Loading…
← Back to schedule
Containers Don't Lie. But Your Security Tooling Might Be Missing What They're Saying
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Container security is one of those topics that sounds solved. We've got image scanning. We've got runtime policies. We've got Kubernetes RBAC. So why are containers still showing up as the initial access vector in breach reports year after year?


Because most of our tooling is looking at the wrong things at the wrong time.


This talk is about shifting container threat hunting from reactive to genuinely proactive, not by buying another tool, but by understanding what behavioral signals containers are already producing and building detection logic around those signals.


I've spent years running Kubernetes at scale in production environments, managing security for platforms that can't afford downtime and can't afford breaches. What I've learned is that containers are actually quite chatty. Syscall patterns, network connection behavior, image layer anomalies, runtime drift. They tell a story. The problem is most teams aren't set up to read it.


In this session, I'll cover:


- The most common gaps between what container scanning tools report and what's actually happening at runtime
- Behavioral indicators that predict compromise before it escalates, drawn from real incident data
- How to build a lightweight threat hunting workflow using open-source tooling (Falco, eBPF-based detection, and custom OPA policies) that doesn't require a six-figure budget
- A demo of an open-source AI-powered Docker security analyzer showing how AI-assisted analysis can surface vulnerabilities that static scanners consistently miss


The demo portion will be hands-on. We'll start with a "clean" container environment that passes standard scanning, introduce an attack scenario, and then walk through how behavioral hunting catches what the scanners don't.


By the end, you'll have a practical hunting framework, a set of detection rules you can implement immediately, and a better mental model for where container defenses actually break down in the real world.


This is for defenders who are tired of being told their container stack is secure, and then watching alerts prove otherwise.
Speakers
avatar for Advait Patel

Advait Patel

Senior Site Reliability Engineer, Broadcom
Advait Patel is a Senior Site Reliability Engineer at Broadcom with experienced in securing large-scale cloud platforms across AWS and GCP. He holds an MS in Computer Science from DePaul University and is a Docker Captain and Google Developer Expert in Google Cloud.
Advait is an active contributor to the security community as a founding member of the OWASP AI Vulnerability Scoring System (AIVSS), creator of the OWASP-adopted open-source tool DockSec, and co-author of cloud security guidelines for CSA. He has authored two Springer books on GCP... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning Software Privacy Terms
Share Modal

Share this link via

Or copy link