Explore cloud native security in this conference talk that demystifies the security role in modern environments. Gain insights from Justin Cormack, Security Lead at Docker and CNCF SIG Security member, as he shares his journey transitioning from ops to dev to security. Discover why security is crucial for everyone in cloud native settings, learn about the skills needed to work in this field, and understand the unique challenges and opportunities it presents. Delve into the importance of in-depth knowledge, empathy, and problem-solving in security roles. Understand the multifaceted nature of security work, including interactions with legal and PR teams, and the need to balance technical expertise with business acumen. Gain valuable perspectives on threat modeling, quality assurance, and the importance of both offensive and defensive security approaches in cloud native environments.
How to Work in Cloud Native Security - Demystifying the Security Role
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
How to Work in Cloud Native Security: Demystifying the Security Role Justin Cormack, Docker
How to Work in Cloud Native Security Demystifying the security role
working as a sysadmin in a university back in the days when every machine had public IP addresses • was an interesting target for people as we had lots of bandwidth not what I was expecting, which was mainly configuration management
bringing security to a wider community working on Noise Protocol Framework capability based security lots to learn!
Most important things
for both offensive and defensive security, knowing an area in depth is hugely important • separates the script kiddies from the experts • the security issues are on the boundaries of the usual • play, understand, break, fix
empathy security is unimportant most of the time • the best security is just there supporting people, it is not extra work for them
just breaking things is not sufficient fixing things is much harder you get exposed to the world of compromise • wanting to burn everything down is a fine thing, but it's not going to happen i
security is not just an engineering job get to meet your legal team and your PR team and sell security to the business • and compromise • work with product team
Demand for security people
What is cloud native security?
understand the threat model security is quality o handle errors and the unexpected o understand the issues in domain o write security tests threat • spend time attacking learn from external audits
you cannot tell anyone about what you do a lot of the time • not enough people, so often overworked • live away from the happy path
Taught by
CNCF [Cloud Native Computing Foundation]
