Training Day. Conference Day. Seven Tracks.

China represents the most persistent cyber threat to Western organizations, with coordinated state-sponsored operations conducting intellectual property theft, counter-espionage, and critical infrastructure infiltration attacks. This presentation will give you a peek into their playbook and help you turn it into actionable intelligence for your defenders. We'll examine key threat actor groups and their behaviors, including APT40's rapid exploitation of newly disclosed vulnerabilities, APT41's criminal-espionage and cybercrime operations, Volt Typhoon's infiltration and persistence targeting critical infrastructure, and Salt Typhoon's counter-espionage and collection operations. We'll analyze recent breaches from each group and demonstrate how they serve Beijing's strategic economic and military objectives. Through this analysis, we'll highlight common tactics, including living-off-the-land techniques, patient long-term access, compromised edge devices, and supply chain exploitation. The implications extend beyond individual breaches. Systematic targeting of energy, water, communications, and transportation sectors represents preparation for potential large-scale geopolitical conflict, while ongoing intellectual property theft undermines economic competitiveness across manufacturing, pharmaceuticals, and technology. Attendees will gain practical defensive strategies covering observed TTPs, learn how to leverage public-private threat intelligence sharing, and access incident response resources to strengthen organizational resilience against this sophisticated adversary.

Trey Bilbrey

Head of SCYTHE Labs,

"High-severity" is not a business metric. As security leaders, we need an effective method of communiticating technical metrics in the form of economic metrics to our leadership and board members in order to get the tools and funding we need. Learn how to translate key metrics of several high severity threat intelligence topics!

Michael-Angelo Zummo

Bitsight, Global Director of CTI

State and local governments are facing one of the hardest problems in cybersecurity today: defending expansive, highly visible infrastructure while remaining transparent, accessible, and accountable to the public—all with shrinking budgets and fewer federal grants. In this session, Rex Wilson of Cyber Florida sits down with Allan Liska, the “Ransomware Sommelier” from Recorded Future, to explore how states across the U.S. are responding to this challenge with creativity rather than cash. Drawing from real-world examples, the discussion will highlight how states are rethinking shared services, centralization, partnerships, workforce development, and threat intelligence to improve security outcomes without increasing spend. The conversation will also connect the dots between public-sector innovation and private-sector application, showing how the constraints states operate under often mirror those faced by small and mid-sized organizations. Attendees will leave with practical ideas, strategic frameworks, and a renewed appreciation for creativity as a core cybersecurity skill— not just a “nice to have.” Description / Session Overview Cybersecurity conversations often assume unlimited tooling, headcount, and budget. State governments rarely have any of those. Instead, states are being forced to innovate—centralizing security operations, sharing resources across agencies, partnering with universities and the private sector, and prioritizing intelligence-led decision-making. These approaches are not only improving public-sector security posture, but also offering a blueprint for organizations facing similar constraints. This session blends threat intelligence insight with policy and program-level perspective to examine: • How ransomware and nation-state threats are impacting state governments differently than private enterprises • Why transparency requirements fundamentally change security strategy • What “creative security” looks like in practice when buying another tool isn’t an option • How lessons from state-level initiatives can directly apply to private-sector security teams Rather than a traditional slide-heavy talk, this session is designed as a candid, story-driven discussion grounded in real examples and hard-earned lessons. Key Topics Covered • The evolving ransomware and threat landscape targeting state and local governments • Budget constraints, grant reductions, and their impact on security strategy • Centralized security models and shared services at the state level • Public-private partnerships and nontraditional collaboration • Intelligence-driven prioritization when resources are limited • Translating public-sector solutions to private-sector environments Takeaways / What Attendees Will Learn Attendees will leave with: • A clearer understanding of how states are adapting to modern cyber threats with limited resources • Practical examples of creative security solutions that don’t rely on new tools or headcount • Strategic approaches to prioritization, collaboration, and centralization • Ideas they can immediately apply in under-resourced private-sector or nonprofit environments • A reframing of creativity as a critical cybersecurity competency Target Audience • Blue teamers and defenders • Security leaders and managers • Threat intelligence professionals • Public-sector security practitioners • Private-sector teams operating under budget or staffing constraints

