TL;DR: Over the past year, I published Docker and Kubernetes Security, evolved the Docker Black Forest meetup into a CNCF chapter, delivered 15 global engagements across 6 countries, and joined LFX and GSoC as mentor. This post reflects on my journey from Docker Captain to CNCF Ambassador applicant, focused on education through storytelling and building secure supply chains.
In early 2024, I wrote an article titled How to Become a Docker Captain, chronicling my journey from a casual Docker user in 2015 to an official community leader. Today, as a Senior Backend Engineer at JobRad GmbH, a Docker Captain, and a Snyk Ambassador, my perspective on infrastructure has grown. Containers don't live in a vacuum—they are part of a massive, interconnected cloud-native ecosystem.
As I submit my application for the CNCF Ambassador program, I wanted to take a moment for a mid-year check-in to reflect on the community work, authorship, and open-source contributions I've been focused on between May 2025 and May 2026.
Here is what the journey has looked like over the past year.
1. Build a Cloud-Native Community
Back in 2022, I founded the Docker Black Forest meetup because I was looking for a local community to join. Over time, as our discussions expanded beyond containerization into Kubernetes and secure supply chains, I joined forces with the DevOps Meetup Freiburg to evolve into a broader Cloud Native Freiburg chapter. This was a natural progression, as the lines between DevOps, containers, and cloud-native technologies are increasingly blurred.
- DockBurg.com is the community hub, that brings Cloud Native Freiburg and Docker Black Forest together under one roof.
- Cloud Native Freiburg is the CNCF Chapter. Since its founding in April 2025, we have had 10 in-person events, with an average attendance of 20 people.
- Docker Freiburg and Black Forest with about 400 members, 19 events, and a rating of 4.7/5 across ~50 reviews on Meetup.com.
- DevOps Meetup Freiburg with about 600 members, 25 events, and a rating of 4.7/5 across ~40 reviews on Meetup.com.
And we had some high-profile speakers, including:
- Lize Raes, Docker Captain, Java Champion, and Developer Advocate at Oracle
- Timo Stark, Docker Captain and Head of IT
- Jonas Scholz, Docker Captain and Co-founder of Sliplane
Docker and Kubernetes Security: Implementing Supply Chain Security and Runtime Security for Containers from Development to Production - Docker and Kubernetes Security - Docker and Kubernetes Security
Learn to secure containers and clusters—from supply chain to runtime. This comprehensive guide covers Docker fundamentals, Kubernetes security, CI/CD integration, and future trends.
dockersecurity.io
2. Write the Book (and Tell a Story)
In October 2025, after nearly two years of writing and 170 git commits, I published my book, Docker and Kubernetes Security. It was an absolute honor to see it nominated as a finalist for the Best DevOps Book of the Year at the DevOps Dozen 2025 awards. To support the book's educational mission, I also launched DockerSecurity.io as an accompanying platform, where I publish regular updates and made the first two chapters available for free to the community.
But let's be honest: Security policies can be dry and cause cognitive fatigue. To fix this, I experimented with narrative-driven technical fiction:
Black Forest Shadow — A Dark Fantasy Guide to Docker and Kubernetes Security - Docker and Kubernetes Security - Docker and Kubernetes Security
A dark fantasy novel set in the Black Forest of 1865 that teaches Docker and Kubernetes security through narrative — covering CVE hunting, SBOM generation, runtime hardening, and container security.
dockersecurity.io
- In December 2025, I launched the Black Forest Shadows: Container Security Advent Series, publishing 24 sequential parts across DEV.to and Medium.
- This series utilized an 1865 folklore setting where CVEs were literal monsters, helping junior engineers grasp complex DevSecOps principles.
- This highly successful experiment is evolving into a full publication titled Black Forest Shadow: A Dark Fantasy Guide to Docker and Kubernetes Security, which was published on Friday the 13th of March 2026.
I was also involved in reviewing Operational AI with Docker by Ajeet Singh Raina and Harsh Manvar, which was published in May 2026. I had the honor of being a technical reviewer for the book, and I shared some exclusive behind-the-scenes insights about it in my book review.
3. Black Forest Commandos: Talks and Workshops
In June 2025, I did a short talk at PlatformCon 2025 about "10 Docker commands you didn't know about". It was a mix of AI and security.
Bake a Docker Cake — Talk by Mohammad-Ali A'râbi - Docker and Kubernetes Security - Docker and Kubernetes Security
A PlatformCon talk on 10 lesser-known Docker commands for improving development workflows, vulnerability scanning, supply chain security, and local AI workflows.
dockersecurity.io
There I talked about Docker Scout, Trivy, Cosign, SBOM attestations, and Docker Bake (hence the name of the talk: Bake a Docker Cake).
In October 2025, I did a workshop version of the same talk at the WeAreDevelopers World Congress in Berlin, which was a huge success. The workshop was attended by 40 people, while 100 more were waiting behind the doors to be let in.
