Matthew Brown
Matt Brown is a solutions architect at Sysdig, with a background spanning AppSec, IAM, and cloud runtime security. He’s currently focused on securing Kubernetes environments using open source tools that favor prevention over post-incident analysis. A lover of all things open source — from dev to cloud — he’s passionate about making security approachable and effective, especially for teams without enterprise budgets or armies of engineers.
Session
Many Kubernetes security strategies rely on detection after the fact: scan the image, ship the pod, then react to alerts. This talk flips that model by focusing on prevention over response. We’ll show how Kyverno blocks dangerous workloads before they deploy, and how KubeArmor enforces runtime behavior to stop malicious actions as they happen. These tools run in real clusters, use simple YAML policies, and don’t require changes to your workloads or underlying infrastructure. We’ll focus on common misconfigurations — like containers running as root — and show how they enable attacks like privilege escalation, tooling installs, and container escape, even in clusters that appear secure.