SANS 2026 Kubernetes & CNAPP Forum

Thu, Jan 15, 2026
10:00AM - 5:00PM EST
English
Dave Shackleford
Solutions Forum

Thank You To Our Sponsors

The SANS 2026 Kubernetes and CNAPP Forum is a focused, one-day event designed for security professionals, DevOps teams, and cloud architects seeking to secure modern, containerized applications. As Kubernetes and Cloud-Native Application Protection Platforms (CNAPPs) become core to enterprise infrastructure, this forum explores the evolving threat landscape, key attack vectors, and emerging defense strategies. Through expert-led sessions, technical demos, and case studies, attendees will learn how to integrate CNAPP capabilities, harden Kubernetes environments, and build continuous, scalable security into the cloud-native lifecycle—empowering organizations to protect what they deploy in real time.

Schedule

Showing 8 of 8

Filter by:

Select day:

Opening Introduction and Housekeeping

10:00AM - 10:15AM EST

Presented by

Dave Shackleford

Senior Instructor

Virtual

Session Two

*Sponsored by Sweet Security

10:15AM - 10:45AM EST

Virtual

Why You Need CNAPP for Complete K8S Security

Kubernetes is powerful but notoriously difficult to secure with point tools alone. Misconfigurations, workload vulnerabilities, excessive permissions, and runtime threats often span multiple layers, making it easy for risks to hide in plain sight. This webinar explains how a Cloud-Native Application Protection Platform (CNAPP) unifies visibility and security across clusters, workloads, identities, and pipelines to deliver true end-to-end K8s protection. Learn why CNAPP is the most effective way to reduce blind spots, detect active threats, and secure Kubernetes at scale.

10:45AM - 11:15AM EST

Presented by

Tim Chase

Field CISO and Product Marketing Director

Virtual

Session Four

*Sponsored by Fortinet

11:15AM - 11:45AM EST

Virtual

Break

11:45AM - 12:00PM EST

Virtual

Session Five

Defending Kubernetes at Runtime: Where Configuration Ends and Reality Begins

Kubernetes security controls traditionally focus on configuration, policy, and pre-deployment validation. However, real-world attacks rarely exploit malicious images or bypass admission checks. Instead, they abuse trusted identities and legitimate workloads at runtime.

This session explains why runtime execution is the only place where meaningful attack behavior becomes visible in Kubernetes. Using a practical attack-path perspective, the talk highlights common runtime techniques used for execution, persistence, and lateral movement, and outlines what effective runtime security looks like in production. You’ll also hear how Upwind approaches this challenge: by embedding eBPF-based sensors at the kernel level to capture workload behavior in real time, enriched with Kubernetes context and cloud metadata. This gives teams live visibility into what’s actually happening in their clusters, so they can stop guessing and start defending with clarity.

12:30PM - 01:00PM EST

Presented by

Gourav Nagar

Head of Information Security

Virtual

Closing Remarks

01:00PM - 01:05PM EST

Presented by

Dave Shackleford

Senior Instructor

Virtual

Meet Your Chairperson

Dave Shackleford

Founder

Dave Shackleford, founder of Voodoo Security, has advanced cybersecurity through his leadership roles, including serving as CTO for the Center for Internet Security, where he coordinated the first published virtualization security benchmarks.

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

SANS 2026 Kubernetes & CNAPP Forum

Share

Thank You To Our Sponsors