Rex Wilson

Brand Manager & Podcast Lead, Cyber Florida

Allan Liska

Ransomware Sommelier - Recorded Future

Once upon a time, the average phishing email was easy to spot. They were packed with misspelled words, strange fonts, and more red flags than a bad Tinder date. Then AI showed up. Now, attackers have an army of tireless chatbots that can spin believable pretexts, mimic executive tone, and even translate and localize scams, all in the time it takes to make a cup of coffee. Generative AI and large language models (LLMs) have taken traditional social engineering and supercharged it, making it faster, more personalized, and alarmingly convincing. Here’s the digital version of Fast and Furious, and we aren’t all family here. In this talk, Erich Kron dives into the fascinating (and slightly terrifying) intersection of AI and human manipulation. From deepfakes that “Zoom bomb” boardrooms to voice-cloned voicemails from your “CEO,” we’ll explore how threat actors are more easily turning hallucinations into hustles, and why awareness programs and human-risk management must evolve just as fast. You’ll walk away with: • A deeper knowledge of AI-powered social engineering campaigns • Practical defense strategies to reduce human risk in the age of synthetic deception • Insights on where AI can actually help defenders (spoiler: it’s not just for writing policy documents) • A few laughs, because if we can’t laugh at the end of the world, what’s the point? Whether you’re a CISO, a security awareness professional, or just someone who doesn’t want to be conned by a chatbot, this session will make you rethink what it means to “trust but verify” in the AI era.

Erich Kron

Speaker, Podcast Host, Author and Social Engineering Expert

In today's rapidly shifting threat landscape, security teams are under pressure to deliver faster, think broader, and navigate deeper waters than ever before. As a Senior Principal Enterprise Security Architect, I've spent the last several years charting those waters - and I've discovered that AI isn't the sea monster many fear. It's the compass, the map, and sometimes even the extra deckhand that helps us sail farther with the same crew. This session will explore practical, real-world strategies for integrating AI into the everyday workflow of information security professionals. Rather than abstract theory or vendor-driven hype, I'll share concrete examples from my own toolkit - tools that have transformed how I deliver architecture, governance, and security assurance at enterprise scale. I'll dive into how AI can: - Accelerate the creation of foundational security architecture guidance - Rapidly assess design artifacts for alignment with industry frameworks - Supercharge responses to complex RFIs and stakeholder inquiries Throughout the talk, I'll emphasize a core truth: AI doesn't replace security professionals - it amplifies them. It frees us from the repetitive, the tedious, and the time-consuming so we can focus on strategy, risk-based decision-making, and the human judgment that no machine can replicate. And yes, we'll have a bit of pirate-themed fun along the way - because every good security architect knows that navigating uncharted waters requires both skill and spirit. By the end, attendees will walk away with actionable recommendations, practical examples, and a renewed sense of how AI can help them steer their own ships with confidence. Join me as we explore how to turn AI from a mysterious sea beast into a trusted first mate - one "Arrr" at a time!

Jesse Adams

Sr. Principal Enterprise Security Architect

This talk breaks down how Windows code signing fails in real environments. You learn why signed binaries still bypass trust checks and why users click through warnings. The session walks through signature abuse, metadata cloning, and SIP hijacking with real examples and live demos. You see how attackers make malware appear trusted by the OS and by users. You also see how these techniques get chained together through a single tool using the TrustMeBro. Each step shows what changes on disk, in memory, and in the registry.

Fagan Afandiyev

White Knight Labs, Offensive Security Engineer

Threat actors increasingly exploit vulnerable IoT devices to breach organizations and are becoming more of a threat due to endpoint protection improvements. This talk reveals real-world tactics, common misconfigurations, and practical defenses to help security teams protect against IoT-based intrusions.

Phillip Wylie

Suzu Labs, Senior Consultant

Cyber careers don’t just accelerate from tools—they accelerate from people. Drawing on my experience as a media professional in the cybersecurity ecosystem, this talk explores how confidence, connection, and self-made opportunities shape real career growth. Attendees will learn practical ways to build visibility, create their own opportunities, and take control of their path—without waiting for permission or a seat at someone else’s table. I’ll share behind-the-scenes insights from producing podcasts, interviews, and collaborations, highlighting what actually opens doors in this industry and how relationships form long before résumés hit a recruiter’s desk. Whether you’re new to the field or looking to level up, this session gives you the mindset and momentum to build your own table and invite others to join you.

