Rohit Salecha
Security Engineer
Mumbai, India
Actions
Rohit Salecha is a technology geek who loves to explore anything that runs and understands binary. As a security engineer he is passionate about learning the length,breadth and depth of technology.
Being more on the defensive side he has evangelised secure software development at various organizations for more than a decade.
He is ridiculously driven by “everything as code” mantra and strongly believes that security team must strive towards making themselves irrelevant.
Links
Area of Expertise
Topics
The Four C’s of Software Security: From Prevention to Detection (AWS Edition)
Following a successful MVP demonstration, a startup recently obtained significant funding. The next step involves a soft launch where security poses a crucial challenge. The initial PoC lacks basic security standards needed for customer trust and compliance—for example, secrets are strewn across the code, everyone has admin privileges to AWS and Kubernetes, the compute infrastructure is non-compliant, and only a basic web application pentest was conducted with very few findings.
This scenario inspired the creation of ‘Securing 4C’s of Software Product,’ a specialized training program designed to secure the core pillars of product security: Code, Container, Cluster & Cloud.
This training dives deep into critical security domains such as Authentication and Authorization in AWS and Kubernetes, Secrets Management, Detection Engineering, Supply Chain Security, Container Security, and Static Application Security. It equips attendees with the necessary knowledge to establish robust security protocols and detect potential threats, ensuring deployments carry a high level of security assurance.
Securing the Pillars of Modern Software: Code to Cloud
In today's fast-paced startup environment, achieving a successful MVP is just the beginning. As startups transition to a soft launch, security becomes a critical challenge. This talk, inspired by real-world scenarios, introduces a specialized framework designed to secure the core pillars of product security: Code, Container, Cluster, and Cloud. Attendees will gain insights into key security domains such as Authentication and Authorization in AWS and Kubernetes, Secrets Management, Supply Chain Security, Container Security, and Static Application Security. The session will provide practical guidance on establishing robust security protocols, ensuring deployments carry a high level of security assurance by referring to an open-source framework created by the author.
Bootstrap Security in Kubernetes Deployments
If somebody wishes to compromise a Kubernetes cluster she either needs direct access to the API-Server or via a code execution vulnerability to gain foothold in the pods.
While there are many different ways in which the API-server can be protected however, there aren't much pre-defined methods to ensure protection/mitigation against a code execution vulnerability from being further exploited.
Hence throught this hands-on workshop I shall try to explain how to integrate security in the build process of docker images and when the container is being deployed on kubernetes clusters such that it reduces the attack potential to penetrate deeper into the cluster.
The techniques discussed are simple,doesn't meddle with the working of the application and most importantly can be templatized to scale with Kubernetes.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top