Re: SIG-Security Tech Lead nominations






From: cncf-toc@... <cncf-toc@...> On Behalf Of Sheng Liang via Lists.Cncf.Io
Sent: Tuesday, February 18, 2020 4:49 PM
To: liz@...; Sarah Allen <sarah@...>
Cc: cncf-toc@...
Subject: Re: [cncf-toc] SIG-Security Tech Lead nominations






From: <cncf-toc@...> on behalf of "Liz Rice via Lists.Cncf.Io" <>
Reply-To: "liz@..." <liz@...>
Date: Tuesday, February 18, 2020 at 7:44 AM
To: Sarah Allen <sarah@...>
Cc: "cncf-toc@..." <cncf-toc@...>
Subject: Re: [cncf-toc] SIG-Security Tech Lead nominations


+1 from me for all three nominees



On Mon, 17 Feb 2020 at 02:02, Sarah Allen <sarah@...> wrote:

Dear Technical Oversight Committee,


In January, the SIG-Security co-chairs along with then TOC liason’s Joe Beda and Liz Rice, agreed to nominate three Tech Leads for SIG-Security: Justin Cappos, Emily Fox and Brendan Lum. Due to the TOC election vote freeze we held off on submitting the nomination till now.


“Tech leads are assigned following a 2/3 majority vote of the TOC and a 2/3 majority vote of SIG Chairs” — cncf-sig elections


See below for more details on each of the nominated tech leads.  Liz suggested that an email vote would be fine, though if anyone wants to suggest alternate process or has questions, let us know.


Thank you!

Sarah Allen

SIG-Security Chair



SIG-Security Tech Lead nominations:


Justin Cappos

  • SIG-Security highlights
    • Security Assessment Facilitator, Meeting Facilitator
    • Instrumental in bringing in assessment model to SIG-Security. In 2018, conducted SPIFFE/SPIRE audit as TOC contributor, presented to SAFE WG and proposed initial guidelines (Nov 2018) then with collaboratively on PR#140 (Jan - Apr 2019)
  • Professional affiliations: 

Emily Fox

  • SIG-Security highlights 
  • Professional affiliations:
    • DevOps Security Lead, NSA 

Brendan Lum

  • SIG-Security highlights
    • Triage team, Meeting Facilitator 
    • Security reviewer on both initial assessments (in-toto and OPA)
    • Security reviewer conflict of interest guidelines PR#247
    • Presented SIG-Security session China June 2019, San Diego Nov 2019
    • Organized in-person meetup DockerCon, May 2019 issue#151
  • Professional affiliations: 
    • IBM Research, container security
      • Technical Lead: Encrypted Container Images
      • Technical Advisor: Design and Architecture. Trusted Identity Project
      • Community manager/maintainer of runnc, runtime for Nabla Containers

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

Join { to automatically receive all group messages.