the use of Kubernetes and OPA for security policy enforcement in DevOps.
- Take advantage of recommended policies and customize them to fit organizational needs
- Start with validation, value, and audit before enforcing policies
- Kubernetes and OPA have extensive policy libraries and strong community support
- Kubernetes can automate resource management and validation, including image signature verification
- An anecdote is given about a misconfigured pod disruption budget causing issues with upgrading
Conference: KubeCon + CloudNativeCon North America 2022
Authors: Peter O'Neill
2022-10-28
Come to this session to learn about the Open Policy Agent (OPA) project. OPA is a general-purpose policy engine that solves a number of policy-related use cases for Kubernetes, microservices, CI/CD, cloud, and more. During this session the OPA maintainers will introduce the project for newcomers and then provide updates on the latest and greatest features landing in OPA and OPA Gatekeeper. If you are interested in policy and security as it relates to cloud native technology, this session is for you.
Conference: KubeCon + CloudNativeCon North America 2022
Authors: Chip Zoller, Dolis Sharma
2022-10-27
tldr - powered by Generative AI
Kubernetes policy engine Kubernos can help with validation, mutation, and generation of rules in a Kubernetes cluster, as well as provide image verification and cost control. It can also automate tasks and set expectations for others.
- Kubernos is a policy engine for Kubernetes that can validate, mutate, and generate rules in a cluster
- It provides image verification and generates reports on violations
- Kubernos can help with cost control and automation
- It can set expectations for others and save time
- Real-life use cases include blocking bad pod requests and creating fine-grained RBAC
Conference: Transform X 2022
Authors: Dr. Lynne Parker, Michael Kratsios
2022-10-19
tldr - powered by Generative AI
The use of AI in the federal government can streamline processes, reform regulations, and improve citizen services. However, there is a talent challenge and a need for guidance on AI procurement.
- AI can be used to process paperwork and summarize important information for agencies to address citizen problems
- AI can be used for regulatory reform to detect contradictory regulations and flag them for correction
- 13 federal agencies have made public their use cases of AI
- There is a talent challenge in federal agencies to implement AI
- There is a need for guidance on AI procurement to accelerate the use of AI in the federal government
Conference: KubeCon + CloudNativeCon Europe 2022
Authors: Matei David
2022-05-20
tldr - powered by Generative AI
Overview of Linkerd project and its features
- Linkerd is a service mesh for Kubernetes that provides observability, reliability, and security
- It has a growing set of features including policy, circuit breaking, and header-based routing
- The project has a large and active community
- Linguity is a new extension that manages or installs the SMI CRDs and other SMI functionality
- Linkerd is working on supporting FIPS 140-2 compliance systems
- The project has graduated from the CNCF
- Linkerd is a popular choice for those who want to improve their observability, reliability, and security in their Kubernetes clusters
Conference: KubeCon + CloudNativeCon Europe 2022
Authors: Mritunjay Sharma, Stephen Adeniyi, Anushka Mittal, Frank Jogeleit
2022-05-20
tldr - powered by Generative AI
The presentation discusses the Policy Reporter tool for Kubernetes and its features, including a graphical user interface, monitoring solutions, and real-time notifications. The speaker also mentions future plans for the tool and encourages community involvement.
- Policy Reporter is a tool for Kubernetes that provides a graphical user interface for viewing violations found in policy reports
- The tool includes monitoring solutions and real-time notifications for violations
- Future plans for the tool include mapping custom resource definitions and automating the process using a CLI, as well as creating a Kubernetes control catalog
- Users can build their own adapters for their policy engines as long as the results are mapped to a policy report
- The speaker encourages community involvement through mailing lists, Slack channels, GitHub, and other social media handles
Conference: KubeCon + CloudNativeCon Europe 2022
Authors: Anders Eknert, Will Beason
2022-05-18
tldr - powered by Generative AI
Gatekeeper is a popular open-source tool for Kubernetes that enforces policies on resources in a cluster. The tool has undergone significant improvements, including a reduction in memory usage and the addition of external data and Gator CLI features.
- Gatekeeper is an open-source tool for Kubernetes that enforces policies on resources in a cluster
- Significant improvements have been made to Gatekeeper, including a 20x reduction in memory usage
- New features include external data and Gator CLI
- Gatekeeper is commonly used in service meshes like Istio