The 2026 CNCF TOC cohort has an unusual pattern: three of the incoming members; Brandt, former TAG Security, lead; Mario, former TAG Operational Resilience lead, and Mauricio Salatino, former TAG Developer Experience co-chair, came straight out of TAG leadership. That’s not a coincidence, and with TAG nominations open right now, it felt like the right moment to share more details about what the path actually looks like from the inside.
Because the work happening in TAGs is what makes the whole ecosystem turn. TAG App Delivery produced the Platforms white paper (https://tag-app-delivery.cncf.io/whitepapers/platforms/), shaped the GitOps principles (https://opengitops.dev/), ran project reviews, and built a sustained community of practitioners who care deeply about the CNCF ecosystem. That’s the kind of output that changes the direction of the entire community.
The TOC operates at a different layer — project lifecycle decisions, policy, foundation-level strategy,but it feeds directly on the work TAGs do. Both roles matter. They’re just different jobs.
This isn’t a promotional story. CNCF governance prohibits TOC members from holding TAG lead positions at the same time, so all three of us stepped down from TAG leadership when we joined the TOC. That rule exists for good reason: TAG leads have deep ties to specific communities, and those ties would create real conflicts when making project lifecycle decisions at the foundation level.
The separation keeps TAG work grounded in practitioners, not politics.
What TAGs actually do that nobody tells you
The technical advisory groups are exactly that – groups that advise. They operate as domain specific focus groups that work on internal and external efforts that improve the landscape broadly.
Typically governed by those serving as group Chairs and Technical Leads, they serve to organize the work being done and/or assigned from the Technical Oversight Committee (TOC) as well as ensuring that the work is being completed and has the expertise and review required. The former organization being a responsibility of the chairs and technical leads driving the work and scrutiny as required – much of which can be invisible to the public at times.
More publicly, we turn evolving trends and new information into practical guidance that extends well beyond the CNCF. These become operating procedures and established best practices that influence how companies and foundations will operate and transform for years to come.
From security to governance
Security tends to be both timeless yet ever changing; what we’ve learned in the past continues to serve us as foundational knowledge for how we approach the future. This is what resonated with me (Brandt) as I was making my way through the landscape.
“Security is important to me, the projects I am interested in, and ultimately the work I do everyday – I should figure out how to stay aligned with new or evolving threats” – (Brandt – probably)
But seriously, the narrative never changes, yet the implications can be vast. Look to the security assessments that projects are now being required to implement – both from self assessment to joint assessments – as a marker for “let’s walk through our known-knowns of security elements we should focus on” and help expose areas of improvement for projects in the process. Each assessment provides a new opportunity for the project and the TAG to improve for the next iteration.
Historically the knowledge created by TAG Security and Compliance white papers has driven global discussion and been cited by institutions and industry.
This work continues; we have initiatives focusing on Supply Chain Insights, IAM Best Practices, MCP Authn/z, Security Controls and more that can have impacts for all projects across the landscape to all end users.
Resilience isn’t just about uptime
When I (Mario) joined TAG Operational Resilience, I thought I knew what resilience meant. Spoiler: I didn’t. It’s not just about keeping things running, it’s about what happens after you ship and reality hits your cluster. Observability that actually tells you something before 3 AM. Reliability patterns that don’t require a hero on call. Day 2 operations that don’t feel like day 200. Cost efficiency, chaos engineering, sustainability, all the stuff nobody wants to think about until it’s the only thing they can think about.
We’re driving five initiatives right now. Project Release Guidelines because release processes shouldn’t be tribal knowledge. Levels of Service Reliability Automation, a white paper I’m genuinely excited about, mapping operational autonomy from reactive firefighting all the way to self-healing systems. Cloud Native Observability Personas, because dumping metrics into a dashboard nobody reads isn’t observability. Cloud Native Business Continuity, building backup, restore, and DR reference architectures for real-world scenarios, not theoretical ones. And Green Reviews, making sure we measure and improve the sustainability footprint of CNCF projects instead of just talking about it.
We also run Sustainability Month each year, a global effort that brings the community together around making cloud native greener, not just faster. I stepped down as Co-Chair when I joined the TOC, that’s the rule, but I’m not going anywhere. This work matters too much. The TAG is actively looking for contributors across all initiatives, and honestly, the best time to get involved is right now.
Developer experience grows the ecosystem
In the TAG Developer Experience we care about helping projects to move forward, to mature and be easy to use. This comes in different shapes and forms, as sometimes maturity means just to understand the current shape of the ecosystem.
