Compass icon 5Church Midtown, Atlanta
Calendar icon Monday, November 10
Clock icon 3:00 PM - 8:00 PM ET

CyberArk Workload Identity Day Zero: The KubeCon + CloudNativeCon Pre-Game

Before the KubeCon chaos begins, get your head—and your cluster—right. Join CyberArk for a Day Zero event made for platform engineers, cloud security architects, and CTOs. This focused, single-track experience brings together top shelf content, conversation and cocktails to explore the latest strategies for tackling identity challenges and advancing zero trust security. It’s an afternoon of sharp insights and tactical identity strategies.

Featuring Keynotes from Uber and Block

  • block
  • uber

Agenda:

3:00 – 3:45 PM
Guests Arrival & Welcome Reception
3:45 – 4:00 PM
Welcome & Opening Remarks

Beyond Secrets. Securing the Next Wave of Workloads with Identity

Matt Barker, VP Workload Identity, CyberArk | Sitaram Iyer, VP Emerging Technologies, CyberArk

4:00 – 4:25 PM
Opening Keynote*

From Bet to Backbone, Securing Uber with SPIRE

Andrew Moore, Staff Software Engineer, Uber

4:25 – 4:50 PM
General Session*

WIMSE, OAUTH and SPIFFE: A Standards-Based Blueprint for Securing Workloads at Scale

Joe Salowey, Principal Security Software Engineer, CyberArk. IETF TLS Co-Chair. | Pieter Kassleman, Director of Product Engineering, Defakto

4:50 – 5:10 PM
General Session*

AI agent communication across cloud providers with SPIFFE universal identities

Dan Choi, Senior Product Manager, Cryptography, AWS | Brendan Paul, Senior Security Architect, AWS

5:10 – 5:20 PM
Lightning Talk*

The State of Secrets Sprawl

Dwayne McDaniel, Developer Advocate, Gitguardian

5:20 – 5:30 PM
Lightning Talk*

Securing Agentic AI: The New Frontier for SPIFFE and Non-Human Identity

Apurva Davé, CMO, Aembit

5:30 – 5:45 PM
Break with drinks & snacks
5:45 – 5:55 PM
Lightning Talk*

From Concept to Production: Real-World Non-Human Identity Success

Pieter Kasselman, Director of Product Engineering, Defakto

5:55 – 6:15 PM
General Session*

The Path to Passwordless: How Ford Secured its Software Supply Chain with Workload Identity Federation

Arthur Vardevanyan, K8s Platform Engineering Lead, Ford

6:20 – 6:45 PM
Closing Keynote*

Datacenter, Cloud, AI, Who Am I? How Block Scales Workload Identities Across Diverse Ecosystems

Brett Caley, Senior Software Security Engineer Block

6:45 – 7:15 PM
Panel

Securing the Future: Workload Identity in the Age of AI Agents

Matt Barker, VP Workload Identity, CyberArk – Moderator | Pieter Kasselman – Director Product Engineering, Defakto| Alex Olivier – CEO, Cerbos | Jody Hunt – Principal Engineer, CyberArk | Brett Caley – Senior Software Security Engineer, Block | Andrew Block, Distinguished Architect, Red Hat | Brett Caley, Senior Software Security Engineer, Block

7:15 – 8:00 PM
Drinks and Food

*To view a more detailed break-down of the sessions, please follow the drop-down links at the bottom of this page

Hosts:

Speaker Photo

Matt Barker

VP & Global Head, Workload Identity Architecture,
CyberArk

Speaker Photo

Alyssa Miles

Product Marketing Manager, Developer Experience
CyberArk

Thank you to our sponsors:

