Session Catalog
Additional session details and session selection coming soon!
Risk Management Track
This track focuses on the evolving landscape of cybersecurity and privacy laws, specifically their impact on large corporations and cybersecurity professionals. Attendees will learn about recent security incidents, emerging trends, and how regulators and prosecutors are enforcing new legal frameworks, including the EU Digital Operations Resilience Act (DORA) and China's Cross-Border Data Transfer Regime. Join these sessions for practical advice for navigating global compliance challenges in this complex regulatory environment.
| Name | Description | Speakers |
|---|---|---|
| FBI & Mandiant: Perspective on Countering PRC Cyber Threats | Join FBI San Francisco and Mandiant as they unveil their collaborative approach to countering sophisticated cyber espionage threats from the People's Republic of China (PRC). This session will focus on advanced persistent threat actors, including UNC4841 and UNC5221, who exploit zero-day vulnerabilities in network appliances (e.g., Barracuda, Ivanti), and the emerging threat of PRC-aligned freelance actors like UNC5174. Learn how cybersecurity practitioners, appliance vendors, and law enforcement agencies can unite to identify and respond to this evolving activity, collaborating to investigate intrusions, disrupt adversary operations, and mitigate widespread zero-day exploitation. | Anthony Quinones Austin Larsen |
| How Resilient is your Organization to a Ransomware Attack? | Despite increased awareness and boardroom attention, ransomware attacks continue to dominate headlines. In this session, we will journey through a ransomware attack lifecycle via demos and screenshots. We'll also uncover common pitfalls and practical defense mechanisms to significantly reduce the risk of business disruption from a full-scale ransomware attack. Delivered by an incident response lead involved in some of 2024's biggest ransomware attacks, this session aims to provide a comprehensive, practical, and up-to-date guide to understanding, preventing, and responding to ransomware attacks, directly from someone with recent, high-stakes experience. | Jibran Ilyas |
| Panel Discussion: Perspectives on Proactive Cyber Defense | With cyber threats at an all-time high, the importance of robust cyber defense has never been clearer. Join panelists A, B, and C as they delve into how leaders across various industries are building exceptional proactive cyber defense programs. This session will explore strategies for continuous improvement, identify critical technical debt to eliminate, and discuss how to stay ahead of adversaries while fostering secure digital transformation. This discussion will offer actionable takeaways for immediate implementation, strengthening your organization's security posture. | Jeff Parry Dave Damato Bob Stasio |
| Prepare for the Whole Attack: Building Executive Resilience | When a major breach hits, most executive teams are unprepared to the complex process of making critical business decisions. They have limited information, potentially unavailable systems, and pressure to communicate to external parties. In this session we’ll share real-world incidents where threat actors target the technical infrastructure but rely on business risk to accomplish their mission - and how executive teams are unprepared to respond to a cyber event at their organization. | Dan Wire |
| Securing AI Innovation: A Proactive Approach | The increasing deployment of Large Language Models (LLMs) and agentic solutions introduces complex security challenges, often due to insufficient integrated governance, proactive threat modeling, dedicated red teaming, and AI-specific detection. Securing this evolving landscape requires foresight and understanding AI's unique attack surface. This talk provides practical insights from a year of securing and attacking AI deployments, revealing common security missteps and critical vulnerabilities in production AI systems. We emphasize proactive measures like AI-specific threat modeling and targeted red team exercises, plus robust governance and response frameworks. Designed for executive leadership and technical professionals, this session offers actionable guidance to navigate AI security complexities and foster resilient AI adoption. | Muhammad Muneer |
Cyber Defense Track
This track broadly covers the evolving landscape of cybersecurity, focusing on practical approaches to defense and incident response in complex environments. Attendees will learn about managing AI in cybersecurity operations, from leveraging it for incident response and threat intelligence to addressing the security implications of AI agents and identity management. Other key topics include understanding and mitigating identity-based threats and insights into red team engagements and offensive security TTPs. Overall, participants will gain actionable strategies, best practices, and a deeper understanding of emerging threats and technologies to strengthen their organization's security posture.
| Name | Description | Speakers |
|---|---|---|
| AI-DENTITY: Modernizing Identity and Access Management Controls | To preempt challenges with AI agent sprawl, organizations need to treat AI agents as an extension of managed identities. This session will highlight identity and access management (IAM) principles that are at the forefront for protecting not only against the latest threats, but are also key for managing agentic AI. We will delve into how the evolution of identity governance and the implementation of robust, technical-focused security guardrails are essential for effectively managing the identity of AI agents at scale. The discussion will cover key aspects such as establishing clear identity lifecycles for agents, implementing least privilege access, and ensuring comprehensive auditing and logging capabilities. Attendees will leave understanding the critical need for continuous monitoring and adaptive security measures to address the dynamic nature of AI agent interactions and potential vulnerabilities. | Matthew McWhirt |
| AI on the Frontlines | Operating within a small team backing frontline cyber incident responders, the Google Threat Intelligence Group's Advanced Practices team faces unique challenges. We support Mandiant's Incident Response and Managed Defense teams, dealing with sensitive, proprietary, raw data unlike that found in most organizations. This environment lacks established use cases or public datasets, forcing us to forge our own path. This talk will offer a glimpse into our initial experiences leveraging AI to tackle these complexities. We'll demonstrate how AI has significantly contributed to summarization and automation, while preserving the crucial human element of threat analysis. This presentation isn't about flawless solutions but an honest account of the hurdles, experiments, and emerging successes applying AI to the often chaotic world of incident response data. Join us for a candid discussion on practical AI applications in cybersecurity. | Jake Nicastro |
| Imposter Syndrome: How Infostealers, Espionage, And Everyone Else Abuses Identity | 3944 has wreaked havoc across myriad sectors in the past several years, causing billions of dollars in damages on at least two continents. But 3944 is just one part of a much broader segment of actors that abuse the different ways that organizations ensure that the person accessing their data is who they claim to be. Join Principal Analyst Andrew Kopcienski to discuss how a decade of hybridization and cloud adoption has created a fertile environment for threat actors to compromise identity, and a look at what Google Security has done to avert that catastrophe. This session will provide actionable strategies to strengthen your organization's defenses and mitigate emerging identity-based threats and critical insights into averting catastrophe and securing your digital future. | Andrew Kopcienski |
| Notable Cloud Incidents of 2025: Destructive and Complex Multi-Cloud IR Cases | As cloud environments grow in complexity, so do the challenges in both cyber defense and incident response (IR). This session delves into notable multi-cloud incidents from 2025, dissecting destructive and intricate cases. We will explore effective cyber defense and detection strategies crucial for mitigating such threats, alongside proven techniques for navigating complex IR scenarios once an incident occurs. Drawing on cross-functional expertise, this presentation will provide actionable insights for security professionals. Attendees will gain a deeper understanding of emerging threats, proactive defense measures, and best practices for robust multi-cloud detection and incident response. | Omar ElAhdan Josh Madeley Scott Lashway |
| Practical Guidance for Building a Proactive Threat Hunting Program | This session provides a practical guide to establishing a robust threat hunting program. Participants will learn to assemble a skilled team from existing Security Operations Center, Incident Response, and penetration testing personnel, establish clear processes, and leverage expertise to uncover post-compromise behaviors. Essential components will be discussed, including data access, skilled team members, threat intelligence, and appropriate tools. The session will explore hypothesis-driven, TTP-based, anomaly-based, and IOC-driven hunting methodologies, illustrated with real-world examples. Emphasis will be placed on understanding how proactive hunting minimizes breach impact, reduces dwell time, prevents financial losses, and strengthens overall security. Participants will gain actionable steps to enhance their organization's security posture. | Ryan Fried |
| When the Trail Goes Cold: Unearthing Veiled Evidence in Windows Event Logs | Windows Event Logs (.evtx) are a cornerstone of forensic investigations, their susceptibility to overwriting or intentional deletion poses a significant challenge. This presentation will delve into advanced recovery techniques, demonstrating how, even when event logs appear to be lost, crucial fragments or complete records can often be retrieved directly from the .evtx files. Through in-depth analysis of real-world case studies, attendees will gain a profound understanding of the intricate internal architecture of EVTX files. You will learn to identify and extract seemingly deleted or overwritten records from unused sections, providing unparalleled insights that are critical for successful investigations and bolstering your organization's security posture. | Ang Yi Han |