BSidesSF 2025: Full Schedule

9:00am PDT

Breakfast

Saturday April 26, 2025 9:00am - 10:00am PDT

Participant Hall / City View Tent

Breakfast and lunch are served in the Participant Hall
and in the tent on the terrace.

Saturday April 26, 2025 9:00am - 10:00am PDT
Participant Hall / City View Tent City View at Metreon

Food & Drink

9:00am PDT

Espresso & Coffee

Saturday April 26, 2025 9:00am - 4:00pm PDT

Participant Hall

Three barista stations are located within the Participant Hall. Stop by for an espresso drink of your choosing! Drip coffee and water are available all day throughout the Participant Hall.

Sponsors

Vanta

Silver, Espresso & Coffee

Saturday April 26, 2025 9:00am - 4:00pm PDT
Participant Hall City View at Metreon

Food & Drink

9:00am PDT

(ISC)2 Silicon Valley

Saturday April 26, 2025 9:00am - 5:00pm PDT

Participant Hall

(ISC)2 Silicon Valley is a dynamic community of cybersecurity professionals dedicated to advancing the greater San Francisco Bay Area.

Saturday April 26, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Community Organization

9:00am PDT

Electronic Frontier Foundation (EFF)

Saturday April 26, 2025 9:00am - 5:00pm PDT

Participant Hall

EFF is the leading organization defending civil liberties in the digital world. We defend free speech on the internet, fight illegal surveillance, support freedom-enhancing technologies, promote the rights of digital innovators, and work to ensure that the rights and freedoms we enjoy are enhanced, rather than eroded, as our use of technology grows. EFF's booth will be a place for attendees to come and chat with EFF staff about the latest in digital rights.

Saturday April 26, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Community Organization

9:00am PDT

Pacific Hackers Association

Saturday April 26, 2025 9:00am - 5:00pm PDT

Participant Hall

Pacific Hackers Association is a 501(c)(3) non-profit organization that aims to fix the cybersecurity industry's main issues, diversity, education, and recruitment, while elevating the next generation of hackers. We provide cyber-mentors, training, conference access, workshops, etc.

Saturday April 26, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Community Organization

9:00am PDT

Secure Diversity/Day of Shecurity

Saturday April 26, 2025 9:00am - 5:00pm PDT

Participant Hall

Stop by the Secure Diversity booth for information on diversity in cybersecurity. We’ll share ways to get involved and have experienced practitioners available for conversations. If you’re looking to get involved with a conference, volunteer with a diversity-focused cybersecurity nonprofit, and expand your professional network, we're excited to meet you.

Saturday April 26, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Community Organization

9:00am PDT

WiCyS

Saturday April 26, 2025 9:00am - 5:00pm PDT

Participant Hall

WiCyS helps build a strong cybersecurity workforce with gender equality by facilitating recruitment, retention, and advancement for women in the field. To learn more about WiCyS initiatives and programs, swing by the WiCyS booth.

Saturday April 26, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Community Organization

9:00am PDT

WISP

Saturday April 26, 2025 9:00am - 5:00pm PDT

Participant Hall

Women in Security and Privacy (WISP)'s mission is to advance women and underrepresented communities to lead the future of privacy and security.

Saturday April 26, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Community Organization

9:00am PDT

Headshots

Saturday April 26, 2025 9:00am - 5:00pm PDT

AMC Concessions

Need a new headshot? If so, we’ve got you covered! Stop by for a free, professional headshot. Headshots are offered on a first come, first serve basis.

Sponsors

Opal Security

Headshots

Saturday April 26, 2025 9:00am - 5:00pm PDT
AMC Concessions AMC at Metreon

General

9:00am PDT

AI Village

Saturday April 26, 2025 9:00am - 5:00pm PDT

AMC Mezzanine

AI Village is a community of hackers and data scientists working to educate the world on the use and abuse of artificial intelligence in security and privacy. We aim to bring more diverse viewpoints to this field and grow the community of hackers, engineers, researchers, and policy makers working on making the AI we use and create safer. We believe that there needs to be more people with a hacker mindset assessing and analyzing machine learning systems. For the BSidesSF agenda, visit http://aivillage.org/bsides.

Saturday April 26, 2025 9:00am - 5:00pm PDT
AMC Mezzanine AMC at Metreon

Village/AI

9:00am PDT

Participant Hall

Saturday April 26, 2025 9:00am - 5:30pm PDT

City View at Metreon

The Participant Hall is the hub of all of the weekend’s happenings and events. In the Participant Hall you’ll find the Villages, the CTF, the Bar and Chill Out Space, our sponsors, as well as breakfast, lunch, and coffee.

Saturday April 26, 2025 9:00am - 5:30pm PDT
City View at Metreon City View at Metreon

9:00am PDT

Bar and Chill Out

Saturday April 26, 2025 9:00am - 5:30pm PDT

Participant Hall

Enjoy a break from the day’s events with a drink of your choice in the Bar & Chill-Out Space. Two pre-paid complimentary drink tickets were provided at registration.

Sponsors

runZero

Daytime Social (Sat)

Saturday April 26, 2025 9:00am - 5:30pm PDT
Participant Hall City View at Metreon

Food & Drink, Bar

9:00am PDT

Lounge

Saturday April 26, 2025 9:00am - 5:30pm PDT

City View Terrace

Break away from the day’s talks and events to spend a bit of time outside enjoying the SF skyline. The Lounge offers comfortable seating where you can eat, drink, and socialize.

Sponsors

runZero

Daytime Social (Sat)

Saturday April 26, 2025 9:00am - 5:30pm PDT
City View Terrace City View at Metreon

General

9:00am PDT

Registration

Saturday April 26, 2025 9:00am - 5:30pm PDT

AMC Concessions

Saturday April 26, 2025 9:00am - 5:30pm PDT
AMC Concessions AMC at Metreon

General

9:00am PDT

Adversary Village

Saturday April 26, 2025 9:00am - 5:30pm PDT

Participant Hall

Join Adversary Village for hands-on activities and workshops primarily focused on adversary emulation, breach, and adversary attack simulation as well as offensive cybersecurity, purple teaming, adversary tradecraft, and threat/APT/ransomware emulation.

Saturday April 26, 2025 9:00am - 5:30pm PDT
Participant Hall City View at Metreon

Village

9:00am PDT

Bug Bounty Village

Saturday April 26, 2025 9:00am - 5:30pm PDT

Participant Hall

Bug Bounty Village is a dedicated space offering extensive hands-on workshops for all things bug bounty-related! Join us at the Bug Bounty Village for the second year in a row for two days of full workshops, live hacking sessions, and CTFs!
Brought to you by NahamSec

Saturday April 26, 2025 9:00am - 5:30pm PDT
Participant Hall City View at Metreon

Village

9:00am PDT

Capture the Flag

Saturday April 26, 2025 9:00am - 5:30pm PDT

Participant Hall / Twin Peaks

The BSidesSF CTF is back with all new challenges! Anyone and everyone is welcome and encouraged to participate. The competition features a range of challenges at all difficulty levels. All that is needed to participate is a laptop. Members of the CTF team will be onsite all weekend in case you find yourself in need of guidance and/or hints.
Visit https://bsidessf.org/ctf to get started!
The server is available all weekend long, and anyone is welcome to play regardless of their location. There is only one caveat; at least one player must be onsite to claim any prizes won.

Sponsors

Adobe

Capture the Flag

Saturday April 26, 2025 9:00am - 5:30pm PDT
Participant Hall / Twin Peaks City View at Metreon

Village, CTF

9:00am PDT

Career Village

Saturday April 26, 2025 9:00am - 5:30pm PDT

Participant Hall

Career Village is aimed at helping attendees navigate a career in cybersecurity and connect with hiring managers. At the village you will have the opportunity to learn about professional branding, resume building, interview best practices, and get to meet security hiring managers looking to grow their teams. The Career Village will have recruitment and security experts who have helped people ranging from professionals new to security to security executives looking to continue their career journey.

Saturday April 26, 2025 9:00am - 5:30pm PDT
Participant Hall City View at Metreon

Village

9:00am PDT

Cloud Village

Saturday April 26, 2025 9:00am - 5:30pm PDT

Participant Hall

As more of the world onboards itself to cloud infrastructures, staying at par with new offensive/defensive research and techniques becomes a mandatory skillset. Cloud Village is an open space to meet folks interested in offensive and defensive aspects of cloud security.

Saturday April 26, 2025 9:00am - 5:30pm PDT
Participant Hall City View at Metreon

Village

9:00am PDT

Crypto & Privacy Village

Saturday April 26, 2025 9:00am - 5:30pm PDT

Participant Hall

Learn how to secure your own systems while also picking up some tips and tricks on how to break classical and modern encryption. Crypto & Privacy Village features workshops and lightning talks on a wide range of crypto and privacy topics from experts. The village will also have an intro to crypto for beginners, some crypto-related games, puzzles, and challenges.

Saturday April 26, 2025 9:00am - 5:30pm PDT
Participant Hall City View at Metreon

Village

9:00am PDT

Embedded Systems Village

Saturday April 26, 2025 9:00am - 5:30pm PDT

Participant Hall

Embedded Systems Village advances the security of embedded systems by hosting hands-on hacking workshops, showcasing new security research demos, and organizing exciting hacking contests to educate attendees and manufacturers on the approach hackers use to attack these devices.

Saturday April 26, 2025 9:00am - 5:30pm PDT
Participant Hall City View at Metreon

Village

9:00am PDT

Hardware Challenge Village

Saturday April 26, 2025 9:00am - 5:30pm PDT

Participant Hall

Hardware Challenge Village is an interactive experience for electronic tinkering and programming. The village will be hosting a competitive CTF challenge using a badge designed specifically for the Hardware Challenge Village.
Brought to you by Pacific Hackers & Hackerwares

Saturday April 26, 2025 9:00am - 5:30pm PDT
Participant Hall City View at Metreon

Village

9:00am PDT

IoT Village

Saturday April 26, 2025 9:00am - 5:30pm PDT

Participant Hall

IoT Village advocates for advancing security in the Internet
of Things (IoT) industry through bringing researchers
and industry together. Brought to you by Independent Security Evaluators (ISE).

Saturday April 26, 2025 9:00am - 5:30pm PDT
Participant Hall City View at Metreon

Village

9:00am PDT

Lockpick Village

Saturday April 26, 2025 9:00am - 5:30pm PDT

Participant Hall

Lockpick Extreme and TOOOL SF are back again hosting Lockpick Village. Learn to lockpick from the TOOOL SF volunteers or practice what you already know with their assortment of locks and picks. When you’re done, you can shop at the Lockpick Extreme pop-up shop and take your new hobby home with you.
Brought to you by Lockpick Extreme and TOOOL SF

Saturday April 26, 2025 9:00am - 5:30pm PDT
Participant Hall City View at Metreon

Village

9:00am PDT

Villages

Saturday April 26, 2025 9:00am - 5:30pm PDT

Participant Hall

Villages are back! Come participate with multiple different hands-on opportunities to learn and practice new skills or share your knowledge.

Saturday April 26, 2025 9:00am - 5:30pm PDT
Participant Hall City View at Metreon

Village

9:00am PDT

Info Desk

Saturday April 26, 2025 9:00am - 6:30pm PDT

City View Lobby

Have a question or comment about the event that you’d like to share? Drop by the Info Desk and chat with members of the BSidesSF staff and volunteer teams.

Saturday April 26, 2025 9:00am - 6:30pm PDT
City View Lobby City View at Metreon

General

9:00am PDT

Prayer & Mother's Room

Saturday April 26, 2025 9:00am - 6:30pm PDT

City View Lobby

Need a quiet place for prayer or mothering duties? Ask at the Info Desk, and we can guide you to a private location.

Saturday April 26, 2025 9:00am - 6:30pm PDT
City View Lobby City View at Metreon

General

9:00am PDT

Coat Check

Saturday April 26, 2025 9:00am - 10:00pm PDT

Coat Check

Secure storage for your personal belongings is available for all participants. Please remember to pick up your items before the end of the event!

Saturday April 26, 2025 9:00am - 10:00pm PDT
Coat Check City View at Metreon

General

10:00am PDT

Opening Remarks

Saturday April 26, 2025 10:00am - 10:15am PDT

AMC IMAX

Welcome to Day One of BSidesSF 2025!

Saturday April 26, 2025 10:00am - 10:15am PDT
AMC IMAX AMC at Metreon

10:15am PDT

Sharing Vulnerabilities

Saturday April 26, 2025 10:15am - 11:00am PDT

AMC IMAX

In security, we share a lot about vulnerabilities—but rarely our own. In his keynote, Clint Gibler reflects on the personal side of working in this high-pressure field, and what it means to show up as a whole human in this community. Through personal experiences, lessons and stories, Clint invites us to think about what really matters—and how being vulnerable is a strength.

