 Well, hello my community. It's been a while. I haven't talked to you Keep kind of seven days away. We have an incredible amount of co-located events. I'm so psyched for it I can't wait to say all your beautiful faces live Virtual however you all do it today. We're spot lighting two of these co-located events. There's cloud native security comp And also supply chain security con. We have Andres Vega Emily Fox and Dan Lawrence So spotlight starts now How's that for production value you all? Huh? That's amazing. Well, they're talents besides coming into the tag security meetings and just like joking around So before we get going you mind if I do the code of conduct for everyone. Is that cool? Absolutely. Go ahead This is an official live stream of the CNCF and such is a subject to the CNCF code of conduct Please do not add anything to the chat or questions that would be in violation of that code of conduct Basically, be respectful of all our fellow participants and presenters so Let's talk you all we've you know, we as a group in tech security we put together You know as the event leads of this we put together this event with all these amazing program committee I want to talk to like people watching this. They're like, okay. Well, what you know, what are they in store for? I know it's what we're in store for like as a part of the committee But I really want to know what we're doing like what makes you all pumped and let's talk about the impetus of it That's a lot. I'll let you start Yeah, where to start is the question as Dan said Emily myself and him have been Working behind the scenes pulling together a dedicated space is dedicated arena for security petitioners and aspiring security petitioners to come together For as long as we've had QtCon there have been people who have been enlightened with security and No security very well. However, we haven't had necessarily a space for Focus on security on the on the ecosystem not just Kubernetes security So here we are leading up to the first cloud native security con which builds on a series of previous cloud native security days that have happened globally have happened Twice a year for the past couple years Yeah, it's funny that you mentioned that I Spend some time looking at a repo today and realized that the first cloud native security day event was actually in 2019 it was an idea first introduced from Michael Ducey to provide the community with a security focus space That was vendor neutral because like you said cloud native is more than just kubernetes security It's about cloud native security and there's a lot of other existing tooling within the ecosystem You don't necessarily have to be a kubernetes adapter to be able to take advantage of all the benefits that cloud native can actually provide you So this is it's been so many years. We've done North America and we've done Europe and we're back in North America again This is my first time going to an in-person cloud native security day and con so that'll be exciting Yeah, it's again if you look at the you know the meetings that we have in tech security I think it's I think this is like kind of the culmination of like people publicly kind of showing like all of these technologies working together But also not so much of the people working together You have this spirit like almost competing technologies to a certain degree working together for the common good for best practices We think about white papers We think about like you know this policy that you know document that would just came out like again That is to me is the joy that I enjoy so much about tech security But also the in the day everybody's celebrating all the great technologies out there So people are aware of them and can use them in their stacks not just specific to kubernetes, but cloud native in general So looks like we have some folks joining. Thanks so much for forage for joining everyone So a couple of kudos here some hello from Zewoo Zoo is that how we say this in the in the biz Looks like we have a hi guys from ashish ashish, and then we have A most amazing people here that must be referring to you both because I don't know Oh john's including you in that Oh Okay, appreciate that All right, so I mean let's talk about the schedule you all I mean in terms of is there You know, obviously we love all of our children, but you know over dearly, right? But let's let me is there anything you all excited this to check out By the way everybody this is on october 12th. This is when this is Yeah, it's october 12th The program committee had a ton of submissions I think this is probably some of the most amount of submissions that we've ever received for cloud native security con or cloud native security day So like we had a hard enough time But we did decide that because of the quality of the submissions that we received that we were going to open up the afternoon To dual tracks, which was the first time we've done this and we're very thrilled to do it Andres, what is one of the talks that you're looking forward to the most? It's hard to pick just one as you said we had great submissions Close to over a hundred talks total that were submitted we had Many different judges come through the schedule. It was very hard call that we have a lot of representation and variety of content which All together is what excites me the most cloud native security is often an intimidating subject So depending on The track you decide to break out to It will equip you to help decipher this often intimidating ecosystem So there's plenty. We have great sponsors. We have also the largest number number of sponsors to date so If I were to pick one Let me let me sit on that one for a while During the call. Maybe maybe we'll see what about you? Um, so I had a hard time picking as well And I don't think I have a favorite but I have some that are very topical and important And I think that's also reflected in the two different kinds of tracks that we have Supply chain security as you know is super important. Um, dan larenk Dan larenk is also doing supply chain security Day con joining us joining us later later in the show you all. Yeah Um, so it's