Atlantic Security Conference 2024
Springtime (especially early April) in the maritimes can always present interesting weather and of course, travel obstacles. As you can see in the photo below, it was a grey time of year. I experienced rain, high winds, hail, and snow — it didn’t disappoint from my past visits at this time of year. It really is a nice change to spend time in Halifax, the city still has many older buildings and architecture to experience. A small-town feel that has grown to attract many well-known companies and talent from afar.
After attending my first Atlantic Security Conference in 2023, the event was back for another year on April 4th & 5th 2024 at the Halifax Convention Centre. MOBIA, being an east-coast rooted company just had to be part of this ever-growing conference. For 2024, we were a Gold sponsor with our great ecosystem partner, SentinelOne.
One of the first things I noticed when entering the Halifax Convention Centre was the sheer size of the event, not to mention they had impressively graduated to consuming multiple floors of the event location. It immediately felt like a real conference (for anyone that has been to their share of conferences, you’ll know what I mean). Well organized, easy to navigate, many new faces, vendors, and of course, attendees. The main room was massive, beautifully setup and ready for the keynote.
I always enjoy a good keynote. The #1 thing I like to take away from a conference is to learn or discover something you haven’t heard of or a different point-of-view that you can add to your life (day-to-day) toolkit. It is not just about the technology, there are people from many different places that have their own interests, experiences, and things to share. Chris Gates a Sr. Offensive Security Manage at Robinhood was the keynote speaker; his talk: F*ck It — Just Get Your Feet Wet! — Using A Hacker Mindset & Mindfulness to Maximize Your Life Experience was really a different and inspirational start to a security conference. Chris describes himself as a spiritual fitness coach, energy healer, hacker & recovering angry and depressed guy. Not what I was expecting from a keynote or speaker at a security conference. I left his talk energized and very motivated to network at the conference, but most importantly, some positive take-aways from Chris to integrate into my everyday life and mindset. You can find out more about Chris via his website.
AtlSecCon offered many informative talks through both Day 1 and Day 2. As many in the IT space, technology, and the world as a whole, AI talks were the main focus as many are looking for creative ways to leverage AI in their businesses and gain efficiencies in their everyday life.
I was accepted by the AtlSecCon team to return as a speaker in 2024, delivering a talk on Secure, Dynamic Certificate Lifecycle Management. In 2023, MOBIA’s Office of the CTO (OCTO) presented a well-attended session on Security in a Dynamic Container World. This session focused on thinking of security in a different way when it comes to managing and operating Kubernetes, this is a different platform in many ways, and the security approach must reflect this. Software security (build & runtime), platform security (trusted & scanned container images, approved Operators, enterprise approved security tooling) and the key point that Kubernetes is not a Virtual Machine (so don’t treat it that way), it is a dynamic orchestration platform where security needs to be inherent and part of the platform, while always thinking about the consumers and their experience.
For 2024, I submitted this talk track since it was something I had seen as a major gap in the field when working with clients. The challenge: to solve Kubernetes platform and certificate lifecycle management for platform operators, tenants, and other personas. Automation being one of my main areas of focus at MOBIA is constantly driving me to look at different ways that clients can leverage it to increase their efficiencies, but most importantly, build a process they can use repeatedly. Certificates don’t last forever, and with short-lived certificates a real thing in the security space, how can platform operators and administrators, as well as application developers integrate certificate management as code into their automation, pipelines, and applications for a seamless experience?
The talk touched on some of the important points above and a few tools to get started with when managing certificate lifecycle in Kubernetes:
- cert-manager — CNCF Project: X.509 certificate management for Kubernetes and OpenShift
- Kubernetes Config Syncer: Keeps ConfigMaps and Secrets synchronized across Namespaces or Clusters
- Cert Utils Operator: Populate Route certificates on Red Hat OpenShift
- Kubernetes up and running:
- Red Hat OpenShift Local / Code Ready Containers (CRC)
- minikube
OR
- Get started with Terraform to deploy Kubernetes on:
- Amazon EKS
- Azure AKS
- Google GKE
At the end of AtlSecCon Day 1, MOBIA and our amazing ecosystem partners, SentinelOne, Rubrik and Zscaler held a networking event, tour, and tasting at Alexander Keith’s Brewery. For anyone that hasn’t been to Halifax, this is a unique view into the nearly 200 year old history of Alexander Keith’s Brewery. Customers and attendees were treated to discover the art of brewing, and indulge in a tasting experience featuring a selection of their finest craft beers. It was a great way to close out Day 1.
Day 2 of AtlSecCon at the MOBIA and SentinelOne booth brought consistent traffic, many great discussions, and connecting in-person for the first time with many. Personally I enjoyed connecting with ambitious students from local universities and colleges such as Dalhousie and NSCC, networking and learning about different challenges others are experiencing, not to mention the up-and-coming future of security professionals.
Take Aways
- Get your feet wet! — Try a new piece of software, tool, PoC, or programming language (get a trial or reach out if you need help)
- Connect with new peers you met at the conference
- Check out my Git repo for the talk and other code
- Submit a talk for AtlSecCon 2025!
The Atlantic Security Conference 2024 was the best yet, I am already looking forward to the 2025 event. Many thanks to the board and organizing committee for and impressive event and effort to build the security community in the east!
