Fortress in a Box: Kubernetes Security for the Organizations That Can't Afford It

José Lorenzana — Mon, 06 Apr 2026 14:00:00 +0000

In January, a tweet stopped me mid-scroll.

Someone was remembering a breach from 2022. The Red Cross. 515,000 people — refugees, missing persons, families trying to find each other after conflict. Their data, exposed. The program built to reunite them, shut down.

I closed my phone. And I thought: why doesn't something exist to prevent this?

The problem nobody talks about

NGOs and human rights organizations are among the most targeted entities on the internet. Not because they're careless, because they're valuable. They hold sensitive data on vulnerable people. They document atrocities. They protect dissidents.

And most of them have little to no security budget.

The Red Cross (2022): 515,000 records from the "Restoring Family Links" program stolen. The program was shut down.
Amnesty International (2022): Breached by state-sponsored attackers. An organization that protects human rights, being surveilled.
Bellingcat (ongoing): The investigative group that exposed war crimes is constantly targeted by state actors trying to destroy evidence.

These aren't edge cases. This is the reality for organizations that can't afford a security team.

"Someone must have already built this"

I researched. I found the tools: Kyverno, Falco, ArgoCD, Grafana. All open source. All free. All powerful.

But nobody had packaged them for an organization with no Kubernetes expert on staff.

So I told myself: someone smarter is probably already building this. Weeks passed. Nothing appeared.

In mid-February, I opened a new GitHub repo. Then deleted it. Opened another one. Deleted that too.

Eventually one of them stuck.

What I built: Fortress in a Box

Fortress in a Box is a one-command Kubernetes security platform built specifically for NGOs, journalists, and human rights organizations. It deploys four layers of defense-in-depth — fully configured, zero expertise required.

git clone https://github.com/JoseLorenzana272/fortress-in-a-box.git
cd fortress-in-a-box
chmod +x install.sh
./install.sh
      ↓
╔════════════════════════════════════════════╗
║         FORTRESS IS ACTIVE :D              ║
╚════════════════════════════════════════════╝

That's it. Here's what you get:

Layer 1 — CI/CD Scanning (Trivy)

Every container image is scanned for known CVEs before it ever reaches your cluster. The pipeline fails automatically if vulnerabilities are found. Vulnerable code never ships.

- name: Run Trivy scanner
  uses: aquasecurity/trivy-action@0.35.0
  with:
    image-ref: ${{ env.IMAGE_NAME }}:${{ github.sha }}
    format: table
    exit-code: '1'
    vuln-type: os,library
    severity: CRITICAL,HIGH
    ignore-unfixed: true

Layer 2 — Admission Control (Kyverno)

Six security policies enforced at the Kubernetes API level. If a deployment doesn't comply, it's blocked before it starts, no human intervention required.

...
  matchConditions:
    - name: exclude-namespaces
      expression: "request.namespace != 'falco' && request.namespace != 'monitoring' && request.namespace != 'kyverno' && request.namespace != 'argocd'"
  validations:
    - message: "FORTRESS SECURITY: Running as root is not allowed!"
      expression: >
        object.spec.securityContext.runAsNonRoot == true &&
        object.spec.containers.all(c,
          has(c.securityContext) &&
          c.securityContext.runAsNonRoot == true
        )

The six policies cover:

No root users
No privileged containers
No :latest image tags (supply chain attacks)
Resource limits required (prevent DoS)
Read-only root filesystem (prevent malware installation)
No host network access

Layer 3 — Runtime Detection (Falco + Falcosidekick)

Falco monitors every system call from every running container. The moment an attacker opens a shell inside a container — which no legitimate app should ever do — you get an alert. Not in hours. In seconds.

Falcosidekick routes those alerts straight to Discord:

--set falcosidekick.config.discord.webhookurl="$DISCORD_WEBHOOK" \
--set falcosidekick.config.discord.minimumpriority="warning"

No SIEM required. No security team watching dashboards. Just an alert in the channel where your team already lives.

Layer 4 — GitOps Recovery (ArgoCD)

What if an attacker gets in and deletes your security policies?

With ArgoCD, it doesn't matter. Git is the source of truth. Every 3 minutes, ArgoCD compares your cluster state to your repo. Any drift, deleted policy, modified deployment, gets restored automatically.

The attacker's changes don't survive.

The gap nobody solved

The tools I used are the same ones protecting Fortune 500 companies. They're open source. They're free. They're available to anyone.

The problem was never the technology.

The problem was packaging.

An NGO with one overworked developer doesn't have time to learn Kubernetes internals, configure Kyverno from scratch, wire up Falco with custom rules, and set up ArgoCD GitOps workflows. They need something that works on day one.

That's what Fortress in a Box is.

Try it yourself

Everything is open source and live:

GitHub: github.com/JoseLorenzana272/fortress-in-a-box
Docs: joselorenzana272.github.io/fortress-in-a-box

If you're a developer, try it.
If you work with NGOs, deploy it.
If you believe security shouldn't be a luxury, share it.
If you want to contribute, PRs are open.
If you run a small organization and want help deploying this, reach out.

The people who protect others deserve to be protected too.

Built by a computer science student from Guatemala City. Because the gap between "enterprise security" and "accessible security" shouldn't exist.

DEV Community: José Lorenzana