Matteo Bisi
@msbiro.net
Italian DevSecOps Team Leader
@cloudnativedaysitaly.org 2026 🇮🇹Organizer
Based in Galway, Ireland
My blog: www.msbiro.net
@cloudnativedaysitaly.org 2026 🇮🇹Organizer
Based in Galway, Ireland
My blog: www.msbiro.net
🔒 Docker Hardened Images: FREE & open source.
✅ Near-zero CVEs
✅ SBOMs + SLSA
✅ Hardened Helm charts
✅ MCP servers
Security for all.
www.msbiro.net/posts/docker...
#DevSecOps #Docker #CloudNative
✅ Near-zero CVEs
✅ SBOMs + SLSA
✅ Hardened Helm charts
✅ MCP servers
Security for all.
www.msbiro.net/posts/docker...
#DevSecOps #Docker #CloudNative
Docker Hardened Images Are Now Free and Open Source
Docker has made a significant move by releasing their Hardened Images catalog as free and open source. This post explores what this means for developers, the inclusion of Helm charts and MCP servers, ...
www.msbiro.net
December 18, 2025 at 11:33 AM
🔒 Docker Hardened Images: FREE & open source.
✅ Near-zero CVEs
✅ SBOMs + SLSA
✅ Hardened Helm charts
✅ MCP servers
Security for all.
www.msbiro.net/posts/docker...
#DevSecOps #Docker #CloudNative
✅ Near-zero CVEs
✅ SBOMs + SLSA
✅ Hardened Helm charts
✅ MCP servers
Security for all.
www.msbiro.net/posts/docker...
#DevSecOps #Docker #CloudNative
Join Telegram channel → get info early → save money → buy more coffee ☕.
@cloudnativedaysitaly.org (18-19 May 2026, Bologna) → t.me/cloudnatived...
@cloudnativedaysitaly.org (18-19 May 2026, Bologna) → t.me/cloudnatived...
CloudNativeDaysItaly
🚀 The Italian Cloud Native community will come together for two unforgettable days of sharing, learning and connection. Be part of it!
t.me
December 18, 2025 at 8:16 AM
Join Telegram channel → get info early → save money → buy more coffee ☕.
@cloudnativedaysitaly.org (18-19 May 2026, Bologna) → t.me/cloudnatived...
@cloudnativedaysitaly.org (18-19 May 2026, Bologna) → t.me/cloudnatived...
MITRE's 2025 CWE Top 25: XSS #1, SQLi #2 from 39k CVEs. Missing auth rises; memory bugs persist.
Prioritize input validation & CI/CD scans for cloud-native.
Full post: www.msbiro.net/posts/top25m...
#CWE #MITRE #DevSecOps #Cybersecurity
Prioritize input validation & CI/CD scans for cloud-native.
Full post: www.msbiro.net/posts/top25m...
#CWE #MITRE #DevSecOps #Cybersecurity
https://www.msbiro.net/posts/top25mitre2025/
December 17, 2025 at 8:34 AM
MITRE's 2025 CWE Top 25: XSS #1, SQLi #2 from 39k CVEs. Missing auth rises; memory bugs persist.
Prioritize input validation & CI/CD scans for cloud-native.
Full post: www.msbiro.net/posts/top25m...
#CWE #MITRE #DevSecOps #Cybersecurity
Prioritize input validation & CI/CD scans for cloud-native.
Full post: www.msbiro.net/posts/top25m...
#CWE #MITRE #DevSecOps #Cybersecurity
Kubernetes Security 2025: Stable wins + 2026 preview!
✅ Bound SA tokens, Sidecar Containers, RRO mounts, RBAC selectors, namespace deletion fix
🔮 2026: User Namespaces beta/default, Pod mTLS certs, image pull auth
www.msbiro.net/posts/kubern...
#Kubernetes #DevSecOps #CloudNative
✅ Bound SA tokens, Sidecar Containers, RRO mounts, RBAC selectors, namespace deletion fix
🔮 2026: User Namespaces beta/default, Pod mTLS certs, image pull auth
www.msbiro.net/posts/kubern...
