Keynote Speaker
Presentations
A Standard For Investigative Playbooks
The Human Centered Investigation Playbook (HCIP) standard is a YAML-based syntax for writing investigation playbooks that correspond to a particular alert, artifact, or attack. The goal is to have an investigation methodology that both guides the analyst and also integrates into defensive tooling to make necessary data easily available during the investigation.
In this presentation I will discuss the standard, explore its purpose and use cases, and demonstrate its functionality in a free and open monitoring platform.
Matthew Gracie 
Matthew Gracie is a defensive security specialist with fifteen years of Blue Team experience in higher education, manufacturing, financial services, and healthcare. He is currently a Senior Engineer at Security Onion Solutions, as well as the interim director of the Cybersecurity graduate program at Canisius University. Matt is also the lead organizer of Infosec 716, a monthly meetup for security enthusiasts in Western New York, and the BSides Buffalo technology conference. He enjoys good beer, mountain bikes, open source security tools, and college hockey, and can be found on Bluesky as @InfosecGoon.
Breaking the Lethal Trifecta: Architectural Prompt Injection Defenses
Prompt injection remains the elephant in the AI Security room—there’s no deterministic defense, yet the urgency driving AI adoption means many teams feel forced to either accept the risk or hobble their agents with overly restrictive policies. But there’s a third path: containment. In this talk, I’ll walk through the architectural guardrails Stripe adopted to protect our agent platform, showing how you can give agents powerful tools while ensuring minimal damage if prompt injection occurs. I’ll cover strategies for preventing data exfiltration through controlled egress, share UI patterns for human confirmation flows to balance oversight with usability, and demonstrate how to enforce these guardrails at CI-time using tool annotations.
Andrew Bullen
Andrew Bullen leads the AI Security team at Stripe, where he designs infrastructural primitives that secure the company’s internal and customer-facing AI platforms. A ten-year veteran of Stripe, Andrew previously led the Data Platform and Privacy Engineering teams. He approaches security as a leadership challenge just as much as a technical one. His work sits at the intersection of engineering leadership, security, AI/ML, and usability. In addition to his technical work, Andrew is an engineering leadership coach and can be found online at andrewbullen.co.
CloudShell Hide-n-Seek: from CTF to persistent pwning
We discuss CloudShell persistence of compute, data, and access, based on building a Cloud Village CTF at DC33. We’ll look at overcoming console/non-API/API barriers, automation of a non-API service, IAM obfuscation, logging/monitoring, user lock out, overcoming file/container resets, and backdoors.
Jenko Hwong 
Jenko Hwong is a Principal Security Researcher at Huntress Labs, focusing on identity-based attacks and abuse. Prior to Huntress, he spent 6 years at Netskope Threat Labs, and has over 20 years in engineering and product roles at various security startups in vulnerability scanning, AV/AS, pen-testing/exploits, L3/4 appliances, threat intel, and windows security.
Cybersecurity Considerations for Brain-Computer Interfaces
Brain-computer interfaces (BCIs) show enormous potential for advances in personalized medicine. Despite clear therapeutic benefits, BCIs offer a direct pathway to the brain, introducing new avenues for cyber-attacks or security compromises. In forthcoming original research with the Digital Ethics Center at Yale University, we make three core policy recommendations to device manufacturers and regulators to better secure these devices and protect patient safety. Regulators should mandate non-surgical device update methods, strong authentication and authorization schemes for BCI software modifications, and minimize network connectivity where possible. Failure to implement these policies puts BCI users at unwarranted risk for personal health and genetic information compromise, unwanted movement, and other general cyber-attack. We design a hypothetical, average-case threat model and find that physical access and threats are unlikely and identify other threats via network paths to BCIs.
Tyler Schroder
R. Tyler Schroder is an Industry Fellow at Yale University’s Digital Ethics Center. By day, he is a Director on Morgan Stanley’s Cybersecurity Incident Response Team. Before joining Morgan Stanley, Schroder was a cybersecurity engineer at MITRE, Microsoft, and CrowdStrike. Schroder began his cybersecurity career as a data security intern in 2018 at MITRE, where he enhanced open-source security tools and developed enterprise network simulation capabilities.
Schroder’s research experience at Yale involved projects on cyber risks of brain-computer interfaces, AI limitations in tactical mission planning, and misinformation dynamics in online communities. His work has been published in peer-reviewed journals and presented at national cybersecurity conferences.
