Sponsored by Reblaze, creators of Curiefense Panelists Justin Dorfman | Richard Littauer Guest Andrew Martin Show Notes Hello and welcome to Committing to Cloud Native Podcast! It’s the podcast sponsored by Reblaze where we talk about the confluence of Cloud Native technology and Open Source. We have a great guest today, Andrew Martin, joining us from London. He is the CEO of Control Plane, a Cloud Native security consultancy training and pen test firm. We learn more about Andrew’s background, how he got involved in Kubernetes and Cloud security, and more about Cloud Plane. In 2019, Andrew made some Kubernetes predictions, and we find out today if any of them came true. We also find out how he keeps updated on what’s going on with open source in Cloud Native and other things. Since he has such a wealth of knowledge, Andrew fills us in on his book coming out soon called Hacking Kubernetes: Threat-Driven Analysis and Defense, and what chapter he’s most looking forward to people reading and why. We couldn’t let Andrew go without asking him for his “Predictions for 2023!” Go ahead and download this episode now to learn so much more from Andrew! [00:01:34 (https://podcast.curiefense.io/23?t=94)] Andrew tells us what Control Plane is, what does it does, and how many people they have working there. [00:02:13 (https://podcast.curiefense.io/23?t=133)] What is the average size of company in this space and why would someone need extra security on top of Cloud Native? [00:06:58 (https://podcast.curiefense.io/23?t=418)] Andrew tells us how he got involved with Kubernetes, Cloud security, and more about his background. [00:10:22 (https://podcast.curiefense.io/23?t=622)] We find out why Andrew thinks Kubernetes succeeded and Docker Swarm didn’t. [00:11:57 (https://podcast.curiefense.io/23?t=717)] In 2019, Andrew made some predictions and Justin wants to see if any of them came true. First prediction, did hosted services catch up with GKE? [00:12:59 (https://podcast.curiefense.io/23?t=779)] Second prediction, did non-container VM-based isolation improvement happen? [00:16:39 (https://podcast.curiefense.io/23?t=999)] With Andrew’s vast knowledge Richard wonders what he uses to keep updated on how open source works in Cloud Native and if there’s a Medium Blog that he’s subscribes to. Also, he shares which conference he will be attending this year and others he recommends. Justin gives a shout-out to TAG Security and their meetups. [00:20:05 (https://podcast.curiefense.io/23?t=1205)] Andrew’s book he co-wrote with Michael Hausenblas, Hacking Kubernetes, is discussed and he tells us the chapter he’s most looking forward to having people read. [00:23:49 (https://podcast.curiefense.io/23?t=1429)] Justin wonders if any of Andrew’s colleagues reviewed the book or if it’s all done with O’Reilly. [00:25:26 (https://podcast.curiefense.io/23?t=1526)] Andrew explains what he does to make sure that people at Control Plane are actually getting the best of the open source world without which it wouldn’t exist. [00:29:03 (https://podcast.curiefense.io/23?t=1743)] Richard is curious to know what method Andrew uses to find an interesting problem and how does he do security research in a way that makes him feel really excited about doing that sort of work. [00:32:22 (https://podcast.curiefense.io/23?t=1942)] We hear one last 2019 Kubernetes prediction and that is, if the tangle of YAML was going to unravel by 2019? He also talks about image and build metadata security matures which was another prediction. [00:35:53 (https://podcast.curiefense.io/23?t=2153)] Richard asks Andrew if he’s worked with Dan Lorenc in the Sigstore Project and Justin gives a shout-out to Dan and Episode 20 on this podcast to check out. [00:36:14 (https://podcast.curiefense.io/23?t=2174)] Andrew shares his predictions for 2023. [00:39:27 (https://podcast.curiefense.io/23?t=2367)] Find out where you can follow Andrew and the work he does. Quotes [00:03:21 (https://podcast.curiefense.io/23?t=201)] “The shared responsibility model gives us a different level of interaction with our cloud provider based upon what is ultimately platform as a service or infrastructure as a service or software as a service as well.” [00:04:03 (https://podcast.curiefense.io/23?t=243)] “But when it comes to how we behave operationally the cloud provider can make no guarantees that we’re not shipping bad code to production.” [00:10:51 (https://podcast.curiefense.io/23?t=651)] “And service meshes were being shipped by Docker Swarm before they were cool.” [00:11:29 (https://podcast.curiefense.io/23?t=689)] “So, from a networking perspective, Docker Swarm was much better out of the box because it was batteries included, but changeable, and came with its own networking paradigm.” [00:11:40 (https://podcast.curiefense.io/23?t=700)] “However, the inability to run multiple containers in a pod meant that there was no flexibility of application ...
