The Inaugral CloudNative SecurityCon, North America, and Security Zero Day
The upcoming CloudNative SecurityCon is a conference focused on the practice of securing modern applications and cloud native infrastructure: containers, microservices, and serverless architectures. The conference features leading experts and practitioners and covers topics such as software supply chain security, zero trust, and implementing security best practices in cloud native environments. The event presents opportunities for networking with other professionals in the field and a host of luminaries from the community.
But what you may not know is that it all started with a simple GitHub issue, proposing a volunteer-run microevent that has now exploded into a multitudinous gathering of security practitioners.
It all started back in 2019, when two passionate individuals within the CNCF Special Interest Group for Security (now renamed TAG Security) recognized the need for a dedicated space to discuss and address the unique security challenges faced by cloud native technology. They saw an opportunity to bring together experts and practitioners from across the industry to share their insights and experiences, and to collaboratively work towards solving these challenges.
The team came together to put on a small micro conference as part of the larger KubeCon + CloudNativeCon with the goal of creating a forum for attendees to engage in meaningful discussions and learn from one another. The micro conference was held at a small hotel conference room at an adjacent venue which placed a limit on the number of attendees but made for a lively and engaging event.
The COVID-19 pandemic hit and along with the rest of the events in the conference circuit, the event pivoted to a virtual format for continuity. The risk was becoming yet another fatigue-inducing endless stream of content. Something had to be different for the event to differentiate and provide value. The organisation with the help of ControlPlane was committed to creating an engaging immersive experience to compensate for the key missing parts of an in-person event. Building on ControlPlane’s breach simulator for training purple teams on attacking and defending Kubernetes, the team built a series of compelling scenarios that would progress in difficulty for a hands-on Capture The Flag (CTF) experience. The CTF made for a fun memorable experience that left participants wanting for more.
After a successful run of two consecutive virtual events and with the return to in person events, word spread. Since then, the conference has continued to grow in popularity and scale, with each year attracting an even larger and more diverse group of attendees. The SIG-Security Day of a couple of dozen attendees became virtual Cloud Native Security Day with hundreds of attendees worldwide, followed by a sold out two-day hybrid of hundreds of in person events for Cloud Native Security Con in 2022, followed by a multi day event but still a microevent under the banner of Cloud Native Security Con.
Encouraged by the response to the micro conference, the CNCF Leadership and Events Staff and the TAG Security team decided to take things a step further and organise a standalone event focused solely on cloud native security collaborating with ControlPlane to carry on the appealing CTF experience. And thus, the Cloud Native Security Conference was born. What started as a small, volunteer-run micro conference has now grown into a major industry event, drawing top experts and practitioners from across the world to share their insights and experiences on the unique security challenges faced by cloud native technology.
The success of the Cloud Native Security Conference is a testament to the dedication and hard work of the CNCF TAG Security team, who have consistently strived to create a valuable and informative event for attendees. It is their vision and leadership that has helped to make the conference what it is today – a must-attend event for anyone interested in the intersection of cloud native technology and security.
ControlPlane is on deck to collaborate with the CNCF in the delivery of the CTF experience from which participants can uplevel their skillset.
In addition to the CTF, Amazon is hosting ControlPlane alongside our friends at Ergonautic for a Zero Day event to theorise on making security valuable to the business, threat model Kubernetes, and gain exposure through a living hacking and remediation demonstration.
You can catch ControlPlane sessions during the event on the first day with our very own Head of Security Rowan Baker session of “Avoiding Infrastructure as Code Potholes with Policy + Cloud Controllers” and the keynote presentation “Learn by Hacking: How to Run a 2,500 Node Kubernetes CTF", presented by ControlPlane CEO Andrew Martin and VP of Operations Andres Vega.
On day 2, Andrew Martin will be sitting a panel with industry leaders Kiran Kamitty, Jonathan Meadows, Dr. Allan Friedman and Rose Judge, and also delivering a Threat Modeling Live from Scratch session to showcase TAG Security’s new “lightweight threat modelling framework” to increase the velocity of CNCF security reviews.
We sincerely hope that as an attendee you enjoy the show. We look forward to seeing you there!