BSidesSF 2025: Full Schedule

arrow_back View All Dates

9:00am PDT

Breakfast

Sunday April 27, 2025 9:00am - 10:00am PDT

Participant Hall / City View Tent

Breakfast and lunch are served in the Participant Hall
and in the tent on the terrace.

Sunday April 27, 2025 9:00am - 10:00am PDT
Participant Hall / City View Tent City View at Metreon

Food & Drink

9:00am PDT

Espresso & Coffee

Sunday April 27, 2025 9:00am - 3:00pm PDT

Participant Hall

Three barista stations are located within the Participant Hall. Stop by for an espresso drink of your choosing! Drip coffee and water are available all day throughout the Participant Hall.

Sponsors

Vanta

Silver, Espresso & Coffee

Sunday April 27, 2025 9:00am - 3:00pm PDT
Participant Hall City View at Metreon

Food & Drink

9:00am PDT

Capture the Flag

Sunday April 27, 2025 9:00am - 4:00pm PDT

Participant Hall / Twin Peaks

The BSidesSF CTF is back with all new challenges! Anyone and everyone is welcome and encouraged to participate. The competition features a range of challenges at all difficulty levels. All that is needed to participate is a laptop. Members of the CTF team will be onsite all weekend in case you find yourself in need of guidance and/or hints.
Visit https://bsidessf.org/ctf to get started!
The server is available all weekend long, and anyone is welcome to play regardless of their location. There is only one caveat; at least one player must be onsite to claim any prizes won.

Sponsors

Adobe

Capture the Flag

Sunday April 27, 2025 9:00am - 4:00pm PDT
Participant Hall / Twin Peaks City View at Metreon

Village, CTF

9:00am PDT

Participant Hall

Sunday April 27, 2025 9:00am - 5:00pm PDT

City View at Metreon

The Participant Hall is the hub of all of the weekend’s happenings and events. In the Participant Hall you’ll find the Villages, the CTF, the Bar and Chill Out Space, our sponsors, as well as breakfast, lunch, and coffee.

Sunday April 27, 2025 9:00am - 5:00pm PDT
City View at Metreon City View at Metreon

9:00am PDT

(ISC)2 Silicon Valley

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

(ISC)2 Silicon Valley is a dynamic community of cybersecurity professionals dedicated to advancing the greater San Francisco Bay Area.

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Community Organization

9:00am PDT

Electronic Frontier Foundation (EFF)

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

EFF is the leading organization defending civil liberties in the digital world. We defend free speech on the internet, fight illegal surveillance, support freedom-enhancing technologies, promote the rights of digital innovators, and work to ensure that the rights and freedoms we enjoy are enhanced, rather than eroded, as our use of technology grows. EFF's booth will be a place for attendees to come and chat with EFF staff about the latest in digital rights.

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Community Organization

9:00am PDT

Pacific Hackers Association

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

Pacific Hackers Association is a 501(c)(3) non-profit organization that aims to fix the cybersecurity industry's main issues, diversity, education, and recruitment, while elevating the next generation of hackers. We provide cyber-mentors, training, conference access, workshops, etc.

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Community Organization

9:00am PDT

Secure Diversity/Day of Shecurity

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

Stop by the Secure Diversity booth for information on diversity in cybersecurity. We’ll share ways to get involved and have experienced practitioners available for conversations. If you’re looking to get involved with a conference, volunteer with a diversity-focused cybersecurity nonprofit, and expand your professional network, we're excited to meet you.

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Community Organization

9:00am PDT

WiCyS

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

WiCyS helps build a strong cybersecurity workforce with gender equality by facilitating recruitment, retention, and advancement for women in the field. To learn more about WiCyS initiatives and programs, swing by the WiCyS booth.

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Community Organization

9:00am PDT

WISP

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

Women in Security and Privacy (WISP)'s mission is to advance women and underrepresented communities to lead the future of privacy and security.

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Community Organization

9:00am PDT

Bar and Chill Out

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

Enjoy a break from the day’s events with a drink of your choice in the Bar & Chill-Out Space. Two pre-paid complimentary drink tickets were provided at registration.

Sponsors

Chainguard

Daytime Social (Sun)

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Food & Drink, Bar

9:00am PDT

Headshots

Sunday April 27, 2025 9:00am - 5:00pm PDT

AMC Concessions

Need a new headshot? If so, we’ve got you covered! Stop by for a free, professional headshot. Headshots are offered on a first come, first serve basis.

Sponsors

Opal Security

Headshots

Sunday April 27, 2025 9:00am - 5:00pm PDT
AMC Concessions AMC at Metreon

General

9:00am PDT

Info Desk

Sunday April 27, 2025 9:00am - 5:00pm PDT

City View Lobby

Have a question or comment about the event that you’d like to share? Drop by the Info Desk and chat with members of the BSidesSF staff and volunteer teams.

Sunday April 27, 2025 9:00am - 5:00pm PDT
City View Lobby City View at Metreon

General

9:00am PDT

Lounge

Sunday April 27, 2025 9:00am - 5:00pm PDT

City View Terrace

Break away from the day’s talks and events to spend a bit of time outside enjoying the SF skyline. The Lounge offers comfortable seating where you can eat, drink, and socialize.

Sponsors

Chainguard

Daytime Social (Sun)

Sunday April 27, 2025 9:00am - 5:00pm PDT
City View Terrace City View at Metreon

General

9:00am PDT

Prayer & Mother's Room

Sunday April 27, 2025 9:00am - 5:00pm PDT

City View Lobby

Need a quiet place for prayer or mothering duties? Ask at the Info Desk, and we can guide you to a private location.

Sunday April 27, 2025 9:00am - 5:00pm PDT
City View Lobby City View at Metreon

General

9:00am PDT

Registration

Sunday April 27, 2025 9:00am - 5:00pm PDT

AMC Concessions

Sunday April 27, 2025 9:00am - 5:00pm PDT
AMC Concessions AMC at Metreon

General

9:00am PDT

Adversary Village

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

Join Adversary Village for hands-on activities and workshops primarily focused on adversary emulation, breach, and adversary attack simulation as well as offensive cybersecurity, purple teaming, adversary tradecraft, and threat/APT/ransomware emulation.

