Loading…
December 10, 2024
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for SOSS Community Day India 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in India Standard Time (UTC+5:30). To see the schedule in your preferred timezone, please select from the drop-down located at the bottom of the menu to the right.

or to bookmark your favorites and sync them to your phone or calendar.
Tuesday, December 10
 

8:00am IST

Registration
Tuesday December 10, 2024 8:00am - 5:00pm IST
Tuesday December 10, 2024 8:00am - 5:00pm IST
  Registration

9:00am IST

Welcome & Opening Remarks - Arun Gupta, Vice President and General Manager, Developer Programs, Intel
Tuesday December 10, 2024 9:00am - 9:20am IST
Room 201 (Level 2)
Speakers
avatar for Arun Gupta

Arun Gupta

VP/GM, Open Ecosystem, Intel
Arun Gupta is vice president of Open Ecosystem Initiatives at Intel Corporation. He is an open source strategist, advocate, and practitioner for over two decades. He has taken companies such as Apple, Amazon, and Sun Microsystems through systemic changes to embrace open source principles... Read More →
Tuesday December 10, 2024 9:00am - 9:20am IST
Room 201 (Level 2)
  Keynote Sessions

9:25am IST

Cooking up Secure OCI Artifacts with SLSA - Harsh Thakur, Civo & Saiyam Pathak, Loft Labs
Tuesday December 10, 2024 9:25am - 9:45am IST
Room 201 (Level 2)
Achieving Software Supply Chain Security Assurance (SLSA) compliance is essential in today's world of increasing cyber threats. This talk will provide a hands-on approach to implementing SLSA standards for your OCI artifacts, starting from your existing build pipelines. We will delve into the practical steps involved, including: * Generating high-quality Software Bill of Materials (SBOM) and provenance: Learn how to create accurate and comprehensive metadata for your artifacts. * Leveraging cosign for keyless attestations: Discover how to securely sign attestations without relying on traditional key management. * Integrating with Buildkit providers for hermetic builds: Ensure the integrity and reproducibility of your builds by isolating them from the surrounding environment. * Addressing best practices for dependency pinning, automated patching, attestation sharing, and collaboration with compliance teams: Gain insights into effective strategies for maintaining compliance and security. By the end of this talk, you will have a clear understanding of how to implement SLSA principles in your build processes and create secure, trustworthy OCI artifacts.
Speakers
avatar for Saiyam Pathak

Saiyam Pathak

Principal Developer Advocate, Loft Labs
Saiyam is working as Principal Developer Advocate at Loft Labs. He is the founder of Kubesimplify and BuildSafe. Previously at Civo, Walmart Labs, Oracle, and HP, Saiyam has worked on many facets of Kubernetes.When not coding, Saiyam contributes to the community by writing blogs and... Read More →
avatar for Harsh Thakur

Harsh Thakur

Infrastructure Engineer, Civo
Harsh's tech journey began in software development, leading to open-source contributions in the CNCF. His passion for complex systems propelled him into infrastructure engineering, gaining expertise in building control planes and designing APIs, and architecting cost-effective solutions... Read More →
Tuesday December 10, 2024 9:25am - 9:45am IST
Room 201 (Level 2)
  Breakout Sessions

9:50am IST

Building a Security-First Open Source Project: Tools and Best Practices - Abhinav Sharma, KodeKloud
Tuesday December 10, 2024 9:50am - 10:10am IST
Room 201 (Level 2)
In this session, I will demonstrate how to build security into the DNA of your open source project from day one, using industry-tested tools and automation. You'll learn how to implement a comprehensive security strategy leveraging popular open source security tools including GitHub's CodeQL for advanced vulnerability detection, OpenSSF Scorecard for automated security best practices assessment, and key supply chain security frameworks. Through live demonstrations, we'll walk through setting up automated security scanning pipelines that catch vulnerabilities early and maintain high security standards without burdening developers.
Speakers
avatar for Abhinav Sharma

