BSidesSF 2025: Full Schedule

11:15am PDT

Enhancing Secret Detection in Cybersecurity with Small LMs

Saturday April 26, 2025 11:15am - 11:45am PDT

Dive into the challenges of LLMs in cybersecurity as we explore the process of fine-tuning an LLM to handle the task of secret detection in code and be efficient enough to run on any laptop.

Can LLMs with low inference times pave the way for new detection methods that were previously overlooked?

Speakers

Danny Lazarev

Erez Harush

Saturday April 26, 2025 11:15am - 11:45am PDT
AMC Theatre 11 AMC at Metreon

Presentation, General

11:15am PDT

Let's Talk About the AI Apocalypse

Saturday April 26, 2025 11:15am - 11:45am PDT

AMC IMAX

What's it look like when someone spends hours fine-tuning llama 3.1 to be the most destructive hacking robot the world has ever seen, with a pure goal of causing damage, with no safeguards? Are we ready for that? Not a pentesting bot with guardrails; a harbinger of chaos, tasked only with spreading.

Speakers

Dylan Ayrey

CEO, TruffleHog

Dylan is the original author of the open source version of TruffleHog, which he built after recognizing just how commonly credentials and other secrets were exposed in Git. Coming most recently from the Netflix security team, Dylan has spoken at a number of popular information security... Read More →

Saturday April 26, 2025 11:15am - 11:45am PDT
AMC IMAX AMC at Metreon

Presentation, General

11:15am PDT

Lex Sleuther - A Novel Approach to Script Language Detection

Saturday April 26, 2025 11:15am - 11:45am PDT

AMC Theatre 09

Join us as we go far off the beaten path in search of strange and exciting methods of script language detection.

File signatures? Nope.
Machine learning? Nah.
Here be dragons, but dragons often guard treasure…

Speakers

Aaron James

Security Researcher, CrowdStrike

Saturday April 26, 2025 11:15am - 11:45am PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

11:15am PDT

The Hidden Access Paths to Smaugs Cavern

Saturday April 26, 2025 11:15am - 11:45am PDT

AMC Theatre 07

In this talk I'll explore hidden access patterns to the "crown jewels", including most-common access patterns, hidden paths, and popular backdoors left by engineers to get their jobs done. We will discuss practical tips to understand access behavior and remediating hidden access paths.

Speakers

Ben Arent

Director of Product, Teleport

Saturday April 26, 2025 11:15am - 11:45am PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

11:15am PDT

How to Train Your Detection Dragon

Saturday April 26, 2025 11:15am - 12:00pm PDT

AMC Theatre 06

Ever wanted to start fresh and train the "detection and response" dragon? Hear my account of how I did this (and hope to continue building!) from scratch with learnings from my professional experience so far!

Speakers

Geet Pradhan

Sr Security Engineer, Lime

Big fan of Aesop’s hand cream.

Saturday April 26, 2025 11:15am - 12:00pm PDT
AMC Theatre 06 AMC at Metreon

Presentation, Deep Dive

11:15am PDT

Inside the Information Stealer Ecosystem: From Compromise to Countermeasure

Saturday April 26, 2025 11:15am - 12:00pm PDT

AMC Theatre 14

Information stealer malware is underestimated by our industry. In this deep-dive, we look into what is captured by them (desktop screenshots, password vaults, browser extensions, MFA bypass material, etc.), cover the Redline takedown, and offer defensive countermeasures, including code and samples.

Speakers

Olivier Bilodeau

Principal Cybersecurity Researcher, Flare

Olivier Bilodeau, a principal researcher at Flare, brings 12+ years of cutting-edge infosec expertise in honeypot operations, binary reverse-engineering, and RDP interception. Passionate communicator, Olivier spoke at conferences like BlackHat, DEFCON, SecTor, Derbycon, and more... Read More →

Saturday April 26, 2025 11:15am - 12:00pm PDT
AMC Theatre 14 AMC at Metreon

Presentation, Deep Dive

12:00pm PDT

Navigating the Unknowns: Fraud Mitigation for Netflix Live Events

Saturday April 26, 2025 12:00pm - 12:30pm PDT

AMC IMAX

As Netflix enters live streaming, fraud prevention stakes rise significantly. This talk offers an insider's view of strategies and challenges in tackling fraud during live events, focusing on preparing for the unpredictable and maintaining robust defenses amidst this unpredictability.

Speakers

Aditi Gupta

Engineering Manager, Netflix

Aditi Gupta is currently leading the Trust Services & Enforcements team within Security Engineering at Netflix, where her team is responsible for mitigating threats such as DDoS, Account Fraud, Games abuse, and Content theft by building and operating scalable systems to automatically... Read More →

Yue Wang

Staff Security Analytics Engineer, Netflix

Yue is a Staff Security Analytics Engineer in the Trust and Safety team at Netflix. Yue is deeply passionate about creating and improving anti-fraud and abuse metrics, along with data analytics. She likes leveraging data to craft and narrate compelling anti-fraud stories. Beyond her... Read More →

Saturday April 26, 2025 12:00pm - 12:30pm PDT
AMC IMAX AMC at Metreon

Presentation, General

12:00pm PDT

One SOC, The Whole SOC, and Nothing But The SOC, So Help Me

Saturday April 26, 2025 12:00pm - 12:30pm PDT

AMC Theatre 07

I’ve been working in security ops for 20 years. Most SOCs struggle because of one big mistake: don’t let this happen to you. I will step you through how to organize a SOC: what should go in it, what should probably stay out, and what your SOC will look like if you get it right.

Speakers

Carson Zimmerman

SOC Nerd, Microsoft

Carson Zimmerman has been working in and around security operations centers (SOCs) for over 20 years. Carson is a Principal Security Operations Engineer at Microsoft, he leads the Solutions Architecture team in Microsoft's SOC, Cyber Defense Operations. He co-authored 11 Strategies... Read More →

Saturday April 26, 2025 12:00pm - 12:30pm PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

12:00pm PDT

Resilience in the Uncharted AI Landscape

Saturday April 26, 2025 12:00pm - 12:30pm PDT

AMC Theatre 11

So you've just battled a dragon: how quickly and effectively can you fight the next one?

We dive into Resilience by Design for an AI chat/search product — based on considerations like disaster recovery, availability, foundational security, etc., while meeting audit/compliance & privacy regulations.

Speakers

Ranita Bhattacharyya

Head of Security GRC and PM, Unity 3D

Ranita has many years of experience leading pivotal teams in the Security Risk Management, Governance / Ops and Certifications / Compliance domains. Today armed with with tangible examples and actionable plans at BSides, Ranita is going over Resilience in AI products, agents and... Read More →

Saturday April 26, 2025 12:00pm - 12:30pm PDT
AMC Theatre 11 AMC at Metreon

Presentation, General

12:00pm PDT

The Art of Cybersecurity Mastery: From Entry-Level to Staff+

Saturday April 26, 2025 12:00pm - 12:30pm PDT

AMC Theatre 09

Are you aspiring to break into cybersecurity or looking to take your career to the next level, but don’t have a mentor to guide you? This talk is for you. We'll dive into practical advice to guide your career journey, based on real-world questions asked by my mentees.

