Visit the sponsor booths that line the walls of the Participant Hall and learn more about the companies that have made this year’s event possible. You’ll be introduced to new products, services, and career opportunities. At each booth you can also obtain one of the stamps you need to complete your Sponsor Passport (which can be found in the bag you received at registration).
Saturday April 26, 2025 9:00am - 5:00pm PDT
Participation HallCity View at Metreon
Come play our awesome CTF! Everyone is welcome to participate as the competition features a range of challenges at all difficulty levels. In case you find yourself in need of assistance, we have folks onsite who can provide hints and guidance. All that is needed to participate is a laptop.
The server is available all weekend long, and anyone is welcome to play. Server information is at https://bsidessf.org/ctf
At least one player must be onsite to claim any prizes won.
Take a break from the day’s events with a stop at the Bar and Chill Out Space. Two complimentary drink tickets were provided to you at registration. We already paid for them, so please use them!
Enjoy the SF skyline from the Lounge. Located on the patio next to the tent, the Lounge includes comfortable places to rest and relax, as well as lawn games to play.
Our villages are returning! Come engage with multiple different hands-on opportunities to learn new skills, practice skills, or share your knowledge. We have a broad selection of villages planned for this year and will be releasing the line-up soon.
Saturday April 26, 2025 9:00am - 5:30pm PDT
Participation HallCity View at Metreon
Have a question or comment about the event that you’d like to share? Drop by the Info Desk and chat with members of the BSidesSF staff and volunteer teams.
Saturday April 26, 2025 9:00am - 6:30pm PDT
LobbyCity View at Metreon
Pick up pre-purchased event t-shirts and purchase t-shirts for the current and previous years. Please note, we have limited t-shirt quantities. Proceeds benefit three charities. You select 1 of the 3 charities we've selected by voting, and we donate to all of the charities based on the vote percentages.
Saturday April 26, 2025 11:00am - 9:00pm PDT
Coat CheckCity View at Metreon
What's it look like when someone spends hours fine-tuning llama 3.1 to be the most destructive hacking robot the world has ever seen, with a pure goal of causing damage, with no safeguards? Are we ready for that? Not a pentesting bot with guardrails; a harbinger of chaos, tasked only with spreading.
This talk will explore the hidden access patterns to the crown jewels, including most-common access patterns, hidden paths and popular backdoors left by engineers to get their jobs done. We will discuss practical tips to understand the problem and work on removing the hidden access paths.
Uncover the hidden risks of AI! Join this BoF session to explore frameworks for identifying system failures, understand new safety harm categories with Gen AI, possible mitigations and practical ways to govern, build and respond to AI Safety threats. Don't let what you don't know hurt you!
Every security expert faces three dragons: the voice that whispers 'not expert enough,' the shadow that hides achievements, and the fear of claiming recognition. Ready to step out of the shadows and into your power as a security leader? The dragons await—will you answer the call?
Join AppSec leaders from Chime, Twilio, Rippling, (ex)Snowflake, and Datadog to explore how successful security teams act as organizational glue. Learn how to scale security impact by building essential partnerships across platform engineering, compliance, threat detection teams, and more!
Ever wanted to start fresh and train the "detection and response" dragon? Hear my account of how I did this (and hope to continue building!) from scratch with learnings from my professional experience so far!
Information stealer malware is underestimated by our industry. In this deep-dive, we look into what is captured by them – desktop screenshots, password vaults, browser extensions, MFA bypass material, etc. –, cover the Redline takedown, and offer defensive countermeasures including code and samples.
As Netflix enters live streaming, fraud prevention stakes rise significantly. This talk offers an insider's view of strategies and challenges in tackling fraud during live events, focusing on preparing for the unpredictable and maintaining robust defenses amidst this unpredictability.
I’ve been working in security ops for 20 years. Most SOCs struggle because of one big mistake: don’t let this happen to you. I will step you through how to organize a SOC: what should go in it, what should probably stay out, and what your SOC will look like if you get it right.