Abhinav Sharma

Site Reliability Engineer, KodeKloud
Site Reliability Engineer at KodeKloud. I am an Open source contributor, evaluating and contributed in various open source tools and projects, such as, Microsoft's Open source libraries, OpenCV, SUSE, etc. I am also a Google Summer of Code Mentor 2023 and with OpenSUSE. I am passionate... Read More →
Tuesday December 10, 2024 9:50am - 10:10am IST
Room 201 (Level 2)
  Breakout Sessions

10:15am IST

Towards a Quantum Proof Software Supply Chain with Post Quantum Cryptographic Algorithms - Anitha Natarajan & Savita Ashture, Red Hat
Tuesday December 10, 2024 10:15am - 10:35am IST
Room 201 (Level 2)
We depend on cryptography to secure our software supply chain. But what if that cryptography didn't work? What if an adversary could casually break your key signing? This session will detail one possible approach to convert a Quantum Vulnerable Stack to Quantum Resistant Stack focusing on Tekton, a powerful open-source framework for creating CI/CD as a sample. Chains is a component of Tekton that integrates with Sigstore to offer a Secure CI/CD solution. We will explore the steps to make Tekton Quantum Proof in the following sequence: - What are the Quantum threats to existing Cryptographic algorithms? - How to Identify the Quantum Vulnerabilities in Tekton? - What are Post Quantum Cryptographic (PQC) Algorithms? - Walkthrough of NIST standards and guidelines for migrating to PQC - Importance of HYBRID approach that includes classical quantum-resistant and new quantum signing algorithms in while transitioning. Key takeaway for the audience would be an understanding of Quantum Vulnerabilities, PQC, reliable guidelines for transitioning to quantum safe state along with a deep dive of how we transitioned Tekton quantum safe as reference implementation.
Speakers
avatar for Savita Ashture

Savita Ashture

Software Engineer, Red Hat
Savita Ashture works at RedHat as a Senior Software Engineer India, Bangalore.She is an Open-Source enthusiast who contributes to Open Source in every possible way. She has working experience on Public, Private Cloud, Kubernetes, Knative, Tekton, Service Mesh etc... around Cloud native... Read More →
avatar for Anitha Natarajan

Anitha Natarajan

Principal Software Engineer, RedHat
An Open-Source enthusiast and an aspiring enterprise architect adept at technology requirements analysis, application design & development. Hands on leveraging multicloud services and DevOps solutions to meet technology requirements.
Tuesday December 10, 2024 10:15am - 10:35am IST
Room 201 (Level 2)
  Breakout Sessions

10:40am IST

How Have We Adopted Secure Software Delivery Practices for Fission OSS Serverless Platform? - Sanket Sudake, InfraCloud Technologies
Tuesday December 10, 2024 10:40am - 10:55am IST
Room 201 (Level 2)
In an era of rising software supply chain attacks, this talk explores how we implemented robust security practices in Fission, an open-source serverless framework for Kubernetes used by thousands globally. We will detail our implementation of SLSA(Supply chain Levels for Software Artifacts) specifications, addressing critical threats like compromised builds and unauthorized modifications through reproducible builds, signed artifacts, and secure dependency management. We will demonstrate how we addressed these challenges through: - Implementing reproducible builds to ensure build integrity - Adopting signed artifacts and attestations for authenticity verification - Securing our base images and dependency chain - Establishing automated security scanning and verification pipelines Through practical code examples, we'll show how organizations can implement these security practices in their CI/CD pipelines. We'll share our experiences, challenges faced during implementation, and lessons learned while securing a widely-used open-source platform.
Speakers
avatar for Sanket Sudake

Sanket Sudake

Principal Engineer, InfraCloud Technologies
I am a Principal Engineer at InfraCloud with 10+ years of experience. My interest areas are containers, Cloud and Distributed Systems. I am an open-source contributor and maintainer for the Fission serverless platform on Kubernetes. I am a tech enthusiast and like to explore different... Read More →
Tuesday December 10, 2024 10:40am - 10:55am IST
Room 201 (Level 2)
  Breakout Sessions

