In-person + Virtual
October 24-28
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Eastern Daylight Time (UTC -4). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.
Back To Schedule
Wednesday, October 26 • 11:55am - 12:30pm
A Raccoon And a Group Of Turtles Secure Clusters Together! - Pushkar Joglekar & Naadir Jeewa, VMware

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

How does a Raccoon and a bunch of Turtles find common ground? Answer: You find a Goose who makes space where both feel welcome. In this session, Pushkar Joglekar and Naadir Jeewa will talk about how a multi-year collaboration where Kubernetes SIG Cluster Lifecycle, SIG Security & TAG Security came together to write the first community driven self-assessment of a Kubernetes sub-project: Cluster API. The session will cover how it all started from the basics with data flow diagrams to understand the internals of the project, then using that to model threats and assess next steps. Next, they will discuss challenges faced doing this exercise with folks around the globe (5 countries), limited maintainer time, doing our best to avoid zoom fatigue while trying and at times failing to be async first. Finally they will talk about what is happening with the findings from this exercise and how they plan to apply the lessons learnt from this exercise to future self-assessments across all Kubernetes sub-projects. Come for the stories from the animal kingdom; Stay for the real stories of humans bringing their best self to break some new ground in the form of community driven security improvements!

avatar for Naadir Jeewa

Naadir Jeewa

Staff Engineer I, VMware Inc.
Chat to me about all things Cluster API related.
avatar for Pushkar Joglekar

Pushkar Joglekar

Cloud Native Security Engineer, Independent
Pushkar Joglekar wears multiple hats in the community as: CNCF Security - TAG Co-Chair & Kubernetes SIG Security Tooling Sub-Project Lead to “Make Kubernetes Secure For All”. Since 2019, he feels incredibly fortunate to have written the security chapters in Nigel Poulton’s “The... Read More →

Wednesday October 26, 2022 11:55am - 12:30pm EDT
Ambassador Ballroom (Room 360)