Jim highlights that while they purposely made Kyverno really full-featured it is a policy enforcement point, not a tool for admin or management.
Most Kubernetes security breaches don't come from zero-day exploits - they come from misconfigurations. While your team runs scanners and reviews reports, containers are already running as root, network policies are missing, and compliance violations are piling up across dozens of repositories.
Jim Bugwadia, co-founder and CEO of Nirmata and creator of Kyverno, joins Cory to talk about a different approach: policy as code. Instead of asking developers to remember security best practices across every repo, what if your cluster automatically enforced secure defaults and blocked non-compliant deployments before they ever reached production?
You'll learn how to start using Kyverno today without breaking your production environment - from running your first audit scan (no installation required) to implementing enforcement mode with exceptions. Jim explains why micro-segmentation matters more than ever, how to automate network policies for every namespace, and why platform teams are using Kyverno for everything from security to cost optimization.
Whether you're running one cluster or managing Kubernetes at scale, this conversation offers practical strategies for making security a byproduct of your platform - not an afterthought.
Topics covered:
Why shift-left security fails and what "shift-down" means for platform teams
How to implement Kubernetes policy enforcement without grinding deployments to a halt
Automating secure defaults: network policies, resource quotas, and role bindings
The crawl-walk-run approach to rolling out policies in existing clusters
Real-world use cases beyond security: cost optimization and resource management
#platformengineering #kubernetes #policy #code #security
Guest: Jim Bugwadia, Co-Founder & CEO of Nirmata and creator of Kyverno
Jim Bugwadia is the Co-founder and CEO of Nirmata, a Kubernetes management platform built for enterprises to simplify and scale cloud-native operations across clouds, data centers, edge, and connected devices. With a mission to democratize cloud-native best practices, Jim brings deep expertise in building large-scale software products and leading high-performing teams. Before founding Nirmata, he led a global consulting team at Cisco, guiding enterprises and service providers on their cloud computing journeys. Earlier in his career, he contributed to innovative products at startups and major companies including Trapeze Networks, Pano Logic, Jetstream, Lucent, and Motorola. A hands-on technologist, Jim continues to code in Go, Java, and JavaScript, reflecting his passion for building in the rapidly evolving world of software.
Jim Bugwadia, LinkedIn 👉 / jimbugwadia
Jim Bugwadia, X 👉 https://x.com/JimBugwadia
Nirmata 👉 https://nirmata.com/
Kyverno 👉 https://kyverno.io/
Links to interesting things from this episode:
Kyverno Community Repository 👉 https://github.com/kyverno/community
“Shift-Down Security” Paper 👉 https://github.com/kubernetes/sig-sec...
OpenReports 👉 https://www.cncf.io/blog/2025/05/06/a...
Policy Reporter 👉https://kyverno.io/docs/kyverno-polic...
“The Shai-Hulud npm malware attack: A wake-up call for supply chain security” 👉 https://www.blackduck.com/blog/npm-ma...
Kyverno Slack Channel 👉 https://kyverno.io/community/#slack-c...
Chapters
0:19 From Telecom Roots to Kubernetes: Jim’s Career Journey
4:30 Mission‑Critical Software and Why Kubernetes “Complexity” Is a Feature
7:45 Reports vs Real Security: Why “Fix It Later” Fails
12:30 Policy as Code and the Rise of Kyverno
18:00 Shift Left vs “Shift Down” Security for Platform Teams
23:16 Locking Down Kubernetes: Namespaces, Network Policies, and Micro‑Segmentation
30:00 Getting Started with Kyverno: Audit, Enforce, and Exceptions
36:30 Beyond Open Source: Where Nirmata Comes In
40:54 AI Agents, Auto‑Remediation, and What’s Next for Policy‑Driven Security
Информация по комментариям в разработке