10:55am IST

Coffee Break
Tuesday December 10, 2024 10:55am - 11:15am IST
Tuesday December 10, 2024 10:55am - 11:15am IST
  Breaks

11:15am IST

Who Guards the Guards? - Arnab Chatterjee, Nomura
Tuesday December 10, 2024 11:15am - 11:35am IST
Room 201 (Level 2)
The question "Who guards the guards?" often relates to the challenge of ensuring security even for those tasked with providing it. In the context of securing open-source software, this can mean asking: how do we secure the very tools, libraries, and frameworks that we rely on to protect our systems? In open-source ecosystems, the “guards” are often the developers, maintainers, and security tools that help manage code integrity, vulnerabilities, and trustworthiness. Here’s how different aspects of the open-source community address this: Present on the below 5 points. 1. Transparency as Defense 2. Automated Security Tools 3. Supply Chain Security Initiatives 4. Maintainer Oversight 5. Community and Bug Bounty Programs The ultimate goal is to create an ecosystem where multiple layers of checks and balances — human, automated, and cryptographic — watch each other.
Speakers
avatar for Arnab Chatterjee

Arnab Chatterjee

Vice President, Nomura
Arnab Chatterjee is a seasoned technologist who has nearly two decades of industry experience in Data Platforms ,Tools and best practices. He currently the Global head of container plaform and is a kubernetes expert who is responsible in setting container orchestration strategy in... Read More →
Tuesday December 10, 2024 11:15am - 11:35am IST
Room 201 (Level 2)
  Breakout Sessions

11:40am IST

Patch It Up: Real-Time Vulnerability Management with Kyverno and KubeArmor - Barun Acharya & Ramakant Sharma, Accuknox Inc.
Tuesday December 10, 2024 11:40am - 12:00pm IST
Room 201 (Level 2)
Organizations rely on Admission Controllers like Kyverno and Static Analysis tools to enforce a wide range of security best practices, but these measures alone may not protect against future vulnerabilities. When new vulnerabilities are discovered, application upgrades often take time, and it can be more effective to sandbox these vulnerabilities than to wait for upstream fixes. Preventing application downtime due to vulnerabilities is crucial, and virtual patching helps by containing and preventing the exploitation of vulnerabilities at runtime without impacting application behavior or deployment processes. In this talk, we will explore live examples using well-known vulnerabilities such as Log4j, PwnKit, xz, and Leaky Vessels. We will demonstrate how to use Kyverno to identify vulnerable workloads, leverage results from image vulnerability scanners, and generate KubeArmor policies to apply virtual patches to specific deployments, ensuring security without disrupting operations.
Speakers
avatar for Barun Acharya

Barun Acharya

Software Engineer, Accuknox
Barun likes hacking on low level stuff and fiddling around developer toolings. He currently is maintainer and leading the development efforts for KubeArmor, CNCF Sandbox project and works as a Software Engineer at Accuknox . He loves to speak at conferences talking about Open Source... Read More →
avatar for Ramakant Sharma

Ramakant Sharma

Software Engineer @AccuKnox | Maintainer @KubeArmor, Accuknox Inc.
Passionate software engineer, actively contributing to open souce and serving as a maintainer of a CNCF project, focused on collaborative development.
Tuesday December 10, 2024 11:40am - 12:00pm IST
Room 201 (Level 2)
  Breakout Sessions

12:05pm IST

AI-Driven Policy Automation with Kyverno - Sonali Srivastava & Pavan N G, Infracloud
Tuesday December 10, 2024 12:05pm - 12:20pm IST
Room 201 (Level 2)
Finalizing the right policies to secure a Kubernetes cluster involves tedious manual effort, from selecting relevant policies to running them in AUDIT mode and reviewing compliance reports. Moreover, addressing non-compliant configurations and handling exceptions, such as Istio's `initContainer` requiring `runAsRoot` but conflicting with a `runAsNonRoot` policy, further complicates the workflow. Managing policies at scale is a significant challenge, often leading to misconfigurations, delays, and security risks. In this talk, we'll explore tools like k8sGPT or GPTScript to simplify Kyverno policy management by scanning a Kubernetes cluster and suggesting optimal policies based on best practices. Compliant policies can be automatically applied, while non-compliant ones are analyzed with AI-driven checks for fixes to your infrastructure. By integrating it as part of platform engineering, organizations can reduce human intervention, and ensure compliance and security with zero downtime.
Speakers
avatar for Sonali Srivastava

