Building India's Open Source Security Community: From Developer Nation to Security Champions

Show Notes

Join CRob as he sits down with Ram Iyengar, OpenSSF's India community representative, to explore the unique challenges and opportunities of promoting open source security in one of the world's largest developer communities. Ram shares his journey from computer science professor to developer evangelist, discusses the launch of LF India, and reveals why getting developers excited about security tools remains one of his biggest challenges. From spicy food preferences to Star Trek vs. Star Wars debates, this episode offers both insights into global open source security efforts and a glimpse into the passionate community builders making it happen.

Chapters:

• Meet Ram Iyengar
• Origin Story - From Professor to Evangelist
• The Power of Developer Education
• LF India Launch & Community Building
• Getting Involved & Video Series
• Rapid Fire
• The Security Challenge in India
• Call to Action & Wrap-up

Episode links:

• Ram Iyengar LinkedIn page
• Join us at the following events: 
  • OpenSSF Community Day India (Aug 4, 2025)
  • Open Source Summit India (Aug 5, 2025)
  • KubeCon | CloudNativeCon India (Aug 6-7, 2025)
• OpenSSF YouTube
• Get involved with the OpenSSF
• Subscribe to the OpenSSF Newsletter
• Follow the OpenSSF on LinkedIn

Transcript

CRob (00:21)

Welcome, welcome, welcome to What's in the Sauce, the OpenSSF's podcast where I talk to amazing people that are doing incredibly interesting things with upstream open source security. Today, we have a real friend of the show, one of my teammates, Ram, who helps represent our India community. And I would like to hear Ram, could you maybe give us a little bit of an introduction to yourself for those members that may not know who you are and what you're doing for us?

Ram Iyengar (00:50)

Thanks for having me on the show, Krobe. It's such a pleasure to be a guest on a podcast that I've been very regular in listening to on several of the platforms. 

CRob (01:02)

Yay!

Ram Iyengar (01:03)

So I've been working with the OpenSSF for a little over a year now. It's been a wild ride in terms of learning a lot of things. And it's been...Honestly fun to represent security in a part of the world that I imagine doesn't take security very seriously. But I also realized that's true of many parts of the world.

CRob (01:30)

You're not alone.

Ram Iyengar (01:33)

Yeah. In a geography that's known for application development and a lot of software getting written, getting built and an increasing number of open source contributions these days. It's fun to hold the security placard and remind people about, hey, security is important. Hey, don't forget about security. Hey, open source folks, you still need to secure your goods. So that's really what I do. So evangelizing OpenSSF and a lot of the... open source security stuff in the India geo.

CRob (02:12)

Excellent. Well, let's hear a little bit about your backstory. What is your open source origin story Ram?

Ram Iyengar (02:20)

So I was one of those people fortunate enough to work on open source since the start. And when I say start, my first real job was working on some open source content management systems at work. Android caught on big around the time I finished school. And then in terms of roles, I was born in India in the early 90s. So I guess I was born to be a developer, and write software, but also I went to school trained to be an engineer, but I always wanted to be an educator. So after my first few years of being a software developer, I switched roles to be a computer science teacher full time where I went to school in India. So I went to school in Boston.

Got a master's in telecommunication, did a lot of Android related stuff. And then went back to India, started as a professor of computer science. But then what I realized was, I love being a teacher and an educator, but I also love the salary in the software industry. 

CRob (03:40)

Right?

Ram Iyengar (03:41)

And so, and so, eventually I found my path into technology, evangelism and developer relations. And I found that, you know, software and tools and all of these don't necessarily suffer from a lack of features as much as they do from a lack of education. And so to me, it was, you know, writing guides and doing trainings and giving talks and writing documentation and contributing a lot of the non-technical stuff, both for products that I work with and open source projects that I love. So, one thing led to another and now it's been like five years of working with the Linux Foundation full time. And, you know, a good chunk of that with the OpenSSF.

CRob (04:33)

That's awesome. Yeah, thank you for doing all that. I really agree about the importance of education. That is something that is crucial if we're going to help solve our mission together, right?

Ram Iyengar (04:45)

Absolutely. I remember one of my earliest OpenSSF community day events and you were on stage talking about the diagrammers and the education working group and all of that and yeah, that's played a huge part in stuff that I've been doing. So thank you too.

CRob (05:06)

Oh, pff. Proud to contribute to helping out. So I'd like you to tell me more about LF India and your work with engaging the community there. What's it like collaborating with other folks in India?

