A Grounded Approach to AI and LLM Security

With the emergence of Large Language Models, there has been a rapid acceleration in the development of AI capabilities. This brings with it many questions for security teams on how they should be thinking about AI security. While care should be taken on the development of LLM prompts, it is critical to not lose sight of the fundamentals to establish secure best practices.

Lucas Tamagna-Darr ()

In his role as a Senior Director of Engineering and Research Solutions Architect, Lucas Tamagna-Darr leads the automation and engineering functions of Tenable Research. Luke started out at Tenable developing plugins for Nessus and Nessus Network Monitor. He subsequently went on to lead several different functions within Tenable Research and now leverages his experience to help surface better content and capabilities for customers across Tenable’s products.

 

A Tale of Two Incidents: Responding to Akira Ransomware

Akira, one of the most prolific RaaS groups today, is responsible for millions in ransom payments, and has proven themselves as a formidable opponent. Also tracked as PUNK SPIDER, they specialize in compromising edge devices, encrypting hypervisors, and extorting victims. Join us for an investigation of two PUNK SPIDER intrusions and gain insight into the life of an incident response consultant.

Eno Dynowski

Eno Dynowski is an Incident Response Consultant at CrowdStrike. He has investigated dozens of nation state espionage, ecrime, and insider threat engagements with clients across industry verticals. Previously, Eno was a Professional Services Intern at CrowdStrike, and a Platform Security intern at Tesla. He is a graduate of Loyola University Chicago, and is currently based in Chicago, IL. When he’s not stomping Threat Actors, Eno loves hiking, fine dining, and open world RPGs.

Dylan Watson

Dylan Watson currently works as an Incident Response Consultant at CrowdStrike. Having worked on a large number of active eCrime and APT engagements, Dylan specializes in hypervisor forensics, large-scale event triage, and intelligence coordination. Outside of work, Dylan is pursuing a master’s degree in Security Studies at Georgetown University, and he also coaches high school robotics at a local high school.

 

A Theme of Fear: Hacking the Paradigm

The InfoSec industry was born out of fear. But fear is hard to manage: too much fear breeds paralysis, and too little fear breeds complacency. We will explore this history, consider how it shaped the industry, and how it’s now in the way. Finally, we’ll consider what the new paradigm could be, and most importantly – how to enable a security-minded culture without using fear.

Dr. Catherine J. Ullman ( )

Dr. Catherine J. Ullman is a security researcher, speaker, author, and Principal Technology Architect, Security, at the University at Buffalo with over 25 years of highly technical experience. In her current role, Cathy is a digital forensics and incident response (DFIR) specialist, performing incident management, intrusion detection, investigative services, and personnel case resolution in a dynamic academic environment. She additionally builds security awareness among faculty and staff which educates and informs users about how to prevent and detect social engineering threats, and how to compute and digitally communicate safely. Cathy has presented at numerous information security conferences including DEF CON and Blue Team Con. Cathy is a contributor to the O’Reilly title 97 Things Every Information Professional Should Know and the author of the Wiley title The Active Defender. In her (minimal) spare time, she enjoys visiting her adopted two-toed sloth Flash at the Buffalo Zoo, researching death and the dead, and learning more about hacking things to make the world a more secure place.

 

AI Agents Could Be Running Your SOC To Prevent Cyber Attacks

It is becoming increasingly complex to defend against zero- to low-cost attacks generated by Threat Actors (TA) as they leverage sophisticated Generative AI (Gen AI)-enabled infrastructure. An orchestrated Workflow with a team of AI Agents presents an opportunity to respond better. To avoid burnout and alert fatigue of SOC analysts, a shift in strategy is required by automating routine tasks.

Keyur Rajyaguru

Keyur currently works with Walmart Global Tech as Lead Intrusion Analyst, and has keen interest in the safe use of AI systems. He is a mentor for future workforce on his webpage, www.topmate.io/kpr. Last year, SANS named him as a finalist in Rising Star Category of Difference Maker Awards 2024. He supports the infosec community by volunteering at local conferences, actively contributing to open source bodies (OWASP, Atomic Red Team, CoSAI), and as a panel member of Globee Cybersecurity Awards.

 

Beyond the Breach: Securing Political Parties in the 2024 U.S. Election

In 2021, we presented at BSides Charm on the vulnerabilities plaguing state-level political party domains across the country. This year, we’re back to share the evolution of that work into a non-partisan nationwide election cybersecurity initiative that discovered and shared thousands of vulnerabilities in political campaigns and party offices before the 2024 Election.

