Session Catalog

Join Mandiant's own Jurgen Kutcher, VP of Mandiant Consulting at Google Cloud, as he kicks off the Cyber Defense Summit with opening remarks.

Join cybersecurity leader Rob Joyce and threat intelligence expert John Hultquist for a compelling fireside chat. This discussion will delve into the evolving cybersecurity landscape, exploring threats that extend beyond conventional defenses.  Joyce and Hultquist will analyze the significant impact of emerging technologies such as quantum computing and artificial intelligence on both offensive and defensive cybersecurity strategies. They will also address how shifting geopolitical dynamics are reshaping the threat environment, compelling organizations and nations to re-evaluate their security approaches. This event is essential for anyone seeking to comprehend the future of digital security and the innovative solutions necessary to safeguard our interconnected world.

This keynote session delves into critical cybersecurity challenges and cutting-edge defense strategies. We will explore the formidable threat of the Salt Typhoon, including their tradecraft and the actions organizations are taking to defend against them. The session will also address the complexities of insider threats, leveraging Coinbase's experience to share crucial learnings that will benefit other organizations. Attendees will gain actionable takeaways from security leaders who have navigated some of the most targeted and defended environments.

Join us for an illuminating fireside chat featuring two leading voices in cybersecurity: Kevin Mandia, cybersecurity pioneer, company founder and investor, and Nicole Perlroth, a Pulitzer Prize-winning cybersecurity journalist and author. This session will delve deep into the complex and often untold narratives behind some of the most impactful and widespread cyberattacks that have targeted American businesses. Discover the profound and often catastrophic consequences of intellectual property theft by state-sponsored attackers. Gain critical insights into China's ambitious five-year plans and their increasingly prominent role in identifying potential targets for cyber exploitation. Learn how a CEO must navigate the immediate aftermath, making critical decisions under pressure, communicating transparently with stakeholders, and implementing robust recovery strategies. And discover how to prepare us for an increasingly volatile cyber landscape where adversaries are poised to launch ubiquitous, simultaneous cyberattacks. This fireside chat promises to be an essential exploration of the evolving cyber threat landscape, offering knowledge for business leaders, security professionals, and anyone interested in understanding the hidden battles shaping our digital world.

Sign up for Mandiant’s ThreatSpace and hone your skills against an advanced threat actor in an engaging exercise suitable for all levels. Learn how to apply practical threat intelligence and overcome real attacks with real skills for real impact. Challenges run concurrently with breakout sessions.

This session focuses on how cybersecurity leaders and consultants can effectively communicate cyber risks in business terms. Get expert advice from battle hardened veterans that have briefed executive leadership both during a cyber attack and during "business as usual". Understand what matters for executives and learn to anticipate questions so you can be best prepared for your next meeting.

UNC3944 has wreaked havoc across myriad sectors in the past several years, causing billions of dollars in damages on at least two continents. But UNC3944 is just one part of a much broader segment of actors that abuse the different ways that organizations ensure that the person accessing their data is who they claim to be. Join Principal Analyst Andrew Kopcienski to discuss how a decade of hybridization and cloud adoption has created a fertile environment for threat actors to compromise identity, and a look at what Google Security has done to avert that catastrophe. This session will provide actionable strategies to strengthen your organization's defenses and mitigate emerging identity-based threats and critical insights into averting catastrophe and securing your digital future.

Sign up for Mandiant’s ThreatSpace and hone your skills against an advanced threat actor in an engaging exercise suitable for all levels. Learn how to apply practical threat intelligence and overcome real attacks with real skills for real impact. Challenges run concurrently with breakout sessions.

Windows Event Logs (.evtx) are a cornerstone of forensic investigations, their susceptibility to overwriting or intentional deletion poses a significant challenge. This presentation will delve into advanced recovery techniques, demonstrating how, even when event logs appear to be lost, crucial fragments or complete records can often be retrieved directly from the .evtx files. Through in-depth analysis of real-world case studies, attendees will gain a profound understanding of the intricate internal architecture of EVTX files. You will learn to identify and extract seemingly deleted or overwritten records from unused sections, providing unparalleled insights that are critical for successful investigations and bolstering your organization's security posture.

Despite increased awareness and boardroom attention, ransomware attacks continue to dominate headlines. In this session, we will journey through a ransomware attack lifecycle via demos and screenshots. We'll also uncover common pitfalls and practical defense mechanisms to significantly reduce the risk of business disruption from a full-scale ransomware attack. Delivered by an incident response lead involved in some of 2024's biggest ransomware attacks, this session aims to provide a comprehensive, practical, and up-to-date guide to understanding, preventing, and responding to ransomware attacks, directly from someone with recent, high-stakes experience.

To preempt challenges with AI agent sprawl, organizations need to treat AI agents as an extension of managed identities. This session will highlight identity and access management (IAM) principles that are at the forefront for protecting not only against the latest threats, but are also key for managing agentic AI. We will delve into how the evolution of identity governance and the implementation of robust, technical-focused security guardrails are essential for effectively managing the identity of AI agents at scale. The discussion will cover key aspects such as establishing clear identity lifecycles for agents, implementing least privilege access, and ensuring comprehensive auditing and logging capabilities. Attendees will leave understanding the critical need for continuous monitoring and adaptive security measures to address the dynamic nature of AI agent interactions and potential vulnerabilities.

Sign up for Mandiant’s ThreatSpace and hone your skills against an advanced threat actor in an engaging exercise suitable for all levels. Learn how to apply practical threat intelligence and overcome real attacks with real skills for real impact. Challenges run concurrently with breakout sessions.

The increasing deployment of Large Language Models (LLMs) and agentic solutions introduces complex security challenges, often due to insufficient integrated governance, proactive threat modeling, dedicated red teaming, and AI-specific detection. Securing this evolving landscape requires foresight and understanding AI's unique attack surface. This talk provides practical insights from a year of securing and attacking AI deployments, revealing common security missteps and critical vulnerabilities in production AI systems. We emphasize proactive measures like AI-specific threat modeling and targeted red team exercises, plus robust governance and response frameworks. Designed for executive leadership and technical professionals, this session offers actionable guidance to navigate AI security complexities and foster resilient AI adoption.

This session provides a practical guide to establishing a robust threat hunting program. Participants will learn to assemble a skilled team from existing Security Operations Center, Incident Response, and penetration testing personnel, establish clear processes, and leverage expertise to uncover post-compromise behaviors. Essential components will be discussed, including data access, skilled team members, threat intelligence, and appropriate tools. The session will explore hypothesis-driven, TTP-based, anomaly-based, and IOC-driven hunting methodologies, illustrated with real-world examples. Emphasis will be placed on understanding how proactive hunting minimizes breach impact, reduces dwell time, prevents financial losses, and strengthens overall security. Participants will gain actionable steps to enhance their organization's security posture.

Sign up for Mandiant’s ThreatSpace and hone your skills against an advanced threat actor in an engaging exercise suitable for all levels. Learn how to apply practical threat intelligence and overcome real attacks with real skills for real impact. Challenges run concurrently with breakout sessions.

This panel addresses preparedness, response, and corporate risk related to remote workers operating for the Democratic People’s Republic of Korea (DPRK) who infiltrate US and other Western companies. The discussion will particularly highlight legal and compliance risks, focusing on the unique interplay among cybersecurity, labor & employment, and sanctions law. DPRK remote worker scams, where operators use fraudulent identities to gain employment and fund the North Korean regime, have become a major global cyber threat. These scams uniquely involve various corporate functions, including HR, Legal, IT, and information security. This panel, composed of professionals from Crowell & Moring, Akin Gump, and Mandiant, possesses extensive experience in identifying, investigating, and combating these campaigns. They will provide an overview of these scams, recent developments, and strategies for companies to prevent them or mitigate impacts if discovered.

