Rory McCune
Senior Security Researcher & Advocate - Datadog
Glasgow, United Kingdom
Actions
Rory is a senior advocate for Datadog who has extensive experience with Cyber security and Cloud native computing. In addition to his work as a security reviewer and architect on containerization technologies like Kubernetes and Docker he has presented at Kubecon EU and NA, as well as a number of other cloud native and security conferences. He is one of the main authors of the CIS benchmarks for Docker and Kubernetes, a published author on the topic of Cloud Native Security and member of Kubernetes SIG-Security. When he's not working, Rory can generally be found out walking and enjoying the scenery of the Scottish highlands.
Awards
Area of Expertise
Topics
You can only secure what you can observe
Central to effective cybersecurity is a fundamental yet often overlooked task: knowing exactly what needs to be secured. This foundational aspect, is increasingly challenging in today's fast-paced and dynamic technological landscapes. Organizations grappling with this issue find it especially pronounced in modern, fluid environments where assets can rapidly change or scale.
This talk will dive into this area, give you ideas of what you need to consider, look at some common problem areas and also show where it's possible to leverage emerging technologies like Open Telemetry to improve your companies security.
The Myriad Paths to Improving Open Source Security
If you're looking to contribute to open source security, it can sometimes be tricky to think of where and how you can contribute, especially if you're not a developer. In this talk we'll examine some of the ways where you can help improve open source security regardless of your technical background, talk about their pros and cons and also talk about how your ideas for security can have a global impact.
Observability for pentesters
Observability, or o11y, is more than just a trending term in the tech world; it's a pivotal element in comprehending and managing complex modern systems. For pentesters, understanding and exploiting this domain is crucial. This talk demystifies observability and open telemetry, offering insights into how it works.
We'll examine popular tools in open-source observability stacks, like Prometheus, Jaeger and FluentD, revealing their attack surfaces. Moreover, we'll delve into practical strategies, demonstrating how observability tools can significantly enhance white box pentesting.
Fortifying Kubernetes - Strategies for Secure Cluster Management
One of the great things about Kubernetes is the variety of choices it provides and the flexibility it gives us in creating different configurations. However, with that flexibility it can be difficult to understand what's needed to create secure Kubernetes clusters.
This talk will go through some of the key areas of Kubernetes security, look at where the provided defaults are not necessarily the best choice for your production systems and provide practical advice for cluster operators and developers deploying applications to those clusters on how to make usable and secure environments.
Charting the Course: The History and Evolution of Kubernetes Security
From the early days of Kubernetes, security has been a topic of interest and an area with plenty of challenges. In this talk we'll take a look at some of the choices that Kubernetes has made, look at some vulnerabilities and exploits, and explore what's changed (and what hasn't!) over the last ten years all the way from the days of the "Kubelet exploit" and Tiller, through the ever evolving path of pod admission controls, to more recent security wins -- like the fact that service account tokens actually expire now!
Beyond the Surface: Exploring Attacker Persistence Strategies in Kubernetes
Kubernetes has been put to great use by a wide variety of organizations to manage their workloads, as it hides away a lot of the complexity of managing and scheduling containers. But with each added layer of abstraction, there can be new places for attackers to hide in darkened corners.
This talk will examine how attackers can (ab)use little known features of Kubernetes and the components that are commonly deployed as part of cloud-native containerized workloads to persist in compromised systems, sometimes for years at a time. We'll also pinpoint places where, if you don't detect the initial attack, it might be very difficult to spot the attacker lurking in your cluster.
KCD UK London - 2024 Sessionize Event
KCD Austria Sessionize Event
Security BSides Dublin 2024 Sessionize Event
State of Open Con 24 Sessionize Event
State of Open Con 23 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top