 It's more than just open source. It's about connecting with people. It's about being part of the community. It's about sharing what you know and helping others. KubeConner is the best place to get hooked into the community and learn from everybody. And let me tell you, people, this is just the beginning. Hello, KubeConner Mia. It's the wrap up show. My name is Dan Papandrea. I'm from Cystig. I'm the director of open source community and ecosystem with Cystig. And this is? Hey, everyone. I'm Mike Foster. I'm a cloud advocate formerly at Stack Rocks, now Red Hat. That promo really kind of pumps me up, huh? I know. Are you hype, dude? I'm hype. Yeah, that's awesome. So listen, before we get started, we wanted to say a big condolences to Siam Pathik, who was supposed to be doing the session today. His brother passed away. And again, for everybody right now, go to Give India Right Now and do a donation and support India right now because they are suffering. And we want to make sure we're taking care of everybody in the community. So with that said, let's get on to talking about the wrap up. We have a jam-packed show today, don't we, Mike? Yeah, a bunch of people from different areas coming in to talk, especially with all the different pathways that's going on on Tuesday. There's a lot of content to wrap up. A lot of content today. There was an end user conference earlier today meeting with Priyanka was there. From an end user perspective, that was awesome. Shout out to you, Priyanka. And also, we're going to start us off first with Dan Mangum. He's from Cross Plain. He's going to talk about Rust and the Cross Plain co-located day. Welcome to the show, Dan. Hey, thanks for having me. Honored to be on here. Frequently watch all streams, and y'all do a great job. So I'm excited to be here. And just like y'all were saying, there is countless tracks that are leading up to KubeCon this year. Too many co-located events to count, basically. And I did have the privilege to be part of two of those, one of them yesterday, which was the first ever cloud-native Rust day. And then today, I was part of Cross Plain day. Two pretty different conferences, but a lot of really interesting stuff there. I guess maybe we can touch on Rust Day first, since it happened yesterday. Yeah, dude, I'm going to ask you this. Look, it's completely, like, you know, Rust seems to be taking over the world, right? I want to know from you, and Mike, you know, I'm sure you add some thought here to this as well. But I want to know for you, like, what was the sessions that were like, I know you, you know, like I don't want you to be biased, but was there any cool sessions that you thought were just like, wow? Yeah, so this is a bit of a cop-out answer, I think. But to be honest, I was impressed by kind of the breadth and the depth of the wide variety of sessions, right? So frequently folks turn to Rust as a kind of a replacement for lower level languages like C or C++. So you'll see kind of in the cloud-native space, it's usually used for projects that are, you know, IoT or Edge devices or something like that, where your memory constrained or resource constrained in some manner. However, there was a fair amount of talks that were just around kind of general usage of the programming languages and some of the patterns that it exposes and how those can be used for kind of places where traditional languages in the cloud-native ecosystem like Go or Java or something like that are typically used today. So there was some talks from the folks at Microsoft, a lot of folks over there, kind of with the Deus Labs group who previously worked on Helm. They have a project called Crustlet where they're rewriting the KubeLit in Rust. So there was some interesting talks around that. Some folks from the Rust side and the Rust Foundation also came and spoke a little bit more about the technical details. There are folks from Sony talking about embedded container runtimes. Dude, I had no idea. I mean, like, that's incredible, man. That's incredible, yeah. Yeah, it was absolutely awesome. And like I said, like a wide variety of folks. And then of course I feel like we should give a shout out to LinkerD who I feel like really brought Rust into the cloud native ecosystem by writing their proxy and Rust. So it was really awesome. And you mentioned there, Pop, that Rust seems to kind of just be catching fire. And I think that was kind of the attitude that the conference took itself because it actually had a workshop as part of the day, right? Where attendees could go and learn more about Rust and actually walk through building an application. So lots of really cool stuff there about advancing Rust in the cloud native community. You know, like in general, like, you know, by the way, shout out to LinkerD. They're going for graduation, you know, much like Falco and stuff like that. So which is really cool. But I'm like, you know, right here, this little graphic that's talking about the day. And another one that's really close to your heart is Cross Plain Day. I want to know about that. Dude, you know, I'm like, I'm the biggest fan boy of you all. So I want to kind of know more about that. Yeah, well, we definitely appreciate your support and you've definitely shown that over a long period of time now. But yeah, we've had a Cross Plain Community Days in the past, but this was the first one that was co-located with KubeCon. And that was part of us becoming a CNCF project towards the end of last calendar year. So it was great to partner with the CNCF in that effort and really, you know, get a lot of the expertise that they have around, you know, distributing content and putting on conferences and that sort of thing. One of the things that I'll say was much more prevalent in Cross Plain