wonderful to be able to get that cross presentation from him about supply chain security And as you know our group released a supply chain security paper We have a working group that's currently working in this space on a reference architecture. So that's exciting Um, but we also have some folks that are going to be talking about data security Which I don't think gets enough airtime generally because a lot of the community isn't Thinking about data centric security or data centric modeling and as machine learning and AI are continuing to grow in that space We should start seeing more security focused talks around that subject area Another one is the long and windy road that leads to cloud native security That a lot of folks don't realize that cloud native ecosystem adoption is very complex And it's a hard topic for a lot of folks and when you add security as a layer in addition to that starting from scratch It can be very tricky and it's a it's not an insignificant burden for a lot of organizations to adopt And that's something that the security tag is trying to break down I think um in general too. I mean, there's a lot of end user talks I mean, you know, also I like that there's also some of the lexicon is being discussed as well Which is really cool because we we get so much jargon throwing at us all the time Right, there's so much of that and to be able to kind of define Those things to me are pretty pretty awesome. But like, you know, you got like folks that get invidia trend micro firebolt analytics There's all types of it's not just, you know, it's the practice. It's not just, you know You know folks at vendors or or you know, there's end users that are part of this kind of giving their kind of path And to me that's always it's always good to see when somebody you can walk a mile in somebody shoes And what they're what they're doing from a security perspective Yeah, that's a great point and Also representation of the state of things a lot of these end user talks are not an end user dabbling Initially with one of the projects A lot of it is end users far along the journey of not just one project but combining multiple solutions into a more cohesive system Which we go Back in time to the first editions of top native security day A lot of the talks were to introduce security tooling and security projects And as the space has matured, we see a whole lot more of Deep integrations of this system one and the other. So we're going to see talks that use of runtime security with palco and Open policy agent, we're going to see talks with open policy agent and spire We're going to be seeing Different integrations of different levels of kubernetes. So yeah manifestation of where we come along I think people are seeing Things in the in the landscape and working putting them together like things on like in toto inspire And in all of those types of things and again, that's why I like and I love the tag security group Because it's an amalgamation of all those things we find the best tools possible Right and put them together in ways that like will address a certain security issue, right? And so and in these things what's great is it's it's it's ever it's evolving, right? There's new technologies being so every year. There's no folks coming in and presenting. Oh, it's cool. We're seeing kai verno kai verno is doing some great things, right? And so Shout out to jim and in the in the group over there But like This is what we need to see we need to we need to have those paths for somebody that's coming in Like they develop that doesn't understand a lot of these security paradigms and seeing them in the context of it You know actual real-time use is is really cool So I kind of want to ask this question in general What are you looking forward to just in kube kind in general beyond just you know The cloud just the you know our cloud native security conference I think that's a really hard question to ask Um for me, there's two different portions of it one of the things that I loved about going to conferences in person Is the hallway tracks and the people that you meet and the conversations that you can have they're a candid they're not prepared they're not like Nobody's gotten into their own heads about them yet. So you're just hearing everything that's raw From the community their passions the things that are driving them and moving them forward So that probably for me is one of the things I'm looking forward to the most is being able to reconnect with folks To talk about security to talk about their problem space as well as their solutions that they're working on How about you same question andres Yeah, I I look year round to keep con is the one place where All the community leadership is pressing and there's a chance to catch up on Well, we've all been busy, but let me pay attention to what everyone else has been up to What have they learned? It is a great knowledge knowledge exchange It is a great opportunity to extrapolate from The lessons of others share our own with with the community There is there's a lot around open source ethos and practice Which is the cornerstone of what cube con is all about so also great to calibrate and modulate to like The spiritual source of everything cloud native So I'm gonna change gears for a second, but go back to save the best for last I think it's the best It's one of my favorite parts of it is let's talk a little bit about the ctf because again, we have these two tracks Right, we for the first time we're doing the two tracks, but also simultaneously, right? There is going to be a ctf a capture the flag you all for the layman who don't understand whoever doesn't know What the capture flag is I don't know but um a shout out to magno uh in the team there, but I mean we have We have some guests. We have some hosts. We have some amazing stuff Who wants to take a little like a snippet of this just get everybody hungry for this one? See if they can by the way if you haven't registered by the way, I'm going to throw it back on the screen register now, please Who wants to take this one? So This is what like our second time doing the ctf maybe third or fourth. I