Lewis Denham-Parry
Staff Solutions Architect @ Edera
Cardiff, United Kingdom
Actions
Lewis Denham-Parry spends his days orchestrating containers and his nights testing their security.
With a diverse background spanning software development on bare metal to building cloud infrastructure, Lewis brings a wealth of hands-on experience. As a Staff Security Engineer at Edera, he focuses on delivering the security and isolation we’ve always needed but often lacked. His work goes beyond just securing software—he also ensures hardware drivers are isolated and protected.
A passionate community advocate, Lewis has shared his expertise through talks and workshops at international conferences like KubeCon, SANS, and BSides, as well as at local meetups in Wales.
When he’s not immersed in tech, Lewis enjoys spending time with his family, playing sports, reading, and indulging in good food.
You can easily find him online—just search for his surname.
Links
Area of Expertise
Topics
Security Showdown: The Overconfident Operator vs the Nefarious Ne’er-Do-Well
Ozzie the Overconfident Operator has secured their cluster! They have done it all: role-based access control, encryption at rest, TLS…and as they congratulate themself on a job well done, Nova the Nefarious Ne’er-do-well watches from around the corner, drooling with anticipation. Spoiler alert⎯Ozzie is about to get HACKED.
In this talk, the speakers play the characters of Ozzie and Nova and playfully demo cluster security as Nefarious Nova exploits each of Ozzie’s security decisions. What can Overconfident Ozzie do when Nova gets the upper hand? How can Ozzie proactively keep Nova’s threats at bay?
Take security beyond the firewall and discover cloud native security concepts such as identity management, creating cluster-level policies, implementing runtime security, and securing pod-to-pod communications.
Learn security basics alongside Overconfident Ozzie, who is sure the cluster is COMPLETELY secure this time. There is nothing Nova can do to break… uh-oh. Not again!
What vulnerabilities? Live hacking of containers and orchestrators
We often see alerts about vulnerabilities being found in frameworks that we use today, but should we really care about them? What's the worst that can happen? Can someone own a container? Could they run a bitcoin miner on my servers? Are they able to own the cluster?
In this talk, we will discuss what our core threats are, can we put measures in place to strengthen or prevent hacks from happening and general best practice.
We'll perform a number of hacks and look to see what could go wrong. We'll then look at ways that this could be prevented for you to go back and share with others.
This talk is targeted for people who have an interest in Cloud Native technologies and ways that we can secure them. The talk is presented by a developer who found security as a problem that he now loves to solve.
The Lost Art Of Keeping A Secret
One thing that L**** has noticed recently is that with all the advances that we have in technology, we still appear to have problems in keeping secrets to ourselves.
In this talk, *E*** will introduce the core concepts of secrets. We look at an overview as to how best we can manage secrets, from creating them to using them in our applications.
**W** will then look at the actors involved, the role of a developer consuming a secret, an engineer providing and defending them to an attacker on the lookout for some more data.
***I* will then look at ways that we can manage secrets over many environments, from development to production. Finally, we check what to do when our secrets aren't so secret anymore.
Finally, ****S will finish with case studies of where security first has won and the instances where the secrets have been given away.
This talk will focus on the implementation of secrets based on cloud technologies, but the core concepts can be used within any system and the best practices that should be followed to give you a fighting chance to keep it to yourself.
The Hand That Feeds - How to Misuse Kubernetes
We usually trust the hand that feeds, but what happens when we can't trust the hand that feeds us? How do we run applications when there is little to no trust?
In this session, we're going to start by taking a look at attack paths in and around Kubernetes, acting as a Red Team. We'll take advantage of an OWASP vulnerability within a Supply Chain attack giving us an entry point. From there, together we'll explore how an attacker can take further control of the cluster via lateral and vertical movements.
Once we have your attention from seeing how this could be someone's worst day, we'll look at how we can patch this up as a Blue Team. What do we have available from Kubernetes that can mitigate some of this disaster, and what practices should we put in place to further strengthen and defend our compute.
From attending this session, you'll leave with a Purple Team understanding of core concepts within Kubernetes, that defence is strengthened with depth, and how we can defend from Script Kiddies to Nation States.
Signed, Sealed, Delivered I'm yours!
The internet is built on trust, for example you trust that what you're reading right now is from me, Lewis Denham-Parry, on his laptop somewhere in the world sometime in the past. But how can you trust that? How do you know that this hasn't been tampered with? How can you trust the authenticity of Lewis, and have there been any updates since this was written due to changes in context?
These problems are similar to what we have in software today, from source code, to build, to release and ultimately running in production. What dependencies do we have in our software? What happens when we find a CVE? How do we trust that the build hasn't been tampered with? Or as we like to call it, Supply Chain Security.
This talk will bring you up to speed with recommended best practices to build trust today that others can use to build on in the future. We'll look at technologies around Sigstore to help build trust, the SLSA framework to articulate best practices, and case studies to see where this could have helped others in the past and who are currently using it today.
This talk is aimed at people who have trusted others and want to make it easier for others to trust them.
Security Showdown: The Overconfident Operator Vs the Nefarious Ne’er-Do-Well
Ozzie the Overconfident Operator has secured their cluster! They have done it all: role-based access control, encryption at rest, TLS…and as they congratulate themself on a job well done, Nova the Nefarious Ne’er-do-well watches from around the corner, drooling with anticipation. Spoiler alert⎯Ozzie is about to get HACKED.
In this talk, the speakers play the characters of Ozzie and Nova and playfully demo cluster security as Nefarious Nova exploits each of Ozzie’s security decisions. What can Overconfident Ozzie do when Nova gets the upper hand? How can Ozzie proactively keep Nova’s threats at bay?
Take security beyond the firewall and discover cloud native security concepts such as identity management, container image scanning and signing, creating and implementing policies, runtime security, and secrets management.
Learn security basics alongside Overconfident Ozzie, who is sure the cluster is COMPLETELY secure this time. There is nothing Nova can do to break… uh-oh. Not again!
NDC London 2022 Sessionize Event
KCDC 2019 Sessionize Event
NDC Oslo 2019 Sessionize Event
NDC Minnesota 2019 Sessionize Event
NDC London 2019 Sessionize Event
Lewis Denham-Parry
Staff Solutions Architect @ Edera
Cardiff, United Kingdom
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top