Speakers
Learn from industry leaders, security researchers, and practitioners sharing their expertise and insights.
Featured Keynotes & Special Presentations
Join us for exclusive presentations from industry leaders and special documentary screenings
KeynoteJayson E. Street
Chief Adversarial Officer
Author
The Imposter's Guide to Hacking… Without Technical Talent!
Hear from a lifelong imposter who has been fooling people for decades! Watch examples of the no talent and lack of technical know-how hacks using just a credit card and imagination. See a new perspective on utilizing everyday devices and toys being repurposed with almost zero modification into attack tools. Marvel at the audacity of this speaker’s declaration of his right to be called a hacker! Listen to this “pick me guy’s” virtue signaling rants on subjects that he can only be considered a tangible ally on at best! Try to make it to the end of his talk where he casts judgments and harsh critiques on a community that is failing so many of us with nonsense standards and prejudiced expectations which are only there to appease gatekeepers whose insecurities fuel the toxicity in OUR community! Oh, and there will probably be some memes so yeah that'll help!
DocumentaryLen Noe
Transhumanist & Cybersecurity Speaker
Author and Actor
I AM MACHINE: Documentary & Fireside Talk
Sneek peak into the documentary I AM MACHINE with commentary from the director and producer.
⭐ Our 2025 Speaker Class ⭐
Sarah Hume
Purple Team Lead
Security Risk Advisors (SRA)
Sarah leads the Purple Team service at Security Risk Advisors (SRA). She has led hundreds of Threat Intelligence-based Purple Team exercises for organizations in the Fortune 500 and Global 1000 over the past 7 years. Her background is in offensive security, primarily internal network, OT/ICS, and physical security penetration testing. Sarah also has experience in external network penetration testing, web application assessments, OSINT, phishing/vishing campaigns, vulnerability management, and cloud assessments. She was a DEF CON 33 speaker. Sarah graduated Summa Cum Laude from Penn State with a B.S. in Cybersecurity. She is a Certified Red Team Operator (CRTO), Certified Information Systems Security Professional (CISSP), Google Digital Cloud Leader, AWS Certified Cloud Practitioner, and Advanced Infrastructure Hacking Certified. She lives in Philadelphia with her dog, Paxton.
Talk:
Letthemin: Facilitating High-Value Purple Teams Using an Assumed Compromise Approach
Purple Teaming has become a critical component of modern cybersecurity programs, but its definition and application vary widely across organizations. This presentation introduces a refined, regimented, and repeatable methodology for running Purple Team engagements, developed and battle-tested for over a decade. As the term 'Purple Team' means different things to different people— a methodology, a team of people, a program, an assessment, or even a state of mind—and as Purple Team engagements themselves come in all shapes and sizes, the speaker will begin by aligning recommended definitions and applications of common Purple Team terminology. The presentation will explain how to apply an Assumed Compromise approach to Purple Teams. Any organization can be vulnerable at any point in time. This style of Purple Team testing follows the adversary through the entire life cycle of an attack, from Initial Access to Impact, assuming vulnerabilities exist to instead focus on the visibility of security tools. This is a powerful method of identifying ways to improve detection and prevention capabilities at each layer of an organization's defense in depth. The speaker will include real world examples and specific instructions. The presentation will conclude with broader applications of this style of Purple Team. This will include how to collect and analyze the engagement results and apply these results to drive improvement to an organization's resilience to common threats. This talk is ideal for security professionals, both Red and Blue Team, who are looking to elevate the way they perform Purple Team engagements.
Annika Clarke
Red Teamer & Penetration Tester
Security Risk Advisors
Annika Clarke is a red teamer, penetration tester, and offensive security engineer working at Security Risk Advisors. Her focus is on researching and developing novel attack techniques that creatively evade traditional detection mechanisms in real-world client engagements.