Sonali Srivastava

Developer Advocate, InfraCloud Technologies
Sonali is an experienced IT professional with a diverse background. She began her career as a Linux System Administrator. Sonali's passion for open source and Linux led her to Outreachy, where she contributed to the systemd project. Recently, she created LFS255, Mastering Kubernetes... Read More →
avatar for Pavan N G

Pavan N G

Site Reliability Engineer, Infracloud
I'm a SRE with a decade of IT experience and certifications in AWS and Azure. I specialize in cloud technologies, Kubernetes, and Argo CD. My expertise includes infrastructure automation, container orchestration, and platform engineering. I enhance system reliability and scalability... Read More →
Tuesday December 10, 2024 12:05pm - 12:20pm IST
Room 201 (Level 2)
  Breakout Sessions

12:25pm IST

Securing CI/CD: Complexity & Inspiration from Runtime Security - Abhimanyu Dhamija, KoalaLab
Tuesday December 10, 2024 12:25pm - 12:40pm IST
Room 201 (Level 2)
Growth of software supply chain attacks has propelled a deeper look into security of CI/CD. Build environments are prone to secrets/sensitive data exfiltration attacks. Covering here, the learnings around building BOLT(https://github.com/koalalab-inc/bolt), an Open-source tool which secure CI runtime(For GitHub Actions). Taking inspiration from Runtime security, enabling a firewall on buildtime/CI runtime(Egress-filter as CI is a traffic source) should be good start. Complexity 1: IP-based rules won't work. A lot of internet traffic is behind CDNs/WAFs, so egress-filter will require domain-name based filtering. Complexity 2: CI runtime has outbound traffic to multi-tenant systems like github/dockerhub/jfrog etc. This demands deep SSL based inspection capabilities in egress control. Solution: TLS interception+eBPF Linux kernel supports eBPF which provides a way to tap into SSL traffic without the need to decrypt traffic. Such a solution does not add any overhead for developers and is efficient. Covering implementation complexity of eBPF probing for various different kind of SSL libraries to make the solution comprehensive for all kinds of CI pipelines.
Speakers
avatar for Abhimanyu Dhamija

Abhimanyu Dhamija

Co-Founder, KoalaLab
Founder, KoalaLab:Software supply chain security company. Previously, Vice-President @Khatabook Head, Data Sciences@Housing.com
SOSS India Securing CI CD pptx
Tuesday December 10, 2024 12:25pm - 12:40pm IST
Room 201 (Level 2)
  Breakout Sessions

12:45pm IST

From CVE Chaos to Control: Building a "0 CVE" Strategy - Rakshit Gondwal, BuildSafe & Harsh Thakur, Civo
Tuesday December 10, 2024 12:45pm - 1:05pm IST
Room 201 (Level 2)
Overwhelmed by the constant flood of CVEs? With vulnerabilities expected to rise by 25% this year, many security teams are experiencing "CVE fatigue"—the exhausting cycle of identifying, prioritizing, and remediating vulnerabilities. This talk will guide you toward a "Zero CVE" strategy, where vulnerabilities are minimized, and management is streamlined. We’ll explore actionable strategies to combat CVE fatigue, including reducing software dependencies, automating OS package updates, and simplifying vulnerability management with a single package manager. We’ll also discuss prioritizing remediation using runtime analysis and VEX (Vulnerability Exploitability eXchange) documents. By integrating security into the software development lifecycle, attendees will gain practical knowledge to build a strategy that not only minimizes CVEs but also strengthens the overall security posture.
Speakers
avatar for Rakshit Gondwal

