talk-data.com talk-data.com

Event

I Fought the Pod and the Pod Won: Breaking and Defending Kubernetes from Within

2026-02-19 – 2026-02-19 Meetup Visit website ↗

Activities tracked

1

🗓 Agenda:

  • 6:00pm: Doors open
  • 6:00pm - 6:30pm: Food, Drinks & Networking
  • 6:30pm - 7:15pm: Rafael Natali, Lead DevSecOps, Marionete
  • 7:15pm - 8:00pm - Additional Q&A & Networking

💡 Speaker: Rafael Natali, Lead DevSecOps, Marionete

Abstract: Kubernetes gives us abstraction and power—but with great YAML comes great responsibility. In this talk, we’ll walk through live demos of real-world misconfigurations that allow attackers to escape containers and tamper with the host. You’ll see exactly what happens when Pods run in privileged mode, use hostPath volumes carelessly, or retain excess Linux capabilities. We’ll also show how to detect these attacks in real time using Falco, and enforce safety nets with Pod Security Admission. If you’ve ever wondered "what’s the worst that could happen?"—this session answers that with receipts.

Bio: Rafael Natali has 20 years of experience in the IT industry, specifically as a System Administrator and DevSecOps professional. Throughout his career, he has developed extensive knowledge in designing, operating, and troubleshooting solutions that prioritize scalability and reliability. Rafael is also an expert in Automation as well as Continuous Integration and Delivery. He has been working with Kubernetes since 2018 and is recognised as a Kubestronaut since 2024. Currently, Rafael leads a team that is implementing a hybrid streaming data and analytics platform for a major insurance company in the UK.

***

DISCLAIMER NOTE: We are unable to cater for any attendees under the age of 18.

Sessions & talks

Showing 1–1 of 1 · Newest first

Search within this event →

Rafael Natali, Lead DevSecOps, Marionete

2026-02-19
talk
Rafael Natali (Marionete)
Kubernetes falco pod security admission

Kubernetes gives us abstraction and power—but with great YAML comes great responsibility. In this talk, we’ll walk through live demos of real-world misconfigurations that allow attackers to escape containers and tamper with the host. You’ll see exactly what happens when Pods run in privileged mode, use hostPath volumes carelessly, or retain excess Linux capabilities. We’ll also show how to detect these attacks in real time using Falco, and enforce safety nets with Pod Security Admission. If you’ve ever wondered "what’s the worst that could happen?"—this session answers that with receipts.