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Village

9:00am PDT

Bug Bounty Village

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

Bug Bounty Village is a dedicated space offering extensive hands-on workshops for all things bug bounty-related! Join us at the Bug Bounty Village for the second year in a row for two days of full workshops, live hacking sessions, and CTFs!
Brought to you by NahamSec

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Village

9:00am PDT

Career Village

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

Career Village is aimed at helping attendees navigate a career in cybersecurity and connect with hiring managers. At the village you will have the opportunity to learn about professional branding, resume building, interview best practices, and get to meet security hiring managers looking to grow their teams. The Career Village will have recruitment and security experts who have helped people ranging from professionals new to security to security executives looking to continue their career journey.

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Village

9:00am PDT

Cloud Village

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

As more of the world onboards itself to cloud infrastructures, staying at par with new offensive/defensive research and techniques becomes a mandatory skillset. Cloud Village is an open space to meet folks interested in offensive and defensive aspects of cloud security.

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Village

9:00am PDT

Crypto & Privacy Village

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

Learn how to secure your own systems while also picking up some tips and tricks on how to break classical and modern encryption. Crypto & Privacy Village features workshops and lightning talks on a wide range of crypto and privacy topics from experts. The village will also have an intro to crypto for beginners, some crypto-related games, puzzles, and challenges.

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Village

9:00am PDT

Embedded Systems Village

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

Embedded Systems Village advances the security of embedded systems by hosting hands-on hacking workshops, showcasing new security research demos, and organizing exciting hacking contests to educate attendees and manufacturers on the approach hackers use to attack these devices.

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Village

9:00am PDT

Hardware Challenge Village

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

Hardware Challenge Village is an interactive experience for electronic tinkering and programming. The village will be hosting a competitive CTF challenge using a badge designed specifically for the Hardware Challenge Village.
Brought to you by Pacific Hackers & Hackerwares

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Village

9:00am PDT

IoT Village

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

IoT Village advocates for advancing security in the Internet
of Things (IoT) industry through bringing researchers
and industry together. Brought to you by Independent Security Evaluators (ISE).

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Village

9:00am PDT

Lockpick Village

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

Lockpick Extreme and TOOOL SF are back again hosting Lockpick Village. Learn to lockpick from the TOOOL SF volunteers or practice what you already know with their assortment of locks and picks. When you’re done, you can shop at the Lockpick Extreme pop-up shop and take your new hobby home with you.
Brought to you by Lockpick Extreme and TOOOL SF

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Village

9:00am PDT

Villages

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

Villages are back! Come participate with multiple different hands-on opportunities to learn and practice new skills or share your knowledge.

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Village

9:00am PDT

AI Village

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

AI Village is a community of hackers and data scientists working to educate the world on the use and abuse of artificial intelligence in security and privacy. We aim to bring more diverse viewpoints to this field and grow the community of hackers, engineers, researchers, and policy makers working on making the AI we use and create safer. We believe that there needs to be more people with a hacker mindset assessing and analyzing machine learning systems. For the BSidesSF agenda, visit http://aivillage.org/bsides.

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Village/AI

9:00am PDT

T-Shirt Sales

Sunday April 27, 2025 9:00am - 5:30pm PDT

Coat Check

Pre-purchased event t-shirts can be picked up at Coat Check. We also have limited quantities of t-shirts for both the current year and a number of previous years available for purchase. Upon picking up a t-shirt you will be given a token you can use to vote for one of three charities. These votes will determine the donation splits made to each of the charities.

Sunday April 27, 2025 9:00am - 5:30pm PDT
Coat Check City View at Metreon

General

9:00am PDT

Coat Check

Sunday April 27, 2025 9:00am - 7:00pm PDT

Coat Check

Secure storage for your personal belongings is available for all participants. Please remember to pick up your items before the end of the event!

Sunday April 27, 2025 9:00am - 7:00pm PDT
Coat Check City View at Metreon

General

10:00am PDT

Opening Remarks

Sunday April 27, 2025 10:00am - 10:15am PDT

AMC IMAX

Welcome to day two of BSidesSF 2025!

Sunday April 27, 2025 10:00am - 10:15am PDT
AMC IMAX AMC at Metreon

10:15am PDT

Fire, Brimstone, and Bad Security Decisions

Sunday April 27, 2025 10:15am - 11:00am PDT

AMC IMAX

An important facet of resilience in cybersecurity has to do with recovery from making wrong decisions, such as a strategic choice in policy, design, architecture, or even procurement. How do you back out of something that seemed like a good idea at the time, but that you now realize is creating problems? And how can we stay curious in the face of being wrong, as well as design security for the future to make redirection easier? This session covers the need to plan for human fallibility – and may itself be wrong …

Speakers

Wendy Nather

Senior Research Initiatives Director, 1Password

Wendy Nather is the Senior Research Initiatives Director at 1Password. She was previously the Director of Advisory CISOs at Duo Security, Research Director at the Retail ISAC, and Research Director of the Information Security Practice at 451 Research. Wendy led IT security for the... Read More →

Sunday April 27, 2025 10:15am - 11:00am PDT
AMC IMAX AMC at Metreon

Keynote

10:30am PDT

Connect with Women in CyberSecurity (WiCyS)

Sunday April 27, 2025 10:30am - 11:15am PDT

AMC Theatre 03

Connect and network with Women in CyberSecurity (WiCyS). Learn about the organization and how we help Recruit, Retain, and Advance Women in CyberSecurity.

Sunday April 27, 2025 10:30am - 11:15am PDT
AMC Theatre 03 AMC at Metreon

Meetup

11:00am PDT

Pacific Hackers

Sunday April 27, 2025 11:00am - 11:45am PDT

AMC Theatre 03

Come join Pacific Hackers for a casual meetup!

Sunday April 27, 2025 11:00am - 11:45am PDT
AMC Theatre 03 AMC at Metreon

Meetup

11:15am PDT

Not Every Groundbreaking Idea Needs to Become a Billion-Dollar Startup

Sunday April 27, 2025 11:15am - 11:45am PDT

AMC IMAX

The cybersecurity industry has 5,000+ startups yet many key problems are overlooked for not being "venture scale." This talk explores alternative paths (bootstrapping, Silicon Valley Small Businesses) and why niche markets and smaller ideas can drive impactful solutions without unicorn pressure.

Speakers

Ross Haleliuk

Co-founder, Stealth

Sunday April 27, 2025 11:15am - 11:45am PDT
AMC IMAX AMC at Metreon

Presentation, General

11:15am PDT

The Four Tribes of Security Champions

Sunday April 27, 2025 11:15am - 11:45am PDT

AMC Theatre 07

“The Four Tribes of Security Champions” is a framework to describe successful security champion programs. The tribes include: The Apprentices, The Fan Club, The Learners, and The Sentinels. We’ll explore a benchmarking tool for each tribe to pick which approach is right for you!

