Tag-security: [Project] 2020 EU Cloud Native Security Day VIRTUAL (aka SIG-Security day) at Kubecon

Created on 5 Dec 2019  Â·  19Comments  Â·  Source: cncf/tag-security

Description: SIG-Security Day at the upcoming EU Kubecon/CloudNativeCon. The goal of the day is to bring together the broader Cloud Native security community in a community oriented space to discuss and share current challenges (and solutions) in Cloud Native security.

Social Media: #cnsecurityday
CNCF Website Security Day

Discuss:
Practical application of the security tools and features in the Cloud Native ecosystem.
Role of red teams and blue teams in Cloud Native architectures.
Practical security policies and procedures in Cloud Native.
Common attack patterns in Cloud Native.
Latest vulnerabilities in Cloud Native platforms.
Impact: there's a lot of vendor focused events on Monday, which risks losing focus on open source community, this creates single place where people involved in cloud native security community can gather together in vender-neutral place

SIG Chair: @pragashj

Team Leads:

  • @mfdii
  • @TheFoxAtWork

CFP Reviewers:

  • @mfdii
  • @TheFoxAtWork
  • @justincormack
  • @anvega
  • @markyjackson-taulia
  • @sublimino
  • @raravena80
  • @mhausenblas

Day Of Staff:

  • @mfdii
  • @TheFoxAtWork
  • @anvega
  • @markyjackson-taulia
  • @sublimino
  • @raravena80
    slack channel: #sig-security-events

Must incorporate feedback from Retro of 2019 NA KubeCon+CloudNativeCon SIG-Security Day
For more details see: Public Trello board for planning of SIG Security Day - updated

TO DO

  • [x] Website: generate some content for the Event Website that covers the items in the trello ticket. We'll use the sig-security-events repo as a collection of SIG events moving forward
  • [x] CFP prep
  • [X] set up trello
  • [x] Security Day event schedule/planning
  • [x] Retrospective: doc

Proposed Format
Due to space limitiations we will not be able to run this event with open spaces.. Given the logistical challenges the day would be single track.

Time | Content
-- | --
9:00 - 9:15 | Opening remarks
9:15 - 12:15 | Presentations
12:30 - 1:30 | Lunch
1:15 - 4:45 | Presentations
3:45 - 4:00 | Wrap up comments
4:00 - 5:00 | Happy hour

The CNCF has offered to provide financial support for this event and then recover the costs through selling sponsorships. However, the presence or requirement for sponsors shouldn't imped the community focused nature of the event (No badge scanning, No raffels, No gaudy signage, No expectation of a speaking slot, etc).

project

Most helpful comment

Thank you so much to everyone for volunteering to help out. We will update the issue with those who volunteered for each type of role.

Re the workshop: This is definitely something on our radar. It was brought up during the retro and several attendees mentioned to it as well. Our challenge is understanding the amount of space the CNCF can make available to us, and then how we can use that space. We got very lucky in San Diego that we were able to have all of the space in the Marriott. That being said, we will try to make something work.

All 19 comments

re: Role of red teams and blue teams in Cloud Native architectures

My idea/suggestion was to run an actual hands on session with CNCF security tools in a lab/sandbox k8s environment to develop ideas, review playbooks, etc. etc.

Happy to review submissions. Not yet sure if able to help on day.

Count me in to help review submissions. Also happy to volunteer with any task on the day of.

I would like to help with this. Is it still open?

re: Role of red teams and blue teams in Cloud Native architectures

My idea/suggestion was to run an actual hands on session with CNCF security tools in a lab/sandbox k8s environment to develop ideas, review playbooks, etc. etc.

https://github.com/kubernetes-simulator/simulator is intended to be used for that sort of thing. 20+ existing labs, custom ones can be built for this event. Some background in slides from when it was announced.

Happy to volunteer on the day and/or manage infra if required.

/cc @jonmuk @rowan-baker

Wow wow wow! It would be great to do this a team vs team (or teams vs
teams) session with participation from the various CNCF projects.