Speakers

Florian Noeding

Principal Security Architect, Adobe

Florian Noeding is a Principal Security Architect at Adobe. As the shift-left strategy lead, he drives proactive application security efforts across the entire enterprise, with a focus on automated code analysis, supply chain security and secure by design. He uses his deep software... Read More →

Saturday April 26, 2025 12:00pm - 12:30pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

1:00pm PDT

Into The Dragon’s Den

Saturday April 26, 2025 1:00pm - 1:45pm PDT

AMC Theatre 06

In this talk, we will take you through our journey of bringing a high-stakes SaaS product to the Chinese market while exploring the challenges faced and sharing what we learned. We will offer insights and practical advice for navigating the unique threats of the Chinese market for a global company.

Speakers

Jacob Salassi

Former director of Product Security at Snowflake. Led Snowflake's pre- & post IPO transformation from a bottlenecked, security engineer centric process that slowed teams down to a developer owned security process that ships features faster and more securely. My teams & I handled security... Read More →

Michele Freschi

Saturday April 26, 2025 1:00pm - 1:45pm PDT
AMC Theatre 06 AMC at Metreon

Presentation, Deep Dive

1:00pm PDT

Light in the Labyrinth: Breach Path Analysis for Anyone

Saturday April 26, 2025 1:00pm - 1:45pm PDT

AMC Theatre 14

Learn to build your own treasure map of how threat actors might move laterally through your company’s assets. We’ll provide a conceptual engineering framework for breach path analysis, recommend no- or low-cost tools, share examples, and release an open-source security graph ontology to learn from.

Speakers

Parker Shelton

Principal Software Engineer, Microsoft

Light In the Labyrinth BSidesSF 2025 pdf

Saturday April 26, 2025 1:00pm - 1:45pm PDT
AMC Theatre 14 AMC at Metreon

Presentation, Deep Dive

1:30pm PDT

Centralizing Egress Access Controls Across a Hybrid Environment at Block

Saturday April 26, 2025 1:30pm - 2:00pm PDT

AMC Theatre 07

Hybrid environments complicate network egress. Learn how Block is centralizing network egress policies to ensure consistent deployment of rules across diverse enforcement endpoints—regardless of type or location—enabling secure, scalable, and streamlined outbound traffic management.

Speakers

Ramesh Ramani

Security Engineer, Block Inc.

Network Security, Kubernetes, Cloud Security, AI, RPG video games!

Saturday April 26, 2025 1:30pm - 2:00pm PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

1:30pm PDT

Charting the SSH Multiverse

Saturday April 26, 2025 1:30pm - 2:00pm PDT

AMC IMAX

The Secure Shell (SSH) is the most commonly exposed dedicated management protocol, second only to HTTP in terms of internet-wide exposure, and it’s had a rocky year. This presentation explores the multitude of SSH implementations, their specific weaknesses, and real-world exposures.

Speakers

HD Moore

Founder, runZero

HD Moore is a pioneer of the cybersecurity industry who has dedicated his career to vulnerability research, network discovery, and software development since the 1990s. He is most recognized for creating Metasploit and is a passionate advocate for open-source software and vulnerability... Read More →

Saturday April 26, 2025 1:30pm - 2:00pm PDT
AMC IMAX AMC at Metreon

Presentation, General

1:30pm PDT

Threat Modeling Meets Model Training: Web App Security Skills for AI

Saturday April 26, 2025 1:30pm - 2:00pm PDT

AMC Theatre 11

New specializations have emerged in this AI-adoring age, but where does that leave security practitioners? Good news: If you know web application security, you can secure AI uses too. This talk examines normal web app security issues relevant to any LLM-based app — and the handful unique to AI.

Speakers

Breanne Boland

Product security engineer - security partner, Gusto

Breanne Boland is a product security engineer with the Security Partnerships team at Gusto. Before moving into security, she was a site reliability engineer and an infrastructure engineer, working in healthcare and govtech. Prior to that, she was a professional writer, and she still... Read More →

Saturday April 26, 2025 1:30pm - 2:00pm PDT
AMC Theatre 11 AMC at Metreon

Presentation, General

1:30pm PDT

WHOIS Your Daddy: Tracking Iranian-backed Cyber Operations with Passive DNS

Saturday April 26, 2025 1:30pm - 2:00pm PDT

AMC Theatre 09

A unique name server linked to Iran-nexus cyber activity reveals a broader set of malicious name servers with potential nation-state ties. Learn how passive DNS data connects a single typosquatting domain to multiple name servers being used for malware distribution.

Speakers

Austin Northcutt

Saturday April 26, 2025 1:30pm - 2:00pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

2:00pm PDT

Hack, Patch, Repeat: Insider Tales from Android’s Bug Bounty

Saturday April 26, 2025 2:00pm - 2:45pm PDT

AMC Theatre 14

What does it take to secure 3 billion users on the world’s leading mobile platform? This session dives into Android security from a holistic perspective.

Speakers

Maria Uretsky

Google

Maria Uretsky is the Tech Lead on the Android Vulnerability Rewards program at Google. Her passion is to break all the things before the bad actors do, to ensure they are kept out. During her 10+ years of software engineering and security work, she has been part of Google Cloud Security... Read More →

Camillus Cai

Google

Camillus plays a key role in the Android Vulnerability Reporting Program at Google, where he investigates security bugs that range from bug bounty submissions to reverse-engineered adversarial exploits. Based in Seattle, his past experience encompasses security engineering, software... Read More →

Saturday April 26, 2025 2:00pm - 2:45pm PDT
AMC Theatre 14 AMC at Metreon

Presentation, Deep Dive

2:00pm PDT

Trace to Triage: How to Connect Product Vulnerabilities to Security Paths

Saturday April 26, 2025 2:00pm - 2:45pm PDT

AMC Theatre 06

AppSec must balance usability and security, but traditional approaches often lead to disjointed efforts—developers patching blindly, detection teams creating incomplete rules, and threat hunters chasing past compromises. This talk uses eBPF to show how tracing brings context for actionable insights.

Speakers

Ben Stav

Saturday April 26, 2025 2:00pm - 2:45pm PDT
AMC Theatre 06 AMC at Metreon

Presentation, Deep Dive

2:15pm PDT

Adventures & Findings in ISP Hacking

Saturday April 26, 2025 2:15pm - 2:45pm PDT

AMC Theatre 09

Network security is important, but what about the networks that serve your network?

In this talk I go over my methodology and findings performing a security audit of some local ISPs. I’ll outline how simple vulnerabilities and configuration mistakes are still making it to these production networks.

Speakers

Ian Foster

Saturday April 26, 2025 2:15pm - 2:45pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

2:15pm PDT

Saturday April 26, 2025 2:15pm - 2:45pm PDT

AMC Theatre 07

Imagine a cybercriminal accessing your network with credentials bought on the dark web — they walk in unnoticed. Attackers aren't breaking in — they're logging in. With 80% of attacks involving stolen credentials, discover how Automated Credential Threat Monitoring (ACT) keeps you ahead of threats.

