Madhu Akula
Pragmatic Security Leader
Amsterdam, The Netherlands
Actions
Madhu Akula is a pragmatic security leader and creator of Kubernetes Goat, an intentionally vulnerable by-design Kubernetes Cluster to learn and practice Kubernetes Security. He is a published author and Cloud Native Security Architect with extensive experience. Also, he is an active member of the international security, DevOps, and Cloud Native communities (null, DevSecOps, AllDayDevOps, AWS, CNCF, USENIX, etc). He holds industry certifications like CKA (Certified Kubernetes Administrator), CKS (Certified Kubernetes Security Specialist), OSCP (Offensive Security Certified Professional), etc.
Madhu frequently speaks and runs training sessions at security events and conferences worldwide including DEFCON 24, 26, 27, 28, 29, 30, 31 & 32, BlackHat USA, ASIA, EU (2018, 19, 21, 22, 23 & 24), USENIX LISA 2018, 19 & 21, SANS Cloud Security Summit 2021 & 2022, O’Reilly Velocity EU 2019, Github Satellite 2020, Appsec EU (2018, 19 & 22), All Day DevOps (2016, 17, 18, 19, 20, 21, 22, 23), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 18), Nullcon 2018, 19, 21 & 22, SACON, Serverless Summit, null and multiple others.
His research has identified vulnerabilities in over 200+ companies and organizations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP, Adobe, etc. and is credited with multiple CVEs, Acknowledgements, and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. He is the technical reviewer for Learn Kubernetes Security, and Practical Ansible2 books by Packt Pub. Also won 1st prize for building an Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams.
Links
Area of Expertise
Topics
Scaling Kubernetes Security with Kubernetes Goat
Most companies adopting Kubernetes have a hard time building their security around it. With cloud native transformation, growth of the company, and adoptions it’s super hard to build security across different layers. In this talk, Madhu Akula will showcase how Kubernetes Goat will solve these problems by helping developers, DevOps, and security teams to understand the real-world security misconfigurations, vulnerabilities, and attacks in a context-driven practical hands-on way. So most of your security issues will be fixed before even deployed into Production.
Some examples include helping DevOps/Developer teams understand the risks so they could have been mitigated even before they write Dockerfiles, Manifests, Helm charts, etc. to deploy the microservice into clusters. We will see some real challenges regards competency, knowledge gap, and bridging the gap between DevOps/SRE teams and security collaboratively and practically.
Defender's Guide to Cloud Native Infrastructure Security
This talk is focused on why, what and how we can add security value into modern cloud native infrastructure. Organisation using micro services and distributed architectures uses containers, kubernetes and modern infrastructure. Understanding these technologies and applying security principles like defense in depth, least privilege, secure by defaults, etc are some of the things we will see in this session.
By end of this talk participants will be able to understand some of the common and real world security problems. Applying pragmatic security using tools, technologies and procedures (TTPs) to build secure cloud native infrastructure. In this talk, we will see how to apply security at different layers like infrastructure security, supply chain security and run-time security.
Also end of the talk, speaker will give away the reference checklist and guide for building secure infrastructure with available resources in their daily operations.
Container Security for RED and BLUE teams!
In this talk will focus on two different perspectives of container security. We will see, how attackers can break into docker container and kubernetes clusters to gain access, escalate privileges to infrastructure by using misconfigurations and application security vulnerabilities. Also, we can see how defenders can leverage the power of automation at different layers like Infrastructure Security, Supply chain Security and Run time Security to protect against the container security attacks.
By the end of this talk participants able to use this knowledge to identify and exploit vulnerabilities in applications running on containers inside kubernetes clusters. Also, it will be useful to apply pragmatic security using tools, techniques and procedures (TTPs) to secure the container infrastructure.
Breaking and Pwning Docker Containers and Kubernetes Clusters
An organization using micro services or any other distributed architecture rely heavily on containers and orchestration engines like Kubernetes and as such its infrastructure security is paramount to its business operations. This talk will focus on how attackers can break into docker container and kubernetes clusters to gain access, escalate privileges to infrastructure by using misconfigurations and application security vulnerabilities. Speaker will share examples of real world security issues found in penetration testing engagements to showcase mapping of the attack usually happens in the real world.
By the end of the talk participants will able to identify and exploit vulnerabilities in applications running on containers inside Kubernetes clusters. The key take away for audience will be learning from these scenarios how they can assess their environments and fix them before attackers gain control over their infrastructure.
All Day DevOps: Spring Break Edition Sessionize Event
2019 All Day DevOps Sessionize Event
Madhu Akula
Pragmatic Security Leader
Amsterdam, The Netherlands
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top