#Kubernetes #DevSecOps #CloudNative
www.msbiro.net
December 8, 2025 at 2:08 PM
Kubernetes Security 2025: Stable wins + 2026 preview!
✅ Bound SA tokens, Sidecar Containers, RRO mounts, RBAC selectors, namespace deletion fix
🔮 2026: User Namespaces beta/default, Pod mTLS certs, image pull auth
www.msbiro.net/posts/kubern...
#Kubernetes #DevSecOps #CloudNative
✅ Bound SA tokens, Sidecar Containers, RRO mounts, RBAC selectors, namespace deletion fix
🔮 2026: User Namespaces beta/default, Pod mTLS certs, image pull auth
www.msbiro.net/posts/kubern...
#Kubernetes #DevSecOps #CloudNative
Reposted by Matteo Bisi
Proof that developers do leave their keyboards and talk to other humans.
✋ 2025 attendees: raise your hand if you spot yourself in the reel 👇
#CloudNativeDaysItaly2026
✋ 2025 attendees: raise your hand if you spot yourself in the reel 👇
#CloudNativeDaysItaly2026
December 4, 2025 at 2:37 PM
Proof that developers do leave their keyboards and talk to other humans.
✋ 2025 attendees: raise your hand if you spot yourself in the reel 👇
#CloudNativeDaysItaly2026
✋ 2025 attendees: raise your hand if you spot yourself in the reel 👇
#CloudNativeDaysItaly2026
I've published a comprehensive guide on hardening sshd_config for modern Linux systems, covering root login, key authentication, modern ciphers, and enterprise configurations.
www.msbiro.net/posts/back-t...
Read the full guide.
#DevSecOps #Cybersecurity #Linux #SSH #InfoSec
www.msbiro.net/posts/back-t...
Read the full guide.
#DevSecOps #Cybersecurity #Linux #SSH #InfoSec
Back to Basics: My Opinionated 2025 sshd_config Hardening
Back-to-basics sshd_config hardening for 2025: opinionated settings to disable root login, enforce key auth, modern ciphers, and timeouts. Secure your Linux servers from the ground up—no Kubernetes re...
www.msbiro.net
December 3, 2025 at 7:45 PM
I've published a comprehensive guide on hardening sshd_config for modern Linux systems, covering root login, key authentication, modern ciphers, and enterprise configurations.
www.msbiro.net/posts/back-t...
Read the full guide.
#DevSecOps #Cybersecurity #Linux #SSH #InfoSec
www.msbiro.net/posts/back-t...
Read the full guide.
#DevSecOps #Cybersecurity #Linux #SSH #InfoSec
Tired of 150+ CVEs from one Ubuntu image? Reactive scanning fails. DORA, NIS2 & EO 14028 push proactive supply chain security. My article covers registry risks, DIY vs hardened, top providers, and a 90-day Kyverno + monitoring plan. Read: msbiro.net/posts/hardened #DevSecOps
msbiro.net
December 1, 2025 at 8:05 AM
Tired of 150+ CVEs from one Ubuntu image? Reactive scanning fails. DORA, NIS2 & EO 14028 push proactive supply chain security. My article covers registry risks, DIY vs hardened, top providers, and a 90-day Kyverno + monitoring plan. Read: msbiro.net/posts/hardened #DevSecOps
Thrilled! My CNCF blog on runc breakout vulns (CVE-2025-31133 etc.) is live. Honored to advocate for cloud native security.
www.cncf.io/blog/2025/11...
#CloudNative #Kubernetes
www.cncf.io/blog/2025/11...
#CloudNative #Kubernetes
runc container breakout vulnerabilities: A technical overview
A set of high-severity vulnerabilities in runc were publicly disclosed in November 2025, allowing for full container breakouts. Runc is the cornerstone of containerization on Linux…
www.cncf.io
November 28, 2025 at 3:31 PM
Thrilled! My CNCF blog on runc breakout vulns (CVE-2025-31133 etc.) is live. Honored to advocate for cloud native security.
www.cncf.io/blog/2025/11...