So you've just battled a dragon: how quickly and effectively can you fight the next one? We dive into Resiliency by Design for an AI search / chat product - based on considerations like uptime, disaster recovery, availability, fault testing etc, while meeting audit/compliance & privacy regulations.
Are you aspiring to break into cybersecurity or looking to take your career to the next level but don’t have a mentor to guide you? This talk is for you. We'll dive into practical advice to guide your career journey, based on real-world questions asked by my mentees.
Visit the sponsor booths throughout the Participant Hall and learn more about the many of the companies that have made this year’s event possible. You’ll be introduced to new products, services, and even career opportunities. At many booths you can also acquire one of the stamps needed to complete the Sponsor Passport, which can be found in the bag you received at registration. Drop your completed card into the Sponsor Passport raffle box located at the BSidesSF booth to be entered into the raffle. Please note you must be present to win.
Saturday April 26, 2025 12:30pm - 1:00pm PDT
TBDCity View at Metreon
See registration to determine current session availability. Event filled in Sched to limit confusion. YOU ARE REQUIRED TO REGISTER AT https://bsidessf.regfox.com/2025 TO ATTEND THIS WORKSHOP (i.e. this session cannot be reserved with Sched) ----- Capture the Flag events are exciting and competitive. But, they can be scary to developers and security practitioners who have never participated in them.
In this session, I introduce CTFs, discuss their benefits to developers, and examine an easy and medium-difficulty CTF challenge in depth.
See registration to determine current session availability. Event filled in Sched to limit confusion. YOU ARE REQUIRED TO REGISTER AT https://bsidessf.regfox.com/2025 TO ATTEND THIS WORKSHOP (i.e. this session cannot be reserved with Sched) ----- This two hour workshop on Shifting Left guides BSides SF participants through integrating security tooling into a GitHub Actions based DevSecOps CI/CD pipeline.
BSides SF attendees will learn about setting up basic CI/CD processes that incorporate security using both open source and commercial tool
In this talk, we will take you through our journey of bringing a high stakes SaaS product to the Chinese market while exploring the challenges we faced and sharing what we learned. We will offer insights and practical advice for navigating the unique threats of the Chinese market for global company.
Learn to build your own treasure map of how attackers might move laterally through your company’s assets. We’ll provide a conceptual engineering framework for attack path analysis, recommend no- or low-cost tools, share examples, and release an open-source attack graph ontology to learn from.
Hybrid environments complicate network egress. Learn how Block centralized network egress policies and ensured consistent deployment of rules across diverse enforcement endpoints—regardless of type or location—enabling secure, scalable, and streamlined outbound traffic management.
New specializations have emerged in this AI-adoring age, but where does that leave security practitioners? Good news: if you know web application security, you can secure AI uses too. This talk examines normal web app security issues relevant to any LLM-based app—and the handful unique to AI.
A unique name server linked to Iran-nexus cyber activity reveals a broader set of malicious name servers with potential nation-state tires. Learn how passive DNS data connects a single typosquatting domain to multiple name servers being used to for malware distribution.
Discover how AI is reshaping cybersecurity careers in this dynamic panel discussion. Join industry experts as they tackle pressing questions about AI-driven skills, job evolution, and adapting to an ever-changing landscape. Gain actionable insights to future-proof your career!
What does it take to secure 3 billion users on the world’s leading mobile platform? This session dives into Android security from a holistic perspective.
Network security is important, but what about the networks that serve your network?
In this talk I go over my methodology and findings performing a security audit of some local ISPs. I’ll outline how simple vulnerabilities and configuration mistakes are still making it to these production networks,
Imagine a cybercriminal accessing your network with credentials bought on the dark web—they walk in unnoticed. Attackers aren't breaking in—they're logging in. With 80% of attacks involving stolen credentials, discover how Automated Credential Threat Monitoring (ACT) keeps you ahead of threats
Enterprise AI search tools like Glean and Guru aggregate all your company’s data into a single, easy-to-navigate interface. Think of it as Google, but for juicy, sensitive corporate information. In this session, we’ll explore effective threat modeling and controls when deploying these tools.