Docker Deep Dive with a Docker Captain — Docker Commandos Workshop - Docker and Kubernetes Security - Docker and Kubernetes Security
The workshop that started it all. Over 100 people queued for 40 seats at WeAreDevelopers World Congress 2025. Covered Docker Init, Docker Bake, SBOMs, attestations, and Docker Scout.
dockersecurity.io
I did the same internally at JobRad, and called it 10 Docker Commandos, which is a play on "10 Docker commands" (as in German, the word for command is Kommando).
In early 2026, I took the main stage at Jfokus 2026 in Stockholm to teach "Dockerize Securely".
Dockerize Securely — Talk by Mohammad-Ali A'râbi - Docker and Kubernetes Security - Docker and Kubernetes Security
A Jfokus talk on building secure container images using SBOMs, OCI 1.1 attestations, and Docker Bake, told through the narrative of the Docker Commandos in Asgard.
dockersecurity.io
I was telling a story about the Black Forest Commandos defending the realm of Asgard against CVE monsters. It was Asgard, because we were in Sweden and the conference was Viking-themed.
On the same week, I turned the talk into a blog post for JAVAPRO, and created 10 original Black Forest Commandos personas, each representing a different Docker command or security tool.
The blog post is published on JAVAPRO's website:
Later, Rabobank and Docker, Inc. jointly invited me to do a workshop on behalf of Docker at their internal conference in Utrecht, Netherlands. The workshop was attended by 50 people, and the Commandos traveled to Utrecht.
Docker Commandos v1.5 — Docker Commandos Workshop - Docker and Kubernetes Security - Docker and Kubernetes Security
Docker Commandos v1.5 at Rabobank, part of their Docker Champions program. Full supply-chain security pipeline from Docker Init to cryptographic signing and zero-day runtime defense.
dockersecurity.io
The 10 Commandos are (from left to right):
- Gord - Docker Init
- Rothütle - Docker SBOM
- Jack - Docker Scout
- The Valkyrie - SBOM Attestations
- Artemisia - Docker Hardened Images
- Mina - VEX Exemptions
- RuinTan - VEX Attestations
- Captain Ahab - Docker Bake
- Evie - Cosign
- Agent Null - Zero-Day Defense
The Black Forest Commandos then went to Cologne for JCON Europe 2026, where I used Docker Labspaces to launch the Docker Commandos workshop.
Java Supply Chain Security with Docker — Docker Commandos Workshop - Docker and Kubernetes Security - Docker and Kubernetes Security
Docker Commandos adapted for a Java audience at JCON Europe 2026. Supply chain security, SBOMs, and attestations — using Docker tooling with a Java project as the target.
dockersecurity.io
docker compose -f oci://docker.io/aerabi/docker-commandos-labspace up -d
The team is called Black Forest Commandos because they are a continuation of the Black Forest Shadows story, but the workshop series are called Docker Commandos being the Dutch and German name meaning "Docker Commands".
The Commandos went on the stage of DevOpsDays Zurich in May 2026 and will be at EnterJS in Mannheim in June 2026, where I will talk about "Defense Against the Dark Arts: NPM Attack".
Black Forest Commandos are in:
Black Forest Commandos — Narrative-Driven Container Security Workshop - Docker and Kubernetes Security - Docker and Kubernetes Security
A hands-on container security workshop told through the story of 10 commandos fighting CVE monsters in Asgard. Covering SBOMs, attestations, hardened images, VEX, Docker Bake, Cosign, and zero-day defense. (Previously known as Docker Commandos).
dockersecurity.io
- Docker Commandos in-person workshop series
- Docker Labspaces DIY workshops
- Asgard Arcade: a set of card games published on DockerSecurity.io
- Swiss Jass: Commandos Edition: a Commando-themed version of the popular Swiss card game, Jass
- Upcoming: Black Forest Commandos: Asgard Mission, comic book that follows the Commandos on a mission to Asgard.
I started doing the comic book as I was asked a few times.
4. Mentor the Next Generation
I started writing in 2021 since I was mentoring a few junior engineers at work, and I realized those answers could be useful for a wider audience. I also wanted to give back to the community that had given me so much. So, mentoring others has always been more educational for me than for the mentees.
Because I joined a team of senior engineers at JobRad, I suddenly found myself without junior colleagues to mentor. To fill that gap, I turned to the open-source world:
- In 2025, I joined the Linux Foundation Mentorship (LFX) Program. I had the immense privilege of managing a cohort of 24 active mentees, successfully guiding three of them to full graduation.
- This term, I am acting as a primary mentor for The Linux Foundation during Google Summer of Code (GSoC) 2026.
- Alongside my co-mentors, I am guiding our mentee through a highly critical engineering project: "CISA 2025 SBOM Conformance and SPDX 3 Support".
