CloudNativeSecurityCon has consistently been one of our most popular KubeCon + CloudNativeCon colocated events, and we’ve heard from our community that they want even more content on the topic. So we’ve decided to make CloudNativeSecurityCon North America a two-day standalone event, taking place February 1-2, 2023, in Seattle, Washington.
Cloud native security is vitally important to the success of the open source ecosystem. Recent high-profile attacks have led to an increased focus on security from everyone from open source developers to CIOs. According to our Cloud Native Security Microsurvey, 85% of cloud native community members feel that modernizing security is very important to their organization’s cloud native deployment. At the same time, a recent study found that 76% of CIOs believe their involvement in cybersecurity will increase over the next year, while 51% say their current role is focused entirely on security management.
CloudNativeSecurityCon North America attendees can choose from 72 sessions across all levels of experience. Sessions and lightning talks will be presented by expert practitioners on topics including architecture and policy, secure software development, supply chain security, identity and access, forensics, and more.
- Yes, Application Security Leads to Better Business Value. Learn How from Experts – Larry Carvalho, RobustCloud; Hillary Benson, Gitlab; Kirsten Newcomer, Red Hat; Valentina Alaria, VMware – Cloud native technologies give organizations a much better toolset to gain the agility to meet business challenges. This panel session featuring industry experts will provide real-world examples of companies using application security practices to reduce the risk of non-compliance and deliver innovative solutions.
- GitBOM: Bringing the Receipts for Supply Chain Security – Ed Warnicke, Cisco Systems & Aeva Black, Microsoft – Supply Chain requirements got you down? Getting an endless array of false positives from you ‘SBOM scanners’? Spending more of your time proving you don’t have a ‘false positive’ from your scanners than fixing real vulnerabilities in your code? There has to be a better way. There is. This session will lay out new way to capture the full artifact dependency graph of your software, not as a ‘scan’ after the fact, but as an output of your build tools themselves.
- Self Healing GitOps: Continuous, Secure GitOps Using Argo CD, Helm and OPA – Upkar Lidder, Tenable – Argo CD empowers the community to adopt GitOps for K8s. And while it enables hyper-automation for cluster deployment, how can teams ensure they aren’t slowed down by requirements such as security, privacy, and compliance? This session will discuss how to leverage the power of the Open Policy Agent to automate the delivery of secure, compliant deployments and demonstrate a new approach of self-healing GitOps to the community.
- How to Secure Your Supply Chain at Scale – Hemil Kadakia & Yonghe Zhao, Yahoo – This session will demonstrate the high-level system Yahoo uses to protects against attacks — like unauthorized access, exploiting known vulnerabilities, injecting malicious software — by integrating open source tools such as Grafeas, Sigstore, Screwdriver, Kyverno & Anchore for source code scanning, security misconfiguration detection, vulnerability management, and protecting K8s deployments using dynamic policies.
- Do This, Not That – Lessons from 7 Headline Grabbing Security Breaches – Maya Levine, Sysdig – What leads to a cloud security breach? Misconfigurations, exposed APIs, cryptojacking, and more. Attacker motivations haven’t changed much, but their methods have adapted to new technologies. As a defender, you must adapt too. This session will walk through 7 examples of real cloud breaches, discuss what went wrong, why it was interesting, and what you can do to avoid ending up on such a list.
For the full CloudNativeSecurityCon 2023 program, please visit the schedule.
Register for CloudNativeSecurityCon North America
Register by January 13, 2023 to save up to $200.
Keynotes will be livestreamed from 8:55-10:30 AM PST on both February 1st and 2nd. Complimentary keynote livestream registration will be available in January.