The Russian hacktivist group Killnet was a cyber army directed by a few to cause harm. With a checkered history and inconsistent behaviors, deciphering who is behind this group was challenging, but we’ll lift this veil and share a personal story of disrupting and unbalancing Killnet into chaos.
See registration to determine current session availability. Event filled in Sched to limit confusion. YOU ARE REQUIRED TO REGISTER AT https://bsidessf.regfox.com/2025 TO ATTEND THIS WORKSHOP (i.e. this session cannot be reserved with Sched) ----- Frustrated with your current security toolset and ready to build a better solution? You can—but it's harder than it looks! Join us to learn how to scope and design cybersecurity MVPs that attract customers, solve security problems, and draw VC interest.
See registration to determine current session availability. Event filled in Sched to limit confusion. YOU ARE REQUIRED TO REGISTER AT https://bsidessf.regfox.com/2025 TO ATTEND THIS WORKSHOP (i.e. this session cannot be reserved with Sched) ----- Threat modeling is vital for secure systems but often seems daunting. In Practical Threat Modeling, you'll explore core concepts, frameworks, and tools, adopt an attacker's mindset, and tackle real-world scenarios. Learn to integrate threat modeling into Agile workflows and apply skills to enhance
GraphQL APIs offer flexibility and efficiency but often introduce security risks that remain hidden in the shadows. In this session, we’ll share findings from scanning GraphQL APIs, revealing vulnerabilities like schema leaks, brute-force risks, and GraphQL-specific "bomb" attacks.
Anyone can build simple LLM–based tools that streamline security tasks. Join us to learn how, with short prompts and very little code, you can do more with less by automating IAM, threat detection, and vuln management workflows. Get tips and prebuilt used-in-prod examples to play with on your own.
LOL - a lot less funny than it sounds - (living off the land) attacks have been around for several years, now it is time for LOC (living off the cloud) attacks. With cloud services becoming a core part of engineering today, it is no wonder attackers see this as a high-value attack vector.
For the last 6 years we have been tracking the activities of the cyber-mercenaries Dark Caracal. In this time we have observed them make a number of hilarious mistakes which have allowed us to gain insights into their activities and targets and see just how effective they actually are despite it all
The human mind is both a strength and a vulnerability in cybersecurity. This panel explores the neuroscientific roots of burnout and examines how cognitive load, stress and mental resilience impact cybersecurity professionals, offering fresh strategies to tackle the complexities of cyber threats
While seemingly local, services running on localhost are accessible to the browser using a flaw we found, exposing the ports on the localhost network interface, and leaving the floodgates ajar to remote network attacks. This session will dive into the 0.0.0.0 exploit research conducted by the team.
We uncovered a data exfiltration technique, capable of bypassing all major DLP vendors listed by Gartner. We will dissect the architectural flaws in endpoint and proxy-based DLP, showcase live bypass demos, and launch Angry Magpie, an open-source toolkit for red teams to replicate these attacks.
When an outside threat becomes an insider threat, are your hiring practices prepared to catch it? In this session, you’ll learn how to examine the tactics of fraudulent job seekers and how to collaborate with talent teams to secure your hiring pipeline *and* protect your organization.
If you see a phishing email or domain that’s a public IoC, it’s already too late. Our research team’s approach to threat detection finds more DNS artifacts and adversary infrastructure as they are created and maps intent before it can be weaponized. This session will show how you can do the same.
In the vast sea of security data, how do we efficiently find malicious activity and turn it into actionable intelligence? This presentation introduces data-driven detection engineering, showcasing a data-first approach to building detection rules and threat feeds.