Schroder holds both a master’s and bachelor’s degree in computer science from Yale University, where he received several academic and leadership awards. He is certified as a CompTIA Security Xpert, CrowdStrike Certified Falcon Responder, and ISC2 Certified in Cyber Security. Outside of his professional work, Schroder is active in amateur radio, public speaking, and is an Eagle Scout.
Finding Badness with the Threat Detection and Response Lifecycle
Most security teams are stuck in reactive mode: alerts fire, analysts scramble, incidents get closed, rinse and repeat. But what if there was a way to think about detection and response as a continuous cycle that actually gets better over time?
The TDR Lifecycle is a five-stage model I developed and refined over years of building and leading threat detection and response teams. It maps everything a detection and response program needs to consider: from tool management and use case development all the way through automation and feeding controls back through the business.
This isn’t a vendor pitch or theoretical framework, it’s a practical model you can take and adapt for your own organization. Whether you’re building a program from scratch or trying to mature an existing one, this talk will give you a mental map for identifying gaps and prioritizing where to focus your efforts.
Shawn Thomas
Shawn Thomas is the Director of Threat Detection and Response at ZoomInfo, where he spends his days building the systems and teams that find badness before it becomes a headline. With nearly 20 years of experience in security, he’s done stints across incident response, detection engineering, and security operations, basically anywhere there are fires to fight and chaos to wrangle.
In a past life he was a regular on the conference circuit and hosted some infosec podcasts, but these days he’s a recovering extrovert who prefers the company of birds to people. When he’s not hunting threats, he’s in the woods with a camera, hoping a pileated woodpecker holds still for once.
Finding Ghost Jobs and Ghost Companies using OSINT
Ghost jobs run amok. This presentation will go into a series of methods that can be used to research companies looking for qualified applicants to make sure you aren’t sharing your professional information with no hope for success. Included in this short talk will be a case study where one specific company was seemingly hiring, but basic research revealed a mystery. It was a company with no customers, no reputation, but was offering roles at ludicrous salaries, all hidden behind shell companies, fake offices, and fake identities. This talk will discuss tips on how to spot companies like this and the lengths it can take to reveal the truth just by knowing where to look.
Patrick Wheltle
Hello! I am a cyber threat analyst who has been working in cybersecurity since 2016. While I do cyber analysis for a living, I picked up fun OSINT and data analysis projects as a hobby.
Going AFK – A Discussion on Standing Up and Standing Out
Going AFK (away from keyboard) means a lot of things. For an infosec worker, hacker, technologist–whatever your flavour–exercising their First Amendment rights these days, it means serious preparation and answering hard questions. It means finding the safest and most survivable course of action for yourself and your group. Security-minded planning for events demands site surveys, proper clothing and tools, digital privacy, escape and evasion, and checklists for all of it. Let’s cover some of these essentials and give ourselves a head start.
Grey Fox
Grey Fox is a Security Engineer and Vulnerability Rustler working on global ICS products. As a U.S. military veteran with 20 years experience, he cut his teeth in digital network intelligence, cyberspace warfare, and ground combat tactics. Grey Fox lugs baggage from numerous deployments ranging from offensive cyber operations planning and execution to military information support operations. He currently teaches Digital OPSEC, Expedient Software-defined Radio, and Tactical Emergency Combat Care to both civilian and military groups. Grey Fox has been tolerated speaking at Def Con, various B-Sides, and other cons in addition to chairing panels on consumer data privacy for Federal research and accountability. When not seeking some free time, Grey Fox is threat modeling your AI applications and cos-playing as a Human Resistance fighter against Skynet.
Illuminating Shadow AI: An Open-Source Tool for CustomGPT Risk Assessment
How comfortable are you knowing your company is using custom LLMs, like CustomGPT, with zero visibility into the sensitive data flowing through them?
Organizations are racing to adopt AI, creating new blind spots faster than they can secure them. The reality is hundreds of shadow AI instances where employees inadvertently expose company IP and PII daily.
This session introduces GCI (CustomGPT Compliance Insights), a new open-source tool built to solve this exact visibility gap. We will jump directly into the research behind the tool, dissecting the attack surface of administrative APIs and the specific regex patterns we developed to hunt for dangerous custom actions. We will demonstrate how the tool identifies high-risk exposures, from hardcoded credentials to sensitive PII.
You will leave with the source code in hand and a practical method to run your own audits and minimize these risks immediately.
Sharon Shama
Sharon has a strong background in defensive research, especially around emerging AI technologies and GCP environments. Off the clock, she channels that same curiosity into cooking, taking on kitchen challenges like beef Wellington and lemon pie.
It’s Not the CPU’s Fault: Adventures in GPU and Firmware Forensics
Traditional SIEM platforms excel at detecting network intrusions and OS-level threats, but they’re fundamentally blind to attacks living in GPUs, BMCs, and out-of-band management planes. As AI/ML workloads scale, attackers increasingly exploit this hardware-layer blind spot to steal models, achieve persistent access via firmware implants, and maintain presence even after incident response.
This talk exposes what your SIEM is missing and provides a practical roadmap to close the gap. We’ll cover GPU telemetry (DCGM), BMC logs (IPMI/Redfish), and out-of-band monitoring, why they matter for security, the challenges of integration (protocol chaos, network isolation, data volume), and a three-layer reference architecture (Collection → Normalization → Correlation) you can implement today.
Hardware-layer persistence is real. Your SIEM doesn’t see it. Learn what you’re missing.
Derek Chamorro
Derek is the Head of Security at Together.ai and the former Head of Infrastructure Security at Cloudflare. He has over 20 years of experience in designing security frameworks at scale. His main focus is on research and development within the fields of encryption and infrastructure security.
He earned a masters in cybersecurity from Purdue University and now owns more than 40 global patents related to cryptography, key management, and distributed ledger technology.
Just a TIP: DIY Your First Threat Intelligence Platform
N/a (same as before ❤️)
Stryker
N/a
Modernize context clues by vectorizing and visualizing CyberOps data and Threat Intel using Qdrant Vector Database
Modern cyber operations generate massive, high‑dimensional data, alerts, asset inventories, scan results, DNS, and
TLS telemetry, threat intel feeds, and more. Most teams still force this data into legacy, row‑and‑column patterns that
were never designed for AI‑driven analysis. This practical approach to modernize, vectorize, and
visualize CyberOps data using the Qdrant vector database as the core of a next‑generation threat
intelligence and recon platform.
This “how to” walk-through to transform heterogeneous CyberOps data (from tools like Nmap, Amass, sslscan, passive DNS,
and OSINT sources, with ongoing development in converters) into embeddings that capture semantic relationships between assets,
indicators, behaviors, and attack paths, instead of just static fields. Once vectorized, Qdrant enables fast similarity
search, context‑aware (e.g., “find similarity with assets with vulnerabilities”), and automated clustering for
campaign or infrastructure grouping. On top of that, we will show how to leverage Qdrant’s filtering and metadata
capabilities to combine classic threat hunting in pivoting through various collections and search workflows.
Kevin Figueroa
With over two decades in cybersecurity, I’ve built deep, hands-on expertise in enterprise security across the full stack. My background spans network, web application, API, and mobile penetration testing, comprehensive vulnerability assessments, advanced intrusion detection, and hardening of both systems and network infrastructure. I’m driven by ongoing research into emerging threats and by practical experimentation with AI to augment defensive and offensive security workflows. My goal is to combine technical depth with a strong analytical mindset to strengthen organizational security posture against next‑generation attacks and to help design resilient, future‑ready security architectures.
Modernize, Vectorize, and Visualize CyberOps Data, Threat Intel with Qdrant
Modern cyber operations generate massive, high‑dimensional data, alerts, asset inventories, scan results, DNS and TLS telemetry, threat intel feeds, and more;yet most teams still force this data into legacy, row‑and‑column patterns that were never designed for AI‑driven analysis. This is my practical approach to modernize, vectorize, and visualize your cyber operations data using Vector Databases (VectorDBs) as the core of a next‑generation threat intelligence and recon platform.
How to transform heterogeneous cyber data (from tools such as Nmap, Amass, sslscan, passive DNS, and OSINT sources) into embeddings that capture semantic relationships—between assets, indicators, behaviors, and attack paths—instead of just static fields. Once vectorized, Qdrant enables fast similarity search, context‑aware pivoting (e.g., “find assets that behave like this compromised host”), and automated clustering for campaign or infrastructure grouping. On top of that, we will show how to leverage Qdrant’s filtering and metadata capabilities to combine classic threat hunting (by IP, ASN, tags, exposure) with vector search workflows.
Dickson Kwong
Dickson Kwong is a Senior Information Security professional with over a decade of experience in red teaming and blue teaming. Work experience spans from financial institutions, US government agencies, and technology startups.
New Windows Persistence Techniques in Metasploit
Metasploit has had persistence for a long time, however it’s always been lackluster. In July 2025 a complete overhaul of the persistence system began, introducing standardization across all platforms. Since then many new additional techniques have been created, especially on Windows platforms. This talk will discuss the new standardizations and how they effect users, look at the new techniques which have been added, and show how they can be utilized with live demonstrations.
Are you a blue teamer? Comes see what the other side is doing and know what to look for in your logs to find these techniques.
h00die
h00die is currently employed with nDepth Security as a senior penetration tester. Previously he helped start Exploit-DB as one of the original staff moderators for submissions and quality control experts. He is currently one of the few non-Rapid7 employees entrusted with commiter rights for the Metasploit framework, volunteering to create new module, peer review submissions, and keep the framework awesome over the last 10 years.
Joel
Husband | Father | U.S. Marine Corps Retired | nDepth Security | Alumnus of Capital Technology University & University of Maryland Global Campus
Securing AI Workloads in Kubernetes: Lessons from Scaling Startups
Startups ship fast, often faster than their security practices can keep up. As someone who’s built and secured platforms at growth-stage companies, I’ve watched teams accumulate risk while chasing product-market fit. Then they add AI workloads, and the attack surface explodes.
This talk bridges two worlds: the pragmatic security challenges of scaling startups and the technical reality of securing AI workloads in Kubernetes.
We’ll cover common failure modes: identity sprawl, over permissioned service accounts, implicit trust between services and how security practitioners can enable velocity instead of blocking it.
Then we’ll dive into service mesh patterns for AI workloads:
– Identity-first security with mTLS and SPIFFE
– East-west traffic controls and fine-grained authorization
– Model access isolation and prompt protection
– Observability for detecting AI service abuse
All examples come from production Kubernetes environments. Attendees will leave with patterns they can implement
Chris Maenner
Chris is Head of Security at Ybor Technologies, where he focuses on securing Kubernetes platforms, AI workloads, and cloud-native infrastructure. He has been working in security engineering since 2006, spanning roles from early-stage startups to enterprise platform teams.
Chris serves as a board member of BSidesPhilly and is a frequent speaker at security conferences, including multiple BSides events, Boardwalk Bytes, and corporate conferences. He’s passionate about helping fast-moving teams build secure systems without sacrificing velocity.
Outside of security, Chris builds music applications and spends his free time visiting music venues around the world.
Tap In: Disability->Superpower
In cybersecurity, engineering, and high-performance technical communities, most of us quietly check at least one box: ADHD, neurodivergence, chronic pain, injury, trauma, anxiety, or another non-standard operating condition.In Tap In, Kirsten reframes disability and difference not as deficits to overcome, but as inputs ie signals that shape how we think, adapt, and build systems. Drawing from lived experience, leadership under pressure, and the CLIMB™ framework, this talk explores how people unconsciously create compensating mechanisms to survive and how those same mechanisms can be intentionally refined into superpowers.This talk gives attendees permission to check the box proudly, inventory their constraints honestly, and tap into the systems they’ve already built, turning friction into leverage and difference into advantage.
Kirsten Renner
Kirsten is a talent strategist, author, and long-time cybersecurity community leader. She currently serves as Vice President of Talent at SilverEdge Government Solutions and is the creator of the CLIMB™ framework, a practical system for navigating growth, disruption, and reinvention.With over two decades of experience building and scaling teams through high-growth environments, acquisitions, and mission-critical work, Kirsten has led talent and transformation efforts across national security, technology, and cybersecurity organizations. She is deeply embedded in the security community, serving in leadership roles for multiple conferences and villages, and is a frequent speaker on careers, systems thinking, and human performance.Kirsten is the author of CLIMB: The Framework to Overcome and Succeed and is known for translating lived experience into actionable systems that help people perform at their best, especially when the path is non-linear.
