Jim Armstrong

Feature Friday: A Chat With Security Experts

DockerCon brings industry leaders and experts of the container world to one event where they share their knowledge, experience and guidance. This year is no different. For the next few weeks, we’re going to highlight a few of our amazing speakers and the talks they will be leading.

In this second highlight, we have several industry experts on container and application security that we’re excited to have sharing their knowledge at DockerCon. We’re going to have sessions covering network security, a dissection of a real world Kubernetes vulnerability (and what to do about it), encrypted containers, and the new AWS Firecracker “micro-VM” for containers, just to name a few.

In case you missed it, you can also see our first speaker highlight here, featuring storage, service mesh and networking experts.

 

Zero Trust Networks Come to Docker Enterprise Kubernetes

More on their session here.

 

Spike Curtis 

Tigera Software Developer

Brent Salisbury 

Docker Technical Alliances

What is your breakout about?

Brent: Docker Enterprise with Calico for networking being used in conjunction with Istio is an exciting intersection of securing various layers of networking – all from a single policy interface.

Spike: The Docker-Calico-Istio combination gives you some amazing tools out of the box for securing your application’s network connectivity. The breakout is about showing you how to use them!

Why should people go to your session?

Spike: Networks are super important to every application, but getting the security right is intimidating, so people often leave it until it’s too late. This talk should lower that intimidation factor and give some concrete steps to take to get your network secured from the get-go.

What is your favorite DockerCon moment?
Spike:
 I think it was standing at the Calico booth at the very first DockerCon. The booth was in the hallway to the main auditorium, so literally everyone had to walk past and you could just see the crowds and fee the excitement. We knew the opportunity was huge.

What are you looking forward to the most at this DockerCon?
Spike: I always really enjoy talks by Michelle Noorali, so looking forward to hearing her speak.

Brent: I am very excited to see the opportunity of having cross-platform capabilities, particularly the coming parity between Windows and Linux.

Crafty Requests: Deep Dive into a Kubernetes CVE

More on Ian’s session here.

Ian Coldwater

Heroku Platform Security Engineer (& Kubernetes Breaker)

What is your breakout about?

I’m going to be doing a deep dive into one of the most serious Kubernetes security vulnerabilities discovered thus far (CVE 2018-1002105), which was all over the news and affected countless clusters. I’ll be diving into how this vulnerability works, which also helps explain the inner workings of Kubernetes itself, and then I’ll talk about how to use this knowledge to secure Kubernetes and mitigate against future security risks.

Why should people go to your session?

This will be a good session for people with different kinds of expertise. For someone who knows a good bit about security but maybe less about containers and Kubernetes, this session will give them a good idea of how Kubernetes works on the back end and how flaws like this can happen. For people who are more familiar with Docker and Kubernetes, this will give them a better understanding of how they can protect their clusters against this vulnerability and others like it.

I think this vulnerability is fascinating and instructive, and we can all learn something from it. Also, live exploit demos are fun. 🙂

What are you looking forward to the most at this DockerCon?

This is my first DockerCon so I’m really excited to go this year! I’m looking forward to connecting with and learning from other people who have the same interests.

Enabling High Assurance/Sensitive Container Workloads with Encrypted Images

More on Justin’s session here.

Justin Cormack

Docker Sr. Software Engineer – Security

What is your breakout about?

I am doing a talk with Brandon Lum from IBM about encrypting container images, a project we have been working on for a while now. For many use cases, keeping containers behind access control in the registry is fine, but there are other use cases where you want containers encrypted from build to when they are run. We will demo the integration into containerd, which will later make its way into Docker and Kubernetes. This is a great example of the community working together to add new features.

Also I will be involved in the open source security summit, where we have sessions on supply chain security, bug bounties in the container ecosystem and policy management.

What is your favorite DockerCon moment?

I love it when people launch their new products at DockerCon – in 2014 Google launched some little project called “Kubernetes” there…

What are you looking forward to the most at this DockerCon?

We have a big open source track again this year, which is great, there are lots of exciting community projects. Also excited for some of the announcements!

Deep Dive into Firecracker-Containerd

Learn more about Samuel’s session here.

Samuel Karp

Amazon Web Services Sr. Software Development Engineer

What is your breakout about?

I’ll be talking about how we’re integrating the Firecracker virtual machine manager (VMM),  which is optimized for lightweight, container-like “micro”-VMs, with containerd to make it easier to run containers with the isolation provided by a hypervisor.

Why should people go to your session?

I’m hoping that anyone interested in hypervisor-mediated isolation and using containers will find my session interesting! This session dives deep into the architecture of the firecracker-containerd project, which aims to allow portability between standard OCI container images and the larger container ecosystem with Firecracker micro-VMs.

What are you looking forward to the most at this DockerCon?

I’m looking forward to connecting with people who have use-cases for hypervisor isolation or who are interested in working with us on bringing the project along.  I’m also interested in talking to anyone who uses containers on AWS about their journey and what they’d like to see from AWS in the future.

Thank you all our presenters and see you at DockerCon!

For more information

  • Register for DockerCon 2019, April 29 – May 2 in San Francisco – Save $250 by registering before April 16!
  • Sign up and attend these additional events, running conjunction with DockerCon:

, , , ,


Jim Armstrong

Feature Friday: A Chat With Security Experts


Leave a Reply

Get the Latest Docker News by Email

Docker Weekly is a newsletter with the latest content on Docker and the agenda for the upcoming weeks.