CloudNativeSecurityCon North America 2024 has ended

Create Your Own Event

CloudNativeSecurityCon North America 2024

June 26-27, 2024 | Seattle, WA
View More Details | Registration Information

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for CloudNativeSecurityCon North America 2024 to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Pacific Daylight Time (PDT), UTC -7. To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

The schedule is subject to change.

8:00am PDT

Registration + Badge Pick-Up Ballroom Lobby

9:00am PDT

OTel Community Day (Additional Registration Required) TBA Secure AI Summit (Powered by Cloud Native) (Additional Registration Required) TBA

7:30am PDT

Registration + Badge Pick-Up Ballroom Lobby

9:00am PDT

Keynote: Welcome + Opening Remarks - Chris Aniszczyk, CTO, Cloud Native Computing Foundation Ballroom 2-3

9:15am PDT

Keynote: Demystifying Secure Application Communication with Zero Trust: Identity, Integrity, Confidentiality - Lin Sun, Head of Open Source, solo.io Ballroom 2-3

9:30am PDT

Sponsored Keynote: What Can You Do in 5 Minutes? - Alexander Lawrence, Field CISO, Sysdig Ballroom 2-3

9:35am PDT

Keynote: Security in the Open - How Industry and Community Benefit When Security Thrives in the OSS Landscape - Cailyn Edwards, Senior Security Engineer, Okta & Jonathan Whitaker, Staff Software Engineer, Okta Ballroom 2-3

9:50am PDT

Keynote: K8s Security Safari: Hunting Threats in the Wild Wild Cloud - Stav Ochakovski, DevOps Tech Lead, Mitiga & Ariel Szarf, Senior Cloud Security Researcher, Mitiga Ballroom 2-3

10:05am PDT

Keynote: TAG Security, You're It! - Moderated by Eddie Knight, Sonatype Ballroom 2-3

10:20am PDT

Keynote: Closing Remarks Ballroom 2-3

10:30am PDT

Coffee Break ☕ Ballroom 1 Solutions Showcase Ballroom 1

11:00am PDT

Shadow Vulnerabilities in AI/ML Data Stacks - What You Don’t Know CAN Hurt You - Avi Lumelsky & Nitzan Mousseri, Oligo Security Ballroom 2-3 SaaC – Security as a Culture, the Distributed Advocacy - Deep Patel, Cisco 443 Accelerating AI Securely with GVisor - Lucas Manning, Google 445 Leveraging the Linux Kernel for Building a Zero-Trust Environment Without a Service Mesh - Marton Sereg & Zsolt Varga, Cisco 447 Tutorial: Sailing the Security Seas with Tetragon - Duffie Cooley, Isovalent 435

11:05am PDT

⚡ Lightning Talk: Security Down to the Kernel - Justin Garrison, Sidero Labs 433

11:10am PDT

⚡ Lightning Talk: Speak Egress and Exit: A Look at Securing Traffic Out of the Mesh with Istio - Nina Polshakova & Ariana Weinstock, Solo.io 433

11:15am PDT

⚡ Lightning Talk: Securing Your Systems with Service Mesh - Tyler Schade, Solo.io 433

11:20am PDT

⚡ Lightning Talk: Don’t Make Me Impersonate My Identity - Cynthia Thomas, Google 433

11:50am PDT

Leveraging Cryptographic Lineage for Context and ConnectedTrust - Yogi Porla, Deep Lineage Ballroom 2-3 CSI Forensics: Unraveling Kubernetes Crime Scenes - Alberto Pellitteri & Stefano Chierici, Sysdig 433 Security Champions LeaderBoard - Building and Gamifying the Security Culture at Your Organisation - Aseem Shrey, SecureMyOrg 443 Navigating the Quantum Readiness Journey: Securing Kubernetes with Quantum-Resistant Cryptography - Tomas Gustavsson, Keyfactor 447 Sigstore: Past, Present and Future Directions - Luke Hinds, Stacklok & Bob Callaway, Google 445 An Introduction to Capture The Flag - Iain Smart, ControlPlane 420

