Speaker

Eric Smalling

Eric Smalling

Staff Solutions Architect @ Chainguard

Actions

Eric is a 30+ year enterprise software developer, architect, and consultant with a focus on CI/CD, DevOps, and container-based solutions over the last decade. He is a Docker Captain, is certified in Kubernetes (CKA, CKAD, CKS), and has been a Docker user since 2013. As a Staff Solutions Architect at Chainguard, Eric helps teams deploy their applications securely by minimizing container image footprint and CVE counts.

Awards

Area of Expertise

  • Information & Communications Technology

Topics

  • Container
  • Kubernetes
  • Cloud & DevOps
  • DevOps
  • DevSecOps
  • Container Security

The Platform Engineer Playbook - 5 Ways to Container Security

Remember when Log4shell took the community by surprise? Developers and Platform Engineers do!

To address all layers in our defense-in-depth model, and with many containers requiring scale, a wide array of security guardrails is required.

From a developer’s shell to a platform engineer moving to a runtime in production, there are many tools and practices available to mitigate and detect would-be attackers and make their lives harder.

This session will include a live demo of the Log4Shell remote code exploit (RCE) and effective techniques to defend against vulnerabilities like it such as:
- Code & container image scanning
- Best practices for container runtime configuration
- Policy enforcement in Kubernetes
- Container authentication & authorization
- Encryption & identification for services

Join us and protect your organization from an attack on the next critical CVE and make it harder for attackers to leverage it against you!

How the heck do I debug distroless containers?

You have a bug in your production container image but, for security reasons, you are using one of the so-called "distroless" or "scratch" base images which means there's probably no shell, package manager or any other utilities at your disposal for troubleshooting. How the heck are you supposed to debug these things?

Join me as for a hands-on demonstration of various ways to troubleshoot these images without sacrificing the security of these images and a discussion of the pros and cons of adopting distroless.

Some of the base image types we'll research:
* Google Distroless
* Wolfi
* scratch

Eric Smalling

Staff Solutions Architect @ Chainguard

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top