CloudNativeSecurityCon North America

This event has passed. View the upcoming KubeCon + CloudNativeCon + other CNCF Events.

""

Call For Proposals (CFP)

Overview

CloudNativeSecurityCon is a two-day event designed to foster collaboration, discussion and knowledge sharing of developer first cloud native security practices. The goal is to bring application developers and modern security experts together to not just propose solutions that incrementally improve what has come before, but to give room to cutting edge projects and advances in modern security approaches. Topics of sessions and lightning talks presented by expert practitioners include architecture and policy, secure software development, supply chain security, identity and access, forensics, and more.

Important Note: Proposal submissions that are solely or to a large extent written or include AI-generated text by a large-scale language model (LLM) such as ChatGPT will not be accepted and disregarded without a second chance to submit.

For any questions regarding the CFP process, please email cfp@cncf.io.

Dates to Remember

  • CFP Closes: Wednesday, April 3 at 11:59pm PDT
  • CFP Notifications: Monday, May 6
  • Schedule Announcement: Wednesday, May 8
  • Event Dates: June 26-27, 2024

Program Co-Chairs

Rey Lejano Headshot

Rey Lejano

Rey Lejano is Solutions Architect at Red Hat and currently serves as co-chair for Kubernetes Special Interest Group (SIG) Docs and helps maintain the upstream Kubernetes documentation. Rey leads the Kubernetes SIG Security Third-Party Security Audit subproject and helped release the last Kubernetes security audit in April 2023. He is a member of seven Kubernetes Release Teams, including serving as the 1.23 Release Lead and 1.25 Emeritus Adviser. Rey has been a Program Committee member for KubeCon + CloudNativeCon (2022 Detroit, 2023 Amsterdam, 2023 Chicago) and Track Chair for KubeCon + CloudNativeCon Europe 2024 in Paris. Rey was awarded the CNCF Community Award for Top Documentarian in 2022 and Kubernetes Contributor Awards in 2021 from SIG Release and 2023 from SIG Security. Rey is a CNCF Ambassador and DevOps Institute Ambassador

Cailyn Edwards Headshot

Cailyn Edwards

Cailyn Edwards (she/her) is a CNCF Ambassador and a Senior Security Engineer at Auth0 by Okta, where she spends her time paving roads, putting up guard rails and generally helping to secure the cloud. She is also an active contributor to SIG-Security and 2022 Contributor Award recipient. Her current focus is on network, and Kubernetes multi-tenancy security. Outside of work Cailyn can be found running, playing squash, walking her dogs or working in the garden.

Marina Moore Headshot

Marina Moore

Marina Moore is a PhD candidate at NYU doing research about software supply chain security with a focus on secure software delivery and update. She is also a co-chair of CNCF’s TAG Security and a maintainer of TUF, in-toto, Uptane, and SBOMit. Her work focuses on the interaction between research and real-world application through open source contribution and discussion.

Suggested Topics

  • Cloud Native Security Novice – Consider this the welcome party – where content is aimed at individuals new to the conference or unfamiliar with cloud native security, or security in general. Talks can cover a broad range of topics but should be approachable for anyone and everyone.
  • Security Advocacy + Collaboration – How to share, train and encourage good security practices, empower teams, and introduce frictionless security for a successful security program. Talks that will highlight how security teams should work with and not against development teams.
  • Observability + Detections + Response – Monitoring for and responding to cloud native vulnerabilities, attacks, and bugs. Minimizing downtime, discovering the root cause and preventing recurrences.
  • IAM + Multi-tenancy + Network Security – Who can access what, when and with what level of power, bootstrapping identity, certificate management. Multi-tenancy with secure cloud native design patterns and integrations, and encrypted or isolating workloads.
  • Supply Chains + Containers + Application Security – Securing cloud native applications and containers, CI/CD and development ecosystems, etc.
  • GRC + Privacy – Governance, risk, compliance, and privacy — how organizations are doing this, what technologies organizations are using for grc + privacy, and how compliance and security teams can work together.
  • Leveraging + Preparing for AI In Cloud Security – AI in the cloud native landscape, risks, considerations and security use cases.

Submission Types

  • Session Presentation: 35 minutes, 1-2 speaker presenting on a topic
  • Panel Discussion: 35 minutes of discussion amongst 3 to 5 speakers, at least one speaker must not identify as a man
  • Tutorial: 90-minute, in-depth, hands-on presentation with 1–5 speakers
  • Lightning Talk:  A brief 5-minute presentation, maximum of 1 speaker

Important Notes

  • All speakers are required to adhere to our Code of Conduct. We also highly recommend that speakers take our online Inclusive Speaker Orientation Course.
  • Panel submissions must include the names of all participants in the initial submission to be considered. In addition, The Linux Foundation does not accept submissions with all-male panels in an effort to increase speaker diversity.
  • Complimentary Passes For Speakers – One complimentary pass for the event will be provided for the accepted speaker(s) per submission.
  • Avoid sales or marketing pitches and discussing unlicensed or potentially closed-source technologies when preparing your proposal; these talks are almost always rejected due to the fact that they take away from the integrity of our events, and are rarely well-received by conference attendees.
  • CNCF will not select submissions that have already been presented at a previous Linux Foundation event within the past year. If your submission is similar to a previous talk, please explain how this version differs.
  • You are allowed to be listed as a speaker on a maximum of two proposals submitted to the CFP, regardless of the format. If you are listed on more than two, we will contact you to remove yourself from any additional proposals.
  • You may only be selected to speak on one panel and one non-panel session per event.
  • All accepted speakers are required to submit their slides prior to the event.

