Development
Design
Marketing
Business
Date
TBC
Duration
40 minutes
Location
TBC
Note: This session is included in the conference ticket, but specific program has not been finalised.
Terraform has quickly become one of the most popular IaC tools, gaining a large community that develops and maintains thousands of reusable open-source modules. Modules are one of the core features of Terraform and support rapid infrastructure configuration.
The Terraform Registry is the primary resource for retrieving modules. Unfortunately, the registry is woefully insecure to supply chain attacks, allowing any module author to modify the module’s files without changing the module’s version in the registry. During this talk, Kyle provides a live demonstration of how module authors can exploit this vulnerability to retrieve sensitive data about your infrastructure or make malicious modifications. He’ll review the options for defending against these attacks along with their strengths and weaknesses.
Kyle Kotowick
Founder & CEO
Invicton Labs
Kyle is the founder of a Canadian consulting and development firm that helps high-growth clients with cloud infrastructure, security, and IoT implementations. He has a Ph.D. from MIT and extensive experience as a consultant, systems architect, and developer for global firms, startups, and universities. He has also served as a lead engineer for the Government of Canada and conducted research for military navigation systems and life support systems in space. Kyle specialises in leading the development of project architecture, cloud services, and back-end software for both startup and enterprise clients.
