Climbing high — getting started with cloud native security through open source

Security-specific tools are often overlooked until it becomes a requirement, necessity or things have gone terribly wrong. While many organisations will build a security team to address related issues, many smaller organisations and individual contributors do not have this option. This talk is divided into two sections. In the first one, Anais will share the similarities between climbing and the importance of establishing a security-centric mindset. What happens if we do not have security specialists supporting our team? Free-climbing might be an option for experts with years of experience but not for most cluster admins. The second part will go over security-specific tools in the cloud native ecosystem. A live demo will focus on Trivy, an open source tool with 11k+ stars on GitHub. Anais will showcase how we can get started and the benefits of integrating cloud native security tools, such as Trivy, into our existing processes and monitoring stack. The goal is to provide Kubernetes cluster admins and engineers with the tools and knowledge to take ownership of securing their resources without having to become security experts.


  • Anaïs Urlichs
    Anaïs Urlichs
    Aqua Security

    Anaïs is a Developer Advocate at Aqua Security, where she contributes to Aqua’s cloud native open source projects. When she is not advocating DevOps best practices, she runs her own YouTube Channel centered around cloud native technologies. Before joining Aqua, Anais worked as SRE at Civo, a cloud native service provider, where she helped enhance the infrastructure for hundreds of tenant clusters. As CNCF ambassador of the year 2021, her passion lies in making tools and platforms more accessible to developers and community members.


Sep 14 2023


12:00 - 12:30


Room Friedrichshain I+II