Everything You Should Be Doing, But Aren’t: DevSecOps for K8s Workflows

Booz Allen Hamilton, Dan Papandrea, Steven Terrana at KubeCon + CloudNativeCon North America 2020

Steven and Pop will describe a defense-in-depth approach to secure production workloads running on Kubernetes. We’ll show a live demonstration of using CNCF projects like Helm, OPA, Falco, and Argo to secure Kubernetes clusters. With a secure cluster, they will then show you how to leverage DevSecOps principles to incorporate security into every step of the software development lifecycle and how to scale your CI/CD pipelines using the open source Jenkins Template Engine. This talk is the result of lessons learned supporting multiple horizontals of end users, including FinTech and modern Federal software delivery. Specifically, attendees will walk away with actionable plans for how to implement: - Application Security - Configuration Management Policies - Runtime Threat Detection - Governance as Code - Post-mortem Forensics