My esteemed friend and I wrote a book: Hacking Kubernetes. The PDF of the first half of the book is now available to download for free!
Pinned Tweet
Follow
Click to Follow sublimino
Andrew Martin 
@sublimino
Hacker // CEO | Cloud Native Security | co-chair , CISO | 
Hacking Kubernetes & SEC584
Hacking Kubernetes & SEC584 Andrew Martin ⚡☸️’s Tweets
Come and learn Threat Modelling Kubernetes — today! Live on Online, 5 - 9 p.m. BST with instructor James Callaghan ☸️📦💥🔏📃 learning.oreilly.com/live-events/ku
#cloudnative #security #threatmodel
4
5
🔒 Protect your clusters from nefarious adversaries & learn advanced #Kubernetes security at #DevOpsCon #NYC 🗽
➡️ ow.ly/2P6w50Oo3gy⬅️
Discover how to defend against #CVEs, #misconfigurations & more with #ExpertInsights from
#TechTalks #Conferences
2
4
Exams over and videos are up on YouTube. I'm going to watch this today. Some great talks coming up in the watchlist are klustered learnings from , about supply chain, about tetragon and more.
3
12
And now for the #EMEA #CFP committee!👇
🎙
🎙
🎙
🎙
Still haven’t submitted your session? Do so now! 🎤: sessionize.com/devseccon24-20… Let's create an amazing conference together!💪🏽
3
2
Show this thread
🌤️ KubeCon EU
Choose Your Own Adventure: The Treacherous Trek to Development
Back to the Future: Next-Generation Cloud Native Security
Love, Death and Robots - with Wasm & K8s on Boston Dynamics Spot
1
2
4
Show this thread
📚 tl;dr sec 180
With great work from:
, , , , , , , , , , , ,
and more!
2
20
42
Show this thread
Introducing our #DSC24 #CFP EMEA committee! 🌍
🎙
🎙
🎙
🎙
Share your knowledge & ideas with these pros by submitting a session 🎤: sessionize.com/devseccon24-20 Let's create an amazing conference together!💪🏽
4
4
Very proud of the fantastic work put in here, thanks to for being wonderful to collaborate with, and also to the for sponsoring the work 🎉
Quote Tweet
Argo CD end user threat model
A comprehensive threat model analysis of a production setup of @argoproj:
* Representations of threat landscapes through attack trees
* Security best practices
* Deployment architecture
+ more!
By @controlplaneio
cncf.io/blog/2023/04/2
1
7
🔖 Argo CD end user threat model
A comprehensive threat model analysis of a production setup of :
* Representations of threat landscapes through attack trees
* Security best practices
* Deployment architecture
+ more!
By
cncf.io/blog/2023/04/2
1
14
38
The KubeCon session I did in Amsterdam with is now live on YouTube. If you missed it live you can catch it at
4
5
With so much action, it's tough to condense the experience into less than a minute.
This is how saw it. Definitely worth waiting to the end for his immortal speech.
Can't wait for the next one!
2
5
19
📣Call for speakers 📣
We're looking for interesting DevSecOps talks, regardless of whether you're a novice or professional speaker for DevSecCon24 2023! Submit your session TODAY! 👉🏽 sessionize.com/devseccon24-20
8
13
Episode 1 of #CloudNativeCompass from is now available.
We discuss Cloud Computing, Containers, and Kubernetes with , , and
Subscribe on YouTube or via any podcast player.
New episode every Monday
3
6
19
May the.....4th be with you next week!
On the 4th & 5th folks will be attending #WTFisSRE in person organized by in central London.
Check out , free tix for job seekers!
cloud-native-sre.wtf
5
9
35
Sushi spectacular with friends fantastical
/cc
1
3
10
The Guide to Scaling Argo CD Securely in 2023 has been updated with 's hardening guide. - codefresh.io/blog/scaling-a
If you have additions that you think are critical for this post, DMs are open!
#ArgoCD #OpSec #DevSecOps #InfoSec #K8s
Quote Tweet
KubeCon was busy, so re-posting a couple things:
1) Chainguard assessed Argo CD to be SLSA Level 3 (darn-good supply chain security). cncf.io/blog/2023/04/1
2) ControlPlane published an end user threat model (hardening guide) for Argo CD. cncf.io/blog/2023/04/2
1
3
8
Show this thread
KubeCon was busy, so re-posting a couple things:
1) Chainguard assessed Argo CD to be SLSA Level 3 (darn-good supply chain security). cncf.io/blog/2023/04/1
2) ControlPlane published an end user threat model (hardening guide) for Argo CD. cncf.io/blog/2023/04/2
9
27
Should we trust the code we run in production?🔒
📢Join CEO, , as he explores the complex world of Cloud Native supply chains, focusing on malicious internal threat actors and software implants.📢
Get your #WTFisSRE conference tickets today🎟️
3
6
3
5
Returning from KubeCon (great conversations!) and found a nice surprise. Big kudos to for this awesome framed book cover of and my Hacking Kubernetes book (coincidentally we did a book signing of it yesterday ;)
5
5
54
Excellent and very accessible introduction to the Software Factory by .