Andrew Schoka

Andrew Schoka is a former U.S. Army Cyber Warfare Officer and is currently a graduate student at the University of Virginia. He served in a variety of offensive cyber operations assignments with the Election Security Group at U.S. Cyber Command, and later with U.S. Special Operations Command. Andrew is the co-founder of an election cybersecurity startup and teaches a graduate course on cybersecurity at the University of Virginia School of Engineering. He holds a bachelor’s degree in systems engineering from Virginia Tech, a master’s degree in cybersecurity from Georgia Tech, and a number of industry security certifications.

Veronica Merril

Veronica Merril earned a double major in architectural history and music from the University of Virginia. She is pursuing her JD degree at the same institution, rendering her a “super Hoo.” Through her work with Voterguard, she’s solved the age old question, “how many engineers does it take to write a clear report?” Answer: None— there’s always an editor involved.

 

Beyond Tor and VPN: Protect Your Privacy With Decentralized Mixnet

The internet is filled with prying eyes. While several well-established tools including TOR and VPNs offer certain degrees of privacy, they all have limitations that could leave users vulnerable to advanced attacks. In this talk, I’ll discuss the foundations of a decentralized mixnet, how it performs against Tor and VPN, and how you can use it to protect your privacy.

Alexis Cao ( )

Alexis Cao is a senior at Johns Hopkins University studying computer science. Her research interests include privacy and secure communication. She has volunteered at TraceLabs OSINT search party to find missing persons since 2021, and she has also volunteered at Physical Security Village, Red Team Village, and AppSec Village at DEFCON.

 

Bridging Disciplines: The Role of Coalition Building in Cybersecurity

“I’m so thankful I don’t have to lobby people anymore to get what I want.” Or so it seemed. In transitioning from government relations to cybersecurity, stakeholder management is equally as present – and crucial- in both fields. While public policy focuses on legislative advocacy, the tech sphere involves advocacy for your work, your team, and your voice.

This presentation explores the critical role of soft skills in two seemingly distinct fields: government relations and cybersecurity. While technical expertise and policy acumen are needed for both domains, success often hinges on interpersonal and communication abilities. The session will highlight how skills like active listening, strategic negotiation, and relationship building are indispensable in fostering trust, influencing decisions, and mitigating conflicts.

Using real life examples, such as coalition building for legislative advocacy and stakeholder buy in for mitigating cybersecurity risk, attendees will gain actionable insights into the shared skills required to navigate office politics, virtually or in person. Participants will also practice strategies to enhance their skills, empowering them to become effective leaders in environments that demand listening and stakeholder management skills. This interdisciplinary perspective offers a unique lens on leveraging human-centric skills that drive impact and security services—with a human touch.

Tina Getachew

Tina is a seasoned Business Intelligence Manager with over 14 years of project management experience, specializing in bridging cybersecurity with business operations to drive meaningful business outcomes. With a focus on aligning business-focused security and risks with central security and risk functions, she excels at delivering solutions that balance technical precision and strategic business goals.

 

Building Against a Breach…. Out of a disclosure?

Metadata from incident response and business communications can leak sensitive information, aiding threat actors. External legal and crisis management teams may unintentionally expose data. Explore how to leverage AI/ML analysis of regulatory disclosures such as SEC 8-K filings and past incidents to build pre-incident cross-team partnerships and mitigate future leaks.

Liz Wharton ( )

Liz, founder of Silver Key Strategies, brings 20 years of experience advising researchers and organizations on legal, business, information security, risk, and privacy matters. She has led operations at threat research startups and served as Sr. Assistant City Attorney for Atlanta’s airport, aiding on the City’s ransomware incident IR team. Liz also volunteers as a mentor and serves on startup, non-profit, and educational advisory boards.

 

Career Campaigns: Changing Your Professional ‘Class’ for an InfoSec Role

Hack your way into a new cybersecurity career during this gaming-inspired interactive session, during which we’ll transform your current resume’s “character sheet” into a freshly reskilled or dual-classed hero, ready to take on any cybersecurity hiring process for your next – or first! – infosec campaign.