Community Day this year than our past Community Days was the showing of end users, right? So in the past, we've had lots of folks kind of advocate for Cross Plain and say this infrastructure control plan or this organizational control plan is a pattern that we believe in. But that was mostly kind of, you know, in the past, we've had some of the Kubernetes founders kind of advocate for that and just different, you know, folks from the various cloud providers. But this year, we really had a diverse set of folks from end users who came along and said, we have actually adopted this, right? We've changed how we manage infrastructure, how we manage our workloads in our organization based on Cross Plain. So seeing that kind of adoption was definitely really exciting. Which end user, like, and I'm sorry, but do you have a question guys that you're sorry were cocked and loaded there? I know exactly what question you're going to ask Pop. Let me guess. So you do it. Yeah, go ahead. Not on your head Pop, go ahead, go ahead. I was going to say out of the end users, you know, are there any specific ones that pop into your head for places for other people to get started too, to say, hey, look how they adopted our organization? This is my first time doing this. He's reading my mind. It's like the telepathy thing going on. Well, y'all are a great duo. But to answer your question, I guess I'd point out too. So Accenture had a talk today talking about some of the GitOps practices they use. So they actually use Crossplane. They use GitOps to manage Crossplane, but also Crossplane to manage various Git resources. So they use GitLab. I mean, we have a provider GitLab that allows them to basically create new repos and have those managed and teams and permissions and things like that manage. So it was definitely really cool to see them talk about that pattern because we're really embracing GitOps from a Crossplane perspective. And that's something that's ubiquitous across projects that are standardized on Kubernetes. The other talk that I thought was really great, not to single anyone out, but Guidewire is a company that's been adopting Crossplane. And their talk was all about kind of comparing Crossplane to their previous Terraform deployment. And we're big fans of Terraform over at the Crossplane project. And they have a lot of great patterns and they really ushered in the infrastructure as code revolution. And we kind of see Crossplane is the next iteration of that. So it's really, I think, helpful for a lot of attendees to see that compare and contrast about where each tool had its strengths and weaknesses and also see what that transition, right? Moving from an infrastructure as code tool to a control plane, what that transition looks like in some of maybe the bumpy parts as well as some of the parts that Crossplane smooths over. Awesome, dude. Sorry, Mike, did you have something else? I was just gonna say what's in the roadmap for Crossplane coming up in the next year. Yeah, how do people get involved in Crossplane? Let's hear about that. Yeah, so I mean, the canonical example is go to slack.crossplane.io. I think we are quite possibly the most responsive across time zones Slack channel that you'll ever be in. So we will get back to you very quickly. If you have questions or wanna get involved, we also have bi-weekly community meetings that you can find more about on the Read Me on our GitHub page or at crossplane.io. As far as roadmap, there's a few different things that we are looking at supporting in the coming months. Two of those that I'll kind of point out, one of them being custom composition. Composition is the way that you basically take granular cloud provider resources. So things like RDS instance or EKS cluster, something like that, and compose them into higher level abstractions that you then allow publish self-service on. We're looking at allowing you to basically write custom translation layers between your abstractions and those granular resources. Right now we have a templating engine that allows you to do that, but some folks wanna expand beyond that or use other tools. And the other thing is potential support for functions. So right now we have providers and configurations, functions would kind of act as these day two operations glue. And what I mean by that is there's a lot of operations that don't really fall into the Kubernetes declarative model. So things that are like data migration or just one-off actions that you need to take and you just need to write a little script to do this based on events that are taking place in your control plane. Functions could expose a very simple way for folks to be able to accomplish that. So we're looking to lighten the load for developers to get the most out of cross-plane. Fantastic, dude. Big fans. Dan, I know you're in a rush to get out of here. You got 15th session of the day. I appreciate you, Mike, I'm sure appreciates you more than me as well. But much love to you. Thanks for jumping on the show, dude. Awesome, thanks, folk. And keep up the great work. Thank you. Thanks, Dan. Get some sleep. Seeing some things in the stream here before we bring in Rich Hartman from PromCon. Big hugs to Siam, agreed. Thank you, Pop. Much love to Siam, again, support. There's support for COVID.giveindia.org. Everyone, please make sure you take care of your fellow person and send good vibes. Next up, we have Rich Hartman. He's from PromCon. He's gonna talk about the overall kind of conference and just bring us up to date. So, Rich, welcome to the show, the wrap up. Yeah, thanks for having me. Yeah, so PromCon is the yearly, or maybe even bi-yearly conference starting this year for Prometheus, which is obviously one of the CNCF projects. Second one to join the CNCF. And this was a kind of