Kathy Chambers

Executive Producer & Founder, Kathy Chambers Media

KongTuke is a sophisticated traffic distribution system (TDS) that compromises legitimate websites to funnel victims through multi-stage infection chains. While investigating recent KongTuke campaigns, we discovered a hardcoded Telegram bot token that exposed the threat actors' testing activity. We also observed KongTuke operators pivot from initial access to hands-on keyboard intrusions, deploying the Interlock RAT, exfiltrating data to Azure Blob Storage, and laterally moving across networks using scheduled tasks. This talk will break down KongTuke's evolution from ClickFix to FileFix and back, examine their obfuscation techniques, backdoors, and anti-analysis checks, and walk through a full intrusion.

Anna Pham

Senior Tactical Response Analyst

Austin Worline

Huntress, Security Operations Analyst

Subtitle: Turning Disability, Difference, and Disruption into Superpowers What if the thing you were taught to treat as a weakness is really your strength? In cyber, engineering, and high-performance tech communities, most of us quietly check at least one box: ADHD, neurodivergence, chronic pain, injury, trauma, anxiety, or another non-standard operating condition. All variables in a formula. Tap In reframes disability and difference not as deficits to overcome, but as inputs — signals that shape how we think, adapt, and build systems. Drawing from lived experience, leadership under pressure, and the CLIMB™ framework, this talk explores how people unconsciously create compensating mechanisms to survive — and how those same mechanisms can be intentionally refined into superpowers showing clear lines to methods, levers and formulas to succeed. This talk gives attendees permission to check the box proudly, inventory their constraints honestly, and tap into the systems they’ve already built — turning friction into leverage and difference into advantage. Most of us in the cybersecurity and hacking community operate outside the standard mold — cognitively, physically, emotionally, or all three. Yet we are taught to hide, excuse, dismiss or work around the very conditions that shaped our strengths. Tap In challenges that narrative. Rather than framing disability, neurodivergence, or chronic conditions as limitations, this talk treats them as environmental conditions — like the weather. You don’t cancel life because it rains. You adapt. You bring grab an umbrella. And sometimes - and hopefully often, you even those to splash around and dance in it. Through personal stories, systems thinking, and practical frameworks, this talk shows how professionals already build levers, buttons, and workflows to compensate — often without realizing it. By making those systems conscious and intentional, attendees learn how to stop fighting their operating conditions and start engineering around them. This is not a talk about overcoming. It does not rank disability, minimize lived experience, or suggest that every condition becomes a ‘superpower.’ It focuses on building systems that work for the body and brain you actually have. Its about process and about owning your unique individual operating system, optimizing it and PWNing it to win.

Kirsten Sireci Renner

Connector of People to Opportunities

Your organization’s newest top performers never sleep, never complain, and process data at lightning speed. But these "digital colleagues" often operate with "God Mode" privileges that would never be granted to a human employee. As Agentic AI reshapes the workforce, it creates a massive, overlooked attack surface: the non-human insider threat. ​In this session, we will dismantle the myth that AI agents are merely tools and treat them as what they truly are: identities. We will explore the current chaotic state of AI access, expose the dangers of unbridled machine permissions, and provide a concrete IAM framework. Join us to learn how to apply human-grade rigor—Zero Trust, lifecycle management, and least privilege—to your silicon workforce.

Palanivel Mano

IAM Architect, CyberSecurity Architect, CyberSecurity Speaker, Cyberawareness Creator

Active Directory (AD) became the de facto standard for Windows-centric organizations to *add* security, but today, removing AD or minimizing its footprint is considered a security enhancement. More than a technical optimization, switching from hybrid-AD to cloud-native Entra ID is a risk reduction strategy. Have the capabilities of cloud native reached a tipping point where more organizations can seriously consider reducing or eliminating AD? This session will discuss a regulated organization's journey to cloud native, reasons to do so, challenges, and lessons learned.

Daniel Jarboe

Empowering teams to achieve goals with well-secured technology

Small and mid-sized businesses often believe they’re “too small to be a target,” but attackers know better. In this talk, we’ll walk through the most common security gaps I see in SMB environments—like misconfigured remote access, weak identity and access controls, poor patch hygiene, insecure cloud usage, and missing logging/monitoring. We’ll break down how these weaknesses are typically exploited in real-world attacks and map them to practical, budget-friendly fixes. Attendees will leave with a clear, actionable checklist to start reducing risk the moment they get back to the office.

