Container Security with Maya Kaczorowski

Google Cloud Platform Podcast

Episode | Podcast

Date: Wed, 01 Aug 2018 00:00:00 +0000

<p>Let’s talk container security! This week, <a href="https://twitter.com/nyghtowl">Melanie</a> and <a href="https://twitter.com/Neurotic">Mark</a> learn all about the three main pillars of container security and more with our guest, Maya Kaczorowski.</p> <h5 id="maya-kaczorowski">Maya Kaczorowski</h5> <p><a href="https://twitter.com/MayaKaczorowski">Maya</a> is a Product Manager in Security & Privacy at Google, focused on container security. She previously worked on encryption at rest and encryption key management. Prior to Google, she was an Engagement Manager at McKinsey & Company, working in IT security for large enterprises and before that, completed her Master’s in mathematics focusing on cryptography and game theory. She is bilingual in English and French.</p> <h5 id="cool-things-of-the-week">Cool things of the week</h5> <ul> <li>What a week! 105 announcements from Google Cloud Next ‘18 <a href="https://www.blog.google/products/google-cloud/100-plus-announcements-from-google-cloud-next-18/"> blog</a></li> <li>Keynotes, Keynote Fireside Chats, & Spotlight Sessions: Google Cloud Next ‘18 <a href="https://www.youtube.com/playlist?list=PLBgogxgQVM9vwKIHmv0G31J-0Ey75W5MR"> videos</a></li> <li>All Sessions: Google Cloud Next ‘18 <a href="https://www.youtube.com/playlist?list=PLBgogxgQVM9v0xG0QTFQ5PTbNrj8uGSS-"> videos</a></li> <li>Sign up for NEXT ‘19 updates <a href="https://cloud.withgoogle.com/next18/sf/">site</a></li> <li>GKE On-Prem <a href="https://cloud.google.com/gke-on-prem/">site</a></li> <li>Edge TPU <a href="https://cloud.google.com/edge-tpu/">site</a></li> </ul> <h5 id="interview">Interview</h5> <ul> <li>Def Con <a href="https://www.defcon.org/">site</a></li> <li>Black Hat <a href="http://www.blackhat.com/us-18/">site</a></li> <li>BSides Las Vegas <a href="https://www.bsideslv.org/">site</a></li> <li>Cloud KMS <a href="https://cloud.google.com/kms/">site</a></li> <li>Kubernetes <a href="https://kubernetes.io/">site</a></li> <li>GCPPodcast Episode 46: Borg and Kubernetes with John Wilkes <a href="https://www.gcppodcast.com/post/episode-46-borg-and-k8s-with-john-wilkes/"> podcast</a></li> <li>Large-scale cluster management at Google with Borg <a href="https://ai.google/research/pubs/pub43438">research</a></li> <li>Open-sourcing gVisor, a sandboxed container runtime <a href="https://cloudplatform.googleblog.com/2018/05/Open-sourcing-gVisor-a-sandboxed-container-runtime.html"> blog</a></li> <li>Kata Containers <a href="https://katacontainers.io/">site</a></li> <li>Nabla Containers <a href="https://nabla-containers.github.io/">site</a></li> <li>Google Container Registry <a href="https://cloud.google.com/container-registry/">site</a></li> <li>GKE security overview <a href="https://cloud.google.com/kubernetes-engine/docs/concepts/security-overview"> doc</a></li> <li>KubeCon <a href="https://events.linuxfoundation.org/events/kubecon-cloudnativecon-europe-2018/"> site</a></li> <li>Container security blog series <a href="https://www.google.com/search?q=site%3Acloudplatform.googleblog.com%20exploring%20container%20security"> blog</a></li> <li>GKE hardening guide <a href="https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster"> doc</a></li> <li>Seccompsandbox <a href="https://code.google.com/archive/p/seccompsandbox/wikis/overview.wiki"> wiki</a></li> <li>Docker seccomp profile <a href="https://docs.docker.com/engine/security/seccomp/">site</a></li> <li>Using RBAC in Kubernetes <a href="https://kubernetes.io/blog/2017/10/using-rbac-generally-available-18/"> blog</a></li> <li>Terraform <a href="https://www.terraform.io/">site</a></li> <li>Helm <a href="https://helm.sh/">site</a></li> <li>Google Container Registry: Getting Image Vulnerabilities <a href="https://cloud.google.com/container-registry/docs/get-image-vulnerabilities"> doc</a></li> <li>Container security overview <a href="https://cloud.google.com/containers/security/">site</a></li> <li>GCPPodcast Episode 110: CPU Vulnerability Security with Matt Linton and Paul Turner <a href="https://www.gcppodcast.com/post/episode-110-cpu-vulnerability-with-matt-linton-and-paul-turner/"> podcast</a></li> </ul> <h5 id="question-of-the-week">Question of the week</h5> <p>How do I setup SSL termination on Kubernetes with <a href="https://www.letsencrypt.org/">Let’s Encrypt</a>?</p> <ul> <li>GitHub: Tutorial for installing cert-manager to get HTTPS certificates from Let’s Encrypt <a href="https://github.com/ahmetb/gke-letsencrypt">site</a></li> <li><a href="https://twitter.com/ahmetb">Ahmet Alp Balkan, DPE on Google Cloud</a></li> </ul> <h5 id="where-can-you-find-us-next">Where can you find us next?</h5> <p>Mark will be at <a href="http://dev.paxsite.com/">Pax Dev</a> and <a href="http://west.paxsite.com/">Pax West</a> starting August 28th.</p> <p>Melanie will be at the <a href="https://nuclearbootcamp.berkeley.edu/">2018 Nuclear Innovation Bootcamp at Berkeley</a> on August 6th.</p>