Presenters Junyuan Zeng Wei Zhang Source OpenSource SecurityCon NA 2025 LinkedIn’s Identity Revolution: From Fragile PKI to Spire-Powered Security! 🚀 Ever feel like your security infrastructure is a house of cards? 🃏 That’s exactly where LinkedIn found itself a few years ago. Their homegrown Public Key Infrastructure (PKI) system, built on a basic Python server, was buckling under the weight of their massive microservice architecture. It was a system that screamed “legacy” – lacking scalability, standard identity formats, and the ability to efficiently manage certificates. Imagine trying to build a skyscraper on a sandcastle foundation! 🏗️ ...

Presenters Jeff Diecks Source OpenSource SecurityCon NA 2025 AI Cyber Challenge: Revolutionizing Open Source Security with Intelligent Automation 🚀 The world of open-source software is the backbone of our digital infrastructure, but it’s also a prime target for cyber threats. For years, the challenge has been not just finding vulnerabilities, but fixing them efficiently. Enter the AI Cyber Challenge (AICC), a groundbreaking initiative that brought together cutting-edge AI and the open-source community to tackle this critical problem head-on. ...

Presenters Tyler Schade Source OpenSource SecurityCon NA 2025 From Bare Metal to Bulletproof: Securing Your Cloud-Native Kingdom with TPMs and SPIRE 🚀 The quest for secure, modern infrastructure is a constant battle, especially in the dynamic world of cloud-native. Geico Insurance, a company at the forefront of digital transformation, is tackling this challenge head-on, not just in the cloud, but right down to the foundational bare metal of their data centers. Tyler Shade, a Software Engineer at Geico, shared his team’s compelling journey into bootstrapping trust and building a truly secure, identity-first infrastructure. ...

Presenters Maxime Coquerel Source OpenSource SecurityCon NA 2025 Revolutionizing Kubernetes Security: From Weeks to Days with AI-Powered Threat Modeling 🚀 In today’s rapidly evolving cloud landscape, securing Kubernetes deployments isn’t just a good idea; it’s an absolute necessity. The intricate nature of Kubernetes, with its distinct control and data planes, presents a complex web of potential vulnerabilities. But what if we told you that the arduous task of threat modeling, which traditionally consumes weeks, could be slashed down to mere days? That’s precisely the promise of an innovative AI-powered solution presented by Maxim Cochril, Principal Cloud Security Architect at RBC and CNCF Ambassador. ...

Presenters Dor Serero Michael Katchinskiy Source OpenSource SecurityCon NA 2025 Kubernetes Security: Beyond the CVEs, Mastering the Boundaries 🛡️ Kubernetes. It’s the engine powering so much of our modern cloud-native world. But with great power comes great responsibility, and let’s be honest, security can feel like a labyrinth. This presentation dives deep into the heart of Kubernetes vulnerabilities, not to get lost in the weeds of every single exploit, but to extract the real lessons and equip us with the proactive controls to build truly resilient environments. The core message is clear: we’re seeing a recurring pattern of vulnerabilities, and by understanding these patterns and fortifying our boundaries, we can get ahead of the game. ...