Loading…
Thursday, September 10
 

8:00am CDT

Building Fort Knox: A Practical Bootcamp for Cyber-Physical Defense!
LIMITED
Thursday September 10, 2026 8:00am - Friday September 11, 2026 5:00pm CDT
Microsoft Technology Center (Aon Center)
Limited Capacity seats available
Ready to build Fort Knox and bulletproof your physical and wireless perimeters? Turn the tables on attackers with the ultimate bootcamp! You'll get hands-on with card readers, access control systems, Wi-Fi, security cameras, and more using a 25/75 tactical split. Spend 25% of your time getting your hands dirty to understand the offensive threat, and the remaining 75% mastering wireless threat...
See More →
Trainers
avatar for Evan

Evan "Shortrange" Cook

Owner, Lead Trainer, Shortrange Technologies LLC
Evan "Shortrange" Cook is a passionate teacher dedicated to "bringing RFID to the people." A multi-time CTF champion on both local and national stages, Evan has trained hundreds of hackers—from university students to special operators—in the art of cyber-physical exploitation... Read More →
Thursday September 10, 2026 8:00am - Friday September 11, 2026 5:00pm CDT
Microsoft Technology Center (Aon Center)
  Training

8:00am CDT

CQURE Masterclass: System Forensics, Incident Handling & Threat Hunting
LIMITED
Thursday September 10, 2026 8:00am - Friday September 11, 2026 5:00pm CDT
Microsoft Technology Center (Aon Center)
Limited Capacity seats available
System Forensics followed by Threat Hunting and Incident Readiness are constantly evolving and crucial topics in the area of cybersecurity. In order to stay ahead of cyber-criminals, the knowledge of Individuals and Teams responsible for threat hunting, collecting digital evidence, and handling the incidents has to be constantly enhanced and updated.This course offers a comprehensive, hands-on...
See More →
Trainers
avatar for Amr Thabet

Amr Thabet

Cybersecurity Expert, CQURE
Amr Thabet is a malware researcher and incident handler with over 16 years of experience, he worked in some of the Fortune 500 companies.  He is the founder of MalTrak and the author of "Mastering Malware Analysis" published by Packt Publishing. He is a speaker and an instructor... Read More →
avatar for Paula Januszkiewicz

Paula Januszkiewicz

CEO and Founder, Microsoft MVP and RD, CQURE
Paula Januszkiewicz is the Founder and CEO of CQURE and CQURE Academy, globally recognized organizations delivering cutting-edge cybersecurity consulting and advanced training since 2008. She is an Enterprise Security MVP, Microsoft Regional Director, and one of the world’s leading... Read More →
Thursday September 10, 2026 8:00am - Friday September 11, 2026 5:00pm CDT
Microsoft Technology Center (Aon Center)
  Training

8:00am CDT

Defending Enterprises - 2026 Edition
LIMITED
Thursday September 10, 2026 8:00am - Friday September 11, 2026 5:00pm CDT
Microsoft Technology Center (Aon Center)
Limited Capacity seats available
Updated for 2026, our immersive 2-day Defending Enterprises training is the natural counterpart to our popular Hacking Enterprises course.Not only have several existing topics had major tweaks; the training includes an entirely new section on Entra ID and Azure cloud based attacks! You’ll play a SOC analyst in our Microsoft Sentinel cloud-based lab and try to rapidly locate IOA’s and...
See More →
Trainers
avatar for Jeroen

Jeroen "Jay" Hoof

Instructor, SANS
Jeroen Hoof is a SANS Certified Instructor Candidate for SEC504: Hacker Tools, Techniques, and Incident Handling and a Security Operations Specialist at Davinsi Labs, where he specializes in intrusion analysis, SOC operations and detection engineering. With a career spanning law enforcement investigations, SOC operations, and cyber breach response, Jeroen brings a practitioner’s perspective... Read More →
avatar for Owen Shearing

Owen Shearing

Director, In.security
Owen (@rebootuser) is a co-founder of In.security, a specialist cyber security consultancy offering technical and training services based in the UK. He has a strong background in networking and IT infrastructure, with well over two decades of experience in technical security roles... Read More →
Thursday September 10, 2026 8:00am - Friday September 11, 2026 5:00pm CDT
Microsoft Technology Center (Aon Center)
  Training

8:00am CDT

Exploring AI Visibility: Shedding Light on Shadow AI, Attack Surface, Telemetry, and LLM Proxies
LIMITED
Thursday September 10, 2026 8:00am - Friday September 11, 2026 5:00pm CDT
Microsoft Technology Center (Aon Center)
Limited Capacity seats available
With the explosive adoption of AI agents, corporate networks are experiencing a massive influx of programmatic and shadow AI usage. Unfortunately, default audit capabilities provided by major AI vendors are notoriously sparse, leaving defenders with little to no visibility. Many providers only organize logging in a "billing forward" manner rather than focusing on cybersecurity. This 2-day,...
See More →
Trainers
avatar for Corey Thuen

Corey Thuen

Founder, Gravwell
Corey Thuen is the CEO and Co-Founder of Gravwell, an analytics platform built for massive-scale security telemetry. With over a decade of experience across IT, IoT, and ICS/OT security, he brings a unique, attacker-informed perspective to cyber defense. Previously, Corey was a vulnerability... Read More →
Thursday September 10, 2026 8:00am - Friday September 11, 2026 5:00pm CDT
Microsoft Technology Center (Aon Center)
  Training

8:01am CDT

Offense for Defense
LIMITED
Thursday September 10, 2026 8:01am - Friday September 11, 2026 5:00pm CDT
Microsoft Technology Center (Aon Center)
Limited Capacity seats available
Join us for Offense for Defense, a high-impact, hands-on cybersecurity course built specifically for blue team professionals, systems administrators, SOC analysts, threat hunters, and incident responders. This training arms defenders with the tactics, tools, and mindset of attackers, empowering teams to proactively identify weaknesses and design better protections, detections, and...
See More →
Trainers
avatar for Tim Medin

Tim Medin

CEO, Red Siege
Tim is the CEO and founder of Red Siege Information Security. He is the creator of the Kerberoasting. Tim was a Senior Instructor and course author (SEC560) at The SANS Institute. Tim has performed penetration tests on a wide range of organizations and technologies. Tim is an experienced... Read More →
Thursday September 10, 2026 8:01am - Friday September 11, 2026 5:00pm CDT
Microsoft Technology Center (Aon Center)
  Training
 
