What We Discuss with Mrunal Shah:
- 00:00 Intro
- 02:01 https://snyk.io/csp
- 02:30 Mrunal’s Professional Background
- 03:04 Why containers are popular (technical reasons)
- 04:05 Why containers are popular (leadership reasons)
- 5:39 Challenges with running a Container Security Program (Leadership)
- 06:34 Team skill challenge in a Container Security Program
- 08:57 When to pick AWS ECS vs AWS EKS?
- 10:53 ECS or EKS for building Banking Applications?
- 13:12 Would Kubernetes/ Containers be preferred for security reasons?
- 15:04 What would Amazon’s responsibility be for security with ECS/EKS?
- 16:13 What is bad about working with Containers in AWS?
- 19:40 Is there a need for anti-virus in a container world?
- 20:36 Balance of security when working with containers?
- 22:08 Threat Detection and Prevention in a Container Security Program
- 22:57 Using AWS Services for Threat Detection with Containers?
- 25:14 Runtime Threat Discovery vs Agentless Threat Discovery for containers in Cloud?
- 29:11 Prevention on the left vs Detection on the right of SDLC
- 29:22 Cluster Misconfig vs Service Misconfigurations?
- 30:19 Vulnerability Management vs Misconfiguration Management?
- 31:50 Inspector in a Container Security Program?
- 32:36 Detective in a Container Security Program?
- 35:36 Can AWS Services help when Non-AWS services are in use?
THANKS, Mrunal Shah!
If you enjoyed this session with Mrunal Shah, let him know by clicking on the link below and sending him a quick shout out at his website:
Click here to thank Mrunal Shah!
Click here to let Ashish know about your number one takeaway from this episode!
And if you want us to answer your questions on one of our upcoming weekly Feedback Friday episodes, drop us a line at email@example.com.
Resources from This Episode
- AWS ECR Vulnerability – https://blog.lightspin.io/aws-ecr-public-vulnerability
- AWS ECR Public Gallery – https://gallery.ecr.aws/