keep losing track We're so busy whenever we do these events third. Oh my gosh. It's been so long Um control plane has been a really great partner and the volunteers that we have to help running run and execute the ctf And we learn every year that we we run this event We're excited because in addition to the regular ctf challenges that we have I think we have five maybe six They're hollywood themed, but we also have The live stream going on twice so one's at 12 15 pacific and the other one is at 3 p.m. Pacific I think I got this time sorry live on what cloud native tv you all That's right. Yeah So we've got some fabulous Co-hosts this time. They're not just from The security tab. We've got some folks from the community that are going to be co-hosting And we have a lot of really great special guests that i'm really looking forward to talking about the ctf talking about how they got into Capture the flag kind of challenges or just generally what their cloud native security journeys have looked like We like I can't say enough how much of doing security is community related and being able to talk to folks and Understand their methodologies and the way that they think about approaching some of these security problems So having that streamed for the cloud native tv audience is going to be super fantastic And hopefully we'll help up a lot of first timers and their ctf break out of their first container You know and with all the talks that take place It's it's often hard to find the Quietness to well, how do how do I put this to practice or let me let me rehearse this Then we go back to work and we we get super busy It is set that knowing and not doing is the same as not knowing So it is a great opportunity for cams on practical skills As emily pointed out we have a great crew of Red teamers blue teamers I don't know if we talk about capture the flag, but I don't know everyone knows what capture the flag is So there are flags to go after and in a system and you need to find your way through these challenges To capture the flag so great opportunity to put all the tooling in practice some of the methodologies And a lot not just just talk but be able to retain a lot of the things that get discussed and exercise I'm looking forward to it. I'm going to I'm going to be trying to do it throughout the event In addition to emceeing It's going to be it's going to be wild. Like I said, it's and and again just to so everyone knows is Myself and race Are going to be emceeing this It's going to be exciting Like I said, it's if you've all been to need the tag security meetings. We we have fun together. So it's going to be exciting Let's let's let's go home here. Let's talk to call it the action everybody Like how tell me how does people, you know, obviously we know how to register is anything we can You know, I can do to kind of just get people to come and what are the what are some other kind of like Give some more snippets out there like hey, we're excited for that people should come and check that out Nice raccoon by the way That's our raccoon. That's the mascot if you've ever seen the security tag logo You'll see our raccoon in it and they will be making an appearance at cloud native security con as well as throughout cube con So see if you can find them boom any uh any other Andres before we we let you go anything else you got Come with an open mind Come come to have fun learn Share what you've been up to each other's How you've been thinking about security what have you been doing around security? And yeah, hopefully through those exchanges we can all collectively safeguard our systems and our infrastructure Totally great. And um, I want to kind of throw this out there I want to say a big congratulations to to my friend Like literally my one of my dearest friends Emily and I want to say this to you I'm really happy for you that you are now a co-chair for for cube con There's nobody more deserving working with you for the last I don't know year and a half two years of like We all see how awesome you are and I'm so proud of you. I'm gonna I'm on tears right now Look pop is sappy. Sometimes you all pop gets up. So I'm so proud of you Thanks so much. It was it was very unexpected and completely thrilling to be considered let alone be have the opportunity and Work in an environment that allows me to pursue some of these opportunities So I I'm hoping that I can represent security and all of the cube cons to come as well as security tag and the security community With making sure that we are Well, well discussed and we are present and accounted for Awesome. Well, I'm gonna let you go. I got to bring in another person that uh, we uh, we all know We mentioned him earlier. You know, you all know this guy It's Dan looks familiar How's it going? All right, so we uh, so we're gonna have a we talked a little bit about software supply chain as part of You know the cloud name security comp, but let me uh, let you all go have a great day. Emily and andres and I'll We'll talk to Dan about that that show Thank you All right, my man, you're back. I'm back. We're back on the two downs here So let me let me ask you a question here. Well, hold hold on I gotta I gotta get something All right, all right, you ready do you feel comfortable now you feel like you could talk I think you've got a you've got to grow out the wig a little bit. My hair's been growing and yours hasn't Well, that's life, buddy. You know, I gotta I gotta get it when you get old. Is that it? All right, well, I have the I have a quick one. I can kick you off. All right So listen, I want to know let's talk about this in in general since you know We had like the saw the the key signing ceremony for six store And and you know software supply chain pretty much is blown blown up I mean because of the executive order and stuff that's going on here I want to know like hey, we wanted to start this conference. Tell me about the beginnings of this So everybody understands like what it is and also why you know, this is important Yeah, so this is the first ever software supply chain focused, uh, you know, cognitive supply chain security con This year, um, it's the