Speakers

Clint Gibler

Head of Security Research, Semgrep

Clint Gibler (@clintgibler) is the Head of Security Research for Semgrep, a startup building modern AppSec tools that security teams and developers love. Previously, Clint was a Research Director at NCC Group, received a PhD in Computer Science from UC Davis, and has spoken at conferences... Read More →

Saturday April 26, 2025 10:15am - 11:00am PDT
AMC IMAX AMC at Metreon

Keynote

11:00am PDT

T-Shirt Sales

Saturday April 26, 2025 11:00am - 9:00pm PDT

Coat Check

Pre-purchased event t-shirts can be picked up at Coat Check. We also have limited quantities of t-shirts for both the current year and a number of previous years available for purchase. Upon picking up a t-shirt you will be given a token you can use to vote for one of three charities. These votes will determine the donation splits made to each of the charities.

Saturday April 26, 2025 11:00am - 9:00pm PDT
Coat Check City View at Metreon

General

11:15am PDT

Enhancing Secret Detection in Cybersecurity with Small LMs

Saturday April 26, 2025 11:15am - 11:45am PDT

AMC Theatre 11

Dive into the challenges of LLMs in cybersecurity as we explore the process of fine-tuning an LLM to handle the task of secret detection in code and be efficient enough to run on any laptop.

Can LLMs with low inference times pave the way for new detection methods that were previously overlooked?

Speakers

Danny Lazarev

Erez Harush

Saturday April 26, 2025 11:15am - 11:45am PDT
AMC Theatre 11 AMC at Metreon

Presentation, General

11:15am PDT

Let's Talk About the AI Apocalypse

Saturday April 26, 2025 11:15am - 11:45am PDT

AMC IMAX

What's it look like when someone spends hours fine-tuning llama 3.1 to be the most destructive hacking robot the world has ever seen, with a pure goal of causing damage, with no safeguards? Are we ready for that? Not a pentesting bot with guardrails; a harbinger of chaos, tasked only with spreading.

Speakers

Dylan Ayrey

CEO, TruffleHog

Dylan is the original author of the open source version of TruffleHog, which he built after recognizing just how commonly credentials and other secrets were exposed in Git. Coming most recently from the Netflix security team, Dylan has spoken at a number of popular information security... Read More →

Saturday April 26, 2025 11:15am - 11:45am PDT
AMC IMAX AMC at Metreon

Presentation, General

11:15am PDT

Lex Sleuther - A Novel Approach to Script Language Detection

Saturday April 26, 2025 11:15am - 11:45am PDT

AMC Theatre 09

Join us as we go far off the beaten path in search of strange and exciting methods of script language detection.

File signatures? Nope.
Machine learning? Nah.
Here be dragons, but dragons often guard treasure…

Speakers

Aaron James

Security Researcher, CrowdStrike

Saturday April 26, 2025 11:15am - 11:45am PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

11:15am PDT

The Hidden Access Paths to Smaugs Cavern

Saturday April 26, 2025 11:15am - 11:45am PDT

AMC Theatre 07

In this talk I'll explore hidden access patterns to the "crown jewels", including most-common access patterns, hidden paths, and popular backdoors left by engineers to get their jobs done. We will discuss practical tips to understand access behavior and remediating hidden access paths.

Speakers

Ben Arent

Director of Product, Teleport

Saturday April 26, 2025 11:15am - 11:45am PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

11:15am PDT

Guardians of AI Safety: Assembling Heroes to Conquer Dragons of the Future

Saturday April 26, 2025 11:15am - 12:00pm PDT

AMC Theatre 01

Uncover the hidden risks of AI! Join this BoF session to explore frameworks for identifying system failures, understand new safety and harm categories with Gen AI, possible mitigations, and practical ways to govern, build and respond to AI Safety threats. Don't let what you don't know hurt you!

Speakers

Raji Vanninathan

Microsoft

Raji Vanninanthan is a Senior Security Manager at Microsoft with over 20 years of industry experience. Her current focus is Responsible AI and product security incident response(PSIRT). She has held previous leadership roles at Apple and Adobe where she established programs across... Read More →

Saturday April 26, 2025 11:15am - 12:00pm PDT
AMC Theatre 01 AMC at Metreon

Birds of a Feather

11:15am PDT

Slaying Reputation Dragons: A Security Pro's Path to Influence

Saturday April 26, 2025 11:15am - 12:00pm PDT

AMC Theatre 02

Every security expert faces three dragons: the voice that whispers 'not expert enough,' the shadow that hides achievements, and the fear of claiming recognition. Ready to step out of the shadows and into your power as a security leader? The dragons await — will you answer the call?

Speakers

Heather Antoinetti

Saturday April 26, 2025 11:15am - 12:00pm PDT
AMC Theatre 02 AMC at Metreon

Birds of a Feather

11:15am PDT

AppSec as Glue: Building Partnerships to Scale Security

Saturday April 26, 2025 11:15am - 12:00pm PDT

AMC Theatre 13

Join AppSec leaders from Chime, Twilio, Rippling, and (ex)Snowflake to explore how successful security teams act as organizational glue. Learn how to scale security impact by building essential partnerships across platform engineering, compliance, threat detection teams, and more!

Speakers

Mukund Sarma

Chime

A Security generalist with hands-on experience in Application Security, Security Architecture, and Platform Security. I enjoy building security programs and I've had some experience doing so. I'm currently the Senior Director of Product Security at Chime. In this capacity, I oversee... Read More →

Tad Whitaker

Sarah Liu

Twilio

Sarah is a Staff Application Security Engineer at Twilio. She has a broad scope of experience in various industries, including telecom, finance, and entertainment. Her roots are in Software Engineering and she enjoys collaborating directly with engineers. She currently leads the Bug... Read More →

Ariel Shin

Ariel is an Application Security Manager, leading a team dedicated to eliminating security vulnerabilities by equipping developers with secure training, design practices, and secure defaults. Previously, Ariel managed the Product Security team at Twilio and played a key role in promoting... Read More →

Jacob Salassi

Former director of Product Security at Snowflake. Led Snowflake's pre- & post IPO transformation from a bottlenecked, security engineer centric process that slowed teams down to a developer owned security process that ships features faster and more securely. My teams & I handled security... Read More →

Saturday April 26, 2025 11:15am - 12:00pm PDT
AMC Theatre 13 AMC at Metreon

Panel

11:15am PDT

How to Train Your Detection Dragon

Saturday April 26, 2025 11:15am - 12:00pm PDT

AMC Theatre 06

Ever wanted to start fresh and train the "detection and response" dragon? Hear my account of how I did this (and hope to continue building!) from scratch with learnings from my professional experience so far!

Speakers

Geet Pradhan

Sr Security Engineer, Lime

Big fan of Aesop’s hand cream.

Saturday April 26, 2025 11:15am - 12:00pm PDT
AMC Theatre 06 AMC at Metreon

Presentation, Deep Dive

11:15am PDT

Inside the Information Stealer Ecosystem: From Compromise to Countermeasure

Saturday April 26, 2025 11:15am - 12:00pm PDT

AMC Theatre 14

Information stealer malware is underestimated by our industry. In this deep-dive, we look into what is captured by them (desktop screenshots, password vaults, browser extensions, MFA bypass material, etc.), cover the Redline takedown, and offer defensive countermeasures, including code and samples.

Speakers

Olivier Bilodeau

Principal Cybersecurity Researcher, Flare

Olivier Bilodeau, a principal researcher at Flare, brings 12+ years of cutting-edge infosec expertise in honeypot operations, binary reverse-engineering, and RDP interception. Passionate communicator, Olivier spoke at conferences like BlackHat, DEFCON, SecTor, Derbycon, and more... Read More →

Saturday April 26, 2025 11:15am - 12:00pm PDT
AMC Theatre 14 AMC at Metreon

Presentation, Deep Dive

11:45am PDT

New to Security Meetup

Saturday April 26, 2025 11:45am - 12:30pm PDT

AMC Theatre 03

New to security? Want to help people who are just starting out? Come say hi! This is unstructured time for meeting people and casual conversations.

Saturday April 26, 2025 11:45am - 12:30pm PDT
AMC Theatre 03 AMC at Metreon

Meetup

12:00pm PDT

Navigating the Unknowns: Fraud Mitigation for Netflix Live Events

Saturday April 26, 2025 12:00pm - 12:30pm PDT

AMC IMAX

As Netflix enters live streaming, fraud prevention stakes rise significantly. This talk offers an insider's view of strategies and challenges in tackling fraud during live events, focusing on preparing for the unpredictable and maintaining robust defenses amidst this unpredictability.

Speakers

Aditi Gupta

Engineering Manager, Netflix

Aditi Gupta is currently leading the Trust Services & Enforcements team within Security Engineering at Netflix, where her team is responsible for mitigating threats such as DDoS, Account Fraud, Games abuse, and Content theft by building and operating scalable systems to automatically... Read More →

Yue Wang

Staff Security Analytics Engineer, Netflix

Yue is a Staff Security Analytics Engineer in the Trust and Safety team at Netflix. Yue is deeply passionate about creating and improving anti-fraud and abuse metrics, along with data analytics. She likes leveraging data to craft and narrate compelling anti-fraud stories. Beyond her... Read More →

Saturday April 26, 2025 12:00pm - 12:30pm PDT
AMC IMAX AMC at Metreon

Presentation, General

12:00pm PDT

One SOC, The Whole SOC, and Nothing But The SOC, So Help Me

Saturday April 26, 2025 12:00pm - 12:30pm PDT

AMC Theatre 07

I’ve been working in security ops for 20 years. Most SOCs struggle because of one big mistake: don’t let this happen to you. I will step you through how to organize a SOC: what should go in it, what should probably stay out, and what your SOC will look like if you get it right.

Speakers

Carson Zimmerman

SOC Nerd, Microsoft

Carson Zimmerman has been working in and around security operations centers (SOCs) for over 20 years. Carson is a Principal Security Operations Engineer at Microsoft, he leads the Solutions Architecture team in Microsoft's SOC, Cyber Defense Operations. He co-authored 11 Strategies... Read More →

Saturday April 26, 2025 12:00pm - 12:30pm PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

12:00pm PDT

Resilience in the Uncharted AI Landscape

Saturday April 26, 2025 12:00pm - 12:30pm PDT

AMC Theatre 11

So you've just battled a dragon: how quickly and effectively can you fight the next one?

We dive into Resilience by Design for an AI chat/search product — based on considerations like disaster recovery, availability, foundational security, etc., while meeting audit/compliance & privacy regulations.

Speakers

Ranita Bhattacharyya

Head of Security GRC and PM, Unity 3D

Ranita has many years of experience leading pivotal teams in the Security Risk Management, Governance / Ops and Certifications / Compliance domains. Today armed with with tangible examples and actionable plans at BSides, Ranita is going over Resilience in AI products, agents and... Read More →

Saturday April 26, 2025 12:00pm - 12:30pm PDT
AMC Theatre 11 AMC at Metreon

Presentation, General

12:00pm PDT

The Art of Cybersecurity Mastery: From Entry-Level to Staff+

Saturday April 26, 2025 12:00pm - 12:30pm PDT

AMC Theatre 09

Are you aspiring to break into cybersecurity or looking to take your career to the next level, but don’t have a mentor to guide you? This talk is for you. We'll dive into practical advice to guide your career journey, based on real-world questions asked by my mentees.

Speakers

Florian Noeding

Principal Security Architect, Adobe

Florian Noeding is a Principal Security Architect at Adobe. As the shift-left strategy lead, he drives proactive application security efforts across the entire enterprise, with a focus on automated code analysis, supply chain security and secure by design. He uses his deep software... Read More →

Saturday April 26, 2025 12:00pm - 12:30pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

12:00pm PDT

Lunch

Saturday April 26, 2025 12:00pm - 1:30pm PDT

Participant Hall / City View Tent

Breakfast and lunch are served in the Participant Hall
and in the tent on the terrace.

Saturday April 26, 2025 12:00pm - 1:30pm PDT
Participant Hall / City View Tent City View at Metreon

Food & Drink

12:30pm PDT

Capture the Flag 101

Saturday April 26, 2025 12:30pm - 2:30pm PDT

AMC Theatre 02

See registration to determine current session availability. Event filled in Sched to limit confusion.
YOU ARE REQUIRED TO REGISTER AT https://bsidessf.regfox.com/2025 TO ATTEND THIS WORKSHOP (i.e. this session cannot be reserved with Sched)
-----
Capture the Flag events are exciting and competitive, but they can be scary to developers and security practitioners who have never participated in them.

In this workshop, we introduce CTFs, discuss their benefits to developers, and examine an easy and medium-difficulty CTF challenge in depth.

Speakers

Micah Silverman

Director, Security Relations, Snyk

Micah is Snyk’s Director of Security Advocacy. With 30 years of Java Experience (yup, that’s from the beginning) and 24 years as a security professional Micah’s authored numerous articles, co-authored a Java EE book, and spoken at many conferences. He’s a maker, who’s built... Read More →

Saturday April 26, 2025 12:30pm - 2:30pm PDT
AMC Theatre 02 AMC at Metreon

Workshop

12:30pm PDT

Shifting Left: A Hands-on Introductory Guide to DevSecOps

Saturday April 26, 2025 12:30pm - 2:30pm PDT

AMC Theatre 01

See registration to determine current session availability. Event filled in Sched to limit confusion.
YOU ARE REQUIRED TO REGISTER AT https://bsidessf.regfox.com/2025 TO ATTEND THIS WORKSHOP (i.e. this session cannot be reserved with Sched)
-----
This two-hour workshop on Shifting Left guides BSidesSF participants through integrating security tooling into a GitHub Actions based DevSecOps CI/CD pipeline.

