First Person Platform E03 - Jack Kleeman on PCI & Zero-trust with network policies at Monzo

Welcome back to First Person Platform, a new podcast for platform engineers. We kick off with a brief series of episodes featuring engineers who have either spearheaded or led teams in building tools for secure workload and service access. Each episode takes a deep dive into the motivation behind building the system, its origin story, lessons learned throughout the process, and provides an opportunity to get to know the brilliant minds working behind the scenes!

Joining me this time is Jack Kleeman. Jack is a staff engineer at Restate, where they make durable execution just work. Before that, Jack worked at Apple as a Senior SRE and at Monzo as a Senior Platform Engineer. At Monzo, Jack led projects on secret distribution, certificate management, network isolation, and Cassandra authentication, including the effort to achieve zero-trust on Kubernetes using network policies at Monzo, which we'll be digging into in this episode, including the motivations - PCI and zero-trust, and how they tackled scaling it from one sensitive service, the ledger, to the entire organization, as well as Jack's experiencing moving from writing primarily in Go to Rust.

Listen or watch below. Keep scrolling for links from the episode:

Monzo blog post mentioned in the episode: We built network isolation for 1,500 services to make Monzo more secure

Apple Pkl: https://github.com/apple/pkl

You can get in touch with Jack on LinkedIn, or his preferred medium, Twitter!