day negative one event. So it is monday of next week. So monday of kubakon And yeah, why are we doing it this year? It's because supply chain security has become a you know, pretty important topic rapidly throughout 2021 Supply chain attacks started to pick up 2019 2020 and you know, they're ramping up like crazy this year Someone type just did a report a couple weeks ago. It said, uh, there's been a 650 increase in software supply chain attacks this year The european union the you just put out a report predicting another 400 increase next year Right, and this is just a case of attackers finding an area in software We can always do where we are under invested and uh, we as an industry have to come together to figure out how to pivot And get on top of this, uh, and you know, increase the cost of attacks. So attackers go somewhere else So let's talk about software supply chain security conf. I mean like what i'm first again, it's a first year conf Why would I go to this? Yeah, uh, why would you go to this? Um, you should go if you want to learn more about how to protect your software supply chain Everybody in the cloud native ecosystem is producing or consuming some kind of software Um, and because we're doing this on the open we're building all these awesome open source projects and we're using them together We are all part of each other's supply chains This is not something anyone company can come and uh prevent or fix completely by themselves At the community here the community of the cncf has shown that you know, we're all in this together And we all need to take a holistic look at software supply chain security and come together really to fix it together So i'm looking at this schedule here I mean there's again the creme de la creme from a cscd perspective creme de la creme of like software There's n users. I mean we got like lf public health Google booze alan hamilton. I mean Talk me through this schedule man because I know you painstakingly put through this Right. I mean talk to me like about some stuff that you're excited about Yeah, I mean we are starting out strong. So we've got an awesome keynote to start off here from The solar winds supply chain security team. So if you've heard of supply chain attacks this year, you've probably heard of solar winds Um, they were victim to a really really bad attack which pivoted and ended up affecting a lot of their customers So we've got trevor rosen from solar winds who's going to do a deep dive on the attack exactly what happened To the orion product the sunburst attack How solar winds then you know came together worked with the cncf worked with a cdf With all these awesome open source technologies to correct this to build the most secure supply chain they possibly could So that's the one i'm most excited about we get an end user report We get some details on an actual attack. We get some real world implementation And we get to tie it back together to you know the projects that we're all here collaborating on We've got some other awesome ones too, but yeah, you want to talk about that one a little bit first I mean dude at the end of the day, this is your spotlight. You tell me exactly what you want to see on pitch Yeah, that that one's amazing. We've got some more end user reports, right? We've got uh people Rolling out supply chain security on behalf of the entire communities, right? Um, so every company here, you know, we're not building in vacuums But we are depending on a whole bunch of shared infrastructure usually and in a lot of cases this shared community infrastructure Is not always that well looked after Um, and so we've got Dustin Ingram from the python software foundation. He's going to be talking about some of the awesome work Pi Pi Uh py pi the python package index has been doing to improve the security of that critical component of infrastructure One of the scary parts of supply chain attacks is that there's always two parts, right? You attack a supply chain and then you pivot down to all the consumers of that spot in the chain And so when you look around from an ecosystem perspective, there's all these really critical like super nodes things like pi pi Things like docker hub, you know, these single points that are trusted and used by everybody across the industry So it's great to see them taking it so seriously and you know working on it Um as a foundation We've got some other pretty exciting ones. Um, we've got a uh couple lightning talks Uh practitioners. This is a field that people might not always be Thinking about but it's putting security in 5g, you know in the networking space in the telecom and the carrier grade space From erikson Fatih's going to talk about how seriously they worry about supply chain and how they're working to protect it For everybody using 5g across the world today Let me let me ask you this because I say, you know, a lot of this again If you look at this, this is literally like the creme de la creme of software supply chain, but like Like i'm again, i'm a lay developer and i'm coming to this. What do I get out of this like, you know, because look, I You know, this is heady stuff, you know, you know, there's crypto that cryptography There's all types of stuff to this but tell me like i'm a developer coming into this What do I get out of it? Yeah, I think if it really is just kind of a way to learn the current state of the art The challenges people are facing you and uh some takeaways about what you need to do. Um anybody this developer should Like know about uh this whole area. It's it sounds all fancy, but it's really not right It's really about taking a lot of the concepts a lot of the normal, you know Coordinated security concepts that we're going to cover in the next day just applying them to build systems forever We've been fine as a development community as an ecosystem with Locking down our production instances All these awesome runtime security features and policies about who can access nodes But then the build machine is still sitting under somebody's desk and so If you're not doing any of these security features of the runtime security or anything like that on your build machine