I have had a long history in both academic and industry research in computer security. I started my career as a professor at Carnegie Mellon University teaching computer security, and was a founding faculty member of Carnegie Mellon’s Cyber Security Center. During that time, I led many cross industry/academia research efforts and spearheaded many research projects including one that led to the “chenxification” code-level obfuscation technique that is still used in high-security DoD projects and to the best of my knowledge, some underground malware kits.
My post academia work included a VP of research position at Forrester Research, where I covered many segments of the security market and published many hard-hitting research papers on security technologies. My advocacy for application security and privacy led to keynotes at SANS developer conference, RSA Asia, and OWASP. During my Forrester stint, I contributed to the specification of the privacy markup language, sat on the RSA conference’s technical review committee, and served on many National Science Foundation research grant review boards.
At RSA 2016, I’ll be running a featured encryption privacy panel with the former Cyber Security advisor for President Obama, Director of Privacy for Homeland Security and noted privacy experts from EPIC. I recently keynoted ACM’s Cloud Security Workshop on the topic of intersection of cloud security and privacy.
At Twistlock, we are advocating that container security should be platform neutral and cloud native. That means portable, interoperable technologies that do not require anchoring to a specific OS, server architecture, or runtime environment. This is the overriding principle that influences our product strategies, roadmap, and also our open source work. Because of this, we are selected as the first security partner for Google Container Engine. We also recently committed authorization framework code to Docker, which allows third party authorization plugins to be integrated with Docker. For those efforts, I work very closely with R&D to craft product and technology roadmap. Our mission is to engineer a platform-neutral layer of security controls that are open, standards-based, and can benefit a large part of the ecosystem. This mission fits extremely well with the CNCF vision.
Prior to Twistlock, I spent two years leading the innovation strategy at Intel security, focusing primarily on deriving unique value from a software-hardware combined strategy. I led the ubiquity research and developed the technical roadmap and specification for embedding identity-based encryption engine in Intel hardware, which led to the integration roadmap for Cloud-to-chip technologies for Intel Security.
The industry is going through a sea change presently when DevOps initiatives are taking hold in organizations large and small. Security must adapt accordingly or risk jeopardizing the pace of innovation. For those reasons, we contend that it is important for the TOC to have a designated representative on security technologies.
Twistlock’s market position – an early mover in container security – and my experience in deep technical work, privacy, as well as big-picture strategy research, allow me to bring unique insights to the technical committee. I believe that I can make significant and valuable contribution to the technical work of CNCF and therefore would like to nominate myself to be a member of the technical committee.
Chenxi Wang, Ph.D.
Chief Strategy Officer, Twistlock
ToC Nomination Bryan Cantrill/Joyent
Scott Hammond <scott.hammond@...>
I would like to nominate Bryan Cantrill to serve on the TOC. Bryan is the CTO of Joyent, where he has spent the last five years leading the development of Joyent's array of cloud-native infrastructure software, including SmartOS, SmartDataCenter, Manta and (most recently) Triton. A highly regarded speaker and spokesperson for both open source and cloud-native infrastructure, in 2015 Bryan spoke at Container Camp, Container Summit, Velocity, Surge, QCon, OSCON, DockerCon, NodeInteractive and Structure (among others). When not presenting, Bryan remains very much immersed in the details of cloud-native infrastructure, actively participating in Joyent's open source projects and communities.
With respect to the CNCF, Bryan sees the promise of industry collaboration to facilitate an interoperable, composable future -- and to provide a home for open source technologies that share the CNCF's values and mission. Bryan believes that by working to elucidate boundaries and encourage interoperability, the CNCF can help bring clarity to overwhelmed practitioners trying to navigate an increasingly bewildering set of technologies -- and as such, tangibly address the greatest single impediment to cloud-native adoption.
Prior to Joyent, Bryan was a Distinguished Engineer at Sun Microsystems, where he spent fourteen years working on a wide range of system software, from the guts of the kernel to client-code on the browser and much in between. Notably, Bryan led the team that designed and implemented DTrace, a facility for dynamic instrumentation of production systems that won the Wall Street Journal’s top Technology Innovation Award in 2006 and the USENIX Software Tools User Group Award in 2008, and prompted MIT's Technology Review to name Bryan one of the top 35 innovators under the age of 35 in 2005. Bryan received the ScB magna cum laude with honors in Computer Science from Brown University.
Thanks for your consideration.
Scott R. Hammond
President and CEO
Nomination of Doug Davis to TOC consideration
Kenneth Owens (kenowens) <kenowens@...>
TOC nomination / Alexis Richardson (Weaveworks)
I am putting my name into the ring for TOC nominations: Alexis Richardson, CEO and co-founder of Weaveworks. I have been involved in a large number of successful open source projects in a wide range of roles. I’d like to bring that experience to the CNCF TOC. And I wish to emphasise that in ALL cases my work was part of a team effort.
The main value I bring is an understanding of how all the moving parts come together to make a project succeed, from idea to product, and from community to customer.
- CEO Weaveworks, which I co-founded. Weave is approaching 5M downloads from DockerHub and Github, and as a team we have influenced the container community and CNCF.
- CEO RabbitMQ, which I co-founded. Rabbit is widely used in cloud native software.
- Head of products for Spring and vFabric (commercial) at Pivotal where I reorganised Spring and introduced the cloud native generation of Spring products that is now doing so well (eg Boot)
- As part of the above, I was also responsible for our product effort around Redis, Apache Tomcat and Apache Web Server. I had previously convinced Salvatore (Redis) to join us. Vert.x was born in my team too.
