Preview of talk: Gotcha! Hard-Won Lessons in Identity Automation
Preview of talk: The Security Policy Rollout Survival Guide
Preview of talk: BSidesSF plays incident response
Preview of talk: When authn breaks: real world failures
Preview of talk: The evolution of auth, from users to AI agents
Preview of talk: Panel: Mastering the Technical Requirements for FedRAMP
Preview of talk: OAuth Works for AI Agents, but Scaling Is Another Question
Preview of talk: What sucks in security?
| San Francisco

What sucks in security?| SnooSec

  • Market research

I interviewed 57 security leaders about what sucks in security. Top pain points: inconsistent access management, vulnerability remediation, and SaaS logs.

Preview of talk: Panel: Secrets and Policies — Automating Cybersecurity
Preview of talk: 5 security startup pitches to raise money and eyebrows
Preview of talk: How Tailscale Builds for Users of All Tiers
Preview of talk: So what does a product manager do, exactly?
Preview of talk: Lead a Team in Fast Product Launches
Preview of talk: Building a Security Team that Doesn’t Slow Down your Developers
Preview of talk: The Importance of Cutting-Edge Security and How To Combat Data Breaches
Preview of talk: Securing user to server access in Kubernetes
Preview of talk: Cloud-Native Network Security Panel
Preview of talk: Zero Config VPNs
| Virtual

Zero Config VPNs| The Cloudcast

  • Remote access
  • Network security
  • Encryption
  • Podcast

Maya Kaczorowski (@MayaKaczorowski, Product @Tailscale) talks about the new world of remote systems access, zero-config VPNs, and why everyone loves using Tailscale.

Preview of talk: Demistifying Risks for Dev-Focused Companies
| San Francisco

Demistifying Risks for Dev-Focused Companies| Accel DX 2022

  • Supply chain security
  • Infrastructure security
  • DevOps
  • Panel

With the movement towards CI/CD, new code written by developers is deployed continuously at sophisticated companies. However, security practices haven’t kept up. As leaders in the space, Chainguard’s Kim Lewandowksi, Snyk’s Randall Degges, and Tailscale’s Maya Kaczorowski are not strangers to these challenges. In a panel moderated by Accel’s Casey Aylward, they will discuss security resources for developers, and how to understand and effectively apply them before it’s too late.

Preview of talk: Tailscale SSH Aims To Simplify And Secure Remote Connections

In this episode of TFiR Let’s Talk, Swapnil Bhartiya sits down with Maya Kaczorowski, Product Manager at Tailscale, to discuss Tailscale SSH in beta and how it simplifies remote connections, taking away the need for SSH keys. She explains the motivation behind creating Tailscale SSH and what sticking points it is tackling.

Preview of talk: The Past, Present, and Future of Supply Chain Security
Preview of talk: WireGuard from the ground up
Preview of talk: The road to BeyondCorp is paved with good intentions
Preview of talk: Blue team panel discussion
Preview of talk: Remote development can improve your developers remote work experience
Preview of talk: What’s Next for DevOps?
Preview of talk: Software Composition Analysis
Preview of talk: The State of Security in the Octoverse
| Virtual

The State of Security in the Octoverse| .NET Rocks!

  • Podcast
  • Open source security

How secure is your software? Carl and Richard talk to Maya Kaczorowski of GitHub about The State of the Octoverse Security Report — one of three annual reports coming from GitHub about how software is being built.

Preview of talk: Dependabot
| Virtual

Dependabot| GitHub Checkout

  • Supply chain security

One library in your manifest can bring in a huge dependency tree. How do we track vulnerabilities and keep dependencies up to date?

Preview of talk: Security for open-source maintainers
Preview of talk: Dependency Review
| Virtual

Dependency Review| GitHub Checkout

  • Supply chain security

Dependency Review shows you a rich diff of dependency manifest changes while reviewing pull requests, letting you see exactly what’s changed.

Preview of talk: Catching vulnerabilities early with GitHub
Preview of talk: DevSecOps panel
| Virtual

DevSecOps panel| Snykcon

  • DevSecOps
  • Panel

A panel that doesn’t suck about security, from multiple perspectives. Categories, organisations and security practices are being reinvented, but what does it look like from the practitioner perspective?

Preview of talk: How Mettle uses GitHub to secure their software supply chain

Following DevSecOps means approaching security as an ongoing part of software development — and staying up to date on the code your software depends on. Join Mikail Tunç, Principal AppSec Engineer at Mettle, and Maya Kaczorowski, GitHub Product Manager for an in-depth conversation into how Mettle uses GitHub’s application security capabilities to understand which dependencies they use, their vulnerabilities, how to patch them — and get back to work.

