Compass icon 5Church Midtown, Atlanta
Calendar icon Monday, November 10
Clock icon 3:00 PM - 8:00 PM ET

Save the Date: CyberArk Workload Identity Day Zero: The KubeCon + CloudNativeCon Pre-Game

Before the KubeCon chaos begins, get your head—and your cluster—right. Join CyberArk for a Day Zero event made for platform engineers, cloud security architects, and CTOs. This focused, single-track experience brings together top shelf content, conversation and cocktails to explore the latest strategies for tackling identity challenges and advancing zero trust security. It’s an afternoon of sharp insights and tactical identity strategies.

Featuring Keynotes from Uber and Block

  • block
  • uber

Agenda:

3:00 – 3:45 PM
Guests Arrival & Welcome Reception
3:45 – 4:00 PM
Welcome & Opening Remarks

Beyond Secrets. Securing the Next Wave of Workloads with Identity

Matt Barker, VP Workload Identity, CyberArk | Sitaram Iyer, VP Emerging Technologies, CyberArk

4:00 – 4:25 PM
Opening Keynote*

From Bet to Backbone, Securing Uber with SPIRE

Andrew Moore, Staff Software Engineer, Uber

4:25 – 4:50 PM
Lightning Talk*

Workload Identity Standards: A Blueprint for Securing Workloads at Scale

Joe Salowey, Principal Security Software Engineer, CyberArk. IETF TLS Co-Chair. | Pieter Kassleman, Director of Product Engineering, Defakto

4:50 – 5:10 PM
Lightning Talk*

AI agent communication across cloud providers with SPIFFE universal identities

Dan Choi, Senior Product Manager, Cryptography, AWS | Brendan Paul, Senior Security Architect, AWS

5:10 – 5:20 PM
Lightning Talk*

The State of Secrets Sprawl

Dwayne McDaniel, Developer Advocate, Gitguardian

5:20 – 5:30 PM
Lightning Talk*

Securing Agentic AI: The New Frontier for SPIFFE and Non-Human Identity

Apurva Davé, CMO, Aembit

5:30 – 5:45 PM
Break with drinks & snacks
5:45 – 5:55 PM
Lightning Talk*

Beyond Standards: The De Facto Way to Operationalize Non-Human Identity at Scale

Pieter Kasselman, Director of Product Engineering, Defakto

5:55 – 6:15 PM
Lightning Talk*

The Path to Passwordless: How Ford Secured its Software Supply Chain with Workload Identity Federation

Arthur Vardevanyan, K8s Platform Engineering Lead, Ford | Brett Caley, Senior Software Security Engineer, Block

6:20 – 6:45 PM
Closing Keynote | Block
6:45 – 7:15 PM
Panel

Securing the Future: Workload Identity in the Age of AI Agents

Matt Barker, VP Workload Identity, CyberArk – Moderator | Pieter Kasselman – Director Product Engineering, Defakto| Alex Olivier – CEO, Cerbos | Jody Hunt – Principal Engineer, CyberArk | Brett Caley – Senior Software Security Engineer, Block | Andrew Block, Distinguished Architect, Red Hat

7:15 – 8:00 PM
Drinks and Food

*To view a more detailed break-down of the sessions, please follow the drop-down links at the bottom of this page

Hosts:

Speaker Photo

Matt Barker

VP & Global Head, Workload Identity Architecture,
CyberArk

Speaker Photo

Alyssa Miles

Product Marketing Manager, Developer Experience
CyberArk

Thank you to our sponsors:

  • GitGuardian
  • AWS
  • aembit
  • Defakto
This talk chronicles Uber's ongoing journey to secure tens of millions of workloads using SPIRE. We'll explore our pioneering adoption of pre-1.0 SPIRE, detailing the strategic work needed to scale its use across our most critical systems. You'll learn about the unique challenges we faced integrating workload identity at both the L7 and L4 layers and how this foundational work paved the way for a truly secretless architecture. Finally, we’ll discuss how the flexibility of identity and access systems is critical for evolving security needs, especially with the rise of AI agents.
In a world where applications, services or AI agents are dynamically composed from thousands of ephemeral workloads running across heterogeneous environments the old approaches to identity no longer work. This talk presents a standards-based blueprint for a scaled workload identity infrastructure that explores the emerging standards shaping workload identity across the various organizations, with a focus on WIMSE, OAuth, and SPIFFE. We’ll examine how these frameworks address identity challenges in modern workload environments to provide strong authentication, least privilege access and automated deployment, whether your securing existing infrastructure or deploying the latest AI technologies.
You are building AI agents and are thinking about your universal identity strategy as you setup secure communication between agents deployed on AWS , on-premises and other cloud environments. In this session, you will learn about orchestrating SPIFFE identities for your AI agents, SPIFFE identity federation and trust across multiple trust domains and actual implementation gotchas. This session is useful for AI agent builders that are dealing with an agent swarm across multiple cloud providers.
For most teams and projects, authentication for machine identities has historically relied on long-lived secrets. These take as many forms and are implemented in a variety of ways. One trait all these credentials share is that they have a tendency to leak. This session will break down the findings from GitGuardian's 2025 State of Secrets Sprawl report, which looks at both public data from GitHub and, for the first time ever, trends seen in private repositories, communication platforms, and other services. We will go beyond just a look at the numbers and explore the findings as calls to action, giving the enterprise a roadmap to go from an organization overwhelmed with unmanaged, sprawling secrets to one with well-governed identities.
Discover how SPIFFE can anchor identity for agentic AI, and why bridging heterogeneous environments requires rethinking non-human identity and access management.
Open source and standards give us a blueprint, but they aren’t enough on their own. Organizations struggle with skills gaps, integration complexity, and the never-ending treadmill of secrets management. It's time to re-imagine workload and non-human identity with a platform that’s fast to deploy, simple to operate, and designed to eliminate secrets sprawl entirely. Join this session to learn how to solve real-world problems for customers today while setting them up to accelerate innovation tomorrow.
In the fast-paced world of automotive technology, security and efficiency are paramount. This presentation explores Ford's journey in adopting Workload Identity Federation (WIF) to eliminate the risks and operational burdens associated with long-lived credentials. We will provide a deep dive into how we leverage WIF to establish secure, short-lived authentication for a variety of critical services. This session will demonstrate the practical applications of WIF across our ecosystem, from CI/CD automation pipelines to our runtime applications. We will highlight the significant benefits realized through this modern approach to identity. By replacing static secrets with automated, temporary credentials, we have drastically reduced the risk of operational outages and fortified our security posture against potential breaches. This transition has not only enhanced our security but also reduced the stress on our operations teams by automating credential.

REGISTER NOW!

About CyberArk
CyberArk (NASDAQ: CYBR) is the global leader in identity security, trusted by organizations around the world to secure human and machine identities in the modern enterprise. CyberArk’s AI-powered Identity Security Platform applies intelligent privilege controls to every identity with continuous threat prevention, detection and response across the identity lifecycle. With CyberArk, organizations can reduce operational and security risks by enabling zero trust and least privilege with complete visibility, empowering all users and identities, including workforce, IT, developers and machines, to securely access any resource, located anywhere, from everywhere. Learn more at cyberark.com.