In addition to my Personal Blog I’ve contributed content to a number of publications.

Datadog Blog

• Kubernetes security fundamentals: Authentication
• Kubernetes security fundamentals: API Security
• Kubernetes security fundamentals: Introduction
• Container Security Fundamentals: Part 6 - Seccomp
• Container Security Fundamentals: Part 5 - Apparmor and SELinux
• Container Security Fundamentals: Part 4 - Cgroups
• Container Security Fundamentals: Part 3 - Capabilities
• Container Security Fundamentals: Part 2 - Isolation & namespaces
• Container Security Fundamentals: Part 1 - Exploring containers as processes
• What's new for security in Kubernetes 1.28
• What's new for security in Kubernetes 1.27
• What's new for security in Kubernetes 1.26
• What's new for security in Kubernetes 1.25
• Attacker persistence in Kubernetes using the TokenRequest API: Overview, detection, and prevention

Kubernetes Blog

• Securing Admission controllers

TechBeacon

• Container Orchestration Advice for security teams
• a Hackers guide to Kubernetes security

DZone

• DZone Kubernetes Refcard

Aqua Blog

• Summary of new security features in Kubernetes 1.24
• A look at privilege escalation risks from access to the Kubernetes certificate signing request API
• Analysis of CVE-2022-23648 in ContainerD focusing on container breakout risks
• Analysis of CVE-2022-0811 in CRI-O focusing on the container breakout risks
• Analysis of CVE-2022-0492 in the Linux kernel focusing on container breakout risks
• Analysis of CVE-2022-0847 (a.k.a DirtyPipe) focusing on container breakout rirks
• A look at the node/proxy feature in Kubernetes and the risks of privilege escalation from user access to it
• Some thoughts on Zero Trust networking in a Kubernetes environment
• Implementing Container signing and scanning in Github Actions
• An article looking at some of the details of how Kubernetes implements RBAC and virtual verbs
• Analysis of CVE-2022-0185 in the Linux kernel focusing on container breakout risks
• Summary of the new security features in Kubernetes 1.23
• An article looking at how Trivy scans Golang programs for vulnerabilities
• A way of thinking about how to improve your Kubernetes security by increasing your "Mess-Up Tolerance"
• Review of the Docker Hub Official Images looking at how well maintained they are
• Top 10 Kubernetes Application Security Hardening Techniques
• Summary of the new security features in Kubernetes 1.22
• Article looking at the system:masters group in Kubernetes and the security risks of useing it
• A look at Kubernetes secret storage and why you should avoid storing secrets in configmaps
• Analysis of some of the challenges in uniquely identifying container images
• Summary of the new security features in Kubernetes 1.21

NCC Group Research Blog

• Kubernetes Security: Consider your threat model
• Setting a new standard for Kubernetes Deployments
• CIS Benchmark for Docker