Saturday, September 12
 

10:30am CDT

400 Detections, Zero Alerts: Why your Detection Program is flying blind
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
You have 400 detection rules in production. Your ATT&CK coverage heatmap looks great in a board deck. But how many of those rules actually fire when the technique executes today, not when they were written 18 months ago?If you can't answer that, you don't have coverage. You have promises.This talk tackles the gap between deploying detections and proving they work. Detection rules silently break...
See More →
Speakers
avatar for Tyler Casey

Tyler Casey

Detection Engineer, SCYTHE
Tyler Casey is a seasoned Cyber Professional with over a decade of experience in Defensive Cyber Operations (DCO). Currently serving as Lead Detection Engineer and Deputy of SCYTHE Labs at SCYTHE, Tyler specializes in developing and implementing robust defensive cybersecurity measures... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

Active Directory Post-Mortem: Assumptions vs Reality
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Active Directory Domain Services has been around for 26 years, making it far from a young technology - yet it is not going anywhere anytime soon. Most companies still rely on Active Directory as their primary identity provider and management solution. One might assume that after all these years we have already mastered securing Active Directory with best practices. However, the reality is often...
See More →
Speakers
avatar for David Horak

David Horak

Security Engineer & Founder, Horizon Secured
David Horák is a System Security Engineer and Team Leader with 8+ years of experience securing Windows infrastructures and Active Directory. He has delivered 30+ security assessments across SMB, enterprise, and critical infrastructure, giving him a strong perspective on what security... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

AI Failures in IR: A Field Guide to Filling the Gaps
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Every security vendor is shipping AI. Every IR team is under pressure to adopt it. And in the middle of a real incident, the gap between what AI promises and what it actually delivers becomes very concrete, very fast.This talk is a field guide to that gap. Drawing on experience as an incident responder on T-Mobile's CIRT during Salt Typhoon and on the builder side developing AI tooling for IR,...
See More →
Speakers
avatar for Alex Thomson

Alex Thomson

Incident Response Specialist, Spacewalk.ai
Alex has over 30 years of professional experience in cybersecurity, including building and leading SOCs and other secops teams. Most recently, he served on T-Mobile's CIRT — including during the Salt Typhoon intrusion — before joining Spacewalk, where for the past 1.5 years he's... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

AI-Assisted IR Without the Lies: A Browser Forensics Case Study
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Offensive security teams are deploying autonomous agents that chain vulnerabilities end to end without human intervention. Vulnerability researchers are using LLMs to discover and exploit zero-days at a pace no human team can match. AI is already on both sides of the fight, and the gap between organizations that harness it and those that do not is widening fast.Incident responders have largely...
See More →
Speakers
avatar for Aaron Hau

Aaron Hau

Security Engineering Team Leader, Daylight Security
Aaron is a security researcher with more than five years of experience across various aspects of Cybersecurity including Incident Response, Red Teaming and Security Research. He is currently a Security Engineering Team Lead at Daylight, where he builds agentic security services such... Read More →
avatar for Kyle Henson

Kyle Henson

Security Engineering Team Leader, Daylight Security
Kyle is an incident response leader with more than seven years of experience in DFIR and threat intelligence. He is currently a Security Engineering Team Lead at Daylight, where he builds agentic security services such as MDR, threat hunting, and incident response that combine automated... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

Behaviour-Driven Detection for Software Supply Chain Exploitation
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
AbstractModern software development depends on an intricate ecosystem of open‑source libraries, third‑party services, CI/CD workflows, container registries, package repositories, and cloud‑native infrastructure. As organizations accelerate development velocity, their applications increasingly rely on components they neither wrote nor control. This creates a supply chain environment where the...
See More →
Speakers
avatar for Niladri Sekhar Hore

Niladri Sekhar Hore

Lead Engineer - Threat Detection and Automation, StoneX Group
Niladri Sekhar Hore is a Lead Engineer at StoneX Group in Threat Detection and Automation. He builds data-driven detection systems and security automation frameworks across cloud and hybrid environments, focusing on operationalizing  security intelligence into measurable runtime... Read More →
avatar for Anurag Mathur

Anurag Mathur

Staff Engineer - Application Security, StoneX group
Anurag Mathur is a Staff Engineer in Application Security, specializing in secure architecture design, vulnerability research, and threat modelling for modern application ecosystems. He works closely with engineering teams to identify business logic weaknesses, harden authentication and authorizatio... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

Beyond the SIEM: Critical Governance and Architecture Decisions for Modern SOCs
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Modern Security Operations Centers (SOCs) have evolved from basic technical hubs into essential engines for risk management. Success requires a disciplined alignment of governance, architecture, and talent to ensure every action remains resilient and defensible. This session presents a structured methodology to balance high-level technical capability with fiscal responsibility and regulatory...
See More →
Speakers
avatar for Bart Stump,

Bart Stump, "Stumper"

Managing Principal, Coalfire
Bart Stump is a Managing Principal on the Threat Discovery Services team at Coalfire with over 19 years of experience. He specializes in identifying defensive gaps through threat hunting, cyber threat intelligence, and security tool gap analysis to implement robust defensive measures. For... Read More →
avatar for Jeremy Croghan

Jeremy Croghan

Director, Coalfire
Jeremy Croghan is a seasoned cybersecurity leader and Director of Business Resiliency at Coalfire with over 20 years of experience, including U.S. Marine Corps service. He specializes in aligning the complex regulatory requirements of any industry with organizational policies to ensure... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

Breaking Identity at Scale: From DPAPI & TBAL Secrets to Full Domain Compromise
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Modern enterprise environments continue to rely on implicit trust within identity and credential protection mechanisms such as DPAPI, DPAPI-NG, and token-based authentication layers. While these technologies are designed to safeguard secrets, they also introduce powerful attack surfaces when combined with misconfigurations, weak privilege boundaries, and overlooked trust relationships.This session...
See More →
Speakers
avatar for Paula Januszkiewicz

Paula Januszkiewicz

CEO and Founder, Microsoft MVP and RD, CQURE
Paula Januszkiewicz is the Founder and CEO of CQURE and CQURE Academy, globally recognized organizations delivering cutting-edge cybersecurity consulting and advanced training since 2008. She is an Enterprise Security MVP, Microsoft Regional Director, and one of the world’s leading... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

