Mastering Istio: The Ambient Deep Dive

Build your first complex Service Mesh with zero-trust security

June 18 – 19, 2026 | Berlin

EARLY BIRD ENDS INl

Revolutionise your cloud-native approach
by eliminating the need to manage service-to-service communication,
within a distributed software system

Traffic management, security, and observability
are all taken care of

Enhance your defiances through istio’s distributed
zero-trust security

Take advantage of the open source platform neutrality
and enable a variety of deployments,
like on-premise, cloud-hosted

5 Reasons to attend
Web Security Bootcamp

Ditch the Sidecar Bloat
Learn to implement the new Ambient architecture to get full mesh control
check icon
check icon
Zero-Trust by Default
You’ll implement mTLS across your entire mesh, enforce "deny-all" policies
Real-World Traffic Control
ou’ll master complex routing—from Canary releases and A/B testing to egress filtering
check icon
check icon
Ready-to-Use Tooling
You get the full stack of Kubernetes/Istio scripts, code samples, and a curated Istio "Cheat Sheet
Expert Guidance and Real-World Scenarios
Benefit from expert knowledge and apply what you learn through practical exercises and case studies
check icon

STAY UP TO DATE !

Learn more about IT Security Summit

Bootcamp Overview

This bootcamp provides a deep dive into the security and traffic routing capabilities of Istio Ambient—the next-generation service mesh architecture that eliminates sidecar proxies entirely. You will begin by exploring the shift from classic Istio to the Ambient mesh, learning how to secure service-to-service communication without the traditional architectural overhead.

Through hands-on implementation, you will secure the entire traffic lifecycle: from TLS termination at the Ingress Gateway to full mTLS mesh encryption and controlled Egress monitoring. You will move beyond basic connectivity to master request-based authorization, JWT-based routing, and zero-trust security policies, backed by rigorous error analysis and debugging techniques for complex distributed environments.

On the second day, you will integrate multiple microservices into a unified service mesh. You will apply concrete Istio rules to solve real-world challenges in tracing, resilience, and observability. By working with best practices for traffic shifting and A/B testing, you will learn how to stabilize distributed applications and prevent common failure modes in production.

By the end of the bootcamp, you will be equipped with the scripts, code samples, and expert cheat sheets needed to deploy and operate Istio Ambient. You will be ready to lead service mesh initiatives that balance high-security requirements with operational simplicity across Kubernetes clusters and virtual machines.

Day 1: Security & Identity

Fundamentals

  • Introduction to Service Mesh and Istio Ambient
  • Ambient vs. Classic: Key benefits and architectural shifts
  • Istio Ambient and the Zero-Trust model

Ingress Gateway & TLS

  • Implementing Ingress with TLS and mTLS termination
  • Security hardening for entry points
  • Troubleshooting Ingress connectivity

Peer & Request Authentication

  • Activating mTLS for the entire mesh
  • Workload coexistence: mTLS and legacy traffic
  • End-user Auth: Preparing JWT, JWKS, and claim-based routing

Authorization & Egress

  • Defining AuthorizationPolicy: Deny-all vs. Explicit Allow
  • Policy testing with Dry Run and best practices
  • Egress Gateway: Controlling access to external services
  • Istiod Certificate and identity management

 

Day 2: Traffic & Operations

Building the Mesh

  • Service configuration and deployment in Kubernetes
  • Core Traffic Rules: Gateway, VirtualService, and DestinationRule
  • Observability: Visualizing the mesh with Kiali, Jaeger, and Grafana

Resilience & Metrics

  • Distributed tracing: Tracing on demand and data limiting
  • Performance monitoring with Prometheus metrics
  • Resilience testing: Mesh-level vs. application-level implementations

Advanced Operations

  • A/B Testing: Implementing traffic shifting and mirroring
  • Canary Releasing: Controlled evolution of your services
  • Operational best practices for long-term mesh health

Audience & Requirements

  • Designed for developers, architects, and security engineers managing microservices with high security demands
  • Ideal for teams operating in Kubernetes clusters who need to move beyond basic networking to zero-trust security
  • Prior experience with Kubernetes is helpful to get the most out of the hands-on Istio Ambient implementation
  • Bring your technical blockers: we’ll cover real-world traffic management, mTLS, and auth policies
  • Come ready to build: you’ll receive slides, code samples, and scripts to deploy your own mesh live

Masterclass Highlights

  • Practical Focus: Emphasis on hands-on exercises and realistic scenarios rather than theoretical lectures.
  • Modern Technologies: Covers current security concepts like OAuth2, JWT, CSP, and secure API development.
  • Theory to Real-World Applications Transition Developer-Centric: Gain actionable skills to deploy AI systems in production, optimize their performance, and handle real-world challenges
  • Comprehensive Approach: Teaches both offensive (attack) and defensive (protection) strategies.
  • Focus on Modern Web Security: In-depth coverage of single-page applications, secure cookie strategies, and CORS.
impression card 1
impression card 2
impression card 3

Secure Your Spot

Trainer

Michael Hofmann

Michael Hofmann is a freelance architect, consultant and developer. He has been gaining project experience for more than 2 decades on the German and international scenes, mainly in the areas of software architecture, Enterprise Java and DevOps. In addition to his project assignments, he is active as a speaker at various conferences or as an author of professional articles and books.