Patrick Gorman

Patrick Gorman Founder of ISP Security

Phishing remains one of the most common and successful attack methods in cybersecurity—and it’s not just a problem for IT teams. In this beginner-friendly session, we’ll break down phishing in plain language, explain why these attacks work, and show you how to defend against them. You’ll learn how to spot suspicious emails, understand the tricks attackers use to bypass security measures, and discover practical steps to protect both yourself and your organization through a robust email security program. No jargon, no scare tactics—just clear, actionable advice you can start using today. Target audience: Technical, Operational, Beginner-friendly In this session, you'll learn: - What phishing is and why it’s still a major threat. - How to spot the classic red flags hiding in your inbox, and other signs less visible to the naked eye. - Simple, effective steps to keep you and your organization off the hook.

Brennan Harrison

Cybersecurity Analyst - Publix Super Markets Inc.

AI has advanced rapidly, yet much of offensive and defensive security work remains dominated by manual processes and ad-hoc use of chat-based AI tools. Practitioners frequently paste sensitive data into hosted models, ask vague questions, and hope for useful output, often leading to mixed and untrustworthy results. In this talk, I’ll demonstrate how to build local-first AI workflows to assist with a wide range of cybersecurity-related tasks. Using tools and techniques shared in this talk you will see how easy it can be to augment penetration testing, forensic analysis, incident response and more with AI without handing sensitive data to externally hosted models. By combining low-code automation, local language models, and human guidance, AI can be embedded into repeatable and auditable security workflows rather than treated as a general-purpose chatbot. This session walks through the design of AI-assisted cloud reconnaissance pipelines that perform advanced research & development alongside common penetration testing techniques such as cloud storage bucket discovery, tenant enumeration, and vulnerability scan analysis. Instead of asking AI open-ended questions, these workflows turn local models into task-specific agents by constraining inputs, structuring outputs, and forcing models to reason over attacker-relevant signals. The models are given tools such as Python scripts and controlled web access and operate within well-defined boundaries. Along the way, I’ll demonstrate my own cloud security research and offensive testing workflows, highlighting where AI meaningfully accelerates analysis, where it confidently hallucinates, and how to design guardrails so automation augments human judgment instead of replacing it. The goal is not autonomous hacking, but instead to augment common security processes for offensive practitioners and defenders alike. Attendees will leave with a clear mental model and practical architectural guidance for building their own AI-assisted security workflows using local models and low-code automation.

Beau Bullock

Director of Emerging Threats and Advanced Testing, Black Hills Information Security

Security is like a sports team where very few players actually know they are on the team, only a few of these players actually show up for games, and half of those are fighting with each other or playing like they are on the opposing team. Security will never be effective until everyone does their security job including boards of directors and CEOs, CISOs and CIOs, SOC analysts, everyday users, architects, IT engineers and operations, and more. This isn't happening because those players don't know their positions, roles, or goals. Very few people know what they are supposed to do for security, why it's important, or how to do it. This leads to ineffective defenses and internal conflict that threat actors regularly take advantage of This session will talk about how we go here and how to get the whole team playing together. This will show you how to use the Security Roles and Glossary standards from The Open Group to overcome these challenges and get some wins on the board!

Mark Simos

Lead Cybersecurity Architect for Microsoft, Author, and Steward of Open Standards

As AI and large language models (LLMs) become increasingly embedded in real-world applications — from chatbots and copilots to security tools and customer service — the attack surface is growing faster than our ability to secure it. This talk explores combining security frameworks with red teaming methodologies to build resilient, secure AI/LLM systems. Using real-world attack scenarios like prompt injection, model abuse, and data leakage, we’ll show how frameworks such as the OWASP LLM Top 10, NIST AI Risk Management Framework, and MITRE ATLAS can guide developers, security teams, and researchers in identifying and mitigating risk. But frameworks are only the first step. We’ll go beyond theory and into practice, demonstrating how red teaming can expose hidden vulnerabilities in AI pipelines, from model behavior to prompt engineering flaws to inadequate output filtering. Attendees will walk away with a practical roadmap for evaluating, testing, and hardening their AI-powered applications. Whether building an LLM app, defending one, or breaking one, this talk will help you connect structured defense with adversarial testing in a rapidly evolving landscape.

