Build Today, Pay Tomorrow? The Architecture Dilemma Every DevOps Faces

Ever been forced to make a critical architecture decision without enough time or knowledge, knowing the wrong choice could haunt you for years? This talk dives into that moment of pressure.

Meet Phippy, our fictional web app, as it grows from a lean startup to a complex corporate system. Along the way, we face real-world dilemmas: how to scale quickly, which CI/CD approach fits the team, whether to trust a managed database or self-host, when to build versus buy, and how to prioritize security without slowing delivery. Each decision looks different depending on whether speed or stability matters most.

By walking through both perspectives, you’ll gain practical strategies to navigate uncertainty and make architecture choices that serve your context—whether you’re racing to an MVP or building for the enterprise.

No More Dev Environment Headaches: Building Self-Service Development Platforms

In today's cloud-native landscape, maintaining consistent development environments is crucial for productivity. This session demonstrates how to build a one-command solution for provisioning complete dev environments using CNCF ecosystem tools.
We'll explore architecting a dev environment automation pipeline using Terraform for infrastructure, GitOps with ArgoCD for platform components, and Crossplane for AWS resources. Learn how to create reproducible environments with secure secret management, just-in-time IAM roles, network config, Kubernetes clusters, and essential services. The solution optimizes costs through on-demand environment creation and cleanup.
Through practical examples and demos, discover how to implement this in your organization, enabling developers to spin up secure environments in seconds while ensuring production consistency. Walk away with actionable insights for streamlining development workflows using open source tools.

https://www.youtube.com/watch?v=BOmLC0FKW_0

Heavy Lifting with Load Balancers: Security You Did Not See Coming

AWS Elastic Load Balancer (ELB) is one of the most widely used AWS services across companies. While it may appear to be a simple solution for basic use cases, is it truly so? In today's landscape, load balancers have evolved from the classic ELB that simply distributes network traffic to a robust service. This service can be susceptible to misconfiguration but also holds the potential to detect and mitigate attacks.

Join us for an insightful discussion where we unveil the comprehensive security blueprint for the three AWS ELB types: ALB, NLB, and GLB. We will dissect threat hunting based on ELB logs and outline key features that you must deploy for a secure organization. We will demonstrate key security differences between the three types of load balancers and display concrete TTPs to detect adversaries, like Man-in-the-Middle via ALB Manipulation and IMDS attack.

Crossing AWS Accounts via Kubernetes: The Role Unchaining Process

While granting an EKS pod IAM credentials is fairly straightforward, is it just as easy to trace an AWS event back to the pod that triggered it? Join us as we explore the complexities of pod identities within AWS. In this talk, we will present ongoing research on EKS role unchaining, focusing on a relevant attack path: jumping between AWS accounts using EKS clusters. Come and elevate your knowledge of Kubernetes identity and learn how to uncover the true source entities behind actions that take place within AWS accounts.

Based on my published article:
https://medium.com/@stavocha/eks-role-unchaining-tracing-aws-events-back-to-pods-for-enhanced-security-1697563d95a0

K8s Security Safari: Hunting Threats in the Wild Wild Cloud

Kubernetes is spreading through the world faster than a viral dance challenge on social media. As the K8S ecosystem on the cloud gains more attention and spotlight, hackers actively seek ways to bounce between clusters and clouds, aiming for unauthorized access.

Join us to delve deep into the K8S security fundamentals on the different cloud providers and their logging system. Explore K8S TTPs, K8S to cloud environment attack vectors and IAM role abuse. Gain a comprehensive understanding of conducting threat hunting on K8S, utilizing your cloud provider and K8S logs to identify threat actors, particularly related to lateral movement and privilege escalation methods within the K8S environment.

CloudNative SecurityCon 2024 Seattle, WA
https://www.youtube.com/watch?v=NTYXpHJ3O6I

Getting Hands-On with EKS Hybrid Nodes and Auto Mode

Another re:Invent, another round of exciting EKS announcements! This time, we’re diving into two highly anticipated features: EKS Hybrid Nodes and the EKS Auto Mode feature. Whether you're interested in deploying EKS nodes almost anywhere or letting your infrastructure manage itself, these features are game changers. I decided to take these features for a test drive, and in this talk, I’ll cover their capabilities, and implementation processes.

https://medium.com/@stavocha/getting-hands-on-with-eks-hybrid-nodes-setup-challenges-and-insights-caf7c946a259

https://www.youtube.com/watch?v=OFO1wopZOh0