Speakers

Barath Subramaniam

Sr Product Security AI & Data Engineer, Adobe

Saturday April 26, 2025 2:15pm - 2:45pm PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

2:15pm PDT

One Search To Rule Them All: Threat Modelling AI Search

Saturday April 26, 2025 2:15pm - 2:45pm PDT

AMC Theatre 11

Enterprise AI search tools like Glean and Guru aggregate all your company’s data into a single, easy-to-navigate interface. Think of it as Google, but for juicy, sensitive corporate information. In this session, we’ll explore effective threat modelling and controls when deploying these tools.

Speakers

Kane Narraway

Kane is a technical engineering manager with an unwavering passion for all things IT security. With over a decade of experience in building (and breaking) corporate networks. Kane dabbled in the realms of IT, red teaming and DFIR before going on to lead the enterprise security teams... Read More →

Saturday April 26, 2025 2:15pm - 2:45pm PDT
AMC Theatre 11 AMC at Metreon

Presentation, General

2:15pm PDT

Versus Killnet

Saturday April 26, 2025 2:15pm - 2:45pm PDT

AMC IMAX

The Russian hacktivist group Killnet was a cyber army directed by a few to cause harm. With a checkered history and inconsistent behaviors, deciphering who is behind this group was challenging, but we’ll lift this veil and share a personal story of disrupting and unbalancing Killnet into chaos.

Speakers

Alex Holden

Hold Security

Alex Holden is the founder and CISO of Hold Security, LLC. Under his leadership, Hold Security played a pivotal role in information security and threat intelligence, becoming one of the most recognizable names in its field. Holden is credited with the discovery of many high-profile... Read More →

Saturday April 26, 2025 2:15pm - 2:45pm PDT
AMC IMAX AMC at Metreon

Presentation, General

3:00pm PDT

Decoding GraphQL: How to Map Hidden Vulnerabilities

Saturday April 26, 2025 3:00pm - 3:30pm PDT

AMC Theatre 09

GraphQL APIs offer flexibility and efficiency but often introduce security risks that remain hidden in the shadows. In this session, we’ll share findings from scanning GraphQL APIs, revealing vulnerabilities like schema leaks, brute-force risks, and GraphQL-specific "bomb" attacks.

Speakers

Antoine Carossio

Cofounder & CTO, Escape.tech

Former pentester for the French Intelligence Services.Former Machine Learning Research @ Apple. linkedin.com/in/acarossio/ escape.tech (company) @iCarossio escape.tech (blog... Read More →

Tristan Kalos

Co-founder and CEO, Escape

Tristan Kalos, co-founder and CEO at Escape, draws from a background as a software engineer and Machine Learning Researcher at UC Berkeley. Motivated by firsthand experience witnessing a client's database stolen through an API in 2018, he has since become an expert in API security... Read More →

Saturday April 26, 2025 3:00pm - 3:30pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

3:00pm PDT

Everyday AI: Leveraging LLMs for Simple, Effective Security Automation

Saturday April 26, 2025 3:00pm - 3:30pm PDT

AMC Theatre 11

Anyone can build simple LLM–based tools that streamline security tasks. Join us to learn how, with short prompts and very little code, you can do more with less by automating IAM, threat detection, and vuln management workflows. Get tips and prebuilt, used-in-prod examples to play with on your own.

Speakers

Matthew Sullivan

Dominic Zanardi

Saturday April 26, 2025 3:00pm - 3:30pm PDT
AMC Theatre 11 AMC at Metreon

Presentation, General

3:00pm PDT

From LOL to LOC: LOLBins Are No Laughing Matter

Saturday April 26, 2025 3:00pm - 3:30pm PDT

AMC Theatre 07

LOL - a lot less funny than it sounds - (living off the land) attacks have been around for several years, now it is time for LOC (living off the cloud) attacks. With cloud services becoming a core part of engineering today, it is no wonder attackers see this as a high-value attack vector.

Speakers

Matan Mittelman

Team Leader for Threat Prevention Team, Cato

Matan Mittelman is the team leader for Cato's Threat Prevention team. He's responsible for analyzing, researching and developing protections against emerging threats and CVEs. Matan brings more than seven years of experience leading cyber security teams.

Saturday April 26, 2025 3:00pm - 3:30pm PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

3:00pm PDT

Tracking the World's Dumbest Cyber Mercenaries

Saturday April 26, 2025 3:00pm - 3:30pm PDT

AMC IMAX

For the last 6 years, we have been tracking the activities of the cyber mercenaries Dark Caracal. In this time, we have observed them make hilarious mistakes, which have allowed us to gain insights into their activities and targets, and see just how effective they actually are despite it all.

Speakers

Cooper Quintin

Sr. Staff Technologist, Electronic Frontier Foundation

Cooper is a Senior Security Researcher at the EFF Threat Lab. He has worked on projects such as Privacy Badger, Canary Watch, and analysis of state sponsored malware, IMSI catchers, and other digital attacks on activists, journalists, and human rights defenders. He has also performed... Read More →

Eva Galperin

Director of Cybersecurity, Electronic Frontier Foundation

Eva Galperin is the Director of Cybersecurity at the Electronic Frontier Foundation (EFF) and technical advisor for the Freedom of the Press Foundation. She is noted for her extensive work in protecting global privacy and free speech and for her research on malware and nation-state... Read More →

Saturday April 26, 2025 3:00pm - 3:30pm PDT
AMC IMAX AMC at Metreon

Presentation, General

3:00pm PDT

0.0.0.0 Day: Exploiting Localhost APIs From The Browser

Saturday April 26, 2025 3:00pm - 3:45pm PDT

AMC Theatre 14

While seemingly local, services running on localhost are accessible to the browser using a flaw we found, exposing the ports on the localhost network interface and leaving the floodgates ajar to remote network attacks. This session will dive into the 0.0.0.0 exploit research conducted by the team.

Speakers

Gal Elbaz

Saturday April 26, 2025 3:00pm - 3:45pm PDT
AMC Theatre 14 AMC at Metreon

Presentation, Deep Dive

3:00pm PDT

Data Splicing Attacks: Breaking Enterprise DLP from the Inside Out

Saturday April 26, 2025 3:00pm - 3:45pm PDT

AMC Theatre 06

We uncovered a data exfiltration technique, capable of bypassing all major DLP vendors listed by Gartner. We will dissect the architectural flaws in endpoint and proxy-based DLP, showcase live bypass demos, and launch Angry Magpie, an open-source toolkit for red teams to replicate these attacks.

