Cristian Klein
Technical Product Owner and DPO at Elastisys
Lund, Sweden
Actions
Cristian is Technical Product Owner and Data Protection Officer at Elastisys. He reviews data protection regulations and security best practices, to translate those into Kubernetes and Cloud Native solutions. He gathered over 20 years of experience acting variously as an on-call network engineer, cloud architect and teacher. You can follow him on LinkedIn, where I post about topics at the intersection of information security and Kubernetes. When coming out of the clouds, Cristian enjoys indoor climbing.
Area of Expertise
Topics
How to security-harden Kubernetes against unknown unknowns
2023! What a rough start. When I opened the email on my first working day (9 Jan), Have I Been Pwned had already notified me of 5 data breaches. Indeed, data breaches are not only getting more frequent, but also more expensive. Needless to say, this puts pressure on those of us who are responsible for ensuring Kubernetes platform security.
Join this talk if you want to learn:
- basic Kubernetes security hygiene: setting the right scope; fostering the right alerting culture; disaster recovery training; and developing good maintenance habits. This helps the platform team secure Kubernetes against “known knowns”.
- three techniques to security-harden Kubernetes: blocking unnecessary network traffic; doing proper vulnerability management; and using intrusion detection. For each technique, the talk gives an in-depth technical explanation, including why it helps improve security and how to implement it for maximum impact.
At the end of the talk, you will be able to operate a Kubernetes cluster which meets even the most stringent data protection regulations, such as GDPR, MSBFS 2020:7 and Swedish Patient Data Laws. It is suitable both for newcomers and experienced teams which want to get their Kubernetes operations to the next level.
Removing Frictions of Secure Cloud Native DevOps with Welkin
Vanilla Kubernetes makes it easy to ship applications… and just as easy to introduce potentially dangerous misconfigurations and vulnerabilities into production. In this hands-on workshop, you’ll deploy a cloud native application on a pre-provisioned Welkin environment and experience what it’s like when the Kubernetes-based application platform helps you do the secure thing by default.
Welkin adds guardrails that prevent common “oops” moments from ever reaching production: for example, workloads can’t run as root, microservices need to be isolated with internal firewall rules, and resource needs need to be defined. These protections are enforced through a hardened Kubernetes setup and policy engines designed to eliminate high-impact security and misconfiguration mistakes.
Just as importantly, you won’t spend the workshop wiring up “day-2” tooling. You will utilize a production-ready set of Cloud Native tools to: store your application container images, scan them for vulnerabilities, as well as collect application metrics and logs automatically. Everything you need to deploy your application securely and confidently!
We’ll end with a structured feedback retro focused on developer experience: where the guardrails helped, where they surprised you, and what would make secure cloud-native delivery even smoother on Welkin.
How to Convince Your Boss to Play with Kubernetes and Cloud Native
Postponed disaster recovery drills. Mounting security debt. An ever-growing backlog of essential maintenance. These are the symptoms of an under-resourced platform team, forced into a reactive state with unrealistic on-call rotations. While the team is firefighting, the platform, the very foundation of developer productivity and business velocity, silently erodes.
This session provides a playbook for reversing this trend. We will show Platform Engineers how to translate critical technical needs into the language of business value, cost-savings, and risk mitigation. Using the structure of an Architecture Decision Record (ADR), we will walk through a real-world scenario: translating the mandatory requirements of the EU's NIS2 Directive into a concrete, defensible technical solution using Kubernetes, Ingress Controller, and cert-manager.
From Neglected to Necessary: Securing Kubernetes Under NIS2
2025 is the year when NIS2 security measures need to be implemented. Feeling overwhelmed already? If so, then this talk is for you.
Society increasingly relies on internet-exposed web apps for basic needs, such as buying food and accessing healthcare services. Unfortunately, putting these systems on the internet also increases their exposure to cyber attacks, whether for ransom or as part of a hybrid war strategy. To bridge the gap between what society needs and the too often neglected information security, the EU has recently passed the NIS2 Directive.
In this talk, I will briefly introduce the NIS2 Directive, focusing on risk management and the 10 minimum requirements. Then, I will discuss how these requirements can be fulfilled on top of a Kubernetes platform. At the end of this talk, you will learn how platform engineering can help your boss save money by reducing compliance burden.
From Neglected to Necessary: Securing Kubernetes Under NIS2
Society increasingly relies on internet-exposed web apps for basic needs, such as buying food and accessing healthcare services. Unfortunately, putting these systems on the internet also increases their exposure to cyber attacks, whether for ransom or as part of a hybrid war strategy. To bridge the gap between what society needs and the too often neglected information security, the EU has recently passed the NIS2 Directive.
In this talk, I will briefly introduce the NIS2 Directive, focusing on the 10 minimum requirements. Then, I will discuss how these requirements can be technically implemented on top of a Kubernetes platform. At the end of this talk, you will be able to produce a roadmap for getting your platform NIS2-ready.
From Anxiety to Action: A Guide to Bringing Workloads Back Home
Given rising geopolitical tension, the Norwegian and Danish data protection authority called for their government agencies to have a plan to migrate away from US cloud providers. Needless to say, this causes a lot of anxiety with engineering teams who have never done a migration before. And while we all know that open-source and cloud native technologies, such as Kubernetes, make such a migration a lot less costly, the devil is always in the details.
This talk is aimed at engineering teams who have been asked to prepare a migration. The talk is structured as a migration plan along three main phases: pre-migration, migration execution, and post-migration. Platform engineers will leave the talk with reduced anxiety and a feeling of empowerment in eliminating “unknown unknowns”.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top