| San Francisco

SnooSec | What sucks in security?

  • Market research

I interviewed 57 security leaders about what sucks in security. Top pain points: inconsistent access management, vulnerability remediation, and SaaS logs.

| Virtual

The Cloudcast | Zero Config VPNs

  • Remote access
  • Network security
  • Encryption
  • Podcast

Maya Kaczorowski (@MayaKaczorowski, Product @Tailscale) talks about the new world of remote systems access, zero-config VPNs, and why everyone loves using Tailscale.

| San Francisco

Accel DX 2022 | Demistifying Risks for Dev-Focused Companies

  • Supply chain security
  • Infrastructure security
  • DevOps
  • Panel

With the movement towards CI/CD, new code written by developers is deployed continuously at sophisticated companies. However, security practices haven’t kept up. As leaders in the space, Chainguard’s Kim Lewandowksi, Snyk’s Randall Degges, and Tailscale’s Maya Kaczorowski are not strangers to these challenges. In a panel moderated by Accel’s Casey Aylward, they will discuss security resources for developers, and how to understand and effectively apply them before it’s too late.

In this episode of TFiR Let’s Talk, Swapnil Bhartiya sits down with Maya Kaczorowski, Product Manager at Tailscale, to discuss Tailscale SSH in beta and how it simplifies remote connections, taking away the need for SSH keys. She explains the motivation behind creating Tailscale SSH and what sticking points it is tackling.

| Virtual

.NET Rocks! | The State of Security in the Octoverse

  • Podcast
  • Open source security

How secure is your software? Carl and Richard talk to Maya Kaczorowski of GitHub about The State of the Octoverse Security Report — one of three annual reports coming from GitHub about how software is being built.

| Virtual

GitHub Checkout | Dependabot

  • Supply chain security

One library in your manifest can bring in a huge dependency tree. How do we track vulnerabilities and keep dependencies up to date?

| Virtual

GitHub Checkout | Dependency Review

  • Supply chain security

Dependency Review shows you a rich diff of dependency manifest changes while reviewing pull requests, letting you see exactly what’s changed.

Following DevSecOps means approaching security as an ongoing part of software development — and staying up to date on the code your software depends on. Join Mikail Tunç, Principal AppSec Engineer at Mettle, and Maya Kaczorowski, GitHub Product Manager for an in-depth conversation into how Mettle uses GitHub’s application security capabilities to understand which dependencies they use, their vulnerabilities, how to patch them — and get back to work.

| Virtual

Electro Monkeys | La sécurité dans tous ses états — la chaine d’approvisionnement logicielle et l’open source

  • Podcast
  • Container security
  • Supply chain security
  • Open source security
  • French

La sécurité est un aspect fondamental et pourtant souvent négligé de nos systèmes d’information. Le code est la base de code sont aujourd’hui au coeur de toute entreprise technologique. Mais alors quels sont les problèmes soulevés, quelles solutions y apporter et avec quels outils ?

Following DevSecOps means approaching security as an ongoing part of software development — and staying up to date on the code your software depends on. Join Jon Kohler, Nutanix Technical Director, and GitHub Product Manager Maya Kaczorowski for an in-depth conversation into how Nutanix uses Dependabot and the GitHub dependency graph to understand which dependencies they use, their vulnerabilities, how to patch them — and get back to work.

Many IT teams begin moving their applications to containers and Kubernetes after their managers mandate the switch. Then in the rush to deploy they may forget, or simply delay, some fundamentals. Only six to 12 months later does integrating security into their CI/CD pipeline becomes a priority. This gradual evolution toward cloud native security best practices is worrisome, but it’s the norm among organizations adopting Kubernetes today. This is what we learned from a panel of cloud native security experts at The New Stack’s pancake and podcast from KubeCon+CloudNativeCon North America this week.

| Virtual

BMC Run and Reinvent | Container Security

  • Container security
  • Podcast

Listen to this very insightful episode with special guest from Google, Maya Kaczorowski, as she discusses container security with BMC Solutions Architect, Ajoy Kumar.

