Loading…
Company: StoneX clear filter
Saturday, September 12
 

10:30am CDT

Behaviour-Driven Detection for Software Supply Chain Exploitation
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Abstract
Modern software development depends on an intricate ecosystem of open‑source libraries, third‑party services, CI/CD workflows, container registries, package repositories, and cloud‑native infrastructure. As organizations accelerate development velocity, their applications increasingly rely on components they neither wrote nor control. This creates a supply chain environment where the weakest external link becomes the attacker’s easiest entry point. While Application Security (AppSec) teams focus on code reviews, SAST/DAST, SCA results, and secure SDLC controls, many of the most dangerous threats originate outside their visibility. These include malicious dependency updates, compromised package maintainers, poisoned CI/CD pipelines, hijacked SDKs, and third‑party API breaches—risks that traditional AppSec tooling isn’t designed to detect.
At the same time, Cyber defence teams track adversary activity, ecosystem‑level manipulation, suspicious code commits, dark‑web chatter, targeted campaigns against popular libraries, and exploitation of software supply chain dependencies. They see indicators and emerging threats far earlier than any automated scanner—but this intelligence rarely makes its way into AppSec decision‑making. As a result, AppSec teams continue to approve dependencies with no CVEs, unaware that the maintainer was compromised; security testing pipelines approve builds even though TI has already flagged one of the upstream components; and organizations ship production code containing malicious logic that no scanner will ever detect because the code behaves "as designed"—just not by your design.
This talk presents a unified model for bridging these gaps—delivering a strategic approach through supply chain defence. Attendees will learn how real‑world supply chain attacks unfold, why they bypass traditional AppSec controls, and how integrating cyber defence changes the defender’s perspective. We break down practical detection methods for ecosystem‑level anomalies, maintainer compromise signals, malicious package patterns, CI/CD infiltration attempts, and signs of upstream component manipulation. Through real attack examples and defensive case studies, we show how organizations can fuse AppSec findings (SCA results, dependency mapping, SBOM data) with cyber defence to build an adaptive, intelligence‑driven supply chain protection strategy.
Key Takeaways
  • Why AppSec alone cannot detect supply chain compromise — and the specific blind spots hidden inside package ecosystems, CI/CD pipelines, and third‑party integrations.
  • A practical integration model where AppSec and Cyber defence team jointly monitor, validate, and block risky dependencies or services before they reach production.
  • Field-tested workflows for real-time supply chain monitoring using SBOM enrichment, threat feeds, dependency risk correlation, and behaviour-based anomaly detection.
  • A blueprint for building an enterprise supply chain defence program that continuously adapts to attacker evolution, ecosystem shifts, and vendor risks.
Why This Talk Is Important
Supply chain attacks are now a preferred strategy for both state-sponsored and financially motivated threat actors. They exploit trust relationships between developers, automation systems, and ecosystem maintainers—areas where AppSec with cyber defence team lacks visibility with limited operational influence. This session provides a practical, actionable roadmap for bringing both teams together to defend the modern software supply chain—before adversaries weaponize it.
Speakers
avatar for Niladri Sekhar Hore

Niladri Sekhar Hore

Lead Engineer - Threat Detection and Automation, StoneX Group
Niladri Sekhar Hore is a Lead Engineer at StoneX Group in Threat Detection and Automation. He builds data-driven detection systems and security automation frameworks across cloud and hybrid environments, focusing on operationalizing  security intelligence into measurable runtime... Read More →
avatar for Anurag Mathur

Anurag Mathur

Staff Engineer - Application Security, StoneX group
Anurag Mathur is a Staff Engineer in Application Security, specializing in secure architecture design, vulnerability research, and threat modelling for modern application ecosystems. He works closely with engineering teams to identify business logic weaknesses, harden authentication and authorizatio... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

10:30am CDT

The Decision Engine: How to Rebuild Security Operations for an AI-Accelerated Threat Environment
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
The queue-based SOC is not a slower version of the future.  It is a structural liability.  


