BSidesSF 2025: Full Schedule

11:15am PDT

Lex Sleuther - A Novel Approach to Script Language Detection

Saturday April 26, 2025 11:15am - 11:45am PDT

Join us as we go far off the beaten path in search of strange and exciting methods of script language detection.

File signatures? Nope.
Machine learning? Nah.
Here be dragons, but dragons often guard treasure…

Speakers

Aaron James

Security Researcher, CrowdStrike

Saturday April 26, 2025 11:15am - 11:45am PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

12:00pm PDT

The Art of Cybersecurity Mastery: From Entry-Level to Staff+

Saturday April 26, 2025 12:00pm - 12:30pm PDT

AMC Theatre 09

Are you aspiring to break into cybersecurity or looking to take your career to the next level, but don’t have a mentor to guide you? This talk is for you. We'll dive into practical advice to guide your career journey, based on real-world questions asked by my mentees.

Speakers

Florian Noeding

Principal Security Architect, Adobe

Florian Noeding is a Principal Security Architect at Adobe. As the shift-left strategy lead, he drives proactive application security efforts across the entire enterprise, with a focus on automated code analysis, supply chain security and secure by design. He uses his deep software... Read More →

Saturday April 26, 2025 12:00pm - 12:30pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

1:30pm PDT

WHOIS Your Daddy: Tracking Iranian-backed Cyber Operations with Passive DNS

Saturday April 26, 2025 1:30pm - 2:00pm PDT

AMC Theatre 09

A unique name server linked to Iran-nexus cyber activity reveals a broader set of malicious name servers with potential nation-state ties. Learn how passive DNS data connects a single typosquatting domain to multiple name servers being used for malware distribution.

Speakers

Austin Northcutt

Saturday April 26, 2025 1:30pm - 2:00pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

2:15pm PDT

Adventures & Findings in ISP Hacking

Saturday April 26, 2025 2:15pm - 2:45pm PDT

AMC Theatre 09

Network security is important, but what about the networks that serve your network?

In this talk I go over my methodology and findings performing a security audit of some local ISPs. I’ll outline how simple vulnerabilities and configuration mistakes are still making it to these production networks.

Speakers

Ian Foster

Saturday April 26, 2025 2:15pm - 2:45pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

3:00pm PDT

Decoding GraphQL: How to Map Hidden Vulnerabilities

Saturday April 26, 2025 3:00pm - 3:30pm PDT

AMC Theatre 09

GraphQL APIs offer flexibility and efficiency but often introduce security risks that remain hidden in the shadows. In this session, we’ll share findings from scanning GraphQL APIs, revealing vulnerabilities like schema leaks, brute-force risks, and GraphQL-specific "bomb" attacks.

Speakers

Antoine Carossio

Cofounder & CTO, Escape.tech

Former pentester for the French Intelligence Services.Former Machine Learning Research @ Apple. linkedin.com/in/acarossio/ escape.tech (company) @iCarossio escape.tech (blog... Read More →

Tristan Kalos

Co-founder and CEO, Escape

Tristan Kalos, co-founder and CEO at Escape, draws from a background as a software engineer and Machine Learning Researcher at UC Berkeley. Motivated by firsthand experience witnessing a client's database stolen through an API in 2018, he has since become an expert in API security... Read More →

Saturday April 26, 2025 3:00pm - 3:30pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

3:45pm PDT

Fake Hires, Real Threats: When Background Checks Aren’t Enough

Saturday April 26, 2025 3:45pm - 4:15pm PDT

AMC Theatre 09

When an outside threat becomes an insider threat, are your hiring practices prepared to catch it? In this session, you’ll learn how to examine the tactics of fraudulent job seekers and how to collaborate with talent teams to secure your hiring pipeline *and* protect your organization.

Speakers

Mabel Soe

Saturday April 26, 2025 3:45pm - 4:15pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

4:30pm PDT

Dragging Out Dragons: Slaying Hidden Threats in Residential Proxies

Saturday April 26, 2025 4:30pm - 5:00pm PDT

AMC Theatre 09

Residential proxies are the weapon of choice for bots bypassing defenses by mimicking legit traffic. This talk unpacks how machine learning can expose and mitigate these threats at scale. Expect actionable insights for improving detections while minimizing false positives.

Speakers

Christo Roberts

Lead Strategic Solutions Engineer, Cloudflare

Saturday April 26, 2025 4:30pm - 5:00pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

5:15pm PDT

Your Intrusion Detection Still Sucks (And What to Do About It)

Saturday April 26, 2025 5:15pm - 5:45pm PDT

AMC Theatre 09

Intrusion detection at scale hasn't improved much in the last decade and I'm here to share hot takes about improving our collective lack of significant progress. I'll discuss some pragmatic concepts that you can implement today, without AI or next-gen vaporware.

