SPEAKERS

If Only We Had More Budget for Security… (And Other Lies We Tell Ourselves)

This talk challenges the common belief that security fails because of underfunding. Instead, it explores how leaders actually make risk decisions and how reframing security conversations around clear risk tradeoffs leads to better outcomes, stronger accountability, and real buy‑in.

Debunking Dark Web Intelligence

In this session, we will dissect the five most persistent myths surrounding dark web threat intelligence. We will challenge assumptions such as:

- If you’re breached, it will show up on the dark web

- More sources equal better intelligence

- Underground analysis is best automated

- Personas / Sock puppets are required for meaningful access

- Dark web monitoring prevents ransomware

Attendees will leave with a practical framework for evaluating dark web intelligence programs, identifying when monitoring adds true operational value, and recognizing when it becomes security theater.

OMG, You Did What?! Authorization in Practice

Authentication is only the starting point; authorization is where real security either holds or fails. This session examines practical authorization design for modern systems, including stateful and stateless models, delegated API access, and permission strategies that align with business roles and actions. It highlights common failure patterns—such as weak multi-tenant isolation, tokens lacking sufficient authorization constraints, and misplaced trust in gateways or third-party defaults—and presents concrete ways to prevent them. The talk also covers advanced challenges, including securing data reads, protecting sensitive metadata, enforcing time-limited access, and maintaining human attribution across service accounts and AI-agent workflows. Attendees will leave with a practical model and a stronger working understanding of how to build authorization that is enforceable, auditable, and aligned with Zero Trust principles.

Ctrl + Alt + Lead: Rebooting Cyber Culture with Human Skills

Technical skills may open doors in IT and cybersecurity, but leadership, communication, and mentorship help professionals grow and contribute at a higher level. As the field becomes more complex and mission-critical, success increasingly depends on how we build, lead, and support our teams. This session explores the human side of cybersecurity: how soft skills shape technical excellence by transforming capable individuals into trusted collaborators, advisors, and leaders. Drawing on nearly two decades of experience leading mission-driven teams, I’ll share actionable strategies for fostering psychological safety, developing mentorship programs, and communicating clearly under pressure. Participants will walk away with practical tools to strengthen their leadership presence and build teams that thrive in today’s high-stakes digital environment

Your Deployment Pipeline Ends at a Firewall Ticket

Your team automated the build, the test, and the deploy. Then the whole thing stalled at a firewall change request. That bottleneck isn't a process problem — it's an architecture problem. Organizations are migrating to the cloud but carrying network security assumptions from the data center that silently fail, creating rework loops that slow every deployment behind them.

Security groups aren't stateful firewalls. NAT gateways aren't DMZs. And when SDWAN enters the picture, direct internet breakout reshapes traffic flows in ways that bypass your entire inspection stack — often by design. This talk walks through the specific network security assumptions that break during cloud migration and hybrid architecture deployments, drawn from real-world engagements across AWS, Azure, and GCP. Attendees will leave with a practical audit checklist and the knowledge to build landing zones that pass security review the first time — so your pipeline doesn't end at a ticket queue.

Resilient AI Governance: Designing for Failure, Abuse, and Recovery

Can your AI governance program survive its first real incident or the next AI revolution? Most companies approve tools, publish a policy, and call it done. Then the agentic assistant takes an action nobody authorized. The analyst trusts a summary shaped by an attacker's prompt. The model degrades and nobody can stop it.

This talk walks through five ways AI governance fails and why most programs are already outdated given the rate of AI innovation. We'll use first principles to map the five cracks most programs miss and show how each one impacts every cybersecurity discipline, from DFIR to GRC.

Cybernalities - Encouraging Small Humans Toward Cybersecurity Careers- a Practical Guide for Parents

Cybernalities is practical, personality-to-path guidance for technical parents that teaches them to recognize their kids’ interests, activities, and natural tendencies as cybersecurity soft skills.

I show how to match those soft skills and interests with 8 cybersecurity paths and turn what they do naturally into safe, responsible, hands‑on projects. The result: parents taking steps to raise kids who can solve problems, create tech, stay safe online, and keep doors open for any future, not just tech.

Parents enjoy quality time while learning about their child. This type of early play together is proven to provide families with stronger bonds and trust, better communication, and more empathy toward each other.

Young adults who learned by playing with parents have better social skills, mood control, and problem-solving skills, creating less stress, because play taught them to calm down and failing felt like feedback. They also learn a healthier sense for risk and choose safer choi

I vs AI

AI is a friend, but it can be a terrible foe when not properly used. In cybersecurity, we also see AI as an enabler of cyber-criminal activities and security errors. In this talk, we will focus on what you need to know to defend your enterprise against AI-enabled cyberattacks. We will also discuss how to protect yourself and your company against errors caused by the improper use of AI.

Dismantling the Silo: Integrating GRC and SOC for a Unified Defense

In many organizations, GRC and SOC operate as separate islands, leading to "compliant but insecure" environments. This session explores how to bridge that gap. We will dive into how technical teams can use GRC frameworks to prioritize alerts, and how risk managers can use real-time SOC data to move beyond static spreadsheets. By leveraging the MITRE ATT&CK framework and CVSS scoring, we will map out a strategy to reduce your attack surface through a "limitless" collaborative approach. Attendees will learn how to turn compliance from a checkbox into a proactive security driver.

