The 2026 CNCF TOC cohort stands out for a notable reason: three of the newly elected members — Brandt, former TAG Security lead; Mario, former TAG Operational Resilience lead; and Mauricio Salatino, former TAG Developer Experience co-chair — all transitioned directly from TAG leadership roles. This isn’t accidental. With TAG nominations currently open, we felt it was the perfect time to pull back the curtain and share what the journey from TAG leadership to TOC membership actually looks like from the inside.
The real engine of the CNCF ecosystem is the work done inside TAGs. TAG App Delivery authored the Platforms white paper, shaped the GitOps principles, conducted project reviews, and cultivated a thriving community of practitioners deeply invested in the CNCF ecosystem. That kind of output doesn’t just contribute — it steers the entire community’s direction.
The TOC operates at a different level — handling project lifecycle decisions, policy, and foundation-wide strategy — but it depends heavily on the groundwork TAGs lay. Both roles are essential; they simply serve different purposes.
This isn’t a recruitment pitch. CNCF governance rules prevent TOC members from simultaneously holding TAG lead positions, so all three of us stepped down from our TAG leadership roles upon joining the TOC. That rule exists for good reason: TAG leads develop deep connections within specific communities, and those relationships could create genuine conflicts when making project lifecycle decisions at the foundation level.
This separation ensures TAG work stays rooted in practitioner needs rather than political considerations.
What TAGs actually do — the part nobody talks about
Technical Advisory Groups are precisely what their name suggests — advisory bodies. They function as domain-specific focus groups that tackle both internal and external efforts aimed at improving the broader cloud native landscape.
They’re typically guided by Chairs and Technical Leads who organize work streams — whether self-initiated or assigned by the Technical Oversight Committee (TOC) — and ensure deliverables are completed with the necessary expertise and review. The organizational burden falls on the chairs and technical leads, and much of that coordination happens behind the scenes, invisible to the broader community.
More visibly, TAGs translate emerging trends and new developments into practical guidance that reaches well beyond the CNCF. These outputs become established best practices and operating procedures that shape how companies and foundations operate and evolve for years to come.
From security to governance
Security is both timeless and constantly shifting — lessons from the past continue to serve as the foundation for how we approach future challenges. That’s what drew me (Brandt) deeper into the landscape.
“Security matters to me, to the projects I care about, and to the work I do every day — I need to stay aligned with new and evolving threats.” — (Brandt, probably)
But in all seriousness, the core message stays the same even as the implications grow. Consider the security assessments that projects are now required to undergo — from self-assessments to joint evaluations — as a way to systematically walk through known security considerations and uncover areas where projects can improve. Each assessment creates a fresh opportunity for both the project and the TAG to refine their approach for the next round.
Historically, the knowledge produced by TAG Security and Compliance white papers has fueled global conversations and been referenced by institutions and industry alike.
This work is far from finished. Current initiatives span Supply Chain Insights, IAM Best Practices, MCP Authn/z, Security Controls, and more — all with the potential to impact every project across the landscape and every end user.
Resilience isn’t just about uptime
When I (Mario) joined TAG Operational Resilience, I thought I had a solid understanding of what resilience meant. Turns out, I didn’t. It’s not just about keeping systems running — it’s about what happens after you deploy and reality meets your cluster. It’s observability that actually gives you meaningful signals before 3 AM. Reliability patterns that don’t depend on a hero being on call. Day 2 operations that don’t feel like day 200. Cost efficiency, chaos engineering, sustainability — all the things nobody wants to think about until they’re the only things they can think about.
We’re currently driving five key initiatives. Project Release Guidelines, because release processes shouldn’t be tribal knowledge. Levels of Service Reliability Automation — a white paper I’m genuinely excited about — maps the journey from reactive firefighting all the way to self-healing systems. Cloud Native Observability Personas, because flooding a dashboard nobody reads with metrics isn’t observability. Cloud Native Business Continuity, building backup, restore, and DR reference architectures for real-world scenarios, not theoretical ones. And Green Reviews, ensuring we measure and improve the sustainability footprint of CNCF projects rather than just talking about it.
We also run Sustainability Month each year — a global initiative that rallies the community around making cloud native not just faster, but greener. I stepped down as Co-Chair when I joined the TOC — that’s the rule — but I’m not going anywhere. This work matters too much. The TAG is actively seeking contributors across all initiatives, and honestly, there’s no better time to get involved than right now.