Building the Human Firewall: Why Security Awareness Must Precede the Workplace
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Cybersecurity conversations often begin inside corporate boardrooms and Security Operations Centers but by then, the foundation for risk is already set. In a world where digital native generations are entering the workforce, the strongest "human firewall" must be established long before an employee receives their first corporate login.This session reframes cybersecurity education as a foundational...
See More →
Speakers
avatar for Nousheen Begum

Nousheen Begum

Cybersecurity Leader | GRC & AI Security | CISSP | VP, WiCyS Wisconsin | Board Member, ISACA Milwaukee & ISC2 Wisconsin, WiCyS Wisconsin
Nousheen Begum is a seasoned cybersecurity professional with over 10 years of experience in Security Operations (SOC), Incident Response, and GRC. She holds an M.S. in Cybersecurity from the University of Illinois Springfield and is a CISSP and CEH certified professional. Currently... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

CISA’s Menu for Vulnerability Management
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Hungry for better cyber defense? Pull up a chair at CISA’s café, where vulnerability management is always on the menu! This talk will serve up a full tasting of best practices, international standards, and key initiatives that help organizations defend against today’s threats and enhance their cyber resilience. From tried-and-true favorites like CVE and the Known Exploited Vulnerabilities...
See More →
Speakers
avatar for Justin Murphy

Justin Murphy

Cybersecurity Vulnerability Analyst, DHS/CISA
Justin Murphy is a Vulnerability Analyst with the Cybersecurity and Infrastructure Security Agency (CISA). He helps to coordinate the remediation, mitigation, and public disclosure of newly identified cybersecurity vulnerabilities in products and services with affected vendor(s... Read More →
avatar for Julia Turkevich

Julia Turkevich

Cybersecurity Vulnerability Analyst, DHS/CISA
Julia Turkevich leads CISA's stakeholder engagement activities to recruit CVE Numbering Authority (CNA) partners that are committed to proactive and responsible vulnerability disclosure. As a member CISA's Vulnerability Management subdivision, Julia works to advance maturity across... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

Containers Don't Lie. But Your Security Tooling Might Be Missing What They're Saying
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Container security is one of those topics that sounds solved. We've got image scanning. We've got runtime policies. We've got Kubernetes RBAC. So why are containers still showing up as the initial access vector in breach reports year after year?Because most of our tooling is looking at the wrong things at the wrong time.This talk is about shifting container threat hunting from reactive to...
See More →
Speakers
avatar for Advait Patel

Advait Patel

Senior Site Reliability Engineer, Broadcom
Advait Patel is a Senior Site Reliability Engineer at Broadcom with experienced in securing large-scale cloud platforms across AWS and GCP. He holds an MS in Computer Science from DePaul University and is a Docker Captain and Google Developer Expert in Google Cloud.
Advait is an active contributor to the security community as a founding member of the OWASP AI Vulnerability Scoring System (AIVSS), creator of the OWASP-adopted open-source tool DockSec, and co-author of cloud security guidelines for CSA. He has authored two Springer books on GCP... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

Defending the Credential Reset Process
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Some of the most noteworthy cybersecurity incidents that have occurred in the past 5 years have involved attacks on the credential lifecycle. Credentials are targeted by threat actors when they are initially issued at employee onboarding, when they are used everyday to login, and when they are lost and need to be reset. According to Microsoft’s 2025 Digital Defense Report, credential based...
See More →
Speakers
avatar for Tom Cross

Tom Cross

Head of Threat Research, GetReal Security
Tom Cross is the Head of Threat Research at GetReal Security, where he tracks threat actors and attack activity involving deepfake social engineering and impersonation. His career in cybersecurity has spanned three decades, and numerous roles, including CoFounder and CTO of Drawbridge... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

Defending the Hypervisor: Using Offensive Tooling to Validate vSphere Security
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
VMWare (Broadcom) represents the most commonly used enterprise Hypervisors.  This means a compromised vCenter or ESXi host gives attackers access to every virtual machine and credential in your my environment. Defenders often lack visibility into what a post-exploitation attack against the hypervisor layer looks like. So, I built a tool to find out.  In this session, I'll walk through...
See More →
Speakers
avatar for Darryl Baker, DFIRDeferred

Darryl Baker, DFIRDeferred

Senior Staff Security Researcher, Netwrix
Darryl Baker is a Senior Staff Security Researcher at Netwrix, where he focuses on identity security and emerging attack techniques targeting enterprise authentication systems. With a background spanning security research, consulting, and adversary simulation, he specializes in uncovering... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

Designing deception in GCP: what’s effective density?
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Defenders have deployed honeypots and honeytokens to detect threats targeting GCP workloads. The dynamic and ephemeral nature of cloud workloads with the resource-based policy model in GCP introduces unique characteristics that influence the design of deception. Defenders need to determine answers to questions such as: how many deceptions to deploy, what should they represent, how many of each...
See More →
Speakers
avatar for Suril Desai

Suril Desai

VP Engineering, Acalvio
Suril is VP Engineering and Security SME at Acalvio. Suril has deep domain expertise in cybersecurity and has a strong academic and industry background in Computer Science. Suril holds several patents.
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

Detection Engineering for AI Agents: Building Defenses That Work When Your Attacker Can Think
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
The bot detection playbook defenders have relied on for years — IP blocklists, rate limits, behavioral baselines, CAPTCHA — was built for a threat that no longer exists. Modern adversaries are deploying LLM-powered agents that reason, adapt, and evolve their behavior in response to detection. For defenders, this means the threat model has fundamentally changed.   This talk, drawn from...
See More →
Speakers
avatar for Shashwat Jain

Shashwat Jain

Sr. Software Development Engineer, Amazon
Shashwat Jain is a Senior Software Development Engineer at Amazon, where he architects and deploys AI-powered bot mitigation systems protecting Amazon's global e-commerce platforms from sophisticated automated threats. With expertise spanning real-time behavioral detection engines... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

email.telemetry.normalized: Detection Engineering Beyond the Inbox in Healthcare
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Email continues to be the most common initial access vector in healthcare environments, yet many organizations still rely primarily on email security gateways for detection and protection. While gateways provide an important first layer of defense, they often create visibility gaps once messages reach user inboxes. Attackers routinely exploit these gaps through techniques such as executive...
See More →
Speakers
avatar for Akash Parasumanna Sridhar