BSidesSF attendees will learn about setting up basic CI/CD processes that incorporate security using both open source and commercial tools.

Speakers

William Reyor

Director of Security, Modus Create

William Reyor is Director of Security at Modus Create, leading a global team defending software.

Andy Dennis

VP Consulting, Platform and Cloud Practice Lead, Modus Create

DevSecOps, Shifting Left and Security!

Saturday April 26, 2025 12:30pm - 2:30pm PDT
AMC Theatre 01 AMC at Metreon

Workshop

1:00pm PDT

Cloud Security Podcast - LIVE!

Saturday April 26, 2025 1:00pm - 1:45pm PDT

AMC Theatre 13

AI Security 101: Securing Cloud-Native AI Systems & Building Modern SOCs

AI is reshaping security faster than cloud ever did. This panel explores real-world threat models, building AI-first SOC teams, and the gaps legacy tools can't fill.

Learn what it takes to secure, monitor, and respond to threats in AI systems directly from those doing it.

Speakers

Ashish Rajan

Cloud Security Podcast, CISO

Ashish Rajan is the host of the wildly popular Cloud Security Podcast, a CISO, and an outspoken opinion leader on all things Cloud Security. He is an early stage investor, mentor, SANS Trainer and is a frequent contributor on topics related to public cloud transformation and the associated... Read More →

Jackie Bow

Technical Staff, Anthropic

A Jackie-of-all- trades, master of some, Jackie seems to be physically unable to stop returning to threat detection and response. Her 15 years in the industry have been spent across multiple disciplines including malware analysis, reverse engineering, infrastructure and product security... Read More →

Kane Narraway

Kane is a technical engineering manager with an unwavering passion for all things IT security. With over a decade of experience in building (and breaking) corporate networks. Kane dabbled in the realms of IT, red teaming and DFIR before going on to lead the enterprise security teams... Read More →

Saturday April 26, 2025 1:00pm - 1:45pm PDT
AMC Theatre 13 AMC at Metreon

Panel, Podcast

1:00pm PDT

Into The Dragon’s Den

Saturday April 26, 2025 1:00pm - 1:45pm PDT

AMC Theatre 06

In this talk, we will take you through our journey of bringing a high-stakes SaaS product to the Chinese market while exploring the challenges faced and sharing what we learned. We will offer insights and practical advice for navigating the unique threats of the Chinese market for a global company.

Speakers

Jacob Salassi

Michele Freschi

Saturday April 26, 2025 1:00pm - 1:45pm PDT
AMC Theatre 06 AMC at Metreon

Presentation, Deep Dive

1:00pm PDT

Light in the Labyrinth: Breach Path Analysis for Anyone

Saturday April 26, 2025 1:00pm - 1:45pm PDT

AMC Theatre 14

Learn to build your own treasure map of how threat actors might move laterally through your company’s assets. We’ll provide a conceptual engineering framework for breach path analysis, recommend no- or low-cost tools, share examples, and release an open-source security graph ontology to learn from.

Speakers

Parker Shelton

Principal Software Engineer, Microsoft

Light In the Labyrinth BSidesSF 2025 pdf

Saturday April 26, 2025 1:00pm - 1:45pm PDT
AMC Theatre 14 AMC at Metreon

Presentation, Deep Dive

1:00pm PDT

AI Village Interactive Demonstration

Saturday April 26, 2025 1:00pm - 3:00pm PDT

AMC Theatre 03

AI Village interactive demonstration.
Phones must remain in pockets at all times.
Absolutely no photos, videos, audio recordings, or media coverage. Violators will be removed.

Saturday April 26, 2025 1:00pm - 3:00pm PDT
AMC Theatre 03 AMC at Metreon

Village/Demo

1:30pm PDT

Centralizing Egress Access Controls Across a Hybrid Environment at Block

Saturday April 26, 2025 1:30pm - 2:00pm PDT

AMC Theatre 07

Hybrid environments complicate network egress. Learn how Block is centralizing network egress policies to ensure consistent deployment of rules across diverse enforcement endpoints—regardless of type or location—enabling secure, scalable, and streamlined outbound traffic management.

Speakers

Ramesh Ramani

Security Engineer, Block Inc.

Network Security, Kubernetes, Cloud Security, AI, RPG video games!

Saturday April 26, 2025 1:30pm - 2:00pm PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

1:30pm PDT

Charting the SSH Multiverse

Saturday April 26, 2025 1:30pm - 2:00pm PDT

AMC IMAX

The Secure Shell (SSH) is the most commonly exposed dedicated management protocol, second only to HTTP in terms of internet-wide exposure, and it’s had a rocky year. This presentation explores the multitude of SSH implementations, their specific weaknesses, and real-world exposures.

Speakers

HD Moore

Founder, runZero

HD Moore is a pioneer of the cybersecurity industry who has dedicated his career to vulnerability research, network discovery, and software development since the 1990s. He is most recognized for creating Metasploit and is a passionate advocate for open-source software and vulnerability... Read More →

Saturday April 26, 2025 1:30pm - 2:00pm PDT
AMC IMAX AMC at Metreon

Presentation, General

1:30pm PDT

Threat Modeling Meets Model Training: Web App Security Skills for AI

Saturday April 26, 2025 1:30pm - 2:00pm PDT

AMC Theatre 11

New specializations have emerged in this AI-adoring age, but where does that leave security practitioners? Good news: If you know web application security, you can secure AI uses too. This talk examines normal web app security issues relevant to any LLM-based app — and the handful unique to AI.

Speakers

Breanne Boland

Product security engineer - security partner, Gusto

Breanne Boland is a product security engineer with the Security Partnerships team at Gusto. Before moving into security, she was a site reliability engineer and an infrastructure engineer, working in healthcare and govtech. Prior to that, she was a professional writer, and she still... Read More →

Saturday April 26, 2025 1:30pm - 2:00pm PDT
AMC Theatre 11 AMC at Metreon

Presentation, General

1:30pm PDT

WHOIS Your Daddy: Tracking Iranian-backed Cyber Operations with Passive DNS

Saturday April 26, 2025 1:30pm - 2:00pm PDT

AMC Theatre 09

A unique name server linked to Iran-nexus cyber activity reveals a broader set of malicious name servers with potential nation-state ties. Learn how passive DNS data connects a single typosquatting domain to multiple name servers being used for malware distribution.

Speakers

Austin Northcutt

Saturday April 26, 2025 1:30pm - 2:00pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

1:30pm PDT

dcfurs Meetup

Saturday April 26, 2025 1:30pm - 2:30pm PDT

City View Tent

DEFCON Furs is a 501c3 non-profit group that organizes events and parties at DEF CON for members of the infosec community that share an interest in the furry fandom. Our purpose is to promote, support, and advance the idea that we should be free to hack our own lives in a safe and supportive environment. Our focus is on education, organizing and providing support for individuals and groups that promote creating and owning a life and identity that is yours.

Saturday April 26, 2025 1:30pm - 2:30pm PDT
City View Tent City View at Metreon

Meetup

2:00pm PDT

Future-Proof Your Career: Evolving in the Age of AI

Saturday April 26, 2025 2:00pm - 2:45pm PDT

AMC Theatre 13

Discover how AI is reshaping cybersecurity careers in this dynamic panel discussion. Join industry experts as they tackle pressing questions about AI-driven skills, job evolution, and adapting to an ever-changing landscape. Gain actionable insights to future-proof your career!

Speakers

Jay Sarwate

Student, Prospect High School

I’m a dedicated high school student with a strong passion for computer science, especially in the areas of artificial intelligence and machine learning. I recently attended the AI/ML summer program at UCSD’s COSMOS, where I explored machine learning concepts and worked on hands-on... Read More →

Alok Tongaonkar

Senior Director Data Science, Palo Alto Networks

Alok Tongaonkar is a cybersecurity and AI leader with over 15 years of experience driving AI innovation and securing enterprise systems. As Senior Director of Data Science at Palo Alto Networks, he has led AI transformation and developed groundbreaking AI-first security solutions... Read More →

Prutha Parikh

Cohere

Prutha Parikh is Head of Security at Cohere, the leading security-first enterprise AI company. She is a cybersecurity leader with over 18 years of experience building security products and scaling information security programs at enterprises and startups. Her areas of expertise span... Read More →

Ketan Nilangekar

CEO and Co-founder, ThreatWorx

Ketan Nilangekar is a seasoned technologist, leader, and entrepreneur with over 20 years of experience in developing innovative solutions across cybersecurity, networking, and storage software. As the CEO and co-founder of ThreatWorx, he is focused on building the next-generation... Read More →

Saturday April 26, 2025 2:00pm - 2:45pm PDT
AMC Theatre 13 AMC at Metreon

Panel

2:00pm PDT

Hack, Patch, Repeat: Insider Tales from Android’s Bug Bounty

Saturday April 26, 2025 2:00pm - 2:45pm PDT

AMC Theatre 14

What does it take to secure 3 billion users on the world’s leading mobile platform? This session dives into Android security from a holistic perspective.

Speakers

Maria Uretsky

Google

Maria Uretsky is the Tech Lead on the Android Vulnerability Rewards program at Google. Her passion is to break all the things before the bad actors do, to ensure they are kept out. During her 10+ years of software engineering and security work, she has been part of Google Cloud Security... Read More →

Camillus Cai

Google

Camillus plays a key role in the Android Vulnerability Reporting Program at Google, where he investigates security bugs that range from bug bounty submissions to reverse-engineered adversarial exploits. Based in Seattle, his past experience encompasses security engineering, software... Read More →

Saturday April 26, 2025 2:00pm - 2:45pm PDT
AMC Theatre 14 AMC at Metreon

Presentation, Deep Dive

2:00pm PDT

Trace to Triage: How to Connect Product Vulnerabilities to Security Paths

Saturday April 26, 2025 2:00pm - 2:45pm PDT

AMC Theatre 06

AppSec must balance usability and security, but traditional approaches often lead to disjointed efforts—developers patching blindly, detection teams creating incomplete rules, and threat hunters chasing past compromises. This talk uses eBPF to show how tracing brings context for actionable insights.

Speakers

Ben Stav

Saturday April 26, 2025 2:00pm - 2:45pm PDT
AMC Theatre 06 AMC at Metreon

Presentation, Deep Dive

2:15pm PDT

Adventures & Findings in ISP Hacking

Saturday April 26, 2025 2:15pm - 2:45pm PDT

AMC Theatre 09

Network security is important, but what about the networks that serve your network?

In this talk I go over my methodology and findings performing a security audit of some local ISPs. I’ll outline how simple vulnerabilities and configuration mistakes are still making it to these production networks.

Speakers

Ian Foster

Saturday April 26, 2025 2:15pm - 2:45pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

2:15pm PDT

Saturday April 26, 2025 2:15pm - 2:45pm PDT

AMC Theatre 07

Imagine a cybercriminal accessing your network with credentials bought on the dark web — they walk in unnoticed. Attackers aren't breaking in — they're logging in. With 80% of attacks involving stolen credentials, discover how Automated Credential Threat Monitoring (ACT) keeps you ahead of threats.

Speakers

Barath Subramaniam

Sr Product Security AI & Data Engineer, Adobe

Saturday April 26, 2025 2:15pm - 2:45pm PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

2:15pm PDT

One Search To Rule Them All: Threat Modelling AI Search

Saturday April 26, 2025 2:15pm - 2:45pm PDT

AMC Theatre 11

Enterprise AI search tools like Glean and Guru aggregate all your company’s data into a single, easy-to-navigate interface. Think of it as Google, but for juicy, sensitive corporate information. In this session, we’ll explore effective threat modelling and controls when deploying these tools.

Speakers

Kane Narraway

Saturday April 26, 2025 2:15pm - 2:45pm PDT
AMC Theatre 11 AMC at Metreon

Presentation, General

2:15pm PDT

Versus Killnet

Saturday April 26, 2025 2:15pm - 2:45pm PDT

AMC IMAX

The Russian hacktivist group Killnet was a cyber army directed by a few to cause harm. With a checkered history and inconsistent behaviors, deciphering who is behind this group was challenging, but we’ll lift this veil and share a personal story of disrupting and unbalancing Killnet into chaos.

Speakers

Alex Holden

Hold Security

Alex Holden is the founder and CISO of Hold Security, LLC. Under his leadership, Hold Security played a pivotal role in information security and threat intelligence, becoming one of the most recognizable names in its field. Holden is credited with the discovery of many high-profile... Read More →

Saturday April 26, 2025 2:15pm - 2:45pm PDT
AMC IMAX AMC at Metreon

Presentation, General

2:15pm PDT

Sponsor Passport Raffle

Saturday April 26, 2025 2:15pm - 3:00pm PDT

Participant Hall

Visit the sponsor booths throughout the Participant Hall and learn more about the companies that have made this year’s event possible. You’ll be introduced to new products, services, and even career opportunities. At many booths you can also acquire one of the stamps needed to complete the Sponsor Passport. Drop your completed card into the raffle box located at the BSidesSF booth to be entered into the raffle. The raffle will take place on the stage near Lockpick Village. Please note, you must be present to win.

