Jie Wu
Senior Security Engineer at Shopify
New York City, New York, United States
Actions
Jie is a Senior Security Engineer at Shopify based in New York City, working on cloud security, Kubernetes, and detection engineering to secure cloud infrastructure. She has spoken at KubeCon EU, fwd:cloudsec, and BSides (Chicago, Ottawa, Montréal), covering topics from Kubernetes security at scale to non-human identity accountability in the cloud. Before Shopify, she worked on cyber defense and vulnerability management at Bank of America.
Area of Expertise
Topics
Container Forensics for Kubernetes: Building an Evidence Pipeline with Open Source Tools
Your container just got compromised. But Kubernetes is ephemeral by design: the pod restarts in 30 seconds, and when it does, the memory, processes, and ephemeral filesystem are gone. How do you investigate something that no longer exists?
The cloud native ecosystem has gotten good at prevention and detection, but once an alert fires, actually figuring out what happened is still a gap.
This session walks through a forensics pipeline we built from open source tools, with a live demo of a simulated attack. Falco detects suspicious activity, Falco Talon automatically captures syscalls and network traffic, and we analyze the evidence in StratoShark, a Wireshark-style tool for system calls. We'll also show how the Kubernetes Checkpoint API can freeze container runtime state for offline inspection.
Attendees will walk away knowing how to set up automated evidence capture with Falco Talon, analyze captures in StratoShark, and trigger forensic checkpoints in their clusters.
Kubernetes Security at Shopify Scale: Automating Security Across an Infrastructure Monorepo
Security isn’t just a checkbox — it’s what enables teams to move fast with confidence. Managing Kubernetes security across thousands of services and deployments is like herding cats — except the cats can accidentally expose your entire infrastructure.
This talk shares Shopify’s real-world journey of securing its infrastructure monorepo, where a single misconfiguration could impact millions of merchants worldwide. We’ll walk through how Shopify combined Semgrep for static code analysis and Open Policy Agent (OPA) for dynamic policy enforcement to detect and prevent risky configurations before they reach production. Along the way, we’ll share the wins, rough patches, and lessons that helped us integrate these tools at scale with less friction.
Attendees will learn how to use open-source tools to automate security checks, enforce policy, and enable their teams to ship fast and securely.
Pods, Privileges, and Other Things That Keep Security Engineers Up at Night
This session is designed for security, DevOps, and cloud infrastructure engineers who want a practical understanding of Kubernetes security, without getting overwhelmed about what they might have missed.
We will cover:
* What is Kubernetes and why does it matter: why it has become the backbone of modern infrastructure, and why securing it is not optional
* Why pods and containers are a big deal: share examples on how minor configuration missteps can significantly expose critical workloads.
* Common mistakes and misconfigurations to avoid issues such as overly permissive service accounts, deployment to default namespaces, and unverified images.
* How Kubernetes handles security by default: discuss built-in security components such as RBAC, TLS, and container images integrity.
* Practical ways to secure your clusters: discuss how to utilize open-source tools (like Falco, Trivy) and best practices for logging and monitoring to protect your clusters
Key Takeaways
* Understand Kubernetes architecture and why it is crucial to secure your workloads properly
* The built-in security features in Kubernetes and their limitations
* Recognize the common misconfigurations and learn how to avoid them
* Gain practical, actionable tips and essential tools to harden your cluster
KubeCon + CloudNativeCon Japan 2026 Sessionize Event Upcoming
KubeCon + CloudNativeCon Europe 2026 Sessionize Event
BSidesChicago 2025 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top