Akash Parasumanna Sridhar

Security Engineer, Campbell Clinic
Akash Parasumanna Sridhar is a cybersecurity professional working in healthcare environments, specializing in detection engineering, incident response, and security automation. He has hands-on experience designing SIEM-driven detections, integrating third-party security telemetry... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

Entra the Dragon: Entra ID Red vs Blue
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Entra ID is the identity & access management system for the Microsoft cloud. Microsoft continues to add new features to Entra ID and many of these features provide attack capability. There are many moving parts and regular updates that requires attention to stay secure. This talk covers the latest attacks against the Microsoft cloud from phishing to account take-over to persistence as well as the...
See More →
Speakers
avatar for Sean Metcalf

Sean Metcalf

Identity Security Architect, TrustedSec
Sean Metcalf  (@PyroTek3) is an Identity Security Architect with TrustedSec. He is one of about 100 people in the world who holds the Microsoft Certified Master Directory Services (MCM) Active Directory certification and is a former Microsoft MVP. Sean has presented on Active Directory... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

Finding SOCKS with ProxyWatch
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Attackers increasingly use SOCKS proxies on intrusions to pivot through compromised networks and to keep their tools away from EDR. C2 frameworks like Sliver, Cobalt Strike, and Mythic make it simple to turn one callback into a gateway for the entire network. As defenders, we looked at existing guidance to find SOCKS proxies and found detections too narrowly focused on specific tools, or...
See More →
Speakers
avatar for Brian Reitz

Brian Reitz

SpecterOps
Brian Reitz is a consultant for SpecterOps for the Adversary Detection team, working on detection engineering for a variety of clients. He previously worked in detection and response in healthcare, and pentesting, red team, and defensive work for public-sector and commercial clie... Read More →
avatar for John Wotton

John Wotton

Consultant, SpecterOps
John Wotton is a Consultant at SpecterOps specializing in adversary simulation, Active Directory, Physical Security, and EDR evasion. He focuses on custom tooling, offensive and defensive research, and helping organizations defend against advance persistent threats.
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

Fortress in a Box: Enterprise-Grade Kubernetes Security for the Organizations That Can't Afford It
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
In 2022, the Red Cross was breached and data from 515,000 vulnerable people was exposed. Amnesty International was surveilled by state-sponsored attackers. Bellingcat, the group that documents war crimes, is a constant target of state actors trying to destroy evidence.These organizations protect the most vulnerable, and have zero security budget to defend themselves.This talk presents Fortress in...
See More →
Speakers
avatar for José Lorenzana

José Lorenzana

DevSecOps Student & Open Source Developer
A computer science student and DevSecOps practitioner focused on making enterprise-grade security infrastructure accessible to organizations that need it most. With hands-on experience in Kubernetes, containers, and cloud security, their work sits at the intersection of technical... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

From Compliance to Covert Ops: Demystifying the Offensive Security Landscape
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
The most critical stage when using offensive security to improve defenses comes after obtaining leadership approval for a testing exercise. Current industry definitions have significant overlap, with the same term used to describe different underlying services, and with the added complication of AI-based offensive tools. Overshadowed by years’ worth of penetration tests exploiting the same set...
See More →
Speakers
avatar for Sandun Bambarandage

Sandun Bambarandage

Service Lead, Breach & Attack Simulation, LevelBlue
Sandun is a Senior Consultant within the Security Advisory Services team at LevelBlue. He currently leads the Breach and Attack Simulation program, using atomic simulations of adversarial techniques at scale to validate the effectiveness of security tools and system configuration... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

From Hours to Minutes With StealerLens: LLM-Accelerated Infostealer IR for Overwhelmed SOCs
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Information stealer malware has quietly become one of the most consequential threats facing modern SOCs, with over 50 million stealer logs posted on underground channels in the last year alone. Each log is a comprehensive digital dossier on a single victim, and the sheer volume has created an analysis bottleneck that is impossible to address at scale.This session opens with a technical deep dive...
See More →
Speakers
avatar for Olivier Bilodeau

Olivier Bilodeau

Principal Cybersecurity Researcher, Flare
Olivier Bilodeau, a principal researcher at Flare, brings 15+ years of cutting-edge infosec expertise in honeypot operations, binary reverse-engineering, RDP interception and, more recently, fighting information stealer malware. Passionate communicator, Olivier spoke at conferences... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

From Logs to Logic: Building Detections That Don’t Suck
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Most security teams have no shortage of logs, yet turning that data into reliable detections is a different problem entirely.In reality, detection efforts often fall apart because of messy data, vague assumptions, and a haphazard approach to building and maintaining them. The outcome is all too familiar: overwhelmed analysts tuning out alerts, threats slipping through the cracks, and detections...
See More →
Speakers
avatar for Kyle Barboza

Kyle Barboza

Senior Threat Informed Defense Engineer, Financial Services Company
Kyle is a detection engineer and cyber operations leader focused on turning raw telemetry into actionable defense. He specializes in threat detection, incident response, and building scalable detection programs using automation and detection-as-code principles.With experience leading... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

Game of Cones: Why Your Crisis Plan Shouldnt Melt Under Pressure
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Your incident response playbook is sitting on a server. The server just got encrypted. Now what?Most organizations invest heavily in plans they never actually test: polished documentation, detailed runbooks, maybe a shiny new SIEM. Then a real crisis hits. Ransomware. A breach notification deadline. A regulator on line one and a journalist on line two. And everyone discovers, at the worst possible...
See More →
Speakers
avatar for Richard Suls

Richard Suls

US Lead, Advisory Consulting, Reversec
Richard Suls is US Lead for Security Advisory Consulting at Reversec Consulting, where he designs and delivers crisis management exercises and technical tabletops for major financial institutions, healthcare organizations, and critical infrastructure operators. He brings 18+ years... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

How to Do Just About Anything (Including Security): Turning Curiosity and Creativity into a Career
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Learning something new, for me, often means figuring it out myself. While we have tutorials and AI on demand, experimentation and a willingness to get things wrong is still required. My story started with a book called “How to Do Just About Anything” and a realization that, with enough curiosity, you actually can.This talk shares a non-linear path from breaking computers as a teen to...
See More →
Speakers
avatar for Dan Browder

Dan Browder

Director, Information Security Portfolio, First National Bank of Omaha (FNBO)
Dan has over 25 years of experience working at the in technology and security spanning roles of graphic design, help desk and security risk. He leads strategic cybersecurity initiatives that shape FNBO’s security posture, with a focus on strategy, risk reporting, AI governance... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

