Kubernetes Practical Attack and Defense

Jay Beale, CTO, InGuardians

RSA Conference, San Francisco, CA
Feb 26, 2020  9:20 AM – 10:10 AM,  Moscone West

A rising tide of engineering teams is running Kubernetes clusters. As an infosec professional, you need to understand attacks on Kubernetes and container-based applications. In this talk, we’ll demo Kubernetes attacks on the open-source Bust-a-Kube cluster, both manually and via the open-source Peirates tool. We’ll teach you how to attack and how to break your attacks. Come learn!

Time Travel and GPS F*ckery

Mike Poor, President, InGuardians
Larry Pesce, Technical Operations Manager & Director of Research

Wild West Hackin’ Fest – Way West, San Diego, CA
March 12, 2020  9:00 AM – 9:50 AM

Ships being sent off course; altering fines and tariffs; early prisoner release and tracking avoidance; cargo location obfuscation; missile redirection. These are just some of the implications of being able to manipulate time and location signals. We saw the need for a crowdsourced data project so we created a field-deployed system designed to detect deviations in time and location signals. In addition, we built a project so that everyone can deploy these sensors and help propagate a large enough data sample to identify anomalous time and location signals.

Panel: Security Is Not A Unicorn

Jay Beale, CTO, InGuardians

Aeva Black, Sr Software Engineer, Microsoft

Marlow Weston, Lead HPC Tools Engineer, Intel

Sarah Young, Azure Security Architect, Microsoft

KubeCon + CloudNativeCon, Amsterdam, Netherlands
March 31, 2020  2:35 PM – 3:10 PM

Do you have to trade performance for security?

Panelists will gather to discuss whether current kubernetes security best practices are at odds with the architectural requirements of heavy computational workloads such as those in machine learning or High-Performance Computing (HPC). The panelists will discuss where the bottlenecks are, what security risks are known, and what industry tools are used to address these issues. The panelists will also draw comparisons to more traditional HPC-style workloads and see what lessons can be drawn from that stalwart legacy.

The panel will be moderated by Jay Beale, CTO of InGuardians, who co-leads the Kubernetes project’s third party security audit working group.

Lessons Learned from Pen Testing in Higher Ed

Jay Beale, CTO, InGuardians

Kevin Shivers, Deputy Chief Information Security Officer , University of Maryland

Educause Security Professionals Conference, Bellevue, WA

April 23, 2020  1:00 PM – 2:00 PM

This session will cover what the past five years of penetration testing on a university campus has uncovered and address items such as learning how to scope your penetration testing engagement, how to bring the right players to the table, and how to quickly bring your penetration testers up to speed on your IT environment.


Understand how to accurately scope a pen testing engagement .

Learn how to ensure you have buy-in from all levels before your pen testing engagement begins.

Understand how to quickly ramp up your pen testers so they can accurately perform their work against your IT systems and get accurate results.