“Inside the Wisconsin Cyber Response Team: Real-World Incident Response and Lessons Learned”

The Wisconsin Cyber Response Team (WCRT) plays a critical role in strengthening cybersecurity resilience across the state by providing rapid incident response, threat analysis, and coordinated recovery support for public and private sector organizations. This presentation will offer an overview of WCRT’s mission, structure, and operational capabilities, followed by real-world examples of cyber incidents encountered in Wisconsin.

Attendees will gain insight into common attack vectors, response strategies, and lessons learned from actual engagements, including ransomware, business email compromise, and infrastructure-targeted threats. The session will also highlight best practices for preparation, detection, and collaboration with state-level cyber resources. By examining these cases, participants will leave with a clearer understanding of how coordinated response efforts can reduce impact, accelerate recovery, and improve overall cyber readiness.

A Security Engineers Guide to the Galaxy: Tradecraft and Transformation

A view into the history and current state of Cybersecurity from the perspective of a Security Engineer. The evolution of security toolset design over the years has had a major impact on security program design. Drawing from my experience, we will look at some examples that have become foundational for the modern cybersecurity program, the architectures used and how those capabilities and limitations shaped the security programs we built around them. Then we will consider what is changing in toolset architecture, the key properties indicative of a truly new generation of toolsets, and how it impacts our operational patterns.

What skills were critical for us to be successful with legacy "Next-Gen" tools? What thought process changes will enable us to be successful with the new AI generation of protections? What sort of mindset changes will we need to make? I'll strive to answer these questions and make the case there is room for optimism in this space.

From Clinics to Casinos: Vulnerability Management in Practice

Vulnerability management in resource‑constrained environments requires creativity, flexibility, and strong information‑sharing networks. In this talk, Em Carlson shares lessons learned from building and supporting vulnerability and patch management programs across public health and tribal gaming, two highly regulated sectors with very different threat profiles.

Drawing on experience coordinating patch management in underfunded public health environments and leading vulnerability management efforts in tribal gaming, this session examines how funding limitations, data scope, and ransomware risk influence security priorities. Em highlights practical strategies for working effectively with limited tooling, documenting sustainable processes, and using community and information‑sharing networks to strengthen security outcomes. Rather than focusing on ideal‑state frameworks, this talk centers on realistic, achievable approaches that security practitioners can apply immediately.

Introduction to Meshtastic

Meshtastic describes itself as “Off-Grid Communication For Everyone”. It’s a communication platform that uses the radio signal technology LoRa, or Long Range, creates a mesh network that lets anyone with a device communicate. Security nerds love interesting and hackable technologies.

Meshtastic leverages low power, low cost radios to create a network of devices capable of working over tens of miles, depending on how many nodes are in the network. There are some interesting security problems that have to be solved when you have an open network like this, but security isn’t the primary consideration.

This talk will explain how Meshtastic works. Show off a bunch of hardware devices. Explain some of the interesting security challenges and solutions. And hopefully inspire you to join the network, learn something new, and start hacking.

Practical ICS/OT offense & defense

Many ideas around defending ICS/OT systems are based on outdated approaches. Ask a Controls Engineer to break a system, and you'll get a very different perspective than the prevailing ideas. In this talk, we'll zoom out and discuss the role of safety systems, how systems are actually designed, and what can make for a bad day. By applying an engineering filter to ICS/OT cybersecurity, we can design more defensible environments.

The Cybersecurity ROI Crisis – Why Offense Is the Ultimate Game Changer

Global cybersecurity spending is projected to exceed $377 billion by 2028, yet cybercrime costs still reach $10.5 trillion annually and 87% of organizations suffered a breach in the past year. The reactive, defense-only approach is yielding poor ROI.

This talk makes the case for a different strategy: managed offensive security. Instead of waiting for the next attack, organizations must start hacking themselves—continuously testing and fortifying systems to find weaknesses before adversaries do. We'll explore how proactive operations like continuous penetration testing, red teaming, and attack surface management can directly stop attackers, backed by hard evidence: every $1 spent on pen testing saves up to $10 in breach costs.

This talk challenges cybersecurity dogma and offers a bold blueprint for reallocating a portion of defensive budgets into high-impact offensive initiatives—delivering real risk reduction, better ROI, and a much-needed shift in favor of defenders in 2026.

Think Like an Attacker, Code Like a Defender: Applying AppSec in the SDLC

Quite often in the Application Security world we hear “Think Like an Attacker”, but what does this mean in the day-to-day? How can this mindset help security analysts better assess vulnerabilities, understand risk in new features, and inject in the SDLC? Further, how can that security phrase translate to help developers write secure code through practical steps?

Let’s step from reactionary to preventative and explore how this concept translates to secure software development. We’ll begin by laying the foundation of what is means to Think Like An Attacker – for both Security and Software Developers. With day-to-day examples and methods of utilizing this mindset.

From there we will explore why this saying is still relevant today, the common pitfalls associated with it, and how to champion secure code development your developers won’t hate by “Coding Like a Defender”. Join me to learn how instilling this mindset can help set your AppSec program up for success!