back to the roots. Of course, this is the second time that we've been co-located with QCon. The first time was in 2016 when it was still Claude-NativeCon. And this year, it's just due to all the logistics and everything, we also co-located with QCon day zero, day minus one. So, yeah. Awesome. And so like, let's talk about sessions here. Mike, I'm sorry. Like I keep a good guy. Dude, is there a question you got? No, if you're up. I love me some Prometheus, man. I gotta get in there. So what were some sessions that you were like, wow, I can't believe this thing is getting, because I recently interviewed for the podcast, Ulyss, right? Volts and it was like, I'm just blown away by just the project itself and it's such an amazing thing. And I believe it enables everybody, like almost like Prometheus giving fire, right? It's just that thing enables folks to do so many things in terms of observability and all that. So was there a session that you were like, wow, this is taking this thing to the next level? That you can point out or many? There's actually several. The ones which I liked the most were the two by Julius and by Tom, both talking about the Prometheus Conformance Program which we announced yesterday together with CNCF. Prometheus is in its space where it's already quite large within CNCF and beyond. And you have lots and lots and lots of players who want to claim to be compatible and sometimes they are and sometimes they are not. And this leads to tons of user confusion. So what we're really going all in on is a conformance suite where you get a stamp of approval that yes, you are compliant to this and that specification. And if all of the specifications which are applicable to you, if you reach 100% across all of them then your Prometheus is compatible. This kind of thing, uplifting Prometheus from just a complete ecosystem, even wider into a real suite of interoperable specs where you actually have open protocols, open standards where completely distinct code bases speak with each other through that shared thing of like Prometheus and Prometheus compatible. That to me is the D thing of ChromeCon. That's awesome to hear, especially to see that maturity. I remember when I first started with Kubernetes, Prometheus was one of the first things I installed in my cluster and just getting that observability of all your microservices is massive. So along with that thought, for people who want to get involved in the projects, are there any specific resources you want to direct them to, Slack channel, anything like that? There's tons. The best overview is on Prometheus.io slash community where you'll find the overview and everything. Yeah, perfect. Bill, he's on the ball. Bill's on the ball, yeah. As we are a rather old project, we also have IRC and mailing lists and everything. We also have Slack, obviously on CNCF, we have discourse, those are like the more tech space and such, but we also have a platform, of course. We have a fully open calendar where you can just pick and choose whatever calls you want to join. We have our Dev Summit, we have two different office hours, one in Indian time, one in US and U time. We have an open community call. We have the storage WG. As of today, we will have the documentation WG and all of this is recorded on YouTube as well. So, and they're all ready to join. So... Yeah, maybe a better question was, what don't you guys have? What are you looking forward to? What's next to the roadmap? You guys are fully mature, got a great ecosystem around you. You know, what's next? I think there's three major themes. Today, we see another big wave of adoption, in particular beyond just cloud native, with a high focus on industrial control systems and such industry for all IoT, all those buzzwords. There is a huge wave of users coming in from that area, also FinTech and literally all the buzzwords. So, to cater to this type of... I'm waiting for you to say Edge. You're gonna say Edge at some point? Yeah, I mean, yes. I mean... I got it, yeah. The reason why I didn't think of Edge as a buzzword anymore is I built a data center before joining Reconelabs and their Edge is the buzzword of like five years ago. But this concept of having more and more compute distributed farther as you go towards the Edge, towards the fork as it were, is obviously a thing with IoT and everything just demanding this kind of capacity, tiering similar like you have with CERN and LHC, which pioneered this thing like 20 years ago. So anyway, that kind of thing where you have all those new users coming into actually cater to their needs and give them the resources they need to onboard themselves. That's one thing. Next thing, the next big theme is creating more stability in as much as we actually create those standards, we create those test suites, which A, a certain compatibility, but also it allows us to be more aggressive in innovation. Of course, we have this basis of things which are actually tested, which are working, where we have official specifications and everything, and we can obviously build a lot more quickly on those foundations than if we were hanging a little bit in thin air. And the third one is based on the stability thing to just explore new things. One of the major ones is probably exemplar support, which is pretty much in Prometheus as of right now. And the other example would be exemplars, where Björn Rabenstein is doing a ton of work to really allow high resolution histograms within the complete Prometheus ecosystem, which will be quite huge. I think Bartek and Ana Easton in another talk as well, the problem kind of thought that was very good as well. I mean, again, it's ecosystems rich and you know, Richie, you're doing a great, kind of great, great, great job out there with this prom kind. I love to