Stryker ()

Stryker is a threat intelligence analyst at a major insurance company, where she translates technical research and qualitative intelligence into the “so what?” and “what now?” solutions that keep more people safe and secure. Feel free to say hi on LinkedIn or in the Lonely Hackers Club (LHC) Telegram chat, where she once (in)famously ranted about how commercial gun safes are insufficient for secure off-site data storage. Stryker lives in the Baltimore-DC area, growing parsley for swallowtail butterfly caterpillars and algae for neocaridina shrimp.

 

Closing the Visibility Gap: Threat Hunting with Hawk in the Microsoft Cloud

Security teams often face the challenge of navigating complex cloud environments with limited visibility into potential threats. Commercial log aggregation and investigation solutions can be costly, putting a strain on budgets while still leaving gaps in coverage. Hawk bridges this gap by providing a free and open-source solution that automates the collection of essential logs from Microsoft Cloud environments. This talk will demonstrate how Hawk reduces investigation time, flags high-risk behaviors, and enables defenders to hunt for threats across the Microsoft cloud ecosystem.

Jonathan Butler ()

Jonathan Butler is an active-duty Marine with over 20 years of experience in cybersecurity, specializing in cloud security, security automation, and threat hunting. As a core contributor to Hawk, his work enables security teams to streamline investigations and reduce reliance on costly commercial solutions. His background in software development and cybersecurity allows him to build automation-driven security tooling that enhances visibility and detection capabilities in complex cloud environments.

Lorenzo Ireland ()

Lorenzo brings over 27 years of extensive experience in Information Technology, with more than 12 years dedicated specifically to Information Security. His career has been marked by impactful roles, including serving as a Marine stationed at Fort Meade, where he specialized in Defensive Cyberspace Operations (DCO). During his tenure there, spanning over eight years, Lorenzo operated at all key levels—tactical, operational, and strategic—securing Department of Defense (DoD) infrastructure against malicious cyber threat actors.

Currently, Lorenzo serves as a Senior Cloud Solutions Architect specializing in Security at Microsoft. In this role, he collaborates closely with customers as a trusted advisor, providing guidance to help secure their hybrid digital estate. His deep understanding of cloud architectures and cybersecurity principles allows him to craft tailored solutions that address complex security challenges effectively. Lorenzo is particularly passionate about empowering organizations to safely navigate the evolving digital landscape, emphasizing proactive threat mitigation, robust security frameworks (e.g. Zero Trust), and comprehensive risk management strategies.

Paul Navarro ()

Paul Navarro, a Marine Corps veteran and Cybersecurity Chief Architect at Microsoft, is one of Hawk’s core maintainers. He brings firsthand experience in Microsoft Cloud forensics and operationalizing security in cloud environments for customers. He has played a key role in shaping Hawk’s development with a focus on detecting high-risk activities across Microsoft cloud services for cloud customers who need a place to start from. Paul’s passionate about helping anyone who has an interest in security get into the workforce.

 

Cyber Deception in GCP with Generative Traps

Cyber deception is a ruse to mislead or disrupt adversaries by exploiting their cognitive biases. Traps— lures that detect adversary interaction— reinforce the seams in detection surfaces monitored by security operations teams. But deception management and orchestration is painful in practice. Cloud environments provide an opportunity to overcome some of these pitfalls. This talk defines cloud deception stratagems for the Google Cloud Platform. Each stratagem is motivated with the release of an open-source, deception management tool that programmatically generates cloud-native traps tailored to an organization’s target personas, orchestrates engagements with specific stratagems, and sets up observability for detections.

Matt Maisel ( )

Matt Maisel is a cybersecurity builder with over fourteen years in security operations, software engineering, and machine learning. His work spans data science and product development roles in cybersecurity startups. He’s currently the Head of Research at Reach Security.

 

Fight Stealth with Stealth: Detecting post-breach activity in the Cloud

Advanced and evolving cloud attacks (Blizzard) make breach seem inevitable. We describe a deception detection approach using canaries, with a bit of honey and razors, to implement stealthy tripwires to provide low-FP detections for post-breach lateral movement and privilege escalation. To move the security needle, we need to take a fresh look at defensive techniques that utilize red approaches like stealth and are based on the design of the target environments such as: restricted admin roles not used by valid users; honey resources (buckets, files) with detections to flag access; cached honey credentials; detection of enumeration of IAM permissions and resources. When properly applied to defenses, we can improve signal fidelity for detection of post-breach activity.

Jenko Hwong ( )

Jenko Hwong heads threat research at WideField Security, focusing on identity-based attacks and abuse. He’s spent time in engineering and product roles at various security startups in vulnerability scanning, AV/AS, pen-testing/exploits, L3/4 appliances, threat intel, and windows security.

