Rory McCune
Senior Security Researcher & Advocate - Datadog
Glasgow, United Kingdom
Actions
Rory is a senior advocate for Datadog who has extensive experience with Cyber security and Cloud native computing. In addition to his work as a security reviewer and architect on containerization technologies like Kubernetes and Docker he has presented at Kubecon EU and NA, as well as a number of other cloud native and security conferences. He is one of the main authors of the CIS benchmarks for Docker and Kubernetes, a published author on the topic of Cloud Native Security and member of Kubernetes SIG-Security. When he's not working, Rory can generally be found out walking and enjoying the scenery of the Scottish highlands.
Badges
Area of Expertise
Topics
Oh what a tangled web we weave when we .... network containers!
Like a lot of things in containerization, networking is built of a number of layers and abstractions based on existing technologies, with more seemingly being added all the time. As hackers we know that when abstractions are built and technologies re-used, there are going to be edge cases to exploit and assumptions to abuse.
In this talk we'll get into the details of how Kubernetes based network stacks work and detail specific places and detail specific places that are vulnerable to attack. We'll start with the low level aspect of Linux networking that have been re-purposed for container stacks, looking at how those settings can leave clusters exposed to attacks, then talk about some higher level HTTP concerns like the fact that every cluster is SSRF as a service, and demonstrate tools that allow for port-scanning via the Kubernetes API server.
We'll also talk about how Kubernetes cluster network security operates and focus on how those controls can be rendered useless by users making mistakes, or by attackers deliberately.
Containers Rule Everything Around Me
Over the last 10 years Docker and Kubernetes have gone from niche projects to being a ubiquitous part of the technology landscape, operating in a vast number of companies and environments. But why were they so successful?
This talk will examine the sources of success that these technologies had, look at what seems like it should have been important but wasn't, and provide ideas for how future open source projects can set themselves up for success.
You can only secure what you can observe
Central to effective cybersecurity is a fundamental yet often overlooked task: knowing exactly what needs to be secured. This foundational aspect, is increasingly challenging in today's fast-paced and dynamic technological landscapes. Organizations grappling with this issue find it especially pronounced in modern, fluid environments where assets can rapidly change or scale.
This talk will dive into this area, give you ideas of what you need to consider, look at some common problem areas and also show where it's possible to leverage emerging technologies like Open Telemetry to improve your companies security.
The Myriad Paths to Improving Open Source Security
If you're looking to contribute to open source security, it can sometimes be tricky to think of where and how you can contribute, especially if you're not a developer. In this talk we'll examine some of the ways where you can help improve open source security regardless of your technical background, talk about their pros and cons and also talk about how your ideas for security can have a global impact.
Observability for pentesters
Observability, or o11y, is more than just a trending term in the tech world; it's a pivotal element in comprehending and managing complex modern systems. For pentesters, understanding and exploiting this domain is crucial. This talk demystifies observability and open telemetry, offering insights into how it works.
We'll examine popular tools in open-source observability stacks, like Prometheus, Jaeger and FluentD, revealing their attack surfaces. Moreover, we'll delve into practical strategies, demonstrating how observability tools can significantly enhance white box pentesting.
Fortifying Kubernetes - Strategies for Secure Cluster Management
One of the great things about Kubernetes is the variety of choices it provides and the flexibility it gives us in creating different configurations. However, with that flexibility it can be difficult to understand what's needed to create secure Kubernetes clusters.
This talk will go through some of the key areas of Kubernetes security, look at where the provided defaults are not necessarily the best choice for your production systems and provide practical advice for cluster operators and developers deploying applications to those clusters on how to make usable and secure environments.
Charting the Course: The History and Evolution of Kubernetes Security
From the early days of Kubernetes, security has been a topic of interest and an area with plenty of challenges. In this talk we'll take a look at some of the choices that Kubernetes has made, look at some vulnerabilities and exploits, and explore what's changed (and what hasn't!) over the last ten years all the way from the days of the "Kubelet exploit" and Tiller, through the ever evolving path of pod admission controls, to more recent security wins -- like the fact that service account tokens actually expire now!
Beyond the Surface: Exploring Attacker Persistence Strategies in Kubernetes
Kubernetes has been put to great use by a wide variety of organizations to manage their workloads, as it hides away a lot of the complexity of managing and scheduling containers. But with each added layer of abstraction, there can be new places for attackers to hide in darkened corners.
This talk will examine how attackers can (ab)use little known features of Kubernetes and the components that are commonly deployed as part of cloud-native containerized workloads to persist in compromised systems, sometimes for years at a time. We'll also pinpoint places where, if you don't detect the initial attack, it might be very difficult to spot the attacker lurking in your cluster.
KubeCon + CloudNativeCon Europe 2026 Sessionize Event Upcoming
Container Days London Sessionize Event
ContainerDays Conference 2025 Sessionize Event
OWASP Global AppSec EU 2025 - CFP Sessionize Event
KubeCon + CloudNativeCon Europe 2025 Sessionize Event
Project Lightning Talk + Maintainer Track + Contribfest: KubeCon + CloudNativeCon Europe 2025 Sessionize Event
KCD UK London - 2024 Sessionize Event
KCD Austria Sessionize Event
Security BSides Dublin 2024 Sessionize Event
State of Open Con 24 Sessionize Event
State of Open Con 23 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top