Samuel A. Cordoba

Speaker | Strategic CISO | Cybersecurity Executive | Independent Security Researcher | Adversary Emulation Enthusiast

Security leaders are frequently given a clear directive: “make us compliant.” Frameworks and regulations are valuable, but many compliance-first programs end up optimized for documentation rather than for the cybersecurity breach patterns that are affecting organizations. These programs overlook issues such as identity compromise, targeted social engineering, business email compromise, exposed edge systems, misconfiguration, and third-party vendor pathways. The result is predictable: audits pass while attackers still find the shortest path to business impact. This session presents a cybersecurity breach-informed method for building security programs “outside-in.” We’ll start with current breach statistics to identify the most common attack trends and the pathways attackers repeatedly use to gain access and cause impact. From there, you will learn how to turn those trends into a focused program roadmap: define the loss scenarios that matter most to your organization, pinpoint the failure points that allow an intrusion to become an incident, and prioritize the capabilities that will disrupt those paths. The emphasis is on measurable outcomes: reducing the likelihood of compromise, limiting fraud and data exposure, tightening access controls, and strengthening cyber resilience, rather than building a program optimized solely for documentation or audits. Attendees will learn a practical translation model that maps cybersecurity breach patterns to failure points, capabilities, initiatives, and metrics. They will understand how to use this model to prioritize work for the quickest risk reduction within the first 90 days and to build maturity over 12 months. Participants will also gain a straightforward method for reporting progress in business terms, aligning stakeholders on priorities, and avoiding spending efforts that only enhance compliance without significantly lowering cybersecurity breach risk.

Jeff Foresman

Quadrant - President of Services

Everyone is talking about AI in cybercrime, but most of it is theory. This talk dissects real AI phishing platforms being sold on the dark web and used in the wild. We’ll explore how threat actors leverage AI to generate convincing lures, dynamically evade detection, and automate email campaigns at scale. We will also discuss how defenders can adapt their detection and threat-hunting strategies for the AI-assisted future of social engineering.

Travis Simcox

Lead Cyber Threat Hunter

Security agents are gaining momentum across industry, but the way we evaluate them remains rooted in narrow, outcome-only benchmarks. These evaluations tell us whether an agent produced a correct answer, but not “how” it arrived there or whether that behavior will remain stable once deployed. In practice, enterprise security is not a sequence of isolated tasks. It is a connected, end-to-end workflow that follows a find → confirm exploit → patch → validate loop. Agents that perform well on task-specific benchmarks often fail in these multi-stage settings due to contextual loss and brittle transitions across steps. This talk introduces a practical framework for evaluating security agents by mapping agentic capabilities (planning, reasoning, memory, perception, tool use) to security functions (reconnaissance, exploit confirmation, root-cause analysis, patching, validation) across the full lifecycle. We also share insights from our large-scale survey of existing agentic systems, highlighting which capabilities consistently drive success at each stage of the security lifecycle. Finally, we present a lightweight, unified end-to-end scoring perspective that teams can use to assess an agent’s readiness for real operational environments.

Mudita Khurana

Airbnb, Staff Security Engineer

Cybersecurity careers are fast-paced, constantly evolving, and often high-pressure. In cybersecurity, a field defined by constant change, high pressure, and rapid burnout, success depends on more than certifications and code. So how do you build a career that doesn’t just survive this pace, but thrives on it? Dr. Noémi Nagy, international careers guru and professor of Career & Technical/Workforce Education at the University of South Florida, presents her own award-winning Career Resources Model, a science-driven framework she developed through international research across Switzerland, Germany, and the U.S. This model, which has earned international recognition and awards and has been featured by the London School of Economics Business Review and cited hundreds of times worldwide, identifies thirteen trainable factors that determine how well professionals build, sustain, and grow their careers. In this hands-on session, Dr. Nagy reveals how cybersecurity professionals can apply the model to “hack” their own growth system using research-backed methods proven to increase adaptability, resilience, and career longevity in high-pressure tech environments. It’s the kind of insight that global conferences and leadership programs pay for and BSides Tampa attendees get it here, for free. Participants will walk away with a personalized Career Resource Map and clear, actionable strategies to strengthen motivation, visibility, and performance, whether they’re securing systems, leading teams, or planning their next move in the cyber world.

Noemi Nagy

TT Professor of Career and Technical/Workforce Education and Affiliate Professor of Entrepreneurship, University of South Florida