Talk:
Hiding in Plain Sight: Weaponizing Developer Applications and Interpreted Languages to Evade Modern EDR
As endpoint detection and response (EDR) solutions evolve to counter traditional intrusion techniques, organizations often develop a false sense of security, relying heavily on these tools to detect and mitigate threats. This presentation challenges that perception by exposing how trusted developer tools, such as IDE extensions, Electron applications, and interpreted language execution environments can be weaponized to bypass the most sophisticated detection mechanisms. These inherent risks posed by trusted applications and developer environments are often critically overlooked. This talk will demonstrate how to exploit this blind trust through bypassing traditional endpoint controls and signature-based detection due to the use of high-level languages like NodeJS and Python to hijack legitimate applications. Attendees will gain insights into how these methods were developed and successfully deployed during real-world red team engagements.
Tracy Z. Maleeff
Principal
Sherpa Intelligence LLC
Tracy Z. Maleeff, aka InfoSecSherpa, is the principal of Sherpa Intelligence LLC. She previously held roles at the Krebs Stamos Group, The New York Times Company, and GlaxoSmithKline. Prior to joining the Information Security field, Tracy worked as a librarian in academic, corporate, and law firm libraries. She holds a Master of Library and Information Science degree from the University of Pittsburgh in addition to undergraduate degrees from both Temple University (magna cum laude) and the Pennsylvania State University. Tracy has been featured in the Tribe of Hackers: Cybersecurity Advice and Tribe of Hackers: Leadership books. A native of the Philadelphia area, she is passionate about Philly sports - Go Birds! Tracy publishes OSINT blogs and an Information Security & Privacy newsletter.
Talk:
The Threats & Research Opportunities of the Cannabis Industry
The legal cannabis industry has grown exponentially in the past few years, particularly in North America. Like any business, they are not immune to cybersecurity and physical security threats. This session will provide an overview of the threats and challenges faced by this industry, identifying known malicious actors and Tactics, Techniques, and Procedures (TTPs). In addition to providing attendees with a breakdown of threats, time will be spent outlining opportunities for Open-Source Intelligence (OSINT) research for this unique business which can help to identify potential challenges and possible solutions for defense. Applicable areas to be covered include legislation, politics, patents/trademarks, legal, cultural, and business. Presented by an Information Security professional with years of research experience, including as a law firm librarian, also has a medical marijuana license from the Commonwealth of Pennsylvania.
Matt Maisel
CTO & Co-founder
Sondera
Matt Maisel cofounded Sondera, a Philly-based AI security startup, where he serves as CTO. He's built ML security products at Cylance, Obsidian, and NetRise. Recently, he's focused on agentic systems--- both building and breaking them. He's presented at BSidesCharm and DEF CON AI Village, and trained at Black Hat USA.
Talk:
Your AI Agent Just Got Pwned: A Security Engineer's Guide to Building Trustworthy Autonomous Systems
A recent AI red teaming study by the UK AI Security Institute achieved a 100% attack success rate against all tested agents, with successful exploits in as few as 10 queries. If you're a security engineer building or securing agents, this should motivate you to act. As we give agents more autonomy, we expand the attack surface. Every autonomy level increases utility but also increases risk. Yet most teams ship agents with only basic prompt filtering. This talk delivers practical patterns for building secure agents. Attendees will learn what agentic systems are and why to use them, how each autonomy level creates new attack vectors, design patterns for agents, and guardrails that add security hooks to agent frameworks without breaking functionality. Attendees will leave with a security evaluation framework, code examples, and a pre-deployment checklist.
Evan Perotti
Lead Scientist
Security Risk Advisors
Evan Perotti is a Lead Scientist at Security Risk Advisors. He focuses on research and development, primarily within the offensive security space. His specialties include AWS security, Windows endpoint security, and purple teaming.
Talk:
Screaming about detection coverage in ALLCAPS!
Are your tools actually detecting on the right indicators? A common refrain in defense is that attacks should be addressed at the behavior level and avoid low-hanging indicators. From the hundreds of purple team exercises we conduct each year, we've evaluated all manner of endpoint security controls. And, invariably, they all suffer from diminished coverage when removing weaker indicators, like process command lines. It seems security vendors prefer taking the easy route. This talk will focus on separating attack behaviors from their specific implementations, evaluating detection robustness, and implementing atomic testing procedures to address these concepts. This talk will also cover open-source tooling we've released that is designed to help red teams put these concepts into practice for their organizations.
