Marino Wijay
Solutions Architecture - Networking, APIs, Kubernetes
Toronto, Canada
Actions
Marino Wijay is a Canadian, Traveller, International Speaker, and Open Source Advocate and Architect for Service Mesh, Kubernetes, and Networking. He is a CNCF Ambassador, Civo Cloud Ambassador, Lead Organizer for KubeHuddle Toronto, and Founder of EmpathyOps. He is passionate about technology and modern distributed systems. He will always fall back to the patterns of Networking and the ways of the OSI. Community building is his driving force; A modern Jedi Academy.
Links
Area of Expertise
Topics
The Platform Engineer Playbook - 5 Ways to Container Security
The infamous Log4Shell vulnerability took the software community by surprise two years ago; it was a perfect storm of the massively popular open-source library with a vulnerability that was fairly trivial to attack. Will there be another massive vulnerability to deal with this year? It’s always possible, but there are things you can do to protect your application.
As we address additional layers in our defense-in-depth model, and with many containers requiring scale, an advanced application network with a wide array of security features is required. How do we ensure the right policies are in place to allow communication? What mechanisms exist to ensure that payloads in our network cannot be deciphered or replayed? How do we leverage identity to attest containers and their intent?
From a developer’s shell to a platform engineer moving to a runtime in production, there are many tools and practices available to mitigate and detect would-be attackers and make their lives harder.
This session will include a live demo of the Log4Shell remote code exploit (RCE) and effective techniques to defend against vulnerabilities like it such as:
- Code & container image scanning
- Best practices for container runtime configuration
- Policy enforcement in Kubernetes
- Container authentication & authorization
- Encryption & identification for services
Join us and protect your organization from an attack on the next critical CVE and make it harder for attackers to leverage it against you!
What's Smoother Than Your Morning Espresso Pull? Bridging Gaps With BGP And Cilium!
The widely adopted, highly capable Border Gateway Protocol has won the hearts and minds of the Internet. And, it’s made its way into Kubernetes! However, not every workload is a container, and not every VM can make its way into Kubernetes so, how do we ensure every workload can freely talk? If BGP on Cilium is the answer how should we proceed?
- Why should we care about BGP?
- How do we work with Cilium’s BGP Control Plane?
- How can we get our VMs to communicate with our pods using BGP?
- Can we see a working BGP setup?
- Does “show ip bgp summary” still work?
This presentation allows us to delve into BGP internals and history while providing a demonstration of BGP in action, running in Cilium. We’ll become the best neighbors with an upstream router, and we’ll share ALL THE NETWORKS!
Pi in the Sky: Onboarding Edge Workloads into the Service Mesh!
A range of industries including industrial automation, smart appliances, robotics, and agricultural systems require edge computing. What if there was a way to abstract networking policies, security, and observability from the application running on the edge? Enter Istio. Istio supports connecting workloads outside of a K8s to the mesh providing the benefits of a service mesh to workloads running anywhere- from legacy applications running on ec2 instance to a tiny Raspberry Pi. Connecting workloads with the new Istio Ambient model simplifies the process of adding edge devices into the mesh- without any messy sidecar. We’ll use a Raspberry Pi and onboard it into the Mesh, proving out edge computing use cases.
In this talk, we illustrate seemingly endless possibilities with how Ambient Mesh can support Edge Compute environments without any changes to the underlying applications and provides unified L3/L4 Network policies, security, and observability.
Policy-as-Code Super-Powers! Rethinking Modern IaC With Service Mesh And CNI.
Who wants to sit there and manually write policy, or YAML, or define the way we deploy our apps, by hand? Anybody?
That’s right, ABSOLUTELY NO ONE!
When observing previous security breaches or exploits, it’s usually discovered that misconfiguration or a lack of consistent configuration led to this. Because of this, the rapid evolution of modern infrastructures presents both opportunities and challenges. Old security paradigms and processes are faltering. Platform Engineers shouldn’t simply build YAML and deploy imperatively.
- Does Infrastructure as Code (IaC) offer promising avenues?
- How can we achieve Compliance or Policy as Code?
- Can developers use existing programming frameworks to define Infrastructure and applications as Python, Java, Go, and others?
- How can platform engineers deploy just-in-time policy-as-code with tools like Istio, Cilium, and Pulumi?
Dive deep with Kat and Marino as they unravel the intricacies of using IaC to bolster security strategies. With hands-on examples (featuring Civo Cloud) we'll craft a SecOps library package for modular, efficient, and enforceable security-as-code.
