2019 NA Cloud Native Security Day (aka SIG-Security day) at Kubecon #209
Comments
+1 Also, we need a PC. I volunteer to help reviewing and putting together a program . |
|
Yes, we do need a program committee (PC) and probably a few other roles. I'm happy to handle the event logistics regarding securing space, sponsors (if needed), food and beverage, etc. |
|
Awesome. As mentioned above, I can contribute to the PC or, if no one else wants to, even chair it. 12+ years in academia have prepared me for everything, LOL |
|
+1 on this effort @mfdii. I'm happy to help with this because I think you're thinking a similar model to devopsdays and I help run devopsdays austin. Probably need to figure out all our roles- get a papercall or something in place for a CFP, get a 👍 on agenda as you've posted, logistics, etc. |
ultrasaurus
added
the
proposal
|
This is an awesome idea. I would love to help out here as well. |
|
the problem is that we already had two cloud native security related co-loacated events for KubeCon EU, if we add another one people will be confused |
|
@hannibalhuang Yes, there was a Twistlock workshop and a "Kubesec Enterprise Summit". Both a vendor driven events, paid for and supported by the vendors. They are not community focused events, open to everyone. We are trying to create an alternative to these vendor events that is more in line with the charter of the CNCF and sig-security (promoting community and open source). |
|
@mfdii I tagged you in slack with a few items to add to the agenda, where are we posting the draft agenda? |
But the content are mostly open source focused, it is just sponsored by vendors which the proposal will also count on. It is not a bad thing that there are companies sponsoring these events. Therefore content wise, i'm still a bit struggling what the proposal offers would differ from existing ones. It would be nice to combine event tho, say we just have one cloud native security-policy day, with companies like twistlock, aqua security or others sponsoring and help with logistics. Sponsors could have some lightening talks in the morning, and we have unconference type of work session in the afternoon CFP I would suggest we utilize github issue, it will be more transparent if people just submit a issue and got reviewed in the open, instead of a committee. Final decision could be decided on the sig conf call with consensus. |
|
@mfdii For the agenda perhaps doing 4 break outs with fewer key notes in the morning? An offense/defense panel/game - simple cloud native web app for a online store. Offense decides the attack, defense counters, discussion ensues. |
|
Current rough framework for security day (please comment) 1hr welcome reception/networking (table tents covering security concerns so similar minds can meld) Welcome 10 mins
Lunch break Breakouts: 2-3 tracks?
3-4 sessions per breakout? Closing keynote/ lightning talks? |
|
thanks for writing this up @TheFoxAtWork ! For afternoon breakouts, I like the idea of doing full-on open space -- we could suggest these themes, but also allow anyone to propose session that they want to lead. Love the idea of evening lightning talks. Maybe 1 keynote + panel in the morning? (personally prefer more time for small group stuff) |
|
Please let me know when the CFP site its ready some of the guys that are working on stacks are interested on submit their contribution. |
mfdii
changed the title
|
@TheFoxAtWork @ultrasaurus updated the issue to follow the proposal format. Also I added in a sample program format. I would like to do tracks but I don't think we will have the space. If we do open spaces, I'd recommend we have a strong closing presentation after the keynotes to keep people around. It's been my experience that attendee attrition can be high when doing open spaces. |
|
@mfdii love the new format. I think we should go with this. I definitely love the open spaces - providing topic pre-placement can help get people thinking about other topics to propose/sign up for. having one or two can drive a "track" mentality and cover both bases. No matter what - a strong closing presentation (or two) should definitely happen. Also a moderator for the largest open space topics? I worry about 40 people signing up for the same topic and one person crashing the whole thing - or worse a sales vendor capitalizing on an unsuspecting group b/c they had a click bait title |
|
FYI -- here's the notes I took in the meeting where we discussed some potential edits to the description to address what we're doing here. Below is unfinished. I remember people wanting to clarify expectations of what outcomes were expected (e.g. is it just community-building, knowledge-sharing for the people who show up? or is there an additional goal that there would be some output which would move the larger mission forward in some way) Description: SIG-Security Day at the upcoming Kubecon/CloudNativeCon. The goal of the day is to bring together the broader Cloud Native security community in a community oriented space to.... discuss:
Impact: there's a lot of vendor focused events on Monday, which risks losing focus on open source community, this creates single place where people involved in cloud native security community can gather together in vender-neutral place Scope: TO DO
Proposed FormatI'd propose that the day be a mix of speakers (invited or selected from CFP), and open spaces. Given the logistical challenges and because this is the first time this day is being offered, the day would be single track. Depending on the cost the CNCF is required to pass on to the sig-security group for event space, sponsors may be required. However, the presence or requirement for sponsors shouldn't imped the community focused nature of the event (No badge scanning, No raffels, No gaudy signage, No expectation of a speaking slot, etc). This is similar to what the Cloud Native storage community did at Kubecon EU 2019. KubeCon 2019 - NA in San Diego, Tues, Nov 19, 2019 to Thurs, Nov 21, 2019 |
|
@ultrasaurus I took what you sent me and edited the original issue to match the proposal format. What do you feel is still missing? The take-aways? |
ultrasaurus
added
project
ultrasaurus
changed the title
|
@mfdii oops -- didn't see that you did update the format. Thank you! the remaining thing is really this point... "I remember people wanting to clarify expectations of what outcomes were expected (e.g. is it just community-building, knowledge-sharing for the people who show up? or is there an additional goal that there would be some output which would move the larger mission forward in some way" |
|
Notes from 03 JULY 2019 Security Day event planning/meeting: tl;dr - So what we're planning: Next week we'll learn more about unconference. We'll be sourcing for presenters/panelists. JJ prefers one or the other. Formal or Informal. Sarah Allen (@ultrasaurus ), co-chair of SIG-Security: the "glue" handing off the torch to one of the other co-chairs (JJ) Jennifer runs events marketing for Sysdig, wants activities around KubeCon that are good for the community. Not about Sysdig, but about the community. Runs all Sysdig tradeshows and hosted events. Happy to support! Amye CNCF program manager Emily Ruf managing registration, A/V, sponsorships, etc. Emily Fox, project co-lead JJ, started SAFE turned into SIG-Security very excited for a neutral way to talk about cloud security, getting everyone talking about cloud native security. Happy to help out in any formal capacity. CNCF doesnt have much of a structure for this so Amye jumped on it as a SIG thing, CNCF managing finances etc.
