Monday, November 10
3:00 PM - 8:00 PM ET
Save the Date: CyberArk Workload Identity Day Zero: The KubeCon + CloudNativeCon Pre-Game
Before the KubeCon chaos begins, get your head—and your cluster—right. Join CyberArk for a Day Zero event made for platform engineers, cloud security architects, and CTOs. This focused, single-track experience brings together top shelf content, conversation and cocktails to explore the latest strategies for tackling identity challenges and advancing zero trust security. It’s an afternoon of sharp insights and tactical identity strategies.
Featuring Keynotes from Uber and Block
Agenda:
Guests Arrival & Welcome Reception
Welcome & Opening Remarks
Beyond Secrets. Securing the Next Wave of Workloads with Identity
Matt Barker, VP Workload Identity, CyberArk | Sitaram Iyer, VP Emerging Technologies, CyberArk
Opening Keynote*
From Bet to Backbone, Securing Uber with SPIRE
Andrew Moore, Staff Software Engineer, Uber
Lightning Talk*
Workload Identity Standards: A Blueprint for Securing Workloads at Scale
Joe Salowey, Principal Security Software Engineer, CyberArk. IETF TLS Co-Chair. | Pieter Kassleman, Director of Product Engineering, Defakto
Lightning Talk*
AI agent communication across cloud providers with SPIFFE universal identities
Dan Choi, Senior Product Manager, Cryptography, AWS | Brendan Paul, Senior Security Architect, AWS
Lightning Talk*
The State of Secrets Sprawl
Dwayne McDaniel, Developer Advocate, Gitguardian
Lightning Talk*
Securing Agentic AI: The New Frontier for SPIFFE and Non-Human Identity
Apurva Davé, CMO, Aembit
Break with drinks & snacks
Lightning Talk*
Beyond Standards: The De Facto Way to Operationalize Non-Human Identity at Scale
Pieter Kasselman, Director of Product Engineering, Defakto
Lightning Talk*
The Path to Passwordless: How Ford Secured its Software Supply Chain with Workload Identity Federation
Arthur Vardevanyan, K8s Platform Engineering Lead, Ford | Brett Caley, Senior Software Security Engineer, Block
Panel
Securing the Future: Workload Identity in the Age of AI Agents
Matt Barker, VP Workload Identity, CyberArk – Moderator | Pieter Kasselman – Director Product Engineering, Defakto| Alex Olivier – CEO, Cerbos | Jody Hunt – Principal Engineer, CyberArk | Brett Caley – Senior Software Security Engineer, Block | Andrew Block, Distinguished Architect, Red Hat
*To view a more detailed break-down of the sessions, please follow the drop-down links at the bottom of this page
Hosts:
Matt Barker
VP & Global Head, Workload Identity Architecture,
CyberArk
Alyssa Miles
Product Marketing Manager, Developer Experience
CyberArk
Thank you to our sponsors:
This talk chronicles Uber's ongoing journey to secure tens of millions of workloads using SPIRE. We'll explore our pioneering adoption of pre-1.0 SPIRE, detailing the strategic work needed to scale its use across our most critical systems. You'll learn about the unique challenges we faced integrating workload identity at both the L7 and L4 layers and how this foundational work paved the way for a truly secretless architecture. Finally, we’ll discuss how the flexibility of identity and access systems is critical for evolving security needs, especially with the rise of AI agents.
In a world where applications, services or AI agents are dynamically composed from thousands of ephemeral workloads running across heterogeneous environments the old approaches to identity no longer work. This talk presents a standards-based blueprint for a scaled workload identity infrastructure that explores the emerging standards shaping workload identity across the various organizations, with a focus on WIMSE, OAuth, and SPIFFE. We’ll examine how these frameworks address identity challenges in modern workload environments to provide strong authentication, least privilege access and automated deployment, whether your securing existing infrastructure or deploying the latest AI technologies.
You are building AI agents and are thinking about your universal identity strategy as you setup secure communication between agents deployed on AWS , on-premises and other cloud environments. In this session, you will learn about orchestrating SPIFFE identities for your AI agents, SPIFFE identity federation and trust across multiple trust domains and actual implementation gotchas. This session is useful for AI agent builders that are dealing with an agent swarm across multiple cloud providers.
For most teams and projects, authentication for machine identities has historically relied on long-lived secrets. These take as many forms and are implemented in a variety of ways. One trait all these credentials share is that they have a tendency to leak. This session will break down the findings from GitGuardian's 2025 State of Secrets Sprawl report, which looks at both public data from GitHub and, for the first time ever, trends seen in private repositories, communication platforms, and other services. We will go beyond just a look at the numbers and explore the findings as calls to action, giving the enterprise a roadmap to go from an organization overwhelmed with unmanaged, sprawling secrets to one with well-governed identities.
Discover how SPIFFE can anchor identity for agentic AI, and why bridging heterogeneous environments requires rethinking non-human identity and access management.
Open source and standards give us a blueprint, but they aren’t enough on their own. Organizations struggle with skills gaps, integration complexity, and the never-ending treadmill of secrets management. It's time to re-imagine workload and non-human identity with a platform that’s fast to deploy, simple to operate, and designed to eliminate secrets sprawl entirely. Join this session to learn how to solve real-world problems for customers today while setting them up to accelerate innovation tomorrow.
In the fast-paced world of automotive technology, security and efficiency are paramount. This presentation explores Ford's journey in adopting Workload Identity Federation (WIF) to eliminate the risks and operational burdens associated with long-lived credentials. We will provide a deep dive into how we leverage WIF to establish secure, short-lived authentication for a variety of critical services. This session will demonstrate the practical applications of WIF across our ecosystem, from CI/CD automation pipelines to our runtime applications. We will highlight the significant benefits realized through this modern approach to identity. By replacing static secrets with automated, temporary credentials, we have drastically reduced the risk of operational outages and fortified our security posture against potential breaches. This transition has not only enhanced our security but also reduced the stress on our operations teams by automating credential.