Ashley Barker
Ashley Barker is a security and digital leader who bridges the worlds of security and technology, with over 10 years in cybersecurity and deep experience in digital delivery, products, and user-focused solutions. A passionate advocate for NIST CSF, OWASP, and SANS, he simplifies complex security challenges, building robust cloud and DevSecOps systems for global organisations. Staying hands-on, Ashley crafts practical solutions that secure critical systems while driving innovation, making him a go-to for turning chaotic projects into clear, effective outcomes.
Session
Cloud and container security feels like a scattered puzzle: development standards, CI/CD pipelines, guardrails, runtime security, logging, monitoring, and assurance. Together they form a resilient system, but most teams run them as independent silos, and that gap is exactly where attackers operate. This talk assembles those pieces by showing their critical connections, the misconceptions that leave them exposed, and the pitfalls that trip teams up at each stage.
Start with a question most developers get wrong: are containers isolated? They are not. Every container shares the same kernel, and that single misconception underpins a whole class of attacks that application-layer tooling cannot see. From there, the puzzle builds outward. CI/CD pipelines enforce automated checks, but signing does not mean secure. The 3CX attack produced validly signed malware that passed every test, and 83% of organisations still do not verify signatures. Guardrails maintain compliance, but 65% of clusters run flat networks, making lateral movement trivial once anything is compromised. Runtime security addresses the threats that static analysis is blind to entirely. Assurance binds it together, not as a GRC exercise, but as a cryptographic chain from commit to runtime that gives defenders something they can actually prove.
With 82% of cloud breaches stemming from misconfiguration across a surface of 15.6 million cloud-native developers, the problem is not a shortage of tools. It is fragmented defences that do not reinforce each other. The talk closes by connecting the framework to blue team operations: mapping each control layer to realistic SIEM ingestion, showing how those signals connect to threat intelligence, and working through the operational questions around log preservation, forensic readiness, and account access that defenders need answered before an incident rather than during one. A cheat sheet maps every component to detection opportunities and three actions attendees can take the following morning.
If you work in detection, response, or securing cloud infrastructure, this talk gives you the framework, the attack chains, and the operational questions to take back to your team.