It Started with an Employee. It Ended Inside Your AI: The Exposure Chain You Need to Understand
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
AI didn't just speed up reconnaissance. It connected dots that were never supposed to connect and most blue teams haven't caught up yet. This talk walks through a single, end-to-end exposure chain so defenders can finally see what they're up against, and know exactly where to break it.It starts with people. AI-powered OSINT pipelines aggregate and correlate employee data across LinkedIn,...
See More →
Speakers
avatar for Derick Johnson

Derick Johnson

Derick Johnson is a cybersecurity graduate student and practitioner specializing in the intersection of AI, large language models, and offensive security. His research focuses on two converging threats: how AI-powered tools are transforming open-source intelligence and reconnaissance... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

It Wasn’t Spoofed: Investigating Authenticated Email Abuse in Real Environments
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Not every incident starts with an alert.Sometimes it starts with a confident assumption.In this case, a suspicious email spread internally. The user reported they did not send it, and the client confidently assessed the message as spoofing.It wasn’t.Email header analysis revealed the message originated from within the organization (AuthAs: Internal) using legacy SMTP AUTH (AuthMechanism: 04), an...
See More →
Speakers
avatar for Kelsey O'Connell, w0mbat

Kelsey O'Connell, w0mbat

Tier II MDR Analyst, Beazley Security
Kelsey (w0mbat) is a cybersecurity analyst focused on detection, investigation, and response, with an emphasis on cases where activity appears legitimate but is not. Her work spans endpoint, identity, and email telemetry, specializing in identifying subtle indicators of compromise... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

Life After Tier 1: Rebuilding the SOC When Triage Is Outsourced
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
For many medium-sized enterprises, outsourcing Tier 1 triage to an MSSP is positioned to reduce workload, provide 24/7 coverage, and improve efficiency. In practice, it fundamentally reshapes how a SOC operates—and introduces new challenges that many teams are unprepared for.Outsourcing Tier 1 doesn’t eliminate work—it redistributes it in ways most SOCs are not designed to handle.This talk...
See More →
Speakers
avatar for Stuart Fairchild

Stuart Fairchild

Senior Manager, Cybersecurity, C Spire
Stuart Fairchild is a Senior Manager of Cybersecurity at a regional telecommunications provider, where responsibilities include leading security monitoring, incident response, and security awareness programs supporting infrastructure for over one million customers. Work focuses on improving detection... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

MDR: From Vendor Shortlist to Security Partnership
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
In a saturated market, how can CISOs move past monitoring volume to evaluate Managed Detection and Response (MDR) providers based on their true ability to reduce exposure and drive proactive risk reduction?How do you build a practical evaluation framework that balances technical visibility and response capability with commercial clarity and long-term consolidation potential?What does is the...
See More →
Speakers
avatar for Alan Simpson

Alan Simpson

Field CISO, Rapid7
Alan Simpson is Field CISO for the UK and Ireland at Rapid7, advising CISOs and senior leaders on cyber risk, resilience, and security strategy that supports business outcomes. Before joining Rapid7, he served as Global Security Operations Manager and Acting CISO at Keyloop, where... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

Models and More: using data to inform decision making
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Organizations of all types are working to use data to make better decisions. This includes risk management decisions, such as whether to avoid, mitigate, accept, or transfer a particular risk. But what types of data work best? How do correlation and causation impact your risk analysis? Learn from a cyber insurance pro how they balance the speed of modeling and analytics with the deep experience of...
See More →
Speakers
avatar for Amanda Draeger

Amanda Draeger

Principal Cyber Risk Engineer, Liberty Mutual Insurance
Amanda is a Principal Cyber Risk Engineer at Liberty Mutual Insurance. She is an Army vet, has way too many credentials, and likes yarn. 
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

Paving the Road for AI-Driven Security Teams
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
We are not a traditional SOC. Notion’s Detection and Response Team (DART) is a small group of engineers and incident responders. We build the systems our own team runs on, and we own them end to end.AI changed how we work. Our answer has been to pave the road for agentic security work: an internal platform of harnesses, CLI tools, review steps, and guardrails that makes AI workflows predictable...
See More →
Speakers
avatar for Britton Hayes

Britton Hayes

Detection and Response Engineer, Notion
Britton is a detection and response engineer building tools to keep security simple. Currently at Notion focusing on incident response, security automation, and detection engineering. Previously, he architected observability pipelines at Fortune 500 scale and secured Kubernetes infrastructure... Read More →
avatar for Joakim Pedersen

Joakim Pedersen

Detection and Response Engineer, Notion
Joakim is a Detection and Response engineer at Notion, focusing on detection engineering, incident response, and observability. With a background in offensive security, he brings an attacker mindset to defending cloud infrastructure at a global scale.
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

Purple Testing Is Not Enough — Why CTEM Is the Missing Layer
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Session Description (Abstract)Purple testing is powerful.It helps us validate detections, simulate attacker behavior, and expose where our defenses break. It gives us truth about our controls.But there’s a problem.Most teams stop at validation.We test. We validate. We generate findings.And then… we move on.The same gaps show up again later—not because we didn’t find them, but...
See More →
Speakers
avatar for Irina Dimitrov (Loktionova)

Irina Dimitrov (Loktionova)

Irina Dimitrov (Loktionova) is a cybersecurity professional with over a decade of hands-on experience in incident response and security operations. For 12 years, she worked on the front lines, responding to real-world attacks and seeing firsthand where security controls succeed—and... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

Reconstructing Reality: Advanced USN Journal Extraction and Full-Fidelity Correlation with MFT
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
The NTFS USN Journal remains one of the most underutilized yet powerful forensic artifacts in Windows environments. While widely known, its practical use is often limited by incomplete parsing, lack of context, and the inability to correlate it effectively with other filesystem structures such as the Master File Table.This session challenges long standing forensic assumptions about how filesystem...
See More →
Speakers
avatar for Paula Januszkiewicz

Paula Januszkiewicz

CEO and Founder, Microsoft MVP and RD, CQURE
Paula Januszkiewicz is the Founder and CEO of CQURE and CQURE Academy, globally recognized organizations delivering cutting-edge cybersecurity consulting and advanced training since 2008. She is an Enterprise Security MVP, Microsoft Regional Director, and one of the world’s leading... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

