Welcome to the pure security lecture in the series, we ll talk about what Zero Trust means, what (general) Cloud Security Guidelines we have and how to interpret them practically (and in a way that you can work with it in real life). We will explain what a ThreatModel is and some general jargon of the field. This will quickly bring us to Identity and IAM, as the new perimeter of

Last Updated: 2024-03-17

Why

How to approach the jungle of regulations out there, without sinking endless time into it and without being a lawyer?

What do all these buzzwords mean and which ones are relevant in daily life?

IAM and general design rules in IDPs

A workable definition of zero trust and some overall best practise in how to approach designing a good "security first" project.

What

We will cover the following topics:

• Some recent regs
• IAM
• IDPs
• Zero Trust
• Threat Modeling
• Security First

What you'll build today

By the end of today's lecture, you should have

• ✅ you ll automatically generate users, roles, role bindings
• ✅ you ll use an OAuth2 plugin to auto-configure SSO

Homework (Flipped Classroom)

How should I prepare

• Your Helm Chartv0.04 is deployable to your choice of Kubernetes
• You have reasonable automation to deploy it
• You have reviewed gross governance oversights in your deployments and remediated them
• Your team's Kubernetes is up and running

PreRead

• https://www.oreilly.com/library/view/zero-trust-networks/9781492096580/ch01.html#what_is_a_zero_trust_network
• pages 1-12 of https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf (Chapter 1, 2, 3.0, 3.1 )

What you'll need

• A browser (this lab was only tested on Chrome)
• A laptop with internet
• Pen and Paper

Somethings are easier, but you gotta do them ;)

In the beginning, there was <a story>

Lets see what projects are out there and how they differ

Lots of security tooling all over the place, lets see what is what

https://landscape.cncf.io

For your increased productivity

Favourites

Git clone pacman
Git checkout features/workloadid

Fear not, we got you covered

Collect all the stuff you are building/deploying/else

Do you see the forest? Or just lots of trees?

What metrics that you defined for your product can you actually see or measure?

Which ones can you not see?

List at least 2 in each category

Congratulations, you've successfully completed this training

What's next?

• TBD

Further reading

• l

Reference docs

• r