Rakshit Gondwal

Developer, BuildSafe
Rakshit is currently a contributor at BuildSafe, which is an open source supply chain security project. He is also an Approver of the CNCF Incubating project, Keptn, and a Reviewer for the Hydrophone (Kubernetes sig) project. He has earlier worked as a CNCF'23 Fall Intern for the... Read More →
avatar for Harsh Thakur

Harsh Thakur

Infrastructure Engineer, Civo
Harsh's tech journey began in software development, leading to open-source contributions in the CNCF. His passion for complex systems propelled him into infrastructure engineering, gaining expertise in building control planes and designing APIs, and architecting cost-effective solutions... Read More →
Tuesday December 10, 2024 12:45pm - 1:05pm IST
Room 201 (Level 2)
  Breakout Sessions

1:05pm IST

Lunch (Provided for Attendees)
Tuesday December 10, 2024 1:05pm - 2:20pm IST
Juhi Cafe
Tuesday December 10, 2024 1:05pm - 2:20pm IST
Juhi Cafe
  Breaks

2:20pm IST

Connecting the Dots: SBOM and VEX in Software Security - Rajan Ravi, RedHat India Pvt. Ltd.
Tuesday December 10, 2024 2:20pm - 2:40pm IST
Room 201 (Level 2)
The Software Supply Chain encompasses all components, libraries, tools, systems, and processes involved in a software artifact. To support effective risk management and to reduce attack vector while creating a software artifact, SBOM (Software Bill Of Materials) and VEX (Vulnerability Exploitability eXchange) documents can be used. An SBOM is a comprehensive list that details all components, libraries, and dependencies within a software package. Meanwhile, VEX serves as a communication standard for vulnerabilities in a software component. Correlating SBOM and VEX data enables to choose high-quality components and ultimately reducing the attack vectors. In this session, we will discuss the significance of SBOM (Software Bill of Materials) and VEX (Vulnerability Exploitability eXchange) documents to mitigate the dependency threats. Additionally, we’ll look at how trustification.io (a foundation of the Red Hat Trusted Profile Analyzer) provides developers with easy access to curated builds and hardened open-source libraries that have been verified and attested through provenance checks. Open Source Project: Trustify (https://github.com/trustification/trustify)
Speakers
avatar for Rajan Ravi

Rajan Ravi

Senior Software Quality Engineer, RedHat India Pvt. Ltd.
I am Rajan, Senior Software Quality Engineer at RedHat with over 9 years of experience in software quality - currently pursuing a journey into software security within the supply chain, aiming to enhance the resilience and integrity of software products
Tuesday December 10, 2024 2:20pm - 2:40pm IST
Room 201 (Level 2)
  Breakout Sessions

2:45pm IST

Case Study on Adversarial Emulation Using MITRE Caldera for Kubernetes - Rudraksh Pareek, AccuKnox
Tuesday December 10, 2024 2:45pm - 3:05pm IST
Room 201 (Level 2)
Showcase how to use MITRE Caldera for adversarial emulation by leveraging Hashicorp Vault as the scapegoat app and showing attacks such as cryptominer attack, privilege escalation and most importantly a real time ransomware attack pawning vault secrets store. Audience will learn first hand how to use open source advesarial emulation tooling to validate security tooling that they may have in their organization. Mapping the attacks back to MITRE Att&ck framework and showing users how the attackers gains foothold in their assets.
Speakers
avatar for Rudraksh Pareek

Rudraksh Pareek

SWE, AccuKnox
Tuesday December 10, 2024 2:45pm - 3:05pm IST
Room 201 (Level 2)
  Breakout Sessions

3:10pm IST

From Bloat to Secure: Rethinking Container Base Images for the Modern Security Landscape - Abhishek Anand, KoalaLab
Tuesday December 10, 2024 3:10pm - 3:20pm IST
Room 201 (Level 2)
Containers have revolutionised SDLC but we still build them on Linux distributions designed for physical/virtual machines. The mismatch between single-process containers and full-system distros creates security risks. Minimal base containers are the solution, building them presents unique challenges & this talk presents suggestion around common problems building Secure base containers 1. Container-first Design: a. Traditional distros mark packages(like shell & coreutils) as essential based on machine runtime but real world containers don’t need that. b. Implement installation scripts to avoid unnecessary dependencies 2. Container build enhancements: a. Creating FROM SCRATCH images is tough, bootstrapping with package manager leads to cyclic or installation script dependencies. b. Support for rapid rebuild cycles. 3. Metadata framework: a. Current minimisation approaches miss out on metadata causing container scanning mismatches 4. Porting existing packages: a. The universe covered by existing distros is vast. it makes sense to create tools to transform those packages into self contained binaries that don’t require any package outside of runtime dependencies
Speakers
avatar for Abhishek Anand

