Jay Beale discusses his K8s class at BlackHat, Kubernetes developments, and mental health
Thu Jul 17 2025
Youtube Video at: https://www.youtube.com/watch?v=yHPvGVfPgjI
Jay Beale is a principal security consultant and CEO/CTO for InGuardians. He is the architect of multiple open source projects, including the Peirates attack tool for Kubernetes (in Kali Linux), the Bustakube CTF Kubernetes cluster, and Bastille Linux. Jay created and leads the Kubernetes CTF at DEF CON and previously helped in the Kubernetes project's Security efforts. He’s co-written eight books and given many public talks at Black Hat, DEF CON, RSA, CanSecWest, Blue Hat, ToorCon, DerbyCon, WWHF, HushCon and others. He teaches the highly-rated Black Hat class, “Attacking and Protecting Kubernetes, Linux, and Containers.” He has served on the review board of the O’Reilly Security Conference, the board of Mitre’s CVE-related Open Vulnerability and Assessment Language, and been a member of the HoneyNet project. He’s briefed both Congress and the White House.
Questions and topics: (please feel free to update or make comments for clarifications)
* Kubernetes vs. Docker vs. LXC vs. VMs - why did you settle on K8s?
* What’s new with k8s? Version 1.33? Do you always implement the latest version in your CTF, or something that is deliberately vulnerable? (https://www.loft.sh/blog/kubernetes-v-1-33-key-features-updates-and-what-you-need-to-know)
* When you are making a CTF, what’s your methodology? Threat model then verify? Code review? Github pull requests?
* Story time; Not the first year you’ve done this(?), have participants ever surprised you finding something you didn’t expect?
* If I’m running K8s at my workplace, what should be bare minimum k8s security I should implement? Any security controls that I should implement that might cause performance or are ‘nice-to-have’ but may run counter to how orgs use k8s that I should be concerned about implementing?
Additional information / pertinent LInks (Would you like to know more?):
https://kubernetes.io/
DEF CON Kubernetes CTF: https://containersecurityctf.com/
Black Hat training: https://www.blackhat.com/us-25/training/schedule/index.html#0-day-unnecessary-attacking-and-protecting-kubernetes-linux-and-containers-45335
https://www.bustakube.com/
https://github.com/inguardians/peirates
Rory McCune’s blog: https://raesene.github.io/
https://www.oreilly.com/library/view/production-kubernetes/9781492092292/ - O’Reilly book: Production Kubernetes
Show points of Contact:
Amanda Berlin: https://www.linkedin.com/in/amandaberlin/
Brian Boettcher: https://www.linkedin.com/in/bboettcher96/
Bryan Brake: https://linkedin.com/in/brakeb
Brakesec Website: https://www.brakeingsecurity.com
Youtube channel: https://youtube.com/@brakeseced
Twitch Channel: https://twitch.tv/brakesec
More
Youtube Video at: https://www.youtube.com/watch?v=yHPvGVfPgjI Jay Beale is a principal security consultant and CEO/CTO for InGuardians. He is the architect of multiple open source projects, including the Peirates attack tool for Kubernetes (in Kali Linux), the Bustakube CTF Kubernetes cluster, and Bastille Linux. Jay created and leads the Kubernetes CTF at DEF CON and previously helped in the Kubernetes project's Security efforts. He’s co-written eight books and given many public talks at Black Hat, DEF CON, RSA, CanSecWest, Blue Hat, ToorCon, DerbyCon, WWHF, HushCon and others. He teaches the highly-rated Black Hat class, “Attacking and Protecting Kubernetes, Linux, and Containers.” He has served on the review board of the O’Reilly Security Conference, the board of Mitre’s CVE-related Open Vulnerability and Assessment Language, and been a member of the HoneyNet project. He’s briefed both Congress and the White House. Questions and topics: (please feel free to update or make comments for clarifications) * Kubernetes vs. Docker vs. LXC vs. VMs - why did you settle on K8s? * What’s new with k8s? Version 1.33? Do you always implement the latest version in your CTF, or something that is deliberately vulnerable? (https://www.loft.sh/blog/kubernetes-v-1-33-key-features-updates-and-what-you-need-to-know) * When you are making a CTF, what’s your methodology? Threat model then verify? Code review? Github pull requests? * Story time; Not the first year you’ve done this(?), have participants ever surprised you finding something you didn’t expect? * If I’m running K8s at my workplace, what should be bare minimum k8s security I should implement? Any security controls that I should implement that might cause performance or are ‘nice-to-have’ but may run counter to how orgs use k8s that I should be concerned about implementing? Additional information / pertinent LInks (Would you like to know more?): https://kubernetes.io/ DEF CON Kubernetes CTF: https://containersecurityctf.com/ Black Hat training: https://www.blackhat.com/us-25/training/schedule/index.html#0-day-unnecessary-attacking-and-protecting-kubernetes-linux-and-containers-45335 https://www.bustakube.com/ https://github.com/inguardians/peirates Rory McCune’s blog: https://raesene.github.io/ https://www.oreilly.com/library/view/production-kubernetes/9781492092292/ - O’Reilly book: Production Kubernetes Show points of Contact: Amanda Berlin: https://www.linkedin.com/in/amandaberlin/ Brian Boettcher: https://www.linkedin.com/in/bboettcher96/ Bryan Brake: https://linkedin.com/in/brakeb Brakesec Website: https://www.brakeingsecurity.com Youtube channel: https://youtube.com/@brakeseced Twitch Channel: https://twitch.tv/brakesec