- At VMware I was instrumental in convincing the exec team to join OpenStack. That took a while, but we got there in the end… And between VMware and Pivotal I had a proximal although never hands on role in Cloud Foundry and its journey to the current Foundation model.
- I have experience with interoperable open standards - I co-chaired and successfully brought an open cloud API standard to market - OCCI, in the OGF. I also played a leading role in AMQP through my work on RabbitMQ.
- I helped to create the MPL2 updated Mozilla open source license. And, for more info on me, please see my linkedin bio.
So why do I want to do this? I think we have a one off opportunity. Our industry is changing. Cloud computing is not a done deal - the biggest ramifications are still ahead of us. What we fumblingly call “Cloud Native” is just the little parts we can see today. Let’s make it good technology. It has to be good enough that the next generation of creative technologists want, indeed love to use it. By getting behind a Foundation we are saying that this technology should be part of the commons - something that can make the fabric of future apps, the way that HTTP made the Web.
NASSAUR, DOUGLAS C <dn283x@...>
Dear CNCF Community,
As a GM and principal technical leader of cloud architecture at AT&T I have the fortune of enjoying a unique perspective through which I can observe and influence technology and its impact on our business markets, government and education sectors and on the individual consumer. My team and I are entrusted with the care and feeding of our architecture efforts toward Cloud Computing, Big Data and the consumption and providing of content and capabilities via scalable and reusable platform APIs.
My current perspective combined with many years of driving innovation and standards through collaboration across open source and corporate and start-up initiatives has forged a strong commitment to the importance of the Cloud Native Computing Foundation. It is from that commitment that I seek your support for a TOC nomination.
While cloud computing has held out the promise of reducing cost, complexity and time to market we have only scratched the surface of realizing these goals. In my opinion our current challenges will include not just the definition and realization of technical standards but will include the need to keep the market energized in the belief that cloud computing is still a worthy end game. With that in mind I believe our technical leadership will need to possess peripheral visionary skills and the technical grounding, historical understanding and determination to foster collaboration, prioritization and a steady cadence of accomplishments among our contributors and stakeholders.
The community tends to focus on specific technologies, tools and projects and look to understand the “either-or” value proposition of selecting one over the other. My intent would be to offer a unique and diverse perspective which recognizes our establishment of a patchwork quilt, derived from the contributions of providers, open source projects and thought leadership from a broad base of stakeholders. I would also offer a view which looks at both the provider and customer aspects of the equation and the view that innovation and change is a primary constant in our equation.
In the spirit of keeping this brief but useful I would close with the following perspective. Our ultimate business challenge is to reduce the time, cost and complexity associated with the deployment and management of software defined business and technical functions which run our lives. Our biggest technical challenge is to “right-size” the IT resources supporting today’s software enablers to point in time demand for specific functions as opposed to entire infrastructure deployments. We must accomplish this while reducing cost, complexity and time to market while offering abstraction, flexibility and choice - a tall order.
Lastly, our biggest scope challenge is in realizing software workload deployments in loosely coupled, geographically diverse architectures involving multiple providers, virtualization technologies and locations. Providing a level of visibility and control to both consumers and providers unprecedented in our technology history is imperative to maintaining comfort, confidence and adoption of the solutions we will inevitably define for the Cloud Native Computing Ecosystem.
I look forward to working with all of you in defining the direction, strategy, problem set and ultimate standards to which the industry will evolve. I would be honored to play a leadership role in this effort with the intent of uniting a diverse group of super-smart contributors to a common goal that will stand the test of time by assuring constant innovation and evolution. I appreciate your consideration.
With kind regards,
Lead Principal – Technical Architect
Cloud Native Computing - Architecture and Platforms
Domain 2.0 Architecture and Design
TOC nomination / Gabriel Monroy (Deis)
As an individual who cares deeply about vendor-neutral interoperability and composable systems design, I'd like to throw my name into the ring for TOC nomination.
From its inception in 2013, the Deis PaaS effort (for which I am BDFL) has focused on integrating cloud-native technologies from a variety of vendors including Docker, CoreOS, Google, Mesosphere, and others. As one of the first integration-focused development efforts in this space, I have witnessed vast amounts of technology overlap due to unclear separation of concerns in our technical domain.
Since 2014, I have advocated for industry-wide collaboration to achieve this separation of concerns—which I view as critical to decreasing market confusion and advancing the goals of the CNCF. I believe I have the right background, experience, and motivations to sit on the Technical Committee.
* I was the largest external contributor to Docker during its formative months and possess deep understanding of containers as applied to enterprise IT
* I helped shape operational best practices for production deployments of container-centric technology like CoreOS and etcd via Deis
* I guide a team of 40+ support engineers actively providing operational support to early adopters of containers, distributed systems, and microservices.
* I am one of the co-creators of Helm, a decentralized and federated approach to composite application modeling in Kubernetes.
With the right technical and organizational leadership, I am confident the CNCF can succeed in its mission. I would be thrilled to join that effort as a member of the technical committee.
CNCF 12/3/2015 Meeting Notes
The notes and slides from yesterdays technical/community meeting are available now. Thank you to everyone who made it.
Friendly reminder that the TOC nomination process is now open as specified in the charter. Nominations can be sent to cncf-toc@... and should include a "maximum one (1) page nomination pitch which should include the nominees name, contact information and supporting statement identifying the nominees experience in CNCF domains"
TOC Nomination Period
Dec 3rd: Open TOC Nominations
Jan 7th: Close TOC Nominations
TOC Evaluation Period
Jan 8th: Open TOC Evaluation
Jan 22nd: Close TOC Voting
Open TOC Voting (3 days)
Jan 25th: Open Voting
Jan 28th: Close Voting
Jan 29th: Announce TOC Results