see the support for it. I think, you know, Cystic was a sponsor for it as well. So it's definitely cool. So I appreciate you being on the show and giving us that wrap up, man. It's awesome. Thank you for helping me help up. Thank you. Alrighty, well, listen, we got to pay the bills, right? We got to say a couple of things here. Give a big thank you to CNCF for the wrap up show, but also look, if you all follow on little Twitch here, Twitch is an awesome medium. We're going to have a lot more things, a lot more things you're going to hear about pretty soon. Follow us at cloudnative.tv or if you're in there to see twitch.tv slash cloud native FDN. Yeah, got to pay the bills, don't we Mike? Got to pay the bills. Let's pay the bills. That was easy. It's easy, right? It's painless. No doubt. No doubt. I can follow. I wish we could have a drink from your bar right now, but we can't right now. It's too early, apparently. I was going to say, it's not even noon yet. It was an early morning for both of us. Yeah, we have the jet lag. Alright, well, next up, we got gone baby gone. This is Chris gone. He is from Solodio. He's going to follow us a little bit about, there he is. Wow, look at that. That was a cool effect, Mike. I'm going to go get my mattress. Chris gone. How's it going? Welcome. Thanks. Good to have you. This is my first time on Twitch as well. I should have grabbed my PS5 controller. Hey, man, do you want to tell us who you are, sell the audience who you are and what do you do? And then we can talk about the service, Mishkan. Yeah, so I lead the product management team at Solodio. You probably are familiar with our products like glue, glue wedge, glue, glue mesh and things of that nature. And yeah, IstioCon. It's exciting. We had eight talks at IstioCon, which I think is the most talks I've ever had at a conference. Incredible. I'm going to see our service Mishkan. Sorry, sorry. Yeah, it's all right. It's all right. Yeah, it's cool. So let's talk about this in general. Do you see adoption growing from that perspective of, from a service mesh perspective, seeing a lot more of that? Oh yeah, for sure, for sure. We see larger organizations starting to adopt. We see organizations that have started out a year ago starting to expand. I know of one user that has a hundred clusters with a hundred service meshes on each one of the clusters. So it's, yeah, it's definitely going gamebusters, for sure. So this is a wrap up show talking about, I'm sorry, I mean, did you have something? I was going to go end user community because I remember, you know, service mesh was sort of the buzzword in 2019. And I was looking forward to seeing how it was adopted over the years. Wondering if you had any, any big wins, any like good user stories that you wanted to share with other communities for how they can adopt the service mesh. Yeah, I mean, you typically see people start out with, you know, starting out slow and joining like community channels and starting to get running on their clusters, reaching out, getting involved. And so that's, that's typically the momentum and the path that we see most organizations taking right now. So let's, let's go back again. And now that we're, you know, let's talk about the sessions, right? And the sessions in general, tell me kind of what your thought process like, what were some of the ones that you're like, wow, this is taking this thing to the next level. Yeah, so I mean, there was a really good session from an end user from Penn State that talked about how they're using service mesh to, I guess, roll out COVID testing to their student population. So that was really cool. That was one of the, one of the key notes that we saw today. And then there's another cool session or there's a couple of sessions about running service mesh on VMs, on virtual machines. I think that's really important. There's obviously there's great Kubernetes adoption within the organization, within many organizations, but there's still a lot of things just on VMs outside of a cluster. So you see a lot of mass for that type of functionality. And so I think that's, that's important to bring into the, into the fold. We have a question from the audience here and not to put you on the spot, but is there, do you have some number of how many companies try to use and give up? Do you know the most common reasons for their failure? I don't know the numbers of companies that tried and gave up. Typically those are not the ones that I'm going to be talking to. I usually talk to companies that have tried and are now looking to for help or are at the very early stages and haven't even tried yet. I'd say the most often times what you see is there's just a lot of different options out there and a lot of growing ecosystem and they have a lot, somewhat of a hard time navigating that. And then also just getting started and installing, upgrading, knowing that there's only N minus one or N minus two support for whatever you're using. So you have to constantly upgrade every six months or something like that. That's oftentimes where people start to, people start to fall down. And I would say instead of just failing, they oftentimes reach out to someone for help. Gotcha. So let's get back to the conference. I'm gonna ask one more question in terms of this. Are you seeing like, is it like, most of the obviously Envoy being like kind of that underlying proxy? Like I kind of wanna understand like what in your eyes we're seeing as part of like the outputs of some of the sessions at ServiceMeshCon? Yeah, I mean, there's still a large ecosystem. I mean, I'm biased, but in my mind, Envoy is supreme at this point. It is taking over many of the older technologies as well, like for example, an NGINX or something of that nature. And you just see a proliferation