Speakers

Marisa Fagan

Head of Product, Katilyst

Marisa Fagan is Head of Product at a “security champions as a service” startup called Katilyst. She works on building security into the SDLC and empowering developers to own secure code. Previously, she has worked as a security culture expert at places like Atlassian, Salesforce... Read More →

Sunday April 27, 2025 11:15am - 11:45am PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

11:15am PDT

The Growing Crisis in CVE Data Quality

Sunday April 27, 2025 11:15am - 11:45am PDT

AMC Theatre 09

Explore the escalating issues in CVE data: inconsistent reporting, low-quality submissions, and outdated info. Learn why these threaten cybersecurity and what solutions can restore trust in this critical database.

Speakers

Jerry Gamblin

Cisco

Sunday April 27, 2025 11:15am - 11:45am PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

11:15am PDT

AI Dragons: Threats, Risks, and What We Can Do About Them

Sunday April 27, 2025 11:15am - 12:00pm PDT

AMC Theatre 01

During the session, we'll explore how AI systems can pose risks to organizational security and user safety. Attendees will gain insights on AI's role in modern security and actionable strategies to safeguard organizations. Join us to learn about AI threats and ways to secure digital ecosystems.

Speakers

Tanya Janca

Staff DevRel, Semgrep

Tanya Janca, aka SheHacksPurple, is the best-selling author of 'Alice and Bob Learn Secure Coding', 'Alice and Bob Learn Application Security’ and the ‘AppSec Antics’ card game. Over her 28-year IT career she has won countless awards (including OWASP Lifetime Distinguished Member... Read More →

Sunday April 27, 2025 11:15am - 12:00pm PDT
AMC Theatre 01 AMC at Metreon

Birds of a Feather

11:15am PDT

How are System Defenders Effectively Using LLMs?

Sunday April 27, 2025 11:15am - 12:00pm PDT

AMC Theatre 02

This BoF session brings together defensive security practitioners who are actively working with LLMs to share real-world successes, challenges, and future visions. Most teams seem to focus on reducing toil, but surely there are more interesting ways LLMs can be utilized? Come find out!

Speakers

Doug Wilson

Sunday April 27, 2025 11:15am - 12:00pm PDT
AMC Theatre 02 AMC at Metreon

Birds of a Feather

11:15am PDT

Global BSides Organizers Meetup

Sunday April 27, 2025 11:15am - 12:15pm PDT

AMC Theatre 03

BSides Organizers from around the world, come and chat. Just like at BSidesLV this is a time and place to gather and share thoughts, ideas, ask questions, and meet your peer organizers.

Speakers

Ricky

Organizer, Security Generalist, BSidesSF

Reed Loden

Reed Loden is an information security expert, researcher, hacker, and developer. With over 15+ years of security experience, he focuses on protecting the products and services of various organizations.Reed has worked to secure companies including Teleport, HackerOne, Lookout Mobile... Read More →

Sunday April 27, 2025 11:15am - 12:15pm PDT
AMC Theatre 03 AMC at Metreon

Meetup

11:30am PDT

Mind the Gap: Career Growth and Management for Security Engineers

Sunday April 27, 2025 11:30am - 12:15pm PDT

AMC Theatre 13

Join us as we discuss the good, the bad, and the ugly of career management in security engineering! Our panel of engineers and leaders will share stories about identifying opportunities, overcoming challenges, and setting yourself up for long-term success in the security industry.

Speakers

Josh Liburdi

Principal Engineer, Security Operations, DoorDash

Josh Liburdi is a security engineer at DoorDash who focuses on security operations. He has more than a decade of industry experience and has worked at several diverse organizations, including Brex, Target, and CrowdStrike. He also presents at security conferences (BSides NYC & SF... Read More →

Elle McKenna

security + IT leader, somewhere smallish :)

i’m a nonbinary person (they/them) based in oakland, ca. i’m passionate about creating shareholder value, and in my free time i like to create shareholder value. i would love it if people talked to me about creating shareholder value; ask me about business, numbers, charts!

Sarai Rosenberg

Head of Cloud Security ☁️🔒, Netflix

Sarai Rosenberg leads Netflix Clod Security. Sarai became an expert on managing people (YES IT'S WEIRD TO SAY THAT) due to her passion for equitably enabling her teams to do their best work, and her bizarre collection of special interests. As a mathematician, she's excited by untangling... Read More →

Andrew Kline

Senior Security Engineer, Brex

Andrew is a security engineer at Brex where he does D&R and cloud/infrastructure security. He started his career in security consulting, primarily at Crypsis/Unit 42 (PANW), where he handled a variety incidents and security engineering projects for clients before launching an internal... Read More →

Sunday April 27, 2025 11:30am - 12:15pm PDT
AMC Theatre 13 AMC at Metreon

Panel

11:30am PDT

Don’t Sh*t-Left: How to Actually Shift-Left

Sunday April 27, 2025 11:30am - 12:15pm PDT

AMC Theatre 14

Shift-left sounds great — catch issues early, save time, empower devs — but too often it backfires, creating noise and chaos. Learn from real-world fails, laugh at sh*t-left stories, and discover practical strategies to make shift-left work. Let’s fix AppSec, one bug at a time.

Speakers

Ahmad Sadeddin

CEO, Corgea

Ahmad is the CEO at Corgea. He's a 3x founder with 1 exit. He's been coding since he was 12 and loves building software solutions to solve deep customer problems. In his spare time (very little of), he loves to BBQ and spend time with family and friends.

Sunday April 27, 2025 11:30am - 12:15pm PDT
AMC Theatre 14 AMC at Metreon

Presentation, Deep Dive

11:30am PDT

Effective Handling of Third-Party Supplier Incidents

Sunday April 27, 2025 11:30am - 12:15pm PDT

AMC Theatre 06

Discover efficient incident handling strategies for third-party supplier incidents. Learn the importance of a predefined process and collaboration between risk management and incident response teams. Gain insights into key decision-making considerations and elevate your IR capabilities.

