Developers are now building, configuring, and deploying their own services on Kubernetes and Docker. Yikes! All three offer lots of built-in security tactics. Let's explore how to automate and determine configurations like: - Read-only filesystem - Linux capabilities and seccomp profiles - Limiting cross-container communications Using Kubernetes metadata and syscall data, we can systematically configure our services as opposed to simply turning these features on and hoping that we haven't broken our deployments.