 

How to Build Authentic Sock Puppets with Your Neighbors’ Yard Sale Junk

This industry cyber deception practitioner’s short talk demonstrates how to build authentic online sock puppets using the cheap nostalgic junk we buy at yard sales to project the storyline and cultural depth of your sock puppet for defensive cyber deception.

Tim Pappa

Tim Pappa is an Incident Response Engineer – Cyber Deception Strategy, Content Development, and Marketing, with Walmart Global Tech’s cyber deception team. Before Walmart, Tim was a Supervisory Special Agent and certified profiler with the FBI’s Behavioral Analysis Unit (BAU), specializing in online influence and cyber deception. Tim is also a Senior Behavioral Consultant with Analyst1 and a Strategy and Statecraft Fellow with the Center for Strategic and International Studies.

 

How to plan for your security career advancement

You can’t leave your next move to chance, if you want to advance in the industry there are things you need to do early and others you will need to prepare for. In this session we’ll present the actions you will want to take to not only get the next promotion and pay raise but ensure you are on the right path for your career goals.

Wil Klusovsky

Wil is a cybersecurity executive with over 20 years of experience having worked on “both sides of the table” as a client and consultant. More than half of his career spent in consulting & managed security companies (MSP/MSSP/MDR), and value-added resellers (VARs).
In that time, he’s driven most areas of the business from: pre-sales, GTM, channel, innovation, service delivery, product management, service development, product marketing, and a C-Level strategist. He is a partner & advisor to CISOs & CIOs. He is currently serving in Field CISO roles and advising security firms on their business and GTM strategy.
He hosts a podcast (The Keyboard Samurai) which discusses the business of cybersecurity. Wil holds a Masters in InfoSec Management, a CISSP, CISM, CDPSE as well as executive certifications from Notre Dame & Wharton (U Penn).

 

Inch By Inch: a Case Study in Maintaining & Scaling a Modern XDR Product

Delivering security products to millions of users is a monumental task. From building & deploying to mitigating performance issues & false positives, securing systems requires constant coordination between multiple teams of researchers, engineers, and other stakeholders. This session will highlight lessons learned from our experience as an effective cross-functional team building an XDR product.

Jessica David ()

Jessica David is a Principal Data Engineer on the Security Intelligence Team at Elastic. With a background in software engineering and data warehousing, she brings her expertise to the security researchers & detection engineers around her by building data pipelines & services for processing first- and third-party threat intelligence.

 

JMP Into Malware Analysis

We all know that the daily life of a cybersecurity analyst often requires you to branch out into left field and learn a completely new skill on the fly. Join me as I introduce you to today’s go-to tradecraft for static, dynamic, and code-level malware analysis so that you can begin analyzing artifacts of interest with ease. At the end of the day, any threat actor has a goal to accomplish, and what we call malware is someone else’s tooling. This presentation will walk you through how to characterize samples and identify indicators of compromise.

Katelin Grogan

A junior cybersecurity analyst, graduate of Auburn University, and GIAC certification holder with 3 years of professional experience. When I’m not asking you about your home network or cringing at bad password policies, I’m probably exploring the DMV or sitting on a beach somewhere.

 

Past, Present and Future of Automatic Code Remediation

Recently, the landscape of tools used to change code saw explosive growth. Several open source code mutation frameworks have emerged, allowing expressive code transformations. LLMs have also jumped into the picture, promising power and delivering “cool” – but also towing chaos. We’ll explore the capabilities of these tools all towards answering “are we ready to automatically fix code issues?

Dan D’Avella

Dan is a technical leader and developer currently working at the intersection of application security and generative AI to enable high-quality automated vulnerability remediation.

 

Red Teaming: A New Perspective for Intern Projects

Red teaming is an important consideration when training new software professionals, ultimately creating a generation of adversarial-minded engineers. We will present how this perspective was integrated in the Praxis internship project, enabling us to unveil vulnerabilities, research mitigations, and strengthen the resiliency of AI solutions.

Mia Hagood

Mia graduated from Virginia Tech majoring in computer science in May 2024. She was a summer intern at Praxis Engineering in 2023 and 2024 and worked on projects in data science, machine learning, and reverse engineering. Now, Mia is working as a full time Software Engineer for Praxis.