Same Network, Different Worlds: Bridging the IT Ops and SOC Divide
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
A temporary service account with Domain Admin rights gets created at 11 PM to patch a legacy application. The sysadmin logs off and forgets about it. The SOC sees the account creation, flags it as authorized admin activity, and moves on. Three weeks later, that account becomes an attacker's persistence mechanism. Nobody did anything wrong. And that is exactly the problem.IT operations and security...
See More →
Speakers
avatar for Sameer Singhal

Sameer Singhal

System Engineer II, EXOS
Sameer bridges the critical gap between infrastructure engineering and security operations. He holds a bachelor's degree in Cybersecurity from Purdue University and is currently a Systems Engineer II working his way towards a Cybersecurity Analyst I position at an MSSP, where he supports... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

Secrets That Survive Everything: The Shift-Right Runtime Gap Left Unguarded
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
A bug bounty researcher found Azure credentials in a JavaScript file and marked the report informational. The credentials were live production values -four Azure AD fields sitting in a public JS bundle, enough to authenticate as the application itself. The frontend had documented its own backend. Full account takeover. The application's token had been granted the ability...
See More →
Speakers
avatar for Hemanth Gorijala

Hemanth Gorijala

Global Penetration Testing Lead
Hemanth Gorijala is an application security professional and penetration tester with 13 years of experience. He conducts web application security assessments and reviews vulnerability reports in enterprise bug bounty programs. The exploitation chains in this talk are drawn from his... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

Security vs Product: A Professional Identity Crisis
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
For years, my instinct was to fix things. See an alert, chase the threat. Find a gap, build a detection. Witness an incident, contain and remediate. After a career built on DFIR, detection engineering, incident response, and sysadmin work, I was trained to be a solution machine, and I was good at it.Then I became a Product Manager.Everything broke.Suddenly the job wasn't to solve the problem in...
See More →
Speakers
avatar for Amanda Berlin, Infosystir

Amanda Berlin, Infosystir

Sr. Product Manager, Cybersecurity, Blumira
Amanda Berlin is the Sr. Product Manager of Cybersecurity at Blumira, where she leads product initiatives focused on XDR and response capabilities as well as incident detection engineering initiatives.
An accomplished author, speaker, and podcaster, Amanda is known for her ability to communicate complex technical concepts in a way that is accessible and engaging for audiences of all backgrounds. She co-authored an O’Reilly Media book Defensive Security Handbook: Best Practices... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

Slaying the Sprawl: A Hero’s Guide to Building (or Re-Forging) a Cloud Security Program Without a 20-Person Guild
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Whether you are standing before a pristine, untouched Cloud Kingdom or inherited a crumbling fortress held together by "Native Tooling" duct tape and hope, the quest remains the same: How do you defend the realm without hiring an army you can’t afford? In this 40-minute campaign, we aren’t just looking at the map, we’re looking at the scars. Building a cloud security program from...
See More →
Speakers
avatar for Steve Turner

Steve Turner

Cloud Security Architect, Zelis Healthcare
Steve leads cloud security at Zelis Healthcare. He started his career through the trial by fire that is MSP life. He pivoted to securing everything from waste facilities and transportation infrastructure to huge financial services organizations and even mixed in some industry analysis... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

Strength in Diversity: Building an Inclusive Cybersecurity Workforce
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
The presentation “Strength in Diversity: Building an Inclusive Cybersecurity Workforce” explores how diversity across race, gender, sexual orientation, and neurodiversity strengthens cybersecurity by fostering innovation, resilience, and more adaptive defenses. It argues that cybersecurity is as much about people and perspectives as it is about technology, and that inclusion drives...
See More →
Speakers
avatar for Rick Hudson

Rick Hudson

CTO, Critical Path Security
Rick Hudson is currently the CTO (Chief Technology Officer) for Critical Path Security. Rick is a member of the InfraGard (InfraGard is a partnership between the Federal Bureau of Investigation (FBI) and members of the private sector for the protection of U.S. Critical Infrastructure... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

Superposition, not Superstition
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
SUPERPOSITION WITHOUT SUPERSTITIONWhy the foreseeable state of quantum computing is not a nightmare for security practitionersIn this illuminating talk, we’ll cut through the quantum hype to reveal why security professionals can approach quantum computing with informed confidence rather than panic.While headlines scream about the imminent apocalypse of our cryptographic systems, reality paints a...
See More →
Speakers
avatar for Johnny Xmas

Johnny Xmas

Global Head of Offensive Security, Fortune 150 Food & Bev Manufacturer
Johnny Xmas, a prominent figure in the Information Security community since 2002, is a board member of both Chicago's famous BurbSec community, as well as its BSides312 conference. He's most notably recognized for his pivotal role in exposing the American TSA Master Key leaks (2014-2018... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

Teaching AI to Analyze Malware: How to Encode Practitioner Expertise into an MCP Server
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
AI agents can reason about suspicious files, plan multi-step investigations, and write custom deobfuscation code when standard tools fall short. But generic models produce shallow, unreliable results because they lack practitioner knowledge about which tools to use and when, and access to the tools themselves.Without domain expertise, an AI agent doesn't know that, for example, capa exit codes...
See More →
Speakers
avatar for Lenny Zeltser

Lenny Zeltser

Faculty Fellow, SANS Institute
Lenny Zeltser is a cybersecurity executive with deep technical roots, product management experience, and a business mindset. He has built security products and programs from early stage to enterprise scale. He is also a Faculty Fellow at SANS Institute and the creator of REMnux, a... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

The Contextualization Gap: Why Your SOC Has the Data But Not the Story
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Security operations teams are not losing ground because they lack tools. They are losing ground because they have accumulated too many tools, each addressing a specific threat, each generating its own telemetry, with no architecture capable of connecting that data into a coherent, actionable picture of what is happening in the environment. The result is a team simultaneously overwhelmed by data...
See More →
Speakers
avatar for Cyrus Walker

Cyrus Walker

Founder/CEO, Data Defenders
Thirty years of operational cybersecurity experience spanning municipal government, nonprofit, and healthcare sectors. Work includes forensic investigation, critical infrastructure protection, and the design and operation of shared regional security programs built for organizations... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

The Decision Engine: How to Rebuild Security Operations for an AI-Accelerated Threat Environment
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
The queue-based SOC is not a slower version of the future.  It is a structural liability.  For two decades, security operations has been measured by the wrong things; alert throughput, mean time to detect, SLA adherence.  These metrics are of a queue.  They assume that moving fast enough though enough alerts produces security outcomes.  That assumption has not survived...
See More →
Speakers
avatar for Ren Fellows