Michael Raymond
vCISO & Compliance Professional
Independent
Michael Raymond is a vCISO and compliance professional who thrives on exploring the bleeding edge of tech. In his earlier career, Michael was a security researcher and video producer, delivering live-streamed educational content on channels like Null Byte, SecurityFWD, and Hak5. Outside of his day job, Michael's curiosity drives him into the realms of hardware, electronics, and aerospace. Whether it's tracking airplanes through ADS-B, diving into signals intelligence with SDRs, home automation with Home Assistant, or uncovering other obscure niche topics, he brings the same passion and friendly enthusiasm to every new challenge.
Talk:
Catching the Catchers: Open Source Stingray Detection in the Wild
Cell-site simulators (CSS), also known as Stingrays, are surveillance devices that impersonate legitimate cell towers, forcing nearby phones to connect. They can track devices, harvest IMSIs, and in some cases intercept communications, all while operating in secrecy. Despite their widespread use, little is publicly known about how or where they are deployed. Rayhunter, developed by the Electronic Frontier Foundation (EFF), is an open-source tool that puts CSS detection into the hands of everyone. Running on an inexpensive Orbic mobile hotspot, Rayhunter passively monitors cellular control traffic to identify suspicious behavior. This talk will explore how Rayhunter works, why it fills a critical gap left by existing detection methods, and what early deployments are revealing.
Dr. Thomas Heverin
Director of Technology and Cybersecurity & AI Educator
The Baldwin School
Director of Technology and Cybersecurity & AI Educator at The Baldwin School. Dr. Heverin has over a decade of experience in cybersecurity, penetration testing, and AI security research. He has published multiple papers with his students at the Baldwin School (an all-girls private school) on topics including prompt injection attacks, ontology-driven cybersecurity, and vulnerabilities in enterprise technologies. He is the author of a Navy cyber risk assessment patent, a NVD CVE entry, exploits on ExploitDB, Google Dorks, and countless bug bounty reports for universities and a government agency.
Talk:
LLM-SRO: Ontology-Driven Security for Large Language Models
Large Language Models (LLMs) are being adopted across industries, yet their attack surface is expanding faster than defenders can keep pace. This talk introduces LLM-SRO (Large Language Model Security Risk Ontology), an ontology-driven framework for systematically modeling and mitigating adversarial risks in LLMs. Built collaboratively in WebProtégé and paired with AI reasoning through ChatGPT, LLM-SRO integrates the OWASP Top 10 for LLM Applications with MITRE ATLAS adversarial techniques to create a living, queryable knowledge base for defenders. A key takeaway is that LLM-SRO was built with no coding required. This talk equips attendees with practical, actionable methods to prioritize risks and plan defenses.
BV_ & Syntax
Security Practitioners
Various
BV_ is a security practitioner currently working at (intentionally left blank). Syntax is a long-term pen tester currently working at (intentionally left blank) with a combined over 40 years of experience in the industry they have seen some things and this is where they get to regale you all with some stories so hopefully you can learn from everyone else's mistakes. A lot of them ours.
Talk:
Don't worry, everyone is that bad!
With a combined 40 years of experience you get some stories and this is where you get to hear that even the biggest companies are as bad as you think.
Prof. Atdhe Buja
Assistant Professor
Commonwealth University of Pennsylvania
Atdhe Buja is an Assistant Professor of computer science, digital forensics, and cybersecurity at the Commonwealth University of Pennsylvania, USA (Bloomsburg University). Atdhe is a world-renowned cybersecurity expert with decades of experience. As PM, Atdhe has established and led the CERT team in academia and the private sector in Southeast Europe. He is an EC-Council Instructor (CEI), Microsoft IT Professional, and Oracle Administrator for RDMBS, and a leading authority on information technology, Industrial IoT, and ICS/SCADA cybersecurity. His research work focuses on cybersecurity countermeasures for Industrial IoT, IoT security, ICS/SCADA infrastructures, wireless sensor network WSN, cybersecurity of ML and artificial intelligence, and database management systems. Author of multiple books including 'Cybersecurity of Industrial Internet of Things (IIoT)' and 'AI and ML-Driven Cybersecurity: Industrial IoT and WSN with Python Scripting'.
