BSides Tampa 2026 starts here. One of the largest BSides communities in the world, bringing together hackers, builders, and defenders to share knowledge, challenge assumptions, and push the craft forward. This year, we break the curse. Step in, get involved, and make the most of the day. We’ll cover what you need to know to make the most of your day. Built by the community, for the community.
Michael Rogers
Michael Rogers is a Managing Director of Technical Advisory Services at MOXFIVE where he provides strategic advisory services and solutions to large enterprises during and after impactful incidents.
Joshua Grose
Hacker. Builder. Community Leader. | Chief Engineer & AI/Cyber Research Fellow @SAIC
Elvira Reyes
Tyler Brescia
9:15 AM
The Cursed DeckOval TheaterMid-Range9:15 AM – 10:00 AM
Preparing for the Storm: Analyzing China's Threat Actors
Trey Bilbrey
Trey Bilbrey
Head of SCYTHE Labs,
Expo/Sponsor HallExpo HallIntroduction/Entry9:15 AM – 3:00 PM
FCDI/AMRoC Fab Lab
Terri Willingham
FCDI's AMRoC Fab Lab facility serves as a creative, inclusive and accessible community gathering space for hardware and software developers of all ages and backgrounds. At BSides Tampa 2026, we'll be showcasing youth and adult creations and innovations, resources available to those looking for space and opportunities to connect.
Terri Willingham
Executive Director, FCDI
Expo/Sponsor HallExpo HallIntroduction/Entry9:15 AM – 3:00 PM
Ham Radio Village
Dennis Pelton
Steve Panaghi
Amateur radio, also known as ham radio, is the use of the radio frequency spectrum for purposes of non-commercial exchange of messages, wireless experimentation, self-training, private recreation, radiosport, contesting, and emergency communications.
Dennis Pelton
hacker @ rot13labs
Steve Panaghi
Chief Punk @ Punk Industries
10:00 AM
The Cursed DeckOval TheaterIntroduction/EntryMid-RangeAdvanced10:00 AM – 11:00 AM
The CTI Value Gap: Translating Dark Web Signals into Dollars & Cents
Michael-Angelo Zummo
"High-severity" is not a business metric. As security leaders, we need an effective method of communiticating technical metrics in the form of economic metrics to our leadership and board members in order to get the tools and funding we need.
Learn how to translate key metrics of several high severity threat intelligence topics!
Michael-Angelo Zummo
Bitsight, Global Director of CTI
Leadership/CISORM2708Mid-Range10:00 AM – 11:00 AM
Getting Creative: How States Are Improving Security with Fewer Resources and What We Can Learn from
Rex Wilson
Allan Liska
Rex Wilson
Brand Manager & Podcast Lead, Cyber Florida
Allan Liska
Ransomware Sommelier - Recorded Future
AI/MLRM3707Mid-Range10:00 AM – 11:00 AM
Hallucinations, Hustlers & Human Hacking: AI’s New Role in Social Engineering
Erich Kron
Erich Kron
Speaker, Podcast Host, Author and Social Engineering Expert
ComplianceRM3705Mid-Range10:00 AM – 11:00 AM
AI as a Force Multiplier for Security Architects: Turning the "Unlucky 13" into Strategic Advantage
Jesse Adams
Jesse Adams
Sr. Principal Enterprise Security Architect
DefenseRM2709Mid-RangeTechnical10:00 AM – 11:00 AM
APT, Meet OPSEC: Turning Mistakes into Intelligence
Austin Worline
Threat reports frequently highlight the sophisticated attacks conducted by advanced persistent threats (APTs), but far less attention is given to their OPSEC failures. These mistakes can be leveraged to gain valuable intelligence and give the security community an upper hand. This talk will cover a handful of OPSEC failures, the intelligence they revealed, and the skills and platforms required to turn adversary mistakes into actionable intelligence.
Austin Worline
Huntress, Security Operations Analyst
OffenseRM3709Introduction/Entry10:00 AM – 11:00 AM
Invisible Gateways: How Threat Actors Exploit IoT to Breach Organizations
Phillip Wylie
Threat actors increasingly exploit vulnerable IoT devices to breach organizations and are becoming more of a threat due to endpoint protection improvements. This talk reveals real-world tactics, common misconfigurations, and practical defenses to help security teams protect against IoT-based intrusions.
Phillip Wylie
Suzu Labs, Senior Consultant
CareerRM3711Introduction/Entry10:00 AM – 11:00 AM
Build Your Own Table: Creating Opportunity, Confidence, and Connection in Cybersecurity
Kathy Chambers
Kathy Chambers
Executive Producer & Founder, Kathy Chambers Media
11:00 AM
The Cursed DeckOval TheaterTechnicalExecutive11:00 AM – 12:00 PM
“The Overconfident Intern With Root Access: New Attack Chains and Security Models for Agentic AI
David Girvin
David Girvin
AI security Architect / Technical advocate
Leadership/CISORM2708Introduction/EntryMid-RangeAdvancedExecutive11:00 AM – 12:00 PM
Tap In: Disability -> Superpower
Kirsten Sireci Renner
Kirsten Sireci Renner
Connector of People to Opportunities
AI/MLRM3707Introduction/EntryMid-RangeTechnical11:00 AM – 12:00 PM
Digital Colleague or Digital Double Agent? Curbing the Super-Privileged AI
Palanivel Mano
Palanivel Mano
IAM Architect, CyberSecurity Architect, CyberSecurity Speaker, Cyberawareness Creator
ComplianceRM3705Mid-Range11:00 AM – 12:00 PM
ADios: Breaking up with Active Directory
Daniel Jarboe
Daniel Jarboe
Empowering teams to achieve goals with well-secured technology
DefenseRM2709Introduction/EntryMid-RangeExecutive11:00 AM – 12:00 PM
Common SMB security gaps
Patrick Gorman
Patrick Gorman
Patrick Gorman Founder of ISP Security
OffenseRM3709Introduction/EntryMid-RangeTechnical11:00 AM – 12:00 PM
Phishing Made Simple: Protecting Yourself and Your Organization
Brennan Harrison
Brennan Harrison
Cybersecurity Analyst - Publix Super Markets Inc.
