Hi, I'm Changhao Li π
A security engineer focused on cloud-native security. Over the past few years, I've been exploring ways to make containers and Kubernetes clusters more secure. I hold CKA and CKS certifications.
What I Do
My work centers around building cloud-native security systems, including Kubernetes intrusion detection, container sandbox hardening, and implementing cloud security capabilities (CWPP/KSPM). I believe good security products should be "out-of-the-box" β lowering the barrier to entry benefits everyone.
Currently, I'm also exploring AI security and observability in cloud-native environments β looking for interesting intersections.
Open Source
I'm fortunate to contribute to these open source projects:
- Elkeid - A security solution for hosts, containers, K8s, and serverless workloads
- vArmor - A cloud-native container sandbox based on AppArmor/BPF/Seccomp, documentation
Speaking
Occasionally, I share practical experiences at tech conferences:
- Black Hat USA 2024 Arsenal - vArmor: A Sandbox System for Hardening Cloud-Native Containers
- KCon 2024 - Kubernetes RBAC Security: Risks, Challenges and Protection
Why This Blog
Technology evolves fast, and writing helps me organize my thoughts and document what I learn. If anything here is helpful to you, that would be wonderful. Feel free to reach out β I'm always happy to discuss and learn together.
Contact
- π§ Email: [email protected]
- π GitHub: @ugorange
- π Website: https://ugorange.com