Physical penetration testing is at a crossroads. While violence in workplaces, schools, campuses, and houses of worship continues to rise, much of the physical security industry is still operating with outdated tactics, shallow assessments, and tooling that has not meaningfully evolved in over a decade. Tailgates are still passed off as full engagements. Checklists are confused with risk analysis. Reports remain disconnected from how facilities actually fail and how people actually get hurt. This talk argues that the current state of physical penetration testing is no longer just inefficient. It is dangerous. We will explore why physical security assessments must evolve beyond performative testing and move toward disciplined, operationally grounded delivery that reflects real-world threat models. That evolution requires more than better reporting. It requires stronger methodology, better tooling, and tighter integration between data collection, analysis, and decision-making. The session will examine how modern physical penetration testing can be improved through intentional tooling design and increased operational discipline in the field. We will discuss how reducing friction during engagements and improving data handling practices directly impacts assessment quality and credibility. The talk will also explore how capturing the right data throughout an engagement, including access control behavior, geographic operational context, and structured project documentation, enables assessors to tell a clear and accurate story of how a facility was tested, how it failed, and why the findings matter to the client. Most importantly, this talk will address the ethical responsibility of physical security professionals. When assessments are shallow or misrepresented, organizations make decisions based on false confidence. In environments where lives are at stake, those failures have real consequences.

Travis Weathers

Sr Director of Offensive Security at Echelon Risk + Cyber / Instructor and Co-Owner of Practical Physical Exploitation (Mayweather Group)

Most enterprise RAG systems fail silently—they hallucinate, they route queries to the wrong data sources, and they offer no principled way to recover when things go wrong. In this talk, I'll reveal how I solved these problems by building Protocol-H, a hierarchical agentic RAG framework that treats multi-modal reasoning (SQL + semantic search) as a first-class citizen. You'll learn the design patterns that reduce hallucinations by 40%, the autonomous error recovery mechanism that enables agents to self-correct without human intervention, and the cloud-agnostic abstractions that let you switch databases without rewriting orchestration logic. Drawing from production deployment in commercial fleet safety systems, I'll walk you through complete source code, real-world pitfalls, and five actionable principles you can apply immediately to build reliable agentic systems at scale.

Abhijit Ubale

Senior Snowflake (Certified) Data/ML/AI Engineer

Let’s be honest. In most organizations, compliance is often treated like the annoying hall monitor of cybersecurity; the team everyone loves to blame when innovation slows down, audits go awry, or someone discovers a control gap the size of a small planet. Meanwhile, security engineering is out there building cool things, fighting fires, and wondering why compliance keeps getting in the way. Here’s the plot twist: Compliance isn’t the villain. Bad compliance is. In this talk, I’ll break down how compliance, when done right, becomes the backbone of scalable, defensible, engineering‑aligned security and how, when it’s done wrong, it becomes a bureaucratic nightmare that drags everyone down. Drawing on 15+ years of leading enterprise assurance programs, advising boards, and working shoulder‑to‑shoulder with engineers, I’ll show how to turn compliance from a checkbox chore into a strategic accelerator that actually helps teams ship faster and safer. Expect candor. Expect uncomfortable truths. Expect a few spicy takes about frameworks like FedRAMP , NIST SP 800‑53, CMMC, and PCI DSS. And expect to walk away with a blueprint for making compliance something your engineers don’t roll their eyes at.

Stacey Oneal, PhD

Cybersecurity Lecturer and Consultant

This talk will break down the success factors driving top ransomware-as-a-service (RaaS) groups, highlighting automation, customization, and advanced tools as the trifecta that enables elite operations. With automation accelerating attack speeds and customization enhancing ransomware for maximum impact, groups like Qilin, The Gentlemen, and DragonForce are emerging as significant threats. Finally, we will provide organizations with key defense recommendations based on these success factors to help counter these evolving threats effectively.

John Dilgen

Threat Intel Analyst

Older adults are losing more money to cyber-enabled fraud than any other demographic yet most security systems are not designed to protect them. From romance scams and “grandchild in jail” schemes to tech support fraud and deepfake voice impersonation, attackers are running sophisticated, multi-stage social engineering campaigns that rival the operational maturity of many APT groups. This talk reframes elder fraud not as a “user awareness problem,” but as a failure of modern security threat modeling. We will break down how these scams actually work using a human-centered attack kill chain, show why traditional security controls (MFA, warnings, call blocking, bank flags) routinely fail under emotional manipulation, and walk through real-world case studies where victims lost life-changing sums despite “secure” systems. Attendees will leave with practical, implementable strategies for defending high-risk populations, including behavioral fraud signals, transaction safety patterns, human-centered security design, and ecosystem-level interventions involving banks, healthcare, and caregivers. If your systems are technically secure but your users are still being drained, your systems are not actually secure.

Kassandra Pierre Bedell

Founder, DYASPURA Digital

Are you ready to launch into the thrilling world of cybersecurity? This presentation is your backstage pass to a career where every day brings new challenges, creative problem-solving, and the chance to make a real impact. Discover why cybersecurity is one of the most dynamic and rewarding fields—where high demand, competitive pay, and endless opportunities await those bold enough to step up. We’ll break down the realities of getting hired, from the importance of foundational roles and hands-on experience to the power of networking and soft skills. Learn how to turn imposter syndrome into a sign of growth, build a portfolio that proves your skills, and master the fundamentals that set true professionals apart. Through stories, analogies, and practical advice, you’ll see how patience, resilience, and continuous learning pave the way to success. Whether you dream of defending systems, hunting threats, or shaping security policy, this session will show you how to find your niche and build a career that’s as exciting as it is meaningful. Join us for a lively, interactive journey—complete with real-world tips, industry insights, and a few laughs along the way. Let’s bridge the gap together and empower the next generation of cybersecurity professionals to thrive!

Frank Victory

Building a Secure Future: Experienced Professional with a Teaching Heart.

The hacker spirit begins with raw curiosity—no experience, age, or background required, just an inquisitive mindset. After 25 years channeling underground roots into elite certs and skills (Cisco, EC-Council, Fortinet, HP, and more), I’ve trained defenders safeguarding the US military, banks, hospitals, power grids, and water systems and much more. This talk is for everyone in our community: Certifications deliver real-world skills faster than degrees, without the debt—while we rebuild the peer bonds college offers, but keep it fun, authentic, and true to Bsides & DEFCON vibes. I’ll share the playbook: how to earn top certs efficiently, study for the interview that comes after the exam, leverage that discussion to a career, while fostering lasting relationships through shared learning. Let’s turn BSides Tampa energy into a permanent local tribe—supporting cert journeys year-round, mentoring, collaborating, celebrating under Tampa’s sun and palms. All curious minds welcome. Certify together. Rise forever.

Ryan Lindfield

Security Advisor - Certified Technical Instructor

Overview: macOS kernel drivers use C++ virtual method tables (vtables) as part of their object model via IOKit. These vtables are a longstanding attack vector: once corrupted, they enable arbitrary control flow through forged function pointers. This talk explores vtable structure and misuse in the macOS kernel space, focusing on exploitation methods, Apple's hardening (PAC, kalloc_type), and how threat detection engineering can surface this low-level abuse. We connect kernel vtable abuse to runtime behavior, showing detection opportunities and implementation strategies using macOS telemetry APIs and instrumentation. Descriptive: This session explores exploiting virtual method tables (vtables) in the macOS kernel (via IOKit) and how to detect these techniques as they occur. We'll explore how kernel objects are structured, how use-after-free and fake vtable techniques bypass runtime protections, some CVEs, and how Pointer Authentication (PAC) plays a role in this. Then, we will transition into detection engineering: how hijacked vtables manifest in kernel crashes, syscall behavior, and memory layout anomalies. We'll walk through detection strategies, including PAC failure crash signatures, Endpoint Security API telemetry, and architectural approaches like hypervisor-assisted integrity monitoring. Designed for engineers building telemetry pipelines or writing detection rules, this talk bridges internals and exploitation knowledge with security tooling. Outline: 1. Introduction and context (5 min) - Role of vtables in macOS kernel (IOKit C++ object model) - Why kernel-space vtable hijacking matters for local privilege escalation (LPE) - Risks: sandbox escape + root escalation in enterprise fleet 2. Vtable architecture in macOS kernel (3 min) - How vtables are constructed (Itanium C++ ABI, vptr at offset 0) - Object layout in IOKit (e.g., OSObject, IOUserClient) - Location of vtables in memory: read-only kernel segments, post-KASLR - Diagram: Object -> vptr -> vtable -> virtual method 3. Exploit techniques in the kernel (7 min) - Use-after-free and heap spraying to create fake objects - Direct vptr overwrite via out-of-bounds write - Oh no! Forging attacker-controlled vtables in kernel heap - (DEMO) Example: CVE-2016-1828 (OSUnserializeBinary UAF) and/or CVE-2021-30735 (Pwn2Own Intel GPU driver) - Attackers' need for KASLR bypass, PAC evasion 4. macOS mitigations (5 min) - Pointer Authentication (PAC) on Apple Silicon -- PACDA on vptr, PACIA on vtable function pointers kalloc_type heap segregation and its role in defeating type confusion - Read-only vtable segments in kernel - Memory protections (W^X), SIP, sandbox containment - Visual: Defense matrix summarizing protections vs techniques 5. Runtime detection engineering (7 min) (A) Crash telemetry: - PAC failure codes (EXC_BAD_ACCESS with invalid PAC) - Use-after-free signature patterns (retired vtable pointers) (B) Behavioral signals: - Sandbox-escaped process behavior (e.g., unexpected syscalls, privilege escalation) - Kernel panic logs referencing virtual calls or unexpected dereference (C) Endpoint Security API & audit hooks: - Watch for syscall deviations (e.g., `task_for_pid`, `execve` by sandboxed app) - Process anomalies post-crash (D) (maybe) Advanced methods: - Hypervisor integrity checks (e.g., guard kernel vptrs) - Canary vtable monitoring - Example detection rule sketch (pseudo-code) 6. Conclusion (3 min) - Overview of what was covered - PAC has narrowed exploit scope but detection is still important -- Detection engineers should integrate: -- Crash telemetry correlation -- Kernel exploit behavioral heuristics -- PAC failure pattern analysis - Suggestion: Build visibility layers early, even before full exploit signatures are known Wiggle room (5 minutes) Questions: 10 minutes