Ren Fellows

Manager Cyber Security Operations, REI Co-op
Ren Fellows is the Director of Threat Management at a Fortune 50 financial institution, with over 13 years in security spanning SOC build, large-scale incident response, and zero-day events. Ren's believes the way we've built and lead security operations is due for a fundamental... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

The End is Just the Beginning of Better Security: Enhancing Vulnerability Management with OpenEoX
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Persistent cyber campaigns continue to threaten both public and private sectors, with outdated, unsupported edge devices emerging as a prime target for Nation-state adversaries. End-of-Life/End-of-Support (EoL/EoS) technologies create enduring exposure across our Nation's critical infrastructure, prompting CISA's February 2026 Binding Operational Directive (BOD) 26-02 requiring federal agencies to...
See More →
Speakers
avatar for Justin Murphy

Justin Murphy

Cybersecurity Vulnerability Analyst, DHS/CISA
Justin Murphy is a Vulnerability Analyst with the Cybersecurity and Infrastructure Security Agency (CISA). He helps to coordinate the remediation, mitigation, and public disclosure of newly identified cybersecurity vulnerabilities in products and services with affected vendor(s... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

The Malware Is Coming from Inside the Repo
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
GitHub isn't just where developers work. It's where adversaries stage, obfuscate, and deliver malicious code. Every minute, thousands of commits hit public repositories, and buried inside that firehose are credential stealers, reverse shells, crypto drainers, and the occasional nation-state lure dressed up as a coding challenge. The platform's openness, trust, and sheer volume are exactly what...
See More →
Speakers
avatar for Justin Borland

Justin Borland

Director of Threat Engineering, Abstract
A proven technical leader in the security industry, Justin started his career with a Canadian Secret clearance while still in College. After graduating, he spent the next decade building custom packet capture systems, intrusion detection systems, logging systems, and DFIR tooling... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

The Only Way to Win Is by Learning: Deception Design, Read Through a Comedy Game Show
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Most deception technology fails the same way a bad magic trick fails: the audience can see the strings. A pristine honeypot, a too-obvious credential, a decoy environment without any of the messy human fingerprints of a real network — these tip off skilled attackers in the first thirty seconds of contact and then sit unused, generating no intelligence and no value.This talk argues that the...
See More →
Speakers
avatar for Dylan Shroll

Dylan Shroll

Security Engineer, Revology
Dylan is a cybersecurity engineer with six-plus years across healthcare, financial services, lottery, and logistics — everywhere the stakes are high and the regulations are higher still. She specializes in LLM-powered cyber deception operations and behavior-science-driven secur... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

The Second Front: Detecting LOTL Off the Endpoint
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Living-off-the-land (LOTL) isn't what it used to be. Blue teams have spent years tuning detections for the classic playbook - LOLBins, malicious macros, WMI abuse, PowerShell, etc. - and endpoint tooling has gotten pretty good at catching it. So, attackers moved.LOTL is now operating across a second front: the identity and management plane, which spans hundreds (if not thousands) of SaaS...
See More →
Speakers
avatar for Mark Orlando

Mark Orlando

Field CTO, Push Security
Mark is the Field CTO at Push Security, where he advances detection and response for in-browser threats. With 25 years of experience building and leading security operations teams at the White House, the Pentagon, the Department of Energy, and Fortune 500 companies, Mark has investigated... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

Threat Intelligence at the Speed of Cyber Defense
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Cyber threat intelligence (CTI) is essentially a decision support function within cybersecurity. As such, CTI that cannot enable, improve, or otherwise facilitate a security action is of questionable value. This is often evaluated in terms of CTI relevance, applicability, or accuracy, but the relationship between CTI and security actions also demands investigation of another metric: timeliness....
See More →
Speakers
avatar for Joe Slowik

Joe Slowik

Director, Cybersecurity Alerting Strategy, Dataminr
Joe Slowik has over 15 years of experience across multiple cyber domains, from threat intelligence to detection engineering to incident response. Joe currently works as director for cyber alerting strategy at Dataminr, and has previously held roles at organizations including the MITRE... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

Too Big to Review: Scaling AppSec to Zero at Fortune #1
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
As AI-powered development tools accelerate code velocity across the industry, application security programs face an existential scaling problem: the team that was once a trusted partner to engineering has become a bottleneck. Traditional human-led security review cannot keep pace with the rate of new features, services, and infrastructure being shipped; and bolting AI onto a broken process only...
See More →
Speakers
avatar for Adam Schaal

Adam Schaal

Distinguished Engineer, AI Security, Pixee AI
Adam Schaal is a Distinguished Engineer at Pixee, where he focuses on using generative AI and automation to meaningfully change how application security is practiced at scale.
Previously, Adam created and led the SHINE team at AWS, a group tasked with rethinking how security could scale across massive development organizations without slowing builders down. Through experimentation, automation, and hands-on engineering, SHINE explored new approaches to aligning... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

Trusted, But Dangerous: Identity Abuse Through First-Party Apps in Entra
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Microsoft Entra environments rely heavily on implicit trust in Microsoft first-party applications, yet most defenders have limited visibility into how expansive that trust boundary truly is. With more than 4,000 Microsoft first-party app IDs, many operate as “ghost” applications: active in authentication and token issuance, but not clearly represented in enterprise application views or...
See More →
Speakers
avatar for Jon Haas

Jon Haas

Threat Hunter, Nationwide
Jon Haas is a Threat Hunter at Nationwide specializing in identity security, cloud detection engineering, and adversary tradecraft in modern SaaS environments. His work focuses on uncovering gaps in authentication controls, including OAuth abuse, first party application behavior... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

Using Pentest Findings to Improve Detections
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Most penetration test reports get filed and forgotten. SOC teams never confirm whether their alerts fired during the engagement, and adversaries keep reusing the same techniques. This session shows blue teamers how to digest a penetration test report and turn every pentest finding into a working detection.We'll break down pentest reports from the SOC's perspective, focusing on the methodology...
See More →
Speakers
avatar for Ashley Knowles

Ashley Knowles

Cyber Security Analyst, Black Hills Information Security
As a Security Consultant, Ashley’s role is to perform network (internal/external), social engineering, and cloud penetration tests, as well as participating in red team assessments. Since joining the infosec community in 2013, she has developed and taught hacking classes, worked... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