12:25pm PDT

Lunch 🍲 Ballroom 1 EmpowerUs Ballroom 1

1:55pm PDT

One Project, Different Angles: How to Secure and Observe with Cilium - Christine Kim, Isovalent 447 Brave New World: Welcoming New AI Identity Challenges - Gabriel L. Manor, Permit.io Ballroom 2-3 Building Bridges in Open Source: Connecting Academic Talent with Industry Innovation - Ben Smith-Foley & Sam Begin, Rensselaer Center for Open Source 443 Avengers Assemble: Threat Modeling Kubernetes Clusters at a Massive Scale - Sai Charan Teja Gopaluni & Jamal Arif, Amazon Web Services 445 Malicious Compliance Automated: Building Secure Containers and Obfuscating What's Inside - Kyle Quest, AutonomousPlane & Duffie Cooley, Isovalent 433 Tutorial: Demystifying and Enabling Workload Identity Across the Cloud Native Ecosystem - Andrew Block, Anjali Telang, Trilok Geer, Red Hat; Mariusz Sabath & Maia Iyer, IBM 435

2:45pm PDT

Threat Modelling: How to Improve Your Kubernetes Security Posture with Threat Model? - Maxime Coquerel, Royal Bank of Canada (RBC) 447 Threat Modeling for AI Apps with Attacks as Code - Priyanka Tembey, Operant & Glenn McDonald, Operant AI Ballroom 2-3 CVE Context Matters, but Do All Vulnerabilities Really Matter? - Shubha Badve & Ross Tannenbaum, Red Hat 433 Championing Security: Scaling Security at Every Level - Dwayne McDaniel, GitGuardian 443 Below the Radar: Identifying Hidden Threats Within the Development Ecosystem - Yakir Kadkoda, Aqua Security 445 An Introduction to Capture The Flag - Iain Smart, ControlPlane 420

3:20pm PDT

Coffee Break ☕ Ballroom 1

3:50pm PDT

Everyone’s Starting to Look SPIFFE: MTLS and Identity with Linkerd and Teleport - Dave Sudia, Teleport Ballroom 2-3 API Security: Code-to-Cloud Context for Complete Protection - Idan Plotnik, Apiiro & Patrick Sullivan, Akamai 433 Metrics That Matter: How to Choose Cloud Security KPIs for Your Business - Emma Yuan Fang, EPAM Systems 443 Evasive Maneuvers: Strategies to Overcome Runtime Detection Tools - Amit Schendel, ARMO 445 Tutorial: Automating Configuration and Management of your GitHub Repositories with Minder - Dania Valladares & Evan Anderson, Stacklok 435

4:40pm PDT

Learn to Navigate the Perils and Pitfalls of Multi-Tenant Identity Infrastructure - Fabienne Bühler & Livio Spring, ZITADEL Ballroom 2-3 Detection Engineering in Kubernetes Environments: Wrangling Security Data Out of Your Clusters! - Dakota Riley, Aquia 433 Navigating the Intersection: AI’s Role in Shaping the Secure Open Source Software Ecosystem - Harry Toor, Open Source Security Foundation (OpenSSF) 443

5:15pm PDT

Sponsor Booth Crawl Ballroom 1

8:00am PDT

Registration + Badge Pick-Up Ballroom Lobby

9:00am PDT

Keynote: Opening Remarks Ballroom 2-3

9:05am PDT

Keynote: Securing Kubernetes, the Upstream Way - Rey Lejano, Solutions Architect, Red Hat Ballroom 2-3

9:20am PDT

Keynote: Security Education Through the Art of Storytelling - Ann Wallace, Director of Product Security Education, Okta Ballroom 2-3

9:35am PDT

Keynote: Sugar Ray.io on K8s: Shut the Door, Baby! - Greg Castle, GKE Security Tech Lead, Google & Cynthia Thomas, Product Manager, Google Ballroom 2-3

9:50am PDT

Keynote: A Vision for a Secure Software Supply Chain - Marina Moore, PhD Candidate, New York University Ballroom 2-3

10:05am PDT

Keynote: We’re VEXing the Cloud Native Landscape. Bring Your Code! - Adolfo García Veytia, Staff Software Engineer, Stacklok Ballroom 2-3

10:20am PDT

Keynote: Closing Remarks Ballroom 2-3

10:30am PDT

Coffee Break ☕ Ballroom 1 Solutions Showcase Ballroom 1

11:00am PDT

Container Images & Security 101: 5 Need to Know Facts - Phil Estes, AWS Ballroom 2-3 Scan, Patch, VEX - Using Open Source Tools to Manage Vulnerabilities in Containers - Toddy Mladenov & Sertaç Özercan, Microsoft; Itay Shakury, Aqua Security 433 Shift Down Security! How Platform Teams Can Help Break the Logjam - Jim Bugwadia, Nirmata & Poonam Lamba, Google 443 Amplifying Impact: Documentation and Supply Chain Security - Michelle Irvine, Google Cloud 447 Embracing the Future: The Effortless Mutual TLS and Rich Layer 7 Authz Policy Without Sidecars - Lin Sun, solo.io 445 Tutorial: Hacking Istio: The Good, the Bad, and the Misconfigured - Nina Polshakova & Peter Jausovec, Solo.io 435 🚩 Capture the Flag Experience 420