of Envoy in many different Service Meshes and in the ecosystem at large. It is really becoming just like, Kubernetes and containers Envoy is really becoming like the specific container technology for Service Meshes at large. Great. Hey, so Mike, did you wanna, I know what you're gonna ask, right? Well, I just didn't have a question, but I was gonna say that I posed that question. I see Omar and Raphael in the chat and they said, if you tried ServiceMesh two years ago, it's a really different landscape today. And that's kind of where I was trying to lead to is I think that the landscape has matured so much and has just become more of a stable project, I think. Documentation has caught up. So I encourage everybody, especially if you haven't tried it, it's a lot easier to implement, test it out. Just kind of wanted to drop in there that little tidbit, but pop, go ahead and ask your question. Yeah, I just think in general, like exactly what you said is I think the adoption's got no better. It's, you would have said, I think the coin, the term like a year and a half ago was Service Mesh. And you know what I mean? But now I think we've gone beyond Mesh and there's practical aspects of it. But you would have said the same thing about Kubernetes. Why do I need this elaborate setup? And now that people understand that it's in place, people are adopting it much more. I think my next question is, how do people get involved with Service Mesh in general, Istio, Envoy, Glue, those type of things? Can you give us like, hey, I'm a beginner to this whole thing and I really want to understand how to get involved from a community perspective? Yeah, I mean, there's vibrant communities, Envoy is a CNCF project. So you could go to the resources available on the site as well as the Slack communities. That's always where I started out, just join the Slack communities. Everybody's friendly there. They get hubs as well. And yeah, just reach out and start to interact and start to use it. I think that's the best way. For Glue specifically, we also have a community Slack and we try to answer every question that comes in. Well, Chris Kahn, we did it. Had a great session. Awesome Service MeshCon, big success. Co-located days, awesome. Thank you so much for being on the wrap-up show. Thanks for doing your first Twitch session with us. Appreciate it. Hope to get you all more. You did it, buddy. Gotta turn the lighting down a little bit, all right, man? You're a little pale, little pale over there, Chris. Good to have you on the show, buddy. Have a good rest of the day. All right, hey, Mike, listen, we got a couple of minutes before we get into the next thing, let's talk a little bit about like, there's a bunch of stuff going on this week. And I know it's kind of pointing you on the spot here, but where'd it come with some of the sessions that you're like, oh, I really wanna check out? I'm gonna somewhat give myself a little shout out here. I've been part of this little business value subcommittee. So there's a new track in KubeCon that's gonna talk about business value. It created a little glossary, some 25 definitions you can get involved with. That'll be tomorrow. That's with Jason Morgan and Catherine. And yeah, I think it's a really easy way for people to get started. And I kind of wanna push a lot of the more technical stuff up the pipe to more of the leaders so that they have the tools. So that was one, we didn't start the fire, Ian Coldwater and Kat Cosgrove. Looking forward to that one too. I'm so excited for that. First off, Ian, they are awesome. And both they and Kat, the whole like getting verified thing. Look, I'm so happy that Ian got verified. And that's an awesome thing. And I just love the interaction that we see on Twitter. And there's one person that I think from a security perspective that has just captivated all of us. And that's Ian, but also Kat is just a phenomenal person. So it's just, I'm excited to see that session. One of the ones is a session as well. I think we've talked about this a little bit is Tabby and Elle Corbis is gonna do, and I've kind of had a preview of it. And I think it's fantastic. It's real world. And so I'm excited for that going forward this week. Ian bringing security to the 101 track. That'd be awesome. Yeah. And then obviously look, I'm a little kind of biased on this one, but Lorenzo Fontana, who's a Falco maintainer, just props, it's gonna be a really good session. It's basically like how to hide out. And he's using the analogy of Among Us, which is kind of cool and awesome. So I'm excited about that. So it's gonna be definitely cool. Alrighty. So we bring on our next guest. Mike, how are you doing over there? You good, man? You all doing good? Yeah, everybody in the chat is encouraging me to pop open the bar at 12. I think it's a good idea, no doubt. All right, next up. Boy, listen, here's a surprise. Well, somewhat of a surprise here, right? I have our friends. We have our friends from security. This, you know, we had the capture to flag earlier today. There was pirates. There was an incredible panel. I mean, you all saw this. This is an incredible panel. I want to bring in Magno and I want to bring in Diego. Hey, hello, everyone. I promised you a pirate. If you follow me on Twitter, it's a pirate, right? Yeah. Anyway, I just, you're good? Well, he said CTF is still on right now for those who are interested. So check it out. Yeah, I think you'll have about half an hour or one hour maybe. If you talk to the tax master, he might give you a little bit more minutes there. Well, keep on going. Wally, man. Yeah, I have my goos here. Wally the stuck. Wally the stuck, dude, all right? This is not good. Yeah. So listen, for the uninitiated who didn't, anybody who didn't follow the Six Security