Speakers

Vivek Ramachandran

Founder, SquareX

Vivek Ramachandran is a security researcher, book author, speaker-trainer, and serial entrepreneur with over two decades of experience in offensive cybersecurity. He is currently the founder of SquareX, building a browser-native security product focused on detecting, mitigating, and threat-hunting web attacks against enterprise users and consumers. Prior to that, he was the founder of Pentester Academy (acquired in 2021), which has trained thousands of customers from governmen... Read More →

Audrey Adeline

Researcher, SquareX

Audrey is currently a security researcher at SquareX and published author of The Browser Security Field Manual. She leads the Year of Browser Bugs (YOBB) project which has disclosed multiple major architectural browser vulnerabilities to date. Key discoveries from YOBB include Polymorphic... Read More →

Saturday April 26, 2025 3:00pm - 3:45pm PDT
AMC Theatre 06 AMC at Metreon

Presentation, Deep Dive

3:45pm PDT

Fake Hires, Real Threats: When Background Checks Aren’t Enough

Saturday April 26, 2025 3:45pm - 4:15pm PDT

AMC Theatre 09

When an outside threat becomes an insider threat, are your hiring practices prepared to catch it? In this session, you’ll learn how to examine the tactics of fraudulent job seekers and how to collaborate with talent teams to secure your hiring pipeline *and* protect your organization.

Speakers

Mabel Soe

Saturday April 26, 2025 3:45pm - 4:15pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

3:45pm PDT

Something’s Phishy: See the Hook Before the Bait

Saturday April 26, 2025 3:45pm - 4:15pm PDT

AMC Theatre 07

If you see a phishing email or domain that’s a public IoC, it’s already too late. Our research team’s approach to threat detection finds more DNS artifacts and adversary infrastructure as they are created and maps intent before it can be weaponized. This session will show how you can do the same.

Speakers

Malachi Walker

Security Advisor, DomainTools

Malachi Walker, DomainTools Security Advisor, has experience in information security, from DNS to crime and conflict in cyberspace to cybersecurity governance and cybersecurity program and design. At DomainTools, he applies this background to help organizations understand the threat... Read More →

Saturday April 26, 2025 3:45pm - 4:15pm PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

3:45pm PDT

Trawling for IOCs: Catching C2 in a Sea of Data

Saturday April 26, 2025 3:45pm - 4:15pm PDT

AMC IMAX

In the vast sea of security data, how do we efficiently find malicious activity and turn it into actionable intelligence? This presentation introduces data-driven detection engineering, showcasing a data-first approach to building detection rules and threat feeds.

Speakers

Moses Schwartz

Google

I'm a security engineer who does a lot of software engineering– or maybe it's the other way around? My team builds rules for Google Security Operations (SecOps) Curated Detections and threat feeds. My Passions: eliminating toil, unit testing, stopping bad guys.

Saturday April 26, 2025 3:45pm - 4:15pm PDT
AMC IMAX AMC at Metreon

Presentation, General

3:45pm PDT

Using AI to Discover Silently Patched Vulnerabilities in Open Source

Saturday April 26, 2025 3:45pm - 4:15pm PDT

AMC Theatre 11

We monitored public changelogs of popular open-source projects to detect unreported security fixes. We found 600+ vulnerabilities, 25% high or critical, with most never being reported. We achieved this by using dual LLM models to monitor change logs and verify the result with our security engineers.

Speakers

Mackenzie Jackson

Saturday April 26, 2025 3:45pm - 4:15pm PDT
AMC Theatre 11 AMC at Metreon

Presentation, General

4:00pm PDT

Decentralized Communications: Deep-Dive into APRS and Meshtastic

Saturday April 26, 2025 4:00pm - 4:45pm PDT

AMC Theatre 06

This talk compares APRS and Meshtastic protocols for decentralized communications, examining their security models, vulnerabilities, and real-world applications. We will explore how these systems handle encryption, authentication, and their attack surface.

Speakers

Ankur Tyagi

Mayuresh Dani

Saturday April 26, 2025 4:00pm - 4:45pm PDT
AMC Theatre 06 AMC at Metreon

Presentation, Deep Dive

4:00pm PDT

Service Mesh Security: Shifting Focus to the Application Layer

Saturday April 26, 2025 4:00pm - 4:45pm PDT

AMC Theatre 14

Discover how Yelp's Infrastructure Security team transformed past challenges and failures into success by shifting authentication and authorization from the infrastructure to the application layer. Learn how this pragmatic approach met all security requirements applicable to Yelp's threat model.

Speakers

Daniel Popescu

Security Group Tech Lead, Yelp

Daniel Popescu is the Group Tech Lead for Security at Yelp where they are responsible for all facets of security. Previously he worked at Microsoft on non-security products, but has maintained a passion for security since his undergrad years at the University of California, Santa... Read More →

Saturday April 26, 2025 4:00pm - 4:45pm PDT
AMC Theatre 14 AMC at Metreon

Presentation, Deep Dive

4:30pm PDT

AI Won’t Help You Here

Saturday April 26, 2025 4:30pm - 5:00pm PDT

AMC Theatre 11

With "AI" advancements, we also experience potential overuse and a deterioration of trust. In this talk, we’ll discuss how AI has been abused (rather than used), challenges deploying AI in specific scenarios, and the different available approaches (hint: not all AI is GenAI) to address problem sets.

Speakers

Ian Amit

CEO, Gomboc.ai

Saturday April 26, 2025 4:30pm - 5:00pm PDT
AMC Theatre 11 AMC at Metreon

Presentation, General

4:30pm PDT

Blank Space: Filling the Gaps in Atomic and Behavioral Cloud-Specific IoCs

Saturday April 26, 2025 4:30pm - 5:00pm PDT

AMC Theatre 07

As cloud adoption grows, attackers exploit its unique attack surface. This talk explores atomic IOCs (e.g. IAM metadata, container IDs) and behavioral IOCs (e.g. API activity), featuring real-world examples like threat actor "Bapak" and insights to enhance cloud detection, hunting, and response.

Speakers

Merav Bar

Gili Tikochinski

Malware Researcher, Wiz

Saturday April 26, 2025 4:30pm - 5:00pm PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

4:30pm PDT

BSidesSF Plays Incident Response

Saturday April 26, 2025 4:30pm - 5:00pm PDT

AMC IMAX

INCIDENT DECLARED! As Incident Commander, team up with your product and privacy leads to navigate the response. Will you launch a forensics investigation? Draft a customer notice? You decide in this choose-your-adventure talk.

Speakers

Maya Kaczorowski

CEO, Oblique

Maya is a founder at Oblique. She is driven to make enterprise security tools that people actually want to use and that genuinely improve security.Maya was previously CPO at Tailscale, building zero trust networking that doesn't suck. Prior to that, she led product for software supply... Read More →

Whitney Merrill

Head of Global Privacy, Cybersecurity Legal, and Regulatory Compliance and the Data Protection Officer

Whitney Merrill is Head of Global Privacy, Cybersecurity Legal, and Regulatory Compliance and the Data Protection Officer at Asana. Previously, she was at a fintech company building their privacy program from scratch. Before that she was Privacy, eCommerce & Consumer Protection Counsel... Read More →

Saturday April 26, 2025 4:30pm - 5:00pm PDT
AMC IMAX AMC at Metreon

Presentation, General

4:30pm PDT

Dragging Out Dragons: Slaying Hidden Threats in Residential Proxies

Saturday April 26, 2025 4:30pm - 5:00pm PDT

AMC Theatre 09

Residential proxies are the weapon of choice for bots bypassing defenses by mimicking legit traffic. This talk unpacks how machine learning can expose and mitigate these threats at scale. Expect actionable insights for improving detections while minimizing false positives.