Saturday April 26, 2025 2:15pm - 3:00pm PDT
Participant Hall City View at Metreon

General

2:45pm PDT

How to Build Security Products that People Actually Buy

Saturday April 26, 2025 2:45pm - 4:45pm PDT

AMC Theatre 01

See registration to determine current session availability. Event filled in Sched to limit confusion.
YOU ARE REQUIRED TO REGISTER AT https://bsidessf.regfox.com/2025 TO ATTEND THIS WORKSHOP (i.e. this session cannot be reserved with Sched)
-----
Frustrated with your current security toolset and ready to build a better solution? You can — but it's harder than it looks! Join us to learn how to scope and design cybersecurity MVPs that attract customers, solve security problems, and draw VC interest.

Speakers

Emily Patterson

Director of Product Management, Platform Security, Dayforce

Emily Patterson has over 15 years of experience in product management and has been building cybersecurity products for the last 7 years. She is currently Director of Product for Platform Security at Dayforce, a leading HRIS platform. Prior to that, she was VP of Product at Finite... Read More →

Saturday April 26, 2025 2:45pm - 4:45pm PDT
AMC Theatre 01 AMC at Metreon

Workshop

2:45pm PDT

Practical Threat Modeling

Saturday April 26, 2025 2:45pm - 4:45pm PDT

AMC Theatre 02

See registration to determine current session availability. Event filled in Sched to limit confusion.
YOU ARE REQUIRED TO REGISTER AT https://bsidessf.regfox.com/2025 TO ATTEND THIS WORKSHOP (i.e. this session cannot be reserved with Sched)
-----
Threat modeling is vital for secure systems but often seems daunting. In Practical Threat Modeling, you'll explore core concepts, frameworks, and tools; adopt an attacker's mindset; and tackle real-world scenarios. Learn to integrate threat modeling into Agile workflows and apply these skills.

Speakers

Prashant Venkatesh

Conference Committee, OWASP

Sai Santosh Vernekar

Ashwin Iyer

Director - M&A Security Architecture, Visa Inc

Saturday April 26, 2025 2:45pm - 4:45pm PDT
AMC Theatre 02 AMC at Metreon

Workshop

3:00pm PDT

Decoding GraphQL: How to Map Hidden Vulnerabilities

Saturday April 26, 2025 3:00pm - 3:30pm PDT

AMC Theatre 09

GraphQL APIs offer flexibility and efficiency but often introduce security risks that remain hidden in the shadows. In this session, we’ll share findings from scanning GraphQL APIs, revealing vulnerabilities like schema leaks, brute-force risks, and GraphQL-specific "bomb" attacks.

Speakers

Antoine Carossio

Cofounder & CTO, Escape.tech

Former pentester for the French Intelligence Services.Former Machine Learning Research @ Apple. linkedin.com/in/acarossio/ escape.tech (company) @iCarossio escape.tech (blog... Read More →

Tristan Kalos

Co-founder and CEO, Escape

Tristan Kalos, co-founder and CEO at Escape, draws from a background as a software engineer and Machine Learning Researcher at UC Berkeley. Motivated by firsthand experience witnessing a client's database stolen through an API in 2018, he has since become an expert in API security... Read More →

Saturday April 26, 2025 3:00pm - 3:30pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

3:00pm PDT

Everyday AI: Leveraging LLMs for Simple, Effective Security Automation

Saturday April 26, 2025 3:00pm - 3:30pm PDT

AMC Theatre 11

Anyone can build simple LLM–based tools that streamline security tasks. Join us to learn how, with short prompts and very little code, you can do more with less by automating IAM, threat detection, and vuln management workflows. Get tips and prebuilt, used-in-prod examples to play with on your own.

Speakers

Matthew Sullivan

Dominic Zanardi

Saturday April 26, 2025 3:00pm - 3:30pm PDT
AMC Theatre 11 AMC at Metreon

Presentation, General

3:00pm PDT

From LOL to LOC: LOLBins Are No Laughing Matter

Saturday April 26, 2025 3:00pm - 3:30pm PDT

AMC Theatre 07

LOL - a lot less funny than it sounds - (living off the land) attacks have been around for several years, now it is time for LOC (living off the cloud) attacks. With cloud services becoming a core part of engineering today, it is no wonder attackers see this as a high-value attack vector.

Speakers

Matan Mittelman

Team Leader for Threat Prevention Team, Cato

Matan Mittelman is the team leader for Cato's Threat Prevention team. He's responsible for analyzing, researching and developing protections against emerging threats and CVEs. Matan brings more than seven years of experience leading cyber security teams.

Saturday April 26, 2025 3:00pm - 3:30pm PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

3:00pm PDT

Tracking the World's Dumbest Cyber Mercenaries

Saturday April 26, 2025 3:00pm - 3:30pm PDT

AMC IMAX

For the last 6 years, we have been tracking the activities of the cyber mercenaries Dark Caracal. In this time, we have observed them make hilarious mistakes, which have allowed us to gain insights into their activities and targets, and see just how effective they actually are despite it all.

Speakers

Cooper Quintin

Sr. Staff Technologist, Electronic Frontier Foundation

Cooper is a Senior Security Researcher at the EFF Threat Lab. He has worked on projects such as Privacy Badger, Canary Watch, and analysis of state sponsored malware, IMSI catchers, and other digital attacks on activists, journalists, and human rights defenders. He has also performed... Read More →

Eva Galperin

Director of Cybersecurity, Electronic Frontier Foundation

Eva Galperin is the Director of Cybersecurity at the Electronic Frontier Foundation (EFF) and technical advisor for the Freedom of the Press Foundation. She is noted for her extensive work in protecting global privacy and free speech and for her research on malware and nation-state... Read More →

Saturday April 26, 2025 3:00pm - 3:30pm PDT
AMC IMAX AMC at Metreon

Presentation, General

3:00pm PDT

Uncharted Minds: Exploring Neuroscience, Burnout, and Cognitive Strengths

Saturday April 26, 2025 3:00pm - 3:45pm PDT

AMC Theatre 13

The human mind is both a strength and a vulnerability in cybersecurity. This panel explores the neuroscientific roots of burnout and examines how cognitive load, stress, and mental resilience impact cybersecurity professionals, offering fresh strategies to tackle the complexities of cyber threats.

Speakers

Peter Coroneos

Founder, Cybermindz.org

Peter Coroneos is a globally recognised cyber policy leader and the founder of Cybermindz.org, a not-for-profit organisation dedicated to supporting the mental wellbeing of cybersecurity professionals. With over 25 years of experience in the field, including serving as CEO of Australia’s... Read More →

Deidre Diamond

Founder & CEO, CyberSN

Deidre Diamond is the Founder and CEO of CyberSN, specializing in cybersecurity workforce risk management and strategic talent acquisition. Deidre Diamond launched her career straight out of college, guided by two pioneering entrepreneurs who employed her and provided growth opportunities... Read More →

Kayla Williams

Saturday April 26, 2025 3:00pm - 3:45pm PDT
AMC Theatre 13 AMC at Metreon

Panel

3:00pm PDT

0.0.0.0 Day: Exploiting Localhost APIs From The Browser

Saturday April 26, 2025 3:00pm - 3:45pm PDT

AMC Theatre 14

While seemingly local, services running on localhost are accessible to the browser using a flaw we found, exposing the ports on the localhost network interface and leaving the floodgates ajar to remote network attacks. This session will dive into the 0.0.0.0 exploit research conducted by the team.

Speakers

Gal Elbaz

Saturday April 26, 2025 3:00pm - 3:45pm PDT
AMC Theatre 14 AMC at Metreon

Presentation, Deep Dive

3:00pm PDT

Data Splicing Attacks: Breaking Enterprise DLP from the Inside Out

Saturday April 26, 2025 3:00pm - 3:45pm PDT

AMC Theatre 06

We uncovered a data exfiltration technique, capable of bypassing all major DLP vendors listed by Gartner. We will dissect the architectural flaws in endpoint and proxy-based DLP, showcase live bypass demos, and launch Angry Magpie, an open-source toolkit for red teams to replicate these attacks.

Speakers

Vivek Ramachandran

Founder, SquareX

Vivek Ramachandran is a security researcher, book author, speaker-trainer, and serial entrepreneur with over two decades of experience in offensive cybersecurity. He is currently the founder of SquareX, building a browser-native security product focused on detecting, mitigating, and threat-hunting web attacks against enterprise users and consumers. Prior to that, he was the founder of Pentester Academy (acquired in 2021), which has trained thousands of customers from governmen... Read More →

Audrey Adeline

Researcher, SquareX

Audrey is currently a security researcher at SquareX and published author of The Browser Security Field Manual. She leads the Year of Browser Bugs (YOBB) project which has disclosed multiple major architectural browser vulnerabilities to date. Key discoveries from YOBB include Polymorphic... Read More →

Saturday April 26, 2025 3:00pm - 3:45pm PDT
AMC Theatre 06 AMC at Metreon

Presentation, Deep Dive

3:45pm PDT

Fake Hires, Real Threats: When Background Checks Aren’t Enough

Saturday April 26, 2025 3:45pm - 4:15pm PDT

AMC Theatre 09

When an outside threat becomes an insider threat, are your hiring practices prepared to catch it? In this session, you’ll learn how to examine the tactics of fraudulent job seekers and how to collaborate with talent teams to secure your hiring pipeline *and* protect your organization.

Speakers

Mabel Soe

Saturday April 26, 2025 3:45pm - 4:15pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

3:45pm PDT

Something’s Phishy: See the Hook Before the Bait

Saturday April 26, 2025 3:45pm - 4:15pm PDT

AMC Theatre 07

If you see a phishing email or domain that’s a public IoC, it’s already too late. Our research team’s approach to threat detection finds more DNS artifacts and adversary infrastructure as they are created and maps intent before it can be weaponized. This session will show how you can do the same.

Speakers

Malachi Walker

Security Advisor, DomainTools

Malachi Walker, DomainTools Security Advisor, has experience in information security, from DNS to crime and conflict in cyberspace to cybersecurity governance and cybersecurity program and design. At DomainTools, he applies this background to help organizations understand the threat... Read More →

Saturday April 26, 2025 3:45pm - 4:15pm PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

3:45pm PDT

Trawling for IOCs: Catching C2 in a Sea of Data

Saturday April 26, 2025 3:45pm - 4:15pm PDT

AMC IMAX

In the vast sea of security data, how do we efficiently find malicious activity and turn it into actionable intelligence? This presentation introduces data-driven detection engineering, showcasing a data-first approach to building detection rules and threat feeds.

Speakers

Moses Schwartz

Google

I'm a security engineer who does a lot of software engineering– or maybe it's the other way around? My team builds rules for Google Security Operations (SecOps) Curated Detections and threat feeds. My Passions: eliminating toil, unit testing, stopping bad guys.

Saturday April 26, 2025 3:45pm - 4:15pm PDT
AMC IMAX AMC at Metreon

Presentation, General

3:45pm PDT

Using AI to Discover Silently Patched Vulnerabilities in Open Source

Saturday April 26, 2025 3:45pm - 4:15pm PDT

AMC Theatre 11

We monitored public changelogs of popular open-source projects to detect unreported security fixes. We found 600+ vulnerabilities, 25% high or critical, with most never being reported. We achieved this by using dual LLM models to monitor change logs and verify the result with our security engineers.

Speakers

Mackenzie Jackson

Saturday April 26, 2025 3:45pm - 4:15pm PDT
AMC Theatre 11 AMC at Metreon

Presentation, General

4:00pm PDT

Secure Designs, UX Dragons, Vuln Dungeons - Application Security Weekly

Saturday April 26, 2025 4:00pm - 4:45pm PDT

AMC Theatre 13

Live recording for the Application Security Weekly podcast. We’ll explore the factors that influence a secure design, the challenges that influence security trade-offs, and the developer needs that influence security. Visit securityweekly.com/asw to see the episode archive and subscribe!

Speakers

Mike Shema

Application Security Weekly

Mike listens to synthwave, plays D&D, and hosts the Application Security Weekly podcast.

Kalyani Pawar

Saturday April 26, 2025 4:00pm - 4:45pm PDT
AMC Theatre 13 AMC at Metreon

Panel, Podcast

4:00pm PDT

Decentralized Communications: Deep-Dive into APRS and Meshtastic

Saturday April 26, 2025 4:00pm - 4:45pm PDT

AMC Theatre 06

This talk compares APRS and Meshtastic protocols for decentralized communications, examining their security models, vulnerabilities, and real-world applications. We will explore how these systems handle encryption, authentication, and their attack surface.

Speakers

Ankur Tyagi

Mayuresh Dani

Saturday April 26, 2025 4:00pm - 4:45pm PDT
AMC Theatre 06 AMC at Metreon

Presentation, Deep Dive

4:00pm PDT

Service Mesh Security: Shifting Focus to the Application Layer

Saturday April 26, 2025 4:00pm - 4:45pm PDT

AMC Theatre 14

Discover how Yelp's Infrastructure Security team transformed past challenges and failures into success by shifting authentication and authorization from the infrastructure to the application layer. Learn how this pragmatic approach met all security requirements applicable to Yelp's threat model.

