Minimum Viable Security for Cloud Native Stacks

Track: Security

Abstract

The migration from monoliths to microservices is long behind us, however managing microservices operations at scale comes with a layer of complexity, particularly with aspects of security that still have a learning curve. But what if all of this could be simplified and automated pretty easily? If we think about our production microservices operations, in the same way we think about how we design and build our products, we could build and automate minimum viable security plans that we could easily bake into our config files and CI/CD processes. Once we build this foundational framework of security, it will always be possible to iterate and evolve our security framework, for advanced layers of security that often comes with time, increased experience, and greater maturity around security. In this talk, we will present what MVS looks like for microservices operations, how to build a cluster secured by design, continuously monitoring networking, container internals and primitives, and access management with a least privilege principle mindset. In this session we will demonstrate this through code, and even how this can work seamlessly with other ecosystem projects - from Helm to OPA, ArgoCD, Notary or Github Actions, Terraform, and AWS.

Chris Koehnecke

Chris Koehnecke is VP Security Engineering & CISO at Jit with over 20 years of experience in Cyber Security. Chris is focused on cloud security, security program development, security strategy, assessment, and management of cyber risk. Chris holds a Bachelor of Science degree in Business Administration with a concentration in Information Systems and a Master of Science degree in Business Information Systems from the University of Kansas. Chris is also a Cisco Certified Network Associate (CCNA), Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Archer Certified Consultant (ACC), and holds a Top Secret TS / SCI Security Clearance.