Day, I want you to kind of give everybody a briefing of, hey, what went on today? Like, so people know and all that, so. Yeah, I can talk about the multiple sessions that have been super interesting and very great presentations. There's a topic that it's, we're hearing more often recently related to supply chain security and having assurance of the artifacts. And we've heard in the news a lot of compromise in different companies and other areas. And that's a problem that it's increasing. And yeah, presentations about Intoto and Spiffy, these are the technologies that help you have more assurance in all your process building software and having metadata to sign every step and having more assurance of what you're going to deliver, what you're going to run. So we have talks about that in, with those technologies and other technologies that also help in that, like things like the upgrade framework, notary and also other process like least privilege and depth setups. So the environment is maturing. So with all these new processes, technologies and the things that have been found of attacks to companies and other places and the community and the projects, open source projects and also commercial products are helping to mature. And then also with that comes other presentations that have been interesting in terms of going a more deeper level in terms of not just supply chains, but also the, for example, there are some suggestions like John Kinsella mentioned a new process to call the nutrition and nutrition labels. And by the way, I was on the CFP like committee program committee for this. I loved it. I think, again, it's just something where you can kind of, you know, put things in logical buckets. Look, we all have, look, I'm guilty. I've done five talks this year on cookies, right? I mean, come on, you gotta kind of put things into logical buckets so people can understand them. These things are heady. You know, you think about user auth, you think about runtime security, you think about vulnerability, you think about software supply chain. There's a lot of things to grasp, but if you can put that like John did in very easy tight buckets that you can kind of, the end user can understand. It goes back to Mike when you talk about the thing you're doing in terms of the business value aspect, right? It's like, if you can't equate something, how can you put a business value? You can't make it simple for somebody to understand at the C level, how are they gonna justify the purchase of a security product and all those things? So fantastic, sorry to cut you off, Diego. Yeah, no problem, no, that's right. And yeah, and this is like some examples of how we, in this area, we are getting more mature with more solutions and more thought process, like the security nutrition levels, as you mentioned, help with people, quickly understand what can be the potential risk and other characteristics of what they are integrating in their environment. And as I said, a lot of them supply chain security, but also new areas like the EBBF and how it helps you in terms of detection and new ways in the Linux kernel to have more visibility monitoring and other things that can help you. So I think that these are the main areas. We have a lot of other as well. We had the live sessions of the capture of the flags where it was super useful, I think, for the audience to hear from the excellent panel of the different perspectives of how do you get introduced into cloud native security? How would you approach the capture of the flag, but also in terms of recommending people of how they will tackle not just for a CTF, to learn new things and start with security. And as Ian was saying, it depends how you like to learn, how you want some people like to practice, some people like to break it, some people like to watch it. There's a common sense like you need to know the basics, you need to know about Linux and containers, which is going to help you in the foundations to have more skills to then expand your knowledge on that. That's the thing, I think, that as part of the CFP process, we were cognizant of, we wanted to make a progression from the one-on-one states to how people learn to more of the progressive. Look, you don't expect somebody from a one-on-ones perspective to be doing like SysCalls and EBPF. It's just not something you pick up easily, right? And so having that basis, I think, is definitely cool. And also, Andres Vegas is on, is one of the co-chairs of SIG Security. So he's going to be coming on right after you. Oh, he's popping in right now. There we go. Look at that. Ooh, there's my guy. Awesome. Hello. It's like SIG Security Day here. Awesome. Yeah. So hey, let me tell you, I kind of want to understand just in general, like Andres, what are the things like putting together the SIG Security Day with the group? Like what are the things that you were thinking about that you wanted to kind of articulate for this with the team? So? Certainly. Well, here's what I can tell you. What struck me throughout the event today is we're starting to talk about security differently. And this is something we've been preparing for quite a bit of time. And we're putting a lot of energy into. But for the first time, Cloud Native Security Day feels a whole lot less theoretical and a whole lot more practical. Everything we've talked about is actionable. And it's not just technology, but it's people, it's process. And it is quite refreshing. Seeing the audience not being strictly security professionals, but a mixed crowd of people whose security is their number one responsibility, but they've been at it for some time. And also the folks whose security is one of their many responsibilities. And I think this speaks not only to this co-located event, but all the others. You