What JJ's hopes and dreams are: open collaboration and use cases about cloud native security accomplishments and roadblocks. Multi-objective and multi-constrained problem space spanning many areas. Pretty much everything falls into security, from identity management, to storage solutions. Get people connected that are passionate about this. Source vendor neutral folks. Question about the open space. many of them have multiple time slots. concern about people getting a chance to do many things. trying to ensure content isnt random, all presenters or discussions are from there. Consideration for lunch hack discussions in addition to the open spaces. Open to considering more informal presentations. people have experience with problems, talk about them to share that information with everyone. we want to ensure there isnt any pressure for someone to talk. Share the CFP process - formal/curated talks and informal talks and lighting talks are all on the table. Is there a framework or recommendation for performing reviews? 5-6 people reviewing is plenty, usually about 1-2 calls to layout the agenda. type of session they want to apply for. JJ: less worries about filling the time slot, worst we can do is be halfway there. How rigid do we want this to be? Sourcing non-vendor stories. War story sharing, epic, well done. the experience of security in the cloud. Formal morning means setting the tone for the day "birds of a feather" area (open space). Promotion of the event for what they will get out of the event with primary topics. To meet expectation for August, for consideration in Agenda, outline of what they will learn, what they will get for the day, etc. Rough schedule registration and grading, etc. Sarah is going to have time next week set up for explaination of IIW/unconference. How do we communicate this out to everyone? get people a feel for the kind of people that would be there. Having people well known that are involved somehow will get people to show up more. |
|
more real world case studies is my hope. let me know if you are willing to discuss yours and I'll volunteer to organize a round table type prez if there is interest. maybe followed by a "ask the operator" session where those who are looking for answers can ask specific questions of the "panel"? |
|
+1
El sáb., 13 de julio de 2019 8:00 a. m., ficcaglia <[email protected]>
escribió:
… more real world case studies is my hope. let me know if you are willing to
discuss yours and I'll volunteer to organize a round table type prez if
there is interest. maybe followed by a "ask the operator" session where
those who are looking for answers can ask specific questions of the "panel"?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#209>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ADZIQHSYBCIFBIFJAONJCM3P7HGYTANCNFSM4HZLEJDA>
.
|
|
Just started joining the SIG and think this sounds like a great idea. Happy to help in any way. |
|
I havent seen any posts about a preference or decision on whether we do a unconference style or a more formal layout of the day. I'll bring this up on the call today, given the limitations of the space available to us i am leaning towards a CFP and next year we can spend more time exploring the unconference style. |
|
Room can be set up as classroom, rounds or theater. "We have a room on hold that can accommodate 200 in classroom." If the group wanted unconference style, we could limit to 100 people and set up with round tables for discussions. |
ultrasaurus
changed the title
pragashj
changed the title
pragashj
changed the title
|
Notes July 31st meeting:
|
|
SIG-Security should use whatever tools it wants, but could I please give a quick pitch to create a second GitHub project board https://github.com/cncf/sig-security/projects/1 instead of Trello. It works really well and is very convenient to have all of the data in one place. |
|
Update:
|
|
Update: Working with Emily Ruf on an event website so that it aligns with the look and feel of the current co-located events; we'll use the sig-security-events repo as a collection of SIG events moving forward |
|
thanks @amye and @TheFoxAtWork -- updated description at top so folks can easily reference trello board and see progress! |
|
Schedule is live. |
Description: SIG-Security Day at the upcoming Kubecon/CloudNativeCon. The goal of the day is to bring together the broader Cloud Native security community in a community oriented space to discuss and share current challenges (and solutions) in Cloud Native security.
Discuss:
Impact: there's a lot of vendor focused events on Monday, which risks losing focus on open source community, this creates single place where people involved in cloud native security community can gather together in vender-neutral place
Scope: TBD
slack channel: #sig-security-events
For more details see: Public Trello board for planning of SIG Security Day
TO DO
Proposed Format
I'd propose that the day be a mix of speakers (invited or selected from CFP), and open spaces. Given the logistical challenges and because this is the first time this day is being offered, the day would be single track.
The CNCF has offered to provide financial support for this event and then recover the costs through selling sponsorships. However, the presence or requirement for sponsors shouldn't imped the community focused nature of the event (No badge scanning, No raffels, No gaudy signage, No expectation of a speaking slot, etc).
This is event would be similar to what the Cloud Native storage community did at Kubecon EU 2019.
KubeCon 2019 - NA in San Diego, Tues, Nov 19, 2019 to Thurs, Nov 21, 2019
The text was updated successfully, but these errors were encountered: