Blue Team Con 2026

10:30am CDT

400 Detections, Zero Alerts: Why your Detection Program is flying blind Swissôtel ChicagoTyler Casey Active Directory Post-Mortem: Assumptions vs Reality Swissôtel ChicagoDavid Horak AI Failures in IR: A Field Guide to Filling the Gaps Swissôtel ChicagoAlex Thomson AI-Assisted IR Without the Lies: A Browser Forensics Case Study Swissôtel ChicagoAaron Hau • Kyle Henson Behaviour-Driven Detection for Software Supply Chain Exploitation Swissôtel ChicagoNiladri Sekhar Hore • Anurag Mathur Beyond the SIEM: Critical Governance and Architecture Decisions for Modern SOCs Swissôtel ChicagoBart Stump, \"Stumper\" • Jeremy Croghan Breaking Identity at Scale: From DPAPI & TBAL Secrets to Full Domain Compromise Swissôtel ChicagoPaula Januszkiewicz Building the Human Firewall: Why Security Awareness Must Precede the Workplace Swissôtel ChicagoNousheen Begum CISA’s Menu for Vulnerability Management Swissôtel ChicagoJustin Murphy • Julia Turkevich Containers Don't Lie. But Your Security Tooling Might Be Missing What They're Saying Swissôtel ChicagoAdvait Patel Defending the Credential Reset Process Swissôtel ChicagoTom Cross Defending the Hypervisor: Using Offensive Tooling to Validate vSphere Security Swissôtel ChicagoDarryl Baker, DFIRDeferred Designing deception in GCP: what’s effective density? Swissôtel ChicagoSuril Desai Detection Engineering for AI Agents: Building Defenses That Work When Your Attacker Can Think Swissôtel ChicagoShashwat Jain email.telemetry.normalized: Detection Engineering Beyond the Inbox in Healthcare Swissôtel ChicagoAkash Parasumanna Sridhar Entra the Dragon: Entra ID Red vs Blue Swissôtel ChicagoSean Metcalf Finding SOCKS with ProxyWatch Swissôtel ChicagoBrian Reitz • John Wotton Fortress in a Box: Enterprise-Grade Kubernetes Security for the Organizations That Can't Afford It Swissôtel ChicagoJosé Lorenzana From Compliance to Covert Ops: Demystifying the Offensive Security Landscape Swissôtel ChicagoSandun Bambarandage From Hours to Minutes With StealerLens: LLM-Accelerated Infostealer IR for Overwhelmed SOCs Swissôtel ChicagoOlivier Bilodeau From Logs to Logic: Building Detections That Don’t Suck Swissôtel ChicagoKyle Barboza Game of Cones: Why Your Crisis Plan Shouldnt Melt Under Pressure Swissôtel ChicagoRichard Suls How to Do Just About Anything (Including Security): Turning Curiosity and Creativity into a Career Swissôtel ChicagoDan Browder It Started with an Employee. It Ended Inside Your AI: The Exposure Chain You Need to Understand Swissôtel ChicagoDerick Johnson It Wasn’t Spoofed: Investigating Authenticated Email Abuse in Real Environments Swissôtel ChicagoKelsey O'Connell, w0mbat Life After Tier 1: Rebuilding the SOC When Triage Is Outsourced Swissôtel ChicagoStuart Fairchild MDR: From Vendor Shortlist to Security Partnership Swissôtel ChicagoAlan Simpson Models and More: using data to inform decision making Swissôtel ChicagoAmanda Draeger Paving the Road for AI-Driven Security Teams Swissôtel ChicagoBritton Hayes • Joakim Pedersen Purple Testing Is Not Enough — Why CTEM Is the Missing Layer Swissôtel ChicagoIrina Dimitrov (Loktionova) Reconstructing Reality: Advanced USN Journal Extraction and Full-Fidelity Correlation with MFT Swissôtel ChicagoPaula Januszkiewicz Same Network, Different Worlds: Bridging the IT Ops and SOC Divide Swissôtel ChicagoSameer Singhal Secrets That Survive Everything: The Shift-Right Runtime Gap Left Unguarded Swissôtel ChicagoHemanth Gorijala Security vs Product: A Professional Identity Crisis Swissôtel ChicagoAmanda Berlin, Infosystir Slaying the Sprawl: A Hero’s Guide to Building (or Re-Forging) a Cloud Security Program Without a 20-Person Guild Swissôtel ChicagoSteve Turner Strength in Diversity: Building an Inclusive Cybersecurity Workforce Swissôtel ChicagoRick Hudson Superposition, not Superstition Swissôtel ChicagoJohnny Xmas Teaching AI to Analyze Malware: How to Encode Practitioner Expertise into an MCP Server Swissôtel ChicagoLenny Zeltser The Contextualization Gap: Why Your SOC Has the Data But Not the Story Swissôtel ChicagoCyrus Walker The Decision Engine: How to Rebuild Security Operations for an AI-Accelerated Threat Environment Swissôtel ChicagoRen Fellows The End is Just the Beginning of Better Security: Enhancing Vulnerability Management with OpenEoX Swissôtel ChicagoJustin Murphy The Malware Is Coming from Inside the Repo Swissôtel ChicagoJustin Borland The Only Way to Win Is by Learning: Deception Design, Read Through a Comedy Game Show Swissôtel ChicagoDylan Shroll The Second Front: Detecting LOTL Off the Endpoint Swissôtel ChicagoMark Orlando Threat Intelligence at the Speed of Cyber Defense Swissôtel ChicagoJoe Slowik Too Big to Review: Scaling AppSec to Zero at Fortune #1 Swissôtel ChicagoAdam Schaal Trusted, But Dangerous: Identity Abuse Through First-Party Apps in Entra Swissôtel ChicagoJon Haas Using Pentest Findings to Improve Detections Swissôtel ChicagoAshley Knowles Vibe Check: Scaling AppSec in an AI-Driven World Swissôtel ChicagoCory Roop Vulnerability Management: The Leadership Playbook Swissôtel ChicagoLenny Zeltser When the Package Is the Weapon: Detecting and Responding to npm Supply Chain Intrusions Swissôtel ChicagoMohit Bansal Why Incident Response Plans Fail Under Pressure Swissôtel ChicagoRon Dilley Your User, Their Rules: Rethinking the OS trust model for the AI-era Swissôtel ChicagoOfir Balassiano • Golan Myers

11:00am CDT

How We've Gone Completely Phishing-resistant (And So Can You!) Swissôtel ChicagoEric Woodruff

Blue Team Con 2026

From $0.00