#CloudNative #Kubernetes
www.cncf.io/blog/2025/11...
#CloudNative #Kubernetes
LDAP may feel old-school, but it’s still the backbone of authentication in enterprises today. I wrote a simple cheatsheet with configs & troubleshooting tips for engineers. Check it out: www.msbiro.net/posts/ldap-a... #LDAP #IAM #ActiveDirectory #DevSecOps
LDAP: A Nostalgic Dive into Authentication and Why It's Still Kicking in 2025
A trip down memory lane to the world of LDAP. This post is a cheatsheet for modern engineers on how to configure application authentication with LDAP and why this technology is still relevant today.
www.msbiro.net
November 22, 2025 at 4:35 PM
LDAP may feel old-school, but it’s still the backbone of authentication in enterprises today. I wrote a simple cheatsheet with configs & troubleshooting tips for engineers. Check it out: www.msbiro.net/posts/ldap-a... #LDAP #IAM #ActiveDirectory #DevSecOps
Now that #KubeCon NA is wrapped up, it’s time for EU! 🚀
Just confirmed my spot at KubeCon + CloudNativeCon Europe 2026 in Amsterdam! 🌍
Can’t wait to bring ReeVo Cloud & Cyber Security’s vision, join the best sessions, and connect with partners.
I’ll also be at SecurityCon Europe, see you there! 🎉
Just confirmed my spot at KubeCon + CloudNativeCon Europe 2026 in Amsterdam! 🌍
Can’t wait to bring ReeVo Cloud & Cyber Security’s vision, join the best sessions, and connect with partners.
I’ll also be at SecurityCon Europe, see you there! 🎉
November 18, 2025 at 2:14 PM
Now that #KubeCon NA is wrapped up, it’s time for EU! 🚀
Just confirmed my spot at KubeCon + CloudNativeCon Europe 2026 in Amsterdam! 🌍
Can’t wait to bring ReeVo Cloud & Cyber Security’s vision, join the best sessions, and connect with partners.
I’ll also be at SecurityCon Europe, see you there! 🎉
Just confirmed my spot at KubeCon + CloudNativeCon Europe 2026 in Amsterdam! 🌍
Can’t wait to bring ReeVo Cloud & Cyber Security’s vision, join the best sessions, and connect with partners.
I’ll also be at SecurityCon Europe, see you there! 🎉
Connecting LLMs to external tools via MCP unlocks power—and new security risks. My latest post summarizes the OWASP GenAI cheatsheet on securing third-party MCP servers: tool poisoning, prompt injection, and more.
👉 www.msbiro.net/posts/secure...
#AI #Security #OWASP #MCP #DevSecOps
👉 www.msbiro.net/posts/secure...
#AI #Security #OWASP #MCP #DevSecOps
Securely Working with Third-Party MCP Servers
A guide to understanding and securely implementing third-party Model Context Protocol (MCP) servers, based on the OWASP GenAI security cheatsheet.
www.msbiro.net
November 17, 2025 at 4:19 PM
Connecting LLMs to external tools via MCP unlocks power—and new security risks. My latest post summarizes the OWASP GenAI cheatsheet on securing third-party MCP servers: tool poisoning, prompt injection, and more.
👉 www.msbiro.net/posts/secure...
#AI #Security #OWASP #MCP #DevSecOps
👉 www.msbiro.net/posts/secure...
#AI #Security #OWASP #MCP #DevSecOps
Reposted by Matteo Bisi
If your company cares about developer experience, open source, and cloud-native innovation, this is the event to sponsor 👇
#CloudNativeDaysItaly2026
#CloudNativeDaysItaly2026
November 13, 2025 at 11:14 AM
If your company cares about developer experience, open source, and cloud-native innovation, this is the event to sponsor 👇
#CloudNativeDaysItaly2026
#CloudNativeDaysItaly2026
Reposted by Matteo Bisi
🎤 The Call for Papers for Cloud Native Days Italy 2026 is officially open.
