Securing the Future: Defending Kubernetes & Cloud-Native Infrastructure in the Age of AI - Madhu Akula - DCSG2026
Description
Name of Training: Securing the Future: Defending Kubernetes & Cloud-Native Infrastructure in the Age of AI
Trainer(s): Madhu Akula
Dates: April 26-27, 2026
Time: TBD
Venue: Marina Bay Sands
Early Bird Cost: $3,650 SGD / Proficiency Exam Add-on $450 SGD
Early bird price valid until February 8, 2026.
Short Summary:
Defending containerized workloads and cloud-native infrastructure is more critical than ever. Recent security reports indicate that 42% of respondents cite security as a top concern with container and Kubernetes strategies, while attackers start probing new clusters in as little as 18 minutes.
This hands-on, real-world training is designed to equip Blue Teamers, Cloud Security Engineers, Security Architects, and DevSecOps professionals with the skills needed to understand and defend Kubernetes clusters across the supply chain, infrastructure, and runtime layers. The course addresses current threat landscapes including AI/ML workload security, supply chain attacks, and emerging attack vectors identified in recent days.
Course Description:
Defending containerized workloads and cloud-native infrastructure is more critical than ever. Recent security reports indicate that 42% of respondents cite security as a top concern with container and Kubernetes strategies, while attackers start probing new clusters in as little as 18 minutes.
This hands-on, real-world training is designed to equip Blue Teamers, Cloud Security Engineers, Security Architects, and DevSecOps professionals with the skills needed to understand and defend Kubernetes clusters across the supply chain, infrastructure, and runtime layers. The course addresses current threat landscapes including AI/ML workload security, supply chain attacks, and emerging attack vectors identified in recent days.
Through simulated attack scenarios, practical labs, and real-world case studies, participants will learn to detect modern TTPs, implement effective security controls, and improve observability and incident response capabilities.
Course Outline:
Section 1: Foundation & Threat Landscape
1.1 Fast-Track Kubernetes 101 for Defenders
- Architecture deep-dive from a security perspective
- Attack surface analysis and entry points
- Understanding AI/ML workload orchestration patterns
1.2 Threat Modeling & Intelligence
- MITRE ATT&CK for Containers framework (latest tactics)
- Analysis of latest recent Kubernetes incident trends
- Anonymous authentication exploitation patterns
- STRIDE methodology adapted for cloud-native environments
- Behavioral threat detection using IOCs
1.3 Defensive kubectl Kung-Fu: Advanced API Auditing
- API server security hardening beyond basics
- Detecting lateral movement through API abuse
- Advanced RBAC audit techniques
- API server attack path analysis
1.4 Supply Chain Security Revolution
- Container image signing with Sigstore/Cosign
- Software Bill of Materials (SBOM) enforcement
- Provenance verification and attestation
- Private registry threat modeling
- Third-party dependency risk assessment
Section 2: Advanced Hardening & Attack Path Mitigation
2.1 Next-Gen Container Isolation
- Container escape prevention with gVisor/Kata/etc.
- Advanced security profiles like KuberArmor or AppArmor & seccomp-bpf
- User namespace security considerations
- Privileged container detection strategies
2.2 Zero-Trust Network Security
- Service mesh security (Istio/Linkerd security policies)
- eBPF-based network monitoring and enforcement
- East-west traffic encryption patterns
- Network policy testing and validation
2.3 Identity & Access Management Revolution
- RBAC security assessment methodology
- ServiceAccount token security
- Workload identity & federation
- Pod Security Standards (PSS) enforcement
2.4 Modern Application Delivery Security
- GitOps security patterns and threat modeling
- Helm security beyond basics (OCI registries)
- Kustomize security considerations
- ArgoCD/Flux security hardening
2.5 Secrets & Data Protection
- External Secrets Operator patterns
- HashiCorp Vault integration security
- CSI driver security considerations
- Encryption at rest with cloud KMS integration
2.6 Cloud-Native Defense Integration
- Cloud provider security service integration
- Workload identity and IRSA security patterns
- Cloud metadata API protection strategies
- Multi-cloud security considerations
Section 3: Detection, Monitoring & AI-Enhanced Response
3.1 Runtime Security Revolution
- Falco rule customization and tuning
- eBPF-based monitoring with Tetragon/Tracee
- Cilium Hubble for network observability
- Container runtime security (containerd/CRI-O)
3.2 AI/ML Workload Security Specialization
- GPU resource abuse detection
- Model poisoning prevention strategies
- ML pipeline security monitoring
- Jupyter/MLflow security considerations
3.3 Advanced Threat Detection
- Behavioral anomaly detection with ML
- Cryptomining detection patterns
- Advanced persistent threat (APT) indicators
- Secrets scanning in runtime environments
3.4 Policy-as-Code & Governance
- OPA Gatekeeper advanced policies
- Kyverno policy engine comparison
- Polaris policy validation
- Spotter universal security policy engine
- Policy testing and CI/CD integration
3.5 Persistence & Evasion Hunting
- Sidecar injection attack detection
- Init container abuse patterns
- DaemonSet privilege escalation hunting
- Node-level persistence techniques
3.6 Incident Response Playbooks
- Automated response orchestration
- Container forensics techniques
- Kubernetes-native incident response tools
Section 4: Auditing, Automation & Future-Ready Defense
4.1 Comprehensive Security Posture Assessment
- Multi-tool audit orchestration
- KubeAudit, Trivy, Kubescape, Kube-score, Spotter comparison
- Popeye resource optimization auditing
- Custom policy development
4.2 Compliance & Benchmarking Excellence
- CIS Kubernetes Benchmark implementation
- NIST Cybersecurity Framework mapping
- SOC 2 compliance for Kubernetes
- PCI-DSS container security requirements
4.3 DevSecOps Integration Mastery
- Security scanning in GitOps workflows
- Admission controller testing in CI/CD
- Infrastructure as Code security scanning
- Progressive delivery security gates
4.4 Real-World Case Study Deep Dives
- Kubernetes cryptojacking incident analysis
- Misconfigured API server exploitation case studies
- Supply chain attack post-mortems
- AI/ML infrastructure compromise scenarios
4.5 Security Maturity & Future Direction
- Kubernetes Security Maturity Model (KSMM)
- Emerging security tools landscape
- Cloud-native security platform integration
Difficulty Level:
Intermediate/Advanced
Intermediate Definition - The student has education and some experience in the field and familiarity with the topic being presented. The student has foundational knowledge that the course will leverage to provide practical skills on the topic.