And that's how these attacks can happen a lot of it's just reminders and Showing you what other companies and other communities have done in this space Do I see we got some questions in chat? There's I asked for some questions in chat, but there's somebody it's just it looks like uh john Notice that there's operation salsa. All right. Yeah, I've heard about that a little bit Yeah, so salsa stands for uh, I can never remember the acronym um supply chain levels for Software artifacts something like that. It's also a really awesome type of dip And to help spread awareness about this framework It's kind of a set of guidelines a set of levels that you can look at to make improving your supply chain more approachable and digestible We put together a pretty fun video series called operation salsa I posted some teasers on twitter. We can uh Retreat another one of those I've during this the the short version of it But we are going to be airing some more footage live A coupon of operation salsa So stay tuned. There's uh plot twists. There's danger. There's intrigue There's explosions. There's explosions. There's puns even better, so There's a lot of iowa. All right, so moving on So, um, let's talk about this in terms of when is the event? Yeah, so the event is all day monday. Um, i'm going to get the date wrong So i'm just gonna double check October 11 monday october 11th So it is the day negative one as I call it the first day zero event In la and remote all the stuff will be live streaming. You've got a bunch of uh pre recorder talks as well So so riddle me this dan again So for the people that are remote here, you know, again, there's some pre recorded stuff That's going to be playing and stuff like that but like is um What what's you know, what are you going? What are we doing and I asked the same question before as well But like what are we doing just to make sure the experience is just as good for the virtual as well as the in person Yeah, so almost half of the talks have been pre recorded actually And so everybody's going to be able to watch them all live It's going to be questions and answer question and answer after each session All the stuff is going to be up recorded at the end um And what else am I missing? Well, I mean dude Let me ask you this. I mean again, there's there's the there The tool that's being used for the for kubecon general. There's a moderator so you can interact with the folks that are in there So um, again, a lot of the speakers can interact as they're as they're doing the talks is whatever So people should feel like they're part of you know, this whole experience in kubecon in general So go ahead Yeah, yeah, it's really it's one conference both in person and remote. You're gonna get an awesome experience either way So so dan let's let's switch gears for a sec guys as we finish out here. Um, what are you excited about in kubecon in general? Uh In general, I'm excited to get back together with this community, right? It's been so long. I am going to be there in person Um, I'm excited for for that to kick off again Um, I'm excited Yeah, for the day zero events both of these uh day negative one and day zero May have may have many words. All right. So lastly, this is the go home here So this is the call to action here. How does one like, uh, you know People can register. How would they register? Tell me about that like, you know Yeah, we've got links here, uh, go on and register. Um, you can register either in person or remote Um, it is early in the conference. So if you're not going to be there yet You can always watch that remote before you arrive. So don't let that be an excuse to not participate Um, really there's going to be some awesome sessions here. So pay attention. You might see this wig live Just letting you all know this wig might be live at that session I've instructed security to not let dan in Well, Dan, we did it buddy. Listen, let this this is it. Is there any parting words you have before I let you go? No, I think we covered it all here. It's going to be fun. Uh, there is going to be operation salsa There might be a wig if Dan can sync by Yeah, come join us It's going to be a lot of fun y'all. All right See you later bud All right, so again, we had a couple of amazing events we talked about today. You all I mean again these these The co-located events are always fun, right? We get to we get to see like different aspects of you know, the normal talks that we see at kubecon I'm excited for it. I'm also excited that uh, we're next week. We're we're going to be doing some Talks from we're going to be doing recaps all next week from the floor of of kubecon So we're as kube cloud native tv will have a booth All next week, we're going to be doing recaps. So some of your favorites a host like cat cosgrove Chris short's going to make an appearance next week as well. I'm really excited to have chris back Um, I'm going to be doing day one with my a legend. I call him the bay bruth Of you know, uh, of of what we do. It's uh stew minimum used to be on the cube He's going to be doing he's going to be on with me and lackey and we're going to have uh, sig honk on We're going to prionka. We're going to have steven and gustus. It's just it's an action pack next week I'm so excited to see you all Please if you haven't registered thus far for for kubecon, you know what it is here I'll throw this on the screen as well. I'm so excited to see you all so so we're going to be so happy But also look, uh, I'm going to be jumping in the hallway track as much as possible I want to interact with you all as well, but there's so many talks. There's so many amazing things happening There's so many keynotes if you haven't registered for kubecon, please do so really looking forward to seeing everyone Thank you so much for joining us for uh, uh for spotlight live We're going to have one more show this week. It's going to be prionka. It's the go home show We're going to talk about what's going on with kubecon. Um, it's going to be great So thank you so much for joining and we'll see you next time and if uh, I just wanted to let you know Uh that everyone that the spotlight is on you