I like that it begins with a list of references to important projects in the space. I'm also a sucker for anyone that references "Reflections on trusting trust."
youtu.be/7CMhIDAPjEs
read image description
ALT
1
6
New report to check out! 👇
#Argo CD end user threat model: security considerations for hardening declarative #GitOps CD on #Kubernetes
10
33
Studious CTF preparation from the assembled cloud native security venturers at KubeCon's Security Village! Intro today, full day of Kubernetes cluster hacking tomorrow 💥☸️🌩️ with &
read image description
ALT
6
19
The clock is ticking and it's less than 72 hours until the first-ever #SecurityVillage #Experience at #KubeCon. 🎉🎉
Are you as excited as us!!? Let us know in the comments.
Read more about Security Village at
2
15
43
Show this thread
1
2
14
Watch CEO of 's "Hacking Kubernetes: Live Demo Marathon" at State of Open Con 23 #SOOCon23 #OpenSource
ow.ly/Y6S350NgII0
3
7
One of the most amusing interviews I've ever had the privilege of attending! owning the Pirate Captain vibes 🏴☠️⚓️🦜
Quote Tweet
Set sail with Captain Alex Williams as he uncovers buried treasure with ControlPlane CEO Andrew Martin in this demo. bit.ly/43xol55 #Kubernetes #CloudNative #CloudSecurity @controlplaneio
2
5
KubeCon is looking busy ! As well as my two sessions in the main schedule, I’ll also be appearing on a panel on Wednesday night for the Amsterdam Cloud Security Meetup along with and
5
10
If going to #KubeConEU, don't miss this opportunity to improve the security posture of your projects in just 25 minutes.
GIF
read image description
ALT
Quote Tweet
A KubeCon offer from @controlplaneio: Lightspeed Security in our Threat Roomlnkd.in/ekP-JtbZ — threat model projects, systems, supply chains, glints of the eye, we appraise and review it all in 25m sessions with our trademark high-impact threat modelling process 
… Show more
lnkd.in/ekP-JtbZ — threat model projects, systems, supply chains, glints of the eye, we appraise and review it all in 25m sessions with our trademark high-impact threat modelling process … Show more1
3
A KubeCon offer from : Lightspeed Security in our Threat Room⚡lnkd.in/ekP-JtbZ — threat model projects, systems, supply chains, glints of the eye, we appraise and review it all in 25m sessions with our trademark high-impact threat modelling process ☸️🌩️… Show more
11
24
🎉 𝙀𝙓𝘾𝙇𝙐𝙎𝙄𝙑𝙀 𝙂𝙄𝙑𝙀𝘼𝙒𝘼𝙔 🎉
WIN 2 TICKETS 🎟 to the can’t-miss 2023!
**Competition closes 14 April @ 11:59pm GMT**
To Enter 👇
Follow:
➕2 Bonus entries: Retweet this tweet
➕2 Bonus entries: tag a friend 👀
Let the games begin & good luck!
12
34
36
💡Chapter Leader Spotlight💡
Meet our #DSCUK🇬🇧 lead: !
As a security engineer, founder, & CEO at , Andrew loves solving cloud native security challenges! #DSC is lucky to have you as a leader! Wanna join this amazing chapter?👇🏼 devseccon.com/chapters/dsc-l
2
3
Thu. 20 April at 11:55 CEST #KubeCon Talk: Automated Cloud-Native Incident Response with #Kubernetes and Service Mesh with of and d1gital_f of
More details here:
4
4
A KubeCon offer from : Lightspeed Security in our Threat Room⚡lnkd.in/ekP-JtbZ — threat model projects, systems, supply chains, glints of the eye, we appraise and review it all in 25m sessions with our trademark high-impact threat modelling process ☸️🌩️… Show more
11
24
Hi #Kubernetes minded friends! As preparation for #KubeConEu, we're running a Live on the future of containers & kubernetes security. If you pop a question in the comments before Thurs. 10am PST, we'll do our best to cover it!
Details: lnkd.in/gvxdyxn2
2
4
Going Back to the Future again at , for a longer version of my talk together with my partner in crime where we’ll be talking about cloud native security past, present and future !
3
5
We did a survey of the security landscape of package managers! Find out how your favorite package managers (PyPI, RubyGems, Golang, Maven, etc.) view the different aspects of supply chain security!
Quote Tweet
Taking the Pulse of Leading Software Repositories’ Security hubs.la/Q01KckNj0 The OpenSSF Securing Software Repository Working Group surveyed the maintainers of 11 leading software repositories to learn about their current security posture & future plans
Show this thread
5
28
This demo of the Capture The Flag game with CEO Andrew Martin is great. The idea of the game is for people to explore find where “the bodies are buried” and follow the processes to find the flags in order to secure #Kubernetes clusters.
4
3