[Project] 2020 NA Cloud Native Security Day VIRTUAL (aka SIG-Security day) at Kubecon

[TheFoxAtWork]

Description: SIG-Security Day at the upcoming NA Kubecon/CloudNativeCon. The goal of the day is to bring together the broader Cloud Native security community in a community oriented space to discuss and share current challenges (and solutions) in Cloud Native security.

Social Media:

#cnsecurityday CNCF Website Security Day

Discuss:

Practical application of the security tools and features in the Cloud Native ecosystem. Role of red teams and blue teams in Cloud Native architectures. Practical security policies and procedures in Cloud Native. Common attack patterns in Cloud Native. Latest vulnerabilities in Cloud Native platforms. Impact: there's a lot of vendor focused events on Monday, which risks losing focus on open source community, this creates single place where people involved in cloud native security community can gather together in vender-neutral place

Program committee

SIG Chair: @pragashj confirmed

Team Leads: (needs confirmed)

• @TheFoxAtWork - confirmed

CFP Reviewers: (needs confirmed)

• @TheFoxAtWork - confirmed
• @justincormack
• @anvega
• @markyjackson-taulia - confirmed
• @sublimino - confirmed
• @raravena80 - confirmed
• @mhausenblas - confirmed
• @vinayvenkat - confirmed
• @gadinaor - confirmed
• @lumjjb - confirmed

slack channel: #sig-security-events

Nov 17th 2020

TO DO

• [x] Website: generate some content for the Event Website that covers the items in the trello ticket. We'll use the sig-security-events repo as a collection of SIG events moving forward
• [x] CFP prep
• [x] CFP Review
• [x] Security Day event schedule/planning
• [X] Retrospective: doc

Proposed Format

Virtual conference with hallway track in Slack Channel for proposed topic areas (threaded) Special Slack Channel for the CTF! #3-cnsecurityday-ctf

Capture the Flag!

1. An educative CTF to promote Kubernetes security awareness. All levels welcome! Each CTF scenario will be run in parallel with a talk, with friendly people on hand in Slack to help anybody that gets stuck.
2. Learn how to protect your cluster by pwning another and capturing their flag. From n00b to 1337, we have a number of different scenarios for hands-on learning. Join the Slack channel and our training team will get you up and running throughout the day.
3. Join the Red team and capture the flags on our misconfigured clusters. This event is here to help you learn by doing, so if this is your first CTF or you're a vulnerability veteran, Control Plane will be there to help you level up with our hosted event. DM CTF on the Slack channel to get started.
4. Bored of having vulnerabilities on your cluster? If so, then come find ours! We have clusters ready and waiting, setup incorrectly for you ready for you to own and capture the flags. As well as learning by doing we will be giving away prizes throughout the day.
5. Take control of a misconfigured cluster to learn best Kubernetes security practices. These hosted clusters will be available throughout the day for you to own. Join the Slack channel to get started!

The CNCF has offered to provide financial support for this event and then recover the costs through selling sponsorships. However, the presence or requirement for sponsors shouldn't imped the community focused nature of the event (No badge scanning, No raffels, No gaudy signage, No expectation of a speaking slot, etc).

[TheFoxAtWork]

@mfdii please let us know if you can continue as lead

[markjacksonfishing]

I can confirm to be a CFP reviewer

[vinayvenkat]

@TheFoxAtWork I would be happy to be a part of the Program Committee and review CFP's. Thank you.

[raravena80]

Confirmed.

[mhausenblas]

Confirmed and thanks for driving this!

[sublimino]

+1 confirmed with thanks : ]

On Sat, 5 Sep 2020 at 08:12, Michael Hausenblas notifications@github.com wrote:

Confirmed and thanks for driving this!

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/cncf/sig-security/issues/416#issuecomment-687564328, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABAXZNOXLFDZT677JCYHMLSEHQENANCNFSM4QY3WPMA .

[pragashj]

I am in!

[gadinaor]

Happy to be part of the CFP reviewers

[lumjjb]

Happy to be part of the CFP reviewers as well.

[TheFoxAtWork]

Closing call for CFP reviewers.

[chasemp]

I'm around but it seems like a good group already. I can be an alternate if you come up short on reviewers, or a secondary review if further input on pairing down is useful.