The Case for MicroVMs: Container-like agility with the security of VMs
Containers and virtual machines are both central to modern cloud infrastructure but have fundamentally different security boundaries by design. Virtual machines (VMs) provide better isolation, but can be more cumbersome and less portable. Containers have become the common choice for workloads due to their flexibility and lightweight footprint, but their security properties are often misunderstood or oversimplified. MicroVMs challenge this tradeoff by providing container-like minimal environments with VM-grade isolation.
In this talk, we’ll start with a security-focused comparison of containers and traditional VMs, and then we’ll dive into microVMs and how their design allows them to reduce overhead while preserving hardware-backed isolation.
Attendees will leave with a better understanding of the tradeoffs between containers and virtual machines and how that knowledge can impact infrastructure design choices.
Kaitlin Seng
Kaitlin has over a decade of experience as a software engineer developing cybersecurity tools with a background spanning applied research, open-source contributions, and startup innovation. Kaitlin is currently with [Ginger Cybersecurity](https://www.gingercybersecurity.com/), securing Rust & Go applications on AWS.
The Chronicles of NERD-ia: Making a Smart Home That Works Most of the Time
Every cybersecurity pro dreams of the perfect smart home with automated lights, sensors everywhere, dashboards that rival NASA, and a doorbell cam that can predict your partner’s mood. In reality? It gets messy. Automations fire at 3AM, an ESP32 dies whenever someone microwaves popcorn, and suddenly your house is generating more alerts than a misconfigured SIEM.
In this session, Erich Kron shares the wins, fails, and “why is it doing THAT?” moments from building a smart home with Home Assistant, ESPHome, LEDs, and DIY sensors from the depths of the internet. You’ll learn how to design a secure, reliable setup without creating Skynet Lite, the difference between automation and over-automation, which DIY sensors are actually useful (including for chickens), and why segmentation, encryption, and patching matter.
You’ll leave with templates, real-world tips, and enough cautionary tales to keep your home from becoming an IoT haunted house, while building one that works… most of the time.
Erich Kron
Erich Kron, Security Awareness Advocate at KnowBe4, author, and regular contributor to cybersecurity industry publications, is a veteran information security professional with over 25 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the US Army’s 2nd Regional Cyber Center and holds CISSP, CISSP-ISSAP, SACP and many other certifications. Erich has worked with information security professionals around the world to provide tools, training and educational opportunities to succeed in Information Security.
The Heart Wants What It Wants: Convenience and Moral Drift in Cybercrime
This presentation by a former FBI profiler and a Russian former cybercriminal felon challenge some of the beliefs and attitudes you might have about how ransomware gangs find people willing to help their businesses, and how the motivations of everyday people are closer to cybercriminals than we might imagine. We examine Qilin ransomware gang as an established ransomware enterprise that consistently offers support to its gang affiliates, such as an on-call “legal department” for negotiations. While some observers have characterized this support as marketing ploys, the use of legitimate service industries is largely unknown. This presentation also contributes to crime convenience theory in cybercriminal and criminology contexts, suggesting that this framework for explaining why people not involved in crime become willing to support crime, might also reveal similar pathways in motivation between cybercriminals and people not involved in crime.
Tim Pappa
Tim Pappa is an Incident Response Engineer – Cyber Deception Strategy, Content Development, and Marketing, Cyber Deception Operations, Walmart Global Tech. Before Walmart Global Tech, Tim was a Supervisory Special Agent and profiler with the Federal Bureau of Investigation’s (FBI) Behavioral Analysis Unit (BAU), where he specialized in cyber deception and online influence. Tim has presented and published at various academic and industry conferences, including Black Hat Asia, NDSS, IEEE S&P, CYBERWARCON, and the Honeynet Project. Tim has also held various strategy and policy Fellow roles at the Center for Strategic and International Studies (CSIS) and the Aspen Institute. Tim’s current research interests include attitudes toward cybercriminal felons, HoneyContent, and cyber deception design thinking. Singapore-based publisher World Scientific published his first book, “Influencing the Influencers: Applying Whaley’s Communication and Deception Frameworks to Terrorism and Insurgent Narratives” in summer 2025. He is currently writing No Starch Press’s first book on cyber deception.