Preview of talk: La sécurité dans tous ses états — la chaine d’approvisionnement logicielle et l’open source
| Virtual

La sécurité dans tous ses états — la chaine d’approvisionnement logicielle et l’open source| Electro Monkeys

  • Podcast
  • Container security
  • Supply chain security
  • Open source security
  • French

La sécurité est un aspect fondamental et pourtant souvent négligé de nos systèmes d’information. Le code est la base de code sont aujourd’hui au coeur de toute entreprise technologique. Mais alors quels sont les problèmes soulevés, quelles solutions y apporter et avec quels outils ?

Preview of talk: How Nutanix uses GitHub to secure their software supply chain

Following DevSecOps means approaching security as an ongoing part of software development — and staying up to date on the code your software depends on. Join Jon Kohler, Nutanix Technical Director, and GitHub Product Manager Maya Kaczorowski for an in-depth conversation into how Nutanix uses Dependabot and the GitHub dependency graph to understand which dependencies they use, their vulnerabilities, how to patch them — and get back to work.

Preview of talk: Software Supply Chain Security and Puzzles
Preview of talk: Hardening your soft software supply chain
Preview of talk: Security and GitOps
Preview of talk: Securing the software supply chain together
Preview of talk: The threat is real: software supply chain vulnerabilities
Preview of talk: Cryptic Dependencies & Cryptic Crosswords
Preview of talk: Checking your —privileged container
Preview of talk: Container and orchestration security
Preview of talk: How Kubernetes Components Communicate Securely in Your Cluster

Many IT teams begin moving their applications to containers and Kubernetes after their managers mandate the switch. Then in the rush to deploy they may forget, or simply delay, some fundamentals. Only six to 12 months later does integrating security into their CI/CD pipeline becomes a priority. This gradual evolution toward cloud native security best practices is worrisome, but it’s the norm among organizations adopting Kubernetes today. This is what we learned from a panel of cloud native security experts at The New Stack’s pancake and podcast from KubeCon+CloudNativeCon North America this week.

Preview of talk: Securing open-source
Preview of talk: Can You Prevent Brain Freezes?
Preview of talk: Containers can actually improve your security story
Preview of talk: Container security
Preview of talk: Container Forensics: What to do when your cluster is a cluster
Preview of talk: Exploring The Latest in Public Cloud Providers
Preview of talk: Container platform security
Preview of talk: Container Security
| Virtual

Container Security| BMC Run and Reinvent

  • Container security
  • Podcast

Listen to this very insightful episode with special guest from Google, Maya Kaczorowski, as she discusses container security with BMC Solutions Architect, Ajoy Kumar.

Preview of talk: Who Protects What? Shared Security in GKE
Preview of talk: What containers are and how they change your security model
Preview of talk: You might still need patches for your denim, but you no longer need them for prod
Preview of talk: This Year, It’s About Security
Preview of talk: Learn how to use network security controls for your containers
Preview of talk: The State of your Supply Chain
Preview of talk: Turtles All the Way Down: Managing Kubernetes Secrets with Secrets
Preview of talk: Embracing Containers Without Fear

Containers are making it easier for developers to build and deliver applications in the cloud. However, managing risk around container deployments remains a significant challenge for security teams. Join this session to learn about the security challenges around container deployments and best practices to follow while securing containers.

Preview of talk: Unravel the mystery of container security
Preview of talk: Container security
| Virtual

Container security| GCP Podcast

  • Podcast
  • Container security

Let’s talk container security! This week, Melanie and Mark learn all about the three main pillars of container security and more with our guest, Maya Kaczorowski.

Preview of talk: Google Infrastructure Security
| San Francisco

Google Infrastructure Security| Video tour

  • Infrastructure security
  • Encryption
  • Interview

Did you know that Google has invested $30.9 billion to build out our global infrastructure over the past 3 years? Learn more about Google’s infrastructure security through a tour with product manager Maya Kaczorowski and developer advocate Cassie Kozyrkov.

Preview of talk: How Google Protects Your Data at Rest and in Transit
Preview of talk: Kubernetes for Enterprise Security Requirements
Preview of talk: Google Infrastructure Tour
Preview of talk: DevSecOps: Developers play security offense
Preview of talk: Security
| Virtual

Security| Kubernetes Podcast

  • Podcast
  • Container security

On this week’s Kubernetes Podcast, your hosts talk to Maya Kaczorowski from Google Cloud about Kubernetes security, and look at announcements from Microsoft, Docker, Cisco and Spotify.

Preview of talk: Container security
| Virtual

Container security| Software Engineering Daily

  • Podcast
  • Container security

Maya Kaczorowski works on container security at Google. In a recent talk at KubeCon, Maya discussed runtime security of containers on Kubernetes. Maya joins the show to discuss container security, and what it means to software developers and operators.