Speakers

Kasturi Puramwar

Information Security Manager, Equinix

Sunday April 27, 2025 11:30am - 12:15pm PDT
AMC Theatre 06 AMC at Metreon

Presentation, Deep Dive

11:30am PDT

When AI Goes Awry: Responding to AI Incidents

Sunday April 27, 2025 11:30am - 12:15pm PDT

AMC Theatre 11

This talk details challenges in incident response for AI systems, including insufficient logging, visibility, and accountability, as well as the risks of data exposure and prompt injection. We examine a case of RAG-enabled LLM and propose triaging strategies and improved IR practices for mitigation.

Speakers

Eoin Wickens

Director of Threat Intelligence, HiddenLayer

Eoin Wickens is the Technical Research Director - Field at HiddenLayer, where he both researches and speaks about security for artificial intelligence and machine learning. He has previously worked in threat research, threat intelligence and malware reverse engineering and has been... Read More →

Marta Janus

Principal Researcher, HiddenLayer

Marta is a Principal Researcher at HiddenLayer, focused on investigating adversarial machine learning attacks and the overall security of AI-based solutions. Prior to HiddenLayer, Marta spent over a decade working as a researcher for leading anti-virus vendors. She has extensive experience... Read More →

Sunday April 27, 2025 11:30am - 12:15pm PDT
AMC Theatre 11 AMC at Metreon

Presentation, Deep Dive

12:00pm PDT

Preparing for Dragons: Don’t Sharpen Swords. Set Traps, Gather Supplies!

Sunday April 27, 2025 12:00pm - 12:30pm PDT

AMC IMAX

Most people aren’t dragon slayers. There are dragon slayers out there, but they’re not us. EDR isn’t a dragon slayer. Neither is the SOC. That’s okay — when the dragon comes, the goal should be *survival,* not going out in a blaze of glory.

Speakers

Adrian Sanabria

Principal Researcher, Defenders Initiative

Adrian is a successful generalist with over two decades of experience hacking, fixing, breaking, building, and teaching in InfoSec. He’s always trying to see the big picture and figure out the best security strategies. Despite all these years in the industry, he is still optimistic... Read More →

Sunday April 27, 2025 12:00pm - 12:30pm PDT
AMC IMAX AMC at Metreon

Presentation, General

12:00pm PDT

The Product Security Imperative: Lessons from CISA

Sunday April 27, 2025 12:00pm - 12:30pm PDT

AMC Theatre 09

Policymakers worldwide have recently taken up product security, making topics like memory safety prominent. In this talk, hear from former CISA Senior Advisor Jack Cable on lessons learned leading CISA's Secure by Design initiative, and what a shift towards product security means for the industry.

Speakers

Jack Cable

CEO & Co-Founder, Corridor

Jack Cable is the CEO and Co-Founder of Corridor. Corridor is the AI-powered Secure by Design platform and is backed by Conviction, Alex Stamos, and Christina Cacioppo. Prior to starting Corridor, Jack served as a Senior Technical Advisor at CISA, where he led the agency’s Secure... Read More →

Sunday April 27, 2025 12:00pm - 12:30pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

12:00pm PDT

Trust Engineering: Building Security Leadership at Early-Stage Startups

Sunday April 27, 2025 12:00pm - 12:30pm PDT

AMC Theatre 07

Being the first security leader at a startup is a wild ride. This talk explores "Trust Engineering," a hands-on approach to earn trust, navigate chaos, and build a security foundation with limited resources. Learn how to handle executive expectations and support fast-paced growth.

Speakers

Mike Privette

Cybersecurity Economist, Return on Security

Mike Privette is a former CISO turned cybersecurity economist and the creator of Return on Security, a weekly market intelligence newsletter read by thousands of cybersecurity leaders, founders, and investors.He previously led security at Passport Labs, served as a Divisional CISO... Read More →

Sunday April 27, 2025 12:00pm - 12:30pm PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

12:00pm PDT

Lunch

Sunday April 27, 2025 12:00pm - 1:30pm PDT

Participant Hall / City View Tent

Breakfast and lunch are served in the Participant Hall
and in the tent on the terrace.

Sunday April 27, 2025 12:00pm - 1:30pm PDT
Participant Hall / City View Tent City View at Metreon

Food & Drink

12:30pm PDT

Cloud Security Meetup

Sunday April 27, 2025 12:30pm - 1:00pm PDT

AMC Theatre 03

Come join us to meet and connect with like-minded people in the cloud & AI security industry. No lunch will be served.

Sunday April 27, 2025 12:30pm - 1:00pm PDT
AMC Theatre 03 AMC at Metreon

Meetup

12:30pm PDT

LLM Mayhem: Hands-on Red Teaming LLM-Powered Chatbots

Sunday April 27, 2025 12:30pm - 2:30pm PDT

AMC Theatre 02

See registration to determine current session availability. Event filled in Sched to limit confusion.
YOU ARE REQUIRED TO REGISTER AT https://bsidessf.regfox.com/2025 TO ATTEND THIS WORKSHOP (i.e. this session cannot be reserved with Sched)
-----
Join us in this workshop to engage in hands-on attacks to identify weaknesses in AI-driven chatbots. If you’re interested in learning about getting started in red teaming generative AI systems, this is the workshop for you.

Speakers

Travis Smith

Jack Parker

Sunday April 27, 2025 12:30pm - 2:30pm PDT
AMC Theatre 02 AMC at Metreon

Workshop

12:30pm PDT

Purple Teaming Okta Detections

Sunday April 27, 2025 12:30pm - 2:30pm PDT

AMC Theatre 01

See registration to determine current session availability. Event filled in Sched to limit confusion.
YOU ARE REQUIRED TO REGISTER AT https://bsidessf.regfox.com/2025 TO ATTEND THIS WORKSHOP (i.e. this session cannot be reserved with Sched)
-----
In this hands-on workshop, we will show attendees how to onboard Okta logs into a SIEM and write detections as well as test them using open source adversary emulation tools. A basic understanding of YAML and writing detections is helpful, but not required.

Speakers

Ken Westin

Senior Solutions Engineer, LimaCharlie

Ken is a creative technologist with 16 years experience building and breaking things through the use/misuse of technology. His technology exploits and endeavors have been featured in Forbes, Good Morning America, Dateline, New York Times, The Economist and others. He has presented... Read More →

Sunday April 27, 2025 12:30pm - 2:30pm PDT
AMC Theatre 01 AMC at Metreon

Workshop

1:15pm PDT

State of (Absolute) AppSec

Sunday April 27, 2025 1:15pm - 2:00pm PDT

AMC Theatre 13

Join Seth Law (@sethlaw) and Ken Johnson (@cktricky), co-hosts of the Absolute AppSec Podcast, for a panel discussion on the current state of application and product security for 2025.

