Policy as Code: Kyverno and Securing Kubernetes at Scale with Jim Bugwadia

Most Kubernetes security breaches don't come from zero-day exploits - they come from misconfigurations. While your team runs scanners and reviews reports, containers are already running as root, network policies are missing, and compliance violations are piling up across dozens of repositories.Jim Bugwadia, co-founder and CEO of Nirmata and creator of Kyverno, joins Cory to talk about a different approach: policy as code. Instead of asking developers to remember security best practices across every repo, what if your cluster...

Most Kubernetes security breaches don't come from zero-day exploits - they come from misconfigurations. While your team runs scanners and reviews reports, containers are already running as root, network policies are missing, and compliance violations are piling up across dozens of repositories.

Jim Bugwadia, co-founder and CEO of Nirmata and creator of Kyverno, joins Cory to talk about a different approach: policy as code. Instead of asking developers to remember security best practices across every repo, what if your cluster automatically enforced secure defaults and blocked non-compliant deployments before they ever reached production?

You'll learn how to start using Kyverno today without breaking your production environment - from running your first audit scan (no installation required) to implementing enforcement mode with exceptions. Jim explains why micro-segmentation matters more than ever, how to automate network policies for every namespace, and why platform teams are using Kyverno for everything from security to cost optimization.

Whether you're running one cluster or managing Kubernetes at scale, this conversation offers practical strategies for making security a byproduct of your platform - not an afterthought.

Topics covered:

• Why shift-left security fails and what "shift-down" means for platform teams
• How to implement Kubernetes policy enforcement without grinding deployments to a halt
• Automating secure defaults: network policies, resource quotas, and role bindings
• The crawl-walk-run approach to rolling out policies in existing clusters
• Real-world use cases beyond security: cost optimization and resource management

Guest: Jim Bugwadia, Co-Founder & CEO of Nirmata and creator of Kyverno

Jim Bugwadia is the Co-founder and CEO of Nirmata, a Kubernetes management platform built for enterprises to simplify and scale cloud-native operations across clouds, data centers, edge, and connected devices. With a mission to democratize cloud-native best practices, Jim brings deep expertise in building large-scale software products and leading high-performing teams. Before founding Nirmata, he led a global consulting team at Cisco, guiding enterprises and service providers on their cloud computing journeys. Earlier in his career, he contributed to innovative products at startups and major companies including Trapeze Networks, Pano Logic, Jetstream, Lucent, and Motorola. A hands-on technologist, Jim continues to code in Go, Java, and JavaScript, reflecting his passion for building in the rapidly evolving world of software.

Jim Bugwadia, X

Nirmata

Kyverno

Links to interesting things from this episode:

• Kyverno Community Repository
• “Shift-Down Security” Paper
• OpenReports
• Policy Reporter
• “The Shai-Hulud npm malware attack: A wake-up call for supply chain security”
• Kyverno Slack Channel