CareerRM3711Introduction/EntryMid-RangeExecutive11:00 AM – 12:00 PM
How I Weaseled My Way into Cyber: A Journey from Music to Maritime to Blue Team
Kyle Ford
Kyle Ford
Kyle Ford - Gov Cybersecurity
12:00 PM
The Cursed DeckOval TheaterTechnical12:00 PM – 1:00 PM
Augmented Cloud Hacking with AI Workflows
Beau Bullock
Beau Bullock
Director of Emerging Threats and Advanced Testing, Black Hills Information Security
Stop Auditing & Start Surviving: Build Security Programs from Real Breaches
Jeff Foresman
Jeff Foresman
Quadrant - President of Services
DefenseRM2709Technical12:00 PM – 1:00 PM
Obfuscation-as-a-Service: Inside the AI Tools Powering Next-Gen Spam
Travis Simcox
Everyone is talking about AI in cybercrime, but most of it is theory. This talk dissects real AI phishing platforms being sold on the dark web and used in the wild. We’ll explore how threat actors leverage AI to generate convincing lures, dynamically evade detection, and automate email campaigns at scale. We will also discuss how defenders can adapt their detection and threat-hunting strategies for the AI-assisted future of social engineering.
Travis Simcox
Lead Cyber Threat Hunter
OffenseRM3709Technical12:00 PM – 1:00 PM
Rethinking how we evaluate security agents for real-world use
Dealing with Shadows: A day in the life of a threat actor negotiator
Matt Barnett
Matt Barnett
CEO of SEVN-X
OffenseRM3709Introduction/Entry2:00 PM – 3:00 PM
The Voice of Deception: How Vishing Exploits Human Emotion
Rosa Rowles
Rosa Rowles
Human Risk Analyst at Social Engineer LLC
CareerRM3711Introduction/Entry2:00 PM – 3:00 PM
What It Takes To Get A Job In Cybersecurity/IT In 2026 Panel!
Peter Bagley
Ryan Williams
Thomas Mark
Kyle Ford
Peter Bagley
B & B Cyber Solutions, Founder/CISO
Ryan Williams
CEO of RAM Cyber Consulting & Assessments, LLC
Thomas Mark
Peraton, Systems Engineering and Senior Advisor
Kyle Ford
Cybersecurity Resource | Proactive Cyber Defense
3:00 PM
The Cursed DeckOval TheaterIntroduction/Entry3:00 PM – 4:05 PM
Don’t Mess with Grandma: The Next Fight in Cybersecurity
Jeremy Rasmussen
Jeremy Rasmussen
Owner and Principal Consultant, CyberEthos LLC
4:00 PM
The Cursed DeckOval Theater4:00 PM – 5:00 PM
BSides Tampa Closing Remarks & Prizes 2026
Michael Rogers
Joshua Grose
Elvira Reyes
Tyler Brescia
The curse is broken. Now it’s on you. Apply it. Build something. Break something. Improve something that matters. Stay engaged. Built by the community, for the community.
Michael Rogers
Michael Rogers is a Managing Director of Technical Advisory Services at MOXFIVE where he provides strategic advisory services and solutions to large enterprises during and after impactful incidents.
Joshua Grose
Hacker. Builder. Community Leader. | Chief Engineer & AI/Cyber Research Fellow @SAIC
China represents the most persistent cyber threat to Western organizations, with coordinated state-sponsored operations conducting intellectual property theft, counter-espionage, and critical infrastructure infiltration attacks. This presentation will give you a peek into their playbook and help you turn it into actionable intelligence for your defenders.
We'll examine key threat actor groups and their behaviors, including APT40's rapid exploitation of newly disclosed vulnerabilities, APT41's criminal-espionage and cybercrime operations, Volt Typhoon's infiltration and persistence targeting critical infrastructure, and Salt Typhoon's counter-espionage and collection operations. We'll analyze recent breaches from each group and demonstrate how they serve Beijing's strategic economic and military objectives. Through this analysis, we'll highlight common tactics, including living-off-the-land techniques, patient long-term access, compromised edge devices, and supply chain exploitation.
The implications extend beyond individual breaches. Systematic targeting of energy, water, communications, and transportation sectors represents preparation for potential large-scale geopolitical conflict, while ongoing intellectual property theft undermines economic competitiveness across manufacturing, pharmaceuticals, and technology.
