AppSec Tips & Tricks for Cloud Native and Kubernetes Environments – Kiran Kamity – ASW #209



The unique nature of cloud native apps, Kubernetes, and microservices based architectures introduces new risks and opportunities that require AppSec practitioners to adapt their approach to security tooling, integration with the CI/CD pipeline, and how they engage developers to fix vulnerabilities.

In this episode, we’ll discuss how AppSec teams can effectively manage the transition from securing traditional monolithic applications to modern cloud native applications and the types of security tooling needed to provide coverage across custom application code, dependencies, container images, and web/API interfaces. Finally, we’ll conclude with tips and tricks that will help make your developers more efficient at fixing vulnerabilities earlier in the SDLC and your pen testers more effective.

Segment Resources:
https://www.deepfactor.io/kubernetes-security-essentials-securing-cloud-native-applications/
https://www.deepfactor.io/resource/observing-application-behavior-via-api-interception/
https://www.deepfactor.io/developer-security-demo-video/ Visit https://www.securityweekly.com/asw for all the latest episodes!

Full Episode Show Notes

AppSec Tips & Tricks for Cloud Native and Kubernetes Environments

Guests

Kiran Kamity

Kiran Kamity – CEO & Co-Founder at Deepfactor

@kirankamity

Kiran Kamity is Founder & CEO of Deepfactor. He’s a passionate serial Silicon Valley entrepreneur, former head of product at Cisco Cloud BU. He founded and was CEO of ContainerX (acquired by Cisco). He was also Founder/VP at RingCube (acquired by Citrix). He’s also been a dynamic TEDx speaker. Kiran has a Masters degree in Electrical Engineering from Stanford University.

Hosts

Joe South

Joe South – Sr Content Creator at CyberRisk Alliance

@SecUnfPodcast

Joe South has been working in Cyber Security for over 8 years and has worked at companies of all sizes across multiple industries. Joe is also the host of the Security Unfiltered Podcast where he discusses current cyber security issues and educates his listeners on how to have a successful career in cyber security. Joe is currently in a role where he is empowered to implement a unified control framework across a multi-cloud environment. Joe has also created a widely known blog where he works to help others get into cyber security and have a successful career in the industry. Joe has obtained the CCSP, CCSK, AWS Security Specialty and the AWS CCP certifications, among others.

John Kinsella

John Kinsella – Co-founder & CTO at Cysense

@johnlkinsella

John Kinsella is the Co-founder & CTO of Cysense

Mike Shema

Mike Shema – Security Partner at Square

@Codexatron

Mike Shema is a Security Partner at Square.

Announcements

  • Security Weekly listeners save 20% on InfoSec World 2022 passes! InfoSec World will be held September 27th through the 29th at Disney’s Coronado Springs Resort in Lake Buena Vista, Florida. Visit securityweekly.com/isw and use the code ISW22-SECWEEK20 to secure your spot now!

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!