This hands-on workshop will introduce participants to Falco, the CNCF project designed for detecting runtime threats in Kubernetes environments. They'll learn how to deploy Falco, tailor its security rules to their needs, and spot suspicious activity in real time, like unauthorized access, privilege escalation, or unexpected behavior inside containers.

Through practical exercises, we’ll simulate security incidents and cover best practices for integrating Falco with alerting systems and automated response workflows.

The session is ideal for DevOps, SRE, and security professionals who want to strengthen the security of their Kubernetes clusters. Some familiarity with Kubernetes is recommended.