TAG Security and Compliance Tech Lead Nomination #1662
Comments
|
I'd like to self nominate as a Tech Lead for TAG Security and Compliance. I created and facilitated the assessment process and have been a Tech Lead since we first established the role. This is one of the most visible outputs of our TAG and we need someone in leadership running it. Bio: |
|
I am running for a Tech Lead for TAG Security and Compliance. Bio: |
|
I would like to self nominate as a Technical Lead for TAG Security and Compliance. In my time as Technical Lead for TAG Security (Sept 2024 -> Present) I have worked to enable Projects, End Users and Subject Expertise to find paths towards meaningful contributions within the CNCF. From responding to projects needing guidance on security and potential findings, enabling working groups to thrive and solve widespread problems in the security and compliance ecosystems, to authoring and reviewing multiple artifacts that contribute to guidance for projects and end users. I believe the future of TAG Security and Compliance still has much evolution ahead. The TAG has a responsibility to consider how we adapt to the landscape growth and enhance the foundational requirements projects build upon. Additionally considering inclusivity in educating and learning from others across the globe and encouraging their participation in the collective goals of Security. Should I be elected I intend to continue to analyze the process for which projects seeking donation to the CNCF - and on a continual basis thereafter - are evaluated for security and compliance. Bio: |
|
I am self-nominating for the position of Tech Lead for TAG Security and Compliance, specifically for the second nomination round (July 7). Driving the nomination is my passion for interoperable open-source tooling that makes security information discoverable and streamlines compliance workflows across the ecosystem. Bio: |
|
I am self nominating for Technical Lead for TAG Security and compliance. Bio: I've been a TAG Security Tech Lead since end of 2021. I've contributed to multiple CNCF projects and initiatives over the past 5-6 years. I co-chaired the FinServ End User Group, and contributed to/led multiple initiatives including the Supply Chain Security Best Practices White Paper (v1 and v2) and the Secure Software Factory Reference Architecture. In addition, I've provided ad hoc guidance to projects. I've done a lot of other work in the community as both an OpenSSF technical advisory council member and governing board member. I've also done lots of other work in the community volunteering time on the committees for various conferences including Cloud Native Security Con and OpenSSF Day Japan. I've also spoken at various conferences including Open Source Summit (NA, EU, and Japan), and KubeCon (NA and EU) over the past several years. I am also a maintainer and contributor to various open source projects like: GUAC, SLSA, and OpenSSF Baseline. |
|
I would like to self nominate as a Technical Lead for TAG Security and Compliance. I am currently the Tech Lead for the Compliance WG under CNCF Tag Security since its inception (Feb 2024 onwards). I have been moderating the biweekly calls for this WG and have been contributing to and facilitating various efforts under this WG. I am leading couple of initiatives, and have helped and mentored/reviewed other initiatives and works under this WG. I have been working on Compliance digitization and standardization since last five years and have been involved with NIST OSCAL team in helping add new capabilities and support in the OSCAL standard. I have also lead and contributed to open-source projects. Especially, I have been leading, contributing, and maintaining the compliance-trestle open source project since its inception which was accepted as a CNCF sandbox project last year. I am the lead for the OSCAL-Compass CNCF sandbox set of projects and part of its oversight committee helping grow its adoption within the Cloud Native community. Should I be elected as a Tech lead, I will continue to work will the cloud native community to help in their compliance standardisation and automation journey. Moreover, with recent proliferation of AI models, applications, and workloads there is a need to build best practices around compliance4AI to help the community understand and manage AI risks and comply with various AI regulations. As part of this effort I have submitted an initiative on AI best practices, and together with the community plan to create a whitepaper on this for use by the Cloud Native community. Bio: |
|
@vikas-agarwal76 no need to nominate yourself, I nominate you and have seen first hand the leadership you have demonstrated on the WG calls, and behind the scenes. For anyone who hasn't yet collaborated with Vikas, I can attest to his work ethic and attention to detail, and encourages input from all, very supportive in all respects. |
|
I’d like to nominate self for participation in the CNCF Security & Compliance TAG. My work integrates multiple CNCF projects and open standards to address real-world security, identity, and compliance requirements. As a Technical Steering Committee member of cert-manager, I collaborate for project direction with a focus on scalable identity management and certificate lifecycle automation. I lead downstream productization and security hardening of cert-manager as part of OpenShift’s application platform security strategy. I also drive the adoption of the Secrets Store CSI Driver and External Secrets Operator for secure, pluggable, cloud-native secrets integration. These implementations are actively being rolled out across regulated environments to meet workload isolation and audit requirements. Additionally, I lead the enablement of SPIFFE/SPIRE for workload identity and secure service-to-service mTLS in OpenShift and downstream productization. My contribution to this TAG would include deep implementation experience with federated identity, secret lifecycle orchestration, and runtime policy enforcement in production environments. I aim to bring the perspective of connecting upstream CNCF innovation with real-world enterprise readiness and compliance needs. I look forward to collaborating with the community to help evolve CNCF security best practices and guidance. Thank you for your consideration. Bio |
|
Thanks everyone for putting your nomination forward :) |
Following the TAG Reboot Timeline, we are opening nominations for (3) Tech Leads for TAG Security and Compliance. If this interests you, please review the information on TAG governance and responsibilities in the TAG Governance doc and the draft charter for the TAG. Then, if you're still interested - please post your bio below and confirm your interest in running for Tech Lead.
Election timeline:
May 5: Nominations open for new TAG Technical Leads
May 19: TOC Vote opens for initial TAG Technical Leads (3 per TAG)
June 2: TOC Vote closes for initial TAG Technical Leads
June 2: Initial round of newly seated TAG Technical Leads announced
July 7: Nominations close for new TAG Technical Leads
July 7: TOC and TAG Chairs Vote opens for new TAG Technical Leads (TAG Chairs only vote for their TAG TLs)
July 28: TOC and TAG Chairs Vote closes
July 28: Newly seated Technical Leads announced
NOTE: Timeline is subject to change; check the TAG Reboot Timeline issue for the most up-to-date information.
Once the initial leads are seated, we'll work on refining the charters and really get things going. :)
Links:
TAG Restructuring Presentation - Feb 4, 2025
TAG Reboot Timeline Issue
TAG Governance Doc
Draft Charter
The text was updated successfully, but these errors were encountered: