Just over a year ago, I told my team that I wanted to speak at a future KubeCon. No roadmap. No CFP draft. Just a bold intention. Fast forward to April 2025, I stood on stage in London at KubeCon + CloudNativeCon Europe—sharing our security journey in front of the most vibrant, forward-thinking community in tech. It wasn’t just a milestone. It was a personal and professional transformation.

The Talk: “Platform Engineering Loves Security: Shift Down, Not Just Left!”

Co-presenting with my friend and co-speaker Mathieu, we delivered a talk that challenged the traditional “shift left” security narrative. Instead, we proposed a more pragmatic, scalable approach: “shift down into the platform, not left to your developers« .

We walked through real-world lessons from the trenches—how platform teams can embed security guardrails by design, without burning out developers or slowing delivery. We covered:

• Real Kubernetes policy enforcement stories using OPA and Gatekeeper
• Building paved roads for secure service onboarding
• Why platform ownership is the missing link in cloud-native security

The feedback? Incredible. Thoughtful questions, packed room, and lots of “this is exactly what we’re facing” conversations afterward.

What Made This KubeCon Special

Every KubeCon is filled with energy, but London felt different. Maybe it was the hallway track filled with impromptu deep dives. Maybe it was the sheer volume of conversations around AI governance, multi-tenancy security, and platform responsibility.

I connected with other CNCF community leaders, fellow Microsoft MVPs, and members of the Kubernetes Security Special Interest Group (SIG) and TAG Security. We exchanged ideas on how to improve secure defaults in open source tooling and keep up with the ever-changing threat landscape.

Must-Watch Sessions

• KubeCon EU 2025: Azure Day: Morning Session (Azure Kubernetes Service) 
• Objection! AI Security Mistakes on Trial With Kubeflow and Confidential Computing 
• Panel: Platform as a Product as a Transformation Enabler Within One of the Top 4 Banks in the UK
• Panel: Platform Engineering in Financial Institutions: The Practitioner Panel 
• Compliance at the Speed of Innovation: Leveraging AI-Driven Automation for Real-Time Regulatory Read 
• The Past, the Present, and the Future of Platform Engineering
• Unlocking the Future of Kubernetes Policy as Code With Kyverno
• Lightning Talk: 10 Quick Tips on How To Internally Market Your Platform 
• Product Thinking for Cloud Native Engineers – Stéphane Di Cesare & Cat Morris 
• Platform Engineering for Architects – Crafting Platforms as a Product
• Securing the Modern Software Supply Chain: A Beginner’s Guide To SLSA, SBOM, and Beyond 
• Lightning Talk: Agentic Bee: How To Get AI Agents To Talk To Tetragon 
• Attesting and Verifying Your Software Supply-Chain with in toto 
• Identity-based Trust – Till Death Do We Part? 
• Leveraging Internal Knowledge: Building AiKA at Spotify – Majd Salman & Jofre Mateu Matesanz 
• Platform Engineering for Software Developers and Architects (Redux) – Daniel Bryant, Syntasso 
• Project Lightning Talk: Kubewarden: Leveraging and Extending CEL for your Cluster Security 
• Project Lightning Talk: Empowering Federated Learning with Multi-Cluster Management for Privacy and Efficiency 
• Project Lightning Talk: ORAS: Create and Distribute a Multi-platform Image with Security Posture 
• Project Lightning Talk: Capsule: Launching Multi-Tenancy to New Kubernetes Horizons 
• The Bricks That Make Us – How the LEGO Group Avoids 50 Mediocre Kubernetes implementations 
• Container Runtimes… on Lockdown: The Hidden Costs of Multi-tenant Workloads 
• Tutorial: Hacking up a Storm With Kubernetes 
• Enhancing Software Composition Analysis Resilience Against Container Image Obfuscation
• Beyond Security Leveraging OPA For FinOps In Kubernetes Sathish Kumar Venkatesan
• Dapr + Score: Mixing the Perfect Cocktail for an Enhanced Developer Experience, Mathieu Benoit & Kendall Roden

From Open Source to Open Conversations

What really makes KubeCon unforgettable isn’t just the sessions—it’s the people. Meeting folks I’ve only known online, reuniting with past collaborators, mentoring first-time attendees, and exchanging stories over coffee.

One of the standout moments this year was meeting some of the very first Golden Kubestronauts—like Sajeeva Nambadawa Vithanage. This new CNCF initiative celebrates individuals who not only achieve all CNCF certifications but also exemplify community leadership, collaboration, and a deep commitment to cloud-native innovation.

It reminded me why I care so deeply about this space: we’re not just building systems—we’re building a movement. One where security, collaboration, and open source values are not just buzzwords, but guiding principles.

✈️ What’s Next?

Coming back from KubeCon, I’m more motivated than ever:

• To continue pushing for technical leadership recognition in security roles.
• To help more teams adopt platform-centric security thinking.
• To mentor others chasing their first KubeCon CFP.

And maybe… to start planning for KubeCon North America?

---

Whether you’re just starting out or deep into your cloud-native journey, I can’t recommend attending (or speaking at!) a KubeCon enough. It’s more than a conference—it’s a catalyst.

Let’s keep raising the bar. Together.

Maxime.

Hi!

KubeCon + CloudNativeCon North America 2024 in Salt Lake City was an incredible gathering of the cloud-native community. This year, three key trends stood out: WebAssembly (WASM), Platform Engineering, and Security. Here’s a day-by-day recap of my experience, culminating in reflections on the most significant themes shaping the future of Kubernetes and cloud-native development.

Sunday & Monday: Cloud Native Rejekts

Before the main event, I had the honor of speaking at Cloud Native Rejekts with Mathieu Benoit. Our session, Platform Engineering Loves Security: Shift Down to Your Platform, Not Left to Your Developers, explored the intersection of platform engineering and security. We discussed how embedding security within platforms can free developers to focus on innovation without compromising compliance.

