Kubernetes gives us abstraction and power—but with great YAML comes great responsibility. In this talk, we’ll walk through live demos of real-world misconfigurations that allow attackers to escape containers and tamper with the host. You’ll see exactly what happens when Pods run in privileged mode, use hostPath volumes carelessly, or retain excess Linux capabilities. We’ll also show how to detect these attacks in real time using Falco, and enforce safety nets with Pod Security Admission. If you’ve ever wondered "what’s the worst that could happen?"—this session answers that with receipts.
talk-data.com
R
Speaker
Rafael Natali
2
talks
Lead DevSecOps
Marionete
Rafael Natali has 20 years of experience in the IT industry, specifically as a System Administrator and DevSecOps professional. He has developed extensive knowledge in designing, operating, and troubleshooting solutions that prioritize scalability and reliability. He is also an expert in Automation as well as Continuous Integration and Delivery.
Bio from: I Fought the Pod and the Pod Won: Breaking and Defending Kubernetes from Within
Filter by Event / Source
Talks & appearances
2 activities · Newest first
In this session, we’ll explore the real-world journey of implementing a scalable, secure, and resilient data streaming platform—from the ground up. Bridging DevOps and DataOps practices, we’ll cover how our team designed the architecture, selected the right tools (like Kafka and Kubernetes), automated deployments, and enforced data governance across environments. You'll learn how we tackled challenges like schema evolution, CI/CD for data pipelines, monitoring at scale, and team collaboration. Whether you're just starting or scaling your data platform, this talk offers practical takeaways and battle-tested lessons from the trenches of building streaming infrastructure in production.