S3E13: Resilient Cyber Show w/ Jimmy Mesta - Kubernetes Security & Compliance

In this episode of Resilient Cyber, Chris Hughes and Dr. Nikki Robinson are joined by Jimmy Mesta, co-founder and CTO of KSOC, to dive deep into Kubernetes security and compliance. They explore the challenges and best practices for securing Kubernetes environments at scale.

🔑 Key Highlights:

• Kubernetes Overview: What Kubernetes is and why it’s essential in today’s containerized infrastructure

• Kubernetes Security: Top security risks in Kubernetes, including misconfigurations and role-based access control (RBAC)

• OWASP Kubernetes Top 10: Insights into the newly developed OWASP Kubernetes Top 10 project and its importance for security teams

• RBAC and Identity Management: How to manage access in Kubernetes environments to enforce least privilege and zero trust

• Admission Controllers: The role of admission controllers like Open Policy Agent (OPA), Kyverno, and more in maintaining security policies

• Managed vs. Self-hosted Kubernetes: Pros and cons of using managed Kubernetes services vs. rolling your own cluster

• Compliance and Kubernetes: Challenges in addressing compliance frameworks like PCI, CIS, and more in a Kubernetes ecosystem

• API Logs and Governance: The importance of monitoring Kubernetes API logs and establishing governance in multi-cluster environments

• The Future of Kubernetes: What’s next for Kubernetes security, education, and governance as the platform matures

• Cyber Resiliency: Jimmy’s take on cyber resilience and how to limit blast radius in cloud-native environments