Iain Smart
Principal Consultant @ AmberWolf
Actions
Iain is a Principal Security Consultant at AmberWolf, where he attacks and reviews cloud-native environments. He is also an active member of Kubernetes SIG-Security, and co-lead of the SIG-Security Third-Party Audit working group. Since discovering that public speaking really isn’t that scary, he has presented at various conferences including KubeCon EU and BlackHat. He enjoys playing with new technologies, and if he’s not hacking a Kubernetes cluster or attacking a build pipeline he can be found writing home automations, or baking.
Area of Expertise
I'll Let Myself In: Kubernetes Privilege Escalation Tactics
Penetration testing Kubernetes shouldn't be easy, but we can make it so! Rogue SRE insider threat? Platform developers with grudges? Hostile internet citizens? Discover how to escalate your privilege, attain persistence, wreak cluster-wide havoc, and hide any trace of your activity in this enthralling exploration of cloud native security!
Join us for a learner-friendly yet advanced dive into the myriad ways both trusted and unprivileged users can exploit Kubernetes. We'll guide you through best practices for detection and demonstrate the most cost-effective and efficient strategies for securing your clusters.
- Understand Kubernetes vulnerabilities that SREs, security teams, and pentesters should know — and techniques to mitigate them
- Explore edge-cases of component abuse, and cruel and unusual interactions between components
- Identify various adversary levels and tailor your defences accordingly
- Learn the most economical and rapid strategies for robust cluster security
SIG Security: Succession Planting for a Flowering Future
Kubernetes SIG Security takes a community-building approach to improving security for end users, project maintainers, and the Kubernetes project itself. Much like a garden thrives with careful planning, diverse plants, and collaboration, we use the same techniques to ensure our community is well tended and blooming. Join us as we introduce the next generation of SIG Security leadership and talk about succession plan(t)ing to ensure a smooth transition, encourage growth, and maintain the values that cultivate and foster the community we’ve built together.
Come learn what we’ve been working on, what we have planned for the future, and how you can get involved. We will go over the many roles required to create a rich community, from the gardeners to the pollinators - it really does take a village! Everyone is welcome: we all have something to teach and something to learn, and we would love to learn from you!
Bring questions, share ideas, and let’s plant some seeds. See you there!
A Bug’s-Eye View: Kubernetes SIG Security Explains it All
SIG Security helps the Kubernetes project to keep pesky bugs contained, and to spread the word when they escape! From the OWASP Top Ten and WONTFIX issues, to third-party audit results and CVEs, Kubernetes bugs have many different shapes and lifecycles.
How do some Kubernetes bugs grow wings to become published vulnerabilities? What happens to other bugs that stay underground for years? Is that bug really a feature, or is that feature really a bug? Creep, crawl, flutter, or fly on in to learn about how it all happens.
We all make Kubernetes more secure together, so join the SIG Security entomologists and learn how you can get involved! There’s always interesting bugs to study, catch, track, and share. See you there!
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top