Threat Modeling for Kubernetes - Enhancing Security Posture in Complex and Regulated Environments

Learn a practical, non-traditional threat modeling approach specifically designed for Kubernetes environments in this 31-minute conference talk from KubeCon + CloudNativeCon. Discover how to identify and assess security risks across clusters, workloads, and third-party components in complex Kubernetes deployments, with particular focus on challenges faced by regulated entities like financial institutions. Explore strategies for integrating threat modeling into development and Site Reliability Engineering (SRE) workflows to create sustainable security practices. Understand how large language models (LLMs) can accelerate threat identification processes, map security concerns to the MITRE ATT&CK framework, and support continuous security improvements. Gain concrete, actionable strategies for operationalizing threat modeling in your organization and strengthening your overall Kubernetes security posture, especially when dealing with complex third-party integrations including service mesh solutions, secrets management systems, and governance tools.