Speakers

Christo Roberts

Lead Strategic Solutions Engineer, Cloudflare

Saturday April 26, 2025 4:30pm - 5:00pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

5:00pm PDT

Netsec is Dead(?): Modern Network Fingerprinting for Real-World Defense

Saturday April 26, 2025 5:00pm - 5:45pm PDT

AMC Theatre 14

From p0f to MuonFP and JA4+, learn how network fingerprinting evolved. See how each step helps security teams spot malicious traffic, detect scanners, and more. Attendees gain real-world use cases and practical tips to deploy fingerprinting for monitoring and threat hunting.

Speakers

Vlad Iliushin

ELLIO

Saturday April 26, 2025 5:00pm - 5:45pm PDT
AMC Theatre 14 AMC at Metreon

Presentation, Deep Dive

5:15pm PDT

Mind vs Machine: The Role of Human Psychology and AI in Security Culture

Saturday April 26, 2025 5:15pm - 5:45pm PDT

AMC Theatre 11

Security policies must consider human psychological traits for effectiveness. We'll contrast this with security needs for Non-Human Identities and argue that AI has its own "psychological traits" requiring tailored approaches to secure systems against AI-specific threats.

Speakers

Anubha Nagawat

Ashutosh Gupta

Saturday April 26, 2025 5:15pm - 5:45pm PDT
AMC Theatre 11 AMC at Metreon

Presentation, General

5:15pm PDT

Your Intrusion Detection Still Sucks (And What to Do About It)

Saturday April 26, 2025 5:15pm - 5:45pm PDT

AMC Theatre 09

Intrusion detection at scale hasn't improved much in the last decade and I'm here to share hot takes about improving our collective lack of significant progress. I'll discuss some pragmatic concepts that you can implement today, without AI or next-gen vaporware.

Speakers

Jason Craig

Director, D&R, Remitly

Jason is a unicorn enthusiast and enjoys coffee, thrunting, and late apexes. Jason has worked for a few org’s you'd recognize.

Saturday April 26, 2025 5:15pm - 5:45pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

11:15am PDT

Not Every Groundbreaking Idea Needs to Become a Billion-Dollar Startup

Sunday April 27, 2025 11:15am - 11:45am PDT

AMC IMAX

The cybersecurity industry has 5,000+ startups yet many key problems are overlooked for not being "venture scale." This talk explores alternative paths (bootstrapping, Silicon Valley Small Businesses) and why niche markets and smaller ideas can drive impactful solutions without unicorn pressure.

Speakers

Ross Haleliuk

Co-founder, Stealth

Sunday April 27, 2025 11:15am - 11:45am PDT
AMC IMAX AMC at Metreon

Presentation, General

11:15am PDT

The Four Tribes of Security Champions

Sunday April 27, 2025 11:15am - 11:45am PDT

AMC Theatre 07

“The Four Tribes of Security Champions” is a framework to describe successful security champion programs. The tribes include: The Apprentices, The Fan Club, The Learners, and The Sentinels. We’ll explore a benchmarking tool for each tribe to pick which approach is right for you!

Speakers

Marisa Fagan

Head of Product, Katilyst

Marisa Fagan is Head of Product at a “security champions as a service” startup called Katilyst. She works on building security into the SDLC and empowering developers to own secure code. Previously, she has worked as a security culture expert at places like Atlassian, Salesforce... Read More →

Sunday April 27, 2025 11:15am - 11:45am PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

11:15am PDT

The Growing Crisis in CVE Data Quality

Sunday April 27, 2025 11:15am - 11:45am PDT

AMC Theatre 09

Explore the escalating issues in CVE data: inconsistent reporting, low-quality submissions, and outdated info. Learn why these threaten cybersecurity and what solutions can restore trust in this critical database.

Speakers

Jerry Gamblin

Cisco

Sunday April 27, 2025 11:15am - 11:45am PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

11:30am PDT

Don’t Sh*t-Left: How to Actually Shift-Left

Sunday April 27, 2025 11:30am - 12:15pm PDT

AMC Theatre 14

Shift-left sounds great — catch issues early, save time, empower devs — but too often it backfires, creating noise and chaos. Learn from real-world fails, laugh at sh*t-left stories, and discover practical strategies to make shift-left work. Let’s fix AppSec, one bug at a time.

Speakers

Ahmad Sadeddin

CEO, Corgea

Ahmad is the CEO at Corgea. He's a 3x founder with 1 exit. He's been coding since he was 12 and loves building software solutions to solve deep customer problems. In his spare time (very little of), he loves to BBQ and spend time with family and friends.

Sunday April 27, 2025 11:30am - 12:15pm PDT
AMC Theatre 14 AMC at Metreon

Presentation, Deep Dive

11:30am PDT

Effective Handling of Third-Party Supplier Incidents

Sunday April 27, 2025 11:30am - 12:15pm PDT

AMC Theatre 06

Discover efficient incident handling strategies for third-party supplier incidents. Learn the importance of a predefined process and collaboration between risk management and incident response teams. Gain insights into key decision-making considerations and elevate your IR capabilities.

Speakers

Kasturi Puramwar

Information Security Manager, Equinix

Sunday April 27, 2025 11:30am - 12:15pm PDT
AMC Theatre 06 AMC at Metreon

Presentation, Deep Dive

11:30am PDT

When AI Goes Awry: Responding to AI Incidents

Sunday April 27, 2025 11:30am - 12:15pm PDT

AMC Theatre 11

This talk details challenges in incident response for AI systems, including insufficient logging, visibility, and accountability, as well as the risks of data exposure and prompt injection. We examine a case of RAG-enabled LLM and propose triaging strategies and improved IR practices for mitigation.

Speakers

Eoin Wickens

Director of Threat Intelligence, HiddenLayer

Eoin Wickens is the Technical Research Director - Field at HiddenLayer, where he both researches and speaks about security for artificial intelligence and machine learning. He has previously worked in threat research, threat intelligence and malware reverse engineering and has been... Read More →

Marta Janus

Principal Researcher, HiddenLayer

Marta is a Principal Researcher at HiddenLayer, focused on investigating adversarial machine learning attacks and the overall security of AI-based solutions. Prior to HiddenLayer, Marta spent over a decade working as a researcher for leading anti-virus vendors. She has extensive experience... Read More →

Sunday April 27, 2025 11:30am - 12:15pm PDT
AMC Theatre 11 AMC at Metreon

Presentation, Deep Dive

12:00pm PDT

Preparing for Dragons: Don’t Sharpen Swords. Set Traps, Gather Supplies!