Attendees will gain practical defensive strategies covering observed TTPs, learn how to leverage public-private threat intelligence sharing, and access incident response resources to strengthen organizational resilience against this sophisticated adversary.
State and local governments are facing one of the hardest problems in cybersecurity today: defending expansive, highly
visible infrastructure while remaining transparent, accessible, and accountable to the public—all with shrinking budgets
and fewer federal grants.
In this session, Rex Wilson of Cyber Florida sits down with Allan Liska, the “Ransomware Sommelier” from Recorded
Future, to explore how states across the U.S. are responding to this challenge with creativity rather than cash. Drawing from
real-world examples, the discussion will highlight how states are rethinking shared services, centralization, partnerships,
workforce development, and threat intelligence to improve security outcomes without increasing spend.
The conversation will also connect the dots between public-sector innovation and private-sector application, showing
how the constraints states operate under often mirror those faced by small and mid-sized organizations. Attendees will
leave with practical ideas, strategic frameworks, and a renewed appreciation for creativity as a core cybersecurity skill—
not just a “nice to have.”
Description / Session Overview
Cybersecurity conversations often assume unlimited tooling, headcount, and budget. State governments rarely have
any of those.
Instead, states are being forced to innovate—centralizing security operations, sharing resources across agencies, partnering with universities and the private sector, and prioritizing intelligence-led decision-making. These approaches
are not only improving public-sector security posture, but also offering a blueprint for organizations facing similar
constraints.
This session blends threat intelligence insight with policy and program-level perspective to examine:
• How ransomware and nation-state threats are impacting state governments differently than private enterprises
• Why transparency requirements fundamentally change security strategy
• What “creative security” looks like in practice when buying another tool isn’t an option
• How lessons from state-level initiatives can directly apply to private-sector security teams
Rather than a traditional slide-heavy talk, this session is designed as a candid, story-driven discussion grounded in real
examples and hard-earned lessons.
Key Topics Covered
• The evolving ransomware and threat landscape targeting state and local governments
• Budget constraints, grant reductions, and their impact on security strategy
• Centralized security models and shared services at the state level
• Public-private partnerships and nontraditional collaboration
• Intelligence-driven prioritization when resources are limited
• Translating public-sector solutions to private-sector environments
Takeaways / What Attendees Will Learn
Attendees will leave with:
• A clearer understanding of how states are adapting to modern cyber threats with limited resources
• Practical examples of creative security solutions that don’t rely on new tools or headcount
• Strategic approaches to prioritization, collaboration, and centralization
• Ideas they can immediately apply in under-resourced private-sector or nonprofit environments
• A reframing of creativity as a critical cybersecurity competency
Target Audience
• Blue teamers and defenders
• Security leaders and managers
• Threat intelligence professionals
• Public-sector security practitioners
• Private-sector teams operating under budget or staffing constraints
Once upon a time, the average phishing email was easy to spot. They were packed with misspelled words, strange fonts, and more red flags than a bad Tinder date. Then AI showed up.
Now, attackers have an army of tireless chatbots that can spin believable pretexts, mimic executive tone, and even translate and localize scams, all in the time it takes to make a cup of coffee. Generative AI and large language models (LLMs) have taken traditional social engineering and supercharged it, making it faster, more personalized, and alarmingly convincing. Here’s the digital version of Fast and Furious, and we aren’t all family here.
In this talk, Erich Kron dives into the fascinating (and slightly terrifying) intersection of AI and human manipulation. From deepfakes that “Zoom bomb” boardrooms to voice-cloned voicemails from your “CEO,” we’ll explore how threat actors are more easily turning hallucinations into hustles, and why awareness programs and human-risk management must evolve just as fast.
You’ll walk away with:
• A deeper knowledge of AI-powered social engineering campaigns
• Practical defense strategies to reduce human risk in the age of synthetic deception
• Insights on where AI can actually help defenders (spoiler: it’s not just for writing policy documents)
• A few laughs, because if we can’t laugh at the end of the world, what’s the point?
Whether you’re a CISO, a security awareness professional, or just someone who doesn’t want to be conned by a chatbot, this session will make you rethink what it means to “trust but verify” in the AI era.
Security architects are expected to deliver more with the same resources, using methods designed for a different era. This session confronts that reality head-on. Jesse Adams identifies the "Unlucky 13" - a mix of operational pain points and persistent myths - that quietly drain time, energy, and strategic momentum from architecture teams. From endless research cycles and manual framework mapping to fears that AI will replace architects or can't be trusted with security work, these blockers are holding the profession back.
Through a live walkthrough of a Zero Trust access control workflow, you'll see how AI augmentation compresses weeks of architecture work into hours - accelerating research, drafting artifacts, evaluating designs against NIST, CIS, and ISO 27001, and tailoring stakeholder communication - all without sacrificing the rigor your organization demands. You'll leave with reusable prompts, practical templates, and a clear playbook for integrating AI into your own workflows starting tomorrow.
This isn't a talk about replacing architects. It's about amplifying them. If you've ever felt stuck between growing demands and finite hours, this session is for you.
Cyber careers don’t just accelerate from tools—they accelerate from people. Drawing on my experience as a media professional in the cybersecurity ecosystem, this talk explores how confidence, connection, and self-made opportunities shape real career growth. Attendees will learn practical ways to build visibility, create their own opportunities, and take control of their path—without waiting for permission or a seat at someone else’s table.