We monitored public changelogs of popular open-source projects to detect unreported security fixes. We found 600+ vulnerabilities, 25% high or critical, with most never being reported. We achieved this by using dual LLM models to monitor change logs and verify the result with our security engineers.
This talk compares APRS and Meshtastic protocols for decentralized communications, examining their security models, vulnerabilities, and real-world applications. We will explore how these systems handle encryption, authentication and their attack surface with live demonstrations.
Discover how Yelp's Infrastructure Security team transformed past challenges and failures into success by shifting authentication and authorization from the infrastructure to the application layer. Learn how this pragmatic approach met all security requirements applicable to Yelp's threat model.
As cloud adoption grows, attackers exploit its unique attack surface. This talk explores atomic IOCs (e.g., IAM metadata, container IDs) and behavioral IOCs (e.g., API activity), featuring real-world examples like threat actor "Bapak" and insights to enhance cloud detection, hunting, and response.
INCIDENT DECLARED! As Incident Commander, team up with your product and privacy leads to navigate the response. Will you launch a forensics investigation? Draft a customer notice? You decide in this choose-your-adventure talk.
Residential proxies are the weapon of choice for bots bypassing defenses by mimicking legit traffic. This talk unpacks how machine learning can expose and mitigate these threats at scale. Expect actionable insights for improving detections while minimizing false positives.
Dive into the challenges of LLMs in cybersecurity as we explore the process of fine tuning an LLM to handle the task of secret detection in code and be efficient enough to run on any laptop. Can LLMs with low inference times pave the way for new detection methods that were previously overlooked?
Cyber Mercenaries have become a favorite tactic of nation states around the world in the past decade. They spy on activists, civil society, and journalists. They work with countries that have no regard for human rights. This panel of infosec leaders will discuss the problem and potential solutions.
From p0f to MuonFP and JA4+, learn how network fingerprinting evolved. See how each step helps security teams spot malicious traffic, detect scanners, and more. Attendees gain real-world use cases and practical tips to deploy fingerprinting for monitoring and threat hunting.
Security policies must consider human psychological traits for effectiveness. We'll contrast this with security needs for Non-Human Identities and argue that AI has its own "psychological traits" requiring tailored approaches to secure systems against AI-specific threats.
Welcome to the neon-lit abyss of BSidesSF's dystopian bash, where the boundary between man and machine blurs. Amidst the techno-frenzy, Balinese dancers weave an interpretive tale of technology's ethical struggles. Each movement is a haunting reminder of the delicate balance between promise and peril in our digital age. Welcome to a party where the future is both thrilling and terrifying, welcome to AI.
Have a question or comment about the event that you’d like to share? Drop by the Info Desk and chat with members of the BSidesSF staff and volunteer teams.
Sunday April 27, 2025 9:00am - 5:00pm PDT
LobbyCity View at Metreon
Visit the sponsor booths that line the walls of the Participant Hall and learn more about the companies that have made this year’s event possible. You’ll be introduced to new products, services, and career opportunities. At each booth you can also obtain one of the stamps you need to complete your Sponsor Passport (which can be found in the bag you received at registration).
Sunday April 27, 2025 9:00am - 5:00pm PDT
Participation HallCity View at Metreon
Come play our awesome CTF! Everyone is welcome to participate as the competition features a range of challenges at all difficulty levels. In case you find yourself in need of assistance, we have folks onsite who can provide hints and guidance. All that is needed to participate is a laptop.
The server is available all weekend long, and anyone is welcome to play. Server information is at https://bsidessf.org/ctf
At least one player must be onsite to claim any prizes won.
Our villages are returning! Come engage with multiple different hands-on opportunities to learn new skills, practice skills, or share your knowledge. We have a broad selection of villages planned for this year and will be releasing the line-up soon.
