This year, I had the privilege of serving as a reviewer for Open Source SecurityCon at KubeCon + CloudNativeCon Europe 2026 an experience that was both humbling and energizing.
As someone deeply involved in Kubernetes and cloud-native security both as a practitioner and a frequent speaker I thought I knew what went into crafting a strong conference proposal. Reviewing CFPs from the other side of the fence gave me a whole new appreciation for the process, the community, and the responsibility that comes with shaping a program at this scale.
Serving as a reviewer offered a unique vantage point into where the ecosystem is heading. The breadth of submissions was impressive:
- Deep dives into Kubernetes threat modeling, supply chain security, and runtime detection
- Emerging themes around policy-as-code, platform engineering, and developer experience
- Early explorations of AI/LLM usage in security workflows—both the promise and the pitfalls
What stood out most was how much the conversation has matured. Security is no longer treated as an afterthought or a bolt-on it’s increasingly embedded into platform design, operational models, and developer tooling.
While I can’t (and won’t) share details about specific submissions, reviewing dozens of proposals made a few patterns very clear.
The strongest CFPs consistently:
- Solved a real problem faced by practitioners today
- Were grounded in hands-on experience, not just theory
- Clearly articulated what the audience would learn and why it mattered
- Respected the audience’s time by being focused, opinionated, and honest
Conversely, even good ideas struggled when the problem statement was vague, the scope too broad, or the takeaway unclear.
If you’re planning to submit in the future, my biggest advice is simple: optimize for clarity and impact, not buzzwords.
One thing that surprised me was how seriously the review process is taken. Every submission represents someone’s time, expertise, and willingness to contribute back to the community.
As reviewers, our role isn’t just to pick “cool talks”—it’s to:
- Balance depth vs accessibility
- Ensure diversity of topics, voices, and perspectives
- Build a program that serves operators, engineers, architects, and security leaders alike
It’s a reminder that conferences like KubeCon don’t happen by accident. They’re the result of hundreds of volunteers, reviewers, and organizers working behind the scenes under the umbrella of the Cloud Native Computing Foundation.
From a personal perspective, this experience reinforced a few things for me:
- The cloud-native security community is incredibly strong and generous
- There is a growing appetite for pragmatic, platform-level security discussions
- Open source security is no longer niche it’s core to how modern infrastructure is built and defended
It also made me a better speaker. Reviewing CFPs sharpens your own thinking about narrative, relevance, and audience value in a way that submitting alone never quite does.
A huge thank you to the Open Source SecurityCon program committee, fellow reviewers, and everyone who submitted a proposal whether accepted or not. The quality of content made the job both challenging and deeply rewarding.
I’m genuinely excited to see the final program come to life at KubeCon Europe 2026, and I’m proud to have played a small part in shaping it.
If you’re attending, let’s connect. And if you’re thinking about submitting next year do it. Your experience matters more than you think.
Maxime.