Google Cloud Security will host a Welcome Reception for registered cybersecurity professionals on Monday, September 22, 2025. Join us in the Foyer Hallway in front of the Amphitheater for a chance to connect with friends old and new and enjoy refreshing drinks and lite fare. We can't wait to see you there!

Join Mandiant's own Jurgen Kutcher, VP of Mandiant Consulting at Google Cloud, as he kicks off Day 2 at the Cyber Defense Summit with opening remarks.

Today’s cyber threat landscape is marked by escalating sophistication and destructive potential. State-sponsored groups are increasingly focused on gaining persistent access to critical infrastructure. They are also rapidly experimenting with AI and large language models. Added to this complexity, malicious actors are following organizations on their digital transformation, with cybercriminals increasingly adept at targeting modern infrastructure.

Join Sandra Joyce, Vice President of Google Threat Intelligence, who will unpack today’s trends by drawing on Google’s unparalleled visibility across the threat landscape (including insights from Mandiant and VirusTotal). This brief aims to equip security practitioners with actionable intelligence to proactively defend against evolving threats.

AI agents unlock incredible new efficiencies, but they may also introduce new risks. Google is building AI agents that are useful and secure by design, acting force multipliers, and amplifying human expertise to solve complex problems faster. This talk explores this evolution of artificial intelligence - from simple chatbots to sophisticated AI agents that operate at the intersection of our physical and digital worlds. It outlines Google's principled approach to AI Agent Security, recognizing the dynamic and evolving nature of this critical field and highlighting the critical importance of security, trust, and collaboration.

As geopolitical tensions escalate to unprecedented levels, particularly with growing Chinese rhetoric and actions threatening military action against Taiwan, the role of cyber capabilities in modern conflict has become critically prominent. Cyber attacks in support of military operations is no longer a theoretical concept but a potent, actively deployed instrument that can significantly influence the trajectory and outcome of international disputes. In this indispensable moderated keynote, we are honored to host Dmitri Alperovitch, a globally recognized authority on cybersecurity, geopolitics and national security, who will delve into the intricate and volatile landscape where digital combat intersects with traditional warfare.

Alperovitch will meticulously explore how the sophisticated use of cyber in warfare, coupled with the strategic maneuvers of state-sponsored actors, is poised to become a defining characteristic of future conflicts. He will dissect the emerging threats that are constantly reshaping the global security paradigm, illustrating how these digital incursions could precipitously escalate global instability, leading to unforeseen consequences for international relations and economic stability.

Join legal experts as they explore the evolving landscape of cybersecurity and privacy laws. The discussion will focus on the impact these changes have on large corporations and cybersecurity consultants, utilizing case studies from recent security incidents and emerging trends. We will also examine how regulators and prosecutors are actively enforcing these new legal frameworks, highlighting recent enforcement actions and their implications. Key topics include the EU Digital Operations Resilience Act (DORA), China's Cross-Border Data Transfer Regime, and the challenges of global compliance. Attendees will leave with practical advice for navigating this complex regulatory environment.

Sign up for Mandiant’s ThreatSpace and hone your skills against an advanced threat actor in an engaging exercise suitable for all levels. Learn how to apply practical threat intelligence and overcome real attacks with real skills for real impact. Challenges run concurrently with breakout sessions.

This session will explore the fast-changing threat environment AI is shaping, and how it is impacting both defenders and adversaries. How will AI reshape the scale, speed, and balance between offense and defense? In what ways are attackers seeking to leverage AI today? How does an AI lab think about threat modeling? These topics and more will be discussed in this fireside chat.

Sign up for Mandiant’s ThreatSpace and hone your skills against an advanced threat actor in an engaging exercise suitable for all levels. Learn how to apply practical threat intelligence and overcome real attacks with real skills for real impact. Challenges run concurrently with breakout sessions.