Talk:
Enhancing Incident Response with AI: Leveraging ML for OT/IoT/IIoT Attack Detection and Prevention
As cyber threats progressively target Operational Technology (OT), Internet of Things (IoT), and Industrial IoT (IIoT) systems, traditional defenses wrestle to keep pace. This talk introduces how artificial intelligence (AI) and machine learning (ML) can redefine incident response in these domains by enabling predictive detection and rapid response. Through portrayals of applied research and real-world datasets from the Global Cyber Alliance (GCA), I will demonstrate how the Data Science Lifecycle can be applied to build predictive ML models that identify anomalies, patterns, and attack trends over IIoT networks. The session introduces the IIoT Guardian prototype, a device-level cybersecurity solution that integrates ML/AI for real-time anomaly detection.
Chris Glanden
CEO and Founder of BarCode Security
Barcode Security
Filmmaker, podcaster, and strategic advisor connecting transforming complex security ideas into powerful human stories.
Talk:
MINDGAME
What you believe can be overwritten in seconds. That’s the power mentalists exploit, and the weakness that cybercriminals weaponize. This session reveals how perception is shaped, how influence steers decision-making, and how those same psychological dynamics underpin today’s most effective social engineering attacks. Through on-screen demonstrations and real-world parallels, you’ll see how attackers use the art of mentalism to deceive and how defenders can apply similar techniques to strengthen awareness and resilience. In the end, it challenges you to see beyond the illusion and rethink what it truly means to defend the mind.
Amanda Draeger
Principal Cyber Risk Engineer
Liberty Mutual Insurance
Principal Cyber Risk Engineer at Liberty Mutual Insurance with expertise in cyber insurance and risk management.
Talk:
What Cyber Insurance Does(n't) Do For You
If you've ever taken a course on the basics of cybersecurity you've learned about some standard risk management techniques: Reduction, Avoidance, Acceptance, and Transfer. And about all that is said about risk transfer is it means 'buying insurance'. What does risk transfer or the buying of cyber insurance actually do for your overall security program? Hear from an insurance insider about what cyber insurance does and does not do. This talk will provide the audience with a better understanding of what cyber insurance does, what it doesn't do, and what the different types of insurance are. This will help them to understand why 'just buy insurance' isn't always a good answer for risks that the organization does not want to mitigate.
Dan Bradley
Hacking the Temp Job: From Answering the Phone to Cyber Director: Creative Insubordination for Fun and Profit
Former CISA
Dan Bradley is a Director of Cyber Solutions Architecture with a major government contractor and prior to that served 24 years as a federal civilian. At CISA he was the Zero Trust Initiative Technical Lead, led security operations center (SOC) assessments and supported Federal CISOs. Prior to CISA, Dan served in a variety of roles to assess, design and defend DoD's most critical systems. Over the course of his government career, he was Technical Director for testing and risk assessment, as well as security operations and security architecture and engineering. He has led hundreds of vulnerability assessments spanning Federal civilian executive branch agencies, national security systems and commercial customers. He is very familiar with risk governance processes like the NIST RMF and how their implementation can simultaneously fail to enable mission or achieve their risk management objectives. Effective risk governance is critical, which is why we must fix our broken processes. Past conference briefs include titles like: "Don't use a CDS and Avoid this Conference", "Security Operations: From Busy to Effective", "What in the Heck is Zero Trust?" and "The A in ZTA stands for Architecture, not Acquisition, You Can't Buy a Zero Trust." His briefings couple humor and with technical insights from his broad and deep cybersecurity experience. He currently holds the record for over 860 cat pictures in a 20-minute briefing. He earned a Master of Science in Network Security from Capitol Technology University and holds CISSP, ISSEP, CGRC, GCIA, GCIH, GDSA, GPEN certifications.