Speakers

Seth Law

Ariel Shin

Ariel is an Application Security Manager, leading a team dedicated to eliminating security vulnerabilities by equipping developers with secure training, design practices, and secure defaults. Previously, Ariel managed the Product Security team at Twilio and played a key role in promoting... Read More →

Lakshmi Sudheer

Engineering Manager, AppSec, Netflix

Lakshmi currently leads Netflix’s Application Security team. She has over a decade of security experience and has presented at numerous conferences, including AppSec USA and DEF CON. She’s a strong proponent of “secure-by-default” practices and crowdsourced security, and she’s... Read More →

Ken Johnson

CTO & Co-Founder, DryRun Security

Ken Johnson has been hacking web applications professionally for 14 years and given security training for 11 of those years. Ken is both a breaker and builder and is the CTO & Co-Founder of DryRun Security. Previously, Ken was a Director with GitHub's Product Security Engineering... Read More →

Sunday April 27, 2025 1:15pm - 2:00pm PDT
AMC Theatre 13 AMC at Metreon

Panel

1:15pm PDT

AI's Bitter Lesson for SOCs: Let Machines Be Machines

Sunday April 27, 2025 1:15pm - 2:00pm PDT

AMC Theatre 11

We've been forcing AI to imitate human analyst workflows, but what if that's holding both machines and humans back? Through real-world experiments at Anthropic, we'll show how letting AI tackle security problems its own way can allow humans to focus on the nuanced work machines can't do (yet).

Speakers

Jackie Bow

Technical Staff, Anthropic

A Jackie-of-all- trades, master of some, Jackie seems to be physically unable to stop returning to threat detection and response. Her 15 years in the industry have been spent across multiple disciplines including malware analysis, reverse engineering, infrastructure and product security... Read More →

Peter Sanford

Sunday April 27, 2025 1:15pm - 2:00pm PDT
AMC Theatre 11 AMC at Metreon

Presentation, Deep Dive

1:15pm PDT

Confidential Computing: Protecting Customer Data in the Cloud

Sunday April 27, 2025 1:15pm - 2:00pm PDT

AMC Theatre 14

Ever wonder how your data is really handled in the cloud? Confidential Computing gives you an answer by isolating your data and cryptographically proving what code was run. This talk dives into the hardware and software behind Confidential Computing, and how to ship it in real-world cases.

Speakers

Jordan Mecom

Sunday April 27, 2025 1:15pm - 2:00pm PDT
AMC Theatre 14 AMC at Metreon

Presentation, Deep Dive

1:15pm PDT

CyberCAN: A Roadmap for Municipal Support of Nonprofit Cybersecurity in SF

Sunday April 27, 2025 1:15pm - 2:00pm PDT

AMC Theatre 06

UC Berkeley studied 68 San Francisco nonprofits to assess their cybersecurity needs, resources, and adoption of protective controls. Our findings include actionable recommendations for the City of San Francisco to improve support for nonprofits and boost resilience against growing cyber threats.

Speakers

Sarah Powazek

UC Berkeley CLTC

Sarah Powazek is the Program Director of Public Interest Cybersecurity at the UC Berkeley Center for Long-Term Cybersecurity (CLTC), where she leads flagship policy and research work to help under-resourced public interest organizations improve their defenses. Sarah co-leads the Consortium... Read More →

Shannon Pierson

Senior Fellow of Public Interest Cybersecurity, UC Berkeley Center for Long-Term Cybersecurity

Shannon Pierson is a senior fellow of Public Interest Cybersecurity at the UC Berkeley Center for Long-Term Cybersecurity (CLTC), where she leads research initiatives focused on strengthening the cybersecurity of organizations that often fall through the cracks of cyber defense—namely... Read More →

Sunday April 27, 2025 1:15pm - 2:00pm PDT
AMC Theatre 06 AMC at Metreon

Presentation, Deep Dive

1:30pm PDT

Iron-Clad PKI: Crypto Agility for the Quantum Era

Sunday April 27, 2025 1:30pm - 2:00pm PDT

AMC Theatre 07

Quantum computing is breaking RSA/ECC; your PKI is at risk! Learn strategies to align with NIST PQC standards and secure your cryptographic resilience for the post-quantum era.

Speakers

Prasanth Sundararajan

Head of Product Security, Appviewx Inc

Sunday April 27, 2025 1:30pm - 2:00pm PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

1:30pm PDT

Lessons from Running a Product Security-Focused Cybersecurity Clinic

Sunday April 27, 2025 1:30pm - 2:00pm PDT

AMC Theatre 09

We established Stanford's product security clinic in 2023 to help community organizations secure the software services they offer, diverging from traditional university cybersecurity clinics that focus on corporate security. Here's what we learned from our first two years of operation.

Speakers

Aditya Saligrama

Joey Holtzman

Sunday April 27, 2025 1:30pm - 2:00pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

1:30pm PDT

The Power of Persuasion: Better Security Through... Manipulation?

Sunday April 27, 2025 1:30pm - 2:00pm PDT

AMC IMAX

Security’s weakest link comes with ten fingers, ten toes and an uncanny ability to find ways past your thoughtfully implemented controls. Learn well-tested psychology principles that drive positive security outcomes. From social proof to reciprocity, small changes in approach bring outsized results.

Speakers

Nate Lee

Sunday April 27, 2025 1:30pm - 2:00pm PDT
AMC IMAX AMC at Metreon

Presentation, General

1:30pm PDT

Day of Shecurity

Sunday April 27, 2025 1:30pm - 2:30pm PDT

AMC Theatre 03

Interested in Day of Shecurity/Security Diversity? Welcome to anyone who has attended an event before or are curious to attend in the future.

Sunday April 27, 2025 1:30pm - 2:30pm PDT
AMC Theatre 03 AMC at Metreon

Meetup

2:15pm PDT

Don't Trust, Verify! - How I Found a CSRF Bug Hiding in Plain Sight

Sunday April 27, 2025 2:15pm - 2:45pm PDT

AMC Theatre 14

This talk explores the discovery of a long-standing CSRF (Cross-Site Request Forgery) vulnerability in the popular gorilla/csrf Go library. The goal is to encourage the audience to perform vulnerability research experiments in their own commonly used tools.