Not-So-Spooky Security Strategies: Creating A Secure Comprehensive Platform With Deep Visibility
We are well beyond deploying and managing Kubernetes, so what’s next? Addressing the vicious vulnerabilities we decided to sweep under the rug…aka Security Platform Engineering!
It’s never too late to address security strategies and compliance requirements but how do we address all 360°?
With so many moving pieces, pods, services, infrastructure and the network there are equally as many addressable points of interest that need to be locked down:
- How can we prevent zombie-like containers from clawing up the ground into our clusters?
- How do we thwart Dreadful DDOS Attacks?
- How do we address scarily insecure clusters with appalling attack-vectors?
- Are we dealing with Cursed CI/CD’s deploying ghastly applications?
- If ghosts are frightening, what about a lack of trust & identity of our services?
- What are the right approaches, practices, and tools to have 360° secure clusters?
In this talk, we explore current challenges, trends, and the right practices to achieve cloud native security while diving into the right combination of open source tooling with Kubescape, Istio, Cilium and eBPF!
Measure Twice, Cut Once: Dive Into Network Foundations For Developers!
Networks are the foundation of distributed apps, especially in cloud-native ecosystems. Awareness of how data moves between applications is critical for understanding their performance, security, and efficiency.
As many apps are built and deployed onto container systems like Kubernetes, it’s key to understand where traffic goes, how to communicate with your applications, and how to decipher network protocols and transactions.
Cloud-native application networking tools offer many advantages, but require a deep understanding of the Linux networking stack.
This workshop prepares Developers to navigate networks and develop expertise in networking technologies. By using the Linux operating system, this workshop helps you to answer the questions:
- What does a packet look like?
- How does it flow into your microservices?
- How do you trace network & API communications?
- Why do you need DNS?
- How does Service mesh help with microservices?
- How can eBPF improve our network performance?
Network Engineering Goes DevOoopsie - The Remix!
SERVICE MESH IS A VPN!!!
I sit here and reflect back to 2008 when my supervisor suggested I look into the CCNA and Network+. My world changed from plugging a cable into a switch to setting up BGP peers, to configuring Load Balancers for High Availability. Network Engineering has evolved and from my eyes, has been entirely reimagined, retaining the foundations of networking.
As I've slowly pivoted to the world of Cloud Native, a lot of my previous Network Engineering skills have translated to today's approach to microservices architecture. FOLLOW THE PACKETS I SAY!
Can a Network Engineer become a Platform Engineer? Is Service Mesh just a VPN? Why does everything feel the same but look so different? Do you trust ChatGPT4 to run your network?
In this talk, I share my failures, crimes, and perspectives of Network Engineering from the late 2000s to the world of 2023. AI, distributed systems, observability, the deeper need for security/identity, and the manipulation of the network with policy-as-code, all affect the way we build networks today.
My hope is to inspire others to transform their network engineering career, and avoid the mistakes I made.
Sharpen that Edge! How a Service Mesh enhances EdgeComputeOps
Sometimes you go all in on the cloud, and sometimes, you need to sharpen that Edge a bit.
When pursuing Edge Computing, some of the largest considerations for adoption are:
- Ease of deployment
- Zero-trust security posture
- Resource allocation and consumption
- Telemetry and Observability
- Latency and application response times
Large enterprises in heavily regulated industries or the public sector must adopt practices like a zero-trust security posture both inside and at the edge of its application networks. They must simultaneously be able to determine application performance through telemetry, and mitigate issues.
What's the right approach to meeting these conditions?
Enter the Istio Ambient Service Mesh, the perfect vehicle for meeting these challenges!
In this talk we'll dive into how Ambient offers a revolutionary data-plane architecture for Edge Computing using a live demonstration of the technology.
We'll use this to discuss how this allows service mesh users to deploy an enhanced security posture while slashing operational complexity and enabling incremental mesh adoption, all while reducing cost and computational overhead within a service mesh.
CNCF and Kubernetes meetup Calgary User group Sessionize Event
KCD New York 2024 Sessionize Event
Open Source Summit North America 2024 Sessionize Event
Devnexus 2024 Sessionize Event
Civo Navigate North America 2024 - Austin, TX Sessionize Event
90DaysOfDevOps - 2024 Community Edition Sessionize Event
Kubernetes Community Days Munich 2023 Sessionize Event
DevBcn 2023 Sessionize Event
Tailscale Up Sessionize Event
DevOpsDays Austin 2023 Sessionize Event
Civo Navigate Sessionize Event
KubeHuddle Sessionize Event
DevOpsDays Seattle 2022 Sessionize Event
DevOpsDays Austin 2022 Sessionize Event
Marino Wijay
Solutions Architecture - Networking, APIs, Kubernetes
Toronto, Canada
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top