►
Description
Welcome and Introductions - Emily Fox, National Security Agency
A
Good
morning,
everyone
and
welcome
to
the
cloud
native
computing
foundation's
cloud
native
security
day,
I'm
emily
fox
co-chair
of
sig
security
and
we'll
be
kicking
off
this
event.
Thank
you
for
joining
me
in
our
awesome
collection
of
presenters.
We
appreciate
everyone's
flexibility
this
year
that
enabled
us
to
adjust
the
way
in
which
this
event
is
held.
A
The
point
of
today
is
to
bring
together
several
diverse
communities,
security,
development
and
operations.
This
event
is
designed
to
enable
collaboration
and
sharing
that
pushes
the
security
of
all
cloud
native
applications
and
platforms
forward.
This
day
is
for
you,
our
community
and
the
cloud
native
tools
and
capabilities
you
work
on
and
use
that
allow
applications
and
products
to
be
available
to
the
end
user
in
a
well
understood,
secure
fashion
throughout
today.
We
want
to
encourage
you
to
share
in
the
slack
channel
or
through
social
media
and
help
move
the
security
of
cloud
native
forward.
A
The
cncf
special
interest
group
was
formed
from
safe,
a
small
group
of
like-minded
security,
focused
individuals,
intent
on
reducing
the
gap
between
technology
adoption
and
when
security
is
applied.
They
also
sought
a
more
common
knowledge
of
security,
often
seen
as
an
alien
language
to
the
development
and
operations
communities.
A
Sig
security
is
here
to
assist
in
reducing
data
exposure
of
cloud-native
applications,
as
well
as
unauthorized
access
to
and
by
those
applications
we
focus
on
protecting
cloud-native
systems.
We
enable
the
community
to
engage
in
a
common
language
of
knowledge
and
tooling
so
developers
and
teams
comprehend
the
implications
of
security
and
risk
within
their
code,
their
applications,
their
deployments
and
their
architectures.
A
Our
community
is
growing
strong,
with
over
68
members
contributing
weekly
to
our
various
presentations
projects
and
documentation.
Not
all
of
our
members
are
security
experts,
but
each
contribute
to
the
sig
through
their
background
skills
and
experiences
that
help
make
the
sig
a
robust,
diverse
and
welcoming
community.
A
It's
not
just
all
discussions,
however.
Sig
security
does
many
things.
During
our
weekly
meetings.
We
have
presentations
on
numerous
topics:
everything
from
upcoming
cnc
of
sandbox
projects
to
requests
for
help
by
the
community
to
move
security
forward.
In
october,
we
had
a
presentation
from
the
confidential
computing
consortium
and
the
cloud
security
alliance
on
serverless
security.
A
As
you
can
see,
we
have
involvement
from
many
different
areas
of
open
source.
We
also
perform
security
assessments
that
assist
the
community
and
its
projects,
with
an
initial
understanding
of
the
state
of
their
security,
help
inform
the
cncf
technical
oversight
committee
of
the
security
aspects
of
cloud
native
projects
and
provide
cloud
native
projects
with
an
initial
starting
point
for
the
security
documentation.
A
As
part
of
the
in
toto
assessment,
we
now
host
a
community-driven
catalog
of
supply
chain
compromises
which
provide
real-world
examples
that
help
raise
awareness
and
provide
detailed
information
that
lets
us
understand,
attack
factors
and
consider
how
to
mitigate
potential
risk
in
the
supply
chain.
We
are
currently
wrapping
up
a
major
effort
for
the
community
called
the
cloud
native
security
white
paper,
which
is
written
to
give
the
audience
a
guide
to
their
first
cloud
native
security
architecture.
A
Today's
event
was
started
last
year
as
a
community
driven
project
and
has
grown
to
be
an
event
at
kubecon
and
cloud
native
con,
north
america
and
europe,
as
well
as
for
the
first
time
this
year,
featuring
an
all
virtual
ctf
and
wrap
up
check.
The
events
cloud
native
security
day,
ctf
slack
channel
for
more
information-
you
see
the
passion
of
the
community
is
what
moves
us
forward
and
our
community
driven
projects
are
the
emphasis
of
this.
A
Traditionally
we
hold
in-person
events
co-located
with
kubecon
and
cloudnativecon.
However,
given
everything
going
on,
we
want
to
ensure
our
community
is
safe.
Looking
forward,
we
hope
to
continue
our
in-person
meetups
as
valuable
avenues
to
team
network
and
continue
moving
security
forward
for
cloud
native
throughout
the
day.
Please
use
the
hashtag
cnsecurityday
on
social
media
and
don't
forget
to
provide
feedback
to
our
speakers
and
feedback
about
the
event.
A
Today
is
the
day
of
first
for
both
the
speakers,
as
well
as
the
security
day
program
committee,
and
we
want
to
continue
to
improve
this
event
and
events
like
it.
So
please
provide
feedback
if
you
have
a
question
during
the
event
place
it
in
the
q,
a
area
of
the
platform,
you
may
also
reach
sig
security
anytime
in
the
cncf
slack
hashtag
sig
dash
security
channel.
A
I
hope
that
you
are
interested
in
learning
more
about
what
we
do
so
be
sure
to
join
us
in
our
slack
channel.
Join
our
weekly
meetings
and
sign
up
for
our
email
list
becoming
a
member
is
very
easy
and
there
are
so
many
ways
to
get
involved
by
joining
our
meetings,
reviewing
open
issues
and
even
prs,
you
are
helping
meet
our
mission
as
a
valued
member.
A
Thank
you
again
for
joining
us
today.
It
could
not
be
possible
without
proposals
submitted
by
you,
the
community.
We
had
a
lot
of
great
submissions
this
year
and
while
we
couldn't
accept
everyone's
proposal.
For
this
event,
we
hope
to
see
your
proposals
next
year,
as
we
continue
the
security
day.
Events
today,
we
are
excited
to
have
an
excellent
group
of
speakers
lined
up
for
you.
So
let's
get
started.