Primary Sponsor

  • AWS

Sponsors

  • GitGuardian
  • aembit
  • Defakto
This talk chronicles Uber's ongoing journey to secure tens of millions of workloads using SPIRE. We'll explore our pioneering adoption of pre-1.0 SPIRE, detailing the strategic work needed to scale its use across our most critical systems. You'll learn about the unique challenges we faced integrating workload identity at both the L7 and L4 layers and how this foundational work paved the way for a truly secretless architecture. Finally, we’ll discuss how the flexibility of identity and access systems is critical for evolving security needs, especially with the rise of AI agents.
In a world where applications, services or AI agents are dynamically composed from thousands of ephemeral workloads running across heterogeneous environments the old approaches to identity no longer work. This talk presents a standards-based blueprint for a scaled workload identity infrastructure that explores the emerging standards shaping workload identity across the various organizations, with a focus on WIMSE, OAuth, and SPIFFE. We’ll examine how these frameworks address identity challenges in modern workload environments to provide strong authentication, least privilege access and automated deployment, whether your securing existing infrastructure or deploying the latest AI technologies.
You are building AI agents and are thinking about your universal identity strategy as you setup secure communication between agents deployed on AWS , on-premises and other cloud environments. In this session, you will learn about orchestrating SPIFFE identities for your AI agents, SPIFFE identity federation and trust across multiple trust domains and actual implementation gotchas. This session is useful for AI agent builders that are dealing with an agent swarm across multiple cloud providers.
For most teams and projects, authentication for machine identities has historically relied on long-lived secrets. These take as many forms and are implemented in a variety of ways. One trait all these credentials share is that they have a tendency to leak. This session will break down the findings from GitGuardian's 2025 State of Secrets Sprawl report, which looks at both public data from GitHub and, for the first time ever, trends seen in private repositories, communication platforms, and other services. We will go beyond just a look at the numbers and explore the findings as calls to action, giving the enterprise a roadmap to go from an organization overwhelmed with unmanaged, sprawling secrets to one with well-governed identities.
Discover how SPIFFE can anchor identity for agentic AI, and why bridging heterogeneous environments requires rethinking non-human identity and access management.
Non-Human Identity doesn't have to be complex. Defakto has turned a decade of SPIFFE deployment experience at global enterprises into a platform that's fast and easy to deploy. We will share how organizations are eliminating static secrets, improving uptime, and building trust across multi-cloud and AI environments, with measurable business results. If you're looking to simplify Non-Human Identity and unlock real business value, Defakto has answers.
In the fast-paced world of automotive technology, security and efficiency are paramount. This presentation explores Ford's journey in adopting Workload Identity Federation (WIF) to eliminate the risks and operational burdens associated with long-lived credentials. We will provide a deep dive into how we leverage WIF to establish secure, short-lived authentication for a variety of critical services. This session will demonstrate the practical applications of WIF across our ecosystem, from CI/CD automation pipelines to our runtime applications. We will highlight the significant benefits realized through this modern approach to identity. By replacing static secrets with automated, temporary credentials, we have drastically reduced the risk of operational outages and fortified our security posture against potential breaches. This transition has not only enhanced our security but also reduced the stress on our operations teams by automating credential.
As infrastructure evolves from datacenters to multi-cloud and AI-driven workloads, the question “Who am I?” isn’t just for humans anymore. Every service, agent, and model needs an identity it can trust — and that others can verify. At Block, we’ve built a unified workload identity platform that spans on-prem systems, multiple clouds, and emerging AI environments. This talk explores how we scale trust across diverse ecosystems using open standards like SPIFFE and SPIRE, how we integrate identity into developer workflows, and how we’re preparing for the next wave — where autonomous AI workloads authenticate, interact, and make decisions on their own. You’ll come away with practical lessons from operating workload identity at scale and a glimpse into what “Who am I?” means in an AI-first world.

REGISTER NOW!

About CyberArk
CyberArk (NASDAQ: CYBR) is the global leader in identity security, trusted by organizations around the world to secure human and machine identities in the modern enterprise. CyberArk’s AI-powered Identity Security Platform applies intelligent privilege controls to every identity with continuous threat prevention, detection and response across the identity lifecycle. With CyberArk, organizations can reduce operational and security risks by enabling zero trust and least privilege with complete visibility, empowering all users and identities, including workforce, IT, developers and machines, to securely access any resource, located anywhere, from everywhere. Learn more at cyberark.com.