 Tomorrow we have the addition of a capture the flag experience those of you who have been here before May remember Dread Pirate captain has Jack and his nefarious goings on We also have a selection of workshops. They will be happening outside of this room and we will continue with our content in here We have drinks receptions both tonight and tomorrow they are on level two of this building and With the greatest pleasure and again the warmest and brightest of thanks to everybody who has helped to make it happen But we have a standalone security con happening in February This is all the same Spicy cloud native security goodness that you have come to know and love from tag security and from these colos But independently standing by itself same content different occasion and we will look to learn from this event and Hopefully continue at infant item There are a couple of pre-recorded sessions today. There's one today and three tomorrow You can identify on the schedule They'll play in the room and speakers will hopefully hop onto slack so that we can get some feedback and real-time communication and questions with them and As if it wasn't clear enough to us all already Supply chain and open source security be so hot right now Over 90% of packages pulled from open source which libraries have a fix available We are installing old broken software and that has a ripple effects repercussion for all parts of our Structure our build systems our end user devices Keep those terrifying statistics in mind as we progress through our content for the next couple There are plenty of open source opportunity to remediate these things and importantly as an open source and voluntary participation based community There are plenty of places for you and your organizations to get involved not only in tag security's work But also in the projects that we help to assure and also more broadly of course over the course this week everything under the CNCF's bright shining banner Talking of banners. We have a CTF a typical banner The way that this will be played is all through a terminal We kick it off tomorrow in the room across the way room 333 But for those of us who have not played a CTF before We'll run through a workshop today. So instead of this being a Defco style malware reversing binary exploitation kind of CTF We are looking to help people understand Kubernetes security contacts. Sorry concepts and contacts, of course So this is an edge of CTF. There is still a competitive element but it's not designed to Mangle the Swede as we might say in the UK or similarly twist the brain Learn how to Pwn clusters and shells Will do an introduction workshop today and this will guide you through one of the previous CTF Scenarios that we've run before The points of doing style of CTF is to help internalize the adversarial mindset and then give us an opportunity To understand where to apply controls Ultimately helping to raise the barrier cloud native security There is also a companion website As I say, we'll start with a workshop today and then three workshops will run throughout tomorrow Running through three increasingly complex scenarios. You are advised to turn up for the first session If you are not feeling overly confident if you pop in just for the third session It will be slightly more difficult And of course we have the cloud native goose chasing us throughout This is the website and of course the peratical captain hash jacks black flagged vessel as they say everything is run through the command line and You can prepare for the CTF there. I hope that has suitably Insned some of your interests. Okay. What do we have coming up this morning? We have keynotes and into our first talk We have Michael Foster from Red Hat with crossing the Kubernetes network policy chasm Then Jeremy Colvin from upticks why developer laptop security is key to securing your CFP pipeline Again those open source statistics coming into shock Kubernetes Coffee break of the next two days a Huge thanks to our spot who have helped to make everything possible Cystic upticks and VMware Tansu some long-standing supporters of the security community in there I'm sponsored apiro and Gold taigera and veritas much appreciate. Thank you for the support And that slide has spectacularly failed to load Big thanks to everybody whose faces are supposed to be here Who helped on the program committee who have helped again volunteering their spare time in order to schedule and Manage an event like this. It is a non-trivial process. So huge. Thanks. They will also appear on the closing slides So they have a second opportunity Also a huge thank you to everybody involved in tag security again These are voluntary efforts with people's spare time organizations putting funding behind open source security Thank you once more to the incredible effort. We've seen from these individuals and Of course it would be remiss. There's another Another missing image You remiss not to remind you that should you have the spare cycles the inclination or just the interest To join what tag security does we meet every week? We have an Amir time zone meeting we have US flavored time zone meeting They alternate each Good things like ensuring project CNTF are looking to Help graduates We're working now with cert manager flux Argo CD. These are again critical projects to the sanctity and safety of production deployments and The expertise required to go through some assurance practices and threat modeling Experiences are It is a high bar the sex and so It is much easier to do with the Help and the collaboration of friends and colleagues in the open source community It's a great way to learn how things are done in other organizations And it is a hive mind a fabulous melting pot of intellect. I very strongly urge you Interested or with the cycles to come and join us jump on slack and Come and attend some of our meetings With that We are ready to start the day So the first keynote is starting in a couple of minutes Thank you again for your attendance and support and I hope you have a fabulous time at cloud native security con