index.md

layout	title
default	About

About

Pushkar Joglekar is a Sr. Cloud Security Engineer II currently working at Credit Karma. He is also a Kubernetes security maintainer.

Since 2019, he feels incredibly fortunate to have written the security chapters in Nigel Poulton’s “The Kubernetes Book” which he looks forward to updating every year. Prior to this current role, he worked on securing massive Kubernetes deployments at Visa (End User) and VMware Tanzu (Service Provider), playing a dual role of a security architect and engineer. He is also the co-creator of award winning container runtime security tool: MASHUP

In his free time, he loves taking photos, watching cricket and firmly believes that Chai fixes everything!

Pushkar is based in San Francisco Bay Area!

Current Affiliations

Credit Karma

Cloud Security Engineering (Oct 2022 - Present)

• Sr. Cloud Security Engineer II
  • Design, Develop and Maintain cloud native security solutions, frameworks and platforms
  • Technical Lead for driving cross-org collaboration to reduce risk & improve security posture of our Google Cloud footprint
  • One of the trusted senior engineers responsible for secure design reviews of GenAI and Data Security usecases

Kubernetes

• Among Top 1-2% contributors worldwide since inception
• SIG (Special Interest Group) Security
  • Tooling Sub-Project Lead
• Associate Security Response Committee Member (May 2022 - Feb 2023)

Past Affiliations

CNCF (Cloud Native Computing Foundation)

• Among Top 2-3% contributors worldwide since inception
• TAG (Technical Advisory Group) Security
  • Tech Lead (Jan 2022 - June 2023)
  • Co-Chair (June 2023 - July 2024)
• Program Committee
  • Cloud Native SecurityCon Europe 2022
  • KubeCon + CloudNativeCon North America: Security + Identity + Policy Track
    • Member: 2022, 2021
    • Track Co-Chair: 2022

VMware Tanzu

Kubernetes Upstream Engineering (March 2021 - October 2022)

• Sr. Security Engineer → Staff Security Engineer
  • Working across Product, Compliance, and Engineering teams to move security left and up by balancing customer escalations with opensource contributions that enhance security posture of downstream products

Visa Inc.

Security Architecture & Engineering (June 2015 - March 2021)

• Information Security Analyst → Sr. Cybersecurity / Staff Engineer → Manager
  • Dual role of architect and engineer lead for securing containers, secrets and devops:
    • Led a team of 3-4 engineers building award winning container security product
    • Designed secure by default container platforms processing millions of transactions per day
    • Evangelized security topics via online/in-person speaking engagements from executives to developers
    • Deployed Secrets Mgmt. system with 99.999% availability serving 100+ apps

Carnegie Mellon University

• Graduate Degree (MS) in Information Technology - Information Networking Institute (Aug 2013 - May 2015)
• Graduate Teaching Assistant (Aug 2014 - May 2015)

ACI Worldwide Inc.

• Associate Software Engineer - Payments (June 2011 - July 2013)
• Worked on Development, Testing and Documentation for Mobile and Retail Payments applications
• Mentored 4 new graduate engineers to set them up for success in a month from joining the team

Patents

1. (13 Citations) Systems and Methods for generating behavior profiles for new entities
2. (30 Citations) Self-learning alerting and anomaly detection in monitoring systems
3. (21 Citations) Microservice adaptive security hardening
4. (13 Citation) Real-time entity anomaly detection
5. (23 Citations) Model shift prevention through machine learning
6. (75 Citations) Systems and methods to secure api platforms
7. (5 Citations) Proactive defense of untrustworthy machine learning system
8. (2 Citations) Systems, Methods, and Computer Program Products for Authorizing a Transaction

Note: 6 granted, 2 pending

Awards

• Google Open Source Peer Bonus Award 2022: Kubernetes and CNCF
• Kubernetes Community Awards 2021: Security
• CSO50 2019: Next Generation Security Product Award
• CMU INI 2015: Outstanding Student Service Award for Teaching Assistant

Publications

The Kubernetes Book, 2019 - Present

• Amazon Book Rating: 4.5/5 (1200+ reviews)
• Wrote both security chapters
• 20 Google Scholar Citations

