Blue Team Con 2026

arrow_back View All Dates

10:30am CDT

400 Detections, Zero Alerts: Why your Detection Program is flying blind Swissôtel ChicagoTyler Casey Active Directory Post-Mortem: Assumptions vs Reality Swissôtel ChicagoDavid Horak AI Failures in IR: A Field Guide to Filling the Gaps Swissôtel ChicagoAlex Thomson AI-Assisted IR Without the Lies: A Browser Forensics Case Study Swissôtel ChicagoKyle Henson • Aaron Hau Beyond the SIEM: Critical Governance and Architecture Decisions for Modern SOCs Swissôtel ChicagoBart Stump, \"Stumper\" • Jeremy Croghan Building the Human Firewall: Why Security Awareness Must Precede the Workplace Swissôtel ChicagoNousheen Begum CISA’s Menu for Vulnerability Management Swissôtel ChicagoJustin Murphy • Julia Turkevich Containers Don't Lie. But Your Security Tooling Might Be Missing What They're Saying Swissôtel ChicagoAdvait Patel Defending the Hypervisor: Using Offensive Tooling to Validate vSphere Security Swissôtel ChicagoDarryl Baker, DFIRDeferred email.telemetry.normalized: Detection Engineering Beyond the Inbox in Healthcare Swissôtel ChicagoAkash Parasumanna Sridhar Entra the Dragon: Entra ID Red vs Blue Swissôtel ChicagoSean Metcalf Finding SOCKS with ProxyWatch Swissôtel ChicagoBrian Reitz • John Wotton Fortress in a Box: Enterprise-Grade Kubernetes Security for the Organizations That Can't Afford It Swissôtel ChicagoJosé Lorenzana From Compliance to Covert Ops: Demystifying the Offensive Security Landscape Swissôtel ChicagoSandun Bambarandage From Hours to Minutes With StealerLens: LLM-Accelerated Infostealer IR for Overwhelmed SOCs Swissôtel ChicagoOlivier Bilodeau Game of Cones: Why Your Crisis Plan Shouldnt Melt Under Pressure Swissôtel ChicagoRichard Suls It Started with an Employee. It Ended Inside Your AI: The Exposure Chain You Need to Understand Swissôtel ChicagoDerick Johnson It Wasn’t Spoofed: Investigating Authenticated Email Abuse in Real Environments Swissôtel ChicagoKelsey O'Connell, w0mbat Life After Tier 1: Rebuilding the SOC When Triage Is Outsourced Swissôtel ChicagoStuart Fairchild MDR: From Vendor Shortlist to Security Partnership Swissôtel ChicagoAlan Simpson Paving the Road for AI-Driven Security Teams Swissôtel ChicagoJoakim Pedersen • Britton Hayes Secrets That Survive Everything: The Shift-Right Runtime Gap Left Unguarded Swissôtel ChicagoHemanth Gorijala Security vs Product: A Professional Identity Crisis Swissôtel ChicagoAmanda Berlin, Infosystir Slaying the Sprawl: A Hero’s Guide to Building (or Re-Forging) a Cloud Security Program Without a 20-Person Guild Swissôtel ChicagoSteve Turner Strength in Diversity: Building an Inclusive Cybersecurity Workforce Swissôtel ChicagoRick Hudson Superposition, not Superstition Swissôtel ChicagoJohnny Xmas Teaching AI to Analyze Malware: How to Encode Practitioner Expertise into an MCP Server Swissôtel ChicagoLenny Zeltser The Contextualization Gap: Why Your SOC Has the Data But Not the Story Swissôtel ChicagoCyrus Walker The Decision Engine: How to Rebuild Security Operations for an AI-Accelerated Threat Environment Swissôtel ChicagoRen Fellows The End is Just the Beginning of Better Security: Enhancing Vulnerability Management with OpenEoX Swissôtel ChicagoJustin Murphy The Only Way to Win Is by Learning: Deception Design, Read Through a Comedy Game Show Swissôtel ChicagoDylan Shroll The Second Front: Detecting LOTL Off the Endpoint Swissôtel ChicagoMark Orlando Threat Intelligence at the Speed of Cyber Defense Swissôtel ChicagoJoe Slowik Trusted, But Dangerous: Identity Abuse Through First-Party Apps in Entra Swissôtel ChicagoJon Haas Using Pentest Findings to Improve Detections Swissôtel ChicagoAshley Knowles Vibe Check: Scaling AppSec in an AI-Driven World Swissôtel ChicagoCory Roop Vulnerability Management: The Leadership Playbook Swissôtel ChicagoLenny Zeltser When the Package Is the Weapon: Detecting and Responding to npm Supply Chain Intrusions Swissôtel ChicagoMohit Bansal Why Incident Response Plans Fail Under Pressure Swissôtel ChicagoRon Dilley Your User, Their Rules: Rethinking the OS trust model for the AI-era Swissôtel ChicagoGolan Myers • Ofir Balassiano

11:00am CDT

How We've Gone Completely Phishing-resistant (And So Can You!) Swissôtel ChicagoEric Woodruff

Blue Team Con 2026

From $675.00