Preparing to Submit Your Proposal

While it is not our intention to provide you with strict instructions on how to prepare your proposal, we hope you will take a moment to review the following guidelines that we have put together to help you prepare the best submission possible. To get started, here are three things that you should consider before submitting your proposal:

  1. What are you hoping to get from your presentation?
  2. What do you expect the audience to gain from your presentation?
  3. How will your presentation help better the ecosystem?

There are plenty of ways to give a presentation about projects and technologies without focusing on company-specific efforts. Remember the things to consider that we mentioned above when writing your proposal and think of ways to make it interesting for attendees while still letting you share your experiences, educate the community about an issue, or generate interest in a project.

Writing Your Proposal

Your session title will be the main point of reference for attendees to decide if they want to attend your talk, so choose it carefully. The title should accurately reflect the content of your talk and comply with The Linux Foundation’s Inclusive Language Initiative. Please use title case when inputting your title.

In the session description, make the most of your opportunity to pitch your talk to the program committee by emphasizing its problem, contribution, and relevance. Don’t forget technical details, but keep the big picture in mind. Your proposal’s description should be focused, detailed, and comply with The Linux Foundation’s Inclusive Language Initiative. It will appear on the website schedule if accepted, so ensure it’s error-free, uses full sentences, and written in the third person. This description can make or break an attendee’s decision to attend your talk, so provide enough information to aid their choice, and be concise. The competition for presentation slots is high, so a well-crafted, engaging abstract will improve your chances of acceptance.

Use this opportunity to elaborate on why your presentation is important and why attendees should care. Explain how your content will benefit the ecosystem or share any other relevant information with the co-chairs and program committee. We understand that this can be a challenging question to answer, but like the abstract, the relevance of your presentation is crucial, and it’s as significant as the content in determining acceptance.

Please indicate whether your submission is a case study. In other words, is your submission a report of an organization’s implementation of something, such as a practice, a product, a system, a service, or combination thereof? The case study can be thought of as a real-world test of how the implementation works, and how well it works.

If you have presented this talk before within the past year at a CNCF or Linux Foundation event, please explain the significant differences between that presentation and the one you are proposing in your session description.

Please list all CNCF-hosted graduated, incubating, or sandbox software(s) as well as all open source projects that your presentation will be focused on if applicable.

Since the Program Committee reviews numerous proposals, additional resources can assist in assessing a speaker’s proficiency and presentation skills. Please provide a video or audio recording of a previous talk you have given. If you do not have any prior recordings of your talk, you may create a brief YouTube video of yourself speaking for a few minutes.

How to Give a Great Talk

We want to make sure submitters receive resources to help put together a great submission and if accepted, give the best presentation possible. To help with this, we recommend viewing seasoned speaker Dawn Foster’s in-depth talk: Getting Over Your Imposter Syndrome to Become a Conference Speaker – Dawn Foster, VMware

Have More Questions? First Time Submitting? Don’t Feel Intimidated

CNCF events are an excellent way to get to know the community and share your ideas and the work that you are doing and we strongly encourage first-time speakers to submit talks for our events. In the instance that you aren’t sure about your abstract, reach out to us and we will be more than happy to work with you on your proposal.

How to submit

First time using Sessionize?

Sessionize is a cloud-based event content management software designed to be intuitive and user-friendly. If you need guidance, please review how to submit your session for an event to see step-by-step instructions and helpful screenshots.

Submitting on behalf of somebody else?

While speakers ordinarily submit their sessions themselves, it’s also common for them to have someone else do it in their name. Submitters can choose to submit as someone else and must fill out the necessary speaker fields, but the session submission process is otherwise identical to when the session is submitted by the speaker themselves.

sample submission

Example title

OCI, CRI, ??: Making Sense of the Container Runtime Landscape in Kubernetes

Example Description

You’ve probably heard about the OCI—a standardization effort to share a common definition for container runtime, image, and image distribution. Add to that the CRI (container runtime interface) in Kubernetes—designed to abstract the container runtime from the kubelet—and you may start to wonder what all these standards and interfaces mean for you in a Kubernetes world.

As of this year, a long list of runtimes, including CNCF projects containerd and cri-o, all implement the CRI. But did you know there are quite a few others? The unique number of CRI combinations is growing, all of which use the common OCI definitions for runtime and image interoperability.

But how would you decide which container runtime is right for you? Clearly each one has tradeoffs. This talk will help describe the current landscape and give you details on the why and how of each CRI implementation available today.

Example Benefits to the ecosystem

It is a repeating comment across the CNCF ecosystem that the number of choices for container runtime is confusing, especially for those who are newer to our ecosystem. Even for those who many have heard the names–Docker, containerd, cri-o–even they are curious as to the reasons why there are many varied runtimes available to implement the CRI interface for Kubernetes, and what is the history that brought us to this point.

This talk helps bring clarity to the container runtime landscape, and especially shows the interesting work being done in additional isolation technologies like gVisor, AWS Firecracker, and Kata containers and why that may be of value to consider for certain security or workload constraints.

In the end, especially as we have two major runtimes as CNCF projects, this talk hopefully brings a level of insight to practitioners, developers, and operators as to why clusters may choose various runtimes and how new features in Kubernetes like RuntimeClass are making it easier to support mixed clusters that can support the needs of workloads with different isolation features or requirements.

Scoring Guidelines

To help you further understand what is considered while the program committee and co-chairs are reviewing your proposal, please review the Submission Reviewer Guidelines.

Code of conduct

CNCF and its project communities are dedicated to providing a harassment-free experience for participants at our events. All submitters are required to abide by our Code of Conduct.

CFP questions

If you have any questions regarding the CFP process, please contact us at cfp@cncf.io.

Sponsors

Diamond

Platinum

Gold

Start-Up

Diversity Scholarship

Secure AI Day Sponsors