Watch the session here: Platform Engineering Loves Security: Shift Down to Your Platform, not Left to Your Developers!

Rejekts set the stage perfectly, with many experimental ideas and deep community discussions.

Must-Watch Sessions

• Ten years of Kubernetes: Building the future by Lachlan Evenson
• Abstracting Kubernetes: How Intuit is Migrating Services to a Simplified, Abstracted Paved Road by Shail Shah and Avni Sharma
• From Fragile to Resilient: Using Admission Policies to Strengthen Kubernetesby Marcus Noble
• The Untold Story of Unikernels and WASM by Ram Iyengar
• Secure-by-Default Cloud Native Applications by Jed Salazar and Jason Hall
• Virtual Machines, Containers, and WebAssembly Face-off by Jiaxiau (Joe) Zhou and Danilo Chiarlone (with a demo of Microsoft Hyperlight)

Tuesday: Microsoft AKS Pre-Day

Tuesday was all about the AKS Pre-Day, hosted by Microsoft. The sessions delivered an in-depth look at the Azure Kubernetes Service (AKS) roadmap, featuring advanced scaling strategies, seamless CI/CD integrations, and innovative security enhancements. Beyond the technical insights, the day highlighted Microsoft’s dedication to creating a Kubernetes platform that prioritizes developer experience and operational excellence. It also provided a fantastic opportunity to connect with fellow Microsoft MVPs, exchange ideas, and foster a stronger sense of community within the ecosystem.

Wednesday–Friday: KubeCon + CloudNativeCon NA 2024

Trend 1: WebAssembly (WASM) Rising

WASM was one of the most discussed topics, emphasizing its potential to revolutionize how workloads are run in Kubernetes environments.

• Session Highlight: Multi-Tier Security in WasmCloud by Bailey Townsend. This session showcased how WASM enables lightweight, secure, and portable applications, offering new ways to scale and secure workloads.
• WASM’s ability to provide isolation and reduced resource consumption positions it as a key technology for the future.

Trend 2: Platform Engineering Evolution

Platform engineering emerged as a linchpin for organizations striving to empower developers while maintaining operational excellence.

• Session Highlight: How Google Built a New Cloud on Top of Kubernetes by Jie Yu and Prashanth Venugopal. Their approach to creating developer-centric platforms redefined scalability while preserving agility.
• Session Highlight: Crossing the Chasm: The Journey of The New York Times IDP from Conception to Early Major by Andrew McFarlane and Prachi Mishra. Explore how The New York Times transformed its internal developer platform to bridge gaps in scalability and user adoption, enabling seamless innovation and collaboration.
• Session Highlight: Innovating at Scale: Building and Managing a Modern Developer Platform at U.S. Bank by Poonam Garg and Carrie Pommier. Discover how U.S. Bank revolutionized its developer platform to drive innovation at scale, balancing robust governance with developer agility for sustained growth.
• Platform engineering also underscored the importance of Shift Down, an approach we explored in our Rejekts session, where security becomes a seamless part of the platform’s DNA.

Trend 3: Security Takes Center Stage

Security remained a top priority at KubeCon NA 2024, with a strong focus on automation, proactive measures, and practical solutions for real-world challenges. The conversation highlighted the need to embed security seamlessly into Kubernetes workflows to protect workloads without stifling innovation.

• Session Highlight: eBPF for Creating Least Privileged Policies by Natalia Reka Ivanko and John Fastabend. This session offered a comprehensive look at leveraging eBPF to dynamically enforce least-privilege policies, showcasing its potential to enhance runtime security.
• Session Highlight: Why Perfect Compliance Is the Enemy of Good Kubernetes Security by Michele Chubirka, Google. This insightful talk emphasized balancing security best practices with operational realities, underscoring that striving for “perfect compliance” can sometimes hinder overall security effectiveness.
• Session Highlight: Working Together to Improve Security Visibility in Kubernetes by Rita Zhang and Jeremy Rickard. The session explored collaborative strategies for improving observability and addressing blind spots in Kubernetes environments.

Other notable mentions included:

• Falco Talon, a new initiative aimed at responding to security events with real-time precision.
• The partnership between Adobe and Autodesk, which demonstrated how to secure CI/CD pipelines effectively, ensuring that development velocity doesn’t come at the cost of security.

This year’s sessions reinforced the importance of adopting tools and strategies that make Kubernetes security not just robust but also manageable and scalable for teams of all sizes.

Must-Watch Sessions

Here are a few other standout sessions:

• Share the Ride: Robust Multi-Tenancy in Kubernetes at Uber by Sashank Appireddy & Apoorva Jindal.
• AI for Policy and Policy for AI! by Ronald Petty, Poonam Lamba, Andy Suderman, Boris Kurktchiev and Jimmy Ray.
• Elevate Your Kubernetes Policy Game with Kyverno! by Clément Breteche.
• TUF: Secure Distribution Beyond Software by Marina Moore.
• Copa: Project Copacetic — Directly Patch Container Image Vulnerabilities by Ashna Mehrotra
• Using Notary Project to Ensure Authenticity and Integrity of Artifacts by Toddy Mladenov and Tjark Rasche

Final Thoughts

KubeCon NA 2024 showcased the incredible maturity and innovation of the cloud-native community. The rise of WASM, the growing influence of platform engineering, and the unwavering focus on security point to an exciting future where collaboration, creativity, and cutting-edge technology drive the ecosystem forward.

Looking ahead, I’m excited to see how these trends evolve and shape the next wave of cloud-native advancements. Mark your calendars for KubeCon + CloudNativeCon Europe 2025 in London this April — let’s continue the conversation and innovation there!

Maxime.