Speakers

Patrick O'Doherty

Member of Technical Staff, Tailscale

Sunday April 27, 2025 2:15pm - 2:45pm PDT
AMC Theatre 14 AMC at Metreon

Presentation, General

2:15pm PDT

Mapping the SaaS Attack Surface

Sunday April 27, 2025 2:15pm - 2:45pm PDT

AMC Theatre 07

In this presentation, attendees will be introduced to the concept of SaaS attack surface mapping. We will conduct an analysis of current techniques while also unveiling novel approaches that have not been previously disclosed. We will release an open-source tool designed to implement this.

Speakers

Jaime Blasco

Cofounder / CTO, Nudge Security

Jaime Blasco is known for his security research and efforts to enable more collaborative threat-intelligence sharing. He is CTO and co-founder of Nudge Security. Using a patented, network-less approach to SaaS discovery and governance, Nudge Security drives meaningful behavioral change that strengthens SaaS security postures without disrupting the pace of work. Previously, he led the threat intelligence and data science unit at AT&T Alien Labs. Pr... Read More →

Sunday April 27, 2025 2:15pm - 2:45pm PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

2:15pm PDT

Radical Results: A Security Org's Version of Radical Candor

Sunday April 27, 2025 2:15pm - 2:45pm PDT

AMC IMAX

Security practitioners are put in tough positions whether you're new to security or an experienced CISO. Based on "Radical Candor", you'll leave this talk with new perspective on the way security teams are perceived by their peers and how to optimize the good and minimize the unavoidable bad.

Speakers

Evan Johnson

CEO, RunReveal

Sunday April 27, 2025 2:15pm - 2:45pm PDT
AMC IMAX AMC at Metreon

Presentation, General

2:15pm PDT

Third-party Risk Management: SOC 2s, Security Questionnaires, and Psychosis

Sunday April 27, 2025 2:15pm - 2:45pm PDT

AMC Theatre 09

Condemning “check-box” vendor risk management and security questionnaires is a hot talking point nowadays. This talk will discuss the related but distinct problems in the TPRM space and offer practical, creative solutions to help deliver high-value outcomes via third-party risk management.

Speakers

Eleanor Mount

Security Risk and Compliance Manager, Asana

Eleanor is a Security Risk and Compliance Manager at Asana, where she has helped build and scale GRC programs from the ground up, including risk management, customer trust, and the implementation of new security compliance frameworks. Prior to Asana, she worked in the health technology... Read More →

Sunday April 27, 2025 2:15pm - 2:45pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

2:15pm PDT

Sponsor Passport Raffle

Sunday April 27, 2025 2:15pm - 3:00pm PDT

Participant Hall

Visit the sponsor booths throughout the Participant Hall and learn more about the companies that have made this year’s event possible. You’ll be introduced to new products, services, and even career opportunities. At many booths you can also acquire one of the stamps needed to complete the Sponsor Passport. Drop your completed card into the raffle box located at the BSidesSF booth to be entered into the raffle. The raffle will take place on the stage near Lockpick Village. Please note, you must be present to win.

Sunday April 27, 2025 2:15pm - 3:00pm PDT
Participant Hall City View at Metreon

General

2:15pm PDT

CISO Series Podcast - LIVE!

Sunday April 27, 2025 2:15pm - 3:00pm PDT

AMC Theatre 13

Live audience recording of the CISO Series Podcast packed with CISO debate, questions from the audience, "What's Worse?!," and last year's favorite, "What is Dave's Mom Talking About?"

Note: This talk begins with a quick photo with the audience; they will ask if anyone is uncomfortable with it. Overflow will not be photographed.

Speakers

David Spark

Producer, CISO Series

David Spark is the producer of the CISO Series, a media channel of blogs, podcasts, and videos all on the cybersecurity ecosystem. Less than a year old, the CISO Series has hit a nerve in the InfoSec industry as it has acted as a much needed mouthpiece for the dysfunctional yet much... Read More →

Andy Ellis

Alexandra Landegger

Sunday April 27, 2025 2:15pm - 3:00pm PDT
AMC Theatre 13 AMC at Metreon

Panel, Podcast

2:15pm PDT

Compliance Without the Chaos: Building It Right Into Your DevOps Pipeline

Sunday April 27, 2025 2:15pm - 3:00pm PDT

AMC Theatre 06

Compliance often feels like the party crasher in the DevOps world- unwanted, and slowing everyone down. But what if compliance could be an insider, seamlessly fitting into your CI/CD pipeline without breaking a sweat? In this talk, we’ll tackle the age-old battle between engineers and compliance.

Speakers

Varun Gurnaney

Staff Security Engineer, GRC Engineering

Security Engineer in of San Francisco. Previously held security roles at Robinhood, Zendesk and EY. I didn’t watch the eclipse

Sunday April 27, 2025 2:15pm - 3:00pm PDT
AMC Theatre 06 AMC at Metreon

Presentation, Deep Dive

2:15pm PDT

Securing AI Agents: Exploring Critical Threats and Exploitation Techniques

Sunday April 27, 2025 2:15pm - 3:00pm PDT

AMC Theatre 11

Our talk will focus on securing autonomous AI agents by addressing their unique threats. We will dive into threat modeling of real-world autonomous AI systems, model poisoning attacks with hacking demos, and then explore advanced prompt injection techniques and mitigation strategies.

Speakers

Naveen Konrajankuppam Mahavishnu

Mohankumar Vengatachalam

Sunday April 27, 2025 2:15pm - 3:00pm PDT
AMC Theatre 11 AMC at Metreon

Presentation, Deep Dive

2:45pm PDT

Building Adversary Emulation Capabilities in Your Organization

Sunday April 27, 2025 2:45pm - 4:45pm PDT

AMC Theatre 02

See registration to determine current session availability. Event filled in Sched to limit confusion.
YOU ARE REQUIRED TO REGISTER AT https://bsidessf.regfox.com/2025 TO ATTEND THIS WORKSHOP (i.e. this session cannot be reserved with Sched)
-----
This hands-on workshop equips participants to emulate real-world threat actors in a controlled lab with enterprise-grade defenses (AV, EDR, web proxies). Topics include threat intelligence, adversary emulation planning, threat hunting, custom simulations, and assessing security controls.

