11:00am • Standardization and Security - A Perfect Match - Ravi Devineni & Vinny Carpenter, Northwestern Mutual
11:50am • More Than Just a Pretty Penny! Why You Need Cybersecurity in Your Culture - Callan Andreacchi & Michaela Flatau, Defense Unicorns
1:55pm • ⚡ Lightning Talk: Software Dark Matter is the Enemy of Software Transparency - Santiago Torres-Arias, Purdue University
2:00pm • ⚡ Lightning Talk: A Secure Software Supply Chain for Open Policy Agency (OPA) Policies - Omri Gazitt, Aserto
2:05pm • ⚡ Lightning Talk: My First Supply Chain Security Pull Request as a 13-Year-Old - Neil Naveen, Middle School
2:10pm • ⚡ Lightning Talk: Cloud(Security)Events -- A Lightweight Framework for Security Reactions - Evan Anderson, VMware
2:15pm • ⚡ Lightning Talk: Securing Your Source Repositories - 5 Tips to Get Started! - Billy Lynch, Chainguard
2:45pm • Demystifying Zero-Trust for Cloud Native Technologies - Kishore Nadendla, TIAA; Mariusz SABATH, IBM Research; Asad Faizi, Eskala.io; Aradhna Chetal, CNCF Security TAG; Philip Griffiths, NetFoundry
3:50pm • Security as Code: A DevSecOps Approach - Xavier René-Corail, GitHub
4:40pm • Security Does Not Need to Be Fun: Ignoring OWASP to Have a Terrible Time - Dwayne McDaniel, GitGuardian
11:00am • Cryptographic Agility: Preparing Modern Apps for Quantum Safety and Beyond - Natalie Fisher, VMware
11:50am • Yes, Application Security Leads to Better Business Value. Learn How from Experts. - Larry Carvalho, RobustCloud; Hillary Benson, Gitlab; Kirsten Newcomer, Red Hat; David Zendzian, VMware
1:55pm • Cloud Native Security Landscape: Myths, Dragons, and Real Talk - Edd Wilder-James & Loris Degioanni, Sysdig; Kim Lewandowski, Chainguard; Isaac Hepworth, Google; Randall Degges, Snyk
2:45pm • Beyond Cluster-Admin: Getting Started with Kubernetes Users and Permissions - Tiffany Jernigan, VMware
3:50pm • Who Are You? I Really Want to Know… the Magic Behind OIDC - Eddie Zaneski, Chainguard
4:40pm • Cloud Native Security 101: Building Blocks, Patterns and Best Practices - Rafik Harabi, Sysdig
9:00am • Keynote: Welcome + Opening Remarks - Priyanka Sharma, Executive Director, Cloud Native Computing Foundation
9:15am • Keynote: Fighting The Next War - Future Threats to OSS and Software Supply Chain Security - Brian Behlendorf, Managing Director, Open Source Security Foundation
9:30am • Sponsored Keynote: Cloud Security’s Hidden Force: Threat Detection - Loris Degioanni, Founder and CTO, Sysdig
9:35am • Keynote: Picture this! Solving Security Problems Visually with eBPF - Liz Rice, Chief Open Source Officer, Isovalent
9:50am • Sponsored Keynote: From Google to NIST — The Future of Cloud Native Security - Zack Butcher, Founding Engineer in Product, Tetrate
9:55am • Keynote: Learn by Hacking: How to Run a 2,500 Node Kubernetes CTF - Andrew Martin, CEO, ControlPlane & Andrés Vega, VP of Operations, ControlPlane
10:10am • Sponsored Keynote: Why Developer Laptop Security is Key to Securing Your CI/CD Pipeline - Saurabh Wadhwa, Senior Solutions Engineer, Uptycs
10:15am • Keynote: Closing Remarks - Emily Fox, Security Engineer, Apple; Liz Rice, Chief Open Source Officer, Isovalent; Brandon Lum, Software Engineer, Google
11:00am • SBOMs, VEX, and Kubernetes - Kiran Kamity, Deepfactor; Jonathan Meadows , Citi; Dr. Allan Friedman, Cybersecurity and Infrastructure Security Agency; Andrew Martin, Control Plane; Rose Judge, VMware
11:50am • Self Healing GitOps: Continuous, Secure GitOps Using Argo CD, Helm and OPA - Upkar Lidder , Tenable
1:55pm • Spicing up Container Image Security with SLSA & GUAC - Ian Lewis, Google
2:45pm • Modifying the Immutable: Attaching Artifacts to OCI Images - Brandon Mitchell, BoxBoat, an IBM Company
3:50pm • Security That Enables: Breaking Down Security Silos in the DevOps Ecosystem - Saurabh Wadhwa, Uptycs
4:40pm • "Keyless" Code Signing Without Fulcio - Nathan Smith, Chainguard
11:00am • Mapping Motives Tells a Story: Analysis of 2,000 Enterprise Cloud Detections - David Wolf & Joshua Smith, Devo
11:50am • CSI Container: Can You DFIR It? - Alberto Pellitteri & Stefano Chierici, Sysdig
1:55pm • The Four Golden Signals of Security Observability - Duffie Cooley, Isovalent
2:45pm • Do This, Not That – Lessons from 7 Headline Grabbing Security Breaches - Maya Levine, Sysdig
3:50pm • Not All That’s Signed Is Secure: Verify the Right Way with TUF and Sigstore - Zachary Newman, Chainguard, Inc. & Marina Moore, New York University
4:40pm • Leveraging SBOMS to Automate Packaging, Transfer, and Reporting of Dependencies Between Secure Environments - Ian Dunbar-Hall & Jerod Heck, Lockheed Martin
9:00am • Keynote: Opening Remarks - Liz Rice, Chief Open Source Officer, Isovalent
9:05am • Keynote: Panic in San Francisco: The Critical Vulnerability That Wasn't - Shane Lawrence, Staff Infrastructure Security Engineer, Shopify
9:20am • Sponsored Keynote: OpenClarity: A Community-Led Approach to Cloud-Native Application Security - Sarabjeet Chugh, Senior Director, Global Head of Product-Led Growth, Cisco
9:25am • Keynote: It Takes a Community to Raise a Conference: From Security Day to CloudNativeSecurityCon - Emily Fox, Security Engineer, Apple
9:40am • Keynote: Back to the Future: Next-Generation Cloud Native Security - Matt Jarvis, Director of Developer Relations, Snyk
9:55am • Sponsored Keynote: Trust and Risk in the Software Supply Chain - Emmy Eide, Director, Product Security, Red Hat
10:00am • Keynote: The Next Steps in Software Supply Chain Security - Brandon Lum, Software Engineer, Google
10:15am • Sponsored Keynote: Kubernetes is the Perfect Platform for Enforcing Zero Trust Security - Fei Huang, VP Security Product Strategy, SUSE
10:20am • Keynote: Closing Remarks - Emily Fox, Security Engineer, Apple; Liz Rice, Chief Open Source Officer, Isovalent; Brandon Lum, Software Engineer, Google