I’ll share behind-the-scenes insights from producing podcasts, interviews, and collaborations, highlighting what actually opens doors in this industry and how relationships form long before résumés hit a recruiter’s desk. Whether you’re new to the field or looking to level up, this session gives you the mindset and momentum to build your own table and invite others to join you.
Autonomous AI agents represent a fundamental shift in the attack surface. Unlike LLMs, agents can independently execute multi-step actions: file operations, database queries, API calls, credential usage, email generation, system changes, and recursive workflows.
Today’s enterprise AI deployments treat these systems as if they were chatbots.
They are not.
They behave far more like unmonitored junior employees with access to production systems, and yet no existing security architecture is designed to handle their failure modes.
This talk defines the emerging threat landscape of agentic AI systems and presents seven new attack chains, demonstrated through practical experiments:
1. Intent–Action Mismatch Exploitation
2. Autonomy Zone Escalation (AI sudo abuse)
3. Workflow Drift Injection
4. Multi-Tool Lateral Movement
5. Recursive Agent Spawn Abuse
6. Cross-Service Exfiltration Chains
7. Tool-Specific Privilege Abuse (JIT credential misuse)
We introduce the AI Agent Kill Chain, the first structured attacker model for autonomous systems, and provide defenders with:
• Behavioral detection signatures
• Telemetry schemas for agent event logging
• Prevention strategies using autonomy bounding
• A blueprint for building an “Agent EDR” pipeline
All demonstrations are built using publicly available frameworks, without proprietary vendor tooling.
Attendees will leave with a practical, technically enforceable understanding of how to secure agentic AI systems.
Subtitle: Turning Disability, Difference, and Disruption into Superpowers
What if the thing you were taught to treat as a weakness is really your strength?
In cyber, engineering, and high-performance tech communities, most of us quietly check at least one box: ADHD, neurodivergence, chronic pain, injury, trauma, anxiety, or another non-standard operating condition. All variables in a formula.
Tap In reframes disability and difference not as deficits to overcome, but as inputs — signals that shape how we think, adapt, and build systems. Drawing from lived experience, leadership under pressure, and the CLIMB™ framework, this talk explores how people unconsciously create compensating mechanisms to survive — and how those same mechanisms can be intentionally refined into superpowers showing clear lines to methods, levers and formulas to succeed.
This talk gives attendees permission to check the box proudly, inventory their constraints honestly, and tap into the systems they’ve already built — turning friction into leverage and difference into advantage.
Most of us in the cybersecurity and hacking community operate outside the standard mold — cognitively, physically, emotionally, or all three. Yet we are taught to hide, excuse, dismiss or work around the very conditions that shaped our strengths.
Tap In challenges that narrative.
Rather than framing disability, neurodivergence, or chronic conditions as limitations, this talk treats them as environmental conditions — like the weather. You don’t cancel life because it rains. You adapt. You bring grab an umbrella. And sometimes - and hopefully often, you even those to splash around and dance in it.
Through personal stories, systems thinking, and practical frameworks, this talk shows how professionals already build levers, buttons, and workflows to compensate — often without realizing it. By making those systems conscious and intentional, attendees learn how to stop fighting their operating conditions and start engineering around them.
This is not a talk about overcoming. It does not rank disability, minimize lived experience, or suggest that every condition becomes a ‘superpower.’ It focuses on building systems that work for the body and brain you actually have. Its about process and about owning your unique individual operating system, optimizing it and PWNing it to win.
Your organization’s newest top performers never sleep, never complain, and process data at lightning speed. But these "digital colleagues" often operate with "God Mode" privileges that would never be granted to a human employee. As Agentic AI reshapes the workforce, it creates a massive, overlooked attack surface: the non-human insider threat.
In this session, we will dismantle the myth that AI agents are merely tools and treat them as what they truly are: identities. We will explore the current chaotic state of AI access, expose the dangers of unbridled machine permissions, and provide a concrete IAM framework. Join us to learn how to apply human-grade rigor—Zero Trust, lifecycle management, and least privilege—to your silicon workforce.
Active Directory (AD) became the de facto standard for Windows-centric organizations to add security, but today, removing AD or minimizing its footprint is considered a security enhancement.
More than a technical optimization, switching from hybrid-AD to cloud-native Entra ID is a risk reduction strategy. Have the capabilities of cloud native reached a tipping point where more organizations can seriously consider reducing or eliminating AD? This session will discuss a regulated organization's journey to cloud native, reasons to do so, challenges, and lessons learned.
Small and mid-sized businesses often believe they’re “too small to be a target,” but attackers know better. In this talk, we’ll walk through the most common security gaps I see in SMB environments—like misconfigured remote access, weak identity and access controls, poor patch hygiene, insecure cloud usage, and missing logging/monitoring. We’ll break down how these weaknesses are typically exploited in real-world attacks and map them to practical, budget-friendly fixes. Attendees will leave with a clear, actionable checklist to start reducing risk the moment they get back to the office.