Sunday April 27, 2025 12:00pm - 12:30pm PDT

AMC IMAX

Most people aren’t dragon slayers. There are dragon slayers out there, but they’re not us. EDR isn’t a dragon slayer. Neither is the SOC. That’s okay — when the dragon comes, the goal should be *survival,* not going out in a blaze of glory.

Speakers

Adrian Sanabria

Principal Researcher, Defenders Initiative

Adrian is a successful generalist with over two decades of experience hacking, fixing, breaking, building, and teaching in InfoSec. He’s always trying to see the big picture and figure out the best security strategies. Despite all these years in the industry, he is still optimistic... Read More →

Sunday April 27, 2025 12:00pm - 12:30pm PDT
AMC IMAX AMC at Metreon

Presentation, General

12:00pm PDT

The Product Security Imperative: Lessons from CISA

Sunday April 27, 2025 12:00pm - 12:30pm PDT

AMC Theatre 09

Policymakers worldwide have recently taken up product security, making topics like memory safety prominent. In this talk, hear from former CISA Senior Advisor Jack Cable on lessons learned leading CISA's Secure by Design initiative, and what a shift towards product security means for the industry.

Speakers

Jack Cable

CEO & Co-Founder, Corridor

Jack Cable is the CEO and Co-Founder of Corridor. Corridor is the AI-powered Secure by Design platform and is backed by Conviction, Alex Stamos, and Christina Cacioppo. Prior to starting Corridor, Jack served as a Senior Technical Advisor at CISA, where he led the agency’s Secure... Read More →

Sunday April 27, 2025 12:00pm - 12:30pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

12:00pm PDT

Trust Engineering: Building Security Leadership at Early-Stage Startups

Sunday April 27, 2025 12:00pm - 12:30pm PDT

AMC Theatre 07

Being the first security leader at a startup is a wild ride. This talk explores "Trust Engineering," a hands-on approach to earn trust, navigate chaos, and build a security foundation with limited resources. Learn how to handle executive expectations and support fast-paced growth.

Speakers

Mike Privette

Cybersecurity Economist, Return on Security

Mike Privette is a former CISO turned cybersecurity economist and the creator of Return on Security, a weekly market intelligence newsletter read by thousands of cybersecurity leaders, founders, and investors.He previously led security at Passport Labs, served as a Divisional CISO... Read More →

Sunday April 27, 2025 12:00pm - 12:30pm PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

1:15pm PDT

AI's Bitter Lesson for SOCs: Let Machines Be Machines

Sunday April 27, 2025 1:15pm - 2:00pm PDT

AMC Theatre 11

We've been forcing AI to imitate human analyst workflows, but what if that's holding both machines and humans back? Through real-world experiments at Anthropic, we'll show how letting AI tackle security problems its own way can allow humans to focus on the nuanced work machines can't do (yet).

Speakers

Jackie Bow

Technical Staff, Anthropic

A Jackie-of-all- trades, master of some, Jackie seems to be physically unable to stop returning to threat detection and response. Her 15 years in the industry have been spent across multiple disciplines including malware analysis, reverse engineering, infrastructure and product security... Read More →

Peter Sanford

Sunday April 27, 2025 1:15pm - 2:00pm PDT
AMC Theatre 11 AMC at Metreon

Presentation, Deep Dive

1:15pm PDT

Confidential Computing: Protecting Customer Data in the Cloud

Sunday April 27, 2025 1:15pm - 2:00pm PDT

AMC Theatre 14

Ever wonder how your data is really handled in the cloud? Confidential Computing gives you an answer by isolating your data and cryptographically proving what code was run. This talk dives into the hardware and software behind Confidential Computing, and how to ship it in real-world cases.

Speakers

Jordan Mecom

Sunday April 27, 2025 1:15pm - 2:00pm PDT
AMC Theatre 14 AMC at Metreon

Presentation, Deep Dive

1:15pm PDT

CyberCAN: A Roadmap for Municipal Support of Nonprofit Cybersecurity in SF

Sunday April 27, 2025 1:15pm - 2:00pm PDT

AMC Theatre 06

UC Berkeley studied 68 San Francisco nonprofits to assess their cybersecurity needs, resources, and adoption of protective controls. Our findings include actionable recommendations for the City of San Francisco to improve support for nonprofits and boost resilience against growing cyber threats.

Speakers

Sarah Powazek

UC Berkeley CLTC

Sarah Powazek is the Program Director of Public Interest Cybersecurity at the UC Berkeley Center for Long-Term Cybersecurity (CLTC), where she leads flagship policy and research work to help under-resourced public interest organizations improve their defenses. Sarah co-leads the Consortium... Read More →

Shannon Pierson

Senior Fellow of Public Interest Cybersecurity, UC Berkeley Center for Long-Term Cybersecurity

Shannon Pierson is a senior fellow of Public Interest Cybersecurity at the UC Berkeley Center for Long-Term Cybersecurity (CLTC), where she leads research initiatives focused on strengthening the cybersecurity of organizations that often fall through the cracks of cyber defense—namely... Read More →

Sunday April 27, 2025 1:15pm - 2:00pm PDT
AMC Theatre 06 AMC at Metreon

Presentation, Deep Dive

1:30pm PDT

Iron-Clad PKI: Crypto Agility for the Quantum Era

Sunday April 27, 2025 1:30pm - 2:00pm PDT

AMC Theatre 07

Quantum computing is breaking RSA/ECC; your PKI is at risk! Learn strategies to align with NIST PQC standards and secure your cryptographic resilience for the post-quantum era.

Speakers

Prasanth Sundararajan

Head of Product Security, Appviewx Inc

Sunday April 27, 2025 1:30pm - 2:00pm PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

1:30pm PDT

Lessons from Running a Product Security-Focused Cybersecurity Clinic

Sunday April 27, 2025 1:30pm - 2:00pm PDT

AMC Theatre 09

We established Stanford's product security clinic in 2023 to help community organizations secure the software services they offer, diverging from traditional university cybersecurity clinics that focus on corporate security. Here's what we learned from our first two years of operation.

Speakers

Aditya Saligrama

Joey Holtzman

Sunday April 27, 2025 1:30pm - 2:00pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

1:30pm PDT

The Power of Persuasion: Better Security Through... Manipulation?

Sunday April 27, 2025 1:30pm - 2:00pm PDT

AMC IMAX

Security’s weakest link comes with ten fingers, ten toes and an uncanny ability to find ways past your thoughtfully implemented controls. Learn well-tested psychology principles that drive positive security outcomes. From social proof to reciprocity, small changes in approach bring outsized results.

Speakers

Nate Lee

Sunday April 27, 2025 1:30pm - 2:00pm PDT
AMC IMAX AMC at Metreon

Presentation, General

2:15pm PDT

Don't Trust, Verify! - How I Found a CSRF Bug Hiding in Plain Sight

Sunday April 27, 2025 2:15pm - 2:45pm PDT

AMC Theatre 14

This talk explores the discovery of a long-standing CSRF (Cross-Site Request Forgery) vulnerability in the popular gorilla/csrf Go library. The goal is to encourage the audience to perform vulnerability research experiments in their own commonly used tools.