know, Netflix paved road concept. Are you familiar with that? Mike and Paul. Put that up. So, well, they have this organizational idea if you look at security programs or any area that's a shared responsibility typically that either you have security to be the responsibility of each of the product teams or have a central team dedicated to it. And Six Security in a way is a hybrid model of that. It is a virtual team across the industry for many different vendors, for many different end users coming together to advance the space, to provide tools and resources and make it available to everyone else whose security also happens to be their main responsibility. I love, there's two things I love about that statement. That's one, everybody coming together. Look at this. There's various vendors coming together for the benefit of the end user in the community. That's number one. One of the things I love, and by the way, shout out to Emily Fox that, you know, so much love of the community. We strive to make sure the security and cloud is accessible regardless of skill level, you know, right here. But the reality is, is the things we're working on terms of best practices, you know, the guides that we're putting together. I know Diego, that's something, you know, you're very, you know, it feels very strongly about somebody just opening up and having a document that says, there's just, you know, the ecosystem and landscape is incredible. There's so much stuff out there, but we're kind of making it very, trying to make it very simple and accessible for somebody regardless, like I said, of the skill level. You want to talk a little bit about that, that, you know, the best practices guide that they're building and all of that. Is that something we can talk about or? Yep, certainly. Go for it, Diego. No, you're on this, on this. I can, I can go. Okay, so yeah, so I think you mentioned about the cloud native security map project. Yes, yeah, we'd love to talk about that in depth and maybe we can shoot up a link after at some point, so. Yeah, so this is an initiative that I'm led by Brandon Ash and I'm also been helping with other contributors. And from the cloud native security white paper that was released a while ago, there was some questions in terms of, that's a good reference for the process and knowing all the areas that people need to be aware of. Now we can go a little bit further and show some specifics about those areas in the white paper. So we can show specific projects that are going to help the people in the specific area and with more details of the example. So for example, the white paper mentions awareness about runtime and then which projects are going to help you in the runtime and security for containers or runtime and security of scanning of the manifest that you're going to use. So we wanted to provide multiple examples for the community so that they can start from scratch. They know what it is. They know the description of the problem from the white paper and then they can trial those projects that we think are going to help in that specific task. It's fantastic. And again, it's something where, I think there's, did you put up a link there as well, Magno? Okay, beautiful. That's the CNS map diversity. So again, take a look at that, as an example again from the best practices perspective, a guideline, because again, it's scary the amount of solutions that are out there. I think we've kind of tried to make an educated kind of idea of how that would be here. Shout out, by the way, to Duffy. Again, part of this, the panel earlier today. Duffy, you know how important you are to the community. We love you to death. I see some other folks here. Anybody else kind of want to kind of talk about any other parts of Six Security that we kind of want to let from the Six Security Day perspective, Magno, you've been quiet, but I want to hear more from you. Sure. Yeah, I'm tired. There's no tired in Six Security, Magno. Oh yeah, yeah, for sure. Yeah, I'm on my fifth cup of coffee. I've been awake since 4 a.m., so this has been awesome. I think the CTF challenges were great so far. Andrea and Luis are doing the wrap up right now with the walkthrough as well. We will probably post some write ups on how to solve the challenges and walkthroughs for everyone to try later. I think the Six Security Live event, right, with the gas speakers and talking to them how they start their journey and also putting them on the spot there for how to solve a specific challenge that they've never seen it before. I think that was really, really great and really awesome to see. Awesome. Something that was glossed upon there is there's not one pattern. There's no one way to security, right? And when we talk about the CTF or Cloud Native Security Map or any of the other resources or tools that are coming up from the community is that we actually encourage accidental, we actually discourage accidental detours, but we want to encourage informed adventures. We want you to go out there, venture. If you don't want to follow the rest of the recommended practices that are coming up, we want you to do that, but we want to go there with you and help you backtrack so we can capture learnings, capture our knowledge and share that with others. Because in the end, that's all the energy that's put into the event. It's really about creating collaborative knowledge, shared knowledge, you know, even in a virtual event where we're having the opportunity and the gift of being able to come in here and being able to validate the things we see day-to-day in our work. Are others seeing the same thing? Are others thinking about things differently? How are others talking about this? And it starts creating new connections, right? Be it to the people or different ways to look