Speakers

Daniel Popescu

Security Group Tech Lead, Yelp

Daniel Popescu is the Group Tech Lead for Security at Yelp where they are responsible for all facets of security. Previously he worked at Microsoft on non-security products, but has maintained a passion for security since his undergrad years at the University of California, Santa... Read More →

Saturday April 26, 2025 4:00pm - 4:45pm PDT
AMC Theatre 14 AMC at Metreon

Presentation, Deep Dive

4:00pm PDT

Friends of Bill W.

Saturday April 26, 2025 4:00pm - 5:00pm PDT

AMC Theatre 03

An ad-hoc meeting for Friends of Bill W.

Saturday April 26, 2025 4:00pm - 5:00pm PDT
AMC Theatre 03 AMC at Metreon

Meetup

4:30pm PDT

AI Won’t Help You Here

Saturday April 26, 2025 4:30pm - 5:00pm PDT

AMC Theatre 11

With "AI" advancements, we also experience potential overuse and a deterioration of trust. In this talk, we’ll discuss how AI has been abused (rather than used), challenges deploying AI in specific scenarios, and the different available approaches (hint: not all AI is GenAI) to address problem sets.

Speakers

Ian Amit

CEO, Gomboc.ai

Saturday April 26, 2025 4:30pm - 5:00pm PDT
AMC Theatre 11 AMC at Metreon

Presentation, General

4:30pm PDT

Blank Space: Filling the Gaps in Atomic and Behavioral Cloud-Specific IoCs

Saturday April 26, 2025 4:30pm - 5:00pm PDT

AMC Theatre 07

As cloud adoption grows, attackers exploit its unique attack surface. This talk explores atomic IOCs (e.g. IAM metadata, container IDs) and behavioral IOCs (e.g. API activity), featuring real-world examples like threat actor "Bapak" and insights to enhance cloud detection, hunting, and response.

Speakers

Merav Bar

Gili Tikochinski

Malware Researcher, Wiz

Saturday April 26, 2025 4:30pm - 5:00pm PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

4:30pm PDT

BSidesSF Plays Incident Response

Saturday April 26, 2025 4:30pm - 5:00pm PDT

AMC IMAX

INCIDENT DECLARED! As Incident Commander, team up with your product and privacy leads to navigate the response. Will you launch a forensics investigation? Draft a customer notice? You decide in this choose-your-adventure talk.

Speakers

Maya Kaczorowski

CEO, Oblique

Maya is a founder at Oblique. She is driven to make enterprise security tools that people actually want to use and that genuinely improve security.Maya was previously CPO at Tailscale, building zero trust networking that doesn't suck. Prior to that, she led product for software supply... Read More →

Whitney Merrill

Head of Global Privacy, Cybersecurity Legal, and Regulatory Compliance and the Data Protection Officer

Whitney Merrill is Head of Global Privacy, Cybersecurity Legal, and Regulatory Compliance and the Data Protection Officer at Asana. Previously, she was at a fintech company building their privacy program from scratch. Before that she was Privacy, eCommerce & Consumer Protection Counsel... Read More →

Saturday April 26, 2025 4:30pm - 5:00pm PDT
AMC IMAX AMC at Metreon

Presentation, General

4:30pm PDT

Dragging Out Dragons: Slaying Hidden Threats in Residential Proxies

Saturday April 26, 2025 4:30pm - 5:00pm PDT

AMC Theatre 09

Residential proxies are the weapon of choice for bots bypassing defenses by mimicking legit traffic. This talk unpacks how machine learning can expose and mitigate these threats at scale. Expect actionable insights for improving detections while minimizing false positives.

Speakers

Christo Roberts

Lead Strategic Solutions Engineer, Cloudflare

Saturday April 26, 2025 4:30pm - 5:00pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

5:00pm PDT

Can Cyber Mercenaries and Human Rights Coexist?

Saturday April 26, 2025 5:00pm - 5:45pm PDT

AMC Theatre 13

Cyber Mercenaries have become a favorite tactic of nation states around the world in the past decade. They spy on activists, civil society, and journalists. They work with countries that have no regard for human rights. This panel of infosec leaders will discuss the problem and potential solutions.

Speakers

Bill Marczak

Cooper Quintin

Sr. Staff Technologist, Electronic Frontier Foundation

Eva Galperin

Director of Cybersecurity, Electronic Frontier Foundation

Saturday April 26, 2025 5:00pm - 5:45pm PDT
AMC Theatre 13 AMC at Metreon

Panel

5:00pm PDT

Netsec is Dead(?): Modern Network Fingerprinting for Real-World Defense

Saturday April 26, 2025 5:00pm - 5:45pm PDT

AMC Theatre 14

From p0f to MuonFP and JA4+, learn how network fingerprinting evolved. See how each step helps security teams spot malicious traffic, detect scanners, and more. Attendees gain real-world use cases and practical tips to deploy fingerprinting for monitoring and threat hunting.

Speakers

Vlad Iliushin

ELLIO

Saturday April 26, 2025 5:00pm - 5:45pm PDT
AMC Theatre 14 AMC at Metreon

Presentation, Deep Dive

5:15pm PDT

Mind vs Machine: The Role of Human Psychology and AI in Security Culture

Saturday April 26, 2025 5:15pm - 5:45pm PDT

AMC Theatre 11

Security policies must consider human psychological traits for effectiveness. We'll contrast this with security needs for Non-Human Identities and argue that AI has its own "psychological traits" requiring tailored approaches to secure systems against AI-specific threats.

Speakers

Anubha Nagawat

Ashutosh Gupta

Saturday April 26, 2025 5:15pm - 5:45pm PDT
AMC Theatre 11 AMC at Metreon

Presentation, General

5:15pm PDT

Your Intrusion Detection Still Sucks (And What to Do About It)

Saturday April 26, 2025 5:15pm - 5:45pm PDT

AMC Theatre 09

Intrusion detection at scale hasn't improved much in the last decade and I'm here to share hot takes about improving our collective lack of significant progress. I'll discuss some pragmatic concepts that you can implement today, without AI or next-gen vaporware.

Speakers

Jason Craig

Director, D&R, Remitly

Jason is a unicorn enthusiast and enjoys coffee, thrunting, and late apexes. Jason has worked for a few org’s you'd recognize.

Saturday April 26, 2025 5:15pm - 5:45pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

5:30pm PDT

Happy Hour

Saturday April 26, 2025 5:30pm - 6:30pm PDT

Participant Hall

Once the last talks of Saturday are done, head to the Bar and Chill Out Space to toast a successful first day of the event!

Sponsors

Wiz

Gold, Saturday Evening Social

Saturday April 26, 2025 5:30pm - 6:30pm PDT
Participant Hall City View at Metreon

Food & Drink, Bar

6:30pm PDT

Party

Saturday April 26, 2025 6:30pm - 9:30pm PDT

Participant Hall

It wouldn’t be a BSidesSF event without the Saturday night party! This year’s party features all that you’ve come to expect — great appetizers/snacks, drinks, music, games, and conversation. This year we also have a surprise up our sleeve to make this an unforgettable event! Don’t miss it!

Sponsors

Wiz

Gold, Saturday Evening Social

Saturday April 26, 2025 6:30pm - 9:30pm PDT
Participant Hall City View at Metreon

Food & Drink, Embarcadero

9:00am PDT

Breakfast

Sunday April 27, 2025 9:00am - 10:00am PDT

Participant Hall / City View Tent

Breakfast and lunch are served in the Participant Hall
and in the tent on the terrace.

Sunday April 27, 2025 9:00am - 10:00am PDT
Participant Hall / City View Tent City View at Metreon

Food & Drink

9:00am PDT

Espresso & Coffee

Sunday April 27, 2025 9:00am - 3:00pm PDT

Participant Hall

Three barista stations are located within the Participant Hall. Stop by for an espresso drink of your choosing! Drip coffee and water are available all day throughout the Participant Hall.

Sponsors

DeepTempo

Espresso & Coffee

Vanta

Silver, Espresso & Coffee

Sunday April 27, 2025 9:00am - 3:00pm PDT
Participant Hall City View at Metreon

Food & Drink

9:00am PDT

Capture the Flag

Sunday April 27, 2025 9:00am - 4:00pm PDT

Participant Hall / Twin Peaks

Sponsors

Adobe

Capture the Flag

Sunday April 27, 2025 9:00am - 4:00pm PDT
Participant Hall / Twin Peaks City View at Metreon

Village, CTF

9:00am PDT

Participant Hall

Sunday April 27, 2025 9:00am - 5:00pm PDT

City View at Metreon

Sunday April 27, 2025 9:00am - 5:00pm PDT
City View at Metreon City View at Metreon

9:00am PDT

(ISC)2 Silicon Valley

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

(ISC)2 Silicon Valley is a dynamic community of cybersecurity professionals dedicated to advancing the greater San Francisco Bay Area.

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Community Organization

9:00am PDT

Electronic Frontier Foundation (EFF)

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Community Organization

9:00am PDT

Pacific Hackers Association

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Community Organization

9:00am PDT

Secure Diversity/Day of Shecurity

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Community Organization

9:00am PDT

WiCyS

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Community Organization

9:00am PDT

WISP

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

Women in Security and Privacy (WISP)'s mission is to advance women and underrepresented communities to lead the future of privacy and security.

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Community Organization

9:00am PDT

Bar and Chill Out

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

Enjoy a break from the day’s events with a drink of your choice in the Bar & Chill-Out Space. Two pre-paid complimentary drink tickets were provided at registration.

Sponsors

Chainguard

Daytime Social (Sun)

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Food & Drink, Bar

9:00am PDT

Headshots

Sunday April 27, 2025 9:00am - 5:00pm PDT

AMC Concessions

Need a new headshot? If so, we’ve got you covered! Stop by for a free, professional headshot. Headshots are offered on a first come, first serve basis.

Sponsors

Opal Security

Headshots

Sunday April 27, 2025 9:00am - 5:00pm PDT
AMC Concessions AMC at Metreon

General

9:00am PDT

Info Desk

Sunday April 27, 2025 9:00am - 5:00pm PDT

City View Lobby

Have a question or comment about the event that you’d like to share? Drop by the Info Desk and chat with members of the BSidesSF staff and volunteer teams.

Sunday April 27, 2025 9:00am - 5:00pm PDT
City View Lobby City View at Metreon

General

9:00am PDT

Lounge

Sunday April 27, 2025 9:00am - 5:00pm PDT

City View Terrace

Break away from the day’s talks and events to spend a bit of time outside enjoying the SF skyline. The Lounge offers comfortable seating where you can eat, drink, and socialize.

Sponsors

Chainguard

Daytime Social (Sun)

Sunday April 27, 2025 9:00am - 5:00pm PDT
City View Terrace City View at Metreon

General

9:00am PDT

Prayer & Mother's Room

Sunday April 27, 2025 9:00am - 5:00pm PDT

City View Lobby

Need a quiet place for prayer or mothering duties? Ask at the Info Desk, and we can guide you to a private location.

Sunday April 27, 2025 9:00am - 5:00pm PDT
City View Lobby City View at Metreon

General

9:00am PDT

Registration

Sunday April 27, 2025 9:00am - 5:00pm PDT

AMC Concessions

Sunday April 27, 2025 9:00am - 5:00pm PDT
AMC Concessions AMC at Metreon

General

9:00am PDT

Adversary Village

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Village

9:00am PDT

Bug Bounty Village

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Village

9:00am PDT

Career Village

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Village

9:00am PDT

Cloud Village

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Village

9:00am PDT

Crypto & Privacy Village

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Village

9:00am PDT

Embedded Systems Village

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Village

9:00am PDT

Hardware Challenge Village

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Village

9:00am PDT

IoT Village

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

IoT Village advocates for advancing security in the Internet
of Things (IoT) industry through bringing researchers
and industry together. Brought to you by Independent Security Evaluators (ISE).

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Village

9:00am PDT

Lockpick Village

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Village

9:00am PDT

Villages

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

Villages are back! Come participate with multiple different hands-on opportunities to learn and practice new skills or share your knowledge.

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Village

9:00am PDT

AI Village

Sunday April 27, 2025 9:00am - 5:00pm PDT

Participant Hall

Sunday April 27, 2025 9:00am - 5:00pm PDT
Participant Hall City View at Metreon

Village/AI

9:00am PDT

T-Shirt Sales

Sunday April 27, 2025 9:00am - 5:30pm PDT

Coat Check

Sunday April 27, 2025 9:00am - 5:30pm PDT
Coat Check City View at Metreon

General

9:00am PDT

Coat Check

Sunday April 27, 2025 9:00am - 7:00pm PDT

Coat Check

Secure storage for your personal belongings is available for all participants. Please remember to pick up your items before the end of the event!

Sunday April 27, 2025 9:00am - 7:00pm PDT
Coat Check City View at Metreon

General

10:00am PDT

Opening Remarks

Sunday April 27, 2025 10:00am - 10:15am PDT

AMC IMAX

Welcome to day two of BSidesSF 2025!