Phishing remains one of the most common and successful attack methods in cybersecurity—and it’s not just a problem for IT teams. In this beginner-friendly session, we’ll break down phishing in plain language, explain why these attacks work, and show you how to defend against them. You’ll learn how to spot suspicious emails, understand the tricks attackers use to bypass security measures, and discover practical steps to protect both yourself and your organization through a robust email security program. No jargon, no scare tactics—just clear, actionable advice you can start using today.
What phishing is and why it’s still a major threat.
How to spot the classic red flags hiding in your inbox, and other signs less visible to the naked eye.
Simple, effective steps to keep you and your organization off the hook.
Abstract
Breaking into cybersecurity can feel daunting for those without a traditional technical background. Many aspiring professionals struggle to see how their diverse experiences-whether in music, emergency response, or compliance, can translate into a successful cyber career. This talk addresses the challenge of bridging that gap by sharing my own unconventional journey, from earning an Associate’s Degree in Music Education to serving as a Coast Guard first responder and Marine Science Technician, and ultimately becoming a blue team cybersecurity specialist.
Target Audience
Aspiring cybersecurity professionals from diverse or non-traditional backgrounds
Blue teamers seeking fresh perspectives
Security leaders interested in broadening their talent pipelines
AI has advanced rapidly, yet much of offensive and defensive security work remains dominated by manual processes and ad-hoc use of chat-based AI tools. Practitioners frequently paste sensitive data into hosted models, ask vague questions, and hope for useful output, often leading to mixed and untrustworthy results.
In this talk, I’ll demonstrate how to build local-first AI workflows to assist with a wide range of cybersecurity-related tasks. Using tools and techniques shared in this talk you will see how easy it can be to augment penetration testing, forensic analysis, incident response and more with AI without handing sensitive data to externally hosted models. By combining low-code automation, local language models, and human guidance, AI can be embedded into repeatable and auditable security workflows rather than treated as a general-purpose chatbot.
This session walks through the design of AI-assisted cloud reconnaissance pipelines that perform advanced research & development alongside common penetration testing techniques such as cloud storage bucket discovery, tenant enumeration, and vulnerability scan analysis. Instead of asking AI open-ended questions, these workflows turn local models into task-specific agents by constraining inputs, structuring outputs, and forcing models to reason over attacker-relevant signals. The models are given tools such as Python scripts and controlled web access and operate within well-defined boundaries.
Along the way, I’ll demonstrate my own cloud security research and offensive testing workflows, highlighting where AI meaningfully accelerates analysis, where it confidently hallucinates, and how to design guardrails so automation augments human judgment instead of replacing it. The goal is not autonomous hacking, but instead to augment common security processes for offensive practitioners and defenders alike.
Attendees will leave with a clear mental model and practical architectural guidance for building their own AI-assisted security workflows using local models and low-code automation.
Security is like a sports team where very few players actually know they are on the team, only a few of these players actually show up for games, and half of those are fighting with each other or playing like they are on the opposing team.
Security will never be effective until everyone does their security job including boards of directors and CEOs, CISOs and CIOs, SOC analysts, everyday users, architects, IT engineers and operations, and more.
This isn't happening because those players don't know their positions, roles, or goals. Very few people know what they are supposed to do for security, why it's important, or how to do it. This leads to ineffective defenses and internal conflict that threat actors regularly take advantage of
This session will talk about how we go here and how to get the whole team playing together. This will show you how to use the Security Roles and Glossary standards from The Open Group to overcome these challenges and get some wins on the board!
As AI and large language models (LLMs) become increasingly embedded in real-world applications — from chatbots and copilots to security tools and customer service — the attack surface is growing faster than our ability to secure it.
This talk explores combining security frameworks with red teaming methodologies to build resilient, secure AI/LLM systems. Using real-world attack scenarios like prompt injection, model abuse, and data leakage, we’ll show how frameworks such as the OWASP LLM Top 10, NIST AI Risk Management Framework, and MITRE ATLAS can guide developers, security teams, and researchers in identifying and mitigating risk.
But frameworks are only the first step. We’ll go beyond theory and into practice, demonstrating how red teaming can expose hidden vulnerabilities in AI pipelines, from model behavior to prompt engineering flaws to inadequate output filtering. Attendees will walk away with a practical roadmap for evaluating, testing, and hardening their AI-powered applications.
Whether building an LLM app, defending one, or breaking one, this talk will help you connect structured defense with adversarial testing in a rapidly evolving landscape.
Security leaders are frequently given a clear directive: “make us compliant.” Frameworks and regulations are valuable, but many compliance-first programs end up optimized for documentation rather than for the cybersecurity breach patterns that are affecting organizations. These programs overlook issues such as identity compromise, targeted social engineering, business email compromise, exposed edge systems, misconfiguration, and third-party vendor pathways. The result is predictable: audits pass while attackers still find the shortest path to business impact.
This session presents a cybersecurity breach-informed method for building security programs “outside-in.” We’ll start with current breach statistics to identify the most common attack trends and the pathways attackers repeatedly use to gain access and cause impact. From there, you will learn how to turn those trends into a focused program roadmap: define the loss scenarios that matter most to your organization, pinpoint the failure points that allow an intrusion to become an incident, and prioritize the capabilities that will disrupt those paths. The emphasis is on measurable outcomes: reducing the likelihood of compromise, limiting fraud and data exposure, tightening access controls, and strengthening cyber resilience, rather than building a program optimized solely for documentation or audits.