Well-resourced nation state threat actors are going to great lengths to weaponize N- day vulnerabilities. This session hosted by Ivanti CSO Daniel Spicer and Mandiant's Jacob Thompson will discuss the discovery of CVE-2025-22457 in Ivanti Connect Secure and the sophisticated and complicated exploitation of a security vulnerability that was initially identified and fixed as a product bug. A fix for CVE-2025-22457 was released six weeks before the first exploitation of the vulnerability occurred. The threat actor reverse engineered what had been triaged internally as a product bug and turned it into a vulnerability. Attendees will take a deep dive into why it was initially identified as a product bug, the complexity of this vulnerability, and how the threat actor exploited the vulnerability.

With cyber threats at an all-time high, the importance of robust cyber defense has never been clearer. Join panelists David Damato (CISO, Citadel), Bob Stasio (CISO, Merck), and Chris Roberts (PayPal) as they delve into how leaders across various industries are building exceptional proactive cyber defense programs. This session will explore strategies for continuous improvement, identify critical technical debt to eliminate, and discuss how to stay ahead of adversaries while fostering secure digital transformation. This discussion will offer actionable takeaways for immediate implementation, strengthening your organization's security posture.

When a major breach hits, most executive teams are unprepared to the complex process of making critical business decisions. They have limited information, potentially unavailable systems, and pressure to communicate to external parties. In this session we’ll share real-world incidents where threat actors target the technical infrastructure but rely on business risk to accomplish their mission - and how executive teams are unprepared to respond to a cyber event at their organization.

Sign up for Mandiant’s ThreatSpace and hone your skills against an advanced threat actor in an engaging exercise suitable for all levels. Learn how to apply practical threat intelligence and overcome real attacks with real skills for real impact. Challenges run concurrently with breakout sessions.

Operating within a small team backing frontline cyber incident responders, the Google Threat Intelligence Group's Advanced Practices team faces unique challenges. We support Mandiant's Incident Response and Managed Defense teams, dealing with sensitive, proprietary, raw data unlike that found in most organizations. This environment lacks established use cases or public datasets, forcing us to forge our own path. This talk will offer a glimpse into our initial experiences leveraging AI to tackle these complexities. We'll demonstrate how AI has significantly contributed to summarization and automation, while preserving the crucial human element of threat analysis. This presentation isn't about flawless solutions but an honest account of the hurdles, experiments, and emerging successes applying AI to the often chaotic world of incident response data. Join us for a candid discussion on practical AI applications in cybersecurity.

Sign up for Mandiant’s ThreatSpace and hone your skills against an advanced threat actor in an engaging exercise suitable for all levels. Learn how to apply practical threat intelligence and overcome real attacks with real skills for real impact. Challenges run concurrently with breakout sessions.

Join FBI San Francisco and Mandiant as they unveil their collaborative approach to countering sophisticated cyber espionage threats from the People's Republic of China (PRC). This session will focus on advanced persistent threat actors, including UNC4841 and UNC5221, who exploit zero-day vulnerabilities in network appliances (e.g., Barracuda, Ivanti), and the emerging threat of PRC-aligned freelance actors like UNC5174. Learn how cybersecurity practitioners, appliance vendors, and law enforcement agencies can unite to identify and respond to this evolving activity, collaborating to investigate intrusions, disrupt adversary operations, and mitigate widespread zero-day exploitation.

As cloud environments grow in complexity, so do the challenges in both cyber defense and incident response (IR). This session delves into notable multi-cloud incidents from 2025, dissecting destructive and intricate cases. We will explore effective cyber defense and detection strategies crucial for mitigating such threats, alongside proven techniques for navigating complex IR scenarios once an incident occurs. Drawing on cross-functional expertise, this presentation will provide actionable insights for security professionals. Attendees will gain a deeper understanding of emerging threats, proactive defense measures, and best practices for robust multi-cloud detection and incident response.