Talk:
Hacking the Temp Job: From Answering the Phone to Cyber Director: Creative Insubordination for Fun and Profit
What do you do when you're a seminary dropout answering phones at a pharmaceutical company with your first child on the way? You hack your way into a cybersecurity career. This presentation chronicles an unconventional path from liberal arts undergrad to temp worker to cybersecurity professional, demonstrating how a hacker mindset can transform any role into a career launching pad. When tasked with manually processing shipping claims (4-5 per day), automation through Excel, VBA scripting, and mail merge transformed it into 20+ claims daily. The real hack wasn't technical—it was the boldness to completely reinvent an assigned role by focusing on objectives while ignoring prescribed methods. Creative insubordination recovered over a million dollars in claims in less than a year and opened doors to government penetration testing roles. Through personal anecdotes, attendees will learn to focus on objectives over methods, leverage creative insubordination to deliver unexpected results, combat imposter syndrome through continuous learning, and craft compelling career narratives. This isn't another "which certs should I get?" talk—it's about recognizing that cybersecurity careers are built by people who see problems differently and solve them their own way.
Rick Console
NAC to the Future - Bypassing Network Access Controls and Improving Red Team Implants
Security Risk Advisors
Rick is a penetration tester and offensive security researcher at Security Risk Advisors. He develops custom offensive tools and hardware for penetration tests and red team operations, and focuses on practical applications at the intersection between artificial intelligence and cybersecurity.
Talk:
NAC to the Future - Bypassing Network Access Controls and Improving Red Team Implants
Network Access Control (NAC) systems are supposed to be the gatekeepers of enterprise networks, but they're not as bulletproof as organizations think. Red teams have successfully used tactics like MAC spoofing for years, and these techniques still work against many implementations. But when facing more advanced NAC solutions like 802.1x, you need to change your approach. This talk takes inspiration from real-world tools to demonstrate practical and modern NAC evasion techniques. We'll walk through the basics of NAC and its different flavors, classic bypass methods like spoofing and bridging, commercial devices versus custom builds, and how to level up these techniques for advanced operations like hidden drop boxes. Attendees will learn about NAC solution types including 802.1x, MAC-based, and agent-based controls, bypass techniques, and how to add NAC bypass technology to red team implants. The session will also cover how to enhance devices for persistence, remote access, and integration with drop boxes for covert deployment.
Udochi Nwobodo
From Pods to PCI: Translating Kubernetes Security for Security Audit & Compliance
Mastercard
Udochi Nwobodo is an Infrastructure and Product Security Engineer with over five years of experience securing large-scale systems at Adobe, Coinbase, and Juniper Networks. She has led efforts to design and deploy cloud security solutions, integrate security into product lifecycles, and build vulnerability management programs that scale with business needs. Her work spans infrastructure, application security , and modern detection engineering. Beyond technical execution, Udochi focuses on strategic impact: enabling teams to balance speed with security, aligning detection thresholds with business risk, and turning raw telemetry into meaningful decisions. She holds a Master’s degree in Cybersecurity along with CISSP and CISM certifications. Udochi is passionate about bridging the gap between engineering and strategy, helping organizations move from reactive security to proactive resilience.
Talk:
From Pods to PCI: Translating Kubernetes Security for Security Audit & Compliance
Kubernetes has become the backbone of modern infrastructure, but for many security managers and auditors, it still feels like an opaque, fast-moving black box. Terms like “pods,” “network policies,” or “admission controllers” often don’t translate cleanly into the language of compliance frameworks like PCI-DSS, SOC 2, or FedRAMP. This talk is designed to bridge that gap. I’ll walk through how low-level Kubernetes security controls; like RBAC, Pod Security Standards, and OPA/Gatekeeper policies, map directly to familiar compliance requirements around access control, segmentation, and audit logging. Using live examples, I’ll demonstrate how a misconfigured workload looks inside a cluster, and then show how the right policy or control enforces compliance in real time. The goal of this presentation is to give non-Kubernetes specialists; security managers, compliance professionals, and auditors, a practical framework for evaluating whether a Kubernetes environment is secure and compliant, even if they don’t use kubectl every day. Attendees will leave with a mental model that translates Kubernetes specifics into compliance outcomes, helping them ask the right questions, set meaningful controls, and better align engineering with audit requirements.