Attendees will learn a practical translation model that maps cybersecurity breach patterns to failure points, capabilities, initiatives, and metrics. They will understand how to use this model to prioritize work for the quickest risk reduction within the first 90 days and to build maturity over 12 months. Participants will also gain a straightforward method for reporting progress in business terms, aligning stakeholders on priorities, and avoiding spending efforts that only enhance compliance without significantly lowering cybersecurity breach risk.
Security agents are gaining momentum across industry, but the way we evaluate them remains rooted in narrow, outcome-only benchmarks. These evaluations tell us whether an agent produced a correct answer, but not “how” it arrived there or whether that behavior will remain stable once deployed.
In practice, enterprise security is not a sequence of isolated tasks. It is a connected, end-to-end workflow that follows a find → confirm exploit → patch → validate loop. Agents that perform well on task-specific benchmarks often fail in these multi-stage settings due to contextual loss and brittle transitions across steps.
This talk introduces a practical framework for evaluating security agents by mapping agentic capabilities (planning, reasoning, memory, perception, tool use) to security functions (reconnaissance, exploit confirmation, root-cause analysis, patching, validation) across the full lifecycle. We also share insights from our large-scale survey of existing agentic systems, highlighting which capabilities consistently drive success at each stage of the security lifecycle. Finally, we present a lightweight, unified end-to-end scoring perspective that teams can use to assess an agent’s readiness for real operational environments.
Cybersecurity careers are fast-paced, constantly evolving, and often high-pressure. In cybersecurity, a field defined by constant change, high pressure, and rapid burnout, success depends on more than certifications and code. So how do you build a career that doesn’t just survive this pace, but thrives on it?
Dr. Noémi Nagy, international careers guru and professor of Career & Technical/Workforce Education at the University of South Florida, presents her own award-winning Career Resources Model, a science-driven framework she developed through international research across Switzerland, Germany, and the U.S. This model, which has earned international recognition and awards and has been featured by the London School of Economics Business Review and cited hundreds of times worldwide, identifies thirteen trainable factors that determine how well professionals build, sustain, and grow their careers.
In this hands-on session, Dr. Nagy reveals how cybersecurity professionals can apply the model to “hack” their own growth system using research-backed methods proven to increase adaptability, resilience, and career longevity in high-pressure tech environments. It’s the kind of insight that global conferences and leadership programs pay for and BSides Tampa attendees get it here, for free.
Participants will walk away with a personalized Career Resource Map and clear, actionable strategies to strengthen motivation, visibility, and performance, whether they’re securing systems, leading teams, or planning their next move in the cyber world.
Physical penetration testing is at a crossroads.
While violence in workplaces, schools, campuses, and houses of worship continues to rise, much of the physical security industry is still operating with outdated tactics, shallow assessments, and tooling that has not meaningfully evolved in over a decade. Tailgates are still passed off as full engagements. Checklists are confused with risk analysis. Reports remain disconnected from how facilities actually fail and how people actually get hurt.
This talk argues that the current state of physical penetration testing is no longer just inefficient. It is dangerous.
We will explore why physical security assessments must evolve beyond performative testing and move toward disciplined, operationally grounded delivery that reflects real-world threat models. That evolution requires more than better reporting. It requires stronger methodology, better tooling, and tighter integration between data collection, analysis, and decision-making.
The session will examine how modern physical penetration testing can be improved through intentional tooling design and increased operational discipline in the field. We will discuss how reducing friction during engagements and improving data handling practices directly impacts assessment quality and credibility.
The talk will also explore how capturing the right data throughout an engagement, including access control behavior, geographic operational context, and structured project documentation, enables assessors to tell a clear and accurate story of how a facility was tested, how it failed, and why the findings matter to the client.
Most importantly, this talk will address the ethical responsibility of physical security professionals. When assessments are shallow or misrepresented, organizations make decisions based on false confidence. In environments where lives are at stake, those failures have real consequences.
This interactive CISO panel will walk attendees through a realistic AI agent launch and incident simulation. The scenario centers on a company under significant business pressure to improve service performance quickly during a critical period. Leadership pushes forward with the rapid launch of an AI agent into a high-volume service workflow to reduce backlog, improve response times, and automate routine actions.
The first part of the session will focus on the controls, guardrails, and governance that should be in place when the business is determined to launch. The second part will shift into live incident response after the rollout goes wrong, creating customer impact, operational disruption, and executive escalation.
Audience members will participate throughout the session using Poll Everywhere, helping surface stakeholder pressure and priorities in real time. The CISOs will then react to those pressures and discuss the controls, decisions, communications, and response actions they would expect in practice.
This session is designed to be practical, engaging, and highly interactive, giving attendees insight into how security leaders think through AI risk, business pressure, and incident response in the real world.
This talk breaks down how Windows code signing fails in real environments. You learn why signed binaries still bypass trust checks and why users click through warnings. The session walks through signature abuse, metadata cloning, and SIP hijacking with real examples and live demos. You see how attackers make malware appear trusted by the OS and by users.
You also see how these techniques get chained together through a single tool using the TrustMeBro. Each step shows what changes on disk, in memory, and in the registry.
