How to Work in Cloud Native Security - Demystifying the Security Role
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Syllabus
How to Work in Cloud Native Security: Demystifying the Security Role Justin Cormack, Docker
How to Work in Cloud Native Security Demystifying the security role
working as a sysadmin in a university back in the days when every machine had public IP addresses • was an interesting target for people as we had lots of bandwidth not what I was expecting, which was mainly configuration management
bringing security to a wider community working on Noise Protocol Framework capability based security lots to learn!
Most important things
for both offensive and defensive security, knowing an area in depth is hugely important • separates the script kiddies from the experts • the security issues are on the boundaries of the usual • play, understand, break, fix
empathy security is unimportant most of the time • the best security is just there supporting people, it is not extra work for them
just breaking things is not sufficient fixing things is much harder you get exposed to the world of compromise • wanting to burn everything down is a fine thing, but it's not going to happen i
security is not just an engineering job get to meet your legal team and your PR team and sell security to the business • and compromise • work with product team
Demand for security people
What is cloud native security?
understand the threat model security is quality o handle errors and the unexpected o understand the issues in domain o write security tests threat • spend time attacking learn from external audits
you cannot tell anyone about what you do a lot of the time • not enough people, so often overworked • live away from the happy path
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Fundamentals of Vulnerability ManagementCybrary Lateral Tool Transfer
Cybrary Local Accounts
Cybrary Obtain Capabilities: Tool
Cybrary Registry Run Keys
Cybrary