2019-05-16, 10:30–12:30, Workshop 1
Containers are the next big thing in virtualization tech. If configured properly they provide immense security. In this workshop I will go over how to secure your container deployment end to end
Things covered:
- Quick intro to containers
- Generic container pipeline
- Securing your container pipeline : Trusted base images , Dockerfile linting , image scanning , Docker daemon config , Docker runtime options, logging in containers , runtime alerting in Docker
- How to Scale : pre-deployment feedback instead of post deployment vuln tickets , deploying scanners to not hold up Jenkins builds , real time notifications to developer, and webhooks with slack notifications
Yash is a Senior Product Security Engineer at Twilio. He has worked with Box and iSEC Partners in the past. He has been working in security for over half a decade. He has worked in a variety of roles ranging from consulting to enterprise product security teams. He is a seasoned speaker and has presented in BSides SLC 2016, HackMiami 2017 and BSides San Diego 2018, and will be presenting at Troopers 2019