at problems and come up with innovative solutions. So one of the things that so Emily put, Cloud Native Security Day was created by community as a way to allow the community to come together, not only to learn, explore alongside each other, but to push Cloud Native Security forward, completely agree because again, it's everybody coming together and having a shared vision of what security should be, not just either a security or a vendor specific or a product specific, it's many vendors coming together and figuring that out as an overarching theme from that perspective. I want to say this, everyone, like, look, we're getting these questions of how people get involved. Look, I'm going to tell you this, I came in uninitiated and I think we, you know, early on, you know, and came in and I was welcomed and the group is fantastic. And so joining it, it's, you know, you feel welcome, you feel inclusive, you feel like you can get involved. Shout out to, you know, Andres, Brandon and Emily for doing that. And also, like I said, the members of the team, the Diego Magno, just phenomenal. So how does one get involved? Who wants to take that one? With SIG Security? Sure, I can take this. And I think the best place to start is joining the Slack channel, right? The Cloud Native Foundation Workspace and our SIG Security Slack channel. And then we have weekly meetings on Wednesday at 1 p.m. Eastern time that you can join, right? Obviously, we're not going to have a meeting this week because of QCon, but for next week, we're back. And yeah, that's how I got into it. Even if you can't join the meetings or you're working or something, you can still participate on the Slack channel and find out about the awesome projects that are going on. There's also, sorry, there's also GitHub. The GitHub, we have the NCF SIG Security where you can see the issues, you can see the guidelines of the new members and how to contribute, how to join the different channels, main list and all this stuff. And look, if security is not your area of expertise or you don't have a technical background, don't let that hold you back from participating. We love new ideas. We love new perspectives. We love what you can bring in from any area. Like you may be an engineer, not be an engineer. You can be a product manager. You can be a technical writer. You may be someone just entering the industry. We're here to bring you into the fold, to hear how you think about things, to help us poke holes at how we're thinking or how we've been thinking about things and really to start you things differently. But yeah, we've all dealt with imposter syndrome before. We all have learned from, we have learned that we have a whole lot more to contribute, but we've also learned from our peers and we have worked on our knowledge and our practices. And with the different initiatives and efforts that are going on, we do require folks with very different set of skills. We write white papers. We need people to give it a proofread and do some editorial work. We may need people, if you love doing art design, how do we do diagrams and illustrations to convey ideas better? If you like telling stories, if you like just complimenting whatever you can think, it's all- Yeah, there's a space for you all. There's documentation, there's all of those things. And so everyone, thank you so much for joining from a sick security perspective. I think we've inundated everybody from the information perspective. Thank you, Magno, Diego and Andres for joining. We appreciate it. Thank you. Thank you, it's awesome. Thank you for the invite. No worries. All right, Mike, let's see. You ready to wrap up, my man? I know you got birds with feathers. You wanna tell everybody about the birds of a feather session you're doing? Yeah, little birds of a feather session. I think it might be capped. I'm not sure if people can still sign up for it, but just talking about some of the issues with implementing security policies and actually just to touch on their point. By the way, speaking of Andres, talking about as if he's got over imposter syndrome, like semi or cleft notes. I need to know. I know, he's phenomenal. I love that guy, like he knows it. So yeah, totally great. Well, yeah, it's, you know, we do studies on security and literally all of our responses are 20% like developer DevOps, operation security. Everybody has a role to play in security. So small incremental changes join the community, really useful and shout out to that for the messaging, honestly, it's perfect. Fantastic. All right, man. Well, listen, it's been a pleasure working with, you know, doing this with you. Hopefully we get to do this at some other point. Appreciate you. Thanks everybody, the panel for joining. Again, I really wanna give a shout out to Siam again, you know, because that's my man I just, it's unfortunate he couldn't do the session today, but shout out to him and I hope he, you know, I wish the best for him and all of that. So thank you all for joining. We have an action packed week this week. So like, you know, we'll be in the hallway track. I think, you know, we'll be around. I'll be in the hallway track. We'll be, you know, at the, there's maintainer stuff, there's a bunch of sessions. Please, y'all ask the questions. Enjoy yourselves. This is what it's all about. Thanks Mike for joining. By the way, you're doing like another wrap-up every day, right? So we have a cat tomorrow. Yeah, yeah, that's a good one. Yep, so I missed that. Thank you, co-hosts. So basically tomorrow we have cat and Maddie Stratton is gonna be around Thursday. Anais and Leonardo are gonna give a wrap-up and then I'm back on Friday with my mortal enemy raw code. And we're gonna do like the overall wrap-up. So yeah, thank you all for joining. Looking forward.