tag-security
tag-security copied to clipboard
cncf
Security TAG Communities (Community Representative/Manager)
Description: Foster a security focused community.
Impact: This will help new members/contributors get started with TAG-Security and can be a good place for them to get induced in TAG-Security and the community. This will also help us reach out to the people outside the community and create a central place where everything relating to the new developments in the domain, introductory videos, demos and many such resources can reside.
Please find the roadmap, timeline, deliverables as part of this program here Comms outreach program
Scope: Although the scope is not yet determined, we can work on a range of options including but not limited to:
- Security-101 meetups/sessions: There are many 101 sessions out there but more often than not they revolve around a specific tool/service. These meetups/sessions will be to provide an overview into the world of security and the concepts around it.
- Project-101 meetups/sessions: These sessions can be dedicated to specific projects primarily revolving around three aspects:
- What the project is all about?
- How does the project work?
- Probably a demo.
- How to contribute?
- Add events like SecurityCon to Kubecon + Cloud Native Con based on the concept of GitOpsCon
- Regional Security Days with events like CTFs and guest speakers (Kudos to @danpopSD for the amazing suggestion)
- Interviews with end-users presenting their use-cases and challenges.
- Interviews with maintainers/contributors of the projects to understand the issues they faced while developing the project (basically gathering their wisdom).
- Any new features/demos/PoCs anyone is working on.
These sessions can be created as a stream on YouTube thus enabling our YouTube presence, can be shared via a Twitter handle along with other security related updates/blogs/resources to keep everyone updated and can be added as an event on the community platform: https://community.cncf.io/tag-security/
At a later stage, once we have this in place. We can then send out newsletters with helpful resources to the community via the community platform (https://community.cncf.io/tag-security/).
To Do
- [x] SIG Representative @lumjjb
- [x] Project leader(s) @ragashreeshekar
Contributors:
- @pbaderia01
This is an awesome initiative, I think with the growth of the community, having a role/ongoing set of such activities is going to help a ton! I would be interested in working together to scope this as well as relate this to some of the ongoing efforts to improve the new member experience (https://github.com/cncf/tag-security/issues/666).
I've updated the issue to list the TODOs according to TAG process. The next steps of this would be to assign project lead(s) and gather interest and feedback from the TAG.
Tagging @danpopSD for visibility.
@pbaderia01 this seems very promising. thank you for including me @lumjjb
one point im not understanding well:
Add events like SecurityCon to Kubecon + Cloud Native Con based on the concept of GitOpsCon
we already have a co-located event - https://www.cncf.io/blog/2021/03/24/cloud-native-security-day-protecting-our-cloud-native-world-one-container-at-a-time/
trying to understand the subtle differences?
also regional Security Days might also be of interest globally to help spurn better security measures using capabilities discussed in the TAG.
Hey @danpopSD
Regarding the co-located event, I meant format similar to Cloud native Security Day only. At the time of writing GitOpsCon came to mind so mentioned that for reference in the issue (somehow Cloud native security day slipped my mind).
Regional security days sound great too, do you mean something similar to KCD?
Thanks @pbaderia01 and @danpopSD for all these great ideas. This is definitely a very big scope :), I am going to take a stab at breaking this down into a few sub categories, which we can translate to direct actionable items.
More content (perhaps as part of microsite/youtube channel)
Project-101 meetups/sessions: These sessions can be dedicated to specific projects primarily revolving around three aspects:
Security-101 meetups/sessions: There are many 101 sessions out there but more often than not they revolve around a specific tool/service. These meetups/sessions will be to provide an overview into the world of security and the concepts around it.
This would be awesome - and to be able to add that to our TAG youtube channel. I am in favor with this being a series of different topics.
Localized events
Regional Security Days with events like CTFs and guest speakers
I really like the idea of this - it is in line with trying to expand out community in the different regions, we've started to have a growing group in the APAC region, but I think having such events may be beneficial, since historically a lot of activities have been around the traditional kubecons (i.e. NA & EU). This is definitely a huge growth opportunity.
Engaging members - let people know what's up
This is not part of the current scope, but this is something that we've talked about within leadership. Having a way to notify current members of what is coming up (e.g. what is going on in this week's meeting? what are the new projects that I can contribute to? New resources from the TAG and what's going on in different regions, etc.
Helping new members / Office Hours
This is not part of current scope, but we talked among the leadership about the idea of an office hours, I think this fits nicely here. I think this effort will probably start with chairs/TLs and then extend it down into the greater community a little later.
Other notes
Some of these I think can be activities within the group, but I think for several others, this could become a role that is created. i.e. community manager. Since community management is more of an ongoing process, it probably needs mechanisms to keep continuity of activities and knowledge/networks within the TAG.
Next step for this issue is to present it to the community, current planning for this to be presented at the APAC and Wednesday weekly meeting on the 21st and 23rd respectively.
Sounds good to me. I can volunteer to co-lead, may need a lot of help to begin with.
Awesome @ragashreeshekar ! We'll try and get 1 or 2 more on board , and we can kick start this!
This issue has been automatically marked as inactive because it has not had recent activity.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
Last time we spoke. @ragashreeshekar was working on a post-mort doc to share with group. She is out for a while and will share it when she's back!
This issue has been automatically marked as inactive because it has not had recent activity.
Here is a post-mortel doc, please review and share your inputs/feedback :) Community manager experience
This issue has been automatically marked as inactive because it has not had recent activity.
@ragashreeshekar Given the post-mortem write-up, should this be marked as completed? Unclear if this culminated in appointing a designated representative or if community advocacy is intrinsic to the already established leadership roles
I would advocate for the latter to attain our highest potential. I primarily advocated through TAG twitter, CNSCon sessions, helped created resources, mentored new members & contributors. I believe we could do much more as a group incl meetups, 101 sessions etc. As part of project rotation, I'm happy to pass the baton to any interested members.
Thanks @JonZeolla. Update for the issue: Jon and I discussed the opportunities, and I am aligning with the Co-Chairs/TL to define the role and responsibilities, more to come soon.
Closing this in the interim of new proposal as the issue has evolved since its initial scope. Will look forward for an updated proposal based on the last comment above.