Sunday April 27, 2025 9:00am - 5:00pm PDT
Participation HallCity View at Metreon
Take a break from the day’s events with a stop at the Bar and Chill Out Space. Two complimentary drink tickets were provided to you at registration. We already paid for them, so please use them!
Sunday April 27, 2025 9:00am - 5:30pm PDT
Participation HallCity View at Metreon
Enjoy the SF skyline from the Lounge. Located on the patio next to the tent, the Lounge includes comfortable places to rest and relax, as well as lawn games to play.
Sunday April 27, 2025 9:00am - 5:30pm PDT
City View TerraceCity View at Metreon
Pick up pre-purchased event t-shirts and purchase t-shirts for the current and previous years. Please note, we have limited t-shirt quantities. Proceeds benefit three charities. You select 1 of the 3 charities we've selected by voting, and we donate to all of the charities based on the vote percentages.
Sunday April 27, 2025 9:00am - 5:30pm PDT
Coat CheckCity View at Metreon
The cybersecurity industry has 5,000+ startups yet many key problems are overlooked for not being "venture scale." This talk explores alternative paths (bootstrapping, Silicon Valley Small Businesses) & talks why niche markets and smaller ideas can drive impactful solutions without unicorn pressure.
“The Four Tribes of Security Champions” is a framework to describe successful security champion programs. The tribes include: The Apprentices, The Fan Club, The Learners, and The Sentinels. We’ll explore a benchmarking tool for each tribe to pick which approach is right for you!
Explore the escalating issues in CVE data: inconsistent reporting, low-quality submissions, and outdated info. Learn why these threaten cybersecurity and what solutions can restore trust in this critical database.
During the session, we'll explore how AI systems can pose risks to organizational security and user safety. Attendees will gain insights on AI's role in modern security and actionable strategies to safeguard organizations. Join us to learn about AI threats and ways to secure digital ecosystems.
Join us as we discuss the good, the bad, and the ugly of career management in security engineering! Our panel of engineers and leaders will share stories about identifying opportunities, overcoming challenges, and setting yourself up for long-term success in the security industry.
Shift-left sounds great—catch issues early, save time, empower devs—but too often it backfires, creating noise and chaos. Learn from real-world fails, laugh at sh*t-left stories, and discover practical strategies to make shift-left work. Let’s fix AppSec, one bug at a time.
AppSec must balance usability and security, but traditional approaches often lead to disjointed efforts—developers patching blindly, detection teams creating incomplete rules, and threat hunters chasing past compromises. This talk uses eBPF to show how tracing brings context for actionable insights.
We established Stanford's product security clinic in 2023 to help community organizations secure the software services they offer, diverging from traditional university cybersecurity clinics that focus on corporate security. Here's what we learned from our first two years of operation.
Most people aren’t dragon slayers. There are dragon slayers out there, but they’re not us. EDR isn’t a dragon slayer. Neither is the SOC. That’s okay - when the dragon comes, the goal should be *survival,* not going out in a blaze of glory.
Policymakers worldwide have recently taken up product security, making prominent topics like memory safety. In this talk, hear from former CISA Senior Advisor Jack Cable on lessons learned leading CISA's Secure by Design initiative, and what a shift towards product security means for the industry.
Visit the sponsor booths throughout the Participant Hall and learn more about the many of the companies that have made this year’s event possible. You’ll be introduced to new products, services, and even career opportunities. At many booths you can also acquire one of the stamps needed to complete the Sponsor Passport, which can be found in the bag you received at registration. Drop your completed card into the Sponsor Passport raffle box located at the BSidesSF booth to be entered into the raffle. Please note you must be present to win.
Sunday April 27, 2025 12:30pm - 1:00pm PDT
TBDCity View at Metreon
See registration to determine current session availability. Event filled in Sched to limit confusion. YOU ARE REQUIRED TO REGISTER AT https://bsidessf.regfox.com/2025 TO ATTEND THIS WORKSHOP (i.e. this session cannot be reserved with Sched) ----- Join us in this workshop to engage in hands-on attacks to identify weaknesses in AI-driven chatbots. If you’re interested in learning about getting started in red teaming generative AI systems, this is the workshop for you.
