Kubernetes gives us abstraction and power—but with great YAML comes great responsibility. In this talk, we’ll walk through live demos of real-world misconfigurations that allow attackers to escape containers and tamper with the host. You’ll see exactly what happens when Pods run in privileged mode, use hostPath volumes carelessly, or retain excess Linux capabilities. We’ll also show how to detect these attacks in real time using Falco, and enforce safety nets with Pod Security Admission. If you’ve ever wondered "what’s the worst that could happen?"—this session answers that with receipts.

As a DevOps Engineer, I aim to enable developers and businesses to focus on their core competencies by tackling infrastructure challenges. Automation is fundamental to solve these challenges so, technologies such as Docker, Terraform, and Kubernetes are strong skills of mine. Also, I hold AWS Solutions Architect Professional, AWS DevOps Professional, GCP DevOps professional, Terraform Associate certifications.

I have held several senior positions in infrastructure, application support, and cloud computing - AWS and GCP - delivery in both startups and large corporations. This journey took me to live and work in 3 different countries: Brazil, Costa Rica, and Portugal, providing me constructive cultural exposure.

I firmly believe that education is crucial for our development. I have a bachelor's degree from FIAP (Brazil) and a Master's in Business Administration (MBA) from Hult International Business School (UK).