Let’s be honest. In most organizations, compliance is often treated like the annoying hall monitor of
cybersecurity; the team everyone loves to blame when innovation slows down, audits go awry, or
someone discovers a control gap the size of a small planet. Meanwhile, security engineering is out
there building cool things, fighting fires, and wondering why compliance keeps getting in the way.
Here’s the plot twist: Compliance isn’t the villain. Bad compliance is.
In this talk, I’ll break down how compliance, when done right, becomes the backbone of scalable, defensible, engineering‑aligned security and how, when it’s done wrong, it becomes a bureaucratic nightmare that drags everyone down. Drawing on 15+ years of leading enterprise assurance
programs, advising boards, and working shoulder‑to‑shoulder with engineers, I’ll show how to turn compliance from a checkbox chore into a strategic accelerator that actually helps teams ship faster and safer.
Expect candor. Expect uncomfortable truths. Expect a few spicy takes about frameworks like FedRAMP , NIST SP 800‑53, CMMC, and PCI DSS. And expect to walk away with a blueprint for
making compliance something your engineers don’t roll their eyes at.
This talk will break down the success factors driving top ransomware-as-a-service (RaaS) groups, highlighting automation, customization, and advanced tools as the trifecta that enables elite operations. With automation accelerating attack speeds and customization enhancing ransomware for maximum impact, groups like Qilin, The Gentlemen, and DragonForce are emerging as significant threats. Finally, we will provide organizations with key defense recommendations based on these success factors to help counter these evolving threats effectively.
Older adults are losing more money to cyber-enabled fraud than any other demographic yet most security systems are not designed to protect them. From romance scams and “grandchild in jail” schemes to tech support fraud and deepfake voice impersonation, attackers are running sophisticated, multi-stage social engineering campaigns that rival the operational maturity of many APT groups.
This talk reframes elder fraud not as a “user awareness problem,” but as a failure of modern security threat modeling.
We will break down how these scams actually work using a human-centered attack kill chain, show why traditional security controls (MFA, warnings, call blocking, bank flags) routinely fail under emotional manipulation, and walk through real-world case studies where victims lost life-changing sums despite “secure” systems.
Attendees will leave with practical, implementable strategies for defending high-risk populations, including behavioral fraud signals, transaction safety patterns, human-centered security design, and ecosystem-level interventions involving banks, healthcare, and caregivers.
If your systems are technically secure but your users are still being drained, your systems are not actually secure.
Are you ready to launch into the thrilling world of cybersecurity? This presentation is your backstage pass to a career where every day brings new challenges, creative problem-solving, and the chance to make a real impact. Discover why cybersecurity is one of the most dynamic and rewarding fields—where high demand, competitive pay, and endless opportunities await those bold enough to step up.
We’ll break down the realities of getting hired, from the importance of foundational roles and hands-on experience to the power of networking and soft skills. Learn how to turn imposter syndrome into a sign of growth, build a portfolio that proves your skills, and master the fundamentals that set true professionals apart.
Through stories, analogies, and practical advice, you’ll see how patience, resilience, and continuous learning pave the way to success. Whether you dream of defending systems, hunting threats, or shaping security policy, this session will show you how to find your niche and build a career that’s as exciting as it is meaningful.
Join us for a lively, interactive journey—complete with real-world tips, industry insights, and a few laughs along the way. Let’s bridge the gap together and empower the next generation of cybersecurity professionals to thrive!
The hacker spirit begins with raw curiosity—no experience, age, or background required, just an inquisitive mindset. After 25 years channeling underground roots into elite certs and skills (Cisco, EC-Council, Fortinet, HP, and more), I’ve trained defenders safeguarding the US military, banks, hospitals, power grids, and water systems and much more.
This talk is for everyone in our community: Certifications deliver real-world skills faster than degrees, without the debt—while we rebuild the peer bonds college offers, but keep it fun, authentic, and true to Bsides & DEFCON vibes.
I’ll share the playbook: how to earn top certs efficiently, study for the interview that comes after the exam, leverage that discussion to a career, while fostering lasting relationships through shared learning.
Let’s turn BSides Tampa energy into a permanent local tribe—supporting cert journeys year-round, mentoring, collaborating, celebrating under Tampa’s sun and palms.
All curious minds welcome. Certify together. Rise forever.
Overview: macOS kernel drivers use C++ virtual method tables (vtables) as part of their object model via IOKit. These vtables are a longstanding attack vector: once corrupted, they enable arbitrary control flow through forged function pointers. This talk explores vtable structure and misuse in the macOS kernel space, focusing on exploitation methods, Apple's hardening (PAC, kalloc_type), and how threat detection engineering can surface this low-level abuse. We connect kernel vtable abuse to runtime behavior, showing detection opportunities and implementation strategies using macOS telemetry APIs and instrumentation.
Descriptive: This session explores exploiting virtual method tables (vtables) in the macOS kernel (via IOKit) and how to detect these techniques as they occur. We'll explore how kernel objects are structured, how use-after-free and fake vtable techniques bypass runtime protections, some CVEs, and how Pointer Authentication (PAC) plays a role in this.