Ram Iyengar (05:22)

So LF India was announced in December of 2024. We've been rolling out the first steps of, know, rather the first invisible and boring steps of any entity, is setting things up and getting some of those initial partnerships and conversations going. But all of that apart, I think thanks in big part to the great work that the LF has been doing all around.

It's kind of marketed itself, to be honest. We have a whole raft of contributors who participate in a lot of LF initiatives already that are global, obviously. But we're starting to realize certain flavors of sovereignties coming in, ideas that are specific to the region have to be focused on. 

Ram Iyengar (06:19)

So LF India is sort of playing this role of replicating a lot of the good work that's happening in other parts of the world, specifically for the India Geo. And in the past few months, we've had some good conversations from people about what's potential in terms of projects that can come on, terms of initiatives that we can support, in terms of conversations that we can have in the public sector, in academia, and obviously in the big...organizations and private sector that we're most used to. So there's a lot of interest in participating in LF India forums now. And part of it is online events and things like that. And a big part of it is also offline events. 

Big thanks to the CNCF and Kubernetes in stewarding a lot of these conversations.

It goes without saying that they're probably one of the more active open source communities right now. And piggybacking on that success, think LF India is happy to announce the open source summit event that's sort of its flagship that happens in different parts of the world. And it's going to be sandwiched between the KubeCon in India and the OpenSSF Community Day in India as well which I'm really excited about.

CRob (07:44)

You're gonna have a really busy time, huh?

Ram Iyengar (07:47)

Yeah. I mean, it's all happening. The conversations are there, the partnerships are coming forth, the events are happening. And so I think it's the whole package. it makes me extremely both proud and privileged to be part of the opening cohort that's helping herald some of these new changes in this part of the world.

CRob (08:10)

That's awesome. I know most Linux Foundation entities kind of operate similarly, where we'll have a webpage and a GitHub repository and then some mailing lists and whatnot. So if someone was curious about whether they wanted to get engaged with either LF India or your direct work with the OpenSSF, how best can someone kind of find out more about you and like what's going on with that part of the world?

Ram Iyengar (08:38)

So the goal at the moment is to drive more awareness of LF itself. So I guess, you know, just do the individual project website. So CNCF has its website and the Slack and all of these. The OpenSSF has the openssf.org website, the OpenSSF Slack. So get on all of these. I'm accessible through LinkedIn and other things if you wanted to reach out directly. And right now the focus is to get more people to become aware of the LF projects directly. And obviously there's going to be like an LF India web page and things like that. Like I said, it's one of those boring pieces that we're still getting together.

CRob (09:23)

Now I remember that you were doing a series of videos. Could you maybe talk a little bit about that?

Ram Iyengar (09:30)

Mm-hmm, Yeah. Every once in a while, mostly at the frequency of like twice a month, or every fortnightly, I try and identify somebody who's working in the security space and is based out of India. So they can give us like a picture of what it's like to be doing security in this geography. You know, I've had the good fortune of meeting so many wonderful guests. And we do like a 45 minute session where they do like part of it is something of topical interest, like they'll pick up an area that either they're very happy to speak about or they feel that the community needs to be educated and energized about. And then a big chunk of it is also just an open conversation about here's what I have encountered and help me validate these ideas or help me inform people about how important security is, and especially when they're working with open source and things like that. So I've had like 15, 20 guests up to now and they're all recorded and available on YouTube. I usually stream them live and then thanks to technology, they're available for consumption as a long tail for people. And these are on the OpenSSF YouTube channel. So those who are interested in catching any of these episodes in retrospect, you're welcome to visit the OpenSSF YouTube channel. And there's also always something that's going to be up and coming. So if you subscribe to the channel, you can stay updated about what's coming.

CRob (11:16)

Excellent. Yeah, I've really enjoyed some of your interviews over the last year or so. Top notch stuff. Thank you for doing that.

Ram Iyengar (11:23)

Sure. I mean, some of them are, you know, deeply technical, like runtime security, for example, and some of them have been more about how to build a security culture within an organization and what are the missing pieces in security that entry level developers should know and things like that, you know, so stuff that, you know, I feel will strike a good balance. And it's been wonderful just discovering all this talent that's always been around and I've never looked for security people before, but it's amazing to see what comes up.

CRob (12:00)

That's amazing. Now, I love the security community and especially the open source security community. Great folks. I love the fact that everyone's so willing to kind of share whether they're educating or kind of bringing a topic that they want to have a conversation about. I love that.

