Skip to main content
Wakeward’s Security Blog

About Me

Kevin Ward
Kevin Ward
Principal Product Security Engineer | Offensive Security and Research

I’m a Security Professional based in the UK with over a decade of experience spanning engineering, R&D, and consultancy.

My work sits at the intersection of building and breaking – I focus on cloud security, Kubernetes, CI/CD pipelines, software supply chain, application security, and offensive security. I enjoy tracing the full lifecycle of code, from the moment it’s written to the point it’s running in production, and finding the gaps an adversary would exploit along the way.

I’ve delivered across security architecture, engineering, and penetration testing, and I’m most at home with complex problems that demand layered thinking and creative attack modelling.

Principles
#

I have a number of principles which have helped me progress through my career.

Secure by Hacking - I’ve always thought of security a bit like yin and yang, to know how secure a system is you need to hack it and if you want to hack a system you need to know how it is hardened.

Critical Thinking - There are so many paradigms in security where it is all too easy to make assumptions that a system is secure. I like to challenge these assumptions and whether existing system functionality can be changed or whether a feature can be abused.

Continuous Learning - IT never stops evolving and nor does my learning. It is essential to keep up to date on the latest trends and changes to IT systems as at some point I’ll likely be asked to assess the security of it.

Public Contributions
#

2020, CIS Benchmark GKE v1.0.0 Co-authored CIS Benchmark Google Kubernetes Engine

2022, KubeCon + CloudNativeCon Europe 2022, Tweezering Kubernetes Resources: Operating on Operators

2022, BadRobot, Operator Security Audit Tool

2022, Operator Threat Matrix, Kubernetes Operator Threat Matrix based on Mitre ATT&CK

2023, SteelCon, Capture the Flag – Kubernetes Edition Workshop

2023, KCDUK, CTF Workshop - Kubernetes Edition Workshop

2023, 44CON, Kuber-what? A Security Professionals Intro to Kubernetes and Containers

2023, KubeCon + CloudNativeCon North America, Introduction to Cloud Native Capture the Flag / Capture the Flag Experience

2024, Open Source Summit Europe, VSCorode: Inside Your IDE, Inside Your Git Repository

2024, KubeCon + CloudNativeCon North America, Introduction to Cloud Native Capture the Flag / Capture the Flag Experience

2025, KubeCon + CloudNativeCon Europe, Introduction to Cloud Native Capture the Flag / Capture the Flag Experience

2025, MITRE ATT&CK - Software Extensions: IDE Extensions, Contributed to the MITRE ATT&CK Framework