On Wed, Dec 18, 2019 at 12:01 PM Andrew Martin notifications@github.com
wrote:

re: Role of red teams and blue teams in Cloud Native architectures

My idea/suggestion was to run an actual hands on session with CNCF
security tools in a lab/sandbox k8s environment to develop ideas, review
playbooks, etc. etc.

https://github.com/kubernetes-simulator/simulator is intended to be used
for that sort of thing. 20+ existing labs, custom ones can be built for
this event. Some background in slides from when it was announced
https://drive.google.com/file/d/1cV5BJBZPZMjsvJExY-nlPDsdgwSsZXGI/view.

Happy to volunteer on the day and/or manage infra if required.

/cc @jonmuk https://github.com/jonmuk @rowan-baker
https://github.com/rowan-baker

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/cncf/sig-security/issues/305?email_source=notifications&email_token=AAGENIQQIFVN3NQEVWPXQFLQZJ6QTA5CNFSM4JWAMCUKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEHHKCHQ#issuecomment-567189790,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AAGENIRUZRBJUQYZBBU45LLQZJ6QTANCNFSM4JWAMCUA
.

Happy to review here too and/or help out.

Thank you so much to everyone for volunteering to help out. We will update the issue with those who volunteered for each type of role.

Re the workshop: This is definitely something on our radar. It was brought up during the retro and several attendees mentioned to it as well. Our challenge is understanding the amount of space the CNCF can make available to us, and then how we can use that space. We got very lucky in San Diego that we were able to have all of the space in the Marriott. That being said, we will try to make something work.

Interested in review submissions, unsure if I can help out during the day.

@sublimino can't seem to find you in slack, i need you to confirm ur participation (CFP reviewer and Day of help), join the security-events channel in slack, and provide email for CFP review (see channel for details)

@TheFoxAtWork not having done this before, where does one submit the CFP?

@rficcaglia there will be a link off the Security Day website that directs you to the CFP platform the LF uses. We still need to get all this up but hopefully we can by the next sig-security meeting

Hi there - Has there been discussion or interest in offering a portion of the Cloud Native Security Day agenda online? My thought is that if you had maybe 2 hours of content offered that could be a good way to keep the audience. And then, that would give you 2 hours back for the F2F agenda in Amsterdam to conduct open spaces talks (if CNCF can now acquire more space) and expand the sponsor talks to 15-20 mins. We would be happy to offer our ON24 webinar platform to conduct the online offer. And would help moderate open spaces topics. Let me know. Thanks....Jennifer Pospishek, Sysdig

Hi there - Has there been discussion or interest in offering a portion of the Cloud Native Security Day agenda online? My thought is that if you had maybe 2 hours of content offered that could be a good way to keep the audience. And then, that would give you 2 hours back for the F2F agenda in Amsterdam to conduct open spaces talks (if CNCF can now acquire more space) and expand the sponsor talks to 15-20 mins. We would be happy to offer our ON24 webinar platform to conduct the online offer. And would help moderate open spaces topics. Let me know. Thanks....Jennifer Pospishek, Sysdig

We're looking at the possibility of doing a virtual security day but those discussions are _very_ early.

Whatever happens with this as far as remote, a freeform idea may be as simple as sig-security 'office hours'. Come talk to us, ask questions, get IANAL advice or pointers, etc. Maybe some brief talking points up front and the possibility of breakouts for topics that emerge as strongly shared issues reveal themselves.

@chasemp the schedule shouldn't change to much but this event is now virtual. I'll be on hand to answer and questions on the platform. I'll be pushing the slack channel as well.

Retrospective is a thread in #sig-security-events channel of CNCF Slack. Team members please comment in the thread!

Closing - retrospective thread is still open

Was this page helpful?
0 / 5 - 0 ratings

Related issues

dshaw picture dshaw  Â·  7Comments

ultrasaurus picture ultrasaurus  Â·  5Comments

PushkarJ picture PushkarJ  Â·  10Comments

TheFoxAtWork picture TheFoxAtWork  Â·  5Comments

lumjjb picture lumjjb  Â·  9Comments