Sunday April 27, 2025 10:00am - 10:15am PDT
AMC IMAX AMC at Metreon

10:15am PDT

Fire, Brimstone, and Bad Security Decisions

Sunday April 27, 2025 10:15am - 11:00am PDT

AMC IMAX

An important facet of resilience in cybersecurity has to do with recovery from making wrong decisions, such as a strategic choice in policy, design, architecture, or even procurement. How do you back out of something that seemed like a good idea at the time, but that you now realize is creating problems? And how can we stay curious in the face of being wrong, as well as design security for the future to make redirection easier? This session covers the need to plan for human fallibility – and may itself be wrong …

Speakers

Wendy Nather

Senior Research Initiatives Director, 1Password

Wendy Nather is the Senior Research Initiatives Director at 1Password. She was previously the Director of Advisory CISOs at Duo Security, Research Director at the Retail ISAC, and Research Director of the Information Security Practice at 451 Research. Wendy led IT security for the... Read More →

Sunday April 27, 2025 10:15am - 11:00am PDT
AMC IMAX AMC at Metreon

Keynote

10:30am PDT

Connect with Women in CyberSecurity (WiCyS)

Sunday April 27, 2025 10:30am - 11:15am PDT

AMC Theatre 03

Connect and network with Women in CyberSecurity (WiCyS). Learn about the organization and how we help Recruit, Retain, and Advance Women in CyberSecurity.

Sunday April 27, 2025 10:30am - 11:15am PDT
AMC Theatre 03 AMC at Metreon

Meetup

11:00am PDT

Pacific Hackers

Sunday April 27, 2025 11:00am - 11:45am PDT

AMC Theatre 03

Come join Pacific Hackers for a casual meetup!

Sunday April 27, 2025 11:00am - 11:45am PDT
AMC Theatre 03 AMC at Metreon

Meetup

11:15am PDT

Not Every Groundbreaking Idea Needs to Become a Billion-Dollar Startup

Sunday April 27, 2025 11:15am - 11:45am PDT

AMC IMAX

The cybersecurity industry has 5,000+ startups yet many key problems are overlooked for not being "venture scale." This talk explores alternative paths (bootstrapping, Silicon Valley Small Businesses) and why niche markets and smaller ideas can drive impactful solutions without unicorn pressure.

Speakers

Ross Haleliuk

Co-founder, Stealth

Sunday April 27, 2025 11:15am - 11:45am PDT
AMC IMAX AMC at Metreon

Presentation, General

11:15am PDT

The Four Tribes of Security Champions

Sunday April 27, 2025 11:15am - 11:45am PDT

AMC Theatre 07

“The Four Tribes of Security Champions” is a framework to describe successful security champion programs. The tribes include: The Apprentices, The Fan Club, The Learners, and The Sentinels. We’ll explore a benchmarking tool for each tribe to pick which approach is right for you!

Speakers

Marisa Fagan

Head of Product, Katilyst

Marisa Fagan is Head of Product at a “security champions as a service” startup called Katilyst. She works on building security into the SDLC and empowering developers to own secure code. Previously, she has worked as a security culture expert at places like Atlassian, Salesforce... Read More →

Sunday April 27, 2025 11:15am - 11:45am PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

11:15am PDT

The Growing Crisis in CVE Data Quality

Sunday April 27, 2025 11:15am - 11:45am PDT

AMC Theatre 09

Explore the escalating issues in CVE data: inconsistent reporting, low-quality submissions, and outdated info. Learn why these threaten cybersecurity and what solutions can restore trust in this critical database.

Speakers

Jerry Gamblin

Cisco

Sunday April 27, 2025 11:15am - 11:45am PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

11:15am PDT

AI Dragons: Threats, Risks, and What We Can Do About Them

Sunday April 27, 2025 11:15am - 12:00pm PDT

AMC Theatre 01

During the session, we'll explore how AI systems can pose risks to organizational security and user safety. Attendees will gain insights on AI's role in modern security and actionable strategies to safeguard organizations. Join us to learn about AI threats and ways to secure digital ecosystems.

Speakers

Tanya Janca

Staff DevRel, Semgrep

Tanya Janca, aka SheHacksPurple, is the best-selling author of 'Alice and Bob Learn Secure Coding', 'Alice and Bob Learn Application Security’ and the ‘AppSec Antics’ card game. Over her 28-year IT career she has won countless awards (including OWASP Lifetime Distinguished Member... Read More →

Sunday April 27, 2025 11:15am - 12:00pm PDT
AMC Theatre 01 AMC at Metreon

Birds of a Feather

11:15am PDT

How are System Defenders Effectively Using LLMs?

Sunday April 27, 2025 11:15am - 12:00pm PDT

AMC Theatre 02

This BoF session brings together defensive security practitioners who are actively working with LLMs to share real-world successes, challenges, and future visions. Most teams seem to focus on reducing toil, but surely there are more interesting ways LLMs can be utilized? Come find out!

Speakers

Doug Wilson

Sunday April 27, 2025 11:15am - 12:00pm PDT
AMC Theatre 02 AMC at Metreon

Birds of a Feather

11:15am PDT

Global BSides Organizers Meetup

Sunday April 27, 2025 11:15am - 12:15pm PDT

AMC Theatre 03

BSides Organizers from around the world, come and chat. Just like at BSidesLV this is a time and place to gather and share thoughts, ideas, ask questions, and meet your peer organizers.

Speakers

Ricky

Organizer, Security Generalist, BSidesSF

Reed Loden

Reed Loden is an information security expert, researcher, hacker, and developer. With over 15+ years of security experience, he focuses on protecting the products and services of various organizations.Reed has worked to secure companies including Teleport, HackerOne, Lookout Mobile... Read More →

Sunday April 27, 2025 11:15am - 12:15pm PDT
AMC Theatre 03 AMC at Metreon

Meetup

11:30am PDT

Mind the Gap: Career Growth and Management for Security Engineers

Sunday April 27, 2025 11:30am - 12:15pm PDT

AMC Theatre 13

Join us as we discuss the good, the bad, and the ugly of career management in security engineering! Our panel of engineers and leaders will share stories about identifying opportunities, overcoming challenges, and setting yourself up for long-term success in the security industry.

Speakers

Josh Liburdi

Principal Engineer, Security Operations, DoorDash

Josh Liburdi is a security engineer at DoorDash who focuses on security operations. He has more than a decade of industry experience and has worked at several diverse organizations, including Brex, Target, and CrowdStrike. He also presents at security conferences (BSides NYC & SF... Read More →

Elle McKenna

security + IT leader, somewhere smallish :)

i’m a nonbinary person (they/them) based in oakland, ca. i’m passionate about creating shareholder value, and in my free time i like to create shareholder value. i would love it if people talked to me about creating shareholder value; ask me about business, numbers, charts!

Sarai Rosenberg

Head of Cloud Security ☁️🔒, Netflix

Sarai Rosenberg leads Netflix Clod Security. Sarai became an expert on managing people (YES IT'S WEIRD TO SAY THAT) due to her passion for equitably enabling her teams to do their best work, and her bizarre collection of special interests. As a mathematician, she's excited by untangling... Read More →

Andrew Kline

Senior Security Engineer, Brex

Andrew is a security engineer at Brex where he does D&R and cloud/infrastructure security. He started his career in security consulting, primarily at Crypsis/Unit 42 (PANW), where he handled a variety incidents and security engineering projects for clients before launching an internal... Read More →

Sunday April 27, 2025 11:30am - 12:15pm PDT
AMC Theatre 13 AMC at Metreon

Panel

11:30am PDT

Don’t Sh*t-Left: How to Actually Shift-Left

Sunday April 27, 2025 11:30am - 12:15pm PDT

AMC Theatre 14

Shift-left sounds great — catch issues early, save time, empower devs — but too often it backfires, creating noise and chaos. Learn from real-world fails, laugh at sh*t-left stories, and discover practical strategies to make shift-left work. Let’s fix AppSec, one bug at a time.

Speakers

Ahmad Sadeddin

CEO, Corgea

Ahmad is the CEO at Corgea. He's a 3x founder with 1 exit. He's been coding since he was 12 and loves building software solutions to solve deep customer problems. In his spare time (very little of), he loves to BBQ and spend time with family and friends.

Sunday April 27, 2025 11:30am - 12:15pm PDT
AMC Theatre 14 AMC at Metreon

Presentation, Deep Dive

11:30am PDT

Effective Handling of Third-Party Supplier Incidents

Sunday April 27, 2025 11:30am - 12:15pm PDT

AMC Theatre 06

Discover efficient incident handling strategies for third-party supplier incidents. Learn the importance of a predefined process and collaboration between risk management and incident response teams. Gain insights into key decision-making considerations and elevate your IR capabilities.

Speakers

Kasturi Puramwar

Information Security Manager, Equinix

Sunday April 27, 2025 11:30am - 12:15pm PDT
AMC Theatre 06 AMC at Metreon

Presentation, Deep Dive

11:30am PDT

When AI Goes Awry: Responding to AI Incidents

Sunday April 27, 2025 11:30am - 12:15pm PDT

AMC Theatre 11

This talk details challenges in incident response for AI systems, including insufficient logging, visibility, and accountability, as well as the risks of data exposure and prompt injection. We examine a case of RAG-enabled LLM and propose triaging strategies and improved IR practices for mitigation.

Speakers

Eoin Wickens

Director of Threat Intelligence, HiddenLayer

Eoin Wickens is the Technical Research Director - Field at HiddenLayer, where he both researches and speaks about security for artificial intelligence and machine learning. He has previously worked in threat research, threat intelligence and malware reverse engineering and has been... Read More →

Marta Janus

Principal Researcher, HiddenLayer

Marta is a Principal Researcher at HiddenLayer, focused on investigating adversarial machine learning attacks and the overall security of AI-based solutions. Prior to HiddenLayer, Marta spent over a decade working as a researcher for leading anti-virus vendors. She has extensive experience... Read More →

Sunday April 27, 2025 11:30am - 12:15pm PDT
AMC Theatre 11 AMC at Metreon

Presentation, Deep Dive

12:00pm PDT

Preparing for Dragons: Don’t Sharpen Swords. Set Traps, Gather Supplies!

Sunday April 27, 2025 12:00pm - 12:30pm PDT

AMC IMAX

Most people aren’t dragon slayers. There are dragon slayers out there, but they’re not us. EDR isn’t a dragon slayer. Neither is the SOC. That’s okay — when the dragon comes, the goal should be *survival,* not going out in a blaze of glory.

Speakers

Adrian Sanabria

Principal Researcher, Defenders Initiative

Adrian is a successful generalist with over two decades of experience hacking, fixing, breaking, building, and teaching in InfoSec. He’s always trying to see the big picture and figure out the best security strategies. Despite all these years in the industry, he is still optimistic... Read More →

Sunday April 27, 2025 12:00pm - 12:30pm PDT
AMC IMAX AMC at Metreon

Presentation, General

12:00pm PDT

The Product Security Imperative: Lessons from CISA

Sunday April 27, 2025 12:00pm - 12:30pm PDT

AMC Theatre 09

Policymakers worldwide have recently taken up product security, making topics like memory safety prominent. In this talk, hear from former CISA Senior Advisor Jack Cable on lessons learned leading CISA's Secure by Design initiative, and what a shift towards product security means for the industry.

Speakers

Jack Cable

CEO & Co-Founder, Corridor

Jack Cable is the CEO and Co-Founder of Corridor. Corridor is the AI-powered Secure by Design platform and is backed by Conviction, Alex Stamos, and Christina Cacioppo. Prior to starting Corridor, Jack served as a Senior Technical Advisor at CISA, where he led the agency’s Secure... Read More →

Sunday April 27, 2025 12:00pm - 12:30pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

12:00pm PDT

Trust Engineering: Building Security Leadership at Early-Stage Startups

Sunday April 27, 2025 12:00pm - 12:30pm PDT

AMC Theatre 07

Being the first security leader at a startup is a wild ride. This talk explores "Trust Engineering," a hands-on approach to earn trust, navigate chaos, and build a security foundation with limited resources. Learn how to handle executive expectations and support fast-paced growth.

Speakers

Mike Privette

Cybersecurity Economist, Return on Security

Mike Privette is a former CISO turned cybersecurity economist and the creator of Return on Security, a weekly market intelligence newsletter read by thousands of cybersecurity leaders, founders, and investors.He previously led security at Passport Labs, served as a Divisional CISO... Read More →

Sunday April 27, 2025 12:00pm - 12:30pm PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

12:00pm PDT

Lunch

Sunday April 27, 2025 12:00pm - 1:30pm PDT

Participant Hall / City View Tent

Breakfast and lunch are served in the Participant Hall
and in the tent on the terrace.

Sunday April 27, 2025 12:00pm - 1:30pm PDT
Participant Hall / City View Tent City View at Metreon

Food & Drink

12:30pm PDT

Cloud Security Meetup

Sunday April 27, 2025 12:30pm - 1:00pm PDT

AMC Theatre 03

Come join us to meet and connect with like-minded people in the cloud & AI security industry. No lunch will be served.