For two decades, security operations has been measured by the wrong things; alert throughput, mean time to detect, SLA adherence.  These metrics are of a queue.  They assume that moving fast enough though enough alerts produces security outcomes.  That assumption has not survived contact with AI-enabled adversaries, exponential telemetry growth, and an accelerating compression of exploitation timelines. 


This talk is about what replaces it. 


The decision engine is not a product, a platform, or vendor pitch.  It is an operating model, a structural redesign of how a security function produces decisions rather than processes alerts.  The mission statement is simple: compress uncertainty faster than adversaries compress time.  Everything else, the detection discipline, the AI architecture, the metrics framework, the cryptographic risk model, is a design decision made against the standard. 


The session covers the three structural shifts that make the legacy model insufficient, the five components of the decision engine operating model, and what the transition looks like in practice, including what fails first, what the hardest organizational resistance looks like, and what early proof points tell you the model is working. 


Specifically attendees will leave with a clear mental model for evaluating their own organizations current posture, a diagnostic framework for identifying where the legacy model is already creating structural risk, and three concrete actions they can take immediately, regardless of budget cycle, platform status, or org structure. 


The talk also addresses the risk that receives the least attention in most security operations conversations: the shrinking half-life of sensitive data.  For organization holding data within multi-year regulatory retention obligations, long lived contractual confidentiality requirements, or enduring intellectual property value, the assumption that exfiltrated data cannot be weaponized for years is eroding.  The question that should be driving triage is not whether a breach occurred, its what the time-to-weaponization of the data involved is.  Most SOCs have no answer to that question.  This talk explains why that gap is a structural risk and what closing it requires.


This is not theoretical framework.  Every element described in this session has been built and validated in a production operational environment, under real constraints, against real adversaries.  The speaker is not standing at the front of the room as a vendor, an analyst, or an academic.  They are standing there as a practitioner who made the transition, knows what it costs, and knows what it produces.
Speakers
avatar for Ren Fellows

Ren Fellows

Manager Cyber Security Operations, REI Co-op
Ren Fellows is the Director of Threat Management at a Fortune 50 financial institution, with over 13 years in security spanning SOC build, large-scale incident response, and zero-day events. Ren's believes the way we've built and lead security operations is due for a fundamental... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk
 
Blue Team Con 2026
From $0.00

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning Software Privacy Terms
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Thursday, September 10
Saturday, September 12
Microsoft Technology Center (Aon Center)
Swissôtel Chicago
  • Talk
  • Training
  • Company
  • Abstract
  • Acalvio
  • Amazon
  • Beazley Security
  • Black Hills Information Security
  • Bloom security
  • Broadcom
  • C Spire
  • Campbell Clinic
  • Coalfire
  • CQURE
  • Critical Path Security
  • Data Defenders
  • Dataminr
  • Daylight Security
  • DHS/CISA
  • EXOS
  • First National Bank of Omaha (FNBO)
  • Flare
  • Fortune 150 Food & Bev Manufacturer
  • GetReal Security
  • Horizon Secured
  • Invisible Technologies
  • LevelBlue
  • Liberty Mutual Insurance
  • Nationwide
  • Netwrix
  • Notion
  • Pixee AI
  • Push Security
  • Rapid7
  • Reflex Security
  • Reversec
  • Revology
  • SCYTHE
  • Semperis
  • Spacewalk.ai
  • SpecterOps
  • StoneX
  • TrustedSec
  • Webflow
  • WiCyS Wisconsin
  • Zelis Healthcare
  • Audience
  • Advanced
  • Beginner
  • Early Career
  • Intermediate
  • Subject
  • Application Security / DevSecOps
  • Career Matters
  • Governance / Risk / Compliance
  • Management / Leadership
  • Physical Security
  • Resilience
  • Security Operations / Tools
  • Threat Hunting and Red Teaming
  • Threat Intel and DFIR
  • Vulnerability Management