The Misinformation Misadventures of Cicada 3301
Cicada 3301 stands as a powerful icon in the digital age, and one which has also served as a potent attack surface for threat actors and novel misinformation strategies for over a decade. This talk aims to educate the public on the threat of ARG-attack surfaces through the lens of community experience, identifying the vulnerabilities, attack strategies employed, and offensive defense needed to curtail large scale misinformation in info-rich environments. Along the way we will quash conspiracies, liquify reality, and gain a niche perspective into the power of ARGS.
TheClockworkBird
I am TheClockworkBird, and I have been a part of the Cicadasolvers community for nearly 6 years. I like to think of myself as a kind of tour guide for the digital interactive museum that is Solvers, and with day job as a Maryland educator, this role of digital docent suits me well.
With a background in anthropology, my solving expertise lies in the realms of art, literature, and the sociological aspects of the puzzle. I work as a community organizer for Cicadasolvers, putting together solving sessions, curating collaboration between solvers, and guiding newcomers through the vast materials pertaining to the puzzle. Over the last three years my work has come to include the tracking and tamping of misinformation as it relates to cicada, utilizing lessons learned from teaching in order to navigate the info-rich domain of 3301 and their puzzles.
In the end, bringing curious cryptanalysis fiends and all in betweens together is what I like to do!
Too Many Security Tools? ASH Has Entered the Chat
Security vulnerabilities are expensive to fix in production but cheap to catch early. ASH (Automated Security Helper) is a free, open-source security orchestration engine that integrates multiple scanning tools—SAST, SCA, IaC, and secrets detection—into a single, unified workflow. In this session, you’ll discover how ASH leverages lightweight tools like Bandit, Semgrep, Checkov, and Grype, presenting them as a single unified solution, to identify security issues across Python, JavaScript, Terraform, CloudFormation, and more. We’ll explore two of ASH’s execution modes (local, container), its new Python-based architecture with UV package management, and how to use it to scan files, directories, or entire projects. Whether you’re a developer, DevOps engineer, or security professional, you’ll leave with practical knowledge to implement automated security scanning in your projects today.
Pujita Sahni
Pujita Sahni is a Delivery Consultant specializing in cloud security, risk, and compliance at AWS. In her role, she is responsible for architecting IAM governance frameworks and security automation solutions that enable organizations to implement secure cloud migrations and shift security left within enterprise environments.
She brings a broad technical background across identity and access management, vulnerability management, infrastructure-as-code security, and DevSecOps practices, providing a comprehensive view of how security platforms are built, automated, and maintained across enterprise cloud environments.
Jerry Jones IV
Jerry Jones IV is an Associate Delivery Consultant – Security at Amazon Web Services, where he specializes in helping customers architect and implement secure, compliant cloud solutions. With extensive experience spanning federal cybersecurity, cloud security architecture, and AI/ML implementations, Jerry brings a unique perspective on building resilient systems that meet rigorous regulatory requirements.
Prior to joining AWS, Jerry served as an Information System Security Officer at the U.S. Department of Education, where he led complex Authorization to Operate (ATO) efforts for mission-critical systems, successfully navigating the transition from NIST 800-53 rev4 to rev5 and managing cybersecurity operations for systems with budgets exceeding $5 million. His federal service also includes roles at the Federal Deposit Insurance Corporation, where he administered the agency’s Cyber Security Assessment and Management (CSAM) tool and guided authorization efforts across 19 diverse divisions, and the U.S. Department of Agriculture, where he contributed to cloud migration strategies and high-value asset protection.
Jerry’s technical expertise spans cloud architecture, security automation, and AI/ML integration. He has designed and deployed enterprise-grade solutions including centralized backup and logging strategies for AWS Organizations, multi-account governance frameworks using AWS Control Tower, and automated security baselines that ensure consistent compliance across distributed environments. His work emphasizes infrastructure as code, DevOps best practices, and the application of defense-in-depth security principles.
An advocate for continuous learning and knowledge sharing, Jerry holds multiple AWS certifications including Solutions Architect Associate, AWS Certified Associate Speaker, and AWS Machine Learning Engineer – Associate, along with his Certified Information Systems Security Professional (CISSP) and Security+ credentials. He earned his Master of Science in Cybersecurity from George Washington University as a National Science Foundation CyberCorps Scholarship for Service recipient and was a co-author of research published to IEEE 2018 on blockchain applications for space object tracking.
