Google Cloud Next

Keyless Entry: Securely Access GCP Services from Kubernetes

This is a talk I gave with Aaron Small and Mike Danese about foregoing long lived credentials (PKI) for short lived access tokens on GKE.

You can read about it over on the Google Cloud Blog, too!

No more exporting Google service account keys or lumping permissions onto one account. Kubernetes now provides a way for Kubernetes workloads to prove their identity outside of their cluster. We’ve built on this to deliver a simpler, more secure way to authenticate to Google services whether you’re running Kubernetes on GKE, GCP, on-premises, or a hybrid mix. This talk will explain and demonstrate how to use this exciting new capability to easily access Google Cloud services without any changes to your application code.

Securing the Software Supply Chain

This is a talk Jianing Guo and I gave at Google Cloud Next 2018 about securing software supply chains with Binary Authorization. I showed off the tool my team developed called Voucher which we later donated to the Grafeas organization.

I also wrote about this over on

Containers have revolutionized how we develop, package, and deploy applications. As enterprises create more containerized workloads, the security of the software supply chain must be top of mind. Join this session to learn how security teams can enhance deploy-security security. We’ll also hear from the security team at Shopify to learn how they use GCP tools as part of their container security strategy and best practices.