Speakers

Patrick O'Doherty

Member of Technical Staff, Tailscale

Sunday April 27, 2025 2:15pm - 2:45pm PDT
AMC Theatre 14 AMC at Metreon

Presentation, General

2:15pm PDT

Mapping the SaaS Attack Surface

Sunday April 27, 2025 2:15pm - 2:45pm PDT

AMC Theatre 07

In this presentation, attendees will be introduced to the concept of SaaS attack surface mapping. We will conduct an analysis of current techniques while also unveiling novel approaches that have not been previously disclosed. We will release an open-source tool designed to implement this.

Speakers

Jaime Blasco

Cofounder / CTO, Nudge Security

Jaime Blasco is known for his security research and efforts to enable more collaborative threat-intelligence sharing. He is CTO and co-founder of Nudge Security. Using a patented, network-less approach to SaaS discovery and governance, Nudge Security drives meaningful behavioral change that strengthens SaaS security postures without disrupting the pace of work. Previously, he led the threat intelligence and data science unit at AT&T Alien Labs. Pr... Read More →

Sunday April 27, 2025 2:15pm - 2:45pm PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

2:15pm PDT

Radical Results: A Security Org's Version of Radical Candor

Sunday April 27, 2025 2:15pm - 2:45pm PDT

AMC IMAX

Security practitioners are put in tough positions whether you're new to security or an experienced CISO. Based on "Radical Candor", you'll leave this talk with new perspective on the way security teams are perceived by their peers and how to optimize the good and minimize the unavoidable bad.

Speakers

Evan Johnson

CEO, RunReveal

Sunday April 27, 2025 2:15pm - 2:45pm PDT
AMC IMAX AMC at Metreon

Presentation, General

2:15pm PDT

Third-party Risk Management: SOC 2s, Security Questionnaires, and Psychosis

Sunday April 27, 2025 2:15pm - 2:45pm PDT

AMC Theatre 09

Condemning “check-box” vendor risk management and security questionnaires is a hot talking point nowadays. This talk will discuss the related but distinct problems in the TPRM space and offer practical, creative solutions to help deliver high-value outcomes via third-party risk management.

Speakers

Eleanor Mount

Security Risk and Compliance Manager, Asana

Eleanor is a Security Risk and Compliance Manager at Asana, where she has helped build and scale GRC programs from the ground up, including risk management, customer trust, and the implementation of new security compliance frameworks. Prior to Asana, she worked in the health technology... Read More →

Sunday April 27, 2025 2:15pm - 2:45pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

2:15pm PDT

Compliance Without the Chaos: Building It Right Into Your DevOps Pipeline

Sunday April 27, 2025 2:15pm - 3:00pm PDT

AMC Theatre 06

Compliance often feels like the party crasher in the DevOps world- unwanted, and slowing everyone down. But what if compliance could be an insider, seamlessly fitting into your CI/CD pipeline without breaking a sweat? In this talk, we’ll tackle the age-old battle between engineers and compliance.

Speakers

Varun Gurnaney

Staff Security Engineer, GRC Engineering

Security Engineer in of San Francisco. Previously held security roles at Robinhood, Zendesk and EY. I didn’t watch the eclipse

Sunday April 27, 2025 2:15pm - 3:00pm PDT
AMC Theatre 06 AMC at Metreon

Presentation, Deep Dive

2:15pm PDT

Securing AI Agents: Exploring Critical Threats and Exploitation Techniques

Sunday April 27, 2025 2:15pm - 3:00pm PDT

AMC Theatre 11

Our talk will focus on securing autonomous AI agents by addressing their unique threats. We will dive into threat modeling of real-world autonomous AI systems, model poisoning attacks with hacking demos, and then explore advanced prompt injection techniques and mitigation strategies.

Speakers

Naveen Konrajankuppam Mahavishnu

Mohankumar Vengatachalam

Sunday April 27, 2025 2:15pm - 3:00pm PDT
AMC Theatre 11 AMC at Metreon

Presentation, Deep Dive

3:00pm PDT

A Deep Dive into the Triad Nexus Pig Butchering & Money Laundering Network

Sunday April 27, 2025 3:00pm - 3:30pm PDT

AMC IMAX

The presentation will cover research into pig butchering scams connected to FUNNULL CDN-hosted money laundering, retail phishing campaigns targeting luxury brands, and more. Technical analysis steps will be provided and explained in-depth as we cover this threat which we have dubbed “Triad Nexus."

Speakers

Zach Edwards

Sunday April 27, 2025 3:00pm - 3:30pm PDT
AMC IMAX AMC at Metreon

Presentation, General

3:00pm PDT

Care and Feeding of HSMs: Key Management in Hard Mode

Sunday April 27, 2025 3:00pm - 3:30pm PDT

AMC Theatre 14

Cryptography's dirty secret: your security is only as strong as your key management. Dive into the treacherous world of HSMs, which promise salvation but deliver operational nightmares and hidden costs. HSMs: not for the faint of heart!

Speakers

Nick Pelis

Security Engineering Manager, Verkada

Sunday April 27, 2025 3:00pm - 3:30pm PDT
AMC Theatre 14 AMC at Metreon

Presentation, General

3:00pm PDT

Intro to Privacy-Enhancing Technologies (PETs)

Sunday April 27, 2025 3:00pm - 3:30pm PDT

AMC Theatre 07

Privacy-Enhancing Technologies (PETs) are transforming data handling by ensuring privacy and security throughout the data lifecycle. This talk explores the latest advancements in PETs, focusing on Secure Multiparty Computation (MPC), Homomorphic Encryption (HE), and their real-world applications.

Speakers

Harshal Shah

Sr. Software Engineer, Visa Research

Sunday April 27, 2025 3:00pm - 3:30pm PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

3:00pm PDT

There and Back Again: Discovering OT Devices Across Protocol Gateways

Sunday April 27, 2025 3:00pm - 3:30pm PDT

AMC Theatre 09

Operational Technology (OT) describes devices that control things in the real world, like factories and generators. This talk discusses the security implications of the convergence of IT and OT, with deep dives into OT protocols and device discovery — even behind legacy protocol gateways.

Speakers

Rob King

Sunday April 27, 2025 3:00pm - 3:30pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

3:15pm PDT

How to Tame Your Dragon: Productionizing Agentic Apps Reliably and Securely

Sunday April 27, 2025 3:15pm - 4:00pm PDT

AMC Theatre 11

Taming dragons is risky—so is deploying agentic apps. Like dragons, they’re unpredictable, with threats like hallucinations, non-determinism, vast input spaces, and attacker prompt injections. We show how open-source tools tame the beast, so you can confidently deploy AI agents in production.