Then, we will transition into detection engineering: how hijacked vtables manifest in kernel crashes, syscall behavior, and memory layout anomalies. We'll walk through detection strategies, including PAC failure crash signatures, Endpoint Security API telemetry, and architectural approaches like hypervisor-assisted integrity monitoring. Designed for engineers building telemetry pipelines or writing detection rules, this talk bridges internals and exploitation knowledge with security tooling.
Outline:
Introduction and context (5 min)
Role of vtables in macOS kernel (IOKit C++ object model)
Why kernel-space vtable hijacking matters for local privilege escalation (LPE)
Risks: sandbox escape + root escalation in enterprise fleet
Vtable architecture in macOS kernel (3 min)
How vtables are constructed (Itanium C++ ABI, vptr at offset 0)
Object layout in IOKit (e.g., OSObject, IOUserClient)
Location of vtables in memory: read-only kernel segments, post-KASLR
Pointer Authentication (PAC) on Apple Silicon
-- PACDA on vptr, PACIA on vtable function pointers
kalloc_type heap segregation and its role in defeating type confusion
PAC has narrowed exploit scope but detection is still important
-- Detection engineers should integrate:
-- Crash telemetry correlation
-- Kernel exploit behavioral heuristics
-- PAC failure pattern analysis
Suggestion: Build visibility layers early, even before full exploit signatures are known
Wiggle room (5 minutes)
Questions: 10 minutes
Ransomware negotiations are rarely just about money. They are high-pressure engagements shaped by psychology, leverage, timing, and uncertainty, all while organizations are still assessing the scope of compromise.
This talk offers a practitioner’s perspective on negotiating with threat actors during live extortion events. Drawing on real-world cases, it examines how threat actors communicate, what their behavior signals, and how disciplined negotiation strategy can influence outcomes beyond the final payment amount. Attendees will learn how pacing, message control, and delay are used to buy time, reduce risk, and preserve decision-making authority under crisis conditions.
The session also addresses common misconceptions about ransom negotiations, frequent mistakes that increase cost and exposure, and how negotiation fits into a broader incident response strategy that balances technical, legal, financial, and human factors. This presentation is about what works, and what doesn’t. What you should do, and maybe more importantly, what you should never do.
Vishing — voice phishing — has rapidly become one of the most dangerous tools in a social engineer’s arsenal. From high-profile corporate breaches to targeted personal attacks, vishing exploits our most human traits: trust, emotion, and social connection.
In this session, I will explain how malicious attackers prey on human emotion to get their targets to take an action that they normally would not. I will explain the different principles of influence they use and they work so well. I will play real vishing calls and have the audience participate to pick out the principles of influence used. The session will conclude with how we can prepare, defend, and protect against this escalating threat.
The host will discuss some of the following questions with the panelists and have them share their insights about them:
Why was it important to have a career in the field?
What are employers looking for today, and which is more important, certifications or college education?
What does it take to pass an interview to get the job and stay relevant in the field once you have it?
What are Soft Skills, and why are they important in our field today? How can someone improve these skills for future employment opportunities?
Have any of you used a recruiter? Is it beneficial to have a recruiter help you attain a job, and what services do they offer that I can't find on my own?
Elder Financial Exploitation (EFE) is a $35 billion a year heist hiding in plain sight. It’s the quiet crime that steals retirement dreams, rewrites family legacies, and preys on the people who built the world we now secure. And the worst part? Most of it never even gets reported.
Hollywood has started to take notice—"The Beekeeper" as an example—but the real story is far uglier. Industrialized scam compounds overseas. Seniors so isolated they cling to scammers for companionship. Families betraying their own. It's exploitation wrapped in loneliness, coercion, and heartbreak.
This keynote shows just how easy it is to fool “grandma” with AI generated voices and faces. If we can clone a loved one in seconds, imagine what a motivated criminal can do. Education and awareness alone won’t cut it anymore.
So, I’m bringing the BSides Tampa community a challenge: think bigger. Think weirder. Think bolder. I’ll tease a few unconventional ideas—personal scale monitoring, AI that wastes scammers’ time, safer digital spaces for seniors—but the real innovation will come from our community.
EFE isn’t just a cybersecurity problem. It’s a societal failure. And if anyone can flip the script on the fraudsters, it’s us.
Michael Rogers
Joshua GroseElvira ReyesTyler Brescia
Trey Bilbrey
Terri Willingham
Dennis Pelton
Steve Panaghi
Michael-Angelo Zummo
Rex Wilson
Allan Liska
Erich Kron
Jesse Adams
Austin Worline
Phillip Wylie
Kathy Chambers
David Girvin
Kirsten Sireci Renner
Palanivel Mano
Daniel Jarboe
Patrick Gorman
Brennan Harrison
Kyle Ford
Beau Bullock
Mark Simos
Samuel A. Cordoba
Jeff Foresman
Travis Simcox
Mudita Khurana
Noemi Nagy
Travis Weathers
Christina Shannon
James Bowie
Brett Conlon
Larry Whiteside, Jr.
Jatarra Warren
G Mark Hardy
Timothy Youngblood
Fagan Afandiyev
Stacey Oneal, PhD
John Dilgen
Kassandra Pierre Bedell
Frank Victory
Ryan Lindfield
Olivia Gallucci
Bidemi Ologunde
Matt Barnett
Rosa Rowles
Peter Bagley
Ryan Williams
Thomas Mark
Kyle Ford
Jeremy Rasmussen