There are three ongoing initiatives that I want to highlight:
- Cloud Native and OCI Compliant Inner-Loop Tooling & Packaging for AI Engineers https://github.com/cncf/toc/issues/1740
- Specification for declaring application integration dependencies https://github.com/cncf/toc/issues/1797
- Showcasing Frictionless Secure Coding Success Stories and Pain Points in CNCF Projects https://github.com/cncf/toc/issues/1943
You can check out the full list of initiatives here: https://github.com/cncf/toc/issues?q=state%3Aopen%20label%3Atag%2Fdeveloper-experience%20label%3Akind%2Finitiative
These initiatives are not focused on a single project or driven by a single vendor, these initiatives touch many projects and their intersection points to reduce friction and improve the overall experience of the ecosystem. Joining a TAG is a place to learn from experts in the industry and contribute with your expertise to move these initiatives forward.
I (Mauricio) would recommend anyone who wants to get involved and is using CNCF projects, maintaining a project or is just willing to learn to apply for a position at a TAG. If developer experience is your topic of interest, this group will welcome your opinions and contributions.
I enjoyed working with the other Co-chairs and Tech leads (Mélony, Daniel, Mona, Kevin, Julien, Graziano and Joshua).
Where TAG work directly informs TOC decisions
The three of us have now sat on both sides of the table, and we can tell you: the pipeline is real. When the TOC makes a project lifecycle decision, the due diligence doesn’t start with a vote. It starts with the general technical reviews done by the project reviews subproject, where most TAG leads are actively involved. It starts with the governance reviews that surface whether a project’s leadership, processes, and community health are actually solid, not just declared solid, and the joint security assessments run by TAG Security and Compliance.
The same goes for white papers; the TOC reviews them before publication, but the work happens in the TAGs first, and the TOC actively seeks and values TAG input before anything moves forward. Five TAGs, one TOC. The funnel works because the people closest to the domain are the ones doing the homework.
What we’re leaving behind and where you come in
I’m (Mario) leaving behind a TAG that’s in motion. Five active initiatives, a growing community, and a charter that finally reflects what operational resilience actually means in practice. I’m also leaving behind the chair seat, the recurring meetings, the direct push on priorities. And that’s precisely the point. Stepping down isn’t stepping away, it’s making room. Room for people who are even more passionate about reliability, observability, sustainability, or business continuity to step up and shape the future of an entire ecosystem with their own ideas. If that’s you, the door is wide open.
Personally, (Mauricio) I am leaving behind the weekly details on how the initiatives that the TAG Developer Experience is moving forward, but I know that I will enable the TAG to reach new communities and the TOC position opens the doors to send new folks to contribute to the TAGs.
The transition for me (Brandt) is really only about changing the scope of work. TAG Security and Compliance remains composed of the security experts who brought me into the fold – taught me a great many things – and of whom I now consider friends. I’ll be leaving behind direct initiative work to instead focus on the outputs of that work. I am optimistic that others will see the evolving security landscape and be empowered to get involved and continue to provide a venue where everyone is learning from each other.
So you want to join a TAG?
Start by showing up. Seriously, just join the meetings. Read the Slack channels. Lurk for a bit, then ask a question. You don’t need permission to participate. Pick a domain that actually interests you, not the one that looks best on a LinkedIn bio. If you care about observability, come to TAG Operational Resilience. If security keeps you up at night, TAG Security and Compliance is your place. Passion shows, and people notice.
If you need to convince your employer, consider joining the domain that aligns closest to your daily work. You’ll find yourself quickly at the edge of evolving trends and new ideas that quickly compound with high return on time invested.
Writing and communication skills matter more than most people think. Half the work in a TAG is drafting white papers, writing reviews, and making complex topics accessible. If you can explain things clearly, you’re already ahead. Join an initiative that’s already running rather than trying to start something from scratch on day one. You’ll learn faster, build credibility, and find out where the real gaps are.
Conflict is part of the job. You’re going to disagree with smart people who also care deeply. That’s not a bug, it’s the point. The 2-year term is a marathon, not a sprint. Pace yourself, because the work doesn’t stop after the first month of excitement. And whatever you do, don’t wait for an invitation. Self-nominate. Raise your hand. Nobody is coming to tap you on the shoulder. The community grows because people decide to show up and do the work.
The TAG elections are open
TAGs are where CNCF governance gets its substance. The TOC sets direction, but TAGs do the homework, the reviews, the white papers, the hard conversations that keep the ecosystem honest. We need more people doing that homework.
2026 TAG Chair nominations are open now through May 26. Tech Lead nominations open June 8. You can find all open nominations at github.com/cncf/toc/issues?q=is:issue+state:open+Chair+Nomination