Kamil Potrec is a Senior Security Engineer at Snyk, working on security around Kubernetes and cloud platforms. He joins the show to discuss how to think about securing your infrastructure, the different arts (and colors) of offensive and defensive security, and what not to lose sleep over.
Do you have something cool to share? Some questions? Let us know:

web: kubernetespodcast.com
mail: kubernetespodcast@google.com
twitter: @kubernetespod

Chatter of the week

Episode 23, with Andrew Philips and Lars Wander
A pile of mail and a bike

News of the week

Red Hat OpenShift 4.7 is GA
Fairwinds Insights 3.0
Envoy zero-day patched

Istio security bulletin


Sysdig contributes Falco modules to the CNCF
StorageOS raises $10m in Series B
Platform9 raises $12.5m in Series D
CNCF relaunches Kubernetes Community Day with KCD Africa and Bengaluru

Links from the interview

Offensive unit in American Football
Hand-egg
Red and blue teams
Unreal Tournament
Capture the flag
Kubernetes secrets

Design document
Encrypting secrets at the application layer


Antivirus software
Tracer-tee
SolarWinds attack
Reflections on Trusting Trust by Ken Thompson
left-pad deleted from NPM
Snyk Open Source

The open source parts


Snyk vulnerability database
MITRE CVE database
Kubernetes security at Snyk
Deploy only trusted containers to GKE
Application threat modeling
Kubernetes security best practices, including security context, AppArmor, gVisor etc
CVE-2020-8554: man-in-the-middle attack using ExternalIP services
CVE-2020-14386: packet socket vulnerability with user namespaces enabled

Earlier related work: CVE-2017-7308 and CVE-2016-8655
Project Zero writeup


Rewrite it in Rust!
Kamil Potrec on LinkedIn