CRob (12:15)

Let's move on to the rapid fire part of the show. you ready for rapid rapid rapid fire? 

Ram Iyengar (12:22)

Ooh, I am.

CRob (12:23)

I have a bunch of silly questions. I just want to hear your first response off the top of your head. We'll start off easy, mild or spicy food, sir.

Ram Iyengar (12:34)

Spicy.

CRob (12:37)

Oooh that's spicy. I love spicy food too, although I'm not sure I could hang with you. I do my best.

Ram Iyengar (12:45)

Yeah, sure. I think spicy means something completely different in this part of the world.

CRob (12:51)

Like a different stratosphere. I have mad respect. Uh, VI or Emacs.

Ram Iyengar (12:57)

Oh, I'm a VI person, always happy.

CRob (13:03)

Excellent, excellent. Who's your favorite open source mascot?

Ram Iyengar (13:06)

I like the Tecton mascot a lot. Closely, but obviously like the tux is a classic, for the recent ones, Tecton has been my favorite. Although, you know, honk, I think deserves a special mention.

CRob (13:24)

We all love honk. Excellent. What's your favorite vegetable?

Ram Iyengar (13:32)

I love the versatility of an eggplant. Can do a lot with it. Yeah. Yeah.

CRob (13:38)

Yum. I love eggplant parmesan. That's a delicious choice. And finally, and most importantly, Star Trek or Star Wars?

Ram Iyengar (13:47)

Star Trek Crob. 

CRob (13:50)

Hahahaha, There are no wrong answers, but yes, that's an excellent one.

Ram Iyengar (13:54)

Yeah sure. But also like fun fact, I don't know if this might get me in trouble, I have never watched any one of the Star Wars movies. 

CRob (14:00)

WHAT?!

Ram Iyengar (14:01)

Yes. Yeah. This might alienate a lot of people or help me make new friends but yeah.

CRob (14:11)

[Sad Trombone] Well, I would encourage you to go watch there are many options in the Star Wars universe, but Star Trek is pretty awesome.

Ram Iyengar (14:19)

It is

CRob (14:21)

Well, thank you for sharing a little bit of insight about yourself as we wind down Do you have a call to action or something? You want to you know, ask our audience to maybe look into or do?

Ram Iyengar (14:32)

It's hard in the region that is India to get people to focus on security, let alone like, especially when they're working on open source stuff. Even if you look at a lot of the recent AI trends, for example, there's a bunch of people who are focused on AI agents and MCP and whatever new technology is going to come in a couple of days from now, you'll find like 15 examples of people developing something, but you don't see the same kind of enthusiasm around applying security tools. Even for like the container ecosystem, everybody was in on like cloud native. And then when you talk about, did you scan that container as you as you run a build, people are like,

“Why would I even think of doing that?” So it's a hard problem. And when you have what some of by some of these estimates is going to be the largest developer population in the world or some crazy stuff like that, you really need to help them focus on security and educate them about secure apps are also good quality apps.

There was a lot of cloud-native development and blockchain development and AI development and all of these, but not enough emphasis on the security side of stuff. At the same time, that's what the OpenSSF is here to help you about. Get a leg up on security stuff. Take a look at the projects and the working groups. It might really be worth your time. And so, let's come together, help build an informed and educated security community around the wonderful app development community that we already have. so, you know, engage with the OpenSSF, engage with the Linux Foundation, whether it's through events or meetups or, you know, just read through some of what the working groups are putting out and participate on Slack and throw in a comment or two on social media and just tiny things if you can. It goes a long way in helping open source move forward and build momentum. So if you can do any of those, I'd really be happy.

CRob (17:01)

some great advice and no matter where you live, there's a ton of great content and please share with your communities. So, Ram, thank you for taking time today. I know you're gonna be busy with that whole series of events, especially the Open Source Community Day in India, which will be pretty fun. Our second one, correct?

Ram Iyengar (17:23)

That's right. So first one was in 2024, second one in 2025. I love how there's a balance of a Linux security talk, security culture talk, some AI security stuff, some container security stuff. And I'm really grateful to the community to have come forward and submitted all these wonderful talks.

CRob (17:48)

Well, thank you for helping lead the community and helping educate them. And thank you for everything you do for us here at the OpenSSF.

Ram Iyengar (17:56)

My absolute pleasure, CRob. Thank you so much for all of that and having me on the show.

CRob (18:01)

You're very welcome. And to all of our listeners, that's a wrap. Happy open sourcing.