Abhishek Anand

Co-Founder, KoalaLab
Tech entrepreneur building in Open Source Security.
Tuesday December 10, 2024 3:10pm - 3:20pm IST
Room 201 (Level 2)
  Breakout Sessions

3:25pm IST

How to Resolve Top 3 Security and Risk Challenges for Enterprises Consuming Open Source - Nitish Tyagi, Gartner
Tuesday December 10, 2024 3:25pm - 3:35pm IST
Room 201 (Level 2)
Gartner believes that more than 95% of IT organizations are using open source whether they are aware of it or not. With the inclusion of GenAI, this consumption is only increasing. This session will enable organizations to tackle the top three challenges of open source: legal implications, software supply chain and community viability by bringing the right collaborations and processes in place.
Speakers
avatar for Nitish Tyagi

Nitish Tyagi

Principal Analyst, Gartner
Nitish Tyagi is a Gartner Analyst, serving software engineering leaders with insights on open source software, programming languages & frameworks, super apps and technical skills assessment platforms. Under the open-source coverage, Nitish Tyagi has published multiple Gartner research... Read More →
Tuesday December 10, 2024 3:25pm - 3:35pm IST
Room 201 (Level 2)
  Breakout Sessions

3:40pm IST

Automating Container Security: Docker Scout in CI/CD for Safer Software Supply Chains - Pradumna V Saraf, Independent
Tuesday December 10, 2024 3:40pm - 4:00pm IST
Room 201 (Level 2)
As containerized applications dominate the software development landscape, securing these environments has become essential. Vulnerabilities within container images can expose your applications to significant risks and potential attacks. Docker Scout provides an effective solution to detect and fix these vulnerabilities, enhancing the overall security of your software supply chain. This talk will help you understand the process of integrating Docker Scout into Continuous Integration and Continuous Deployment (CI/CD) pipelines using GitHub Actions. We will walk through the process of setting up automated vulnerability scans for incoming Pull Requests, comparing the current image with the base image to ensure continuous security checks are embedded within your development workflow. The session will include practical insights and real-world examples.
Speakers
avatar for Pradumna V Saraf

Pradumna V Saraf

Open Source Developer, Independent
Pradumna is a Developer Advocate, Docker Captain, and a DevOps and Go Developer. He is passionate about Open Source and has mentored hundreds of people to break into the ecosystem. He also creates content on X (formerly Twitter) and LinkedIn, educating others about Open Source and... Read More →
Tuesday December 10, 2024 3:40pm - 4:00pm IST
Room 201 (Level 2)
  Breakout Sessions

4:00pm IST

Coffee Break
Tuesday December 10, 2024 4:00pm - 4:15pm IST
Tuesday December 10, 2024 4:00pm - 4:15pm IST
  Breaks

4:15pm IST

CERT.in Guidelines on Software Bill of Materials (SBOM) - Biju Nair, Legalitech
Tuesday December 10, 2024 4:15pm - 4:25pm IST
Room 201 (Level 2)
Speakers
avatar for Biju.K.Nair

Biju.K.Nair

Founding Partner, Legalitech
Biju Nair is a Technology lawyer focused on Open source and Data protection. He is the founding and Managing Partner at Legalitech.in. He represents Open Invention Network and LOT Network in India.
Tuesday December 10, 2024 4:15pm - 4:25pm IST
Room 201 (Level 2)
  Breakout Sessions

