Ian Coldwater is an American computer security specialist, hacker, and speaker specializing in Kubernetes and cloud native security.[2][3] They are a Senior Principal Security Architect at Docker, Inc.,[1][4] and co-chair the Kubernetes special interest group Kubernetes SIG Security.[5][6][7]

Ian Coldwater
Coldwater, wearing a black parka and beanie hat
Ian Coldwater
Occupation(s)Computer security specialist and speaker
EmployerDocker, Inc.[1]
Organization(s)Kubernetes SIG Security, Open Source Security Foundation

Career

edit

Coldwater started working in tech in their thirties, starting in DevOps before focusing on security.[8] They began specializing in hacking and hardening Kubernetes containers, working as an independent penetration tester before joining Heroku as a lead platform security engineer.[8][9] From 2020 to 2023, they worked as a security architect at Twilio.[10][11] As of 2 April 2024, they work as a Senior Principal Security Architect at Docker, Inc.

Along with Tabitha Sable, they co-chair the Kubernetes special interest group, Kubernetes SIG Security.[5][6] They are also on the governing board of the Open Source Security Foundation.[12]

Coldwater has spoken at conferences including DEF CON,[13] Black Hat,[14] KubeCon and CloudNativeCon,[7] RSA Conference,[15] Velocity,[16] and devopsdays.[17][18] In 2020, they received the Top Ambassador award from the Cloud Native Computing Foundation for spreading interest in the area.[18]

Hacking Kubernetes, published by O'Reilly Media, credits Coldwater and Duffie Cooley for co-developing the "canonical offensive Kubernetes one-liner".[19] In 2020, Coldwater and Brad Geesaman presented a talk at RSA 2020 titled "Advanced Persistence Threats – The Future of Kubernetes Attacks",[20] in which they demonstrated bypassing Kubernetes audit logs and other attacks.[19] In 2021, Coldwater, with expertise from Chad Rikansrud, became the first person in history to escape a container on a mainframe.[13][21]

Personal life

edit

Coldwater lives in Minneapolis, Minnesota.[15] Politically, they identify as an anarchist.[22] Coldwater is non-binary, and uses they/them pronouns.[23]

See also

edit

References

edit
  1. ^ a b @IanColdwater (March 21, 2024). ""I'll be starting my new job as Principal Security Architect at @Docker on April 2"" (Tweet). Archived from the original on April 16, 2024. Retrieved April 16, 2024 – via Twitter.
  2. ^ Kennedy, Maddy (April 18, 2019). "100 women you should invite to speak at your next Twin Cities tech event". Minneapolis/St. Paul Business Journal. Archived from the original on July 31, 2021. Retrieved July 10, 2021.
  3. ^ Menn, Joseph (September 9, 2021). "Microsoft warns Azure customers of flaw that could have permitted hackers access to data". Reuters. Archived from the original on September 9, 2021. Retrieved September 9, 2021.
  4. ^ @IanColdwater (April 6, 2024). ""Senior Principal Security Architect"" (Tweet). Archived from the original on April 16, 2024. Retrieved April 16, 2024 – via Twitter.
  5. ^ a b Sharma, Mayank (December 4, 2020). "Docker support is being deprecated in Kubernetes - but not just yet". TechRadar. Archived from the original on July 10, 2021. Retrieved July 10, 2021.
  6. ^ a b Coldwater, Ian; Sable, Tabitha; Raghunathan, Savitha; Small, Aaron (May 14, 2021). Get In Containerds, We're Going Securing: Kubernetes SIG Security is Here! (Video). Cloud Native Computing Foundation. Event occurs at 0:10. Archived from the original on July 23, 2021. Retrieved July 23, 2021.
  7. ^ a b "Ian Coldwater". KubeCon + CloudNativeCon Europe 2020. 2020. Archived from the original on July 23, 2021. Retrieved July 23, 2021.
  8. ^ a b Coldwater, Ian (August 6, 2019). "Attacking and Defending Kubernetes, with Ian Coldwater". Kubernetes Podcast (Interview). Interviewed by Adam Glick; Craig Box. Google. Archived from the original on July 23, 2021. Retrieved July 23, 2021.
  9. ^ Combs, Veronica (May 1, 2021). "5 weird, cool things I learned from attending Deserted Island DevOps on Animal Crossing". TechRepublic. Archived from the original on May 7, 2021. Retrieved July 10, 2021.
  10. ^ Lima, Cristiano (September 16, 2021). "Why Democrats are rallying around creating a new FTC privacy bureau to police Big Tech". The Washington Post. Archived from the original on October 19, 2021. Retrieved May 17, 2022.
  11. ^ @IanColdwater (February 13, 2023). ""Today is my last day at Twilio."" (Tweet). Archived from the original on February 13, 2023. Retrieved April 16, 2024 – via Twitter.
  12. ^ "Governing Board". Open Source Security Foundation. Archived from the original on July 23, 2021. Retrieved July 23, 2021.
  13. ^ a b "DEFCON29 Speakers". DEF CON. 2021. Archived from the original on July 10, 2021. Retrieved August 5, 2021.
  14. ^ "Speaker: Ian Coldwater". Black Hat Briefings. Archived from the original on July 23, 2021. Retrieved July 23, 2021.
  15. ^ a b "Ian Coldwater". RSA Conference. Archived from the original on July 23, 2021. Retrieved July 23, 2021.
  16. ^ "Speaker: Ian Coldwater". O'Reilly Velocity Conference. 2019. Archived from the original on October 28, 2020. Retrieved July 23, 2021.
  17. ^ "Ian Coldwater". devopsdays. Archived from the original on July 23, 2021. Retrieved July 23, 2021.
  18. ^ a b Cloud Native Computing Foundation (November 20, 2020). "Cloud Native Computing Foundation Announces 2020 Community Awards Winners". Archived from the original on July 10, 2021. Retrieved July 10, 2021.
  19. ^ a b Martin, Andrew; Hausenblas, Michael (2021). Hacking Kubernetes : threat-driven analysis and defense (First ed.). Sebastapol, CA: O'Reilly Media. ISBN 978-1-4920-8170-8. OCLC 1276934473.
  20. ^ Geesaman, Brad (March 2, 2020). "Advanced Persistence Threats - The Future of Kubernetes Attacks". Darkbit. Archived from the original on August 3, 2021. Retrieved May 17, 2022.
  21. ^ "Container Breakout: Cybersecurity Lessons Learned". SHARE. Archived from the original on January 24, 2022. Retrieved January 24, 2022.
  22. ^ "@IanColdwater on Twitter". Archived from the original on June 18, 2021. Retrieved September 26, 2022.
  23. ^ Fee, Nočnica (March 24, 2021). "Inspiring Women in Tech You Should Be Following". New Relic. Retrieved July 22, 2023.
edit