Tetragon: Cloud Native Security Workshop with Copebit & AWS in Zurich

Join the team from Isovalent, Copebit & AWS for an instructor-led hands-on workshop on eBPF powered Cloud Native Security with Tetragon. 

Register now!


  • Tuesday, September 17

    13:30 – 17:30 (meetup after)

    AWS Switzerland Zurich OfficeMythenquai 10, 8002 Zürich, Switzerland

Meet us in Zurich to network and learn together about eBPF & Tetragon with the local community

Isovalent has joined forces with Copebit & AWS to organize a half-day workshop, where we will dive into presentations, demos, and hands-on labs around eBPF and Tetragon.

After the hard work is over, we’ll gather the local community for a meetup with plenty of drinks and bites to conclude the day on a high note and get to know each other. Sign up for the meetup here

For this workshop you need to bring your own laptop.

Please reach out to



  • 13:30


  • 14:00

    Welcome and introduction by Copebit

  • 14:30

    Tetragon talk: “Adventures in the Kernel: Using eBPF and Tetragon for Runtime Metadata” by Isovalent

    Come adventure in the kernel with eBPF programs. This talk looks at top use cases around eBPF and Tetragon, whereby sitting in the kernel offers interesting benefits for collecting, aggregating, and filtering security-significant data at near-zero overhead.
    Learn how to associate process binary information up to the network traffic that it spawns, we also discuss network health metrics, file monitoring, and compliance attestation in cloud native environments.

  • 15:00

    Networking break

  • 15:30

    Lab 1: Getting Started with eBPF

    eBPF is the new standard to program Linux kernel capabilities in a safe and efficient manner without requiring to change kernel source code or loading kernel modules. It has enabled a new generation of high-performance tooling to be developed covering networking, security, and observability use cases. 

    This lab takes the opensnoop example out of the book and teaches you to handle an eBPF tool, watch it loading its components and even add your own tracing into the source eBPF code.

  • 16:15

    Networking break

  • 16:45

    Lab 2: Getting Started with Tetragon

    Tetragon is an open source Security Observability and Runtime Enforcement tool from the makers of Cilium. It captures different process and network event types through a user-supplied configuration to enable security observability on arbitrary hook points in the kernel; then translates these events into actionable signals for a Security Team.

    This lab takes the Real World Attack example out of the book and teaches you how to detect a container escape step by step!

  • 17:30

    Closing (meetup starts at 18:00)

Workshop instructors:

Related Content

Introducing Cilium Tetragon

for eBPF-based Security Observability & Runtime Enforcement


Getting Started with Cilium

Cilium is an open source software for transparently securing the network connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes. At the foundation of Cilium is a new Linux kernel technology called eBPF, which enables the dynamic insertion of powerful security visibility and control logic within Linux itself. Because eBPF runs inside the Linux kernel, Cilium security policies can be applied and updated without any changes to the application code or container configuration. In this interactive, hands-on lab we provide you a fully fledged Cilium installation on a small cluster and a few challenges to solve. See for yourself how Cilium works and how it can help you by securing a moon-sized battlestation in a “Star Wars”-inspired challenge.

Tetragon 1.0 Release webinar

Tetragon 1.0 has landed! Join Cilium’s creator Thomas Graf and Security Product Manager Natalia Reka Ivanko as we explore the technical differentiators behind Tetragon, real-world use cases, and how it simplifies highly scaled Kubernetes security.