Jerry is passionate about bridging the gap between security requirements and business objectives, helping organizations leverage cloud technologies while maintaining robust security postures. He brings practical, hands-on experience in regulated industries and a commitment to making complex security concepts accessible to diverse audiences.
When AI Writes Code: Integrating SAST Rulepacks into AI Coding Agents
AI coding platforms such as Cursor, Codex, and etc took off rapidly in 2025. AI coding agents are reshaping not only the modern application development workflow, but also anyone’s ability to create things that were previously only an idealization.
As Andrej Karpathy famously said, “The hottest new programming language is English.” but it does not automatically change how securely that software is produced. As AI-generated code moves directly into production, security is an external concern, deferred to incapable human review with overwhelming lines of codes to go through. A critical question emerges: when anyone can generate code, who is responsible for securing it?
In this talk, we break down an AI coding platform architecture to examine what security capabilities exist today, what is missing, and why current approaches fall short. We then outline what must change to effectively integrate static application security testing (SAST) rulepacks into AI coding agents.
Angus Chen
Angus Chen is a globally recognized AI–cybersecurity leader, international keynote speaker, and trusted community builder with 20+ years advancing deep-tech and AI/ML solutions across the public, private, nonprofit, and startup sectors. His experience spans the Federal Reserve Board, FINRA, MITRE and Binary Defense. As the founder/researcher of Qerberos, he drive research & innovation at the intersection of AI and cybersecurity to detect malicious payloads and prevent cyberattacks. His QR code phishing-detection platform idea, QR-Trust, originated at a Sundai hackathon at Harvard Kennedy School and matured into a product. A DEF CON Goon and board chairperson, Angus champions community engagement and broad-based diversity while fostering a culture of trust; his thought leadership has been featured at RSA Conference, ISC² Security Congress, and InfoSec Taiwan. He has contributed to the OWASP Multi-Agentic System Threat Modeling Guide v1.0 and the OWASP AI Vulnerability Scoring System (AIVSS). Angus holds a Global Executive MBA from IESE Business School (North America Alumni Board member) and an M.S. in Applied & Computational Mathematics from Johns Hopkins University (Inter-Asian Alumni Alliance board), serves as class president in NYU Stern’s C-Suite Pathway executive program (Class President), and maintains CISSP, CCSP, and PMP. Beyond work, he’s an avid rock climber and trail runner.
When the IAM admin is the threat: battles with a privileged insider
A real-world insider attack and its implications: a member of the IAM team leveraged their privileges to start disabling user accounts. The implicit trust bypassed multiple security controls; with malicious activity appearing normal. This session is a deep dive into insider threats, why privileged insiders represent one of the hardest challenges in security, and defensive countermeasures.
Suril Desai
Suril is VP Engineering and Security SME at Acalvio Technologies. Suril has deep domain expertise in cybersecurity and Computer Science. Suril has spoken at numerous security conferences and believes in sharing his knowledge and learning from the interactions.
Why Integer Factorization is F****** Hard: a History
Integer factorization (breaking down whole numbers into prime factors) is something computers do constantly, yet it’s surprisingly hard. Have you ever considered why this is the case?
This talk traces integer factorization from Fermat’s 17th-century breakthrough to today’s General Number Field Sieve (GNFS). We’ll demystify how this mathematical monster works without drowning in theory, and we’ll explore notable moments in cryptographic history and the relationship between factorization algorithms and cybersecurity. Although the GNFS is an absurdly complex mathematical topic, this talk will make it accessible to everyone.
Fair warning: there WILL be mathematics in this talk… but there will also be history, hacking, and horseplay. No prior math experience required—just a healthy respect for algorithms and some patience. I promise this will be way cooler than your high school algebra class (and yes, I realize how low that bar might already be).
Jessie Jamieson
Dr. Jessie Jamieson is a research mathematician with almost a decade of experience applying mathematical techniques to cybersecurity and decision making. She received a PhD in mathematics from the University of Nebraska-Lincoln where she was an NSF Graduate Research Fellow specializing in functional analysis and PDE theory applied to the mechanics of structural beams.
