https://www.lucavallin.com/blog/tags/security Platform Engineer at Xebia, focused on AI platform engineering - the infrastructure behind reliable, observable, scalable AI and cloud-native workloads. I work primarily in Go and Google Cloud, with deep experience in Kubernetes, containers, and end-to-end observability - and a strong interest in networking and lower-level systems work in Rust. My current focus is the platform layer beneath AI: inference serving infrastructure on Kubernetes, AI gateway and MCP connectivity, agentic workload orchestration, and end-to-end observability for GenAI systems. My broader experience is full-stack: strong on backend, with solid frontend and mobile knowledge. I contribute to open source, write on my blog, and pick up the occasional talk, training, or meetup when something interesting comes up. I'm a Google Developer Expert (GDE) and a CNCF Ambassador. For a deeper dive, see my blog. If you're new to open source, check out Verto.sh. For mentorship, I'm on Mentorcruise. Outside of work, activities like photography, motorcycling, playing a handpan and cleaning litterboxes keep me occupied 🐈. en-us Luca Cavallin Luca Cavallin Tue, 10 Mar 2026 00:00:00 GMT https://www.lucavallin.com/blog/containers-are-not-automatically-secure https://www.lucavallin.com/blog/containers-are-not-automatically-secure Containers changed how we package and ship software, but they did not rewrite the basic security rules. Trust boundaries, privilege, and attack surface are all still there. That was probably the main thing I learned while digging into container security, partly from Liz Rice's Container Security and partly from spending time with the Linux pieces underneath. Tue, 10 Mar 2026 00:00:00 GMT Luca Cavallin linuxcontainerssecurity https://www.lucavallin.com/blog/a-tour-of-ebpf-in-the-linux-kernel-observability-security-and-networking https://www.lucavallin.com/blog/a-tour-of-ebpf-in-the-linux-kernel-observability-security-and-networking eBPF lets you run small, verified programs inside the Linux kernel, enabling fast observability, security, and networking without changing application code. This practical tour explains why eBPF matters now, how programs are compiled, verified, JITed, and attached to events, and how maps and ring-3 buffers move data. You'll leave with simple demos and a clear mental model to start experimenting. Thu, 18 Sep 2025 00:00:00 GMT Luca Cavallin ebpflinuxobservabilitysecuritynetworking https://www.lucavallin.com/blog/how-to-configure-oidc-with-terraform-for-github-enterprise-server https://www.lucavallin.com/blog/how-to-configure-oidc-with-terraform-for-github-enterprise-server OpenID Connect (OIDC) is an authentication protocol that extends OAuth 2.0, providing a solid and standardized method for authentication often involving an ID token in the JWT (JSON Web Token) format. OIDC is the recommended way to authenticate with GitHub Enterprise Server when setting up GitHub Actions. Since the setup can be tricky, I've created a Terraform configuration that makes it easier to get started. Sun, 31 Dec 2023 00:00:00 GMT Luca Cavallin githubgithub-actionsterraformsecuritycloud-nativecncf https://www.lucavallin.com/blog/how-to-safely-store-secrets-in-terraform-using-cloud-kms https://www.lucavallin.com/blog/how-to-safely-store-secrets-in-terraform-using-cloud-kms Protecting Terraform secrets using Cloud KMS for seamless git commit experience. Sun, 04 Jul 2021 00:00:00 GMT Luca Cavallin securitygitgoogle-cloudterraformcncf