Note: We're still finalizing the official schedule, but the following talks have been confirmed! Check back closer to the event for a full list of talks, times, and tracks.
In today’s organizations, the greatest vulnerability isn’t always in the network — it’s in communication. Security and IT professionals routinely identify serious risks that leadership ignores, minimizes, or delays. This talk explores how technical experts can navigate the political landscape of their organizations to turn warnings into action. Drawing from real-world experience in incident response and executive leadership, Jonathan shares practical strategies for building influence, framing messages that leadership actually hears, and surviving the frustrating gap between technical truth and executive decision-making.
Many organizations fail compliance audits not because staff are careless, but because systems are fractured, responsibilities are unclear, and accountability is inconsistent. This session introduces a practical, repeatable governance model to strengthen compliance, reduce organizational risk, and build a culture of documentation, data integrity, and follow-through. Attendees will learn how to assess breakdown points, build aligned workflows, and implement a sustainable structure that supports teams without overwhelming them. This talk is ideal for professionals supporting regulated environments, high-risk systems, or any organization trying to move from reactive compliance to proactive governance.
This talk provides a technical deep dive into a Palo Alto PAN-OS vulnerability chain used to achieve lateral movement and potentially elevated domain privileges from an unauthenticated perspective. After analyzing the technical details of these vulnerabilities, we move beyond theory to examine real-world engagements where this chain was successfully deployed. We will explore the discovery methodology, the granular mechanics of both the exploitation and post-exploitation phases, and the development of a custom tool designed to streamline the attack. The session concludes with practical defensive countermeasures and a live demonstration of the full kill chain, environment and time permitting.
In 1985, a software race condition in a radiation therapy device called the Therac-25 began quietly killing cancer patients by delivering radiation doses up to 100 times the therapeutic level. Six patients were overdosed, and three died. The root cause was nothing exotic: reused code, removed hardware interlocks, a single unreviewed programmer, and a manufacturer so confident in their software that they dismissed every patient complaint for nineteen months.
Almost fourty years later, the healthcare sector is deploying millions of connected medical devices such as insulin pumps, infusion systems, patient monitors (telemetry), diagnostic imaging, connected laboratory equipment and implantables. A surprising amount of which repeat every structural failure that the Therac-25 made famous. Software-only safety controls. Legacy firmware reused without re-testing. Security alert fatigue.
This talk takes attendees inside the Therac-25 Affair with deep technical details of the race conditions, the integer overflows, the missing hardware interlocks, and the regulatory blind spots.
Security teams are drowning in alerts while attackers are rapidly adopting automation and AI to accelerate reconnaissance, exploitation, and lateral movement. The future battlefield is no longer human vs. human — it is autonomous offense vs. autonomous defense.
This session explores the emergence of agentic AI security platforms capable of independently observing environments, making decisions, executing actions, and continuously adapting in real time. Attendees will see how offensive agents can autonomously discover assets, chain attack paths, validate exploitability, and pressure-test security controls — while defensive agents simultaneously detect behavioral anomalies, initiate containment, and execute incident response without waiting for human approval.
Rather than theoretical AI discussions, this talk focuses on operational architecture and real-world design patterns, including:
Attendees will leave with a clear blueprint for transitioning from reactive SOC models to self-driving security operations, along with a practical understanding of the risks, governance requirements, and strategic advantages of agentic AI.
If you believe attackers will automate faster than defenders — this session will show you how to reverse that equation.
“Everyone has a plan until they get punched in the face.” Mike Tyson’s line sums up incident response better than any manual. You can draft the neatest IR plan in the world, but unless you have practised taking the hit, it will fold the moment reality lands a blow.
This talk is about building muscle memory before the breach. You will walk away with five practical steps to turn dusty plans into lived experience. These steps will minimise damage and improve your chances of getting back to BAU in a timely way. Remember, the best response isn’t necessarily the fastest, it’s the one that is the most coherent, calm, and well managed. Key takeaways:
Learn how to get complete coverage of NTLM relaying attack surfaces in a network environment. This session introduces RelayKing, a new tool Logan developed to comprehensively map relay exploitation paths across infrastructure. This talk will be useful for offensive and defensive practitioners alike for helping to identify and exploit, or identify and remediate NTLM relaying issues - all in the name of elevating your Active Directory security posture.
Many experienced security professionals reach a point where independent consulting looks appealing: autonomy, flexibility, impact, and the opportunity to do meaningful work. What’s rarely discussed is how fundamentally different consulting is from being “good at security.”
This session is based on real-world lessons learned from building and operating an independent information security consulting practice, including virtual CISO engagements serving small and midsized organizations. It focuses on the realities that most aspiring consultants underestimate: running a business, finding and retaining clients, pricing services, managing time, navigating ethical challenges, and avoiding burnout.
Attendees will learn why technical expertise alone is insufficient for long-term success, how to think like both a security professional and a business owner, and how to make a risk-informed decision about whether independent consulting is truly the right path. Topics include defining your “why,” avoiding common early mistakes, balancing client work with business operations, establishing professional boundaries, and building trust as a long-term advisor rather than a short-term technician.
This is not a “get rich quick” talk, nor is it a vendor pitch. Instead, it is a candid discussion of what actually works—and what doesn’t—when transitioning from employment into independent information security consulting. Attendees will leave with practical guidance, realistic expectations, and a clearer understanding of whether this path aligns with their goals, values, and tolerance for risk.
Intended audience: Security practitioners, senior engineers, analysts, managers, and aspiring consultants considering independent or vCISO-style work.
Dysentery, snake bites, and drowning—classic ways to die in Oregon Trail. But how do you “die” in application development? Simple: a day-zero breach or cyberattack. Just one successful breach can land your organization on the front page of the news.
The question is: can you prevent it?
Yes.
Today, open source components make up 90% of modern application dependencies. With the software industry’s reliance on open source, it’s critical to choose well-maintained, community-driven projects to withstand disasters like Log4j.
In this session, learn how attackers embed malicious code that evades sandbox detection or masquerades as legitimate vendor software. We’ll explore real-world examples, from Log4j vulnerabilities to state-sponsored malware in macOS Flutter apps, dissecting what went wrong.
Discover emerging technologies that assess software risks without relying on source code, like automated static binary analysis and black-box testing. Gain actionable insights and best practices to uncover hidden threats in your software supply chain.