5. Contribute to the Core
I still remember going to my favorite café every Sunday to write. That habit hasn't died.
- I am a frequent contributor to DEV.to (76 total articles, 37 in 2025) and Medium (93 total, 31 in 2025), alongside my dedicated posts on DockerSecurity.io/blog.
- I continue to author the Git Weekly newsletter, which has 500 subscribers and 29 issues published so far.
- In 2026, I started the Docker Security Dispatch to keep the DevSecOps community updated on container security postures and CVE alerts. With only 2 issues published so far, it has already attracted 400 subscribers.
I'm honored to be on the Docker's official docs workgroup, where I contribute to the guides and reference documentation. I co-authored the C++ guide and have added the security sections to it.
Impact at a Glance
Since May 2025, I've had the privilege of sharing my journey and knowledge across various stages and formats. Here is a summary of my impact:
Speaking & Training Engagements
Between May 2025 and July 2026, I will have delivered a total of 15 engagements across 6 countries and online:
- 8 Talks 🎤
- 4 Workshops 🛠️
- 3 Interviews 🎙️
Locations included: Germany 🇩🇪 (9), Sweden 🇸🇪 (1), Switzerland 🇨🇭 (1), Netherlands 🇳🇱 (1), and Global/Online 🌐 (3).
Legend: 🎤 Talk | 🛠️ Workshop | 🎙️ Interview
| Date | Title | Event / Venue | Location |
|---|---|---|---|
| 27.06.2025 | 🎤 Bake a Docker Cake | PlatformCon 2025 | Online 🌐 |
| 08.07.2025 | 🛠️ Docker Deep Dive with a Docker Captain | WeAreDevelopers World Congress | Berlin 🇩🇪 |
| 25.07.2025 | 🎙️ Docker Captain, DevSecOps, and Developer Advocacy | TACOS Podcast | Online 🌐 |
| 11.09.2025 | 🛠️ 10 Docker Commandos | JobRad GmbH | Freiburg 🇩🇪 |
| 01.10.2025 | 🎤 5 Docker Commandos | #cTENcf Birthday Bash Freiburg | Freiburg 🇩🇪 |
| 06.11.2025 | 🎤 Node.js Supply Chain Security + dhi | Node.js Meetup #46 | Berlin 🇩🇪 |
| 03.02.2026 | 🎤 Dockerize Securely: SBOMs + Attestations + Bake | Jfokus 2026 | Stockholm 🇸🇪 |
| 27.03.2026 | 🛠️ Docker Commandos v1.5 | Rabobank Utrecht | Utrecht 🇳🇱 |
| 20.04.2026 | 🛠️ Java Supply Chain Security with Docker | JCON Europe 2026 | Cologne 🇩🇪 |
| 20.04.2026 | 🎙️ Interview with Baruch Sadogursky at JCON Europe | JAVAPRO / Tessl | Cologne 🇩🇪 |
| 24.04.2026 | 🎙️ Writing a Tech Book: Docker and Kubernetes Security | JobRad Podcast: Increase Cycle Time | Freiburg 🇩🇪 |
| 06.05.2026 | 🎤 Beyond SBOMs: The Future of Container Supply Chain Security | DevOpsDays Zurich 2026 | Zurich 🇨🇭 |
| 16.06.2026 | 🎤 Defense Against the Dark Arts: NPM Attack | EnterJS 2026 | Mannheim 🇩🇪 |
| 09.07.2026 | 🎤 Dockerize Java Securely: SBOMs + Attestations + Bake | WeAreDevelopers World Congress | Berlin 🇩🇪 |
| 10.07.2026 | 🎤 Beyond SBOMs: The Future of Container Supply Chain Security | WeAreDevelopers World Congress | Berlin 🇩🇪 |
Pillars of Impact
| Pillar of Impact | Key Highlights |
|---|---|
| Community Leadership | Evolving local meetups into the CNCF Cloud Native Freiburg chapter with ~1,000 combined members. |
| Content & Authorship | Publishing Docker and Kubernetes Security, launching DockerSecurity.io, and maintaining multiple blogs and newsletters. |
| Speaking & Training | Delivering the Docker Commandos workshops globally, from Jfokus in Sweden to JCON in Cologne. |
| Open Source Mentorship | Managing 24 LFX mentees and serving as a primary mentor for GSoC 2026. |
Conclusion: The Path Ahead
The theme of the year has been Education by Storytelling. It started with the Black Forest Shadows series, evolved into the Black Forest Commandos, and now I'm working on a comic book about the Commandos' mission to Asgard. There also have been some spin-offs, like the Swiss Jass: Commandos Edition card game or my other article on JAVAPRO:
I'm excited to see what the next year will bring. Perhaps I'll see you in Black Forest, in Asgard, or maybe at the next KubeCon!
Top comments (0)