Security Theater or Real Defense? Navigating Open Source Security in a Cloud Native World - Rotem Refael, ARMO; Constanze Roedig, Technical University of Vienna; Megan Wolf, Defense Unicorns; Stefana Muller, Salesforce; Oshrat Nir, Independent
Abstract
Kubernetes teams are drowning in dashboards, buried in YAML, and haunted by the ghost of “shift left.” Everyone says security is built-in, but breaches still happen, compliance still bites and engineers are still burned out. So what’s actually working… and what’s just performative security theater? This women-led panel cuts through the noise. Featuring OSS contributors, DevSecOps veterans, and security leads from production-grade, cloud-native environments, we’re here to talk honestly about what breaks, what works, and what’s pure illusion. They’re contributors and practitioners behind CNCF toolsets—and they’ve seen it all: what works, what fails, and what we wish we knew earlier. Explore what’s real vs. theater in Kubernetes security: how to measure impact, where CNCF tools help (or fall short), and how to stay effective under pressure. No fluff, no vendor pitches. Just battle-tested insights from engineers on the front lines of securing cloud-native infrastructure at scale.