📅 CFP closes: March 6, 2026
📧 Speaker announcement: End of March 2026
📍 Conference: May 18–19, 2026 | Bologna
🌐 Submit your proposal: sessionize.com/cloud-native...
#CloudNativeDaysItaly2026
📅 CFP closes: March 6, 2026
📧 Speaker announcement: End of March 2026
📍 Conference: May 18–19, 2026 | Bologna
🌐 Submit your proposal: sessionize.com/cloud-native...
#CloudNativeDaysItaly2026
November 11, 2025 at 8:01 AM
🎤 The Call for Papers for Cloud Native Days Italy 2026 is officially open.
📅 CFP closes: March 6, 2026
📧 Speaker announcement: End of March 2026
📍 Conference: May 18–19, 2026 | Bologna
🌐 Submit your proposal: sessionize.com/cloud-native...
#CloudNativeDaysItaly2026
📅 CFP closes: March 6, 2026
📧 Speaker announcement: End of March 2026
📍 Conference: May 18–19, 2026 | Bologna
🌐 Submit your proposal: sessionize.com/cloud-native...
#CloudNativeDaysItaly2026
The Irish weather gave me some spare time yesterday… so I built my first AI agent! 🤖 It automates blog publishing, humanizes text, verifies builds, and pushes to git, all in seconds !
Read more: www.msbiro.net/posts/buildi...
#AI #Automation #Hugo #CLI
Read more: www.msbiro.net/posts/buildi...
#AI #Automation #Hugo #CLI
Building My First AI Agent for Blog Publishing
How I built an AI-powered automation agent to humanize, verify, and publish blog articles in minutes. A practical journey from chatbot to AI CLI tools.
www.msbiro.net
November 10, 2025 at 7:51 AM
The Irish weather gave me some spare time yesterday… so I built my first AI agent! 🤖 It automates blog publishing, humanizes text, verifies builds, and pushes to git, all in seconds !
Read more: www.msbiro.net/posts/buildi...
#AI #Automation #Hugo #CLI
Read more: www.msbiro.net/posts/buildi...
#AI #Automation #Hugo #CLI
Heads up #CloudNative community! New runc container breakout vulnerabilities (CVE-2019-19921, etc.) are out. Critical to know, but if you're following security best practices, you can breathe easy. Get the full details & mitigation strategies here: www.msbiro.net/posts/runc-c... #runc #devsecops
Runc Container Breakout Vulnerabilities
A summary of the recently disclosed runc container breakout vulnerabilities (CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881) and the recommended actions.
www.msbiro.net
November 7, 2025 at 10:20 AM
Heads up #CloudNative community! New runc container breakout vulnerabilities (CVE-2019-19921, etc.) are out. Critical to know, but if you're following security best practices, you can breathe easy. Get the full details & mitigation strategies here: www.msbiro.net/posts/runc-c... #runc #devsecops
Working with AI means feeding language models from many sources. Microsoft’s MarkItDown helps with this. I tested it in Apple Containers to try two powerful tools at once.
Read more: www.msbiro.net/posts/markit...
#AI #MarkItDown #AppleContainers #ContainerSecurity
Read more: www.msbiro.net/posts/markit...
#AI #MarkItDown #AppleContainers #ContainerSecurity
MarkItDown: An AI-Boosting Tool Tested on Apple Containers
A hands-on test of Microsoft's MarkItDown, a powerful tool for AI workflows, and a first look at Apple's new container technology on an M4 MacBook.
www.msbiro.net
November 4, 2025 at 3:01 PM
Working with AI means feeding language models from many sources. Microsoft’s MarkItDown helps with this. I tested it in Apple Containers to try two powerful tools at once.
Read more: www.msbiro.net/posts/markit...
#AI #MarkItDown #AppleContainers #ContainerSecurity
Read more: www.msbiro.net/posts/markit...