See registration to determine current session availability. Event filled in Sched to limit confusion. YOU ARE REQUIRED TO REGISTER AT https://bsidessf.regfox.com/2025 TO ATTEND THIS WORKSHOP (i.e. this session cannot be reserved with Sched) ----- In this hands-on workshop we will show attendees how to onboard Okta logs into a SIEM and write detections as well as test them using open source adversary emulation tools. A basic understanding of YAML and writing detections is helpful but not required.
Join Seth Law (@sethlaw) and Ken Johnson (@cktricky), co-hosts of the Absolute AppSec Podcast, for a panel discussion on the current state of application and product security for 2025.
We've been forcing AI to imitate human analyst workflows, but what if that's holding both machines and humans back? Through real-world experiments at Anthropic, we'll show how letting AI tackle security problems its own way can allow humans to focus on the nuanced work machines can't do (yet).
Ever wonder how your data is really handled in the cloud? Confidential Computing gives you an answer by isolating your data and cryptographically proving what code was ran. This talk dives into the hardware and software behind Confidential Computing, and how to ship it in real-world cases.
UC Berkeley studied 68 San Francisco nonprofits to assess their cybersecurity needs, resources, and adoption of protective controls. Our findings include actionable recommendations for the City of San Francisco to improve support for nonprofits and boost resilience against growing cyber threats.
Quantum computing is breaking RSA/ECC, your PKI is at risk !. This session delivers a live demo on quantum-safe PKI upgrades: discover certificate weaknesses, map hybrid replacements, and align with NIST PQC standards. Learn to secure cryptographic resilience for the post-quantum era.
Security’s weakest link comes with ten fingers, ten toes and an uncanny ability to find ways past your thoughtfully implemented controls. Learn well-tested psychology principles that drive positive security outcomes. From social proof to reciprocity, small changes in approach bring outsized results.
The Secure Shell (SSH) is the most commonly exposed dedicated management protocol, second only to HTTP in terms of internet-wide exposure, and it’s had a rocky year. This presentation explores the multitude of SSH implementations, their specific weaknesses and real-world exposures.
This talk explores the discovery of a long-standing CSRF (Cross-Site Request Forgery) vulnerability in the popular gorilla/csrf Go library. The goal is to encourage the audience to perform vulnerability research experiments in their own commonly used tools.
Operational Technology (OT) describes devices that control things in the real world like factories and generators. This talk discusses the security implications of the convergence of IT and OT, with deep dives into OT protocols and device discovery -- even behind legacy protocol gateways.
Condemning “check-box” vendor risk management and security questionnaires is a hot talking point nowadays. This talk will discuss the related but distinct problems in the TPRM space and offer practical, creative solutions to help deliver high-value outcomes via third-party risk management.
Compliance often feels like the party crasher in the DevOps world- unwanted, and slowing everyone down. But what if compliance could be an insider, seamlessly fitting into your CI/CD pipeline without breaking a sweat? In this talk, we’ll tackle the age-old battle between engineers and compliance.
Our talk will focus on securing autonomous AI agents by addressing their unique threats. We will dive into threat modeling of real-world autonomous AI systems, model poisoning attacks with hacking demos, and then explore advanced prompt injection techniques and mitigation strategies.
See registration to determine current session availability. Event filled in Sched to limit confusion. YOU ARE REQUIRED TO REGISTER AT https://bsidessf.regfox.com/2025 TO ATTEND THIS WORKSHOP (i.e. this session cannot be reserved with Sched) ----- This hands-on workshop equips participants to emulate real-world threat actors in a controlled lab with enterprise-grade defenses (AV, EDR, web proxies). Topics include threat intelligence, adversary emulation planning, threat hunting, custom simulations, and assessing security controls.
