►
Description
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Opening Remarks + CTF Overview - Andrew Martin, ControlPlane
A
Tomorrow
we
have
the
edition
of
a
capture
the
flag
experience.
Those
of
you
who
have
been
here
before
may
remember
dread
pirate
Captain,
hash,
Jack
and
his
nefarious
goings-on.
We
also
have
a
selection
of
workshops.
They
will
be
happening
outside
of
this
room
and
we
will
continue
with
our
content
in
here.
A
A
A
A
There
are
plenty
of
places
for
you
and
your
organizations
to
get
involved
not
only
in
tax
Securities
work,
but
also
in
the
projects
that
we
help
to
assure,
and
also
more
broadly,
of
course,
over
the
course
of
this
week,
everything
under
the
cncf's
bright
shining
Banner
talking
of
banners.
We
have
a
CTF,
a
practical
Banner.
A
The
way
that
this
will
be
played
is
all
through
a
terminal.
We
kick
it
off
tomorrow
in
the
room
across
the
way
room
333,
but
for
those
of
us
who
have
not
played
a
CTF
before
we'll
run
through
a
workshop
today.
So
instead
of
this
being
a
deaf
style,
malware,
reversing
binary
exploitation,
kind
of
CTF,
we
are
looking
to
help
people
understand,
kubernetes
security
contacts,
sorry
Concepts
and
contexts
of
course.
So
this
is
an
educative
ETF.
A
There
is
still
a
competitive
element,
but
it's
not
designed
to
mangle
the
Swede,
as
we
might
say
in
the
UK
or
similarly
twist,
the
brain
learn
how
to
poem
clusters
and
pot
shells
we'll
do
an
introductory
Workshop
today,
and
this
will
guide
you
through
one
of
the
previous
CTF
scenarios
that
we've
run
before
points
of
doing
style
of
CTF
is
to
help
internalize
the
adversarial
mindset
and
then
give
us
an
opportunity
to
understand
where
to
apply
controls,
ultimately
helping
to
raise
the
barrier.
Cloud
native
security.
A
There
is
also
a
companion
website,
as
I
say,
we'll
start
with
a
workshop
today,
and
then
three
workshops
will
run
throughout
tomorrow
running
through
three
increasingly
complex
scenarios.
You
are
advised
to
turn
up
for
the
first
session
if
you
are
not
feeling
overly
confident
if
you
pop
in
just
for
the
third
session,
it
will
be
slightly
more
difficult
and
of
course
we
have
the
cloud
native
goose
chasing
us
throughouts.
A
As
I
say,
everything
is
run
through
the
command
line
and
you
can
prepare
for
the
CTF
there
I
hope
that
has
suitably
ensnared
some
of
your
interests.
Okay,
what
do
we
have
coming
up
this
morning?
We
have
Keynotes
and
into
our
first
talk,
we
have
Michael
Foster
from
red
hat
with
crossing
the
kubernetes
network
policy.
Castle
then
Jeremy
Colvin
from
upticks.
Why
develop
a
laptop
security
is
key
to
securing
your
cfp
pipeline
again
those
open
source
statistics
coming
into
shop.
A
Of
the
next
two
days,
a
huge
thanks
to
our
sport,
who
have
helped
to
make
everything
possible
cystic,
upticks
and
VMware
tanzu,
some
long-standing
supporters
of
the
security
community
in
there
are
some
sponsor
apparel
and
gold,
tigera
and
veritas.
Much
appreciated.
Thank
you
for
the
supports
and
that
slide
has
spectacularly
failed
to
load
big
thanks
to
everybody
whose
faces
are
supposed
to
be
here
who
helped
on
the
program
committee
who
have
helped
again
volunteering
their
spare
time
in
order
to
schedule
and
manage
an
event
like
this.
It
is
a
non-trivial
process,
so
huge
thanks.
A
They
will
also
appear
on
the
closing
slides,
so
they
have
a
second
opportunity,
also
a
huge
thank
you
to
everybody
involved
in
tag
security.
Again,
these
are
voluntary
efforts
with
people's
Spare
Time
organizations,
putting
funding
behind
the
open
source
security.
A
A
You
remiss
not
to
remind
you
that,
should
you
have
the
spare
Cycles
the
inclination
or
just
the
interest
to
join
what
tax
security
does
we
meet
every
week
we
have
an
emir
time
zone
meeting.
We
have
a
U.S
flavored
time
zone
meeting.
They
alternated
good
things
like
Shoring
projects.
Cntf
are
looking
to
help
graduate
we're
working
now
with
cert
manager,
flux,
Argo
CD.
These
are
again
critical
projects
to
the
sanctity
and
safety
of
production
deployments
and
the
expertise
required
to
go
through
some
Assurance
practices
and
threat.
A
Modeling
experiences-
it's
it
is
a
high
bar
success,
and
so
it
is
much
easier
to
do
with
the
help
and
the
collaboration
of
friends
and
colleagues
in
the
open
source
Community.
It's
a
great
way
to
learn
how
things
are
done
in
other
organizations,
and
it
is
a
hive
mind.
A
A
fabulous
Melting
Pot
of
intellect
I
very
strongly
urge
you
interested
or
with
the
Cycles,
to
come
and
join
us
jump
on
Slack
and
come
and
attend
some
of
our
meetings
with
that
we
are
ready
to
start
the
day,
so
the
first
keynote
is
starting
in
a
couple
of
minutes.
Thank
you
again
for
your
attendance
and
supports
and
I
hope
you
have
a
fabulous
time
at
cloudnative
security.
Con.