Speakers

Jason Craig

Director, D&R, Remitly

Jason is a unicorn enthusiast and enjoys coffee, thrunting, and late apexes. Jason has worked for a few org’s you'd recognize.

Saturday April 26, 2025 5:15pm - 5:45pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

11:15am PDT

The Growing Crisis in CVE Data Quality

Sunday April 27, 2025 11:15am - 11:45am PDT

AMC Theatre 09

Explore the escalating issues in CVE data: inconsistent reporting, low-quality submissions, and outdated info. Learn why these threaten cybersecurity and what solutions can restore trust in this critical database.

Speakers

Jerry Gamblin

Cisco

Sunday April 27, 2025 11:15am - 11:45am PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

12:00pm PDT

The Product Security Imperative: Lessons from CISA

Sunday April 27, 2025 12:00pm - 12:30pm PDT

AMC Theatre 09

Policymakers worldwide have recently taken up product security, making topics like memory safety prominent. In this talk, hear from former CISA Senior Advisor Jack Cable on lessons learned leading CISA's Secure by Design initiative, and what a shift towards product security means for the industry.

Speakers

Jack Cable

CEO & Co-Founder, Corridor

Jack Cable is the CEO and Co-Founder of Corridor. Corridor is the AI-powered Secure by Design platform and is backed by Conviction, Alex Stamos, and Christina Cacioppo. Prior to starting Corridor, Jack served as a Senior Technical Advisor at CISA, where he led the agency’s Secure... Read More →

Sunday April 27, 2025 12:00pm - 12:30pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

1:30pm PDT

Lessons from Running a Product Security-Focused Cybersecurity Clinic

Sunday April 27, 2025 1:30pm - 2:00pm PDT

AMC Theatre 09

We established Stanford's product security clinic in 2023 to help community organizations secure the software services they offer, diverging from traditional university cybersecurity clinics that focus on corporate security. Here's what we learned from our first two years of operation.

Speakers

Aditya Saligrama

Joey Holtzman

Sunday April 27, 2025 1:30pm - 2:00pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

2:15pm PDT

Third-party Risk Management: SOC 2s, Security Questionnaires, and Psychosis

Sunday April 27, 2025 2:15pm - 2:45pm PDT

AMC Theatre 09

Condemning “check-box” vendor risk management and security questionnaires is a hot talking point nowadays. This talk will discuss the related but distinct problems in the TPRM space and offer practical, creative solutions to help deliver high-value outcomes via third-party risk management.

Speakers

Eleanor Mount

Security Risk and Compliance Manager, Asana

Eleanor is a Security Risk and Compliance Manager at Asana, where she has helped build and scale GRC programs from the ground up, including risk management, customer trust, and the implementation of new security compliance frameworks. Prior to Asana, she worked in the health technology... Read More →

Sunday April 27, 2025 2:15pm - 2:45pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

3:00pm PDT

There and Back Again: Discovering OT Devices Across Protocol Gateways

Sunday April 27, 2025 3:00pm - 3:30pm PDT

AMC Theatre 09

Operational Technology (OT) describes devices that control things in the real world, like factories and generators. This talk discusses the security implications of the convergence of IT and OT, with deep dives into OT protocols and device discovery — even behind legacy protocol gateways.

Speakers

Rob King

Sunday April 27, 2025 3:00pm - 3:30pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

3:45pm PDT

Follow the Trace: How Traditional AppSec Tools Have Failed Us

Sunday April 27, 2025 3:45pm - 4:15pm PDT

AMC Theatre 09

Join the journey of an application data trace as it navigates runtime application security. Follow a trace through an application, uncovering how tools like RASP provide real-time insights, detect threats, and block attacks. Learn how traces enhance security by revealing vulnerabilities in action.

Speakers

Kennedy Toomey

Application Security Researcher & Advocate, Datadog

Kennedy Toomey is an Application Security Researcher & Advocate at Datadog. Previously she was an Application Security Engineer where she spent her time working with developers to help fix vulnerabilities and write more secure code.

Sunday April 27, 2025 3:45pm - 4:15pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General

4:30pm PDT

Round and Around We Go: Interviews, What Do You Know?

Sunday April 27, 2025 4:30pm - 5:00pm PDT

AMC Theatre 09

In this talk, I’ll discuss hiring trends for Security Engineers and Leaders in 2024, covering metrics like time to hire, interview rounds, formats, and rejection trends. Data comes from 30+ placements at 10+ tech startups, mainly in SF, offering insights into the cybersecurity hiring landscape.

Speakers

Erin Barry

Sunday April 27, 2025 4:30pm - 5:00pm PDT
AMC Theatre 09 AMC at Metreon

Presentation, General