See registration to determine current session availability. Event filled in Sched to limit confusion. YOU ARE REQUIRED TO REGISTER AT https://bsidessf.regfox.com/2025 TO ATTEND THIS WORKSHOP (i.e. this session cannot be reserved with Sched) ----- As adversary tactics evolve, detection must keep pace. This workshop shows how GenAI generates high-fidelity detection rules, automates TTP analysis, and translates threat intel into platform-agnostic detections. Learn to optimize rules, analyze threat data, and identify threats with precision.
The presentation will cover research into pig butchering scams connected to FUNNULL CDN-hosted money laundering, retail phishing campaigns targeting luxury brands, and more. Technical analysis step will be provided and explained in-depth as we cover this threat which we have dubbed “Triad Nexus."
Using cryptography solves certain problems but adds a new challenge: key management. This talk explores how various key types require different management approaches, then walks though an example of securing a long-lived code-signing key in an HSM, with a look at operational burdens and pitfalls.
Privacy-Enhancing Technologies (PETs) are transforming data handling by ensuring privacy and security throughout the data lifecycle. This talk explores the latest advancements in PETs, focusing on Secure Multiparty Computation (MPC), Homomorphic Encryption (HE), and their real-world applications.
Security practitioners are put in tough positions whether you're new to security or an experienced CISO. Based on "Radical Candor", you'll leave this talk with new perspective on the way security teams are perceived by their peers and how to optimize the good and minimize the unavoidable bad.
Taming dragons is risky—so is deploying agentic apps. Like dragons, they’re unpredictable, with threats like hallucinations, non-determinism, vast input spaces, and attacker prompt injections. We show how open-source tools tame the beast, so you can confidently deploy AI agents in production.
This talk details challenges in incident response for AI systems, including insufficient logging, visibility, and accountability, as well as the risks of data exposure and prompt injection. We examine a case of RAG-enabled LLM and propose triaging strategies and improved IR practices for mitigation.
Learn how Anthropic automates dependency security at scale across diverse infrastructure and environments while still letting engineers use the tools and dependencies they need. We'll explore Dependant, our tool to enforce our dependency posture at the network level, and how users interact with it.
Discover how the Cyberhaven breach case exposed critical Shadow IT risks—and the proactive allowlist strategy that minimized business disruption. The proactive controls saved our 40M+ users from being impacted. Gain insights, metrics, and a blueprint for continuous monitoring
Being the first security leader at a startup is a wild ride. This talk explores "Trust Engineering," a hands-on approach to earn trust, navigate chaos, and build a security foundation with limited resources. Learn how to handle executive expectations and support fast-paced growth.
Tired of facing the same dragons alone? Join MITRE security and strategy experts to explore how collaborative models and teams can help you tackle your biggest challenges, turning individual lessons learned into repeatable community wins. Build a winning battalion and collective battle plan.
Discover efficient incident handling strategies for third-party supplier incidents. Learn the importance of a predefined process and collaboration between risk management and incident response teams. Gain insights into key decision-making considerations and elevate your IR capabilities.
GRC teams can be more than just gridlock, red tape, and checklists. By prioritizing a risk-first approach, leveraging both quantitative and qualitative methodologies, and adopting principles-based compliance, GRC becomes a proactive force that empowers organizations to effectively combat security.
In this talk, I’ll discuss hiring trends for Security Engineers and Leaders in 2024, covering metrics like time to hire, interview rounds, formats, and rejection trends. Data comes from 30+ placements at 10+ tech startups, mainly in SF, offering insights into the cybersecurity hiring landscape.
Attackers making money from MY 2FA? It's more likely than you think! SMS is a common 2FA method but creates risk: International Revenue Share Fraud, inflating SMS traffic to siphon revenue. Attendees will learn how to detect and mitigate IRSF with Cloudflare, OpenAI, and Datadog.