11:50am PDT

Demystify Modern Signing: Keys, Certs, and Envelopes - John Kjell, TestifySec Ballroom 2-3 Network ACLs Made Easy: Establishing Zero Trust Network Policies in a Few Clicks - Juno Im & Yonghwi Jin, Theori 443 Securing CI/CD Runners Through eBPF Agent - Mert Coskuner, Yahoo & Cenk Kalpakoglu, Kondukto 433 How to Generate VEX Automatically for Your Project - Shlomo Heigh, CyberArk & Ben Hirschberg, ARMO 447 The Runtime Rodeo; Where Open Source Image Behavior Is Tamed - Jimmy Mesta, RAD Security 445

12:25pm PDT

Lunch 🍲 Ballroom 1

1:55pm PDT

Level up Your Security Career with the TAG Security Community - Andrew Martin, ControlPlane Ballroom 2-3 Implementing a Multi-Tenant, Relationship-Based Authorization Model with OpenFGA - Evan Anderson, Stacklok & María Inés Parnisari, Okta 435 A Needle in a Haystack: How to Find a Threat Hidden in Over 6 Billion Logs Per Day - Brian Davis, Red Canary 443 Proactive Kubernetes Security: Anomaly Detection and Runtime Alerting in Kubernetes Workloads - Amit Schendel, ARMO & Remi Minnebo, Alter Domus 433 A Mouthful of Mayhem: Taste Test and Gut Response to SLSA, GUAC, and Supply Chain’s Plat Du Jour - Shane Lawrence, Shopify 447 Where Does Your Software (Really) Come from? - Trevor Rosen, GitHub 445 🚩 Capture the Flag Experience 420

2:45pm PDT

Guardians of the Dataverse: Securing the AI Supply and Data Chain - Frederick Kautz, TestifySec Inc. Ballroom 2-3 How Does a Workload Authenticate an API Request?: Implementing Transaction Tokens with Keycloak - Yoshiyuki Tabata, Hitachi, Ltd. 435 Kubernetes Node Firewalling from the Inside Out - Jef Spaleta, Isovalent & Justin Garrison, Sidero Labs 443 Kubernetes Deep Dive: Elevating ML Workload Monitoring to Art - Ziwen Ning & Geeta Gharpure, Amazon Web Services 433 End-to-End Encryption for Container Checkpointing in Kubernetes - Radostin Stoyanov, University of Oxford 447 User Namespaces in Kubernetes: Security and Flexibility - Pick Both - David Leadbeater, G-Research 445

3:20pm PDT

Coffee Break ☕ Ballroom 1

3:50pm PDT

From Risks to Resilience: Leveraging CNCF Projects Against Kubernetes' OWASP Top 10 - Alireza Rahmani & Hilliary Lipsig, Red Hat Ballroom 2-3 Implementing AI RMF with Policy-as-Code Automation - Robert Ficcaglia, SunStone Secure; Anca Sailer & Vikas Agarwal, IBM 447 Bridging Mesh Enclaves: Securing and Maintaining Mesh Heterogeneity - Lukonde Mwila, Amazon Web Services (AWS) 443 IAM Confused: Decoding 8 Real World Cloud Identity Breaches - Maya Levine, Sysdig 435 Is the Internet on Fire? Strategies for Mitigating Open Source Software Vulnerabilities - Andrew Martin, ControlPlane & Michael Lieberman, Kusari 433 Teach Your SBOM New Tricks with Bomshell - Adolfo García Veytia, Stacklok 445

4:40pm PDT

All I Know About Cybersecurity I Learned from Fungus - Alex Lawrence, Sysdig Ballroom 2-3 Cloud Native GRC - Brandt Keller, Defense Unicorns & Jon Zeolla, Zenable 447 The Story of Crush: The Microservice That Navigated the Cloud Native Ocean with a SPIFFE Identity - Mattias Gees, Venafi & Tom Meadows, Testifysec 435 Drawing Lines in the Sand, or Running Unprivileged eBPF in Kubernetes - Nikola Grcevski, Grafana Labs 433