Sunday April 27, 2025 12:30pm - 1:00pm PDT
AMC Theatre 03 AMC at Metreon

Meetup

12:30pm PDT

LLM Mayhem: Hands-on Red Teaming LLM-Powered Chatbots

Sunday April 27, 2025 12:30pm - 2:30pm PDT

AMC Theatre 02

See registration to determine current session availability. Event filled in Sched to limit confusion.
YOU ARE REQUIRED TO REGISTER AT https://bsidessf.regfox.com/2025 TO ATTEND THIS WORKSHOP (i.e. this session cannot be reserved with Sched)
-----
Join us in this workshop to engage in hands-on attacks to identify weaknesses in AI-driven chatbots. If you’re interested in learning about getting started in red teaming generative AI systems, this is the workshop for you.

Speakers

Travis Smith

Jack Parker

Sunday April 27, 2025 12:30pm - 2:30pm PDT
AMC Theatre 02 AMC at Metreon

Workshop

12:30pm PDT

Purple Teaming Okta Detections

Sunday April 27, 2025 12:30pm - 2:30pm PDT

AMC Theatre 01

See registration to determine current session availability. Event filled in Sched to limit confusion.
YOU ARE REQUIRED TO REGISTER AT https://bsidessf.regfox.com/2025 TO ATTEND THIS WORKSHOP (i.e. this session cannot be reserved with Sched)
-----
In this hands-on workshop, we will show attendees how to onboard Okta logs into a SIEM and write detections as well as test them using open source adversary emulation tools. A basic understanding of YAML and writing detections is helpful, but not required.

Speakers

Ken Westin

Senior Solutions Engineer, LimaCharlie

Ken is a creative technologist with 16 years experience building and breaking things through the use/misuse of technology. His technology exploits and endeavors have been featured in Forbes, Good Morning America, Dateline, New York Times, The Economist and others. He has presented... Read More →

Sunday April 27, 2025 12:30pm - 2:30pm PDT
AMC Theatre 01 AMC at Metreon

Workshop

1:15pm PDT

State of (Absolute) AppSec

Sunday April 27, 2025 1:15pm - 2:00pm PDT

AMC Theatre 13

Join Seth Law (@sethlaw) and Ken Johnson (@cktricky), co-hosts of the Absolute AppSec Podcast, for a panel discussion on the current state of application and product security for 2025.

Speakers

Seth Law

Ariel Shin

Lakshmi Sudheer

Engineering Manager, AppSec, Netflix

Lakshmi currently leads Netflix’s Application Security team. She has over a decade of security experience and has presented at numerous conferences, including AppSec USA and DEF CON. She’s a strong proponent of “secure-by-default” practices and crowdsourced security, and she’s... Read More →

Ken Johnson

CTO & Co-Founder, DryRun Security

Ken Johnson has been hacking web applications professionally for 14 years and given security training for 11 of those years. Ken is both a breaker and builder and is the CTO & Co-Founder of DryRun Security. Previously, Ken was a Director with GitHub's Product Security Engineering... Read More →

Sunday April 27, 2025 1:15pm - 2:00pm PDT
AMC Theatre 13 AMC at Metreon

Panel

1:15pm PDT

AI's Bitter Lesson for SOCs: Let Machines Be Machines

Sunday April 27, 2025 1:15pm - 2:00pm PDT

AMC Theatre 11

We've been forcing AI to imitate human analyst workflows, but what if that's holding both machines and humans back? Through real-world experiments at Anthropic, we'll show how letting AI tackle security problems its own way can allow humans to focus on the nuanced work machines can't do (yet).

Speakers

Jackie Bow

Technical Staff, Anthropic

Peter Sanford

Sunday April 27, 2025 1:15pm - 2:00pm PDT
AMC Theatre 11 AMC at Metreon

Presentation, Deep Dive

1:15pm PDT

Confidential Computing: Protecting Customer Data in the Cloud

Sunday April 27, 2025 1:15pm - 2:00pm PDT

AMC Theatre 14

Ever wonder how your data is really handled in the cloud? Confidential Computing gives you an answer by isolating your data and cryptographically proving what code was run. This talk dives into the hardware and software behind Confidential Computing, and how to ship it in real-world cases.

Speakers

Jordan Mecom

Sunday April 27, 2025 1:15pm - 2:00pm PDT
AMC Theatre 14 AMC at Metreon

Presentation, Deep Dive

1:15pm PDT

CyberCAN: A Roadmap for Municipal Support of Nonprofit Cybersecurity in SF

Sunday April 27, 2025 1:15pm - 2:00pm PDT

AMC Theatre 06

UC Berkeley studied 68 San Francisco nonprofits to assess their cybersecurity needs, resources, and adoption of protective controls. Our findings include actionable recommendations for the City of San Francisco to improve support for nonprofits and boost resilience against growing cyber threats.

Speakers

Sarah Powazek

UC Berkeley CLTC

Sarah Powazek is the Program Director of Public Interest Cybersecurity at the UC Berkeley Center for Long-Term Cybersecurity (CLTC), where she leads flagship policy and research work to help under-resourced public interest organizations improve their defenses. Sarah co-leads the Consortium... Read More →

Shannon Pierson

Senior Fellow of Public Interest Cybersecurity, UC Berkeley Center for Long-Term Cybersecurity

Shannon Pierson is a senior fellow of Public Interest Cybersecurity at the UC Berkeley Center for Long-Term Cybersecurity (CLTC), where she leads research initiatives focused on strengthening the cybersecurity of organizations that often fall through the cracks of cyber defense—namely... Read More →

Sunday April 27, 2025 1:15pm - 2:00pm PDT
AMC Theatre 06 AMC at Metreon

Presentation, Deep Dive

1:30pm PDT

Iron-Clad PKI: Crypto Agility for the Quantum Era

Sunday April 27, 2025 1:30pm - 2:00pm PDT

AMC Theatre 07

Quantum computing is breaking RSA/ECC; your PKI is at risk! Learn strategies to align with NIST PQC standards and secure your cryptographic resilience for the post-quantum era.

Speakers

Prasanth Sundararajan

Head of Product Security, Appviewx Inc

Sunday April 27, 2025 1:30pm - 2:00pm PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

1:30pm PDT

Lessons from Running a Product Security-Focused Cybersecurity Clinic

Sunday April 27, 2025 1:30pm - 2:00pm PDT

AMC Theatre 09

We established Stanford's product security clinic in 2023 to help community organizations secure the software services they offer, diverging from traditional university cybersecurity clinics that focus on corporate security. Here's what we learned from our first two years of operation.

Speakers

Aditya Saligrama

Joey Holtzman

Sunday April 27, 2025 1:30pm - 2:00pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

1:30pm PDT

The Power of Persuasion: Better Security Through... Manipulation?

Sunday April 27, 2025 1:30pm - 2:00pm PDT

AMC IMAX

Security’s weakest link comes with ten fingers, ten toes and an uncanny ability to find ways past your thoughtfully implemented controls. Learn well-tested psychology principles that drive positive security outcomes. From social proof to reciprocity, small changes in approach bring outsized results.

Speakers

Nate Lee

Sunday April 27, 2025 1:30pm - 2:00pm PDT
AMC IMAX AMC at Metreon

Presentation, General

1:30pm PDT

Day of Shecurity

Sunday April 27, 2025 1:30pm - 2:30pm PDT

AMC Theatre 03

Interested in Day of Shecurity/Security Diversity? Welcome to anyone who has attended an event before or are curious to attend in the future.

Sunday April 27, 2025 1:30pm - 2:30pm PDT
AMC Theatre 03 AMC at Metreon

Meetup

2:15pm PDT

Don't Trust, Verify! - How I Found a CSRF Bug Hiding in Plain Sight

Sunday April 27, 2025 2:15pm - 2:45pm PDT

AMC Theatre 14

This talk explores the discovery of a long-standing CSRF (Cross-Site Request Forgery) vulnerability in the popular gorilla/csrf Go library. The goal is to encourage the audience to perform vulnerability research experiments in their own commonly used tools.

Speakers

Patrick O'Doherty

Member of Technical Staff, Tailscale

Sunday April 27, 2025 2:15pm - 2:45pm PDT
AMC Theatre 14 AMC at Metreon

Presentation, General

2:15pm PDT

Mapping the SaaS Attack Surface

Sunday April 27, 2025 2:15pm - 2:45pm PDT

AMC Theatre 07

In this presentation, attendees will be introduced to the concept of SaaS attack surface mapping. We will conduct an analysis of current techniques while also unveiling novel approaches that have not been previously disclosed. We will release an open-source tool designed to implement this.

Speakers

Jaime Blasco

Cofounder / CTO, Nudge Security

Jaime Blasco is known for his security research and efforts to enable more collaborative threat-intelligence sharing. He is CTO and co-founder of Nudge Security. Using a patented, network-less approach to SaaS discovery and governance, Nudge Security drives meaningful behavioral change that strengthens SaaS security postures without disrupting the pace of work. Previously, he led the threat intelligence and data science unit at AT&T Alien Labs. Pr... Read More →

Sunday April 27, 2025 2:15pm - 2:45pm PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

2:15pm PDT

Radical Results: A Security Org's Version of Radical Candor

Sunday April 27, 2025 2:15pm - 2:45pm PDT

AMC IMAX

Security practitioners are put in tough positions whether you're new to security or an experienced CISO. Based on "Radical Candor", you'll leave this talk with new perspective on the way security teams are perceived by their peers and how to optimize the good and minimize the unavoidable bad.

Speakers

Evan Johnson

CEO, RunReveal

Sunday April 27, 2025 2:15pm - 2:45pm PDT
AMC IMAX AMC at Metreon

Presentation, General

2:15pm PDT

Third-party Risk Management: SOC 2s, Security Questionnaires, and Psychosis

Sunday April 27, 2025 2:15pm - 2:45pm PDT

AMC Theatre 09

Condemning “check-box” vendor risk management and security questionnaires is a hot talking point nowadays. This talk will discuss the related but distinct problems in the TPRM space and offer practical, creative solutions to help deliver high-value outcomes via third-party risk management.

Speakers

Eleanor Mount

Security Risk and Compliance Manager, Asana

Eleanor is a Security Risk and Compliance Manager at Asana, where she has helped build and scale GRC programs from the ground up, including risk management, customer trust, and the implementation of new security compliance frameworks. Prior to Asana, she worked in the health technology... Read More →

Sunday April 27, 2025 2:15pm - 2:45pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

2:15pm PDT

Sponsor Passport Raffle

Sunday April 27, 2025 2:15pm - 3:00pm PDT

Participant Hall

Sunday April 27, 2025 2:15pm - 3:00pm PDT
Participant Hall City View at Metreon

General

2:15pm PDT

CISO Series Podcast - LIVE!

Sunday April 27, 2025 2:15pm - 3:00pm PDT

AMC Theatre 13

Live audience recording of the CISO Series Podcast packed with CISO debate, questions from the audience, "What's Worse?!," and last year's favorite, "What is Dave's Mom Talking About?"

Note: This talk begins with a quick photo with the audience; they will ask if anyone is uncomfortable with it. Overflow will not be photographed.

Speakers

David Spark

Producer, CISO Series

David Spark is the producer of the CISO Series, a media channel of blogs, podcasts, and videos all on the cybersecurity ecosystem. Less than a year old, the CISO Series has hit a nerve in the InfoSec industry as it has acted as a much needed mouthpiece for the dysfunctional yet much... Read More →

Andy Ellis

Alexandra Landegger

Sunday April 27, 2025 2:15pm - 3:00pm PDT
AMC Theatre 13 AMC at Metreon

Panel, Podcast

2:15pm PDT

Compliance Without the Chaos: Building It Right Into Your DevOps Pipeline

Sunday April 27, 2025 2:15pm - 3:00pm PDT

AMC Theatre 06

Compliance often feels like the party crasher in the DevOps world- unwanted, and slowing everyone down. But what if compliance could be an insider, seamlessly fitting into your CI/CD pipeline without breaking a sweat? In this talk, we’ll tackle the age-old battle between engineers and compliance.

Speakers

Varun Gurnaney

Staff Security Engineer, GRC Engineering

Security Engineer in of San Francisco. Previously held security roles at Robinhood, Zendesk and EY. I didn’t watch the eclipse

Sunday April 27, 2025 2:15pm - 3:00pm PDT
AMC Theatre 06 AMC at Metreon

Presentation, Deep Dive

2:15pm PDT

Securing AI Agents: Exploring Critical Threats and Exploitation Techniques

Sunday April 27, 2025 2:15pm - 3:00pm PDT

AMC Theatre 11

Our talk will focus on securing autonomous AI agents by addressing their unique threats. We will dive into threat modeling of real-world autonomous AI systems, model poisoning attacks with hacking demos, and then explore advanced prompt injection techniques and mitigation strategies.

Speakers

Naveen Konrajankuppam Mahavishnu

Mohankumar Vengatachalam

Sunday April 27, 2025 2:15pm - 3:00pm PDT
AMC Theatre 11 AMC at Metreon

Presentation, Deep Dive

2:45pm PDT

Building Adversary Emulation Capabilities in Your Organization

Sunday April 27, 2025 2:45pm - 4:45pm PDT

AMC Theatre 02

See registration to determine current session availability. Event filled in Sched to limit confusion.
YOU ARE REQUIRED TO REGISTER AT https://bsidessf.regfox.com/2025 TO ATTEND THIS WORKSHOP (i.e. this session cannot be reserved with Sched)
-----
This hands-on workshop equips participants to emulate real-world threat actors in a controlled lab with enterprise-grade defenses (AV, EDR, web proxies). Topics include threat intelligence, adversary emulation planning, threat hunting, custom simulations, and assessing security controls.