#AI #MarkItDown #AppleContainers #ContainerSecurity
🎃 Spooky season! Reflecting on an exciting 2025 at ReeVo with key projects and community events. Dive into my Halloween-themed tech recap here: www.msbiro.net/posts/hallow... 👻 #Tech #Halloween #ReeVo
A Halloween Tech Recap: Gearing Up for the Final Sprint of 2025
A Halloween-themed recap of my first year at ReeVo, the exciting technical projects I'm working on, and my involvement in the cloud-native community as we head into the final months of 2025.
www.msbiro.net
October 29, 2025 at 8:24 AM
🎃 Spooky season! Reflecting on an exciting 2025 at ReeVo with key projects and community events. Dive into my Halloween-themed tech recap here: www.msbiro.net/posts/hallow... 👻 #Tech #Halloween #ReeVo
Inspired by the @openssf.org white paper on SBOMs, I explore 13 practical use cases and key tools for securing cloud-native software supply chains. Read more: www.msbiro.net/posts/openss... #sbom
Understanding the Power of SBOMs: Insights from OpenSSF's White Paper
This article explores the OpenSSF white paper 'Improving Risk Management Decisions with SBOM Data,' highlighting how Software Bill of Materials (SBOMs) provide critical visibility into software compon...
www.msbiro.net
October 3, 2025 at 4:51 PM
Inspired by the @openssf.org white paper on SBOMs, I explore 13 practical use cases and key tools for securing cloud-native software supply chains. Read more: www.msbiro.net/posts/openss... #sbom
Joined the Cloud Native Days Italy organizing team! Excited to help shape the 2026 event and grow the cloud native community. www.msbiro.net/posts/cloud-...
My New Role with Cloud Native Days Italy
Exciting personal update: Joining Cloud Native Days Italy as organizer for 2026 Bologna event. Community work, tech events, and connections in focus.
www.msbiro.net
September 25, 2025 at 12:40 AM
Joined the Cloud Native Days Italy organizing team! Excited to help shape the 2026 event and grow the cloud native community. www.msbiro.net/posts/cloud-...
Reposted by Matteo Bisi
🎉 Podman Desktop has crossed 3 million downloads! 🎉
A huge THANK YOU to our amazing community 💜 — your feedback, contributions, and support have made this milestone possible.
Read more :
A huge THANK YOU to our amazing community 💜 — your feedback, contributions, and support have made this milestone possible.
Read more :
3,000,000 downloads. Thank you | Podman Desktop
We reached 3,000,000 Downloads of Podman Desktop. Let's celebrate.
buff.ly
September 22, 2025 at 9:33 PM
🎉 Podman Desktop has crossed 3 million downloads! 🎉
A huge THANK YOU to our amazing community 💜 — your feedback, contributions, and support have made this milestone possible.
Read more :
A huge THANK YOU to our amazing community 💜 — your feedback, contributions, and support have made this milestone possible.
Read more :
External Secrets Operator resumes releases Sept 22 with clearer governance and a formal contribution ladder. 300+ volunteers across Core/Providers/CI/Testing. Why it matters and how to help in my post.
www.msbiro.net/posts/extern...
#DevSecOps #OpenSource #ExternalSecrets
www.msbiro.net/posts/extern...
#DevSecOps #OpenSource #ExternalSecrets
External Secrets Operator: Releases Resume and Governance Matures
External Secrets Operator resumes releases on September 22 with clearer governance and a new contribution ladder—see what changed and how to get involved
www.msbiro.net
September 14, 2025 at 11:25 PM
External Secrets Operator resumes releases Sept 22 with clearer governance and a formal contribution ladder. 300+ volunteers across Core/Providers/CI/Testing. Why it matters and how to help in my post.
www.msbiro.net/posts/extern...
#DevSecOps #OpenSource #ExternalSecrets
www.msbiro.net/posts/extern...