4:30pm IST

Adversarial Resilience in Open-Source LLMs: A Comprehensive Approach to Security and Robustness - Padmajeet Mhaske, JP Morgan Chase
Tuesday December 10, 2024 4:30pm - 4:45pm IST
Room 201 (Level 2)
The rise of open-source large language models (LLMs) like GPT, BERT, and T5 has greatly enhanced natural language processing. However, these models face significant security challenges due to their vulnerability to adversarial attacks. This abstract examines the susceptibility of open-source LLMs to OWASP Top 10 risks, including model inversion, data poisoning, insecure deployment, and adversarial examples. While open-source LLMs democratize AI, their transparent architecture can expose sensitive data. Model inversion can extract proprietary information, and data poisoning can corrupt outputs with malicious data. Insecure deployment without encryption or authentication leads to data breaches, while adversarial examples exploit model weaknesses. To strengthen these models, implementing differential privacy, adversarial training, and rigorous data validation is crucial. Adopting security best practices, such as penetration testing and real-time monitoring, along with fostering a security-aware community, is essential. By addressing these vulnerabilities, organizations can enhance the robustness and security of open-source LLMs, ensuring safe deployment and trust in AI applications.
Speakers
avatar for Padmajeet Mhaske

Padmajeet Mhaske

VP, JP Morgan Chase
I am Padmajeet Mhaske, a Vice President and AI/ML Platform Architect at JPMorgan Chase, where I lead the AI/ML division on the Data Technology Team. With over 18 years of experience in designing and implementing large-scale AI and machine learning platforms, I combine strategic vision... Read More →
Tuesday December 10, 2024 4:30pm - 4:45pm IST
Room 201 (Level 2)
  Breakout Sessions

4:50pm IST

Quarantining and Locking Down Your Cloud Infrastructure - Prerit Munjal, KubeCloud
Tuesday December 10, 2024 4:50pm - 5:05pm IST
Room 201 (Level 2)
Security can be a daunting task when managing hundreds of applications running simultaneously in a hybrid+multi-cloud architecture. Starting from choosing the right base image to implementing run-time security, not to forget about the Day 2 exploits that can arise post-release. But what if your underlying clusters are compromised? Join the session as Prerit takes you on a safari ride to streamline and sanitize your Cloud Infrastructure. We’ll explore how Popeye, an open-source cluster sanitizer tool can help cleanse and optimize your underlying infrastructure. We will explore a diverse range of 20 sanitizers, each offering a unique security flavour to identify potential issues with deployed resources and configurations. These sanitizers effectively identify potential over/under allocations, RBAC misconfigurations, and other issues related to various Kubernetes objects. Don't miss this session for valuable insights on strengthening the security posture of your Kubernetes environment, ensuring resilience and optimized performance.
Speakers
avatar for Prerit Munjal

Prerit Munjal

CTO, KubeCloud
Prerit is working as a Software Architect, directing his expertise towards harnessing Cloud Native Technologies to design resilient architectures that can seamlessly scale in the future, all while prioritizing technical cost, security, availability and end-user experience. As the... Read More →
Tuesday December 10, 2024 4:50pm - 5:05pm IST
Room 201 (Level 2)
  Breakout Sessions

5:10pm IST

Closing Remarks - Ram Iyengar, Community Engagement Lead - India, OpenSSF
Tuesday December 10, 2024 5:10pm - 5:15pm IST
Room 201 (Level 2)
Speakers
avatar for Ram Iyengar

Ram Iyengar

Community Engagement Lead, OpenSSF
Ram Iyengar is an engineer by practice and an educator at heart. He was (cf) pushed into technology evangelism along his journey as a developer and hasn’t looked back since! He enjoys helping engineering teams around the world discover new and creative ways to work. He is a proponent... Read More →
Tuesday December 10, 2024 5:10pm - 5:15pm IST
Room 201 (Level 2)
  Keynote Sessions
 
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Tuesday, December 10
Juhi Cafe
Room 201 (Level 2)
  • Breakout Sessions
  • Breaks
  • Keynote Sessions
  • Registration
  • Content Experience Level
  • Entry Level
  • Mid Level