Vibe Check: Scaling AppSec in an AI-Driven World
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Scaling an AppSec program is hard enough in a traditional environment, but it gets exponentially more difficult when Sonny from Accounting decides to vibe code their own full-stack internal tool over the weekend and announces it in the company All Hands on Monday. The "Shift Left" movement promised to get in front of security breaches by thinking about security early in the development lifecycle,...
See More →
Speakers
avatar for Cory Roop

Cory Roop

Director of Production Security, Invisible Technologies
Cory leads the Production Security function at Invisible Technologies. He’s a veteran engineer and leader who has scaled security programs for both healthcare firms and hyper-growth SaaS startups. He balances a "big picture" leadership style with a genuine love for the technical... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

Vulnerability Management: The Leadership Playbook
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Most vulnerability programs keep teams busy without reducing risk. Mean-time-to-remediate improves quarter over quarter while the total count of unpatched vulnerabilities climbs. The program optimizes a local maximum: patching speed. This talk presents four strategies for escaping the cycle, and the leadership behaviors each strategy requires.Strategy 1: Shrink what needs protecting. Every...
See More →
Speakers
avatar for Lenny Zeltser

Lenny Zeltser

Faculty Fellow, SANS Institute
Lenny Zeltser is a cybersecurity executive with deep technical roots, product management experience, and a business mindset. He has built security products and programs from early stage to enterprise scale. He is also a Faculty Fellow at SANS Institute and the creator of REMnux, a... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

When the Package Is the Weapon: Detecting and Responding to npm Supply Chain Intrusions
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Your developers trust npm. Attackers figured that out before your detection stack did.This talk is a ground-up forensic reconstruction of two real npm supply chain campaigns — the NX package compromise in late 2025 and the axios RAT campaign in March 2026 — told entirely from the defender's perspective. Not a theoretical exercise. This is what the logs actually looked like, what the tooling...
See More →
Speakers
avatar for Mohit Bansal

Mohit Bansal

Senior Engineering Manager, Security Engineering, Webflow
Mohit Bansal leads a security engineering team spanning SecOps, Vulnerability Management, Enterprise Security, Incident Response and security tooling. He brings 10+ years of security experience across application security engineering and leadership roles at multiple high-scale technology... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

Why Incident Response Plans Fail Under Pressure
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Most incident response plans do not fail because the document is missing. They fail because people do. Under pressure, some teams panic and abandon strategy. Others choke, overanalyze, and freeze. In both cases, the plan may be technically sound, but human performance and cross-functional coordination break down. This session explores why comprehensive IR plans still collapse in real...
See More →
Speakers
avatar for Ron Dilley

Ron Dilley

CISO, Reflex Security
Ron Dilley works at Reflex Security as the Field CISO, focusing on technical evangelism, channel management, and community presence, while pushing the boundaries of what's possible in technology to deliver exceptional value for clients. He is also on the IANS Research Faculty, a speaker... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

Your User, Their Rules: Rethinking the OS trust model for the AI-era
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Operating systems solved multi-user security decades ago: files have owners, permissions enforce boundaries, and one user's processes cannot tamper with another's data. But modern developer workstations are effectively single-user machines — and every process running as that user inherits the same trust. For years, this was a footnote. Today, it is the attack surface.The explosion of AI-powered...
See More →
Speakers
avatar for Ofir Balassiano

Ofir Balassiano

Co-Founder, Bloom Security
Ofir is an experienced security researcher turned co-founder at Bloom Security. Led the Cortex Cloud Posture Security research group at Palo Alto Networks, focusing on AI, identity, and data security. Previously led the research group at Dig Security (acquired by PANW), served as... Read More →
avatar for Golan Myers

Golan Myers

Security Researcher, Bloom Security
Golan is a security researcher at Bloom Security, with previous experience as a researcher within the Cortex Cloud Posture Security research group at Palo Alto Networks, focusing on AI, identity, and data security.
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

11:00am CDT

How We've Gone Completely Phishing-resistant (And So Can You!)
Saturday September 12, 2026 11:00am - 12:00pm CDT
Swissôtel Chicago
Phishing-resistant authentication is shifting from optional to mandatory. Not only are attackers using phishing as the primary mechanism to evade traditional forms of MFA, but they are also evolving their attacks to find ways around implementations where phishing-resistant auth is only preferred and not enforced. The road to deploying passkeys, Windows Hello for Business and Mac Platform SSO looks...
See More →
Speakers
avatar for Eric Woodruff

Eric Woodruff

Chief Identity Architect, Semperis
Throughout his 26-year career in the IT field, Eric has sought out and held a diverse range of roles. Currently the Chief Identity Architect for Semperis; Eric previously was a member of the Security Research and Product teams. Prior to Semperis, Eric worked as a Security and Identity... Read More →
Saturday September 12, 2026 11:00am - 12:00pm CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk
 
Blue Team Con 2026
From $0.00

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning Software Privacy Terms
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Thursday, September 10
Saturday, September 12
Microsoft Technology Center (Aon Center)
Swissôtel Chicago
  • Talk
  • Training
  • Company
  • Abstract
  • Acalvio
  • Amazon
  • Beazley Security
  • Black Hills Information Security
  • Bloom security
  • Broadcom
  • C Spire
  • Campbell Clinic
  • Coalfire
  • CQURE
  • Critical Path Security
  • Data Defenders
  • Dataminr
  • Daylight Security
  • DHS/CISA
  • EXOS
  • First National Bank of Omaha (FNBO)
  • Flare
  • Fortune 150 Food & Bev Manufacturer
  • GetReal Security
  • Horizon Secured
  • Invisible Technologies
  • LevelBlue
  • Liberty Mutual Insurance
  • Nationwide
  • Netwrix
  • Notion
  • Pixee AI
  • Push Security
  • Rapid7
  • Reflex Security
  • Reversec
  • Revology
  • SCYTHE
  • Semperis
  • Spacewalk.ai
  • SpecterOps
  • StoneX
  • TrustedSec
  • Webflow
  • WiCyS Wisconsin
  • Zelis Healthcare
  • Audience
  • Advanced
  • Beginner
  • Early Career
  • Intermediate
  • Subject
  • Application Security / DevSecOps
  • Career Matters
  • Governance / Risk / Compliance
  • Management / Leadership
  • Physical Security
  • Resilience
  • Security Operations / Tools
  • Threat Hunting and Red Teaming
  • Threat Intel and DFIR
  • Vulnerability Management