About Me

My name is Kevin Ward and I’m a Security Professional based in the UK.

I’ve been working in the security industry for over a decade, initially starting with engineering, pivoting to research and development, and then moving into consultancy in 2015. My journey reflects the current expectation of modern professionals, adapting to ever changing IT and security landscape.

I’ve delivered work in multiple security domains including Security Architecture, Security Engineering, Penetration Testing, Cloud and CI/CD Security. I’m used to working with difficult security requirements which require deep thinking to consider the various ways an adversary can compromise a system and designing layered security controls to protect against these attacks.

Interests

Professionally, I have a passion for offensive security as it enables me to understand the risks associated with architecture designs and effectively assess whether a system is exploitable or not. I enjoy looking at the end to end security of a system, from the moment that the code is written to the point at which it is running in production.

To be specific, I’m interested in:

Security Interest

Principles

I have a number of principles which have helped me progress through my career.

Secure by Hacking - I’ve always thought of security a bit like yin and yang, to know how secure a system is you need to hack it and if you want to hack a system you need to know how it is hardened.

Critical Thinking - There are so many paradigms in security where it is all too easy to make assumptions that a system is secure. I like to challenge these assumptions and whether existing system functionality can be changed or whether a feature can be abused.

Continuous Learning - IT never stops evolving and nor does my learning. It is essential to keep up to date on the latest trends and changes to IT systems as at some point I’ll likely be asked to assess the security of it.

Public Contributions

2020, CIS Benchmark GKE v1.0.0 Coauthored CIS Benchmark Google Kubernetes Engine

2022, KubeCon + CloudNativeCon Europe 2022, Tweezering Kubernetes Resources: Operating on Operators

2022, BadRobot, Operator Security Audit Tool

2022, Operator Threat Matrix, Kubernetes Operator Threat Matrix based on Mitre ATT&CK

2023, SteelCon, Capture the Flag – Kubernetes Edition Workshop

2023, KCDUK, CTF Workshop - Kubernetes Edition Workshop

2023, 44CON, Kuber-what? A Security Professionals Intro to Kubernetes and Containers

2023, KubeCon + CloudNativeCon North America, Introduction to Cloud Native Capture the Flag / Capture the Flag Experience

2024, Open Source Summit Europe, VSCorode: Inside Your IDE, Inside Your Git Repository