Olivia Gallucci

Security Engineer at Datadog

The CMMC ecosystem is scaling rapidly but not always safely. This talk challenges prevailing narratives around speed, cost, and “assessment readiness” by focusing on the central question CMMC was designed to answer: can the Department of Defense trust its suppliers to protect CUI? From the perspective of an assessor and former senior cyber leader, this session unpacks where the market misinterprets CMMC intent, why independence and judgment are being undervalued, and how poor strategy not lack of tooling creates systemic risk across the defense industrial base. This is a candid, strategic conversation about trust, accountability, and what it actually takes to deliver credible, defensible CMMC outcomes at scale.

Michael Brooks

2× CISO and Lead CMMC Certified Assessor

Ransomware negotiations are rarely just about money. They are high-pressure engagements shaped by psychology, leverage, timing, and uncertainty, all while organizations are still assessing the scope of compromise. This talk offers a practitioner’s perspective on negotiating with threat actors during live extortion events. Drawing on real-world cases, it examines how threat actors communicate, what their behavior signals, and how disciplined negotiation strategy can influence outcomes beyond the final payment amount. Attendees will learn how pacing, message control, and delay are used to buy time, reduce risk, and preserve decision-making authority under crisis conditions. The session also addresses common misconceptions about ransom negotiations, frequent mistakes that increase cost and exposure, and how negotiation fits into a broader incident response strategy that balances technical, legal, financial, and human factors. This presentation is about what works, and what doesn’t. What you should do, and maybe more importantly, what you should never do.

Matt Barnett

CEO of SEVN-X

Vishing — voice phishing — has rapidly become one of the most dangerous tools in a social engineer’s arsenal. From high-profile corporate breaches to targeted personal attacks, vishing exploits our most human traits: trust, emotion, and social connection. In this session, I will explain how malicious attackers prey on human emotion to get their targets to take an action that they normally would not. I will explain the different principles of influence they use and they work so well. I will play real vishing calls and have the audience participate to pick out the principles of influence used. The session will conclude with how we can prepare, defend, and protect against this escalating threat.

Rosa Rowles

Human Risk Analyst at Social Engineer LLC

Elder Financial Exploitation (EFE) is a $35 billion a year heist hiding in plain sight. It’s the quiet crime that steals retirement dreams, rewrites family legacies, and preys on the people who built the world we now secure. And the worst part? Most of it never even gets reported. Hollywood has started to take notice—"The Beekeeper" as an example—but the real story is far uglier. Industrialized scam compounds overseas. Seniors so isolated they cling to scammers for companionship. Families betraying their own. It's exploitation wrapped in loneliness, coercion, and heartbreak. This keynote shows just how easy it is to fool “grandma” with AI generated voices and faces. If we can clone a loved one in seconds, imagine what a motivated criminal can do. Education and awareness alone won’t cut it anymore. So, I’m bringing the BSides Tampa community a challenge: think bigger. Think weirder. Think bolder. I’ll tease a few unconventional ideas—personal scale monitoring, AI that wastes scammers’ time, safer digital spaces for seniors—but the real innovation will come from our community. EFE isn’t just a cybersecurity problem. It’s a societal failure. And if anyone can flip the script on the fraudsters, it’s us.

Jeremy Rasmussen

Owner and Principal Consultant, CyberEthos LLC