Upon graduation, she spent four years at the Johns Hopkins University Applied Physics Laboratory, where she worked across multiple mission areas and sponsor spaces, primarily supporting a number of DoD cyber initiatives. She has experience working with multiple unified combatant commands, OUSD A&S, and service cyber components. Jamieson also worked as a staff research engineer for two years at Tenable, where she was the founding member of the new decision science operations capability. This capability provided time-critical data support to vulnerability analysis efforts by the security response team. Most recently, she was a senior member of staff at the Carnegie Mellon University Software Engineering Institute within the CERT division.
She’s now a mathemagician (you read that right) at Turngate and an AI SME at SilverEdge Government Solutions. When not doing cyber stuff, she’s chilling with her dog, Dax, and her lovely husband, William, or perfecting her dolphin dive as a libero on a number of volleyball teams within the DMV.
Why Vulnerability MTTR Alone Misleads: Add MOVA to Measure Real Risk
Teams celebrate when their Mean Time to Remediate (MTTR) drops until it suddenly spikes after fixing old vulnerabilities. That looks like failure, but it’s actually progress and exposure went down. MTTR measures how quickly work closes, not the health of what remains open. Mean Open Vulnerability Age (MOVA) fills that gap by showing the average age of open vulnerabilities at a given point in time, revealing true backlog risk.
Caleb Kinney
Caleb Kinney is a data driven cybersecurity leader and Manager of Security Operations at Posit. He leads security operations, metrics, and reporting across corporate security, application security, and vulnerability management, and helps shape security strategy for products used by millions of data scientists worldwide. He contributes to HackerTracker, serves on the NumFOCUS Security Committee, and volunteers at DEF CON as a Goon. Caleb builds open source tools and dashboards that turn security data into measurable, defensible practices that help teams move faster with less risk. Find his work at derail.net. Away from the keyboard, he is often logging miles on Maryland back roads and adventuring with his wife and two imaginative daughters.
You Can’t Migrate What You Can’t See: Discovering Real Post-Quantum Crypto
Post-quantum cryptography (PQC) is often discussed as a future problem, but organizations are already exposed today due to long-lived cryptographic assets and the risk of “harvest now, decrypt later.” While many systems claim PQC readiness, few teams can answer a basic question: where is cryptography actually used, and which systems are still vulnerable?
This talk introduces a practical, discovery-first approach to PQC using Asset and Cryptographic Discovery and Inventory (ACDI). We demonstrate an open-source scanner that identifies cryptography across common services such as TLS and SSH, analyzes certificates and key algorithms, and highlights post-quantum-relevant weaknesses caused by legacy protocols or long-lived trust assets. We then show how these findings map to NIST’s PQC standards and enable teams to prioritize migration, adopt hybrid cryptography, and reduce risk incrementally.
Anurag Swarnim Yadav
Anurag Swarnim Yadav is a security researcher currently working on QubitAC, a platform focused on cryptographic discovery, inventory, and post-quantum cryptography (PQC) readiness. He holds a Ph.D. in Computer Science from the University of Florida, where his research centered on machine-learning–driven vulnerability detection and automated program repair.
Trainings
Training courses are available on a first-come, first-served seat assignment only to current BSidesCharm ticket holders.
Malware Analysis Fundamentals: A Hands-On Workshop (Half-day Training)
This hands-on workshop introduces the fundamental techniques analysts use to safely examine malicious Windows executables inside an isolated lab. Participants will learn how to build a dedicated malware analysis environment, follow an efficient and repeatable workflow, perform static inspection of suspicious files, observe real behavior during execution, and begin exploring code for deeper insight. Through guided exercises and live demonstrations, you’ll see how reverse engineering deepens your understanding of adversaries, their goals, and what to look for on a compromised system.
Anuj Soni
Anuj Soni is a Senior Reverse Engineer at the Johns Hopkins University Applied Physics Laboratory (APL) and the founder of The Malware Lab. With over 20 years of experience in malware reverse engineering and threat research, he has worked across government, security vendors, and consulting organizations, analyzing malicious code in support of incident response and threat research.
Anuj is the author of SANS FOR710: Advanced Code Analysis and co-author of FOR610: Malware Analysis Tools and Techniques, and previously served as a Senior Certified Instructor for the SANS Institute.
He also shares practical reverse engineering content on YouTube to help analysts sharpen their technical skills.
When Anuj is away from his keyboard, you’ll find him at the local gym, or with his kids (which is also a workout).