Kenyan Chambers

Kenyan graduated from Bowie State University majoring in computer science in December 2023. He was an intern at Praxis Engineering and in both 2023 and 2024 and worked on projects in embedded environments, penetration testing, cloud-services, and more. Now Kenyan is working full time as a software engineer for Praxis.

 

Shadow vulnerabilities: using AI to unmask silent patches in open-source

Silent patching—fixing vulnerabilities without disclosure—creates blind spots in supply chain security. Our research used dual Large Language Models (LLMs) to detect over 600 silently patched vulnerabilities in 2024, 67% undisclosed and 25% high/critical. This talk covers the threat landscape, LLM architecture, key findings, and the need for Human-in-the-Loop verification.

Mackenzie Jackson ( )

Mackenzie is a security researcher and advocate with a passion for code security. He is the former CTO and founder of Conpago, where he learned firsthand the importance of building secure applications. Today, Mackenzie works for Aikido security to help developers and DevOps engineers build secure systems. He also shares his knowledge as a contributor to many technology publications like DarkReading, Financial Times, and Security Boulevard along with appearing as an expert in TV documentaries and interviews.

 

SQL injection is a thing of the past… and other lies we tell ourselves

Despite being older than internet explorer injection attacks like SQLi, Command Injection, and XSS remain prominent. Our research found SQLi alone accounts for 6.7% of open-source vulnerabilities and 10% in closed-sourceprojects. This session reveals why these attacks persist and how modern solutions can help.

Mackenzie Jackson

Mackenzie is a security researcher and advocate with a passion for code security. He is the former CTO and founder of Conpago, where he learned firsthand the importance of building secure applications. Today, Mackenzie works for Aikido security to help developers and DevOps engineers build secure systems. He also shares his knowledge as a contributor to many technology publications like DarkReading, Financial Times, and Security Boulevard along with appearing as an expert in TV documentaries and interviews.

 

Starting a SBOM Programme – The Pain Is Probably Temporary

In my 3rd week working for a Fortune 500 company, I was tasked with designing and rolling out a programme to churn out software bills of material for our high inherent risk products. 5 months later, we’re on the right side of the forthcoming supply chain security regulatory and compliance world. It wasn’t easy, but it was sure worth the effort. I even made some friends along the way.

Grey Fox ()

Grey Fox, the callsign assigned to him by a DHS colleague, is a Product Security Engineer for a Fortune 500 critical infrastructure manufacturing and operations company. He recently retired from the U.S. military after 20 years of service as a Digital Network Intelligence Analyst and Special Operations Cyberspace Mission Leader. Having deployed eight times supporting front line combat teams, his experience ranges from offensive cyberspace operations planning and execution to military information support operations. Along the way, Grey Fox acquired multiple creds, including GCTI, GASF, GAWN, and CWNA. When not breaking ICS apps, he instructs Digital OPSEC for the U.S. Departmernt of Defense, as well as software-defined radio foundations and Wi-Fi hacking for several community cybersecurity groups.

 

Supercharge Your Workflow: Using WhiteRabbitNeo for AI-Powered Analysis

Pair hacking with WhiteRabbitNeo, an uncensored, open-source LLM trained on red team data, speeds up your process and reduces the tedium inherent in most security roles. Learn how WhiteRabbitNeo can help you harden your source code and improve configuration security while reducing hours of DevSecOps tasks to minutes.

Bailey Williams ()

Bailey is a cybersecurity and political science student at Old Dominion University and a contributor to the WhiteRabbitNeo open-source project. She is passionate about cybersecurity education and is excited about the growing integration of AI into cybersecurity.

 

Think You’re Stealthy? How to Detect Attacks in AD

As Active Directory attacks rise, red teamers often focus on “pwning” systems, but real-world engagements require understanding the artifacts these tools leave. In “ Think You’re Stealthy? How to Detect Attacks in AD“, we’ll explore the workings of commonly used AD pentest tools and the artifacts they leave behind. Ideal for anyone looking to deepen their knowledge of defense in AD environments.

Rachit Arora (), Sai Sathvik Ruppa ( ), Aakash Raman ()

We’re a team of three—one a University of Maryland alum (Aakash Raman), one a current student studying there (Rachit Arora), and another from Carnegie Mellon University (Sai Sathvik Ruppa) —coming together for our first talk at BSidesCharm.