Preview of talk: Engineering Container Security: Addressing the Unique Security Challenges of Containers at Scale in a Multi-Cloud World

With container adoption on the rise, new security strategies are needed to address the unique challenges that containers represent. In this panel discussion, container experts will discuss the security risks of containers and briefly examine many of the multiple approaches that can be taken to achieve security in a container-based environment and a hybrid cloud world.

Preview of talk: Container infrastructure keynote: Containers Should Contain …Right?
Preview of talk: Container Security
| Virtual

Container Security| Women in Tech Podcast

  • Podcast
  • Women
  • Container security

As public cloud adoption continues to accelerate, security becomes a top priority for many organizations. Maya Kaczorowski, Product Manager at Google Container Security explains what security consisted of in legacy systems. We then talked about the security panorama in the cloud, specifically in containerized applications. Maya explained various security risks in these applications as well as solutions. One of these is gVisor, a new open source sandbox that provides secure isolation for containers.

Preview of talk: Kubernetes Runtime Security: What Happens if a Container Goes Bad?
Preview of talk: Modern App Security Requires Containers
| Copenhagen

Modern App Security Requires Containers| KubeCon Europe 2018

  • Container security
  • Panel

Using containers, enterprises now have strong, secure-by-default primitives available for deploying apps to their infrastructure. Containers are enabling organizations to adopt better engineering practices like immutable infrastructure — increasing deployment agility and reducing mean time to patch. Companies are thinking strategically about to securely manage their software supply chains. Moderated by eWeek’s Senior Editor, Sean Michael Kerner, collaborators in the container ecosystem will share how containers are revolutionizing the way apps are secured and how we can expect container security to evolve in the future. The panel will also touch on open source projects Notary, TUF, SPIFFE, and OPA.

Preview of talk: Cloud SCC container security partners
| Copenhagen

Cloud SCC container security partners| Google Cloud at KubeCon

  • Container security
  • Interview

At KubeCon + CloudNativeCon Copenhagen we announced that five container security companies have integrated their tools with the Cloud Security Command Center to help you better secure the containers you’re running on Kubernetes Engine. Our PM in container security, Maya Kaczorowski, will meet them to discuss their technical integrations.

Preview of talk: Securing #Kubernetes
| Copenhagen

Securing #Kubernetes| The New Stack Pancake Breakfast at KubeCon

  • Container security
  • Panel

To do cloud-native computing, you need to identify all your workloads, and, more importantly, they need the ability to identify each other, so they can work together in automated chains. To aid in this task, the Cloud Native Computing Foundation has adopted the open source SPIFFE specification, and its associated SPIRE runtime. SPIFFE provides a standard for securely identifying software components in heterogeneous IT systems and SPIRE is the engine that can make it happen (and, in this setup, CNCF’s Open Policy Agent [OPA] can enforce the authorization duties).

Preview of talk: Exploring Container Security: detect and manage an attack

You’ll soon be able to manage security alerts for your clusters in Cloud Security Command Center (Cloud SCC), a central place on Google Cloud Platform (GCP) to unify, analyze and view security data across your organization. Further, even though we just announced Cloud SCC a few weeks ago, already five container security companies have integrated their tools with Cloud SCC to help you better secure the containers you’re running on Google Kubernetes Engine.

Preview of talk: Women in Google Cloud
Preview of talk: Securing your infrastructure using open-source tools
Preview of talk: Securing containers in production
Preview of talk: Managing secrets in your cloud environment
Preview of talk: Security overview
Preview of talk: Google Cloud Encryption at rest
Preview of talk: Google Cloud Encryption in transit
Preview of talk: Les leçons apprises de la sécurisation de Google et Google Cloud
Preview of talk: What’s Next in Cloud Security?
Preview of talk: Managing encryption of data in the cloud

Can management of encryption keys be easier in the cloud than on-premise? During this video, Maya Kaczorowski discusses the continuum of encryption options available, from encryption of data at rest by default, to Cloud Key Management System, to Customer Supplied Encryption Keys. You’ll learn how our encryption tools allow management of your own keys, including generation, rotation and destruction of those keys. She also shares best practices for managing and securing secrets.

Preview of talk: How data at rest is encrypted in Google’s Cloud, at scale

How does Google encrypt data at rest? This talk will cover how Google shards and encrypts data by default, Google’s key management system, root of trust, and Google’s cryptographic library. Google Cloud Platform encrypts customer content stored at rest, without any action from the customer, using one or more encryption mechanisms. We will also discuss best practices in implementing encryption for your storage system(s).

Preview of talk: Encryption
Preview of talk: How data at rest is encrypted in Google’s Cloud