Advanced Definition - The student is expected to have significant practical experience with the tools and technologies that the training will focus on.
Suggested Prerequisites:
-
Basic Kubernetes knowledge (kubectl, YAML manifests)
- Container security fundamentals
- Linux system administration experience
- Familiarity with cloud provider security services
Target Audience
- Blue Team analysts and SOC engineers
- Security engineers and Security architects
- Cloud/DevSecOps professionals and platform engineers
- Incident response specialists
- Security consultants and auditors
What Students Should Bring:
You have to bring your laptop with a browser and we will provide you with access to the browser-based labs.
What the Trainer Will Provide:
- 200+ page digital workbook with step-by-step labs and references
- Custom lab environment for continued practice
- Security policy templates and implementation guides
- Incident response playbooks specifically for Kubernetes
- Tool comparison matrices and frameworks
Trainer(s) Bio:
Madhu Akula is a pragmatic security leader and creator of Spotter - Universal Kubernetes Security Engine and Kubernetes Goat, an intentionally vulnerable by-design Kubernetes Cluster to learn and practice Kubernetes Security. He is also a published author and cloud-native security architect with extensive experience.
Madhu is an active member of the international security, DevOps, and cloud-native communities (null, DevSecOps, AllDayDevOps, AWS, CNCF, USENIX, OWASP, etc). He holds industry certifications like OSCP (Offensive Security Certified Professional), CKA (Certified Kubernetes Administrator), CKS (Certified Kubernetes Security Specialist), etc. Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON (24, 26, 27, 28, 29, 30, 31 & 32), BlackHat (2018, 19, 21, 22, 23, 24 & 25), USENIX LISA (2018, 19 & 21), SANS Cloud Security Summit 2021 & 2022, O'Reilly Velocity EU, GitHub Satellite, Appsec EU (2018, 19 & 22), All Day DevOps (2016, 17, 18, 19, 20, 21, 22, 23 & 24), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 18 & 20), Nullcon (2018, 19, 21 & 22 & 25), SACON, WeAreDevelopers, null and multiple others. His research has identified vulnerabilities in over 200+ companies and organisations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP Adobe, etc, and is credited with multiple CVEs, Acknowledgements, and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. He is the technical reviewer for Learn Kubernetes Security, and Practical Ansible2 books by Packt Pub. He also won 1st prize for building an Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams. In addition to his technical expertise, Madhu advises startups on building exceptional products and communities, helping them add significant value along the way.
Proficiency Exam Option:
This course has the option for a proficiency certificate add-on. To earn the proficiency certificate, students must score 70% or above on a hands-on, practical scenario with multiple levels. Students will be assessed on their approach and methodology. The training is designed so that all participants gain the knowledge and skills needed to successfully attempt and complete the scenario.
Please reach out to training@defcon.org for any questions related to the proficiency exam and certificate option.
Registration Terms and Conditions:
Trainings are refundable before March 27, 2026, minus a non-refundable processing fee of $250.
Between March 27, 2026 and April 21, 2026 partial refunds will be granted, equal to 50% of the course fee minus a processing fee of $250.
All trainings are non-refundable after April 21, 2026.
Training tickets may be transferred to another student. Please email us at training@defcon.org for specifics.
If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).
Failure to attend the training without prior written notification will be considered a no-show. No refund will be given.
DEF CON Training may share student contact information, including names and emails, with the course instructor(s) to facilitate sharing of pre-work and course instructions. Instructors are required to safeguard this information and provide appropriate protection so that it is kept private. Instructors may not use student information outside the delivery of this course without the permission of the student.
By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.
Several breaks will be included throughout the day. Please note that food is not included.
All courses come with a certificate of completion, contingent upon attendance at all course sessions. Some courses offer an option to upgrade to a certificate of proficiency, which requires an additional purchase and sufficient performance on an end-of-course evaluation.