Containers are making it easier for developers to build and deliver applications in the cloud. However, managing risk around container deployments remains a significant challenge for security teams. Join this session to learn about the security challenges around container deployments and best practices to follow while securing containers.

| Virtual

GCP Podcast | Container security

  • Podcast
  • Container security

Let’s talk container security! This week, Melanie and Mark learn all about the three main pillars of container security and more with our guest, Maya Kaczorowski.

| San Francisco

Video tour | Google Infrastructure Security

  • Infrastructure security
  • Encryption
  • Interview

Did you know that Google has invested $30.9 billion to build out our global infrastructure over the past 3 years? Learn more about Google’s infrastructure security through a tour with product manager Maya Kaczorowski and developer advocate Cassie Kozyrkov.

| Virtual

Kubernetes Podcast | Security

  • Podcast
  • Container security

On this week’s Kubernetes Podcast, your hosts talk to Maya Kaczorowski from Google Cloud about Kubernetes security, and look at announcements from Microsoft, Docker, Cisco and Spotify.

| Virtual

Software Engineering Daily | Container security

  • Podcast
  • Container security

Maya Kaczorowski works on container security at Google. In a recent talk at KubeCon, Maya discussed runtime security of containers on Kubernetes. Maya joins the show to discuss container security, and what it means to software developers and operators.

With container adoption on the rise, new security strategies are needed to address the unique challenges that containers represent. In this panel discussion, container experts will discuss the security risks of containers and briefly examine many of the multiple approaches that can be taken to achieve security in a container-based environment and a hybrid cloud world.

| Virtual

Women in Tech Podcast | Container Security

  • Podcast
  • Women
  • Container security

As public cloud adoption continues to accelerate, security becomes a top priority for many organizations. Maya Kaczorowski, Product Manager at Google Container Security explains what security consisted of in legacy systems. We then talked about the security panorama in the cloud, specifically in containerized applications. Maya explained various security risks in these applications as well as solutions. One of these is gVisor, a new open source sandbox that provides secure isolation for containers.

| Copenhagen

KubeCon Europe 2018 | Modern App Security Requires Containers

  • Container security
  • Panel

Using containers, enterprises now have strong, secure-by-default primitives available for deploying apps to their infrastructure. Containers are enabling organizations to adopt better engineering practices like immutable infrastructure — increasing deployment agility and reducing mean time to patch. Companies are thinking strategically about to securely manage their software supply chains. Moderated by eWeek’s Senior Editor, Sean Michael Kerner, collaborators in the container ecosystem will share how containers are revolutionizing the way apps are secured and how we can expect container security to evolve in the future. The panel will also touch on open source projects Notary, TUF, SPIFFE, and OPA.

| Copenhagen

Google Cloud at KubeCon | Cloud SCC container security partners

  • Container security
  • Interview

At KubeCon + CloudNativeCon Copenhagen we announced that five container security companies have integrated their tools with the Cloud Security Command Center to help you better secure the containers you’re running on Kubernetes Engine. Our PM in container security, Maya Kaczorowski, will meet them to discuss their technical integrations.

| Copenhagen

The New Stack Pancake Breakfast at KubeCon | Securing #Kubernetes

  • Container security
  • Panel

To do cloud-native computing, you need to identify all your workloads, and, more importantly, they need the ability to identify each other, so they can work together in automated chains. To aid in this task, the Cloud Native Computing Foundation has adopted the open source SPIFFE specification, and its associated SPIRE runtime. SPIFFE provides a standard for securely identifying software components in heterogeneous IT systems and SPIRE is the engine that can make it happen (and, in this setup, CNCF’s Open Policy Agent [OPA] can enforce the authorization duties).

You’ll soon be able to manage security alerts for your clusters in Cloud Security Command Center (Cloud SCC), a central place on Google Cloud Platform (GCP) to unify, analyze and view security data across your organization. Further, even though we just announced Cloud SCC a few weeks ago, already five container security companies have integrated their tools with Cloud SCC to help you better secure the containers you’re running on Google Kubernetes Engine.

Can management of encryption keys be easier in the cloud than on-premise? During this video, Maya Kaczorowski discusses the continuum of encryption options available, from encryption of data at rest by default, to Cloud Key Management System, to Customer Supplied Encryption Keys. You’ll learn how our encryption tools allow management of your own keys, including generation, rotation and destruction of those keys. She also shares best practices for managing and securing secrets.

How does Google encrypt data at rest? This talk will cover how Google shards and encrypts data by default, Google’s key management system, root of trust, and Google’s cryptographic library. Google Cloud Platform encrypts customer content stored at rest, without any action from the customer, using one or more encryption mechanisms. We will also discuss best practices in implementing encryption for your storage system(s).