Kubernetes Project Contributions

Official Blogs

• Updates to the Auto-refreshing Official CVE Feed, April 2023
• Current State: 2019 Third Party Security Audit of Kubernetes, Oct. 2022
• Implementing the Auto-refreshing Official CVE Feed, Sept. 2022
• Announcing the Auto-refreshing Official CVE Feed, Sept. 2022
• A Closer Look at NSA/CISA Kubernetes Hardening Guidance, Oct. 2021
  • Cited by Updated: NSA/CISA Kubernetes Hardening Guidance v1.1
• Cloud Native Security for your Clusters, Nov. 2020

Official Documentation

• References:
  • Ports and Protocols
  • Official CVE Feed
• Tutorials:
  • Apply Pod Security Standards at Cluster Level
  • Apply Pod Security Standards at Namespace Level
• Task: Verifying Signed Images

Project Enhancements

• Pod Security Admission
• Signing Release Artifacts
• Auto-refreshing Official CVE Feed

Cloud Native Security Whitepaper

• Version 2.0, May 2022
  • Media Coverage:
    • Container Journal
    • DevOps.com
    • RCR Wireless News
• Version 1.0, Nov. 2020
  • Audio version
  • Citations:
    • ACM
    • IEEE
  • Media Coverage:
    • Virtualization Review
    • TheNewStack
  • Translations:
    • Chinese
    • Portugese
    • Spanish

PCI (Payment Card Industry)

• SIG (Special Interest Group): Best Practices for Container Orchestration
• New Information Supplement: Guidance for Containers and Container Orchestration Tools
  • Blog
  • Guidance

Media Coverage

• CNCF Blog: Announcing the Refreshed Cloud Native Security Whitepaper, May 2022
• How to become a Cloud Native Security Engineer: Cloud Security Podcast, April 2022
• VMware Open Source Blog: Upstream: Jump on In, the Water’s Fine!, Dec. 2021
• Skedler: Navigating the messy world of (too many) CVEs, Nov. 2021
• Storychief: Catch up with Security SIG from KubeCon, Oct. 2021
• CSOOnline: How Visa Built its Own Container Security Solution, March 2020
• ItOpsTimes: Securing Kubernetes with STRIDE, Nov. 2019

Speaking Engagements

Thank God It's Kubernetes

• Episode 187 "Kubernetes Release - Image Signing MVP", March 2022
• Episode 174 "Verifying Signed Images with Connaisseur", Nov. 2021
• Episode 171 "Pod Security Problems", Oct. 2021

KubeCon + CloudNativeCon

• North America 2023
  • Chicago, Illinois, USA, Nov 6-9
    • SIG Security: Unravelling the Kubernetes Security Audit Together
      • Youtube Recording
    • Keynote: Hot Dog! The Technical Oversight Committee is on a Roll!
      • Youtube Recording
• North America 2022
  • Acceptance rate: 11% , 166 / 1526 submissions
  • Detroit, Michigan, USA, Oct 24-28
    • A Raccoon and a Group of Turtles Secure Clusters Together!
      • Youtube Recording
    • Tutorial: Reducing the Sticker Price of Kubernetes Security
      • Youtube Recording
• Europe 2022
  • Acceptance rate 12% , 148 / 1187 submissions
  • Valencia, Spain, May 16-20
    • We Lift Together: Kubernetes SIG Security Update
      • Youtube Recording
• North America 2021
  • Acceptance rate: 14% , 139 / 976 submissions
  • Los Angeles, CA, USA, Oct 11-15
    • Keeping Up with the CVEs: How to Find a Needle in a Haystack?
      • Youtube Recording
    • Security Through Transparency: Kubernetes SIG Security Update, Los Angeles, CA, USA, Oct 2021
      • Youtube Recording
• North America 2019
  • Acceptance rate: 12% , 211 / 1800 submissions
  • San Diego, CA, USA, Nov 15-21
    • Security Beyond Buzzwords: How to Secure Kubernetes with Empathy?

Kubernetes Security Bangalore Meetup, July 2021

• Youtube Recording
• Meetup Event
• Slides