Maya Kaczorowski

Software Supply Chain Security PM. Cryptography nerd. Puzzle and ice cream lover.

Maya is a Product Manager at GitHub in software supply chain security. She was previously in Security & Privacy at Google, focused on container security, and encryption at rest and encryption key management. Prior to Google, she was an Engagement Manager at McKinsey & Company, working in IT security for large enterprises. She completed her Master's in mathematics focusing on cryptography and game theory. She is bilingual in English and French.

Outside of work, Maya is passionate about ice cream, making ice cream for friends at home, attending the Penn State Ice Cream Short Course in January 2014, and researching ice cream headaches. She also enjoys puzzling, running, and reading nonfiction.

 

Upcoming events

 

BSides SF

February 22-24, 2020

San Francisco

Prior events

 
 

Blog posts

January 15, 2020

Exploring container security: Announcing the CIS Google Kubernetes Engine Benchmark

If you’re serious about the security of your Kubernetes operating environment, you need to build on a strong foundation. The Center for Internet Security’s (CIS) Kubernetes Benchmark give you just that: a set of Kubernetes security best practices that will help you build an operating environment that meets the approval of both regulators and customers. 

The CIS Kubernetes Benchmark v1.5.0 was recently released, covering environments up to Kubernetes v1.15. Written as a series of recommendations rather than as a must-do checklist, the Benchmarks follows the upstream version of Kubernetes. But for users running managed distributions such as our own Google Kubernetes Engine (GKE), not all of its recommendations are applicable. To help, we’ve released in conjunction with CIS, a new CIS Google Kubernetes Engine (GKE) Benchmark, available under the CIS Kubernetes Benchmark, which takes the guesswork out of figuring out which CIS Benchmark recommendations you need to implement, and which ones Google Cloud handles as part of the GKE shared responsibility model.

January 14, 2020

Securing open-source: how Google supports the new Kubernetes bug bounty

At Google, we care deeply about the security of open-source projects, as they’re such a critical part of our infrastructure—and indeed everyone’s. Today, the Cloud-Native Computing Foundation (CNCF) announced a new bug bounty program for Kubernetes that we helped create and get up and running. Here’s a brief overview of the program, other ways we help secure open-source projects and information on how you can get involved.

January 14, 2020

Announcing the Kubernetes bug bounty program