Have you ever wanted to know how a pentester thinks your ...whatever is supposed to be deployed to the Internet securely? Come find out! We'll discuss a variety of Linux-focused deployment techniques designed to reduce attack surface and enhance the overall security of your deployment. Specific attention will be given to containerized deployments such as docker and runc, fully virtualized deployments using KVM/qemu, and fascinating hybrids between them such as runq. We'll also cover some best practices for hardening deployment Linux boxes such as implementing mandatory access control and using the magic of system call filtering to reduce the exposure inherent to running that ancient PHP application the sales team still needs for some reason. We'll wrap up with a quick chat about threat modeling; after all your ultimate goal is to deploy your thing - not build cyber Fort Knox. The ultimate goal? Learn to determine for yourself which set of technologies you need to run your shiny new python application, or REST API, or wordpress, or whatever else - and still be confident you won't get a bad case of the Kremlins on your server.