Speakers

Abhijith "Abx" B R

Sunday April 27, 2025 2:45pm - 4:45pm PDT
AMC Theatre 02 AMC at Metreon

Workshop

2:45pm PDT

Harnessing GenAI for Cutting-Edge Detection Engineering

Sunday April 27, 2025 2:45pm - 4:45pm PDT

AMC Theatre 01

See registration to determine current session availability. Event filled in Sched to limit confusion.
YOU ARE REQUIRED TO REGISTER AT https://bsidessf.regfox.com/2025 TO ATTEND THIS WORKSHOP (i.e. this session cannot be reserved with Sched)
-----
As adversary tactics evolve, detection must keep pace. This workshop shows how GenAI generates high-fidelity detection rules, automates TTP analysis, and translates threat intel into platform-agnostic detections. Learn to optimize rules, analyze threat data, and identify threats with precision.

Speakers

Matt Bromiley

Sunday April 27, 2025 2:45pm - 4:45pm PDT
AMC Theatre 01 AMC at Metreon

Workshop

3:00pm PDT

A Deep Dive into the Triad Nexus Pig Butchering & Money Laundering Network

Sunday April 27, 2025 3:00pm - 3:30pm PDT

AMC IMAX

The presentation will cover research into pig butchering scams connected to FUNNULL CDN-hosted money laundering, retail phishing campaigns targeting luxury brands, and more. Technical analysis steps will be provided and explained in-depth as we cover this threat which we have dubbed “Triad Nexus."

Speakers

Zach Edwards

Sunday April 27, 2025 3:00pm - 3:30pm PDT
AMC IMAX AMC at Metreon

Presentation, General

3:00pm PDT

Care and Feeding of HSMs: Key Management in Hard Mode

Sunday April 27, 2025 3:00pm - 3:30pm PDT

AMC Theatre 14

Cryptography's dirty secret: your security is only as strong as your key management. Dive into the treacherous world of HSMs, which promise salvation but deliver operational nightmares and hidden costs. HSMs: not for the faint of heart!

Speakers

Nick Pelis

Security Engineering Manager, Verkada

Sunday April 27, 2025 3:00pm - 3:30pm PDT
AMC Theatre 14 AMC at Metreon

Presentation, General

3:00pm PDT

Intro to Privacy-Enhancing Technologies (PETs)

Sunday April 27, 2025 3:00pm - 3:30pm PDT

AMC Theatre 07

Privacy-Enhancing Technologies (PETs) are transforming data handling by ensuring privacy and security throughout the data lifecycle. This talk explores the latest advancements in PETs, focusing on Secure Multiparty Computation (MPC), Homomorphic Encryption (HE), and their real-world applications.

Speakers

Harshal Shah

Sr. Software Engineer

Sunday April 27, 2025 3:00pm - 3:30pm PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

3:00pm PDT

There and Back Again: Discovering OT Devices Across Protocol Gateways

Sunday April 27, 2025 3:00pm - 3:30pm PDT

AMC Theatre 09

Operational Technology (OT) describes devices that control things in the real world, like factories and generators. This talk discusses the security implications of the convergence of IT and OT, with deep dives into OT protocols and device discovery — even behind legacy protocol gateways.

Speakers

Rob King

Sunday April 27, 2025 3:00pm - 3:30pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

3:15pm PDT

15 Years of BSidesSF: Behind the Scenes AMA

Sunday April 27, 2025 3:15pm - 4:00pm PDT

AMC Theatre 13

After 15 years, we have more than few stories to share. Come hear how we've grown (and survived) from a panel of our most experienced BSidesSF organizing veterans.

Speakers

Reed Loden

Ricky

Organizer, Security Generalist, BSidesSF

Steve

Steve Sekiguchi, a seasoned hacker, information security expert, researcher, and developer, possesses over four decades of experience in the field. His expertise lies in anticipating emerging trends and providing organizations with the requisite knowledge and awareness to safeguard... Read More →

Tania McClain

Senior Account Executive, GuidePoint Security

Over 25 years experience helping clients and partners in IT & IT Security. My passion lies in connecting teams with the right contacts/experts and/or solutions to make everyone's lives easier.When I'm not working, I like to take my RV out, hang out with friends, and listen to live... Read More →

Meghan Manfre

Sunday April 27, 2025 3:15pm - 4:00pm PDT
AMC Theatre 13 AMC at Metreon

Panel

3:15pm PDT

How to Tame Your Dragon: Productionizing Agentic Apps Reliably and Securely

Sunday April 27, 2025 3:15pm - 4:00pm PDT

AMC Theatre 11

Taming dragons is risky—so is deploying agentic apps. Like dragons, they’re unpredictable, with threats like hallucinations, non-determinism, vast input spaces, and attacker prompt injections. We show how open-source tools tame the beast, so you can confidently deploy AI agents in production.

Speakers

Thomas Vissers

Blue41 | KU Leuven

Thomas Vissers specializes in the dynamic intersection of cybersecurity and AI. He packs 10 years of experience in developing and operating production-grade AI security systems. Previously at Cloudflare, he served as an engineering leader for data-driven security products, scaling... Read More →

Tim Van hamme

co-lead Blue41, PostDoc, Blue41, DistriNet, KU Leuven

Tim Van hamme is a computer scientist specialized in AI security and behavioral analysis, leading research at KU Leuven's DistriNet on secure and trustworthy AI adoption. As co-lead of Blue41, he bridges rigorous academic research with industry applications, helping organizations... Read More →

Sunday April 27, 2025 3:15pm - 4:00pm PDT
AMC Theatre 11 AMC at Metreon

Presentation, Deep Dive

3:15pm PDT

Slaying the Dragons: A Security Professional’s Guide to Malicious Packages

Sunday April 27, 2025 3:15pm - 4:00pm PDT

AMC Theatre 06

This session reveals how attackers exploit typosquatting, author impersonation, and innovative malware campaigns to infiltrate software supply chains. Learn practical threat hunting methodologies and gain step-by-step guides to detect, analyze, and defend against these software supply chain dragons.

Speakers

Kirill Boychenko

Sunday April 27, 2025 3:15pm - 4:00pm PDT
AMC Theatre 06 AMC at Metreon

Presentation, Deep Dive

3:45pm PDT

Follow the Trace: How Traditional AppSec Tools Have Failed Us

Sunday April 27, 2025 3:45pm - 4:15pm PDT

AMC Theatre 09

Join the journey of an application data trace as it navigates runtime application security. Follow a trace through an application, uncovering how tools like RASP provide real-time insights, detect threats, and block attacks. Learn how traces enhance security by revealing vulnerabilities in action.