#DevSecOps #OpenSource #ExternalSecrets
The External Secrets Operator needs long-term maintainers! 🚩 A key Kubernetes security tool is pausing releases until the community steps up. If you code in Golang, consider contributing. Read my blog to learn more and get involved! 🔗 www.msbiro.net/posts/extern... #Kubernetes #DevSecOps #OpenSource
External Secrets Operator Team needs help!
The External Secrets Operator project faces challenges with long-term maintenance and needs new contributors. Learn about the situation, its impact on the Kubernetes community, and how you can help su...
www.msbiro.net
August 15, 2025 at 9:09 AM
The External Secrets Operator needs long-term maintainers! 🚩 A key Kubernetes security tool is pausing releases until the community steps up. If you code in Golang, consider contributing. Read my blog to learn more and get involved! 🔗 www.msbiro.net/posts/extern... #Kubernetes #DevSecOps #OpenSource
🔐 Secrets managers CyberArk & HashiCorp fixed urgent vulnerabilities. Have you updated yet? Every minute without a patch is risk. Read more in my latest post! #ZeroDay www.msbiro.net/posts/0day-c...
Urgent: Zero-Day CVEs Found in Two Major Secrets Managers — Have You Updated Yet?
This article highlights recent zero-day vulnerabilities discovered in CyberArk and HashiCorp secrets managers, emphasizes the importance of timely software updates, and offers practical advice for sta...
www.msbiro.net
August 11, 2025 at 3:16 PM
🔐 Secrets managers CyberArk & HashiCorp fixed urgent vulnerabilities. Have you updated yet? Every minute without a patch is risk. Read more in my latest post! #ZeroDay www.msbiro.net/posts/0day-c...
🚀 New blog: “Achieving DORA Compliance with Secrets Management, Zero-CVE Images & CNAPPs”
DORA is live! Discover 3 key security pillars every company needs—even beyond compliance.
Read more below!
#DORA #Cybersecurity #CloudSecurity #Compliance
www.msbiro.net/posts/secret...
DORA is live! Discover 3 key security pillars every company needs—even beyond compliance.
Read more below!
#DORA #Cybersecurity #CloudSecurity #Compliance
www.msbiro.net/posts/secret...
The Critical Trio: Secrets Manager, Zero-CVE Images, and CNAPP are Needed (Not Only) for DORA Compliance!
Why Secrets Manager, Zero-CVE container images, and CNAPPs are essential for cybersecurity resilience and DORA compliance
www.msbiro.net
August 7, 2025 at 9:11 AM
🚀 New blog: “Achieving DORA Compliance with Secrets Management, Zero-CVE Images & CNAPPs”
DORA is live! Discover 3 key security pillars every company needs—even beyond compliance.
Read more below!
#DORA #Cybersecurity #CloudSecurity #Compliance
www.msbiro.net/posts/secret...
DORA is live! Discover 3 key security pillars every company needs—even beyond compliance.
Read more below!
#DORA #Cybersecurity #CloudSecurity #Compliance
www.msbiro.net/posts/secret...
My article on securing Kubernetes 1.33 pods with user namespace isolation has been republished by the CNCF:
www.cncf.io/blog/2025/07...
Read more on my blog: www.msbiro.net
#Kubernetes #Security #CNCF
www.cncf.io/blog/2025/07...
Read more on my blog: www.msbiro.net
#Kubernetes #Security #CNCF
Securing Kubernetes 1.33 Pods: The Impact of User Namespace Isolation
Kubernetes 1.33 was released on April 23, 2025, and, as usual, introduces a host of fixes and new features. Be sure to check out the release notes; I assure you, you won’t be disappointed!
www.cncf.io
July 17, 2025 at 6:25 PM
My article on securing Kubernetes 1.33 pods with user namespace isolation has been republished by the CNCF:
www.cncf.io/blog/2025/07...
Read more on my blog: www.msbiro.net
#Kubernetes #Security #CNCF
www.cncf.io/blog/2025/07...
Read more on my blog: www.msbiro.net
#Kubernetes #Security #CNCF