Monday, November 10
3:00 PM - 8:00 PM ET
CyberArk Workload Identity Day Zero: The KubeCon + CloudNativeCon Pre-Game
Before the KubeCon chaos begins, get your head—and your cluster—right. Join CyberArk for a Day Zero event made for platform engineers, cloud security architects, and CTOs. This focused, single-track experience brings together top shelf content, conversation and cocktails to explore the latest strategies for tackling identity challenges and advancing zero trust security. It’s an afternoon of sharp insights and tactical identity strategies.
Featuring Keynotes from Uber and Block
Agenda:
Guests Arrival & Welcome Reception
Welcome & Opening Remarks
Beyond Secrets. Securing the Next Wave of Workloads with Identity
Matt Barker, VP Workload Identity, CyberArk | Sitaram Iyer, VP Emerging Technologies, CyberArk
Opening Keynote*
From Bet to Backbone, Securing Uber with SPIRE
Andrew Moore, Staff Software Engineer, Uber
General Session*
WIMSE, OAUTH and SPIFFE: A Standards-Based Blueprint for Securing Workloads at Scale
Joe Salowey, Principal Security Software Engineer, CyberArk. IETF TLS Co-Chair. | Pieter Kassleman, Director of Product Engineering, Defakto
General Session*
AI agent communication across cloud providers with SPIFFE universal identities
Dan Choi, Senior Product Manager, Cryptography, AWS | Brendan Paul, Senior Security Architect, AWS
Lightning Talk*
The State of Secrets Sprawl
Dwayne McDaniel, Developer Advocate, Gitguardian
Lightning Talk*
Securing Agentic AI: The New Frontier for SPIFFE and Non-Human Identity
Apurva Davé, CMO, Aembit
Break with drinks & snacks
Lightning Talk*
From Concept to Production: Real-World Non-Human Identity Success
Pieter Kasselman, Director of Product Engineering, Defakto
General Session*
The Path to Passwordless: How Ford Secured its Software Supply Chain with Workload Identity Federation
Arthur Vardevanyan, K8s Platform Engineering Lead, Ford
Closing Keynote*
Datacenter, Cloud, AI, Who Am I? How Block Scales Workload Identities Across Diverse Ecosystems
Brett Caley, Senior Software Security Engineer Block
Panel
Securing the Future: Workload Identity in the Age of AI Agents
Matt Barker, VP Workload Identity, CyberArk – Moderator | Pieter Kasselman – Director Product Engineering, Defakto| Alex Olivier – CEO, Cerbos | Jody Hunt – Principal Engineer, CyberArk | Brett Caley – Senior Software Security Engineer, Block | Andrew Block, Distinguished Architect, Red Hat | Brett Caley, Senior Software Security Engineer, Block
*To view a more detailed break-down of the sessions, please follow the drop-down links at the bottom of this page
Hosts:
Matt Barker
VP & Global Head, Workload Identity Architecture,
CyberArk
Alyssa Miles
Product Marketing Manager, Developer Experience
CyberArk
Thank you to our sponsors:
Primary Sponsor
Sponsors
This talk chronicles Uber's ongoing journey to secure tens of millions of workloads using SPIRE. We'll explore our pioneering adoption of pre-1.0 SPIRE, detailing the strategic work needed to scale its use across our most critical systems. You'll learn about the unique challenges we faced integrating workload identity at both the L7 and L4 layers and how this foundational work paved the way for a truly secretless architecture. Finally, we’ll discuss how the flexibility of identity and access systems is critical for evolving security needs, especially with the rise of AI agents.
In a world where applications, services or AI agents are dynamically composed from thousands of ephemeral workloads running across heterogeneous environments the old approaches to identity no longer work. This talk presents a standards-based blueprint for a scaled workload identity infrastructure that explores the emerging standards shaping workload identity across the various organizations, with a focus on WIMSE, OAuth, and SPIFFE. We’ll examine how these frameworks address identity challenges in modern workload environments to provide strong authentication, least privilege access and automated deployment, whether your securing existing infrastructure or deploying the latest AI technologies.
You are building AI agents and are thinking about your universal identity strategy as you setup secure communication between agents deployed on AWS , on-premises and other cloud environments. In this session, you will learn about orchestrating SPIFFE identities for your AI agents, SPIFFE identity federation and trust across multiple trust domains and actual implementation gotchas. This session is useful for AI agent builders that are dealing with an agent swarm across multiple cloud providers.
For most teams and projects, authentication for machine identities has historically relied on long-lived secrets. These take as many forms and are implemented in a variety of ways. One trait all these credentials share is that they have a tendency to leak. This session will break down the findings from GitGuardian's 2025 State of Secrets Sprawl report, which looks at both public data from GitHub and, for the first time ever, trends seen in private repositories, communication platforms, and other services. We will go beyond just a look at the numbers and explore the findings as calls to action, giving the enterprise a roadmap to go from an organization overwhelmed with unmanaged, sprawling secrets to one with well-governed identities.
Discover how SPIFFE can anchor identity for agentic AI, and why bridging heterogeneous environments requires rethinking non-human identity and access management.
Non-Human Identity doesn't have to be complex. Defakto has turned a decade of SPIFFE deployment experience at global enterprises into a platform that's fast and easy to deploy. We will share how organizations are eliminating static secrets, improving uptime, and building trust across multi-cloud and AI environments, with measurable business results. If you're looking to simplify Non-Human Identity and unlock real business value, Defakto has answers.
In the fast-paced world of automotive technology, security and efficiency are paramount. This presentation explores Ford's journey in adopting Workload Identity Federation (WIF) to eliminate the risks and operational burdens associated with long-lived credentials. We will provide a deep dive into how we leverage WIF to establish secure, short-lived authentication for a variety of critical services. This session will demonstrate the practical applications of WIF across our ecosystem, from CI/CD automation pipelines to our runtime applications. We will highlight the significant benefits realized through this modern approach to identity. By replacing static secrets with automated, temporary credentials, we have drastically reduced the risk of operational outages and fortified our security posture against potential breaches. This transition has not only enhanced our security but also reduced the stress on our operations teams by automating credential.
As infrastructure evolves from datacenters to multi-cloud and AI-driven workloads, the question “Who am I?” isn’t just for humans anymore. Every service, agent, and model needs an identity it can trust — and that others can verify. At Block, we’ve built a unified workload identity platform that spans on-prem systems, multiple clouds, and emerging AI environments. This talk explores how we scale trust across diverse ecosystems using open standards like SPIFFE and SPIRE, how we integrate identity into developer workflows, and how we’re preparing for the next wave — where autonomous AI workloads authenticate, interact, and make decisions on their own. You’ll come away with practical lessons from operating workload identity at scale and a glimpse into what “Who am I?” means in an AI-first world.