Zarin Hamid
Hacktivism-as-a-Service: The Cyber Mercenary Era
National Cyber-Forensics and Training Alliance (NCFTA)
Zarin Hamid is a Cyber Threat Intelligence Analyst at the National Cyber-Forensics and Training Alliance, with a sharp eye for patterns, a deep understanding of adversarial behavior, and a knack for navigating chaos whether in a threat intel shop or at a blackjack table. Before stepping into the world of CTI, Zarin took a side quest as a professional blackjack dealer, and to this day isn’t sure which job had more drama. She’s known for bringing clarity to complexity, challenging assumptions, and making threat intelligence resonate beyond the technical. Whether she’s analyzing scam networks or dissecting geopolitical disinformation, Zarin brings grit, insight, and a dealer’s instinct to every investigation.
Talk:
Hacktivism-as-a-Service: The Cyber Mercenary Era
Hacktivism isn't what it used to be. What began as grassroots digital protest has evolved into a commercialized ecosystem where ideology is weaponized for profit. In this talk, we'll explore the rise of Hacktivism-as-a-Service (HaaS), a model where threat actors offer politically motivated attacks as paid services, targeting organizations not for their vulnerabilities, but for their symbolism. We'll break down: How groups like KillNet and NoName057(16) operate as cyber mercenaries, The platforms and tactics used to amplify their campaigns (Telegram, dark web forums, social media), Why attribution is increasingly difficult when ideology is commodified, What this means for defenders, brand reputation, and business continuity. What this talk aims to accomplish: Attendees will walk away with a deeper understanding of how HaaS blurs the lines between activism, cybercrime, and influence operations and how to champion security by preparing for attacks that aren't just technical, but psychological and symbolic. This session is designed to equip CTI professionals, security leaders, and business stakeholders with the mindset and strategies needed to defend against a threat that's as much about perception as it is about payload.
Gev Manekshaw
PNA: A Short Life, a Long Shadow
Independent
Gev is a Philly-based Security Engineer and Researcher who thrives on tackling network security, web app vulnerabilities, system administration and container security—so much so that he even does it on weekends. With a knack for automating vulnerability hunting, Gev's vulnerability disclosures have earned him recognition from over 25 organizations.
Talk:
PNA: A Short Life, a Long Shadow
Private Network Access (PNA) — a security feature made its way into browsers to prevent “drive-by intranet access” — stopping web apps from silently reaching into private networks. After a long and bumpy rollout, PNA was deprecated, marking the end of one of the web’s more ambitious security experiments. This talk explores how PNA worked, look at server adoption trends (both in scale and secure implementation), what challenges led to its fall, and what traces of it remain in current browser behavior. We’ll also look at the mechanism stepping in to fill its role, one that moves responsibility to a user’s choice, redefining how browsers draw the line between the web and private networks.
Mike Dutko
Lessons from the Plant Floor: What OT Security Assessments Really Teach Us
Nozomi Networks, Sales Engineer
Michael Dutko is a Sales Engineer at Nozomi Networks with over a decade of hands-on experience in industrial operations and cybersecurity. A graduate of Bloomsburg University with a degree in Electronic Engineering Technology, Michael began his career as an electrical engineer in the OT space before transitioning into network infrastructure and security. He has led OT security assessments across the globe, helping organizations strengthen segmentation, develop standards, and gain visibility into their industrial environments. His experience spans industries including pharmaceuticals, food and beverage, utilities, and renewables. Holding a CCNA and a deep understanding of both control systems and networking, Michael brings a practical, field-driven perspective to securing cyber-physical systems.
Talk:
Lessons from the Plant Floor: What OT Security Assessments Really Teach Us
Nozomi Networks is a cybersecurity company that provides a platform for monitoring and managing cybersecurity risksIndustrial networks are evolving faster than ever, bringing new connections and new risks to the plant floor. In this talk, Michael Dutko shares real-world lessons learned from years of conducting OT security assessments and helping organizations move from unmanaged chaos to managed control. Through field stories and practical examples, he highlights what makes OT environments unique, where teams struggle most, and what works when balancing uptime with security. Attendees will gain insights into the expanding threat landscape from traditional wired attacks to emerging wireless and supply chain vectors. The session focuses on actionable approaches to visibility, segmentation, and risk reduction without disrupting operations. Whether you’re an IT defender stepping into OT or a control engineer facing new cyber realities, this talk bridges both worlds with hard-earned perspective and practical takeaways.