Editor's Picks
Best Talks at BSides Las Vegas 2025
Hand-picked from in-depth reviewer verdicts — the top 9 talks from this conference. Skip the noise, find the signal.
-
1
The Not So Boring Threat Model of CSP-Managed NHI’s
Unknown
**Cat Traxler**, introducing herself as principal security researcher at **Vector AI**, delivers a comparative threat model of **cloud service provider (CSP) managed non-human identities (NHIs)** across **AWS**, **Google Cloud**, and **Microsoft**. She explicitly states…
0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway MUST SEE ★★★★★ -
2
The Scene is Dead
Unknown
Allison opens her BSides Las Vegas keynote with a deliberate contradiction: she declares **the scene is dead**, then insists it is **more alive than it has ever been**—just **no longer underground**, still full of people she respects. The talk blends autobiography with a…
0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway MUST SEE ★★★★★ -
3
Defending Our Water – Defending Our Lives
Unknown
This **water and wastewater** panel connects **public health**, **civil engineering scale**, and **cyber risk** through the lens of **cyber-informed engineering (CIE)**—a discipline, championed in the session by **Ginger Wright** (**Idaho National Laboratory**), that asks…
0 Dr. Zero SOLID ★★★☆☆ H Heather Calloway MUST SEE ★★★★★ -
4
Broke but Breached: Secret Scanning at Scale on a Student Budget
Unknown
This session presents a large-scale **secret scanning** research effort focused on **Visual Studio Code extensions** in the public marketplace. The speaker, who introduces herself as Ravita and describes recently completing a master’s in cybersecurity at the University of…
0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway STRONG ACCEPT ★★★★☆ -
5
Avoiding Credential Chaos: Authenticating With No Secrets
Unknown
Chitra Dhar Rajan and Steve Jarvis deliver a paired talk that reframes enterprise authentication and automation around a deliberately provocative **golden rule**: **“Thou shalt not have the burden of any secrets.”** They immediately qualify it: if secrets must exist for…
0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway STRONG ACCEPT ★★★★☆ -
6
No IP, No Problem: Exfiltrating Data Behind IAP
Unknown
Ariel Kalman presents an attack path against **Google Cloud Platform**’s **Identity-Aware Proxy (IAP)**, framed as an **identity firewall** that intercepts requests to protected applications, enforces **authentication** and **authorization**, and injects authentication headers…
0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway STRONG ACCEPT ★★★★☆ -
7
The Protocol Behind the Curtain: What MCP Really Exposes
Unknown
Srajan Gupta and Vinkumar use **Model Context Protocol (MCP)** as a lens on why **AI agents** struggle to integrate safely with deterministic **APIs**. They argue **LLM** probabilism clashes with rigid request/response contracts, error handling, and parsing—**MCP** is presented…
0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway STRONG ACCEPT ★★★★☆ -
8
Hardening Containers with Seccomp: Hands-On Profiles, Pitfalls, and Real Exploits
Unknown
This session frames **seccomp** as an underused Linux kernel capability that can materially constrain attackers inside **containerized** environments—even when initial compromise succeeds. The speaker, introducing himself as Ben and as co-founder and CTO at a cloud security…
0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway STRONG ACCEPT ★★★★☆ -
9
Advancing Network Threat Detection Thru Standardized Feature Extraction & Dynamic Ensemble Learning
Unknown
**Jason Ford**, introducing himself as a **research engineer** at **Proofpoint** giving his **first BSides talk**, presents roughly two years of research on improving **network intrusion detection** by fixing what he argues is the real bottleneck in many machine-learning…
0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway STRONG ACCEPT ★★★★☆