Developer experience grows the ecosystem
In TAG Developer Experience, our focus is helping projects advance, mature, and become easier to use. That takes many forms — sometimes maturity simply means understanding the current state of the ecosystem.
There are three ongoing initiatives I want to highlight:
You can explore the full list of initiatives here:
These initiatives aren’t tied to a single project or driven by a single vendor. They span multiple projects and their intersection points to reduce friction and improve the overall ecosystem experience. Joining a TAG is an opportunity to learn from industry experts and contribute your own expertise to push these initiatives forward.
I (Mauricio) would encourage anyone who uses CNCF projects, maintains a project, or simply wants to learn to apply for a TAG position. If developer experience is your area of interest, this group will welcome your perspectives and contributions.
I thoroughly enjoyed working alongside the other Co-chairs and Tech Leads — Mélony, Daniel, Mona, Kevin, Julien, Graziano, and Joshua.
Where TAG work directly informs TOC decisions
Having now sat on both sides of the table, the three of us can confirm: the pipeline is very real. When the TOC makes a project lifecycle decision, the due diligence doesn’t begin with a vote. It starts with the general technical reviews conducted by the project reviews subproject, where most TAG leads are actively involved. It starts with governance reviews that determine whether a project’s leadership, processes, and community health are genuinely solid — not just claimed to be — and the joint security assessments run by TAG Security and Compliance.
The same applies to white papers: the TOC reviews them before publication, but the real work happens inside the TAGs first.
Each TAG actively seeks and values input from its members before any decisions are made. With five TAGs supporting one TOC, the process works because those with the deepest domain expertise are the ones doing the groundwork.
What we’re passing on and how you can step in
I (Mario) am handing over a TAG that’s already in motion. There are five active initiatives underway, a growing community, and a charter that now truly captures what operational resilience means in practice. I’m also stepping away from the chair role, the regular meetings, and the direct influence over priorities. And that’s exactly the intention. Stepping down isn’t about stepping away—it’s about creating space. Space for those who are even more passionate about reliability, observability, sustainability, or business continuity to step forward and shape the future of an entire ecosystem with their own vision. If that sounds like you, the door is wide open.
For me (Mauricio), I’m letting go of the weekly details on how the TAG Developer Experience initiatives are progressing, but I know I’ll help the TAG reach new communities, and the TOC role opens the door to bringing in more people who can contribute to the TAGs.
For me (Brandt), the transition is really just a shift in focus. TAG Security and Compliance is still made up of the security experts who brought me in—taught me so much—and who I now consider friends. I’ll be moving away from direct initiative work and instead focusing on the outcomes of that work. I’m confident that others will see the changing security landscape and feel empowered to get involved, continuing to create a space where everyone learns from each other.
So you want to join a TAG?
Start by showing up. Seriously, just attend the meetings. Follow the Slack channels. Observe for a while, then ask a question. You don’t need anyone’s permission to participate. Choose a domain that genuinely interests you—not the one that looks best on a LinkedIn profile. If you care about observability, join TAG Operational Resilience. If security keeps you up at night, TAG Security and Compliance is where you belong. Passion is obvious, and people take notice.
If you need to convince your employer, consider joining the domain that aligns most closely with your daily work. You’ll quickly find yourself at the edge of emerging trends and new ideas that compound rapidly with a high return on time invested.
Writing and communication skills matter more than most people realize. Half the work in a TAG involves drafting white papers, writing reviews, and making complex topics easy to understand. If you can explain things clearly, you’re already ahead. Join an initiative that’s already underway rather than trying to start something from scratch on day one. You’ll learn faster, build credibility, and discover where the real gaps are.
Disagreement is part of the process. You’ll disagree with smart people who also care deeply. That’s not a flaw—it’s the whole point. The 2-year term is a marathon, not a sprint. Pace yourself, because the work doesn’t stop after the first month of excitement. And whatever you do, don’t wait for an invitation. Nominate yourself. Raise your hand. Nobody is going to tap you on the shoulder. The community grows because people decide to show up and do the work.
The TAG elections are open
TAGs are where CNCF governance gets its real substance. The TOC sets the direction, but TAGs do the homework—the reviews, the white papers, the tough conversations that keep the ecosystem honest. We need more people doing that homework.
2026 TAG Chair nominations are open now through May 26. Tech Lead nominations open June 8. You can find all open nominations at github.com/cncf/toc/issues?q=is:issue+state:open+Chair+Nomination