Speakers

Kennedy Toomey

Application Security Researcher & Advocate, Datadog

Kennedy Toomey is an Application Security Researcher & Advocate at Datadog. Previously she was an Application Security Engineer where she spent her time working with developers to help fix vulnerabilities and write more secure code.

Sunday April 27, 2025 3:45pm - 4:15pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

3:45pm PDT

Is Vulnerability Management Dead? A Security Architect’s Survival Guide

Sunday April 27, 2025 3:45pm - 4:15pm PDT

AMC Theatre 07

This session discusses the necessary shift from traditional vulnerability management and explores a security architect's journey in building a robust cloud risk remediation program. We will outline best practices for risk prioritization & triage, navigating IaC & cloud-native mitigating controls.

Speakers

Snir Ben Shimol

CEO | CSO, ZEST Security

Sunday April 27, 2025 3:45pm - 4:15pm PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

3:45pm PDT

Scalably Securing Third-party Dependencies in Heterogeneous Environments

Sunday April 27, 2025 3:45pm - 4:15pm PDT

AMC IMAX

Learn how Anthropic automates dependency security at scale across diverse infrastructure and environments while still letting engineers use the tools and dependencies they need. We'll explore Dependant, our tool to enforce our dependency posture at the network level, and how users interact with it.

Speakers

Ziyad Edher

Software Engineer, Anthropic

Chris Norman

Member of Technical Staff, Anthropic

Sunday April 27, 2025 3:45pm - 4:15pm PDT
AMC IMAX AMC at Metreon

Presentation, General

3:45pm PDT

Shadow IT Battlefield: The CyberHaven Breach and Defenses That Worked

Sunday April 27, 2025 3:45pm - 4:15pm PDT

AMC Theatre 14

Discover how the Cyberhaven breach case exposed critical Shadow IT risks — and the proactive allowlist strategy that minimized business disruption. The proactive controls saved our 40M+ users from being impacted. Gain insights, metrics, and a blueprint for continuous monitoring.

Speakers

Rohit Bansal

Zach Pritchard

Sunday April 27, 2025 3:45pm - 4:15pm PDT
AMC Theatre 14 AMC at Metreon

Presentation, General

4:15pm PDT

The Silent Breach: Security Threats in Google Workspace

Sunday April 27, 2025 4:15pm - 4:45pm PDT

AMC Theatre 06

Google Workspace enables enterprise productivity, but attackers exploit logging gaps to escalate privileges, exfiltrate data, and evade detection. This talk reveals real-world attacks that bypass monitoring and shares techniques to investigate these threats, even without sufficient logs.

Speakers

Rex Guo

Khang Nguyen

Sunday April 27, 2025 4:15pm - 4:45pm PDT
AMC Theatre 06 AMC at Metreon

Presentation, General

4:15pm PDT

Slaying Dragons Together: Multidisciplinary Solutions to Security Issues

Sunday April 27, 2025 4:15pm - 5:00pm PDT

AMC Theatre 13

Tired of facing the same dragons alone? Join MITRE security and strategy experts to explore how collaborative models and teams can help you tackle your biggest challenges, turning individual lessons learned into repeatable community wins. Build a winning battalion and collective battle plan.

Speakers

Stanley Barr

Mary C Yang

Leslie Z Anderson

Innovation and Industry Engagement, MITRE

Sunday April 27, 2025 4:15pm - 5:00pm PDT
AMC Theatre 13 AMC at Metreon

Panel

4:15pm PDT

GenAI Application Security: Not Just Prompt Injection

Sunday April 27, 2025 4:15pm - 5:00pm PDT

AMC Theatre 11

As generative AI adoption grows, its interconnected components — agents, vector databases, and LLMs — introduce complex security risks. This session examines these concerns, offering actionable strategies to secure agent interactions, protect models, and fortify data workflows.

Speakers

Ahmed Abugharbia

Cyberdojo

Sunday April 27, 2025 4:15pm - 5:00pm PDT
AMC Theatre 11 AMC at Metreon

Presentation, Deep Dive

4:30pm PDT

Fireproof Your Castle with Risk-First GRC

Sunday April 27, 2025 4:30pm - 5:00pm PDT

AMC Theatre 07

GRC teams can be more than just gridlock, red tape, and checklists. By prioritizing a risk-first approach, leveraging both quantitative and qualitative methodologies, and adopting principles-based compliance, GRC becomes a proactive force that empowers organizations to effectively combat security.

Speakers

Aakash Yadav

Lindsey Pilver

Sunday April 27, 2025 4:30pm - 5:00pm PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

4:30pm PDT

How to Pull Off a Near Undetectable DDoS Attack (And How to Stop It)

Sunday April 27, 2025 4:30pm - 5:00pm PDT

AMC IMAX

What happens when a bad actor has access to millions of browsers? They can pull off a massive attack.

Speakers

Simon Wijckmans

Sunday April 27, 2025 4:30pm - 5:00pm PDT
AMC IMAX AMC at Metreon

Presentation, General

4:30pm PDT

Round and Around We Go: Interviews, What Do You Know?

Sunday April 27, 2025 4:30pm - 5:00pm PDT

AMC Theatre 09

In this talk, I’ll discuss hiring trends for Security Engineers and Leaders in 2024, covering metrics like time to hire, interview rounds, formats, and rejection trends. Data comes from 30+ placements at 10+ tech startups, mainly in SF, offering insights into the cybersecurity hiring landscape.

Speakers

Erin Barry

Sunday April 27, 2025 4:30pm - 5:00pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

4:30pm PDT

Understanding IRSF Fraud: Protecting Against SMS Exploitation

Sunday April 27, 2025 4:30pm - 5:00pm PDT

AMC Theatre 14

Attackers making money from MY 2FA? It's more likely than you think! SMS is a common 2FA method but creates risk: International Revenue Share Fraud, inflating SMS traffic to siphon revenue. Attendees will learn how to detect and mitigate IRSF with Cloudflare, OpenAI, and Datadog.

Speakers

Vien Van

Gusto

Senthil Sivasubramanian

Eng Leader, Gusto

Sunday April 27, 2025 4:30pm - 5:00pm PDT
AMC Theatre 14 AMC at Metreon

Presentation, General

5:15pm PDT

Closing Remarks

Sunday April 27, 2025 5:15pm - 5:45pm PDT

AMC Theatre 13

Closing Remarks

Sunday April 27, 2025 5:15pm - 5:45pm PDT
AMC Theatre 13 AMC at Metreon