After attending as volunteers in February 2024, we decided to face our fears and tackle imposter syndrome by sharing what we’ve learned. Two of us have earned OSCP, while one of us naturally gravitates toward blue teaming. Combining our mindset and research

 

Threat Modeling Meets Model Training: Web App Security Skills for AI

New specializations have emerged in this AI-adoring age, but where does that leave security practitioners? Good news: if you know web application security, you can secure AI applications too! This talk explores common web app security concerns that are relevant to any LLM-based app—and the handful of issues unique to AI—guiding the audience through ways to detect and mitigate them.

Breanne Boland ()

Breanne Boland is a product security engineer at Gusto. She’s also done vendor security at Salesforce and spent time in the infra mines. Before that, she had a whole other career in online content, and she may never recover. When she’s not encouraging engineers to do things a little differently than planned, she’s writing speculative fiction novels, taking long walks around New York City, or saying hi to your pet on Zoom. She lives in Brooklyn, and you can find her @toxoplasmosis@mastodon.social

 

Tinker Tailor LLM Spy: Investigate & Respond to Attacks on GenAI Chatbots

It’s coming, and you aren’t ready—your first generative AI chatbot incident. GenAI chatbots, leveraging LLMs, are revolutionizing customer engagement by providing real-time, automated 24/7 chat support. But when your company’s virtual agent starts responding inappropriately to requests and handing out customer PII to anyone that asks nicely, who are they going to call? You.

You’ve seen the cool prompt injection attack demos and may even be vaguely aware of preventions like LLM guardrails; but are you ready to investigate and respond when those preventions inevitably fail? Would you even know where to start? It’s time to connect traditional investigation and response procedures with the exciting new world of GenAI chatbots.

In this talk, you’ll learn how to investigate and respond to the unique threats targeting these systems. You’ll discover new methods for isolating attacks, gathering information, and getting to the root cause of an incident using AI defense tooling and LLM guardrails. You’ll come away from this talk with a playbook for investigating and responding to this new class of GenAI incidents and the preparation steps you’ll need to take before your company’s chatbot responses start going viral—for the wrong reasons.

Allyn Stott

Allyn Stott is a senior staff engineer at Airbnb where he works on the InfoSec Technology Leadership team. He spends most of his time working on enterprise security, threat detection, and incident response. Over the past decade, he has built and led detection and response programs at companies including Delta Dental of California, MZ, and Palantir. Red team tears are his testimonials.

Allyn has previously presented at Black Hat (Europe, Asia, MEA), Kernelcon, The Diana Initiative, Blue Team Con, Swiss Cyber Storm, SecretCon, Texas Cyber Summit, and BSides around the world. He received his Master’s in High Tech Crime Investigation from The George Washington University as part of the Department of Defense Information Assurance Scholarship Program.

In the late evenings, after his toddler ceases all antics for the day, Allyn writes a semi-regular, exclusive security newsletter that you can subscribe to at meoward.co.

 

What’s in the Cloud?

The talk will outline detection and threat hunting strategies that could be easily adopted by a mature SOC to look for threats in their cloud environment. Session will use Jupyter notebook containing detections mapped to the MITRE ATT&CK framework and threat hunting methodologies backed by unsupervised machine learning to hunt for anomalies and visualize them.

Kai Iyer ()

Security Engineer at Amazon’s Enterprise Protection Program and a GIAC Certified Security Professional with extensive experience leading security engineering and applied machine learning teams to deploy production-scale, near-real-time threat hunting models. Passionate about leveraging advanced technologies to solve complex cybersecurity challenges, with a proven track record in areas such as purple teaming and incident response. Actively contributes to the cybersecurity community through conference talks and open-source projects, fostering collaboration and knowledge sharing.

 

When The Fall Is All There Is – How to Lose a Gig Without Losing Your Mind

Jeff Man and Danny Akacki bring decades of experience—and their own battle scars—to explore not just the why behind job loss, but how to navigate its emotional and practical fallout. From the shock of that final paycheck to the long weeks and months that follow, this session will offer real talk, resilience strategies, and a much-needed reminder: when the fall is all there is, how you land matters.