Speakers

Thomas Vissers

Blue41 | KU Leuven

Thomas Vissers specializes in the dynamic intersection of cybersecurity and AI. He packs 10 years of experience in developing and operating production-grade AI security systems. Previously at Cloudflare, he served as an engineering leader for data-driven security products, scaling... Read More →

Tim Van hamme

co-lead Blue41, PostDoc, Blue41, DistriNet, KU Leuven

Tim Van hamme is a computer scientist specialized in AI security and behavioral analysis, leading research at KU Leuven's DistriNet on secure and trustworthy AI adoption. As co-lead of Blue41, he bridges rigorous academic research with industry applications, helping organizations... Read More →

Sunday April 27, 2025 3:15pm - 4:00pm PDT
AMC Theatre 11 AMC at Metreon

Presentation, Deep Dive

3:15pm PDT

Slaying the Dragons: A Security Professional’s Guide to Malicious Packages

Sunday April 27, 2025 3:15pm - 4:00pm PDT

AMC Theatre 06

This session reveals how attackers exploit typosquatting, author impersonation, and innovative malware campaigns to infiltrate software supply chains. Learn practical threat hunting methodologies and gain step-by-step guides to detect, analyze, and defend against these software supply chain dragons.

Speakers

Kirill Boychenko

Sunday April 27, 2025 3:15pm - 4:00pm PDT
AMC Theatre 06 AMC at Metreon

Presentation, Deep Dive

3:45pm PDT

Follow the Trace: How Traditional AppSec Tools Have Failed Us

Sunday April 27, 2025 3:45pm - 4:15pm PDT

AMC Theatre 09

Join the journey of an application data trace as it navigates runtime application security. Follow a trace through an application, uncovering how tools like RASP provide real-time insights, detect threats, and block attacks. Learn how traces enhance security by revealing vulnerabilities in action.

Speakers

Kennedy Toomey

Application Security Researcher & Advocate, Datadog

Kennedy Toomey is an Application Security Researcher & Advocate at Datadog. Previously she was an Application Security Engineer where she spent her time working with developers to help fix vulnerabilities and write more secure code.

Sunday April 27, 2025 3:45pm - 4:15pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

3:45pm PDT

Is Vulnerability Management Dead? A Security Architect’s Survival Guide

Sunday April 27, 2025 3:45pm - 4:15pm PDT

AMC Theatre 07

This session discusses the necessary shift from traditional vulnerability management and explores a security architect's journey in building a robust cloud risk remediation program. We will outline best practices for risk prioritization & triage, navigating IaC & cloud-native mitigating controls.

Speakers

Snir Ben Shimol

CEO | CSO, ZEST Security

Sunday April 27, 2025 3:45pm - 4:15pm PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

3:45pm PDT

Scalably Securing Third-party Dependencies in Heterogeneous Environments

Sunday April 27, 2025 3:45pm - 4:15pm PDT

AMC IMAX

Learn how Anthropic automates dependency security at scale across diverse infrastructure and environments while still letting engineers use the tools and dependencies they need. We'll explore Dependant, our tool to enforce our dependency posture at the network level, and how users interact with it.

Speakers

Ziyad Edher

Software Engineer, Anthropic

Chris Norman

Member of Technical Staff, Anthropic

Sunday April 27, 2025 3:45pm - 4:15pm PDT
AMC IMAX AMC at Metreon

Presentation, General

3:45pm PDT

Shadow IT Battlefield: The CyberHaven Breach and Defenses That Worked

Sunday April 27, 2025 3:45pm - 4:15pm PDT

AMC Theatre 14

Discover how the Cyberhaven breach case exposed critical Shadow IT risks — and the proactive allowlist strategy that minimized business disruption. The proactive controls saved our 40M+ users from being impacted. Gain insights, metrics, and a blueprint for continuous monitoring.

Speakers

Rohit Bansal

Zach Pritchard

Sunday April 27, 2025 3:45pm - 4:15pm PDT
AMC Theatre 14 AMC at Metreon

Presentation, General

4:15pm PDT

The Silent Breach: Security Threats in Google Workspace

Sunday April 27, 2025 4:15pm - 4:45pm PDT

AMC Theatre 06

Google Workspace enables enterprise productivity, but attackers exploit logging gaps to escalate privileges, exfiltrate data, and evade detection. This talk reveals real-world attacks that bypass monitoring and shares techniques to investigate these threats, even without sufficient logs.

Speakers

Rex Guo

Khang Nguyen

Sunday April 27, 2025 4:15pm - 4:45pm PDT
AMC Theatre 06 AMC at Metreon

Presentation, General

4:15pm PDT

GenAI Application Security: Not Just Prompt Injection

Sunday April 27, 2025 4:15pm - 5:00pm PDT

AMC Theatre 11

As generative AI adoption grows, its interconnected components — agents, vector databases, and LLMs — introduce complex security risks. This session examines these concerns, offering actionable strategies to secure agent interactions, protect models, and fortify data workflows.

Speakers

Ahmed Abugharbia

Cyberdojo

Sunday April 27, 2025 4:15pm - 5:00pm PDT
AMC Theatre 11 AMC at Metreon

Presentation, Deep Dive

4:30pm PDT

Fireproof Your Castle with Risk-First GRC

Sunday April 27, 2025 4:30pm - 5:00pm PDT

AMC Theatre 07

GRC teams can be more than just gridlock, red tape, and checklists. By prioritizing a risk-first approach, leveraging both quantitative and qualitative methodologies, and adopting principles-based compliance, GRC becomes a proactive force that empowers organizations to effectively combat security.

Speakers

Aakash Yadav

Lindsey Pilver

Sunday April 27, 2025 4:30pm - 5:00pm PDT
AMC Theatre 07 AMC at Metreon

Presentation, General

4:30pm PDT

How to Pull Off a Near Undetectable DDoS Attack (And How to Stop It)

Sunday April 27, 2025 4:30pm - 5:00pm PDT

AMC IMAX

What happens when a bad actor has access to millions of browsers? They can pull off a massive attack.

Speakers

Simon Wijckmans

Sunday April 27, 2025 4:30pm - 5:00pm PDT
AMC IMAX AMC at Metreon

Presentation, General

4:30pm PDT

Round and Around We Go: Interviews, What Do You Know?

Sunday April 27, 2025 4:30pm - 5:00pm PDT

AMC Theatre 09

In this talk, I’ll discuss hiring trends for Security Engineers and Leaders in 2024, covering metrics like time to hire, interview rounds, formats, and rejection trends. Data comes from 30+ placements at 10+ tech startups, mainly in SF, offering insights into the cybersecurity hiring landscape.

Speakers

Erin Barry

Sunday April 27, 2025 4:30pm - 5:00pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

4:30pm PDT

Understanding IRSF Fraud: Protecting Against SMS Exploitation

Sunday April 27, 2025 4:30pm - 5:00pm PDT

AMC Theatre 14

Attackers making money from MY 2FA? It's more likely than you think! SMS is a common 2FA method but creates risk: International Revenue Share Fraud, inflating SMS traffic to siphon revenue. Attendees will learn how to detect and mitigate IRSF with Cloudflare, OpenAI, and Datadog.

Speakers

Vien Van

Gusto

Senthil Sivasubramanian

Eng Leader, Gusto

Sunday April 27, 2025 4:30pm - 5:00pm PDT
AMC Theatre 14 AMC at Metreon

Presentation, General