Guest post by Dan “POP” Papandrea, Lead of Open Source Community and Ecosystem at Sysdig


My name is Dan “POP” Papandrea and I am the new Lead of Open Source Community and Ecosystem at Sysdig, with a focus on Falco adoption and contribution. Throughout my career, I have focused on trying to walk a mile in end users’ shoes to understand their software pains. Over the past four years at Sysdig and during my time in the cloud-native community, I have learned so much about how enterprises and their end users, developers and operators are using cloud-native applications to truly transform their business and speed their delivery.  I have also immersed myself in the open source community and seen this amazing group blossom into a fantastic place for innovation and collaboration. 

So, Why the Move to Falco?

Runtime security is clearly a necessary requirement for protecting cloud native, and specifically Kubernetes, and there are amazing opportunities as organizations transition to securing container and Kubernetes environments. Falco is cementing itself as the runtime security tool for the cloud.

Having worked with the Falco project since its inception in my capacity as Field CTO for Sysdig, I have seen Falco’s incredible momentum and adoption rate.  Falco is a phenomenal piece of core technology, and it has been exciting to watch the maintainers who contribute to the project create even more exciting things.  Getting to work with the Falco community and my colleagues at Sysdig involved in Falco development has been such a pleasure. 

I chose to move from my Field CTO position to Falco because I believe in the technology and I love the cloud-native community.  I started a podcast (the popcast with danpop!)  at the beginning of this pandemic as a love letter to the community and to connect at a human level with the leaders who created its awesome tech, beyond just their code.  I am a member of the Kubernetes Contributor group, who eats, sleeps and breathes how to best contribute, adopt, and support what I believe is the greatest technical community in the world — Kubernetes — and its constellation of supporting projects.  Being able to work with the amazing ecosystem within the CNCF and the various surrounding projects is so inspiring and I cannot wait to help nurture adoption, contribution, and end-user success.  This is what gets me pumped.  I am such a big fan of these projects and there is so much power and possibility if we work together in the true spirit of collaboration and COMMUNITY.

Falco’s Progress

Falco has made tremendous progress.  Contributions and committers have increased 280 percent from external companies’ contributions.  Overall contributors in 10 months has seen 74 percent growth with Github Stars increasing over 287 percent since moving to an incubation-level hosted project. The Sysdig team dedicated to Falco has completely overhauled and moved everything to conventions required by the CNCF for Incubation, including migrating to a new build and contribution paradigm.  They created and optimized code for easier deployment and better performance of the underlying Falco Engine and Rules.  The Falco Community, including the amazing contributions from Leonardo Di Donato, Lorenzo Fontana, Leonardo Grasso, and many others, has made HUGE strides!  We’ve had over 600% growth in integrations spearheaded by Falcosidekick, an amazing piece of tech created by Thomas Labarussias, a contributor who has laid the foundation for others to contribute even further. And huge contributions from AWS (Jonah Jones) and IBM (Spencer Krum) in the Falco build process and overall community leadership have made this THE CNCF project to be a part of.

Falco is quickly becoming the de facto runtime security tool for cloud native. Falco is powerful, it’s generic enough to be used for almost any scenario you need and flexible enough to integrate with whatever you need. Falco is being adopted by more and more firms, Shopify, Booz Allen Hamilton, Coveo, Sumo Logic, and many others.

POP”s Plan and Focus

Contribution In order to continue to add contributors, we will:

  • Help explain what it means to contribute to Falco.  If you have a talent for creating Falco rulesets or you want to work on Falco core, I want to help you get there. 
  • Make sure folks are welcome when contributing to Falco.  We accomplish this by being available to assist in getting started, answering questions and linking contributors with subject matter experts in order to better encourage contribution  
  • Show gratitude for those who are key contributors to the project. Sometimes the easiest way to do this is to say “thank you” or highlight where someone’s contribution is benefiting end users and companies adopting Falco for runtime security.
  • Highlight key contributions to the community (i.e Contributors of the month, Falco welcome kits for those making an impact or who have done their first PR) 
  • Make it fun to be part of the Falco project and celebrate how incredible this technology is!  It’s fun to contribute to something that is a great project. I want to build more relationships and foster some amazing technical breakthroughs. 

Adoption –  Work with current adopters and find more end users using Falco

  • Work within the cloud-native community to see where Falco is being used and shepherd their experience so that they also are also advocates for the power of Falco! 
  • Assist current adopters with Falco and ensure they have a sounding board for their integration and use of Falco so that their adoption grows even further! 

Graduation – Help the project grow from Incubated to Graduated CNCF project

  • Work under the guidance of the CNCF in order to ensure Falco is compliant with the requirements to graduate.
  • Ensure target requirements are being met in order to enrich the user experience in a way that makes the project’s graduation a no-brainer

My goal as the Lead of Open Source Community and Ecosystem is to spread even more awareness around the Falco project and the magnificent work the team is doing!  We want YOU the community to join the Falco project, tell us how you are using Falco, contribute in places like the Falco core engine, rulesets, integrations, etc.  We would like to make it easy for you to contribute. We want to celebrate your contributions!  We want you to use and triumph in using the Falco engine, rules, and outputs. Use the subprojects like sidekick, event generator and docs page, let us know what would make your experience even better.  If you are a company or technology partner that is using Falco… LET US KNOW, let’s help you adopt the power of Falco to meet your end goals!

Reach out to me on twitter @danpopnyc or on the Falco slack