Jeff Man ()

Jeff is a respected Information Security advocate, advisor, hacker, evangelist, mentor, teacher, international keynoter, speaker, former host of Security & Compliance Weekly, co-host on Paul’s Security Weekly, Tribe of Hackers (TOH) contributor, including Red Team, Security Leaders, and Blue Team editions, and a member of the Cabal of the Curmudgeons. Jeff currently serves as a PCI QSA and Trusted Advisor for Online Business Systems, also a Grant Advisory Board Member for the Gula Tech Foundation, Advisory Board Member for the Technology Advancement Center (TAC), and is the Director of Diversity, Equity, and Inclusion for Hak4Kidz NFP. Over 40 years of experience working in all aspects of computer, network, and information security, including cryptography, risk management, vulnerability analysis, compliance assessment, forensic analysis and penetration testing. Certified National Security Agency Cryptanalyst. Designed and fielded the first software-based cryptosystem ever produced by NSA. Inventor of the “whiz” wheel, a cryptologic cipher wheel used by US Special Forces for over a decade currently on display at the National Cryptologic Museum. Honorary lifetime member of the Special Forces Association. Previously held security research, management and product development roles with the National Security Agency, the DoD and private-sector enterprises. Pioneering member of the first penetration testing “red team” at NSA. For the past twenty-eight years has been a pen tester, security architect, consultant, QSA, and PCI SME, providing consulting and advisory services to many of the nation’s best known companies. (https://darknetdiaries.com/episode/83/)

Danny Akacki ( )

Danny’s career has run the gamut of cyber security. From hands-on-keyboard to positions in leadership, he’s been on the outside looking in and the inside looking out. The horrors persist on both sides, but so does he.

Training courses are available on a first-come, first-served seat assignment only to current BSidesCharm ticket holders.

Active Directory Security 101  (Full-day Training)

Active Directory (AD) is OLD in tech years, but this 25-yr-old identity platform is still deployed all over. This course focuses on understanding AD to build foundational defenses against common attacks and misconfigurations. Through guided lectures, instructor demonstrations, and hands-on labs participants will explore key AD security components and best practices for hardening AD environments.

Jim Sykora ( )

Jim Sykora is a security researcher and consultant focused on identity security. Jim started his sysadmin path in 3rd grade & did a bunch of gigs before starting to blend operational experience & rampant curiosity with security knowledge. Loves following rabbit holes.

Darryl G. Baker ()

Darryl G. Baker is a security consultant at Trimarc Security, where he conducts in-depth security assessments against Active Directory and Entra ID. He is also the Principal Instructor for all Trimarc Attack and Defense courses. He has developed multiple tools and scripts,as well as written whitepapers on Active Directory security. When he is not presenting at conferences, he enjoys radio engineering. Find him on the 12m band!

 

Career Campaigns: A Tabletop RPG Workshop for Your Next Infosec Role (Half-day Training)

Join us for a tabletop roleplaying game (RPG) with real-world wins! Participant-players seeking their first role in cyber – or simply transitioning to a new specialization – will transform their current resume’s “character sheet” into a freshly reskilled or dual-classed hero, ready to take on any cybersecurity hiring process for your next infosec campaign.

Stryker ()

Stryker is a threat intelligence analyst at a major insurance company, where she translates technical research and qualitative intelligence into the “so what?” and “what now?” solutions that keep more people safe and secure. Feel free to say hi on LinkedIn or in the Lonely Hackers Club (LHC) Telegram chat, where she once (in)famously ranted about how commercial gun safes are insufficient for secure off-site data storage. Stryker lives in the Baltimore-DC area, growing parsley for swallowtail butterfly caterpillars and algae for neocaridina shrimp.

Wes Sheppard

Wes Sheppard is a Chief Information and Intelligence Officer, most recently at Canadian logistics start-up OrderGrid. Over the course of his (circuitous) career, Wes has been responsible for cyber-business risk, data privacy, cybersecurity law, cloud security, secure generative AI implementations, and infrastructure-level security. He has worked in various industries and around the world, including the United States, China, Japan, and the Netherlands. Wes is a regular contributor to BSides regional conferences, DEF CON, and ISC2.

 

Web Application Penetration Testing (Full-day training)

This Web Application Penetration Testing training covers key security concepts, tools, and techniques. Participants will learn to identify and exploit vulnerabilities like SQL Injection, XSS, and CSRF through hands-on exercises. The session also includes reporting and mitigations offering essential skills for security professionals, developers, and IT admins.

Sheshananda Reddy Kandula ( )

With 15 years of experience in Application Security, focusing on web, mobile, and APIs, I have developed deep expertise in identifying and mitigating vulnerabilities, particularly in alignment with the OWASP Top 10 for both web and mobile security. Throughout my career, I’ve gained hands-on experience addressing real-world security challenges and hold certifications such as OSWE, OSCP, and CISSP, which further validate my skills.