Speakers

Abhijith "Abx" B R

Sunday April 27, 2025 2:45pm - 4:45pm PDT
AMC Theatre 02 AMC at Metreon

Workshop

2:45pm PDT

Harnessing GenAI for Cutting-Edge Detection Engineering

Sunday April 27, 2025 2:45pm - 4:45pm PDT

AMC Theatre 01

See registration to determine current session availability. Event filled in Sched to limit confusion.
YOU ARE REQUIRED TO REGISTER AT https://bsidessf.regfox.com/2025 TO ATTEND THIS WORKSHOP (i.e. this session cannot be reserved with Sched)
-----
As adversary tactics evolve, detection must keep pace. This workshop shows how GenAI generates high-fidelity detection rules, automates TTP analysis, and translates threat intel into platform-agnostic detections. Learn to optimize rules, analyze threat data, and identify threats with precision.

Speakers

Matt Bromiley

Sunday April 27, 2025 2:45pm - 4:45pm PDT
AMC Theatre 01 AMC at Metreon

Workshop

3:00pm PDT

A Deep Dive into the Triad Nexus Pig Butchering & Money Laundering Network

Sunday April 27, 2025 3:00pm - 3:30pm PDT

AMC IMAX

The presentation will cover research into pig butchering scams connected to FUNNULL CDN-hosted money laundering, retail phishing campaigns targeting luxury brands, and more. Technical analysis steps will be provided and explained in-depth as we cover this threat which we have dubbed “Triad Nexus."

Speakers

Zach Edwards

Sunday April 27, 2025 3:00pm - 3:30pm PDT
AMC IMAX AMC at Metreon

Presentation, General

3:00pm PDT

Care and Feeding of HSMs: Key Management in Hard Mode

Sunday April 27, 2025 3:00pm - 3:30pm PDT

AMC Theatre 14

Cryptography's dirty secret: your security is only as strong as your key management. Dive into the treacherous world of HSMs, which promise salvation but deliver operational nightmares and hidden costs. HSMs: not for the faint of heart!

Speakers

Nick Pelis

Security Engineering Manager, Verkada

Sunday April 27, 2025 3:00pm - 3:30pm PDT
AMC Theatre 14 AMC at Metreon

Presentation, General

3:00pm PDT

Intro to Privacy-Enhancing Technologies (PETs)

Sunday April 27, 2025 3:00pm - 3:30pm PDT

AMC Theatre 07

Privacy-Enhancing Technologies (PETs) are transforming data handling by ensuring privacy and security throughout the data lifecycle. This talk explores the latest advancements in PETs, focusing on Secure Multiparty Computation (MPC), Homomorphic Encryption (HE), and their real-world applications.

Speakers

Harshal Shah

Sr. Software Engineer

Sunday April 27, 2025 3:00pm - 3:30pm PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

3:00pm PDT

There and Back Again: Discovering OT Devices Across Protocol Gateways

Sunday April 27, 2025 3:00pm - 3:30pm PDT

AMC Theatre 09

Operational Technology (OT) describes devices that control things in the real world, like factories and generators. This talk discusses the security implications of the convergence of IT and OT, with deep dives into OT protocols and device discovery — even behind legacy protocol gateways.

Speakers

Rob King

Sunday April 27, 2025 3:00pm - 3:30pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

3:15pm PDT

15 Years of BSidesSF: Behind the Scenes AMA

Sunday April 27, 2025 3:15pm - 4:00pm PDT

AMC Theatre 13

After 15 years, we have more than few stories to share. Come hear how we've grown (and survived) from a panel of our most experienced BSidesSF organizing veterans.

Speakers

Reed Loden

Ricky

Organizer, Security Generalist, BSidesSF

Steve

Steve Sekiguchi, a seasoned hacker, information security expert, researcher, and developer, possesses over four decades of experience in the field. His expertise lies in anticipating emerging trends and providing organizations with the requisite knowledge and awareness to safeguard... Read More →

Tania McClain

Senior Account Executive, GuidePoint Security

Over 25 years experience helping clients and partners in IT & IT Security. My passion lies in connecting teams with the right contacts/experts and/or solutions to make everyone's lives easier.When I'm not working, I like to take my RV out, hang out with friends, and listen to live... Read More →

Meghan Manfre

Sunday April 27, 2025 3:15pm - 4:00pm PDT
AMC Theatre 13 AMC at Metreon

Panel

3:15pm PDT

How to Tame Your Dragon: Productionizing Agentic Apps Reliably and Securely

Sunday April 27, 2025 3:15pm - 4:00pm PDT

AMC Theatre 11

Taming dragons is risky—so is deploying agentic apps. Like dragons, they’re unpredictable, with threats like hallucinations, non-determinism, vast input spaces, and attacker prompt injections. We show how open-source tools tame the beast, so you can confidently deploy AI agents in production.

Speakers

Thomas Vissers

Blue41 | KU Leuven

Thomas Vissers specializes in the dynamic intersection of cybersecurity and AI. He packs 10 years of experience in developing and operating production-grade AI security systems. Previously at Cloudflare, he served as an engineering leader for data-driven security products, scaling... Read More →

Tim Van hamme

co-lead Blue41, PostDoc, Blue41, DistriNet, KU Leuven

Tim Van hamme is a computer scientist specialized in AI security and behavioral analysis, leading research at KU Leuven's DistriNet on secure and trustworthy AI adoption. As co-lead of Blue41, he bridges rigorous academic research with industry applications, helping organizations... Read More →

Sunday April 27, 2025 3:15pm - 4:00pm PDT
AMC Theatre 11 AMC at Metreon

Presentation, Deep Dive

3:15pm PDT

Slaying the Dragons: A Security Professional’s Guide to Malicious Packages

Sunday April 27, 2025 3:15pm - 4:00pm PDT

AMC Theatre 06

This session reveals how attackers exploit typosquatting, author impersonation, and innovative malware campaigns to infiltrate software supply chains. Learn practical threat hunting methodologies and gain step-by-step guides to detect, analyze, and defend against these software supply chain dragons.

Speakers

Kirill Boychenko

Sunday April 27, 2025 3:15pm - 4:00pm PDT
AMC Theatre 06 AMC at Metreon

Presentation, Deep Dive

3:45pm PDT

Follow the Trace: How Traditional AppSec Tools Have Failed Us

Sunday April 27, 2025 3:45pm - 4:15pm PDT

AMC Theatre 09

Join the journey of an application data trace as it navigates runtime application security. Follow a trace through an application, uncovering how tools like RASP provide real-time insights, detect threats, and block attacks. Learn how traces enhance security by revealing vulnerabilities in action.

Speakers

Kennedy Toomey

Application Security Researcher & Advocate, Datadog

Kennedy Toomey is an Application Security Researcher & Advocate at Datadog. Previously she was an Application Security Engineer where she spent her time working with developers to help fix vulnerabilities and write more secure code.

Sunday April 27, 2025 3:45pm - 4:15pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

3:45pm PDT

Is Vulnerability Management Dead? A Security Architect’s Survival Guide

Sunday April 27, 2025 3:45pm - 4:15pm PDT

AMC Theatre 07

This session discusses the necessary shift from traditional vulnerability management and explores a security architect's journey in building a robust cloud risk remediation program. We will outline best practices for risk prioritization & triage, navigating IaC & cloud-native mitigating controls.

Speakers

Snir Ben Shimol

CEO | CSO, ZEST Security

Sunday April 27, 2025 3:45pm - 4:15pm PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

3:45pm PDT

Scalably Securing Third-party Dependencies in Heterogeneous Environments

Sunday April 27, 2025 3:45pm - 4:15pm PDT

AMC IMAX

Learn how Anthropic automates dependency security at scale across diverse infrastructure and environments while still letting engineers use the tools and dependencies they need. We'll explore Dependant, our tool to enforce our dependency posture at the network level, and how users interact with it.

Speakers

Ziyad Edher

Software Engineer, Anthropic

Chris Norman

Member of Technical Staff, Anthropic

Sunday April 27, 2025 3:45pm - 4:15pm PDT
AMC IMAX AMC at Metreon

Presentation, General

3:45pm PDT

Shadow IT Battlefield: The CyberHaven Breach and Defenses That Worked

Sunday April 27, 2025 3:45pm - 4:15pm PDT

AMC Theatre 14

Discover how the Cyberhaven breach case exposed critical Shadow IT risks — and the proactive allowlist strategy that minimized business disruption. The proactive controls saved our 40M+ users from being impacted. Gain insights, metrics, and a blueprint for continuous monitoring.

Speakers

Rohit Bansal

Zach Pritchard

Sunday April 27, 2025 3:45pm - 4:15pm PDT
AMC Theatre 14 AMC at Metreon

Presentation, General

4:15pm PDT

The Silent Breach: Security Threats in Google Workspace

Sunday April 27, 2025 4:15pm - 4:45pm PDT

AMC Theatre 06

Google Workspace enables enterprise productivity, but attackers exploit logging gaps to escalate privileges, exfiltrate data, and evade detection. This talk reveals real-world attacks that bypass monitoring and shares techniques to investigate these threats, even without sufficient logs.

Speakers

Rex Guo

Khang Nguyen

Sunday April 27, 2025 4:15pm - 4:45pm PDT
AMC Theatre 06 AMC at Metreon

Presentation, General

4:15pm PDT

Slaying Dragons Together: Multidisciplinary Solutions to Security Issues

Sunday April 27, 2025 4:15pm - 5:00pm PDT

AMC Theatre 13

Tired of facing the same dragons alone? Join MITRE security and strategy experts to explore how collaborative models and teams can help you tackle your biggest challenges, turning individual lessons learned into repeatable community wins. Build a winning battalion and collective battle plan.

Speakers

Stanley Barr

Mary C Yang

Leslie Z Anderson

Innovation and Industry Engagement, MITRE

Sunday April 27, 2025 4:15pm - 5:00pm PDT
AMC Theatre 13 AMC at Metreon

Panel

4:15pm PDT

GenAI Application Security: Not Just Prompt Injection

Sunday April 27, 2025 4:15pm - 5:00pm PDT

AMC Theatre 11

As generative AI adoption grows, its interconnected components — agents, vector databases, and LLMs — introduce complex security risks. This session examines these concerns, offering actionable strategies to secure agent interactions, protect models, and fortify data workflows.

Speakers

Ahmed Abugharbia

Cyberdojo

Sunday April 27, 2025 4:15pm - 5:00pm PDT
AMC Theatre 11 AMC at Metreon

Presentation, Deep Dive

4:30pm PDT

Fireproof Your Castle with Risk-First GRC

Sunday April 27, 2025 4:30pm - 5:00pm PDT

AMC Theatre 07

GRC teams can be more than just gridlock, red tape, and checklists. By prioritizing a risk-first approach, leveraging both quantitative and qualitative methodologies, and adopting principles-based compliance, GRC becomes a proactive force that empowers organizations to effectively combat security.

Speakers

Aakash Yadav

Lindsey Pilver

Sunday April 27, 2025 4:30pm - 5:00pm PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

4:30pm PDT

How to Pull Off a Near Undetectable DDoS Attack (And How to Stop It)

Sunday April 27, 2025 4:30pm - 5:00pm PDT

AMC IMAX

What happens when a bad actor has access to millions of browsers? They can pull off a massive attack.

Speakers

Simon Wijckmans

Sunday April 27, 2025 4:30pm - 5:00pm PDT
AMC IMAX AMC at Metreon

Presentation, General

4:30pm PDT

Round and Around We Go: Interviews, What Do You Know?

Sunday April 27, 2025 4:30pm - 5:00pm PDT

AMC Theatre 09

In this talk, I’ll discuss hiring trends for Security Engineers and Leaders in 2024, covering metrics like time to hire, interview rounds, formats, and rejection trends. Data comes from 30+ placements at 10+ tech startups, mainly in SF, offering insights into the cybersecurity hiring landscape.

Speakers

Erin Barry

Sunday April 27, 2025 4:30pm - 5:00pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

4:30pm PDT

Understanding IRSF Fraud: Protecting Against SMS Exploitation

Sunday April 27, 2025 4:30pm - 5:00pm PDT

AMC Theatre 14

Attackers making money from MY 2FA? It's more likely than you think! SMS is a common 2FA method but creates risk: International Revenue Share Fraud, inflating SMS traffic to siphon revenue. Attendees will learn how to detect and mitigate IRSF with Cloudflare, OpenAI, and Datadog.

Speakers

Vien Van

Gusto

Senthil Sivasubramanian

Eng Leader, Gusto

Sunday April 27, 2025 4:30pm - 5:00pm PDT
AMC Theatre 14 AMC at Metreon

Presentation, General

5:15pm PDT

Closing Remarks

Sunday April 27, 2025 5:15pm - 5:45pm PDT

AMC Theatre 13

Closing Remarks

Sunday April 27, 2025 5:15pm - 5:45pm PDT
AMC Theatre 13 AMC at Metreon